-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v1.10 backports 2021-06-01 #16384
v1.10 backports 2021-06-01 #16384
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My PRs look good.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My Azure PRs look good.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And my axe!
test-backport-1.10 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good for my commits
Does everyone need to approve their commits in such backport pr's ? |
@h3llix Good question. It's best if all authors review, but we typically only make sure that backported commits that had conflicts are reviewed. The other commits typically matter a bit less (though that doesn't mean they can't break something). I'm not sure the backporting documentation makes that clear. If it's not the case, we should update it. |
1e789d0
to
6db5355
Compare
I simply rebased on top of de53e80. No change to backported commits. |
test-backport-1.10 |
I'm seeing a lot of failures for k8s1.17-kernel-4.9 |
Right, there are some flakes:
As for |
[ upstream commit 415c624 ] Remove request headers from response access logs, except for 'x-request-id', which is retained for request/response correlation purposes. Signed-off-by: Jarno Rajahalme <jarno@isovalent.com> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit e6ae6fb ] The logic to ignore errors is inverted and the errors are still being printed as warnings. This commit inverts the logic so that only relevant warnings are printed. Fixes: 0ab4fa1 ("pkg/k8s: ignore certain ipcache errors") Fixes: 465cac1 ("pkg/k8s: ignore overwrite source "custom-resource" with "k8s" errors") Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit 1e5f74d ] Regeneration logic fails if waiting-for-identity changes to ready state in a scenario like this: builder: ready -> waiting-to-regenerate .. label change etc: waiting-to-regenerate -> waiting-for-identity .. labels resolved: waiting-for-identity -> ready .. builder: (ready) -> regenerating (FAILS as this is not expected) Resolve this by giving precedence to the waiting-to-regenerate state over the waiting-for-identity state. Compensate for possibly blocking this state change in Cilium endpoint PATCH API. Signed-off-by: Jarno Rajahalme <jarno@isovalent.com> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit f937df7 ] This commit is a partial revert of 72e6238 ("loader: Remove program and route when disable endpoint routes"). Commit 72e6238 started removing existing endpoint routes when enable-endpoint-routes is disabled in the agent. In chaining mode however, if Cilium isn't the primary CNI, it isn't responsible for the endpoint's networking. In that case, the primary CNI may install and rely on those endpoint routes and we shouldn't remove them. This commit reverts the removal of endpoint routes. We'll provide a proper solution to remove only endpoint routes Cilium "owns" in a subsequent commit. Fixes: 72e6238 ("loader: Remove program and route when disable endpoint routes") Signed-off-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit 320ea0d ] This commit partially reverts commit a9ecab1. Disabling endpoint routes in an existing cluster is not supported for now. We first need to find a way to properly remove the endpoint routes (see previous commit) before we can support this. We keep the override of endpoint datapath config. for the host endpoint as otherwise host firewall test will error due to a failure to load bpf_host. Signed-off-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit db93de5 ] We need to deploy pods after Cilium is installed or they may receive the datapath corresponding to a previous Cilium installation. Fixes: 37f6192 ("test: add CI test for tail calls hooks for custom programs") Signed-off-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit 8da8b88 ] Commit 0875453 ("endpoint: Refactor init of EndpointDatapathConfiguration") leads to .RequireEgressProg being overwritten on endpoint creation. That in turns breaks reverse NAT when running in chaining mode [1]. This commit is a partial revert of commit 0875453, keeping only a helper function. 1 - https://github.com/cilium/cilium/blob/v1.10.0/plugins/cilium-cni/chaining/generic-veth/generic-veth.go#L165 Signed-off-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit 8e1ef9c ] The curl URL fails if the sha256 is no longer part of the tag. Running with `docker buildx imagetools inspect` it is possible to verify if an image digest exists regardless even if no longer belongs to a tag. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit 943f792 ] github.com/Azure/azure-sdk-for-go/services/compute -> 2021-03-01 github.com/Azure/azure-sdk-for-go/services/network -> 2020-11-01 [ backport note: Update azure vendor from v50.0.0+incompatible instead of v50.2.0+incompatible as for master branch. ] Signed-off-by: Vlad Ungureanu <vladu@palantir.com> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit 34424b0 ] This commit swaps the creation of Azure service clients to use the Azure Resource Manager baseURI which points to the right Azure cloud extracted from the environment. Signed-off-by: Vlad Ungureanu <vladu@palantir.com> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit 2a356d9 ] Documentation changes should be backported "as far as they go" on the supported branches, so that users can get relevant information from the documentation branch associated to the software version they run. Document this as part as the criteria for backports. Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit 6a3e846 ] The goal of the test is to check if curl to a clusterIP svc endpoint is redirected to both the backends when the original svc entry is restored upon LRP removal. However, the current test logic expects the same backend should be selected for all the pod clients simultaneously, and this can lengthen test duration. This doesn't seem right since backend selection is not exactly deterministic. More importantly, we only need both backends to be selected at least once for all the client pods. Flip the order in which we loop over backends and client pods. Loop over client pods first, and then make curl calls until we hit both the backends on each of the client pods. This way we can potentially avoid making some of the curl duplicate calls by not having to synchronize what backends VIP calls are redirected to across multiple nodes. Signed-off-by: Aditi Ghag <aditi@cilium.io> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit 689a725 ] In commit ba737f3 (".github: Parallelize cleanup of multicluster setup"), I missed that gcloud can also take an --async flag to not wait for the actual cluster deletion to happen and return immediately (similarly to AKS' --no-wait). This commit therefore reverts ba737f3 (".github: Parallelize cleanup of multicluster setup") and makes use of --async instead. Signed-off-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit c573ff8 ] Fixes:cilium#16008 Signed-off-by: Gaurav Genani <h3llix.pvt@gmail.com> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit ff9be87 ] We have the equivalent for minikube. Signed-off-by: Chris Tarazi <chris@isovalent.com> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit c97f353 ] Replaced some dead links with alive ones. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit 38f0af9 ] Add prefix accordingly their main usage. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit 948bb90 ] [ backport note: Update action in documentation.yaml from actions/checkout@v1 instead of actions/checkout@v2 as for master branch. ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit 42a370b ] Refactored this GH action and remove unnecessary triggers for it. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
6db5355
to
c447f76
Compare
New conflict, new rebase. |
test-backport-1.10 |
Some failures again, but all identifiable as documented flakes.
|
First commit: Update azure vendor from
v50.0.0+incompatible
instead ofv50.2.0+incompatible
as for master branch.Second commit: Update action in documentation.yaml from
actions/checkout@v1
instead ofactions/checkout@v2
as for master branch.Skipped:
(Will be reverted in Minikube guide updates #16346; Label was removed from PR accordingly.)
Once this PR is merged, you can update the PR labels via: