Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v1.12 Backports 2023-12-07 #29692

Merged
merged 6 commits into from
Dec 8, 2023
Merged

v1.12 Backports 2023-12-07 #29692

merged 6 commits into from
Dec 8, 2023

Conversation

sayboras
Copy link
Member

@sayboras sayboras commented Dec 7, 2023
edited
Loading

darox and others added 6 commits December 7, 2023 10:03
@darox @sayboras
Add SA and extravolume to nodeinit ds
e413c58 
[ upstream commit e771a9c ]

This commit is to make sure that users can enable/disable SA token auto
mount, which is recommended in NSA security hardening guide. This PR is for the cilium-nodeinit daemonset.

https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF

Signed-off-by: darox <maderdario@gmail.com>
Signed-off-by: Tam Mach <tam.mach@cilium.io>
@ayuspin @sayboras
helm: Add extraVolumeMounts to cilium-monitor and clean-cilium-state
9dd6881 
[ upstream commit 4a5cbba ]

Signed-off-by: Andrii Iuspin <yuspin@gmail.com>
Signed-off-by: Tam Mach <tam.mach@cilium.io>
@ayuspin @sayboras
helm: Add automount related fields to preflight
9527b32 
[ upstream commit 6f54448 ]

This commit is to add automountServiceAccountToken, extraVolumes and
extraVolumeMounts field to preflight workload.

Signed-off-by: Andrii Iuspin <yuspin@gmail.com>
Signed-off-by: Tam Mach <tam.mach@cilium.io>
@ayuspin @sayboras
helm: Add extraVolumeMounts to etcd-init and etcd
bee6bc2 
[ upstream commit 22a4d1d ]

Signed-off-by: Andrii Iuspin <yuspin@gmail.com>
Signed-off-by: Tam Mach <tam.mach@cilium.io>
@ayuspin @sayboras
helm: Add extraVolumes and extraVolumeMounts to hubble-relay
d96915b 
[ upstream commit 76126b7 ]

Signed-off-by: Andrii Iuspin <yuspin@gmail.com>
Signed-off-by: Tam Mach <tam.mach@cilium.io>
@ayuspin @sayboras
helm: add resources via initResources for the agent init containers
1f73df4 
[ upstream commit de788fa ]

Signed-off-by: Andrii Iuspin <yuspin@gmail.com>
Signed-off-by: Tam Mach <tam.mach@cilium.io>
Signed-off-by: Tam Mach <tam.mach@cilium.io>
@sayboras sayboras added kind/backports This PR provides functionality previously merged into master. backport/1.12 This PR represents a backport for Cilium 1.12.x of a PR that was merged to main. labels Dec 7, 2023
@sayboras sayboras requested a review from darox December 7, 2023 10:08
@sayboras
Copy link
Member Author

sayboras commented Dec 7, 2023
edited by maintainer-s-little-helper bot
Loading

/test-backport-1.12

Job 'Cilium-PR-K8s-1.22-kernel-4.9' failed:

Click to show.

Test Name

K8sHubbleTest Hubble Observe Test L3/L4 Flow

Failure Output

FAIL: Found 1 k8s-app=cilium logs matching list of errors that must be investigated:

Jenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.22-kernel-4.9/233/

If it is a flake and a GitHub issue doesn't already exist to track it, comment /mlh new-flake Cilium-PR-K8s-1.22-kernel-4.9 so I can create one.

Then please upload the Jenkins artifacts to that issue.

Job 'Cilium-PR-K8s-1.19-kernel-4.9' failed:

Click to show.

Test Name

K8sPolicyTest Multi-node policy test with L7 policy using connectivity-check to check datapath

Failure Output

FAIL: cannot install connectivity-check

Jenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.19-kernel-4.9/314/

If it is a flake and a GitHub issue doesn't already exist to track it, comment /mlh new-flake Cilium-PR-K8s-1.19-kernel-4.9 so I can create one.

Then please upload the Jenkins artifacts to that issue.

Job 'Cilium-PR-K8s-1.24-kernel-net-next' hit: #29668 (94.82% similarity)

@sayboras sayboras added the release-blocker/1.12 This issue will prevent the release of the next version of Cilium. label Dec 7, 2023
@sayboras sayboras marked this pull request as ready for review December 7, 2023 11:28
@sayboras sayboras requested a review from a team as a code owner December 7, 2023 11:28
@sayboras
Copy link
Member Author

sayboras commented Dec 7, 2023

/test-1.22-4.9

1 similar comment
@sayboras
Copy link
Member Author

sayboras commented Dec 7, 2023

/test-1.22-4.9

@maintainer-s-little-helper maintainer-s-little-helper bot mentioned this pull request Dec 7, 2023
Closed
@sayboras sayboras requested review from a team as code owners December 7, 2023 15:09
@sayboras sayboras requested a review from brlbil December 7, 2023 15:09
@nbusseneau
Copy link
Member

@sayboras Sorry, I messed up your PR for a few seconds by force-pushing because I was doing a regular backport round with the same branch name 😢 Restored previous state.

@sayboras
Copy link
Member Author

sayboras commented Dec 7, 2023

/test-1.19-4.9

@sayboras
Copy link
Member Author

sayboras commented Dec 7, 2023

/test-1.24-net-next

@sayboras sayboras removed request for a team and brlbil December 7, 2023 15:36
@sayboras
Copy link
Member Author

sayboras commented Dec 7, 2023

/test-runtime

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Dec 8, 2023
@aanm aanm merged commit fb7097a into v1.12 Dec 8, 2023
138 checks passed
@aanm aanm deleted the pr/v1.12-backport-2023-12-07 branch December 8, 2023 07:59
@nebril nebril mentioned this pull request Dec 11, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ti-mo ti-mo ti-mo approved these changes

@darox darox darox approved these changes

Assignees
No one assigned
Labels
backport/1.12 This PR represents a backport for Cilium 1.12.x of a PR that was merged to main. kind/backports This PR provides functionality previously merged into master. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-blocker/1.12 This issue will prevent the release of the next version of Cilium.
Projects
No open projects
cilium v1.12.17
Status: Released
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@sayboras @nbusseneau @ti-mo @darox @aanm @ayuspin