-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v1.13 Backports 2023-09-04 #27925
v1.13 Backports 2023-09-04 #27925
Commits on Sep 4, 2023
-
cmd: Refactor maxSequenceNumber
[ upstream commit 03ac4b1 ] This refactoring moves the actual logic to extract the maximum sequence number into a dedicated function. That will be useful to allow us to test this logic in a following commit. This commit has no functionnal changes. As a reminder, we can't use netlink.XfrmStatesList here because it doesn't have the sequence numbers. We can't use JSON format because the ip xfrm commands don't support it. Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
Configuration menu - View commit details
-
Copy full SHA for a434e1d - Browse repository at this point
Copy the full SHA a434e1dView commit details -
cmd: Fix the computed IPsec max. sequence number
[ upstream commit 165db3a ] maxSequenceNumber currently iterates over all XFRM states in the ip xfrm state list output to find the largest sequence number. It however does so while keeping the parsed sequence numbers as hexadecimal strings. Hence, a number like "0xc1" is understood as being larger than e.g. "0x1234". This commit fixes it by parsing the sequence numbers into int64 before comparing them. We also need to adapt the regular expression slightly to avoid considering the "0x" prefix as part of the number, given strconv.ParseInt doesn't support it. Fixes: 2842c49 ("cli: add helper functions for `cilium encrypt`") Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
Configuration menu - View commit details
-
Copy full SHA for 952fe28 - Browse repository at this point
Copy the full SHA 952fe28View commit details -
cmd: Unit tests for extractMaxSequenceNumber
[ upstream commit 21d7d0a ] This commit simply adds two small unit tests for the extractMaxSequenceNumber function. The first test covers the bug fixed in the previous commit. Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
Configuration menu - View commit details
-
Copy full SHA for adcbc86 - Browse repository at this point
Copy the full SHA adcbc86View commit details -
fqdn: fix broken sorting algorithm for DNSZombies
[ upstream commit b46867c ] The sorting function for DNSZombies was subtly broken, and didn't do what it advertised. Write some tests to confirm the suspicion and fix the function. Reported-by: Jussi Maki <joamaki@isovalent.com> Signed-off-by: David Bimmler <david.bimmler@isovalent.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
Configuration menu - View commit details
-
Copy full SHA for d9aff9a - Browse repository at this point
Copy the full SHA d9aff9aView commit details -
docs: Rename Labels-based endpoint policies
[ upstream commit ca5de0f ] A user pointed out that what we call "Labels-based" policies are actually matching the labels on Endpoints, but also explicitly *not* matching labels on Services. To make this more clear, change the name in the docs to Endpoints based policies. Co-authored-by: Nathan Sweet <nathanjsweet@users.noreply.github.com> Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
Configuration menu - View commit details
-
Copy full SHA for a166097 - Browse repository at this point
Copy the full SHA a166097View commit details -
docs: Move services note about applicability higher
[ upstream commit 38b4a32 ] A user pointed out that the position of this callout made it seem like the callout only applies to the first example rather than applying to all Services based policies. Move the callout to the top of the section to make the relationship clearer. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
Configuration menu - View commit details
-
Copy full SHA for 7c35436 - Browse repository at this point
Copy the full SHA 7c35436View commit details -
ingress: handle ingress rule without HTTPIngressRule
[ upstream commit 953e83e ] Currently, defining an `Ingress` without an `HTTPIngressRule` (e.g. only Host set) results in a panic in the Cilium Operator. Therefore, this commit changes the ingress ingestion to process the HTTP paths only if the HTTPIngressRule is set on the rule. Backporting conflicts: * minor conflict in operator/pkg/model/ingestion/ingress_test.go Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
Configuration menu - View commit details
-
Copy full SHA for a02107f - Browse repository at this point
Copy the full SHA a02107fView commit details
Commits on Sep 7, 2023
-
gh/actions: Customize cilium-config
[ upstream commit 7e64fb6 ] * Expose devices (to support multi-network tests). * Set cluster name. Required by older versions of Cilium CLI when doing upgrades. * Add misc option to set bpfClockProbe (#26955) and cni.uninstall (for upgrade tests it can result in pods being restarted). Backporting conflicts: * minor conflict in .github/actions/cilium-config/action.yml due to L7 config not being defined in main * removed mutual-auth setting as v1.13 doesn't support that Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
Configuration menu - View commit details
-
Copy full SHA for 10bfde4 - Browse repository at this point
Copy the full SHA 10bfde4View commit details -
docs: Update the microservices-demo link
[ upstream commit 7fbfd5d ] The demo.proto download directory has been renamed from 'pb' to 'protos' by the commit [1]. Also, update the microservices-demo brance name to 'main'. [1] GoogleCloudPlatform/microservices-demo@76571f5 Signed-off-by: Haiyue Wang <haiyue.wang@intel.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
Configuration menu - View commit details
-
Copy full SHA for 47da255 - Browse repository at this point
Copy the full SHA 47da255View commit details -
gh/worklows: Delete noop in ci-ipsec-upgrade
[ upstream commit 141ac8b ] Cosmetic changes. Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
Configuration menu - View commit details
-
Copy full SHA for 172e60a - Browse repository at this point
Copy the full SHA 172e60aView commit details -
gh/workflows: Use cilium-config action in ci-ipsec-upgrade
[ upstream commit e4c4a5c ] Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
Configuration menu - View commit details
-
Copy full SHA for 0029256 - Browse repository at this point
Copy the full SHA 0029256View commit details -
gh/workflows: Create K8s before waiting for img in ci-ipsec-upgrade
[ upstream commit c667c54 ] Small optimization. Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
Configuration menu - View commit details
-
Copy full SHA for 576545a - Browse repository at this point
Copy the full SHA 576545aView commit details -
Configuration menu - View commit details
-
Copy full SHA for a54317e - Browse repository at this point
Copy the full SHA a54317eView commit details -
.github/workflows: unify time to wait for images to become available
[ upstream commit bf25136 ] Currently, some workflows use a timeout of 10 minutes when waiting for images to be built and become available on quay. However, when there are lots of open PRs and thus image builds, this timeout is occasionally hit in CI. Thus, consistently bump the timeout to 30 minutes which is already used in some workflows. Backporting conflicts: * minor conflict in conformance-e2e, and tests-l4lb has been updated as well Signed-off-by: Tobias Klauser <tobias@cilium.io> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
Configuration menu - View commit details
-
Copy full SHA for 4c54664 - Browse repository at this point
Copy the full SHA 4c54664View commit details -
docs: Word-wrap firewall section
[ upstream commit c103882 ] This just makes it easier for editing. No changes. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
Configuration menu - View commit details
-
Copy full SHA for 8abc79c - Browse repository at this point
Copy the full SHA 8abc79cView commit details -
docs: Add WireGuard into the firewall rules
[ upstream commit a568868 ] Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
Configuration menu - View commit details
-
Copy full SHA for d314516 - Browse repository at this point
Copy the full SHA d314516View commit details -
ginkgo: Remove K8sDatapathCustomCalls
[ upstream commit 0da3f7e ] Currently, the feature is not used, and its test is blocking the LVH upgrade [1][2]. Let's remove the test case. Once it is in use, we should rethink the testing approach (either implement as a BPF unit test, or an advanced CLI connectivity test). [1]: #27599 [2]: #27688 Backporting conflicts: * .github/actions/ginkgo/main-focus.yaml doesn't exist in v1.13 Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
Configuration menu - View commit details
-
Copy full SHA for 9941790 - Browse repository at this point
Copy the full SHA 9941790View commit details