v1.11 backports 2021-11-30

[qmonnet]

• ui: v0.8.3 #18033 (@geakstr)
  (Note: I ran make -C install/kubernetes and make -C Documentation update-helm-values and committed the resulting changes)
• Adds a locked function to do ipcache delete on metadata match #17909 (@Weil0ng)
• docs: correct ec2 modify net iface action #17958 (@austince)
• docs: add registry (quay.io/) for pre-loading images for kind #18017 (@adamzhoul)
• ci: Restart pods when toggling KPR switch #18031 (@brb)
• doc: use ipv4NativeRoutingCIDR instead of nativeRoutingCIDR #18026 (@kaworu)
• test/contrib: Bump CoreDNS version to 1.8.3 #18018 (@brb)
  Removed because of CI: k8s v1.19 or older: Kubernetes DNS did not become ready in time (all tests) #18086
• Prometheus lint errors in operator metrics #17789 (@krishgobinath)
• neigh: minor improvements for neigh tests to be less flaky #18057 (@borkmann)
• bugtool: fix IP route debug gathering commands #18059 (@tklauser)
• bpf: Add WireGuard to complexity and compile tests #18048 (@pchaigno)
• docs: KUBECONFIG for cilium-cli with k3s #18068 (@kkourt)
• test: Fix incorrect selector for netperf-service #18006 (@christarazi)
• Quarantine frequent failures #18051 (@joestringer)
• daemon, node: Remove old, discarded router IPs from cilium_host #17762 (@christarazi)
• .github: add workflow to build beta images #18052 (@aanm)
• health: Fix cluster-health-port for health endpoint #18061 (@gandro)
• test: Fix graceful termination test flake #18050 (@aditighag)

Once this PR is merged, you can update the PR labels via:

$ for pr in 18033 17909 17958 18017 18031 18026 17789 18057 18059 18048 18068 18006 18051 17762 18052 18061 18050; do contrib/backporting/set-labels.py $pr done 1.11; done

[qmonnet]

I removed #18018 (because of #18086) and added #18050 to this PR.

[qmonnet]

/test-backport-1.11

Job 'Cilium-PR-K8s-1.22-kernel-4.19' failed and has not been observed before, so may be related to your PR:

Click to show.

Test Name

K8sServicesTest Checks service across nodes Tests NodePort BPF Tests with secondary NodePort device

Failure Output

FAIL: Request from testclient-jfkmb pod to service http://[fd04::11]:30704 failed

If it is a flake, comment /mlh new-flake Cilium-PR-K8s-1.22-kernel-4.19 so I can create a new GitHub issue to track it.

[aditighag]

Thank you!

[aditighag]

docs: correct ec2 modify net iface action #17958 (@austince)
docs: add registry (quay.io/) for pre-loading images for kind #18017 (@adamzhoul)
Prometheus lint errors in operator metrics #17789

LGTM

[qmonnet]

k8s-1.22-kernel-4.19 is similar to #17895. Most issues of this kind should be fixed by #18051 (by quarantining tests) that we backport in the current PR, but this one hits Tests with secondary NodePort device, which is not quarantined.

All other Jenkins issues are #18060, fixed in #18087, not backported to v1.11 yet.

I haven't looked into the details of the Conformance issues yet.

[joestringer]

ConformanceAKS is hitting #18107. Unfortunately part of the issue there is also that the AKS workflow is tearing down the cluster before gathering state from the cluster, so it's difficult to ascertain what went wrong. It's also hitting an error I haven't seen before: failed to inject labels into ipcache: local identity allocator uninitialized . This seems to be clearly trying to warn that the agent is not yet initialized, possibly because of an issue in the workflows? Manual validation of v1.11.0-rc3 via #17926 seemed to indicate that AKS is working fine.
ConformanceEKS hit #16938 which I've just submitted a PR to disable to avoid hitting that flake.

[joestringer]

I double-checked the Jenkins builds and agree with @qmonnet 's assessment above. This is good to merge, the next batch of v1.11 backports should return stability to the tree.