v1.14 Backports 2024-01-31 #30554
Merged
v1.14 Backports 2024-01-31 #30554
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
joamaki
added
kind/backports
joamaki
requested review from
marseel,
chaunceyjiang,
qmonnet,
brlbil,
geakstr,
YutaroHayakawa,
giorio94,
viktor-kurchenko and
julianwiedmann
[ upstream commit 34db938 ] We observed several timeout. Bump the timeout as a workaround. Signed-off-by: Yutaro Hayakawa <yutaro.hayakawa@isovalent.com> Signed-off-by: Jussi Maki <jussi@isovalent.com>
[ upstream commit 5eee9de ] The Node{Add,Update,Delete} functions of the linux node handler are already guarded in order not to execute the underlying logic if the node subsystem is not yet fully initialized. Once initialized, all updates are then automatically replayed. Yet, this does not apply to the NodeValidateImplementation and AllNodeValidateImplementation functions, which can also be invoked asynchronously, leading to a panic if not fully initialized (even without panicing, we would be enforcing an incorrect configuration, possibly disrupting existing connections): github.com/cilium/cilium/pkg/datapath/linux.(*linuxNodeHandler).nodeUpdate(0xc0022be1a0, 0x0, 0xc001936480, 0x0) /go/src/github.com/cilium/cilium/pkg/datapath/linux/node.go:1030 +0x142d github.com/cilium/cilium/pkg/datapath/linux.(*linuxNodeHandler).NodeValidateImplementation(_, {{0xc000f10720, 0x1b}, {0xc00068b2d8, 0x13}, {0xc000d6a3c0, 0x4, 0x4}, 0xc0005fc0e8, {0x0, ...}, ...}) /go/src/github.com/cilium/cilium/pkg/datapath/linux/node.go:1337 +0xc8 github.com/cilium/cilium/pkg/node/manager.(*manager).backgroundSync.func1({0x4019e80, 0xc0022be1a0}) /go/src/github.com/cilium/cilium/pkg/node/manager/manager.go:342 +0x9a github.com/cilium/cilium/pkg/node/manager.(*manager).Iter(0x3251f40?, 0xc001f0bdb8) /go/src/github.com/cilium/cilium/pkg/node/manager/manager.go:174 +0xdb github.com/cilium/cilium/pkg/node/manager.(*manager).backgroundSync(0xc00083c460, {0x400c390, 0xc00135b630}) /go/src/github.com/cilium/cilium/pkg/node/manager/manager.go:341 +0x4ab github.com/cilium/workerpool.(*WorkerPool).run.func1() Let's fix this by also checking the initialization status there. Signed-off-by: Marco Iorio <marco.iorio@isovalent.com> Signed-off-by: Jussi Maki <jussi@isovalent.com>
[ upstream commit f299dc1 ] Signed-off-by: viktor-kurchenko <viktor.kurchenko@isovalent.com> Signed-off-by: Jussi Maki <jussi@isovalent.com>
[ upstream commit 7cdadbc ] Global variable `countErrors` converted to the function local. Signed-off-by: viktor-kurchenko <viktor.kurchenko@isovalent.com> Signed-off-by: Jussi Maki <jussi@isovalent.com>
[ upstream commit 000edce ] Signed-off-by: viktor-kurchenko <viktor.kurchenko@isovalent.com> Signed-off-by: Jussi Maki <jussi@isovalent.com>
[ upstream commit 09f18fd ] Signed-off-by: Filip Nikolic <oss.filipn@gmail.com> Signed-off-by: Jussi Maki <jussi@isovalent.com>
[ upstream commit 3932a4b ] Fix up some ctx_load_bytes() usage to return a drop reason, and not the raw kernel errno. Signed-off-by: Julian Wiedmann <jwi@isovalent.com> Signed-off-by: Jussi Maki <jussi@isovalent.com>
[ upstream commit 87d948e ] The Cilium nodeinit startup script lays down a temporary CNI config in order to be able to restart a version of containerd that doesn't allow a missing CNI config. This commit fixes an issue with missing double quotes in the temporary config which causes an error in containerd and leads to NotReady Kubernetes nodes I also considered heredoc or escaping the quote characters but settled on single quoting as I think its the most readable one line solution without needing to deal with the indentation issue with heredoc Signed-off-by: Tom Cowling <952241+tlcowling@users.noreply.github.com> Signed-off-by: Jussi Maki <jussi@isovalent.com>
[ upstream commit a388c42 ] Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.2...3.1.3) --- updated-dependencies: - dependency-name: jinja2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
[ upstream commit 068dc47 ] Signed-off-by: Cilium Imagebot <noreply@cilium.io> Signed-off-by: Jussi Maki <jussi@isovalent.com>
[ upstream commit f30fd60 ] This commit adds a warning to the Egress Gateway documentation to help user avoid deploying a known bad configuration. Co-authored-by: Quentin Monnet <quentin@isovalent.com> Signed-off-by: soggiest <nicholas@isovalent.com> Signed-off-by: Jussi Maki <jussi@isovalent.com>
[ upstream commit ef426e3 ] Fixes: 30085 Signed-off-by: chaunceyjiang <chaunceyjiang@gmail.com> Signed-off-by: Jussi Maki <jussi@isovalent.com>
[ upstream commit c861392 ] This commit updates upload-artifact github action version from v3.1.3 hash a8a3f3ad30e3422c9c7b888a15615d19a852ae32 to v4.3.0 hash 26f96dfa697d77e81fd5907df203aa23a56210a8 Signed-off-by: Birol Bilgin <birol@cilium.io> Signed-off-by: Jussi Maki <jussi@isovalent.com>
[ upstream commit f017062 ] This commit migrates upload-artifact github action from v3 to v4 With version 4 artifacts are immutable so consequent uploads with the same artifact name fail. The artifact's names changes to be unique. Also, to combine all artifacts merge-upload job is added. This job downloads, merges, and uploads the merged artifact. All temporary artifacts are deleted. Signed-off-by: Birol Bilgin <birol@cilium.io> Signed-off-by: Jussi Maki <jussi@isovalent.com>
[ upstream commit 3092ed1 ] Signed-off-by: Dmitry Kharitonov <dmitry@isovalent.com> Signed-off-by: Jussi Maki <jussi@isovalent.com>
[ upstream commit 5581963 ] This commit brings two fixes to the script that we use to determine to which version we should upgrade/downgrade in some CI workflows. The first fix is the most important one. When looking for the closest patch version, make the script return the value in VERSION instead of decrementing it. The rationale is that for stable branches, VERSION already points to the latest patch release, there is no need to decrease it further! This fix does not affect the output for the calculation of the previous minor version number. The second fix is simply the addition of an error message in case the minor version number is 0, to get some explicit error instead of a silent failure if we ever reach Cilium 2.0.0. Updated samples of numbers from VERSION and the corresponding values returned: VERSION Previous minor Previous patch release 1.14.3 v1.13 v1.14.3 1.14.1 v1.13 v1.14.1 1.14.0 v1.13 <error> 1.14.1-dev v1.13 v1.14.1 1.15.0-dev v1.14 <error> 1.13.90 v1.12 <error> 2.0.1 <error> v2.0.1 Fixes: 56dfec2 ("contrib/scripts: Support patch releases in print-downgrade-version.sh") Signed-off-by: Quentin Monnet <quentin@isovalent.com> Signed-off-by: Jussi Maki <jussi@isovalent.com>
[ upstream commit 44c3dd0 ] Since #29000 packets are always encapsulated before they are encrypted with WireGuard. Therefore, we also need to take the tunnel overhead for the route MTU into account. This fixes a performance regression. Before this commit WireGuard encrypted pod-to-pod traffic the iperf3 bandwidth was ~102 Mbits/sec. With this patch the bandwidth increases to 656 Mbits/sec. Without encryption the bandwidth is ~2 Gbits/sec. Fixes: b67291f Signed-off-by: Leonard Cohnen <lc@edgeless.systems> Signed-off-by: Jussi Maki <jussi@isovalent.com>
joamaki
force-pushed
the
pr/v1.14-backport-2024-01-31
branch
from
ef07a03
to
73c8a30
Compare
marseel
requested changes
Jan 31, 2024
giorio94
approved these changes
Jan 31, 2024
qmonnet
approved these changes
Jan 31, 2024
[ upstream commit 027bd96 ] For now, we cover following matrix of features: - tunneling/direct-routing - no encryption/ipsec - hubble enabled/disabled All results are exported in a format compatible with Perfdash, where we can visualize results and see regressions/improvements for specific configurations. Signed-off-by: Marcel Zieba <marcel.zieba@isovalent.com> Signed-off-by: Jussi Maki <jussi@isovalent.com>
[ upstream commit e9b0ae0 ] Signed-off-by: Marcel Zieba <marcel.zieba@isovalent.com> Signed-off-by: Jussi Maki <jussi@isovalent.com>
joamaki
force-pushed
the
pr/v1.14-backport-2024-01-31
branch
from
73c8a30
to
d3a03df
Compare
|
/test-backport-1.14 |
marseel
approved these changes
Feb 1, 2024
geakstr
approved these changes
Feb 1, 2024
julianwiedmann
approved these changes
Feb 1, 2024
YutaroHayakawa
approved these changes
Feb 2, 2024
learnitall
approved these changes
Feb 7, 2024
|
@cilium/ci-structure @cilium/github-sec could someone from these review? |
pchaigno
approved these changes
Feb 7, 2024
maintainer-s-little-helper
bot
added
the
ready-to-merge
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PRs skipped due to conflicts:
Once this PR is merged, a GitHub action will update the labels of these PRs: