Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v1.11 Backports 2023-04-20 #25011

Merged
merged 7 commits into from
Apr 26, 2023
Merged

v1.11 Backports 2023-04-20 #25011

merged 7 commits into from
Apr 26, 2023

Commits on Apr 20, 2023

  1. test/bpf: Fix compilation with V=0 

    [ upstream commit 82d5adc ]

When the quiet mode was enabled, the $(CLANG) var would previously have
a '@' at the start, which caused errors while attempting to make in this
directory because it would be run in the context of a shell rather than
directly as a make instruction. Move the $(QUIET) to the start of
individual make instructions to resolve this compilation failure.

Signed-off-by: Joe Stringer <joe@cilium.io>
Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
    @joestringer @nbusseneau
    joestringer authored and nbusseneau committed Apr 20, 2023
    Configuration menu
    Copy the full SHA
    97e301f View commit details
    Browse the repository at this point in the history

  2. Makefile: Fix dirname errors with empty PRIV_TEST_PKGS 

    [ upstream commit 29fe753 ]

When TESTPKGS only contains unprivileged tests, the PRIV_TEST_PKGS_EVAL
evaluation previously filtered down to an empty list of packages that
should be tested, and would pass this empty list to dirname, which then
reports:

    dirname: missing operand
    Try 'dirname --help' for more information.

This could happen multiple times during evaluation of the Makefile, and
littered the output with no meaning. This could occur even if the
privileged tests are not the target being run.

Fix this by always adding "." to the list, which evaluates to the root
directory of the repository. This causes dirname to succeed. Then, we
can filter this root directory back out since there are no privileged
tests at this level of the repository. This finally quietens the error.

Signed-off-by: Joe Stringer <joe@cilium.io>
Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
    @joestringer @nbusseneau
    joestringer authored and nbusseneau committed Apr 20, 2023
    Configuration menu
    Copy the full SHA
    bc4a8ac View commit details
    Browse the repository at this point in the history

  3. .travis: Make output less verbose 

    [ upstream commit 9f7e24f ]

Pass the verbosity parameters --quiet V=0 to quieten Travis output.

Signed-off-by: Joe Stringer <joe@cilium.io>
Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
    @joestringer @nbusseneau
    joestringer authored and nbusseneau committed Apr 20, 2023
    Configuration menu
    Copy the full SHA
    573a5fa View commit details
    Browse the repository at this point in the history

  4. .travis: Quieten docker build output 

    [ upstream commit 7f9e0f9 ]

The travis logs are frequently polluted with >10K lines of docker pull
and build output. While this helps to track the ongoing progress of
docker builds that take a long time, it's mostly useless output that
developers must scroll past in order to see the useful output. Quieten
that output in Travis to just the trigger of building the image plus the
final summary that docker outputs.

Signed-off-by: Joe Stringer <joe@cilium.io>
Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
    @joestringer @nbusseneau
    joestringer authored and nbusseneau committed Apr 20, 2023
    Configuration menu
    Copy the full SHA
    d9666dd View commit details
    Browse the repository at this point in the history

  5. pkg/kvstore: Fix for deadlock in etcd status checker 

    [ upstream commit 9bb669b ]

Etcd quorum checks are falsely reported as failing even though connection
to etcd is intact. This can cause health checks to fail in both the agent
and the operator.

This happens due to a deadlock in pkg/kvstore/etcd after a prolonged
downtime of etcd. Status check errors are being sent into a channel for the
purpose of recreating kvstore connections in clustermesh. However when
clustermesh is not used, messages from this channel are never read. The
channel uses a buffer of size 128. After etcd has been down long enough to
generate 128 errors, we enter a deadlock state. Agent / operator will
continue to report etcd quorum failures and inturn health check failures
until they're restarted.

statusChecker()
	-> isConnectedAndHasQuorum()
		-> waitForInitLock()
			-> goroutine -> for -> ( initLockSucceeded <- err )
                        -> chan initLockSucceeded returned
		-> Block on receiving messages from initLockSucceeded channel
	-> e.statusCheckErrors <- e.latestErrorStatus [Blocked after 128 entries]

Blocked goroutines captured from cilium 1.10 operator:

goroutine 3309 [chan send, 13456 minutes]:
github.com/cilium/cilium/pkg/kvstore.(*etcdClient).statusChecker(0xc00017db30)
	/go/src/github.com/cilium/cilium/pkg/kvstore/etcd.go:1171 +0x75a
created by github.com/cilium/cilium/pkg/kvstore.connectEtcdClient
	/go/src/github.com/cilium/cilium/pkg/kvstore/etcd.go:801 +0x679

goroutine 7838665 [chan send, 13505 minutes]:
g.com/c/cilium/pkg/kvstore.(*etcdClient).waitForInitLock.func1(-,-,-,-)
	/go/src/github.com/cilium/cilium/pkg/kvstore/etcd.go:433 +0x449
created by github.com/cilium/cilium/pkg/kvstore.(*etcdClient).waitForInitLock
	/go/src/github.com/cilium/cilium/pkg/kvstore/etcd.go:425 +0x7f

Signed-off-by: Hemanth Malla <hemanth.malla@datadoghq.com>
Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
    @hemanthmalla @nbusseneau
    hemanthmalla authored and nbusseneau committed Apr 20, 2023
    Configuration menu
    Copy the full SHA
    996d878 View commit details
    Browse the repository at this point in the history

  6. daemon: Mark CES feature as beta in agent flag 

    [ upstream commit a6d0142 ]

This commit marks the CiliumEndpointSlice feature as beta (as per the
documentation) in the agent flag description. This is necessary because
users don't always read the full documentation before turning agent
flags on.

While at it, change the flag description to match the wording of other
flags.

Signed-off-by: Paul Chaignon <paul@cilium.io>
Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
    @pchaigno @nbusseneau
    pchaigno authored and nbusseneau committed Apr 20, 2023
    Configuration menu
    Copy the full SHA
    8038e73 View commit details
    Browse the repository at this point in the history

  7. wireguard: fix issue caused by nodes with the same name in clustermesh 

    [ upstream commit 7398de6 ]

Currently, the wireguard subsystem in the cilium agent caches
information about the known peers by node name only. This can lead to
conflicts in case of clustermesh, if nodes in different clusters have
the same name, causing in turn connectivity issues. Hence, let's switch
to identify peers by full name (i.e., cluster-name/node-name) to ensure
uniqueness. This modification does not introduce issues during upgrades,
since the node ID is not propagated to the datapath.

Fixes: cilium#24227
Reported-by: @oulinbao <oulinbao@163.com>
Signed-off-by: Marco Iorio <marco.iorio@isovalent.com>
Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
    @giorio94 @nbusseneau
    giorio94 authored and nbusseneau committed Apr 20, 2023
    Configuration menu
    Copy the full SHA
    b1cc57e View commit details
    Browse the repository at this point in the history