Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

daemon, option: Fix vlan bpf bypass ids loading #20282

Merged
merged 2 commits into from Jul 5, 2022
Merged

daemon, option: Fix vlan bpf bypass ids loading #20282

merged 2 commits into from Jul 5, 2022

Conversation

pippolo84
Copy link
Member

@pippolo84 pippolo84 commented Jun 22, 2022
edited

When installing cilium-agent via Helm, the configuration options are loaded reading files.
Each file represents an entry in the ConfigMap.
Doing so, all the values are loaded as strings and therefore must be converted to the specific option value type later.
This conversion is carried out by the spf13/viper package itself.

Internally, viper tries to load values from different sources:

  • flag
  • env
  • config file
  • key/value store
  • default

When loading values from a config file, unlike the flag code path, the conversion from string to the requested value type is carried out by the spf13/cast package.
The cast package does not support the conversion from string to slice of ints and the viper.GetIntSlice(...) function does not report any error if the conversion goes wrong.

As a temporary workaround, the bpf.vlanBypass option value type has been changed to a slice of strings, so to leave the conversion to a slice of ints to be implemented manually.

To avoid this workaround, two things are needed:

  1. Support for converting a string to a slice of ints in the cast package: Add support for string to int slice conversion spf13/cast#146
  2. Fix the validateConfigmap function to check option values using the cast package with the proper type conversion, instead of relying on pflag Set method.

Fixes: #20173

@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Jun 22, 2022
@sayboras sayboras added the release-note/bug This PR fixes an issue in a previous release of Cilium. label Jun 23, 2022
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Jun 23, 2022
@pippolo84 pippolo84 force-pushed the pr/pippolo84/fix-helm-vlan-bpf-bypass-value-loading branch from 7815a69 to 00b14d1 Compare June 23, 2022 09:19
@pippolo84 pippolo84 changed the title daemon, option: fix vlan bpf bypass ids loading daemon, option: Fix vlan bpf bypass ids loading Jun 23, 2022
@pippolo84 pippolo84 mentioned this pull request Jun 23, 2022
Open
@pippolo84 pippolo84 added kind/bug This is a bug in the Cilium logic. backport/1.11 This PR represents a backport for Cilium 1.11.x of a PR that was merged to main. backport/1.12 This PR represents a backport for Cilium 1.12.x of a PR that was merged to main. needs-backport/1.11 and removed backport/1.11 This PR represents a backport for Cilium 1.11.x of a PR that was merged to main. backport/1.12 This PR represents a backport for Cilium 1.12.x of a PR that was merged to main. labels Jun 23, 2022
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from master in 1.12.0 Jun 23, 2022
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from master in 1.11.7 Jun 23, 2022
@pippolo84 pippolo84 force-pushed the pr/pippolo84/fix-helm-vlan-bpf-bypass-value-loading branch from 00b14d1 to aac1500 Compare June 23, 2022 09:44
@pippolo84 pippolo84 marked this pull request as ready for review June 23, 2022 09:45
@pippolo84 pippolo84 requested a review from a team June 23, 2022 09:45
@pippolo84 pippolo84 requested a review from a team as a code owner June 23, 2022 09:45
@pippolo84 pippolo84 requested a review from a team June 23, 2022 09:45
@pippolo84 pippolo84 requested review from a team as code owners June 23, 2022 09:45
joestringer
joestringer approved these changes Jun 23, 2022
View reviewed changes
Copy link
Member

@joestringer joestringer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

docs change LGTM

@gandro gandro self-requested a review June 23, 2022 12:19
@pippolo84
Copy link
Member Author

/test

gandro
gandro reviewed Jun 23, 2022
View reviewed changes
Copy link
Member

@gandro gandro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome, one minor nit

Documentation/configuration/vlan-802.1q.rst Outdated Show resolved Hide resolved
@sayboras
Copy link
Member

sayboras commented Jun 30, 2022
edited by maintainer-s-little-helper bot

/test-1.24-net-next

Job 'Cilium-PR-K8s-GKE' failed:

Click to show.

Test Name

K8sPolicyTestExtended Validate toEntities KubeAPIServer Allows connection to KubeAPIServer

Failure Output

FAIL: Unexpected error:

If it is a flake and a GitHub issue doesn't already exist to track it, comment /mlh new-flake Cilium-PR-K8s-GKE so I can create one.

rolinh
rolinh reviewed Jul 5, 2022
View reviewed changes
Copy link
Member

@rolinh rolinh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM but given that this PR will be backported to v1.11, shouldn't the breaking change (--set bpf.vlan-bpf-bypass=4001,4002 => --set bpf.vlanBypass="{4001,4002}") be documented in the upgrade notes?

@gandro
Copy link
Member

gandro commented Jul 5, 2022
edited

LGTM but given that this PR will be backported to v1.11, shouldn't the breaking change (--set bpf.vlan-bpf-bypass=4001,4002 => --set bpf.vlanBypass="{4001,4002}") be documented in the upgrade notes?

It's not a breaking change. The old syntax and Helm value just simply never worked, it was a complete no-op.
The actual breaking change happened in #20304 which is not backported to v1.11.

@pippolo84 pippolo84 added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jul 5, 2022
@qmonnet qmonnet merged commit fdb0a26 into cilium:master Jul 5, 2022
qmonnet pushed a commit that referenced this pull request Jul 5, 2022
@pippolo84 @qmonnet
option: fix config map flags validation
61fd6ea 
[ upstream commit 98280fa ]

Through the ConfigMap, all config values are loaded as strings and then
converted into the appropriate types. The conversion is carried out by
Viper that does not report any kind of error if something goes wrong.

To catch early any kind of conversion issue, we should use the same
conversion APIs that Viper is using internally, so we check each option
using the appropriate conversion function from the cast package.

Related to #20282

Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
Signed-off-by: Quentin Monnet <quentin@isovalent.com>
@qmonnet qmonnet mentioned this pull request Jul 5, 2022
Merged
22 tasks
qmonnet pushed a commit that referenced this pull request Jul 5, 2022
@pippolo84 @qmonnet
option: fix config map flags validation
8901e7b 
[ upstream commit 98280fa ]

Through the ConfigMap, all config values are loaded as strings and then
converted into the appropriate types. The conversion is carried out by
Viper that does not report any kind of error if something goes wrong.

To catch early any kind of conversion issue, we should use the same
conversion APIs that Viper is using internally, so we check each option
using the appropriate conversion function from the cast package.

Related to #20282

Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
Signed-off-by: Quentin Monnet <quentin@isovalent.com>
@qmonnet qmonnet mentioned this pull request Jul 6, 2022
Merged
9 tasks
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from master to Backport pending to v1.12 in 1.12.0 Jul 6, 2022
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from master to Backport pending to v1.10 in 1.11.7 Jul 6, 2022
@ti-mo ti-mo added backport-done/1.11 The backport for Cilium 1.11.x for this PR is done. and removed backport-pending/1.11 labels Jul 12, 2022
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.10 to Backport done to v1.11 in 1.11.7 Jul 12, 2022
ti-mo pushed a commit that referenced this pull request Jul 13, 2022
@pippolo84 @ti-mo
option: fix config map flags validation
a287374 
[ upstream commit 98280fa ]

Through the ConfigMap, all config values are loaded as strings and then
converted into the appropriate types. The conversion is carried out by
Viper that does not report any kind of error if something goes wrong.

To catch early any kind of conversion issue, we should use the same
conversion APIs that Viper is using internally, so we check each option
using the appropriate conversion function from the cast package.

Related to #20282

Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
Signed-off-by: Quentin Monnet <quentin@isovalent.com>
@ti-mo ti-mo added backport-done/1.12 The backport for Cilium 1.12.x for this PR is done. and removed backport-pending/1.12 labels Jul 13, 2022
@joestringer joestringer mentioned this pull request Jul 15, 2022
Merged
@aanm aanm moved this from Backport pending to v1.12 to Backport done to v1.12 in 1.12.0 Jul 19, 2022
@pippolo84 pippolo84 mentioned this pull request Jul 22, 2022
Merged
gandro pushed a commit to gandro/cilium that referenced this pull request Aug 4, 2022
@pippolo84 @michi-covalent
option: fix config map flags validation
b0f5d1e 
[ upstream commit 98280fa ]

Through the ConfigMap, all config values are loaded as strings and then
converted into the appropriate types. The conversion is carried out by
Viper that does not report any kind of error if something goes wrong.

To catch early any kind of conversion issue, we should use the same
conversion APIs that Viper is using internally, so we check each option
using the appropriate conversion function from the cast package.

Related to cilium#20282

Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
Signed-off-by: Quentin Monnet <quentin@isovalent.com>
Signed-off-by: Michi Mutsuzaki <michi@isovalent.com>
dezmodue pushed a commit to dezmodue/cilium that referenced this pull request Aug 10, 2022
@pippolo84 @dezmodue
option: fix config map flags validation
8effeb7 
Through the ConfigMap, all config values are loaded as strings and then
converted into the appropriate types. The conversion is carried out by
Viper that does not report any kind of error if something goes wrong.

To catch early any kind of conversion issue, we should use the same
conversion APIs that Viper is using internally, so we check each option
using the appropriate conversion function from the cast package.

Related to cilium#20282

Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
@pippolo84 pippolo84 mentioned this pull request Jan 26, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gandro gandro gandro approved these changes

@kaworu kaworu kaworu approved these changes

@joestringer joestringer joestringer approved these changes

@rolinh rolinh rolinh approved these changes

@christarazi christarazi christarazi approved these changes

@ldelossa ldelossa ldelossa approved these changes

@aanm aanm aanm approved these changes

@tommyp1ckles tommyp1ckles tommyp1ckles approved these changes

@sayboras sayboras sayboras approved these changes

Assignees
No one assigned
Labels
backport-done/1.11 The backport for Cilium 1.11.x for this PR is done. backport-done/1.12 The backport for Cilium 1.12.x for this PR is done. kind/bug This is a bug in the Cilium logic. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/bug This PR fixes an issue in a previous release of Cilium.
Projects
No open projects
1.11.7
Backport done to v1.11
1.12.0
Backport done to v1.12
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

helm vlan.bpfBypass ignored