Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pkg/node/manager: Fix inconsistent ipset entries handling on node update, add test non-regression test #29986

Merged
merged 2 commits into from
Jan 8, 2024
Merged

pkg/node/manager: Fix inconsistent ipset entries handling on node update, add test non-regression test #29986

merged 2 commits into from
Jan 8, 2024

Conversation

qmonnet
Copy link
Member

@qmonnet qmonnet commented Dec 19, 2023
edited

Following a bug on the v1.13 branch in the way we update the list of ipset entries in the node manager, add a test to ensure that entries are added or removed as we expect on node updates.

This is a forward port of the test added first to branch v1.13, commit 9ec163aff6f ("pkg/node/manager: Add test to validate ipset entries"), although the test has been reworked to use a mock ipset manager instead of checking the real ipset (which required privileges).

Related: #29898

[EDIT] Added an additional commit to fix the inconsistent behaviour on ipset entry handling in the node manager.

Fix a bug that may cause traffic to the node internal IP addresses to be incorrectly masqueraded when node encryption and remote node identities are both disabled, due to an inconsistency in the node manager when handling ipset entries insertions and deletions on node updates.

@qmonnet qmonnet added area/CI-improvement Topic or proposal to improve the Continuous Integration workflow release-note/ci This PR makes changes to the CI. labels Dec 19, 2023
@qmonnet
Copy link
Member Author

qmonnet commented Dec 19, 2023

/test

@qmonnet qmonnet added needs-backport/1.14 This PR / issue needs backporting to the v1.14 branch needs-backport/1.15 This PR / issue needs backporting to the v1.15 branch labels Dec 19, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from main in v1.15.0-rc.1 Dec 19, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from main in 1.14.6 Dec 19, 2023
@qmonnet qmonnet added kind/bug This is a bug in the Cilium logic. sig/agent Cilium agent related. labels Dec 20, 2023
@qmonnet qmonnet force-pushed the pr/qmonnet/manager-ipset-test branch from 6975d7f to 60a97eb Compare January 4, 2024 11:36
@qmonnet
Copy link
Member Author

qmonnet commented Jan 4, 2024

/test

@qmonnet qmonnet marked this pull request as ready for review January 4, 2024 14:33
@qmonnet qmonnet requested review from a team as code owners January 4, 2024 14:33
@qmonnet qmonnet added release-note/bug This PR fixes an issue in a previous release of Cilium. and removed release-note/ci This PR makes changes to the CI. labels Jan 4, 2024
mhofstetter
mhofstetter approved these changes Jan 5, 2024
View reviewed changes
Copy link
Member

@mhofstetter mhofstetter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cli ✔️

thanks!

@maintainer-s-little-helper maintainer-s-little-helper bot added ready-to-merge This PR has passed all tests and received consensus from code owners to merge. labels Jan 8, 2024
@qmonnet qmonnet removed the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jan 8, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jan 8, 2024
@qmonnet qmonnet added the dont-merge/discussion A discussion is ongoing and should be resolved before merging, regardless of reviews & tests status. label Jan 8, 2024
@qmonnet qmonnet changed the title pkg/node/manager: Add test to validate ipset entries pkg/node/manager: Fix inconsistent ipset entries handling on node update, add test non-regression test Jan 8, 2024
@qmonnet qmonnet force-pushed the pr/qmonnet/manager-ipset-test branch from 60a97eb to 4480462 Compare January 8, 2024 14:52
@qmonnet qmonnet requested a review from pchaigno January 8, 2024 14:55
@qmonnet qmonnet removed ready-to-merge This PR has passed all tests and received consensus from code owners to merge. dont-merge/discussion A discussion is ongoing and should be resolved before merging, regardless of reviews & tests status. labels Jan 8, 2024
@qmonnet
Copy link
Member Author

qmonnet commented Jan 8, 2024

/test

pchaigno
pchaigno approved these changes Jan 8, 2024
View reviewed changes
Copy link
Member

@pchaigno pchaigno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, apart from the couple notes on the release note.

@qmonnet qmonnet added this pull request to the merge queue Jan 8, 2024
Merged via the queue into main with commit cbe3037 Jan 8, 2024
207 checks passed
@qmonnet qmonnet deleted the pr/qmonnet/manager-ipset-test branch January 8, 2024 17:26
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jan 8, 2024
@jibi jibi mentioned this pull request Jan 11, 2024
Merged
9 tasks
@qmonnet qmonnet mentioned this pull request Jan 11, 2024
Merged
@qmonnet qmonnet added backport-pending/1.14 The backport for Cilium 1.14.x for this PR is in progress. and removed needs-backport/1.14 This PR / issue needs backporting to the v1.14 branch labels Jan 11, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from main to Backport pending to v1.14 in 1.14.6 Jan 11, 2024
@qmonnet qmonnet mentioned this pull request Jan 11, 2024
Merged
2 tasks
@jibi jibi mentioned this pull request Jan 12, 2024
Merged
32 tasks
@jibi jibi added backport-pending/1.15 The backport for Cilium 1.15.x for this PR is in progress. and removed needs-backport/1.15 This PR / issue needs backporting to the v1.15 branch labels Jan 12, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from main to Backport pending to v1.15 in v1.15.0-rc.1 Jan 12, 2024
@github-actions github-actions bot added backport-done/1.14 The backport for Cilium 1.14.x for this PR is done. and removed backport-pending/1.14 The backport for Cilium 1.14.x for this PR is in progress. labels Jan 15, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.14 to Backport done to v1.14 in 1.14.6 Jan 15, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot removed this from Backport done to v1.14 in 1.14.6 Jan 15, 2024
@aanm aanm mentioned this pull request Jan 16, 2024
Merged
@gentoo-root gentoo-root mentioned this pull request Jan 17, 2024
Merged
@giorio94 giorio94 added backport-done/1.15 The backport for Cilium 1.15.x for this PR is done. and removed backport-pending/1.15 The backport for Cilium 1.15.x for this PR is in progress. labels Jan 29, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.15 to Backport done to v1.15 in v1.15.0-rc.1 Jan 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gandro gandro gandro approved these changes

@pchaigno pchaigno pchaigno approved these changes

@mhofstetter mhofstetter mhofstetter approved these changes

Assignees
No one assigned
Labels
area/CI-improvement Topic or proposal to improve the Continuous Integration workflow backport-done/1.14 The backport for Cilium 1.14.x for this PR is done. backport-done/1.15 The backport for Cilium 1.15.x for this PR is done. kind/bug This is a bug in the Cilium logic. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/bug This PR fixes an issue in a previous release of Cilium. sig/agent Cilium agent related.
Projects
No open projects
v1.15.0-rc.1
Backport done to v1.15
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@qmonnet @gandro @pchaigno @mhofstetter @jibi @giorio94