daemon: Dump ipcache without probing for support

[jrajahalme]

Ipcache SupportDump() and SupportsDelete() open the map to probe for the
support if the map is not already open and also schedule the
bpf-map-sync-cilium_ipcache controller. If the controller is run before
initMaps(), initMaps will fail as the controller will leave the map open
and initMaps() assumes this not be the case.

Solve this by not trying to detect dump support, but try dump and see if
it succeeds. This is exactly the same logic dump support detection would
have used anyway, and this fixes Cilium Agent crash on kernels that do not
support ipcache dump operations and when certain Cilium features are
enabled on slow machines that caused the scheduled controller to run too
soon.

Fixes: #19360
Fixes: #19495
Signed-off-by: Jarno Rajahalme jarno@isovalent.com

Fixed Cilium agent regression causing a crash due to ipcache controller being scheduled too soon.

[jrajahalme]

/test

[jrajahalme]

/test-1.23-net-next

[jrajahalme]

/test-1.21-5.4

[jrajahalme]

/test-1.16-4.9

[jrajahalme]

Bunch of VM provisioning fails like this:

14:40:50  ==> k8s1-1.16: Running 'pre-boot' VM customizations...
14:40:52  A customization command failed:
14:40:52  
14:40:52  ["natnetwork", "add", "--netname", "natnet1", "--network", "fd08::/64", "--ipv6", "on", "--enable"]
14:40:52  
14:40:52  The following error was experienced:
14:40:52  
14:40:52  #<Vagrant::Errors::VBoxManageError: There was an error while executing `VBoxManage`, a CLI used by Vagrant
14:40:52  for controlling VirtualBox. The command and stderr is shown below.
14:40:52  
14:40:52  Command: ["natnetwork", "add", "--netname", "natnet1", "--network", "fd08::/64", "--ipv6", "on", "--enable"]
14:40:52  
14:40:52  Stderr: VBoxManage: error: NATNetwork server already exists
14:40:52  >
14:40:52  
14:40:52  Please fix this customization and try again.

Likely specific to which runner gets hit by the Jenkins job?

[jrajahalme]

/test-1.21-5.4

[jrajahalme]

/test-1.16-4.9

[jrajahalme]

/test

[jrajahalme]

/test-1.16-4.9

[jrajahalme]

/test-1.21-5.4

[jrajahalme]

/test-1.22-4.19

[jrajahalme]

/test-1.23-net-next

[jrajahalme]

Restarted tests due to VM provisioning fails.

[jrajahalme]

/test-1.22-4.19

Job 'Cilium-PR-K8s-GKE' failed:

Click to show.

Test Name

K8sDatapathConfig DirectRouting Check connectivity with direct routing

Failure Output

FAIL: Pods are not ready in time: timed out waiting for pods with filter  to be ready: 4m0s timeout expired

If it is a flake and a GitHub issue doesn't already exist to track it, comment /mlh new-flake Cilium-PR-K8s-GKE so I can create one.

[jrajahalme]

/test

[jrajahalme]

/ci-awscni

[joestringer]

ConformanceAKS is failing during cleanup, but this job is known to be failing and not currently marked as required.
Conformance AWS-CNI appears to be failing consistently with the test code error @jrajahalme posted above. Note that the same failure includes other more specific details (mentioned below) that points out that it's some bad interaction with the CLI. This is unrelated to the current PR which is fixing a known code issue in the daemon.

Unable to parse the provided version "-ci:346a508e8254881ba4575a57c3d66c054c33318f", assuming v1.11.3 for ConfigMap compatibility

All other testsuites are passing.

Bypassing to merge this fix.