envoy: Update to release 1.21.0

[jrajahalme]

Update Envoy to release 1.21.0. Envoy Go API is updated to contain
the generated validation code.

cilium-envoy image is updated to support the newEgressMarkSourceEndpointId
option for the Cilium listener filter. NPDS field 'Policy' is renamed as
'EndpointID'. 'Policy' field was not used for anything, so might as
well recycle it while this API is not yet public.

Envoy retries may fail on "address already in use" when the original
source address and port are used on upstream connections. Cilium
typically does this in the egress proxy listeners. Fix this by using a
Cilium Envoy build that always sets SO_REUSEADDR when original source
address and port is used.

Signed-off-by: Jarno Rajahalme jarno@isovalent.com

Cilium host proxy is updated to Envoy release 1.21.0

[jrajahalme]

/test

Job 'Cilium-PR-K8s-GKE' failed and has not been observed before, so may be related to your PR:

Click to show.

Test Name

K8sKafkaPolicyTest Kafka Policy Tests KafkaPolicies

Failure Output

FAIL: Failed to resolve kafka-service DNS entry in pod empire-hq-69b8866d77-hhkks

If it is a flake, comment /mlh new-flake Cilium-PR-K8s-GKE so I can create a new GitHub issue to track it.

[jrajahalme]

/test-only --focus="K8sPolicy.*abel.*L7"

[jrajahalme]

/test-only --focus="K8sPolicyTest.*using namespace label and L7"

[jrajahalme]

/test-only --focus="K8sPolicyTest.*using.namespace.label.and.L7"

[jrajahalme]

/test-1.23-net-next

[jrajahalme]

/test-gke

[jrajahalme]

Focused test run "failed" due to artifact collection failing when no tests were run:

09:59:19  Ran 0 of 401 Specs in 9.062 seconds
09:59:19  SUCCESS! -- 0 Passed | 0 Failed | 0 Pending | 401 Skipped
09:59:19  PASS