From a3ebee2af0b27a1639368c6e73a54254abe7a829 Mon Sep 17 00:00:00 2001 From: darox Date: Tue, 16 Apr 2024 16:10:51 +0000 Subject: [PATCH 01/12] Agent: add kubeconfigPath to initContainers [ upstream commit 284ee43f82ad8230ca013f283bb9ad141f5531df ] This commit adds the missing pass of the Helm value `kubeConfigPath` to the initContainer of the Cilium-agent. Signed-off-by: darox Signed-off-by: Sebastian Wicki --- .../cilium/templates/cilium-agent/daemonset.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/install/kubernetes/cilium/templates/cilium-agent/daemonset.yaml b/install/kubernetes/cilium/templates/cilium-agent/daemonset.yaml index ae6fb50514e5f..edfd7ba46f11b 100644 --- a/install/kubernetes/cilium/templates/cilium-agent/daemonset.yaml +++ b/install/kubernetes/cilium/templates/cilium-agent/daemonset.yaml @@ -423,6 +423,9 @@ spec: {{- if (not (kindIs "invalid" .Values.daemon.blockedConfigOverrides)) }} - "--deny-config-keys={{.Values.daemon.blockedConfigOverrides}}" {{- end }} + {{- if .Values.kubeConfigPath }} + - "--k8s-kubeconfig-path={{ .Values.kubeConfigPath }}" + {{- end }} env: - name: K8S_NODE_NAME valueFrom: @@ -445,6 +448,11 @@ spec: volumeMounts: - name: tmp mountPath: /tmp + {{- if .Values.kubeConfigPath }} + - name: kube-config + mountPath: {{ .Values.kubeConfigPath }} + readOnly: true + {{- end }} {{- with .Values.extraVolumeMounts }} {{- toYaml . | nindent 8 }} {{- end }} From f5be54345e0f1724f6689335b3dc70ea1ac068d4 Mon Sep 17 00:00:00 2001 From: Marcel Zieba Date: Mon, 22 Apr 2024 10:34:50 +0000 Subject: [PATCH 02/12] Remove aks-preview from AKS workflows [ upstream commit a758d21bbae09ab0c4a8cd671e05e043a8c1ea5a ] Signed-off-by: Marcel Zieba Signed-off-by: Sebastian Wicki --- .github/workflows/conformance-aks.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/conformance-aks.yaml b/.github/workflows/conformance-aks.yaml index 6dcd2f49db7e3..56c7408cc4f35 100644 --- a/.github/workflows/conformance-aks.yaml +++ b/.github/workflows/conformance-aks.yaml @@ -189,12 +189,6 @@ jobs: with: creds: ${{ secrets.AZURE_PR_SP_CREDS }} - - name: Install aks-preview CLI extension - run: | - az extension add --name aks-preview - az extension update --name aks-preview - az version - - name: Create AKS cluster run: | # Create group From ed51536ff8dd3f17aec4af3de9532809bee7e7ac Mon Sep 17 00:00:00 2001 From: Sebastian Wicki Date: Tue, 16 Apr 2024 13:44:22 +0000 Subject: [PATCH 03/12] vendor: Bump cilium/dns to fix bug where timeout was not respected [ upstream commit c76677d81aa58c00698818bc1be55d1f5b4d0b0d ] This pulls in cilium/dns#11 which fixes a bug where the `SharedClient` logic did not respect the `c.Client.Timeout` field. Signed-off-by: Sebastian Wicki --- go.mod | 2 +- go.sum | 4 ++-- vendor/github.com/cilium/dns/shared_client.go | 2 +- vendor/modules.txt | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 2d7d0f3c68955..8ce9ddaee5b67 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/cilium/coverbee v0.2.2 github.com/cilium/customvet v0.0.0-20201209211516-9852765c1ac4 github.com/cilium/deepequal-gen v0.0.0-20200406125435-ad6a9003139e - github.com/cilium/dns v1.1.51-0.20240411200813-4e6b438d9e05 + github.com/cilium/dns v1.1.51-0.20240416134107-d47d0dd702a1 github.com/cilium/ebpf v0.9.4-0.20221102092914-a9cf21df64c2 github.com/cilium/ipam v0.0.0-20220824141044-46ef3d556735 github.com/cilium/kafka v0.0.0-20180809090225-01ce283b732b diff --git a/go.sum b/go.sum index d9f0c7727e3a9..b7ae647c9cecb 100644 --- a/go.sum +++ b/go.sum @@ -167,8 +167,8 @@ github.com/cilium/customvet v0.0.0-20201209211516-9852765c1ac4 h1:aqrS+g/6xLKJjc github.com/cilium/customvet v0.0.0-20201209211516-9852765c1ac4/go.mod h1:MEn5V1CejgUNFP3Y1JKmBC6Mb9TuK53ecHG9lffctFg= github.com/cilium/deepequal-gen v0.0.0-20200406125435-ad6a9003139e h1:VZolEtS7AlGDu3IH368iqkvfQQSGPgOnPjNaUx4dS7M= github.com/cilium/deepequal-gen v0.0.0-20200406125435-ad6a9003139e/go.mod h1:c4R5wxGyXhbM6zyKeRKNIc9aab5EZi4z4oOSZvUMvZA= -github.com/cilium/dns v1.1.51-0.20240411200813-4e6b438d9e05 h1:lEzR/g0snQppy8yvaMSV7ZN5lcl54Ja4C6MpGqYz2PA= -github.com/cilium/dns v1.1.51-0.20240411200813-4e6b438d9e05/go.mod h1:/7LC2GOgyXJ7maupZlaVIumYQiGPIgllSf6mA9sg6RU= +github.com/cilium/dns v1.1.51-0.20240416134107-d47d0dd702a1 h1:IR2iQhLyEVDJ52rPpqYAdRZMwlOSDl1XJqkD5PQJAfs= +github.com/cilium/dns v1.1.51-0.20240416134107-d47d0dd702a1/go.mod h1:/7LC2GOgyXJ7maupZlaVIumYQiGPIgllSf6mA9sg6RU= github.com/cilium/ebpf v0.5.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs= github.com/cilium/ebpf v0.9.4-0.20221102092914-a9cf21df64c2 h1:0uNZvKfSZS/iA3EnfrnhNu/ZwZIxs5KW3j6sCg2ENNU= github.com/cilium/ebpf v0.9.4-0.20221102092914-a9cf21df64c2/go.mod h1:w27N4UjpaQ9X/DGrSugxUG+H+NhgntDuPb5lCzxCn8A= diff --git a/vendor/github.com/cilium/dns/shared_client.go b/vendor/github.com/cilium/dns/shared_client.go index ae1c386a1795d..0b8bbeec76900 100644 --- a/vendor/github.com/cilium/dns/shared_client.go +++ b/vendor/github.com/cilium/dns/shared_client.go @@ -291,7 +291,7 @@ func (c *SharedClient) ExchangeSharedContext(ctx context.Context, m *Msg) (r *Ms // This request keeps 'c.requests' open; sending a request may hang indefinitely if // the handler happens to quit at the same time. Use ctx.Done to avoid this. - timeout := c.Client.writeTimeout() + timeout := c.getTimeoutForRequest(c.Client.writeTimeout()) ctx, cancel := context.WithTimeout(ctx, timeout) defer cancel() respCh := make(chan sharedClientResponse) diff --git a/vendor/modules.txt b/vendor/modules.txt index e84dec6c046ec..78897a57ef4a5 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -181,7 +181,7 @@ github.com/cilium/customvet/analysis/timeafter ## explicit; go 1.14 github.com/cilium/deepequal-gen github.com/cilium/deepequal-gen/generators -# github.com/cilium/dns v1.1.51-0.20240411200813-4e6b438d9e05 +# github.com/cilium/dns v1.1.51-0.20240416134107-d47d0dd702a1 ## explicit; go 1.18 github.com/cilium/dns # github.com/cilium/ebpf v0.9.4-0.20221102092914-a9cf21df64c2 From ad47fda4ee3107cc65d792de4d3a9f4cede5da19 Mon Sep 17 00:00:00 2001 From: Sebastian Wicki Date: Tue, 16 Apr 2024 11:27:26 +0000 Subject: [PATCH 04/12] dnsproxy: Fix bug where DNS request timed out too soon [ upstream commit 931b8167ea29bfd3ae8e6f11f41a8a1c531c33c8 ] This fixes a bug where DNS requests would timeout after 2 seconds, instead of the intended 10 seconds. This resulted in a `Timeout waiting for response to forwarded proxied DNS lookup` error message whenever the response took longer than 2 seconds. The `dns.Client` used by the proxy is [already configured][1] to use `ProxyForwardTimeout` value of 10 seconds, which would apply also to the `dns.Client.DialTimeout`, if it was not for the custom `net.Dialer` we use in Cilium. The logic in [dns.Client.getTimeoutForRequest][2] overwrites the request timeout with the timeout from the custom `Dialer`. Therefore, the intended `ProxyForwardTimeout` 10 second timeout value was overwritten with the much shorter `net.Dialer.Timeout` value of two seconds. This commit fixes that issue by using `ProxyForwardTimeout` for the `net.Dialer` too. Fixes: cf3cc16289b7 ("fqdn: dnsproxy: fix forwarding of the original security identity for TCP") [1]: https://github.com/cilium/cilium/blob/50943dbc02496c42a4375947a988fc233417e163/pkg/fqdn/dnsproxy/proxy.go#L1042 [2]: https://github.com/cilium/cilium/blob/94f6553f5b79383b561e8630bdf40bd824769ede/vendor/github.com/cilium/dns/client.go#L405 Reported-by: Andrii Iuspin Signed-off-by: Sebastian Wicki --- pkg/fqdn/dnsproxy/proxy.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/fqdn/dnsproxy/proxy.go b/pkg/fqdn/dnsproxy/proxy.go index 202542a2c52da..c54605e120f1b 100644 --- a/pkg/fqdn/dnsproxy/proxy.go +++ b/pkg/fqdn/dnsproxy/proxy.go @@ -997,7 +997,7 @@ func (p *DNSProxy) ServeDNS(w dns.ResponseWriter, request *dns.Msg) { ipv4 := targetServerIP.To4() != nil dialer := net.Dialer{ - Timeout: 2 * time.Second, + Timeout: ProxyForwardTimeout, Control: func(network, address string, c syscall.RawConn) error { var soerr error if err := c.Control(func(su uintptr) { From 9811b1116c0879ef5928448a9fabd45f8fcc56f7 Mon Sep 17 00:00:00 2001 From: Jason Aliyetti Date: Fri, 19 Apr 2024 22:50:21 +0000 Subject: [PATCH 05/12] ipam: retry netlink.LinkList call when setting up ENI devices [ upstream commit cf9bde54bd6eb6dbebe6c5f3e44500019b33b524 ] LinkList is prone to interrupts which are surfaced by the netlink library. This leads to stability issues when using the ENI datapath. This change makes it part of the retry loop in waitForNetlinkDevices. Fixes: #31974 Signed-off-by: Jason Aliyetti Signed-off-by: Sebastian Wicki --- pkg/ipam/crd_eni.go | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/pkg/ipam/crd_eni.go b/pkg/ipam/crd_eni.go index 41282c1701b03..288603bd82962 100644 --- a/pkg/ipam/crd_eni.go +++ b/pkg/ipam/crd_eni.go @@ -136,19 +136,19 @@ func waitForNetlinkDevices(configByMac configMap) (linkByMac linkMap, err error) for try := 0; try < waitForNetlinkDevicesMaxTries; try++ { links, err := netlink.LinkList() if err != nil { - return nil, fmt.Errorf("failed to obtain eni link list: %w", err) - } - - linkByMac = linkMap{} - for _, link := range links { - mac := link.Attrs().HardwareAddr.String() - if _, ok := configByMac[mac]; ok { - linkByMac[mac] = link + log.WithError(err).Error("failed to obtain eni link list") + } else { + linkByMac = linkMap{} + for _, link := range links { + mac := link.Attrs().HardwareAddr.String() + if _, ok := configByMac[mac]; ok { + linkByMac[mac] = link + } } - } - if len(linkByMac) == len(configByMac) { - return linkByMac, nil + if len(linkByMac) == len(configByMac) { + return linkByMac, nil + } } sleep := backoff.CalculateDuration( From 538e9df9256dca7d1241ab31a7ededfaca2f3636 Mon Sep 17 00:00:00 2001 From: Paul Chaignon Date: Fri, 19 Apr 2024 10:31:23 +0000 Subject: [PATCH 06/12] workflows: Fix CI jobs for push events on private forks [ upstream commit 715906adf2388ef238bf189830434324780c927c ] Those workflows are failing to run on push events in private forks. They fail in the "Deduce required tests from code changes" in which we compute a diff of changes. To compute that diff, the dorny/paths-filter GitHub action needs to be able to checkout older git references. Unfortunately, we checkout only the latest reference and drop credentials afterwards. This commit fixes it by checking out the full repository. This will take a few seconds longer so probably not a big issue. Reported-by: Marco Iorio Signed-off-by: Paul Chaignon Signed-off-by: Sebastian Wicki --- .github/workflows/documentation.yaml | 1 + .github/workflows/lint-bpf-checks.yaml | 1 + .github/workflows/tests-smoke-ipv6.yaml | 1 + .github/workflows/tests-smoke.yaml | 1 + 4 files changed, 4 insertions(+) diff --git a/.github/workflows/documentation.yaml b/.github/workflows/documentation.yaml index c040d49e624b8..9487b7529279e 100644 --- a/.github/workflows/documentation.yaml +++ b/.github/workflows/documentation.yaml @@ -26,6 +26,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false + fetch-depth: 0 - name: Check code changes uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: docs-tree diff --git a/.github/workflows/lint-bpf-checks.yaml b/.github/workflows/lint-bpf-checks.yaml index 20309d07c6de3..a982ebe3b1a68 100644 --- a/.github/workflows/lint-bpf-checks.yaml +++ b/.github/workflows/lint-bpf-checks.yaml @@ -29,6 +29,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false + fetch-depth: 0 - name: Check code changes uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: changes diff --git a/.github/workflows/tests-smoke-ipv6.yaml b/.github/workflows/tests-smoke-ipv6.yaml index 047521e11e456..a878c7885af3a 100644 --- a/.github/workflows/tests-smoke-ipv6.yaml +++ b/.github/workflows/tests-smoke-ipv6.yaml @@ -34,6 +34,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false + fetch-depth: 0 - name: Check code changes uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: tested-tree diff --git a/.github/workflows/tests-smoke.yaml b/.github/workflows/tests-smoke.yaml index fa2c98963cc68..772743e7cfdde 100644 --- a/.github/workflows/tests-smoke.yaml +++ b/.github/workflows/tests-smoke.yaml @@ -34,6 +34,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false + fetch-depth: 0 - name: Check code changes uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: tested-tree From b0cc560966c3c35b3a00ee63853b113735ce3df9 Mon Sep 17 00:00:00 2001 From: JBodkin-Amphora Date: Wed, 17 Apr 2024 12:58:31 +0000 Subject: [PATCH 07/12] docs: Fix prometheus port regex [ upstream commit 49334a5b9b79b3804865a084e5b4b2e8909cef6b ] Signed-off-by: James Bodkin Signed-off-by: Sebastian Wicki --- Documentation/observability/metrics.rst | 2 +- .../addons/prometheus/files/prometheus/prometheus.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Documentation/observability/metrics.rst b/Documentation/observability/metrics.rst index 771cd907a126d..d4050cf56deb6 100644 --- a/Documentation/observability/metrics.rst +++ b/Documentation/observability/metrics.rst @@ -84,7 +84,7 @@ option is set in the ``scrape_configs`` section: regex: true - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] action: replace - regex: (.+):(?:\d+);(\d+) + regex: ([^:]+)(?::\d+)?;(\d+) replacement: ${1}:${2} target_label: __address__ diff --git a/examples/kubernetes/addons/prometheus/files/prometheus/prometheus.yaml b/examples/kubernetes/addons/prometheus/files/prometheus/prometheus.yaml index 1e4a725d92cee..b355b89dca5ec 100644 --- a/examples/kubernetes/addons/prometheus/files/prometheus/prometheus.yaml +++ b/examples/kubernetes/addons/prometheus/files/prometheus/prometheus.yaml @@ -27,7 +27,7 @@ scrape_configs: - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] action: replace target_label: __address__ - regex: (.+)(?::\d+);(\d+) + regex: ([^:]+)(?::\d+)?;(\d+) replacement: $1:$2 - action: labelmap regex: __meta_kubernetes_service_label_(.+) @@ -52,7 +52,7 @@ scrape_configs: regex: (.+) - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] action: replace - regex: (.+):(?:\d+);(\d+) + regex: ([^:]+)(?::\d+)?;(\d+) replacement: ${1}:${2} target_label: __address__ - action: labelmap From 97b18e85a9f6256c2169041234fb2467ca9edd35 Mon Sep 17 00:00:00 2001 From: Jarno Rajahalme Date: Mon, 22 Apr 2024 17:13:09 +0000 Subject: [PATCH 08/12] endpoint: Skip build queue warning log is context is canceled [ upstream commit 8f0b10613443ffe30bcdc958addcab91416cf316 ] The warning log on failure to queue endpoint build is most likely not meaningful when the context is canceled, as this typically happends when the endpoint is deleted. Skip the warning log if error is context.Canceled. This fixes CI flakes like this: Found 1 k8s-app=cilium logs matching list of errors that must be investigated: 2024-04-22T07:48:47.779499679Z time="2024-04-22T07:48:47Z" level=warning msg="unable to queue endpoint build" ciliumEndpointName=kube-system/coredns-76f75df574-9k8sp containerID=3791acef13 containerInterface=eth0 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=637 error="context canceled" identity=25283 ipv4=10.0.0.151 ipv6="fd02::82" k8sPodName=kube-system/coredns-76f75df574-9k8sp subsys=endpoint Fixes: #31827 Signed-off-by: Jarno Rajahalme Signed-off-by: Sebastian Wicki --- pkg/endpoint/events.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/pkg/endpoint/events.go b/pkg/endpoint/events.go index 00adc4903cf06..e658c578ddf47 100644 --- a/pkg/endpoint/events.go +++ b/pkg/endpoint/events.go @@ -4,6 +4,8 @@ package endpoint import ( + "context" + "errors" "fmt" "strconv" @@ -44,7 +46,9 @@ func (ev *EndpointRegenerationEvent) Handle(res chan interface{}) { // being deleted at the same time. More info PR-1777. doneFunc, err := e.owner.QueueEndpointBuild(regenContext.parentContext, uint64(e.ID)) if err != nil { - e.getLogger().WithError(err).Warning("unable to queue endpoint build") + if !errors.Is(err, context.Canceled) { + e.getLogger().WithError(err).Warning("unable to queue endpoint build") + } } else if doneFunc != nil { e.getLogger().Debug("Dequeued endpoint from build queue") From 8f41565d657c891410440883bd41c52fc40b6f4b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 Apr 2024 05:13:00 +0000 Subject: [PATCH 09/12] build(deps): bump pydantic from 2.3.0 to 2.7.1 in /Documentation [ upstream commit b971e46f02be77e02195ae7654fa3ad99018e00e ] Bumps [pydantic](https://github.com/pydantic/pydantic) from 2.3.0 to 2.4.0. - [Release notes](https://github.com/pydantic/pydantic/releases) - [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md) - [Commits](https://github.com/pydantic/pydantic/compare/v2.3.0...v2.4.0) [ Quentin: The pydantic update requires an update of pydantic_core, too. Bump both packages to their latest available version (pydantic 2.7.1 and pydantic_core 2.18.2). ] --- updated-dependencies: - dependency-name: pydantic dependency-type: direct:production ... Signed-off-by: dependabot[bot] Signed-off-by: Quentin Monnet Signed-off-by: Sebastian Wicki --- Documentation/requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Documentation/requirements.txt b/Documentation/requirements.txt index 8f02c1c594e19..4a5583911baa7 100644 --- a/Documentation/requirements.txt +++ b/Documentation/requirements.txt @@ -42,8 +42,8 @@ mistune==2.0.5 packaging==23.1 pathspec==0.11.2 picobox==3.0.0 -pydantic==2.3.0 -pydantic_core==2.6.3 +pydantic==2.7.1 +pydantic_core==2.18.2 pyenchant==3.2.2 Pygments==2.16.1 PyYAML==6.0.1 From 61c886de56186a39eac3b8de6585b482ccb74131 Mon Sep 17 00:00:00 2001 From: Cilium Imagebot Date: Thu, 25 Apr 2024 09:15:25 +0000 Subject: [PATCH 10/12] ci: update docs-builder [ upstream commit 6e53ad73238d244c0dac5dccabc375729225fdae ] Signed-off-by: Cilium Imagebot --- .github/workflows/documentation.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/documentation.yaml b/.github/workflows/documentation.yaml index 9487b7529279e..20c194eab5900 100644 --- a/.github/workflows/documentation.yaml +++ b/.github/workflows/documentation.yaml @@ -59,7 +59,7 @@ jobs: with: persist-credentials: false - name: Build HTML - uses: docker://quay.io/cilium/docs-builder:6f53f8ad89e205c78afcce5e106061a4e45484de@sha256:db358ec7730851a641cc8ee99fde367072e2bd0b13d35b5856eee6b2d0eaa7d5 + uses: docker://quay.io/cilium/docs-builder:5de04f050b0326696e7fac5a2bcaa488bc8ed149@sha256:ac9e4f3a9caf7f182d8ae24a613dbb7071dab5ea34b6f3d5320654d5dea28155 with: entrypoint: ./Documentation/check-build.sh args: html From f594aa4583cdf23cd146aa95ec79d89c3914578f Mon Sep 17 00:00:00 2001 From: Tobias Klauser Date: Thu, 25 Apr 2024 09:15:05 +0000 Subject: [PATCH 11/12] install/kubernetes: update nodeinit image to latest version [ upstream commit a2069654ea618fa80d2175f9f453ff50c183e7bf ] [ backporter notes: minor conflict in Makefile.values and regenerated docs ] For some reason the renovate configuration added in commit ac804b6980aa ("install/kubernetes: use renovate to update quay.io/cilium/startup-script") did not pick up the update. Bump the image manually for now while we keep investigating. Signed-off-by: Tobias Klauser --- Documentation/helm-values.rst | 2 +- install/kubernetes/Makefile.values | 4 ++-- install/kubernetes/cilium/README.md | 2 +- install/kubernetes/cilium/values.yaml | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Documentation/helm-values.rst b/Documentation/helm-values.rst index 8ab7c080a0af2..277ba3ad2fe49 100644 --- a/Documentation/helm-values.rst +++ b/Documentation/helm-values.rst @@ -1640,7 +1640,7 @@ * - :spelling:ignore:`nodeinit.image` - node-init image. - object - - ``{"digest":"sha256:e1d442546e868db1a3289166c14011e0dbd32115b338b963e56f830972bc22a2","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/startup-script","tag":"62093c5c233ea914bfa26a10ba41f8780d9b737f","useDigest":true}`` + - ``{"digest":"sha256:820155cb3b7f00c8d61c1cffa68c44440906cb046bdbad8ff544f5deb1103456","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/startup-script","tag":"19fb149fb3d5c7a37d3edfaf10a2be3ab7386661","useDigest":true}`` * - :spelling:ignore:`nodeinit.nodeSelector` - Node labels for nodeinit pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector - object diff --git a/install/kubernetes/Makefile.values b/install/kubernetes/Makefile.values index 3901eb0d322bf..bac5b8b57d931 100644 --- a/install/kubernetes/Makefile.values +++ b/install/kubernetes/Makefile.values @@ -34,8 +34,8 @@ export CILIUM_ETCD_OPERATOR_REPO:=quay.io/cilium/cilium-etcd-operator export CILIUM_ETCD_OPERATOR_VERSION:=v2.0.7@sha256:04b8327f7f992693c2cb483b999041ed8f92efc8e14f2a5f3ab95574a65ea2dc export CILIUM_NODEINIT_REPO:=quay.io/cilium/startup-script # renovate: datasource=docker depName=quay.io/cilium/startup-script -export CILIUM_NODEINIT_VERSION:=62093c5c233ea914bfa26a10ba41f8780d9b737f -export CILIUM_NODEINIT_DIGEST:=sha256:e1d442546e868db1a3289166c14011e0dbd32115b338b963e56f830972bc22a2 +export CILIUM_NODEINIT_VERSION:=19fb149fb3d5c7a37d3edfaf10a2be3ab7386661 +export CILIUM_NODEINIT_DIGEST:=sha256:820155cb3b7f00c8d61c1cffa68c44440906cb046bdbad8ff544f5deb1103456 export CILIUM_OPERATOR_BASE_REPO:=quay.io/cilium/operator export ETCD_REPO:=quay.io/coreos/etcd diff --git a/install/kubernetes/cilium/README.md b/install/kubernetes/cilium/README.md index 431b69425349e..c6d0b21f603df 100644 --- a/install/kubernetes/cilium/README.md +++ b/install/kubernetes/cilium/README.md @@ -460,7 +460,7 @@ contributors across the globe, there is almost always someone available to help. | nodeinit.extraEnv | list | `[]` | Additional nodeinit environment variables. | | nodeinit.extraVolumeMounts | list | `[]` | Additional nodeinit volumeMounts. | | nodeinit.extraVolumes | list | `[]` | Additional nodeinit volumes. | -| nodeinit.image | object | `{"digest":"sha256:e1d442546e868db1a3289166c14011e0dbd32115b338b963e56f830972bc22a2","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/startup-script","tag":"62093c5c233ea914bfa26a10ba41f8780d9b737f","useDigest":true}` | node-init image. | +| nodeinit.image | object | `{"digest":"sha256:820155cb3b7f00c8d61c1cffa68c44440906cb046bdbad8ff544f5deb1103456","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/startup-script","tag":"19fb149fb3d5c7a37d3edfaf10a2be3ab7386661","useDigest":true}` | node-init image. | | nodeinit.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for nodeinit pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | nodeinit.podAnnotations | object | `{}` | Annotations to be added to node-init pods. | | nodeinit.podLabels | object | `{}` | Labels to be added to node-init pods. | diff --git a/install/kubernetes/cilium/values.yaml b/install/kubernetes/cilium/values.yaml index 812554c1786f3..a7045f453a4b6 100644 --- a/install/kubernetes/cilium/values.yaml +++ b/install/kubernetes/cilium/values.yaml @@ -2081,8 +2081,8 @@ nodeinit: image: override: ~ repository: "quay.io/cilium/startup-script" - tag: "62093c5c233ea914bfa26a10ba41f8780d9b737f" - digest: "sha256:e1d442546e868db1a3289166c14011e0dbd32115b338b963e56f830972bc22a2" + tag: "19fb149fb3d5c7a37d3edfaf10a2be3ab7386661" + digest: "sha256:820155cb3b7f00c8d61c1cffa68c44440906cb046bdbad8ff544f5deb1103456" useDigest: true pullPolicy: "IfNotPresent" From cdabcbb1108a47817dffd97dd78f9b7298b019c7 Mon Sep 17 00:00:00 2001 From: Marcel Zieba Date: Fri, 26 Apr 2024 09:04:22 +0000 Subject: [PATCH 12/12] ci: Increase timeout for images for l4lb test [ upstream commit 8cea46d58996f248df2a1c8f706b89dcb43048d5 ] Followup for #27706 Signed-off-by: Marcel Zieba Signed-off-by: Sebastian Wicki