Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v1.13] ci/ipsec: Re-enable node-to-node-encryption check #30402

Merged
merged 1 commit into from
Jan 24, 2024
Merged

[v1.13] ci/ipsec: Re-enable node-to-node-encryption check #30402

merged 1 commit into from
Jan 24, 2024

Conversation

qmonnet
Copy link
Member

@qmonnet qmonnet commented Jan 24, 2024

We disabled the check in commit 8646989 ("ci: In conn-disrupt-test action, disable node-to-node-encryption check") because we used to observe flakes.

The issue has been fixed in v1.13 with commit 3a4deb3 ("node: Fix IP removal from ipset on node updates"). With the recent patch release v1.13.11 that contains the fix, we shouldn't hit the issue when downgrading to the closest patch release anymore, and we can now re-enable the check.

Link: #29351
Link: #29898

@qmonnet
ci/ipsec: Re-enable node-to-node-encryption check
045498b 
We disabled the check in commit 8646989 ("ci: In conn-disrupt-test
action, disable node-to-node-encryption check") because we used to
observe flakes.

The issue has been fixed in v1.13 with commit 3a4deb3 ("node: Fix
IP removal from ipset on node updates"). With the recent patch release
v1.13.11 that contains the fix, we shouldn't hit the issue when
downgrading to the closest patch release anymore, and we can now
re-enable the check.

Link: #29351
Link: #29898
Signed-off-by: Quentin Monnet <quentin@isovalent.com>
@qmonnet qmonnet added area/CI Continuous Integration testing issue or flake release-note/ci This PR makes changes to the CI. feature/ipsec Relates to Cilium's IPsec feature labels Jan 24, 2024
@qmonnet qmonnet requested a review from a team as a code owner January 24, 2024 10:22
@maintainer-s-little-helper maintainer-s-little-helper bot added backport/1.13 This PR represents a backport for Cilium 1.13.x of a PR that was merged to main. kind/backports This PR provides functionality previously merged into master. labels Jan 24, 2024
@qmonnet qmonnet removed the release-note/ci This PR makes changes to the CI. label Jan 24, 2024
@qmonnet
Copy link
Member Author

qmonnet commented Jan 24, 2024

/test-backport-1.13

@qmonnet qmonnet added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jan 24, 2024
@squeed squeed merged commit c7203af into v1.13 Jan 24, 2024
138 checks passed
@squeed squeed deleted the pr/qmonnet/ipsec/1.13-n2ne-on branch January 24, 2024 13:47
@julianwiedmann
Copy link
Member

@qmonnet fyi, looks like this was pre-mature - the v1.13 ci-ipsec-upgrade workflow still uses v1.13.10 in its patch-version test. And failing in node-to-node-encryption/node-to-node-encryption/ping-ipv4 quite regularly now.

@qmonnet
Copy link
Member Author

qmonnet commented Jan 29, 2024

😱

  • the v1.13 ci-ipsec-upgrade workflow still uses v1.13.10 in its patch-version test.

It's supposed to use the latest patch release (currently v1.13.11) though, right? Sounds like this is the version selection in the workflow itself where I messed up 🤔

@qmonnet qmonnet mentioned this pull request Jan 29, 2024
Merged
@michi-covalent michi-covalent mentioned this pull request Feb 13, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@squeed squeed squeed approved these changes

@julianwiedmann julianwiedmann julianwiedmann approved these changes

Assignees
No one assigned
Labels
area/CI Continuous Integration testing issue or flake backport/1.13 This PR represents a backport for Cilium 1.13.x of a PR that was merged to main. feature/ipsec Relates to Cilium's IPsec feature kind/backports This PR provides functionality previously merged into master. ready-to-merge This PR has passed all tests and received consensus from code owners to merge.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@qmonnet @julianwiedmann @squeed