https://github.com/cilium/cilium
- HEAD
- refs/heads/1.2.7-hotfix1-fqdn-regen
- refs/heads/EndpointPolicyEnformcement
- refs/heads/add_metrics_to_scale_test
- refs/heads/all-scalability-improvements
- refs/heads/beta/service-mesh
- refs/heads/bpf-metrics
- refs/heads/brb/brb-patch-2
- refs/heads/cilium-envoy-crd-pre-beta
- refs/heads/cilium-no-gopath
- refs/heads/cli-upgrade-v1.12-ci-test
- refs/heads/clustermesh511-upgrade-test
- refs/heads/committers-codeowners
- refs/heads/dev/joe/v1.8-with-hostfw-fixes
- refs/heads/encrypt-node-fixes
- refs/heads/encrypted-overlay-xfrm-policies
- refs/heads/ensure-macos-build-succeeds
- refs/heads/envoy-policy-precedence
- refs/heads/envoy-warnings-cleanup
- refs/heads/extension-mysql
- refs/heads/feature/cep-scalability
- refs/heads/feature/devices-and-addresses
- refs/heads/feature/devices-reconciliation-v1.16
- refs/heads/feature/main/svc-icmp-response
- refs/heads/feature/service-refactor
- refs/heads/feature/service-refactor-fresh
- refs/heads/feature/v1.11/beta-test
- refs/heads/feature/v1.11/k8s-ingress
- refs/heads/fix-error-wrapping-1.13
- refs/heads/fix-error-wrapping-1.14
- refs/heads/fix-error-wrapping-1.15
- refs/heads/fix-iphealth
- refs/heads/fqdn-fixl3-wildcard
- refs/heads/fristonio/iptables-manager-fix
- refs/heads/ft/main/chancez/push-dev-charts
- refs/heads/ft/main/push_chart_stable_branches_fix
- refs/heads/ft/main/test_push_chart_updates
- refs/heads/gce-example
- refs/heads/gh-readonly-queue/main/pr-27509-78a5f177693fb443cd946441f45826bf7fa2437a
- refs/heads/ginkgo-better-timeout
- refs/heads/graduation
- refs/heads/hf/main/ipam-pools-build-230605
- refs/heads/hf/master/v1.12-rc2-health-dbg-v1
- refs/heads/hf/master/wg-fix-ipam-k8s-v2
- refs/heads/hf/v1.10/cls-prio2
- refs/heads/hf/v1.10/debug-taint-removal
- refs/heads/hf/v1.10/v1.10.10-with-19452
- refs/heads/hf/v1.10/v1.10.2-fix-ipsec-ep-routes
- refs/heads/hf/v1.10/v1.10.5-with-identity-leak-fix
- refs/heads/hf/v1.10/v1.10.7-additional-logs
- refs/heads/hf/v1.10/v1.10.7-exclude-local
- refs/heads/hf/v1.10/v1.10.7-exclude-loopback
- refs/heads/hf/v1.10/v1.10.7-extra-logs
- refs/heads/hf/v1.10/v1.10.7-more-logs
- refs/heads/hf/v1.10/v1.10.8-deadlock-and-complexity-fix
- refs/heads/hf/v1.10/v1.10.8-deadlock-fix
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v3
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v4
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v5
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v6
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v7
- refs/heads/hf/v1.11/1.11.4-custom-taint
- refs/heads/hf/v1.11/19247-custom-taint-key
- refs/heads/hf/v1.11/dbg-svc-restore
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak-eni-attach-and-logging
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak-eni-attachment
- refs/heads/hf/v1.11/v1.11.3-with-19259
- refs/heads/hf/v1.11/v1.11.4-custom-taint
- refs/heads/hf/v1.11/v1.11.5-and-19247-eed5544
- refs/heads/hf/v1.11/xdp-multidev-v1
- refs/heads/hf/v1.11/xdp-multidev-v2-ipcache-fix
- refs/heads/hf/v1.12/next-net-v1
- refs/heads/hf/v1.12/v1.12.18-994
- refs/heads/hf/v1.12/v1.12.3-debug-k8s-heartbeat
- refs/heads/hf/v1.12/v1.12.3-debug-k8s-heartbeat-v2
- refs/heads/hf/v1.13/bpf-sock-l7-fix
- refs/heads/hf/v1.13/v1.13.2-with-24875
- refs/heads/hf/v1.13/v1.13.3-with-26242
- refs/heads/hf/v1.14/cidr-identity-refcnt-fix
- refs/heads/hf/v1.14/v1.14-with-27327
- refs/heads/hf/v1.7/v1.7.15-with-neighbor-fix
- refs/heads/hf/v1.7/v1.7.15-with-neighbor-fix-2
- refs/heads/hf/v1.8/v1.8.13-with-19452
- refs/heads/hf/v1.8/v1.8.6-eni-cidr-fix-1
- refs/heads/hf/v1.8/v1.8.6-eni-cidr-fix-15303
- refs/heads/hf/v1.8/v1.8.7-with-fqdn-underscore-fix
- refs/heads/hf/v1.8/v1.8.8-eni-cidr-fix-1
- refs/heads/hf/v1.8/v1.8.8-with-encrypt-fixes
- refs/heads/hf/v1.9/v1.9.8-azure-ipam-fix
- refs/heads/hf/v1.9/v1.9.9-azure-pod-egress-fix
- refs/heads/images/runtime/20210830
- refs/heads/ipc-demo
- refs/heads/ktls-tx-only
- refs/heads/ktls-tx-only-v2
- refs/heads/ktls-tx-rx
- refs/heads/ktls-tx-rx-v2
- refs/heads/ktls-tx-rx-v3
- refs/heads/ktls-tx-rx-v4
- refs/heads/ktls-tx-rx-v5
- refs/heads/ldelossa/feat/bgp-control-plane
- refs/heads/ldelossa/segment-makefiles
- refs/heads/ldelossa/segment-makefiles-v2
- refs/heads/ldelossa/srv6-encap-fib
- refs/heads/lizrice/pr/cli-confusion
- refs/heads/main
- refs/heads/marseel-modularize_scale_test
- refs/heads/marseel_scale_test_100_nodes
- refs/heads/multi-stack-dev-vm
- refs/heads/pr/1-9-ci-test
- refs/heads/pr/aanm-update-k8s-conformance
- refs/heads/pr/aanm/bisect
- refs/heads/pr/aanm/test-31027
- refs/heads/pr/add-controller-identity
- refs/heads/pr/aditighag/lrp-skip-lb
- refs/heads/pr/asauber/link-local-as-host
- refs/heads/pr/asauber/max-ifindex-metric
- refs/heads/pr/avoid-ct-for-dsr
- refs/heads/pr/backend-state
- refs/heads/pr/bbb-cpy
- refs/heads/pr/bimmlerd/modularize-bandwidth-manager
- refs/heads/pr/bimmlerd/v1.12-backport-quay-org-from-env
- refs/heads/pr/bounded-loops
- refs/heads/pr/bpf-based-masquerading
- refs/heads/pr/bpf-edt-proxy
- refs/heads/pr/brb/arping-nexthop
- refs/heads/pr/brb/arping-via-gw
- refs/heads/pr/brb/auto-multi-dev-v2
- refs/heads/pr/brb/backport-1.8.5-nat-gc
- refs/heads/pr/brb/bpf-host-routing-wg
- refs/heads/pr/brb/bpf-lxc-no-redirect
- refs/heads/pr/brb/bpf-masq-veth
- refs/heads/pr/brb/bpf-multihoming
- refs/heads/pr/brb/cgroup-v2-test
- refs/heads/pr/brb/check-errors-in-logs
- refs/heads/pr/brb/ci
- refs/heads/pr/brb/ci-1111
- refs/heads/pr/brb/ci-2
- refs/heads/pr/brb/ci-4.19
- refs/heads/pr/brb/ci-arping-flake
- refs/heads/pr/brb/ci-bigtcp
- refs/heads/pr/brb/ci-bpf-netdev-without-egress
- refs/heads/pr/brb/ci-cleanup-svc
- refs/heads/pr/brb/ci-dbg-conformance-kind
- refs/heads/pr/brb/ci-dbg-external
- refs/heads/pr/brb/ci-dbg-flake-from-outside
- refs/heads/pr/brb/ci-demo
- refs/heads/pr/brb/ci-disable-ces-for-egress-gw
- refs/heads/pr/brb/ci-dp-disable-bpf-host-routing
- refs/heads/pr/brb/ci-dp-hubble-flows
- refs/heads/pr/brb/ci-dp-more-diversity
- refs/heads/pr/brb/ci-dp-v1.13
- refs/heads/pr/brb/ci-dp-v6
- refs/heads/pr/brb/ci-dp-verifier
- refs/heads/pr/brb/ci-e2e-enable-debug-ipsec
- refs/heads/pr/brb/ci-e2e-helm-mode-v1.13
- refs/heads/pr/brb/ci-e2e-lvh-retry
- refs/heads/pr/brb/ci-e2e-more-nodes
- refs/heads/pr/brb/ci-e2e-new-cli
- refs/heads/pr/brb/ci-e2e-nft
- refs/heads/pr/brb/ci-e2e-unsafe
- refs/heads/pr/brb/ci-e2e-unsafe-v2
- refs/heads/pr/brb/ci-e2e-upgrade-tests
- refs/heads/pr/brb/ci-e2e-upgrade-tests-ipsec
- refs/heads/pr/brb/ci-eks-ipsec-upgrade
- refs/heads/pr/brb/ci-fix-ip-masq-dry-run
- refs/heads/pr/brb/ci-ipsec-upgrade-fix
- refs/heads/pr/brb/ci-ipsec-upgrade-missed-tail-calls
- refs/heads/pr/brb/ci-ipsec-upgrade-v1.13
- refs/heads/pr/brb/ci-ipsec-upgrade-vol2
- refs/heads/pr/brb/ci-keep-missed-tail-calls
- refs/heads/pr/brb/ci-l7-nodeport
- refs/heads/pr/brb/ci-lvh-4.19
- refs/heads/pr/brb/ci-lvh-5.4
- refs/heads/pr/brb/ci-lvh-5.4-v2
- refs/heads/pr/brb/ci-lvh-bpf-next
- refs/heads/pr/brb/ci-no-self-hosted
- refs/heads/pr/brb/ci-pass-kernel-env
- refs/heads/pr/brb/ci-prepull-l4lb
- refs/heads/pr/brb/ci-refactor-svc-suite
- refs/heads/pr/brb/ci-rm-smoke-tests
- refs/heads/pr/brb/ci-sanity
- refs/heads/pr/brb/ci-test
- refs/heads/pr/brb/ci-test-2
- refs/heads/pr/brb/ci-test-k8s-vsn-swap
- refs/heads/pr/brb/ci-test-large-runners
- refs/heads/pr/brb/ci-uffff
- refs/heads/pr/brb/ci-upgrade-vol-2
- refs/heads/pr/brb/ci-upgrade-vol-3
- refs/heads/pr/brb/cilium-host-v6-from-ipam
- refs/heads/pr/brb/cli-bump-test
- refs/heads/pr/brb/datapath-loop-dbg
- refs/heads/pr/brb/dbg-ci
- refs/heads/pr/brb/dbg-conformance-gke
- refs/heads/pr/brb/dbg-master-np-vxlan-ipcache-ci
- refs/heads/pr/brb/debug-nodeport-bpf-flake
- refs/heads/pr/brb/do-not-derive-pod-cidrs-from-dev
- refs/heads/pr/brb/do-not-query-dev-for-arping
- refs/heads/pr/brb/docs--wg-what-encrypted
- refs/heads/pr/brb/docs-clarify-egress-gw-ip-addr-dp
- refs/heads/pr/brb/drop-notify
- refs/heads/pr/brb/dsr
- refs/heads/pr/brb/dsr-v2
- refs/heads/pr/brb/dualstack-ci
- refs/heads/pr/brb/enable-ipv6-per-endpoint-routes
- refs/heads/pr/brb/fib-lookup-src
- refs/heads/pr/brb/fix-backend-id-u32
- refs/heads/pr/brb/fix-ci-dp-deprecation-warn
- refs/heads/pr/brb/fix-clang-vsn-regexp
- refs/heads/pr/brb/fix-egress-ip-16147
- refs/heads/pr/brb/fix-external-ip-dp
- refs/heads/pr/brb/fix-maglev-del
- refs/heads/pr/brb/fix-nodeport-hostnetns
- refs/heads/pr/brb/fix-np-redir-l3-to-tunnel
- refs/heads/pr/brb/fix-stale-dsr
- refs/heads/pr/brb/fix-svc-backend-selection
- refs/heads/pr/brb/fix-third-host
- refs/heads/pr/brb/gh-action-cgr
- refs/heads/pr/brb/gh-action-lvh
- refs/heads/pr/brb/gh-install-cli-backup
- refs/heads/pr/brb/ginkgo-kpr-strict
- refs/heads/pr/brb/ginkgo-rm-update-tests
- refs/heads/pr/brb/go-crazy
- refs/heads/pr/brb/hubble-tcp-ack-seq-no
- refs/heads/pr/brb/improve-svc-restore
- refs/heads/pr/brb/istio-getsockopt
- refs/heads/pr/brb/it-cannot-be-truth
- refs/heads/pr/brb/kpr-svc-mesh
- refs/heads/pr/brb/kubeproxy-free-ci
- refs/heads/pr/brb/l7-np-bpf
- refs/heads/pr/brb/l7-rerevert
- refs/heads/pr/brb/lets-be-friends-with-ipsec
- refs/heads/pr/brb/lvh-kind-127
- refs/heads/pr/brb/lvh-kind-ipsec-upgrade
- refs/heads/pr/brb/meyskens/auth-ep-gc-locks
- refs/heads/pr/brb/multi-network
- refs/heads/pr/brb/no-cache-snat
- refs/heads/pr/brb/no-rev-nat-bpf-lxc-ingress
- refs/heads/pr/brb/node-id-per-fam
- refs/heads/pr/brb/nodeport-xlr-flag
- refs/heads/pr/brb/perf-wg
- refs/heads/pr/brb/pin-lvh
- refs/heads/pr/brb/push-ci-charts
- refs/heads/pr/brb/pwru
- refs/heads/pr/brb/rm-arping-l2-addr-check
- refs/heads/pr/brb/rm-no-redirect
- refs/heads/pr/brb/rm-np-deadcode
- refs/heads/pr/brb/rm-partial-host-svc
- refs/heads/pr/brb/rm-test-gke
- refs/heads/pr/brb/test-bpf-masq
- refs/heads/pr/brb/test-ci-e2e
- refs/heads/pr/brb/test-ci-e2e-v1.13
- refs/heads/pr/brb/test-kind
- refs/heads/pr/brb/third-host-more-pain
- refs/heads/pr/brb/timing-l4lb-gh-action
- refs/heads/pr/brb/triage-flake-v2
- refs/heads/pr/brb/triage-lb-flake
- refs/heads/pr/brb/unquarantine-svc
- refs/heads/pr/brb/v1.10-istio-snat
- refs/heads/pr/brb/v1.12-ci-e2e
- refs/heads/pr/brb/v1.12-ci-ipsec-upgrade
- refs/heads/pr/brb/v1.12-test-ipsec-upgrade
- refs/heads/pr/brb/v1.13-ci-e2e
- refs/heads/pr/brb/v1.13-remote-np
- refs/heads/pr/brb/v1.13-upgrade-fixes
- refs/heads/pr/brb/v1.14-ci-e2e-upgrade
- refs/heads/pr/brb/v1.14-drop-notify
- refs/heads/pr/brb/v1.6.9-iptables-W
- refs/heads/pr/brb/v1.8-fix-icmp-port-check
- refs/heads/pr/brb/wg-encrypt-node-test
- refs/heads/pr/brb/wg-hack
- refs/heads/pr/brb/wg-ipam-fix
- refs/heads/pr/brb/wg-kpr
- refs/heads/pr/brb/wg-test
- refs/heads/pr/brb/wip
- refs/heads/pr/brb/wip-ci
- refs/heads/pr/brb/wip-sync-policy-map
- refs/heads/pr/brb/xdp-egress-gw
- refs/heads/pr/brb/xdp-multidev-with-bpf-multihoming
- refs/heads/pr/brb/xdp-multidev-with-bpf-multihoming-v2
- refs/heads/pr/brlbil/ci-remove-unsupported-k8s-version-1.13
- refs/heads/pr/bruno/sleepy-pawn
- refs/heads/pr/bugtool-systemd
- refs/heads/pr/bwm-base2
- refs/heads/pr/bwm-priority
- refs/heads/pr/chancez/add_hubble_l7_dashboard_prometheus_example
- refs/heads/pr/chancez/fix_websocket_l7_policies
- refs/heads/pr/chancez/flow_filter_namespace
- refs/heads/pr/chancez/hubble_cel
- refs/heads/pr/chancez/hubble_plus_plus
- refs/heads/pr/chancez/static_peers_hubble_relay
- refs/heads/pr/christarazi/controlplane-fqdn
- refs/heads/pr/christarazi/ipcache-async-cep-pods-namedports
- refs/heads/pr/christarazi/k8s-1.30
- refs/heads/pr/christarazi/prep-from-cidr-tests
- refs/heads/pr/datapath-opt
- refs/heads/pr/dbkm/nodeport-lb
- refs/heads/pr/debug-dns-timeout
- refs/heads/pr/eproutes-redir
- refs/heads/pr/example/neigh-state-manager
- refs/heads/pr/fastdp
- refs/heads/pr/fastdp2
- refs/heads/pr/fib-consolidation
- refs/heads/pr/fix-aks-workflow
- refs/heads/pr/fix-k8s-all-sha1
- refs/heads/pr/fix-pod-pacing
- refs/heads/pr/fix-tail-call-replace
- refs/heads/pr/fristonio/feat-19038
- refs/heads/pr/fristonio/fix-istio-k8sT
- refs/heads/pr/fristonio/ipv6-masquerading
- refs/heads/pr/fristonio/test-dual-stack
- refs/heads/pr/fristonio/test-ipv6-dualstack
- refs/heads/pr/gandro+brb/fix-monitor-aggregation-np-v2
- refs/heads/pr/gandro+brb/mv-trace-point-to-rev-nodeport
- refs/heads/pr/gandro+brb/wg-host-encryption-v3
- refs/heads/pr/gandro+brb/wg-host2host
- refs/heads/pr/gandro+brb/wg-host2host-kind
- refs/heads/pr/gandro/bump-hubble-2020-03-25
- refs/heads/pr/gandro/ci-conformance-multicluster-fix-log-gathering
- refs/heads/pr/gandro/ci-delete-crds-in-cleanupcomponents
- refs/heads/pr/gandro/ci-fix-status-if-workflows-are-skipped
- refs/heads/pr/gandro/ci-wait-for-all-relevant-images-do-not-merge-test
- refs/heads/pr/gandro/enable-hubble-by-default
- refs/heads/pr/gandro/portmap-refcount
- refs/heads/pr/gandro/re-enable-wireguard-in-multicluster-ci
- refs/heads/pr/gandro/svc-healthchecknodeport
- refs/heads/pr/gc-on-svc-update
- refs/heads/pr/getname-hooks
- refs/heads/pr/giorio94/1.14/test-cilium-cli-2184
- refs/heads/pr/giorio94/main/gha-cluster-name
- refs/heads/pr/giorio94/main/gha-clustermesh-endpointslice-sync
- refs/heads/pr/giorio94/main/gha-fully-qualified-dns
- refs/heads/pr/giorio94/main/test-cilium-cli-2184
- refs/heads/pr/giorio94/main/tests-clustermesh-upgrade-interrupted
- refs/heads/pr/gray/30837-with-pwru
- refs/heads/pr/gray/pwru-action
- refs/heads/pr/health-data-path
- refs/heads/pr/hubble-tls-cert-gen-via-k8s-job
- refs/heads/pr/ianvernon/kvstore-client-type
- refs/heads/pr/ianvernon/kvstore-context
- refs/heads/pr/ianvernon/more-endpoint-cleanup
- refs/heads/pr/ianvernon/resolve-cidr-policy-perf-improvement
- refs/heads/pr/increase-verifier-test-build-timeout
- refs/heads/pr/ipip
- refs/heads/pr/ipip-encap
- refs/heads/pr/ipip-encap2
- refs/heads/pr/ipip2
- refs/heads/pr/ipip4
- refs/heads/pr/ipip6
- refs/heads/pr/jibi/fix-differentiate-udp-tcp-svc-upgrade
- refs/heads/pr/jibi/ip-list-contains-addr
- refs/heads/pr/joamaki/gather-network-info
- refs/heads/pr/joamaki/idless-service-restapi
- refs/heads/pr/joe/ariane-scheduled-cilium-only
- refs/heads/pr/joe/backport-28007-1.11
- refs/heads/pr/joe/bump-ginkgo-seed
- refs/heads/pr/joe/docker-build-log-tracing
- refs/heads/pr/joe/ipcache-cidr-policy
- refs/heads/pr/joe/lost-identity
- refs/heads/pr/joe/sw-quay
- refs/heads/pr/joe/test-lvh-fix
- refs/heads/pr/joe/v1.13-stability-check
- refs/heads/pr/joe/v1.7-dev-env
- refs/heads/pr/jrajahalme/gh-filter-test-files
- refs/heads/pr/jrfastab/backport-ooo-ipsec-fixes
- refs/heads/pr/jrfastab/backport-v111-loopback
- refs/heads/pr/jrfastab/backport-v115
- refs/heads/pr/jrfastab/dbgNodeId
- refs/heads/pr/jrfastab/dbgNodeId111
- refs/heads/pr/jrfastab/dbgNodeId111v2
- refs/heads/pr/jrfastab/dbgv114
- refs/heads/pr/jrfastab/eks-encrypt-ipamupdate
- refs/heads/pr/jrfastab/fix-encrypt-subnets
- refs/heads/pr/jrfastab/fix-ixsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/fixes-ipsec-init
- refs/heads/pr/jrfastab/v1.8-fix-ipsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/v1.9-fix-ipsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/v111-debug-ooo
- refs/heads/pr/jrfastab/v111-debug-ooo-v2
- refs/heads/pr/jwi/main/ipsec-rhel8
- refs/heads/pr/jwi/main/test
- refs/heads/pr/jwi/v1.13/test
- refs/heads/pr/jwi/v1.14/test
- refs/heads/pr/jwi/v1.15/bpf-complexity
- refs/heads/pr/jwi/v1.15/test
- refs/heads/pr/k8s-nat46x64
- refs/heads/pr/k8s-nat46x64-2
- refs/heads/pr/kaworu/helm-hubble-cli.yaml
- refs/heads/pr/kkourt/azure-ipam-test-race
- refs/heads/pr/kkourt/bpftool-update
- refs/heads/pr/kkourt/ct-rst-timeout-wip
- refs/heads/pr/kkourt/v1.11-backport-2022-01-26
- refs/heads/pr/kkourt/v1.9-lxc-complexity
- refs/heads/pr/learnitall/add-pprofs-scale-tests
- refs/heads/pr/learnitall/ginkgo-race-workflow
- refs/heads/pr/marga/v1.11-without-deny-precedence
- refs/heads/pr/max/ci-clang-builder
- refs/heads/pr/max/llvm17-fixes-2
- refs/heads/pr/max/llvm17-fixes-3
- refs/heads/pr/max/upgrade-llvm-17-2
- refs/heads/pr/max/upgrade-llvm-17-3
- refs/heads/pr/max/upgrade-llvm-17-3-test
- refs/heads/pr/max/upgrade-llvm-17-3-test-alt
- refs/heads/pr/meyskens/renovate-gha
- refs/heads/pr/mhofstetter/guestbook-registry
- refs/heads/pr/mhofstetter/junit-fetch-nullglob
- refs/heads/pr/mhofstetter/ssh-store-consolelog
- refs/heads/pr/mhofstetter/test-ingress
- refs/heads/pr/michi/circular-struggle
- refs/heads/pr/michi/crdregister
- refs/heads/pr/michi/debug
- refs/heads/pr/michi/description
- refs/heads/pr/michi/dns-refactor12
- refs/heads/pr/michi/l7drop
- refs/heads/pr/michi/majestic-ketchup
- refs/heads/pr/michi/mega-ketchup
- refs/heads/pr/michi/peerapi
- refs/heads/pr/michi/sleep-on-it
- refs/heads/pr/michi/test
- refs/heads/pr/michi/weekly-bot
- refs/heads/pr/monitor-wait-ci
- refs/heads/pr/move-image-to-one-repo
- refs/heads/pr/nat-gw-tests
- refs/heads/pr/nathanjsweet/add-complex-allow-test-to-policy-map-tests
- refs/heads/pr/nathanjsweet/add-lockdown-mode-for-policy-map-overflows
- refs/heads/pr/nathanjsweet/add-packet-size-to-flow-structure
- refs/heads/pr/nathanjsweet/add-policy-port-range-mapping
- refs/heads/pr/nathanjsweet/backport-fix-fqdn-proxy-restore-check-to-1-13
- refs/heads/pr/nathanjsweet/backport-fix-fqdn-proxy-restore-check-to-1-14
- refs/heads/pr/nathanjsweet/backport-fix-fqdn-proxy-restore-check-to-1-15
- refs/heads/pr/nathanjsweet/differentiate-protocol-in-services
- refs/heads/pr/nathanjsweet/document-test-and-fix-descendants-bug
- refs/heads/pr/nathanjsweet/node-port-addresses
- refs/heads/pr/nathanjsweet/refactor-mapstate
- refs/heads/pr/nathanjsweet/update-k8s-control-plane-tests-to-1-27
- refs/heads/pr/nebril/add-dns-concurrency-limit
- refs/heads/pr/nebril/fix-precheck
- refs/heads/pr/nebril/fqdn-proxy-ha
- refs/heads/pr/nebril/fqdn-proxy-interface
- refs/heads/pr/nebril/gke-workflow-migrate-from-cli
- refs/heads/pr/nebril/quarantine-1.14-nodeport
- refs/heads/pr/nebril/test-bottlerocket
- refs/heads/pr/nebril/test-helm-gke-fix
- refs/heads/pr/nebril/test-our-ghaction-shenanigans
- refs/heads/pr/nebril/test-rebase-helm
- refs/heads/pr/nebril/trololo
- refs/heads/pr/nebril/update-cli-9.1-test
- refs/heads/pr/netkit
- refs/heads/pr/netns-switch
- refs/heads/pr/netns-switch-no-peer
- refs/heads/pr/nodeport-fix
- refs/heads/pr/nodeport-improvements2
- refs/heads/pr/nodeport-nat-improvements
- refs/heads/pr/nodeport-nat-improvements2
- refs/heads/pr/nodeport-retry-sport
- refs/heads/pr/pchaigno/deprecate-bpf_network-f
- refs/heads/pr/pchaigno/fix-4.19-bpf-program-size
- refs/heads/pr/pchaigno/hotfix1-ipsec-fix
- refs/heads/pr/pchaigno/hotfix1-ipsec-fix-brb-v0
- refs/heads/pr/pchaigno/ipsec-kpr
- refs/heads/pr/pchaigno/optim-complexity-ipcache-lookup
- refs/heads/pr/pchaigno/rework-config-probes
- refs/heads/pr/pchaigno/tmp-base-branch
- refs/heads/pr/pin-1.10-workflows-k8s-version
- refs/heads/pr/pin-1.11-workflows-k8s-version
- refs/heads/pr/pin-1.12-workflows-k8s-version
- refs/heads/pr/pin-1.13-workflows-k8s-version
- refs/heads/pr/pin-cloud-provider-master-workflows
- refs/heads/pr/pr/fix-ipam-node-manager-semaphore-error-handling
- refs/heads/pr/publish-test-images
- refs/heads/pr/qmonnet/docs-20230224
- refs/heads/pr/qmonnet/docs-bump
- refs/heads/pr/qmonnet/ipsec/no-missed-tail-call-1.13
- refs/heads/pr/qmonnet/ipsec/test-1.13
- refs/heads/pr/qmonnet/ipsec/test-1.14
- refs/heads/pr/qmonnet/ipsec/test-1.15
- refs/heads/pr/qmonnet/ipsec/test-main
- refs/heads/pr/qmonnet/standalone-lb-docs
- refs/heads/pr/qmonnet/sync-joblists
- refs/heads/pr/ray/late-dns-proxy
- refs/heads/pr/rgo3/1.12-run-no-unexpected-drops-for-patch
- refs/heads/pr/rgo3/fix-k8s-vm-provisioning-1.13
- refs/heads/pr/rolinh/better-policy-verdict
- refs/heads/pr/rolinh/hubble-dump-all
- refs/heads/pr/rolinh/hubble-fix-maxflows-rounding
- refs/heads/pr/rolinh/mitchellh
- refs/heads/pr/route-test
- refs/heads/pr/run-tests-in-parallel
- refs/heads/pr/scalability-crd-only
- refs/heads/pr/squeed/make-ccache
- refs/heads/pr/squeed/per-node-config
- refs/heads/pr/squeed/remote-cluster-leak
- refs/heads/pr/stacy/docs-update
- refs/heads/pr/tammach/ci-tunnel
- refs/heads/pr/tammach/cni-logging-improvement
- refs/heads/pr/tammach/envoy-1.28.2
- refs/heads/pr/tammach/fun-with-flake-xds
- refs/heads/pr/tammach/sync-up-gwapi
- refs/heads/pr/tc-np-test
- refs/heads/pr/test-419-ci
- refs/heads/pr/test-increase-update-delete-timeout
- refs/heads/pr/test-k8s-all-tests
- refs/heads/pr/test-lb-super-netperf
- refs/heads/pr/test-nightly
- refs/heads/pr/test-upstream-timeout
- refs/heads/pr/tgraf/chaos-testing
- refs/heads/pr/tgraf/clustermesh-stale-state
- refs/heads/pr/tgraf/eni-ipam
- refs/heads/pr/tgraf/new-endpoint-state
- refs/heads/pr/tgraf/new-policy
- refs/heads/pr/tgraf/remove-tunnel-map
- refs/heads/pr/tgraf/scoped-ipam
- refs/heads/pr/tgraf/sctp
- refs/heads/pr/tgraf/split-lxc-prog
- refs/heads/pr/thorn3r/clustermesh511
- refs/heads/pr/tklauser/labelsfilter-silence-logs
- refs/heads/pr/tklauser/rm-contexthelper
- refs/heads/pr/tklauser/rm-safe-rand
- refs/heads/pr/tommyp1ckles/debugging-aks-conformance
- refs/heads/pr/tp/add-logging-for-wait-for-pods-term-condition
- refs/heads/pr/tp/backport-31380
- refs/heads/pr/tp/bump-cilium-cli
- refs/heads/pr/tp/complexity-issue-verifier-case-main
- refs/heads/pr/tp/eps-modular-health
- refs/heads/pr/tp/fix-stuck-ginko-pod-v2
- refs/heads/pr/tp/forward-hubble-for-e2e
- refs/heads/pr/tp/forward-hubble-for-e2e-v2
- refs/heads/pr/tp/switch-1.24-eks-region
- refs/heads/pr/tp/switch-1.24-eks-region-v1.13
- refs/heads/pr/tp/use-helm-default-vars-for-clustermesh-downgrade-c1
- refs/heads/pr/tweak-github-action-ref
- refs/heads/pr/twpayne/hubble-recent-events-buffer
- refs/heads/pr/twpayne/hubble-ring-buffer-benchmarks
- refs/heads/pr/update-tm-network
- refs/heads/pr/v1.10-backport-2022-06-13
- refs/heads/pr/v1.10-backport-2022-10-03
- refs/heads/pr/v1.10-eni-stability-improvements-v1
- refs/heads/pr/v1.10-neigh-clean
- refs/heads/pr/v1.11-backport-2022-10-03
- refs/heads/pr/v1.11-test/issue-692
- refs/heads/pr/v1.12-backport-2023-10-10
- refs/heads/pr/v1.12-test/issue-692
- refs/heads/pr/v1.13-backport-2023-10-31
- refs/heads/pr/v1.13-test/issue-692
- refs/heads/pr/v1.14.1
- refs/heads/pr/v1.7-stability-test
- refs/heads/pr/v1.7.9-hf-13205
- refs/heads/pr/v3-cpu
- refs/heads/pr/v6-host-addr2
- refs/heads/pr/vk/azure/oidc
- refs/heads/pr/vk/doc/ipsec
- refs/heads/pr/vk/ipsec/key/rotate
- refs/heads/regex_improved
- refs/heads/renovate/main-all-dependencies
- refs/heads/renovate/main-all-go-deps-main
- refs/heads/renovate/main-patch-all-lvh-images-main
- refs/heads/renovate/main-patch-go
- refs/heads/renovate/v1.13-all-github-action
- refs/heads/renovate/v1.13-patch-stable-lvh-images
- refs/heads/renovate/v1.14-patch-stable-lvh-images
- refs/heads/renovate/v1.15-patch-stable-lvh-images
- refs/heads/revert-29086-2023-11-09-backport-1.14
- refs/heads/rib
- refs/heads/run-ci-wihout-building-cilium
- refs/heads/sh-dep-test-l4lb
- refs/heads/sidecar-http-proxy
- refs/heads/sockmap-v5
- refs/heads/sockops-build-fix
- refs/heads/tam/integration-tests
- refs/heads/tam/more-ingress-tests
- refs/heads/tam/proxy-tunnel
- refs/heads/tb/bpf-remove-bear
- refs/heads/test-branch
- refs/heads/test-ipsec
- refs/heads/test-sig-bgp-notifs
- refs/heads/test/brlbil/upload
- refs/heads/test/skip-workflows
- refs/heads/test_scale
- refs/heads/testing_envoy_default
- refs/heads/tgraf/process-policy
- refs/heads/tklauser+brb/wip/multi-homing
- refs/heads/unit-test-ipsec
- refs/heads/v0.10
- refs/heads/v0.11
- refs/heads/v0.12
- refs/heads/v0.13
- refs/heads/v0.8
- refs/heads/v0.9
- refs/heads/v1.0
- refs/heads/v1.0.0-rc2
- refs/heads/v1.0.0-rc3
- refs/heads/v1.1
- refs/heads/v1.10
- refs/heads/v1.11
- refs/heads/v1.12
- refs/heads/v1.12.11-base
- refs/heads/v1.13
- refs/heads/v1.14
- refs/heads/v1.15
- refs/heads/v1.2
- refs/heads/v1.3
- refs/heads/v1.3.1
- refs/heads/v1.3.1-release
- refs/heads/v1.3.7-release
- refs/heads/v1.4
- refs/heads/v1.4.5-release
- refs/heads/v1.5
- refs/heads/v1.5.2-rc1-with-clusterip-fix
- refs/heads/v1.5.4-release
- refs/heads/v1.6
- refs/heads/v1.7
- refs/heads/v1.7.9-1
- refs/heads/v1.7.9.1
- refs/heads/v1.8
- refs/heads/v1.9
- refs/heads/verify-external-workload-dns-setup-redux
- refs/heads/vladu/identity-type-metrics
- refs/heads/weavescope
- refs/heads/wip-ktls-tx-rx
- refs/heads/wip-sockmap
- refs/heads/wip-sockmap-v2
- refs/heads/wip-sockmap-v3
- refs/heads/wip-sockmap-v4
- refs/heads/xfrm-subnet-test
- refs/heads/yutaro/bgp-cplane-etp-local/doc
- refs/heads/yutaro/oss/eni-overlapping-mark
- refs/remotes/bruno/hf/v1.10/v1.10.3-bpf-snat-and-masq-fixes
- refs/remotes/joe/submit/quarantine-etcd
- refs/remotes/origin/1.2-backports-18-09-12
- refs/remotes/origin/ipvlan3
- refs/remotes/origin/pr/add-reserved-health
- refs/remotes/origin/pr/brb/nodeport-lb
- refs/remotes/origin/pr/ianvernon/5859
- refs/remotes/origin/pr/ianvernon/dynamic-ep-cfg
- refs/remotes/origin/pr/tgraf/kube-dns-fixed-identity
- refs/semaphoreci/6384f501b324813e55cfbe818c04a40f2a923765
- refs/semaphoreci/7f69b285bac8a1be414e8769799962ae1408d9e1
- refs/semaphoreci/b5eb6622da121ad36b8f375a084392f7feeec64a
- refs/semaphoreci/d9e7e28f39d34a7050a9c1cad2a26d84f5f4eff1
- refs/semaphoreci/f55ec535d85f387ef981265967fabb3c1b5f1ec6
- refs/tags/0.10.1
- refs/tags/1.1.1
- refs/tags/1.9.0-rc0
- refs/tags/v0.11
- refs/tags/v0.12.0
- refs/tags/v0.13.1
- refs/tags/v0.8.0
- refs/tags/v0.8.1
- refs/tags/v0.8.2
- refs/tags/v0.9.0
- refs/tags/v0.9.0-rc1
- refs/tags/v1.0.0-rc2
- Branches list truncated to 652 entries, 4 were omitted.
- v1.11.0-rc0
- v1.11.0
- v1.10.9
- v1.10.8
- v1.10.7
- v1.10.6
- v1.10.5
- v1.10.4
- v1.10.3
- v1.10.20
- v1.10.2
- v1.10.19
- v1.10.18
- v1.10.17
- v1.10.16
- v1.10.15
- v1.10.14
- v1.10.13
- v1.10.12
- v1.10.11
- v1.10.10
- v1.10.1
- v1.10.0-rc2
- v1.10.0-rc1
- v1.10.0-rc0
- v1.10.0
- v1.1.6
- v1.1.5
- v1.1.4
- v1.1.3
- v1.1.2
- v1.1.1
- v1.1.0-rc4
- v1.1.0-rc3
- v1.1.0-rc2
- v1.1.0-rc1
- v1.1.0-rc0
- v1.1.0
- v1.0.7
- v1.0.6
- v1.0.5
- v1.0.4
- v1.0.3
- v1.0.2
- v1.0.1
- v1.0.0-rc9
- v1.0.0-rc8
- v1.0.0-rc7
- v1.0.0-rc6
- v1.0.0-rc5
- v1.0.0-rc4
- v1.0.0-rc14
- v1.0.0-rc13
- v1.0.0-rc11
- v1.0.0-rc10
- v1.0.0-rc1
- v1.0.0
- v0.13.9
- v0.13.8
- v0.13.7
- v0.13.6
- v0.13.5
- v0.13.4
- v0.13.3
- v0.13.28
- v0.13.25
- v0.13.24
- v0.13.23
- v0.13.22
- v0.13.21
- v0.13.20
- v0.13.2
- v0.13.19
- v0.13.18
- v0.13.17
- v0.13.16
- v0.13.15
- v0.13.14
- v0.13.13
- v0.13.12
- v0.13.11
- v0.13.10
- v0.10.0
- 1.9.9
- 1.9.8
- 1.9.7
- 1.9.6
- 1.9.5
- 1.9.4
- 1.9.3
- 1.9.2
- 1.9.18
- 1.9.17
- 1.9.16
- 1.9.15
- 1.9.14
- 1.9.13
- 1.9.12
- 1.9.11
- 1.9.10
- 1.9.1
- 1.9.0-rc3
- 1.9.0-rc2
- 1.9.0-rc1
- 1.9.0
- 1.8.9
- 1.8.8
- 1.8.7
- 1.8.6
- 1.8.5
- 1.8.4
- 1.8.3
- 1.8.2
- 1.8.13
- 1.8.12
- 1.8.11
- 1.8.10
- 1.8.1
- 1.8.0-rc4
- 1.8.0-rc3
- 1.8.0-rc2
- 1.8.0-rc1
- 1.8.0
- 1.7.9
- 1.7.8
- 1.7.7
- 1.7.6
- 1.7.5
- 1.7.4
- 1.7.3
- 1.7.2
- 1.7.16
- 1.7.15
- 1.7.14
- 1.7.13
- 1.7.12
- 1.7.11
- 1.7.10
- 1.7.1
- 1.7.0-rc4
- 1.7.0-rc3
- 1.7.0
- 1.6.9
- 1.6.8
- 1.6.7
- 1.6.6
- 1.6.5
- 1.6.4
- 1.6.3
- 1.6.2
- 1.6.12
- 1.6.11
- 1.6.10
- 1.6.1
- 1.6.0
- 1.5.9
- 1.5.8
- 1.5.7
- 1.5.6
- 1.5.5
- 1.5.4
- 1.5.3
- 1.5.2
- 1.5.13
- 1.5.12
- 1.5.11
- 1.5.10
- 1.5.1
- 1.5.0-rc6
- 1.5.0-rc5
- 1.5.0-rc4
- 1.5.0-rc3
- 1.5.0-rc2
- 1.5.0
- 1.4.9
- 1.4.8
- 1.4.7
- 1.4.6
- 1.4.5
- 1.4.4
- 1.4.3
- 1.4.2
- 1.4.10
- 1.4.1
- 1.4.0-rc9
- 1.4.0-rc8
- 1.4.0-rc7
- 1.4.0-rc6
- 1.4.0-rc5
- 1.4.0-rc2
- 1.4.0
- 1.3.8
- 1.3.7
- 1.3.6
- 1.3.5
- 1.3.4
- 1.3.3
- 1.3.2
- 1.3.1
- 1.3.0-rc5
- 1.3.0-rc4
- 1.3.0
- 1.2.8
- 1.2.7
- 1.2.6
- 1.2.5
- 1.2.4
- 1.2.3
- 1.2.2
- 1.2.1
- 1.2.0-rc3
- 1.2.0-rc2
- 1.2.0-rc1
- 1.2.0
- 1.16.0-pre.1
- 1.16.0-pre.0
- 1.15.3
- 1.15.2
- 1.15.1
- 1.15.0-rc.1
- 1.15.0-rc.0
- 1.15.0-pre.3
- 1.15.0-pre.2
- 1.15.0-pre.1
- 1.15.0-pre.0
- 1.15.0
- 1.14.9
- 1.14.8
- 1.14.7
- 1.14.6
- 1.14.5
- 1.14.4
- 1.14.3
- 1.14.2
- 1.14.1
- 1.14.0-snapshot.4
- 1.14.0-snapshot.3
- 1.14.0-snapshot.2
- 1.14.0-snapshot.1
- 1.14.0-snapshot.0
- 1.14.0-rc.1
- 1.14.0-rc.0
- 1.14.0-pre.2
- 1.14.0
- 1.13.9
- 1.13.8
- 1.13.7
- 1.13.6
- 1.13.5
- 1.13.4
- 1.13.3
- 1.13.2
- 1.13.14
- 1.13.13
- 1.13.12
- 1.13.11
- 1.13.10
- 1.13.1
- 1.13.0-rc5
- 1.13.0-rc4
- 1.13.0-rc3
- 1.13.0-rc2
- 1.13.0-rc1
- 1.13.0-rc0
- 1.13.0
- 1.12.9
- 1.12.8
- 1.12.7
- 1.12.6
- 1.12.5
- 1.12.4
- 1.12.3
- 1.12.2
- 1.12.19
- 1.12.18
- 1.12.17
- 1.12.16
- 1.12.15
- 1.12.14
- 1.12.13
- 1.12.12
- 1.12.11
- 1.12.10
- 1.12.1
- 1.12.0-rc3
- 1.12.0-rc2
- 1.12.0-rc1
- 1.12.0-rc0
- 1.12.0
- 1.11.9
- 1.11.8
- 1.11.7
- 1.11.6
- 1.11.5
- 1.11.4
- 1.11.3
- 1.11.20
- 1.11.2
- 1.11.19
- 1.11.18
- 1.11.17
- 1.11.16
- 1.11.15
- 1.11.14
- 1.11.13
- 1.11.12
- 1.11.11
- 1.11.10
- 1.11.1
- 1.11.0-rc3
- 1.11.0-rc2
- 1.11.0-rc1
- 1.11.0-rc0
- 1.11.0
- 1.10.9
- 1.10.8
- 1.10.7
- 1.10.6
- 1.10.5
- 1.10.4
- 1.10.3
- 1.10.20
- 1.10.2
- 1.10.19
- 1.10.18
- 1.10.17
- 1.10.16
- 1.10.15
- 1.10.14
- 1.10.13
- 1.10.12
- 1.10.11
- 1.10.10
- 1.10.1
- 1.10.0-rc2
- 1.10.0-rc1
- 1.10.0-rc0
- 1.10.0
- 1.1.6
- 1.1.5
- 1.1.4
- 1.1.3
- 1.1.2
- 1.1.0
- 1.0.7
- 1.0.6
- 1.0.5
- 1.0.4
- Releases list truncated to 348 entries, 258 were omitted.
Take a new snapshot of a software origin
If the archived software origin currently browsed is not synchronized with its upstream version (for instance when new commits have been issued), you can explicitly request Software Heritage to take a new snapshot of it.
Use the form below to proceed. Once a request has been submitted and accepted, it will be processed as soon as possible. You can then check its processing state by visiting this dedicated page.![swh spinner](/static/img/swh-spinner.gif)
Processing "take a new snapshot" request ...
Permalinks
To reference or cite the objects present in the Software Heritage archive, permalinks based on SoftWare Hash IDentifiers (SWHIDs) must be used.
Select below a type of object currently browsed in order to display its associated SWHID and permalink.
Revision | Author | Date | Message | Commit Date |
---|---|---|---|---|
8788ff7 | Maciej Kwiek | 30 November 2020, 13:10:17 UTC | wip | 03 December 2020, 13:21:15 UTC |
8bf3ed8 | Paul Chaignon | 27 November 2020, 10:19:46 UTC | ci: Enable NFS for Runtime tests Signed-off-by: Paul Chaignon <paul@cilium.io> | 30 November 2020, 10:10:45 UTC |
a77842b | Paul Chaignon | 26 November 2020, 17:27:04 UTC | test: Avoid use of install with NFS Running the Runtime tests in CI with NFS enabled currently fails because 'install' reports a permission error when trying to change permissions of cilium.conf.ginkgo. This commit switches 'install' for 'chmod' which works fine. The reason for this error is that 'install' relies on the fsetxattr(2) system call to change the permissions and, as pointed by Quentin, there is no support for Extended File Attributes in NFS [1]. 'install' therefore fails whereas 'chmod', which relies on fchmodat(2) works fine. That bug wasn't found when running the Runtime test with NFS locally because, for local tests, a different implementation of RenderTemplateToFile() is used, one that does not rely on 'install'. 1 - https://tools.ietf.org/html/rfc8276 Signed-off-by: Paul Chaignon <paul@cilium.io> | 30 November 2020, 10:10:45 UTC |
81dc19b | Paul Chaignon | 23 November 2020, 19:01:16 UTC | bpf: Don't compile unused BPF sections When we load a BPF program in the kernel, tc loads the entire object file, meaning it attempts to load each BPF program found in the object file. In some cases (e.g., ICMPv6 code in bpf_xdp.o), we include BPF program as sections in the object file even though we never tail call to them. This commit fixes it by ensuring we only compile those sections if they are needed. This also fixes a failure to load bpf_xdp on 4.19 when compiled with our MAX_LB_OPTIONS options combination: ENABLE_IPV4 ENABLE_IPV6 ENABLE_HOST_SERVICES_TCP ENABLE_HOST_SERVICES_UDP ENABLE_IPSEC. Signed-off-by: Paul Chaignon <paul@cilium.io> | 30 November 2020, 10:10:23 UTC |
7e8cc0e | Tam Mach | 20 November 2020, 23:04:00 UTC | lint: Enforce unused linter This commit is to enforce unused linter to avoid similar issue in future. Signed-off-by: Tam Mach <sayboras@yahoo.com> | 30 November 2020, 10:07:32 UTC |
966071b | Tam Mach | 20 November 2020, 23:02:57 UTC | cleanup/unused: Remove un-used code in codebase This commit is to remove un-used methods and params in code base. Signed-off-by: Tam Mach <sayboras@yahoo.com> | 30 November 2020, 10:07:32 UTC |
fc4a476 | Maciej Kwiek | 26 November 2020, 12:37:40 UTC | ci: change manifest path for perf test These tests failed because default manifest path was wrong. Signed-off-by: Maciej Kwiek <maciej@isovalent.com> | 30 November 2020, 10:02:15 UTC |
89c0f08 | Daniel Borkmann | 18 November 2020, 15:46:58 UTC | bpf, cilium: add IPIP for DSR under XDP in LB-only mode Add a new agent flag for the lb-only load-balancer which is able to select a DSR dispatch method (--bpf-lb-dsr-dispatch). This is used in direct routing for forwarding the original request IPIP encapsulated (v4v4 or v6v6) to the related remote service backend. This is an alternative to the IP option based dispatch which is the current default in the agent. Example invocation: # ./daemon/cilium-agent --enable-ipv4=true --enable-ipv6=true \ --datapath-mode=lb-only --bpf-lb-algorithm=maglev \ --bpf-lb-maglev-table-size=65521 --bpf-lb-mode=dsr \ --bpf-lb-acceleration=native --bpf-lb-dsr-dispatch=ipip \ --devices=enp2s0np0 Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 27 November 2020, 23:43:50 UTC |
1fd0457 | Daniel Borkmann | 06 July 2020, 22:45:36 UTC | bpf: do not create CT entry for forwarding DSR services Not needed here given the reply won't ever be seen on this node, so spare this expensive fast-path overhead (which needs to lock the map) when under DSR. We really only need to track the CT_SERVICE ones to pick an established backend. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 27 November 2020, 23:43:50 UTC |
72d2848 | Tobias Klauser | 27 November 2020, 12:43:55 UTC | monitor, vendor: bump github.com/cilium/ebpf to v0.3.0 Release notes: https://github.com/cilium/ebpf/releases/tag/v0.3.0 Note that this removes MapABI and ProgramABI. The former is used in pkg/monitor. Replace its single use by the respective func now available directly for ebpf.Map. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 27 November 2020, 18:10:08 UTC |
fd88d18 | fankaixi.li | 26 November 2020, 02:08:59 UTC | daemon_main: fix comments error The option.Confog is replaced with option.Config. Signed-off-by: fankaixi.li <fankaixi.li@bytedance.com> | 27 November 2020, 18:08:03 UTC |
19a6011 | Deepesh Pathak | 25 November 2020, 10:10:31 UTC | test: use kubectl helper for cilium cleanup in upgrade tests Signed-off-by: Deepesh Pathak <deepshpathak@gmail.com> | 27 November 2020, 18:04:58 UTC |
8f20d3b | Jarno Rajahalme | 19 November 2020, 19:57:51 UTC | daemon: Postpone ipcache upserts until after policy changes have been regenerated by endpoints. Move ipcache CIDR upserts and releases to the policy reaction queue, where upserts can be executed after regenerations have been completed, i.e. after endpoint policy maps have been updated. This way IP addresses are mapped to newly allocated identities only after endpoint policy maps are ready to classify them. Correspondingly, on deletes the to-be-deleted CIDR identities are first deleted from ipcache so that when they are deleted from endpoint policy maps they are no longer used in classification. Releases of CIDR identities must still be serialized with ipcache upserts via the policy reaction queue so that they are executed in the same order w.r.t. ipcache upserts as policy deletes and adds. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 27 November 2020, 17:55:42 UTC |
60bd47f | Jarno Rajahalme | 19 November 2020, 17:49:11 UTC | fqdn: Delay ipcache upserts until policies have been updated Add a map for newly allocated identities to ipcache.AllocateCIDR functions that the caller can use to upsert the IPs to ipcache later, after affected endpoint policy maps have been updated. Use this new functionality on the DNS proxy code path, that makes sure that new policy map entries are in place before an IP received from a DNS server is placed in ipcache. This is really straightforward as the logic for waiting was already in place for delaying the forwarding of the DNS response. Policy update path is still allowing ipcache upserts at policy ingestion time rather than waiting for the policy maps to be updated. This means that new, more specific CIDRs (e.g., 10.0.0/24) in policies can still cause momentary drops on traffic currently using a less specific CIDR (e.g., 10.0/16). Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 27 November 2020, 17:55:42 UTC |
263421a | Maciej Kwiek | 26 November 2020, 16:22:12 UTC | test: quarantine flaking datapathconfig tests on 1.17 this change extends quarantine for k8s-all job to 1.17 k8s version, which will help us checking whether 1.18 job actually fails due to these flakes. Signed-off-by: Maciej Kwiek <maciej@isovalent.com> | 27 November 2020, 15:41:44 UTC |
885a319 | Martynas Pumputis | 25 November 2020, 14:11:10 UTC | daemon: Fix netns usage in kpr privileged unit tests Previously, the SetUpSuite() routine called netns.New(). It expected that the latter only creates a new netns without setting it. However, according to the docs it's not the case: package netns // import "github.com/vishvananda/netns" func New() (ns NsHandle, err error) New creates a new network namespace, sets it as current and returns a handle to it. This meant that we changed the netns before locking the OS thread which could result in other Go runtime threads running in the test netns. Fixes: b059c3185c ("daemon: Add unit tests for device detection") Signed-off-by: Martynas Pumputis <m@lambda.lt> | 27 November 2020, 14:42:45 UTC |
1eec075 | Alexandre Perrin | 27 November 2020, 10:13:36 UTC | docs: Add missing Jobs to the Jenkins Trigger Phrases table Signed-off-by: Alexandre Perrin <alex@kaworu.ch> | 27 November 2020, 14:32:07 UTC |
f380dd3 | Paul Chaignon | 26 November 2020, 14:49:55 UTC | test: Avoid installing Cilium for K8sBandwidth if tests are skipped The overall structure for test K8sBandwidth looks to have been extracted from K8sServices. It works fine but is more complex than necessary and leads to unintended behavior when tests are skipped. This commit simplifies the structure to have a single conditional Context (conditioned on net-next kernel) inside which the three It tests are run. Cilium was also installed with the bandwidth manager enabled *before* the conditional Context. That installation would therefore happen regardless of whether bandwidth tests should actually be skipped, sometimes even leading to flakes on 4.9 kernels [1]. Removing this initial installation of Cilium implies that the test pods are now deployed (once for all tests) before Cilium is installed. We therefore need to wait for the test pods, with a new helper waitForTestPods(), after each re-installation of Cilium. 1 - https://jenkins.cilium.io/job/Cilium-PR-Ginkgo-Tests-K8s/3740/testReport/junit/Suite-k8s-1/16/K8sBandwidthTest_Checks_Bandwidth_Rate_Limiting/ Signed-off-by: Paul Chaignon <paul@cilium.io> | 27 November 2020, 14:30:51 UTC |
ae069dc | Robin Hahling | 12 November 2020, 13:34:48 UTC | hubble/relay: implement observer.GetNodes rpc endpoint Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net> | 27 November 2020, 12:44:37 UTC |
f0a5ce9 | Robin Hahling | 12 November 2020, 10:26:34 UTC | api/observer: re-generate protobuf code + add stub The new generated code breaks implementations of observer server because they are missing the new GetNodes method. To ensure that every commit compiles on its own, add stubs to implementations of observer server. Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net> | 27 November 2020, 12:44:37 UTC |
95ff38b | Robin Hahling | 11 November 2020, 15:50:56 UTC | api/observer: add GetNodes rpc endpoint This endpoint is intended to be implemented by Hubble Relay to provide information about nodes and their status. Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net> | 27 November 2020, 12:44:37 UTC |
b614d18 | Robin Hahling | 10 November 2020, 21:13:05 UTC | hubble/relay: add version information to status command Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net> | 27 November 2020, 12:44:37 UTC |
b07b21a | Robin Hahling | 10 November 2020, 20:45:33 UTC | hubble/observer: add version information to status command Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net> | 27 November 2020, 12:44:37 UTC |
3f82e21 | Robin Hahling | 10 November 2020, 20:44:48 UTC | hubble: add build package to provide hubble server and relay version Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net> | 27 November 2020, 12:44:37 UTC |
b188534 | Robin Hahling | 10 November 2020, 15:27:11 UTC | api/observer: re-generate protobuf code Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net> | 27 November 2020, 12:44:37 UTC |
386964b | Robin Hahling | 11 November 2020, 15:45:41 UTC | api/observer: add version field to ServerStatusResponse Knowing about the running version is useful, notably during a cluster upgrade. Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net> | 27 November 2020, 12:44:37 UTC |
d50075d | Manuel Buil | 25 November 2020, 07:21:59 UTC | Complete kube-router documentation BUG: #14152 Kube-router fetches the CIDRs from Kubernetes and thus ipam: cluter-pool configuration does not really work well. This patch clarifies this in the kube-router documentation Signed-off-by: Manuel Buil <mbuil@suse.com> | 27 November 2020, 10:16:13 UTC |
1b29044 | Sebastian Wicki | 19 November 2020, 11:35:17 UTC | hubble/parser: Always preserve datapath numeric identity This introduces a check that we do not overwrite the numeric security identity provided by the datapath trace point. Only if the datapath did not provide an identity (i.e. in `FROM_LXC` trace points) do we want to fall back on the identity from the user-space ip cache or endpoint manager. The numeric identity from the datapath can differ from the one we obtain from user-space (e.g. the endpoint manager or the IP cache), because the identity could have changed between the time the datapath event was created and the time the event reaches the Hubble parser. To aid in troubleshooting, we want to preserve what the datapath observed when it made the policy decision. Signed-off-by: Sebastian Wicki <sebastian@isovalent.com> | 27 November 2020, 10:15:40 UTC |
acb2daa | Paul Chaignon | 11 November 2020, 10:52:50 UTC | test: Use NFS by default for test VMs The new K8sVerifier test compiles some Cilium binaries inside the VM, which can lead to 'interrupted system call' errors. Using NFS should fix it by speeding up the filesystem accesses. This commit switches the test VMs to use NFS by default, thereby enabling NFS in our CI. NFS remains disabled in the CI's Runtime tests because it leads to permission errors [1]. 1 - https://jenkins.cilium.io/job/Cilium-PR-Runtime-4.9/2739/consoleFull Signed-off-by: Paul Chaignon <paul@cilium.io> | 27 November 2020, 10:15:10 UTC |
9dc8130 | Vlad Ungureanu | 22 November 2020, 04:50:45 UTC | Consolidate ec2 client create call Signed-off-by: Vlad Ungureanu <vladu@palantir.com> | 27 November 2020, 10:14:29 UTC |
816b323 | Paul Chaignon | 25 November 2020, 11:50:02 UTC | vagrant: Bump all Vagrant box versions These new images include the updated, pre-pulled Docker images: https://github.com/cilium/packer-ci-build/pull/245 Signed-off-by: Paul Chaignon <paul@cilium.io> | 27 November 2020, 10:12:53 UTC |
6d0a431 | Paul Chaignon | 26 November 2020, 18:15:48 UTC | .travis: Run race detection builds on master commits only We had to temporarily subscribe to Travis CI because we consumed our 10000 free credits. Our current plan however only allows for two concurrent builds. With four builds per commit, we are constantly running behind, with Travis CI builds now taking longer to be scheduled than it takes our Jenkins tests to finish. Long gone are the days when we considered Travis CI a viable smoke test... This commit attempts to alleviate the issue by running our race detection builds only on master commits. Signed-off-by: Paul Chaignon <paul@cilium.io> | 27 November 2020, 10:12:21 UTC |
2a3e5d4 | Daniel Borkmann | 26 November 2020, 11:56:44 UTC | cilium: disable bind-protection in kube-proxy free probe mode The probe mode is expected to only run alongside kube-proxy as hybrid. There was confusion that the kube-proxy log was throwing (harmless) warnings to its log that it could not bind sockets to service ports in the hostns. This is due to Cilium performing bind protection right out of the bind(2) syscall with eBPF. To avoid this confusion, defer to kube-proxy to bind sockets instead. This is less efficient and consuming more resources, but if users want to avoid the overhead, they would run kube-proxy free in strict mode anyway where Cilium does the bind protection by default anyway. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 26 November 2020, 17:45:52 UTC |
05ac4ac | Didier Durand | 26 November 2020, 05:07:28 UTC | fixing 1 typo in terminology.rst Signed-off-by: Didier Durand <durand.didier@gmail.com> | 26 November 2020, 14:05:20 UTC |
97f3b48 | Tobias Klauser | 20 November 2020, 14:27:31 UTC | monitor: merge EndpointCreateNotification and EndpointDeleteNotification The types EndpointCreateNotification and EndpointDeleteNotification contain the same fields. Thus merge them in a single type named EndpointNotification which is used by func EndpointCreateMessage and EndpointDeleteMessage. Because the type is embedded into AgentNotifyMessage the consumer can still determine whether it was a create or delete event based on AgentNotifyMessage.Type. This change will simplify parsing of endpoint create/delete notifications when exposing agent events for Hubble. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 26 November 2020, 14:04:44 UTC |
e0e9415 | Tom Payne | 26 November 2020, 00:59:36 UTC | pkg/monitor/agent: Fix cilium typos Signed-off-by: Tom Payne <tom@isovalent.com> | 26 November 2020, 01:34:36 UTC |
3084181 | Tom Payne | 26 November 2020, 00:59:21 UTC | docs: Fix cilium typos Signed-off-by: Tom Payne <tom@isovalent.com> | 26 November 2020, 01:34:36 UTC |
e38fd96 | Joe Stringer | 25 November 2020, 08:08:07 UTC | helm: Fix description for clustermesh With the `disableEnvoyVersionCheck` option commented out and no subsequent comment for the `clustermesh` option, the autogeneration script was pulling the description for `disableEnvoyVersionCheck` in for `clustermesh`. Fix it by removing the dashes so no description is generated for this particular option. Signed-off-by: Joe Stringer <joe@cilium.io> | 25 November 2020, 21:28:15 UTC |
11e38d6 | Tam Mach | 20 November 2020, 11:01:26 UTC | fix/helm: Correct nodeSelector values This commit is to use the correct nodeSelectors in etc, operator and preflight templates. Add deprecated note for .Values.nodeSelector option. Closes #14005 Signed-off-by: Tam Mach <sayboras@yahoo.com> | 25 November 2020, 21:23:04 UTC |
679f913 | Joe Stringer | 20 November 2020, 05:34:27 UTC | kvstore: Fix event watcher serialization When using the watcher in log messages with JSON-based logging, logrus would give up on trying to generate the log message and print this to the logs instead: Failed to obtain reader, failed to marshal fields to JSON, json: unsupported type: kvstore.EventChan Fix it by fixing the JSON serialization tags to the structure to avoid serializing fields that don't make sense to be serialized, and to export the fields that do make sense to be serialized. Manually tested by applying this diff: diff --git a/pkg/kvstore/base_test.go b/pkg/kvstore/base_test.go index e9ee7da296bf..eb5a3548039b 100644 --- a/pkg/kvstore/base_test.go +++ b/pkg/kvstore/base_test.go @@ -292,3 +292,10 @@ func (s *BaseTests) TestListAndWatch(c *C) { w.Stop() } + +func (s *BaseTests) TestFoo(c *C) { + w := ListAndWatch(context.TODO(), "testWatcher2", "foo2/", 100) + c.Assert(c, Not(IsNil)) + + log.WithField(fieldWatcher, w).Fatal("Stopped watcher") +} diff --git a/pkg/logging/logging.go b/pkg/logging/logging.go index 9989e8db0280..6a651c0c87f4 100644 --- a/pkg/logging/logging.go +++ b/pkg/logging/logging.go @@ -50,7 +50,7 @@ const ( // DefaultLogFormat is the string representation of the default logrus.Formatter // we want to use (possible values: text or json) - DefaultLogFormat LogFormat = LogFormatText + DefaultLogFormat LogFormat = LogFormatJSON ) var ( Fixes: #14028 Signed-off-by: Joe Stringer <joe@cilium.io> | 25 November 2020, 18:32:28 UTC |
7570d08 | Paul Chaignon | 24 November 2020, 15:22:44 UTC | test: Quarantine flakes from k8s-all CI pipeline "Check vxlan connectivity with per-endpoint routes" and "Check iptables masquerading with random-fully" are currently failing on the kubernetes-all CI pipeline for most K8s versions. This commit quarantines those tests. The list of K8s versions to exclude was retrieved using the CI dashboard [1]. 1 - https://datastudio.google.com/s/iCx91Z2LNH8 Signed-off-by: Paul Chaignon <paul@cilium.io> | 25 November 2020, 16:44:14 UTC |
ff897f7 | Maciej Kwiek | 25 November 2020, 13:09:56 UTC | ci: fix nightly image hubble-perf-test docker repo no longer exists Signed-off-by: Maciej Kwiek <maciej@isovalent.com> | 25 November 2020, 15:38:34 UTC |
546b464 | Joe Stringer | 24 November 2020, 01:33:31 UTC | docs: Improve DNS port documentation Some users had expressed confusion when using non-standard ports in conjunction with DNS policy. Clarify that when there is a k8s service, the CoreDNS / kube-dns port must be the backend port. Signed-off-by: Joe Stringer <joe@cilium.io> | 25 November 2020, 14:59:58 UTC |
1eedfb3 | Joe Stringer | 24 November 2020, 03:28:51 UTC | Makefile: Remove microk8s prepull script The prepull script was a handy way to force microk8s to pull the new image into the container runtime, but we can also just directly pull it in from microk8s.ctr which simplifies the deployment and prevents issues where some kubernetes image pull problem prevents the image from being imported. Signed-off-by: Joe Stringer <joe@cilium.io> | 25 November 2020, 14:59:27 UTC |
dbc1c72 | Paul Chaignon | 16 November 2020, 17:13:07 UTC | test: Disable the host firewall in Maglev tests Support for the host firewall + Maglev is currently broken due to an excessive BPF program size. This commit explicitly disables the host firewall to avoid tests failing when running with label ci/host-firewall or with env. variable HOST_FIREWALL=1. Related: https://github.com/cilium/cilium/issues/14047 Signed-off-by: Paul Chaignon <paul@cilium.io> | 25 November 2020, 14:59:05 UTC |
759dd49 | Paul Chaignon | 16 November 2020, 10:02:00 UTC | test: Disable the host firewall in endpoint routes tests The host firewall cannot work in combination to per-endpoint routes yet. When opening a PR with label ci/host-firewall, the host firewall is enabled by default in all tests. It must be explicitly disabled in tests with per-endpoint routes to avoid those tests failing. Signed-off-by: Paul Chaignon <paul@cilium.io> | 25 November 2020, 14:59:05 UTC |
baf84ad | Joe Stringer | 24 November 2020, 01:56:37 UTC | bugtool: Add lsmod Module listings can allow figuring out the availability of certain functionality like iptables or aes modules which can be useful when debugging certain types of problems. Signed-off-by: Joe Stringer <joe@cilium.io> | 25 November 2020, 14:58:33 UTC |
76e0cfe | Tobias Klauser | 20 November 2020, 10:19:31 UTC | monitor/api: format agent start timestamp in RFC3339Nano format time.Time.String() may include a monotonic clock reading, e.g. when t is time.Now() which is e.g. the case for the agent start timestamp. The godoc for time.Time.String [1] states: If the time has a monotonic clock reading, the returned string includes a final field "m=±<value>", where value is the monotonic clock reading formatted as a decimal number of seconds. [1] https://golang.org/pkg/time/#Time.String The format including the monotonic clock reading is hard to decode because there is no predefined format string in the stdlib time package. Also, the monotonic clock reading isn't really useful for the agent start timestamp, the walltime clock should be enough. Thus, format the timestamp string in RFC3339Nano format which can easily be decoded using time.Parse(time.RFC3339Nano, t), e.g in the hubble API parser. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 25 November 2020, 14:56:45 UTC |
513ae0a | Tobias Klauser | 20 November 2020, 10:14:43 UTC | monitor/api: fix godoc comments Correct godoc comments for type AgentNotifyMessage and func StartMessage to state the proper name. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 25 November 2020, 14:56:45 UTC |
37a41da | Tobias Klauser | 20 November 2020, 10:14:25 UTC | hubble/observer/types: fix comment for AgentEvent.Message It might contain a monitorAPI.AgentNotifyMessage as emitted by the *Message constructor funcs. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 25 November 2020, 14:56:45 UTC |
f35478b | Maciej Kwiek | 24 November 2020, 12:05:00 UTC | ci: Add quarantine capabilities to k8s-all jenkinsfile Signed-off-by: Maciej Kwiek <maciej@isovalent.com> | 25 November 2020, 13:35:07 UTC |
8470528 | Paul Chaignon | 25 November 2020, 07:47:17 UTC | test: Disable K8sVerifier on 4.19 and net-next CI pipelines K8sVerifier was mistakenly enabled on 4.19 and net-next in eeecf15 ("test: Collect bpf_*.o artifacts on K8sVerifier failures"). This commit reverts it. Fixes: eeecf15 ("test: Collect bpf_*.o artifacts on K8sVerifier failures") Signed-off-by: Paul Chaignon <paul@cilium.io> | 25 November 2020, 10:53:15 UTC |
8704e85 | Jarno Rajahalme | 24 November 2020, 19:19:09 UTC | endpoint: Update lock requirement comments Endpoint's Mutex has been renamed as 'mutex'. Update comments to reflect this and also the lock level requirement (Lock for writing, RLock for reading). Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 24 November 2020, 19:30:47 UTC |
baeb61f | Martynas Pumputis | 18 November 2020, 16:42:20 UTC | endpoint: Add DebugPolicy option Add endpoint DebugPolicy option that, if enabled, logs endpoint policy map update details to /var/run/cilium/state/endpoint-policy.log. The new DebugPolicy option is enabled if the new flag --debug-verbose=policy is set, but can be enabled also independently via: cilium endpoint config <EPID> DebugPolicy=true Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 24 November 2020, 19:30:47 UTC |
a3d1f02 | Quentin Monnet | 23 November 2020, 17:26:44 UTC | checkpatch: update image tag to latest Update the tag for the checkpatch image in order to benefit from the latest changes when running the GitHub actions: The latest image suppresses reports for FILE_PATH_CHANGES to avoid checkpatch to complain when files are added or moved under bpf/ directory. See discussion at https://github.com/cilium/cilium/pull/14088#issuecomment-731035505 Signed-off-by: Quentin Monnet <quentin@isovalent.com> | 24 November 2020, 18:11:59 UTC |
eeecf15 | Paul Chaignon | 11 November 2020, 14:51:49 UTC | test: Collect bpf_*.o artifacts on K8sVerifier failures Signed-off-by: Paul Chaignon <paul@cilium.io> | 24 November 2020, 18:11:20 UTC |
40eba60 | Paul Chaignon | 11 November 2020, 14:51:30 UTC | test: Define workdir for test-verifier pod Signed-off-by: Paul Chaignon <paul@cilium.io> | 24 November 2020, 18:11:20 UTC |
ab2fee8 | Gilberto Bertin | 23 November 2020, 12:25:42 UTC | docs: clarify janitor duties Signed-off-by: Gilberto Bertin <gilberto@isovalent.com> | 24 November 2020, 18:09:37 UTC |
bc48d14 | Paul Chaignon | 16 July 2020, 09:35:12 UTC | bpf/lb: Skip service handling for ICMP packets In case of ICMP{,v6}, a service lookup is performed with a 0 port. No service mapping is found for that port, but it can still lead to unnecessary map lookups and code execution. To avoid that, we can instead return DROP_NO_SERVICE for ICMP{,v6} packets and skip all service handling for that return code. Signed-off-by: Paul Chaignon <paul@cilium.io> | 24 November 2020, 18:09:04 UTC |
625f82d | Ilya Dmitrichenko | 23 November 2020, 17:21:15 UTC | helm: fix and improve `extraHostPathMounts` for agent and operator - fix reference for host-side path, use `hostPath` instead of `mountPath` - add `type` Fixes: #14132 Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com> | 24 November 2020, 15:19:31 UTC |
6b14c73 | Maciej Kwiek | 23 November 2020, 15:49:16 UTC | ci: Check gke cluster state before selecting it This change adds a check that confirms that GKE cluster is in running state, which prevents build from failing when apiserver is already up, but cluster is still being provisioned. Signed-off-by: Maciej Kwiek <maciej@isovalent.com> | 24 November 2020, 12:01:57 UTC |
5a089ae | Joe Stringer | 23 November 2020, 20:40:05 UTC | endpoint: Fix typo in CT clean logic This is a purely cosmetic change. The IPs of the endpoint will only be scrubbed if the CT map already exists, but the variable was named 'created' which is misleading (the opposite meaning). Signed-off-by: Joe Stringer <joe@cilium.io> | 23 November 2020, 21:27:43 UTC |
f665152 | Paul Chaignon | 19 November 2020, 14:15:06 UTC | test: Use stable tags instead of :latest We use the latest tag for several of the Docker images in tests. That has two drawbacks: (1) unless imagePullPolicy is specified, we always attempts to pull the image and (2) we will start using new latest images as soon as they are available, which can cause our tests to flake. This commit avoids such use of latest to prefer an equivalent stable tag. When a stable tag did not already exist, 1.0 was created. When a source code repository existed for the image, a 1.0 GitHub release was created. When the source code wasn't available, the 1.0 image tag is simply a copy of current latest tag. Signed-off-by: Paul Chaignon <paul@cilium.io> | 23 November 2020, 12:30:20 UTC |
0d578a8 | Chris Tarazi | 20 November 2020, 22:31:23 UTC | docs: Clarify best methods to limit sysdump This commit clarifies the cilium-sysdump methods of limiting the size of the sysdump to ensure the user is aware of the most effective approach. Signed-off-by: Chris Tarazi <chris@isovalent.com> | 23 November 2020, 09:52:31 UTC |
3631267 | Chris Tarazi | 20 November 2020, 22:23:48 UTC | docs: Update docs for --since arg for sysdumps Now that https://github.com/cilium/cilium-sysdump/pull/96 has been merged, we no longer have a 30m default for --since. Instead, cilium-sysdump will no longer have time-based default limits; it will default to collecting the entire history. Signed-off-by: Chris Tarazi <chris@isovalent.com> | 23 November 2020, 09:52:31 UTC |
0611e22 | Chris Tarazi | 20 November 2020, 22:22:58 UTC | docs: Document --size-limit from cilium-sysdump Signed-off-by: Chris Tarazi <chris@isovalent.com> | 23 November 2020, 09:52:31 UTC |
00bc0c0 | Aditi Ghag | 20 November 2020, 18:20:17 UTC | docs: Update testing docs with instruction to run specific tests Signed-off-by: Aditi Ghag <aditi@cilium.io> | 23 November 2020, 09:45:52 UTC |
f3eacfb | Joe Stringer | 18 November 2020, 01:35:29 UTC | .github: Add nilness to GHA checks Suggested-by: Tam Mach <sayboras@yahoo.com> Signed-off-by: Joe Stringer <joe@cilium.io> | 23 November 2020, 09:18:17 UTC |
2282e3f | Joe Stringer | 18 November 2020, 00:31:06 UTC | certmanager: Report errors when local read fails nilness complains that the local secret error is hidden: pkg/crypto/certificatemanager/certificate_manager.go:81:33: impossible condition: nil != nil Fix it by unhiding the outer ioErr variable. CC: Jarno Rajahalme <jarno@covalent.io> Fixes: cabf83c70b4c ("crypto: Add local GetSecrets().") Signed-off-by: Joe Stringer <joe@cilium.io> | 23 November 2020, 09:18:17 UTC |
2e06e25 | Joe Stringer | 18 November 2020, 00:26:12 UTC | k8s: Fix version validation function nilness reports: # github.com/cilium/cilium/pkg/k8s/version pkg/k8s/version/version.go:278:9: impossible condition: nil != nil Fix it by reusing the outer err variable. CC: Deepesh Pathak <deepshpathak@gmail.com> Fixes: fb101dfc04dd ("k8s: add coordinationv1 capability check to k8s version package") Signed-off-by: Joe Stringer <joe@cilium.io> | 23 November 2020, 09:18:17 UTC |
ad865cd | Joe Stringer | 20 November 2020, 19:29:26 UTC | helm: Link logo via CDN based on git branch Signed-off-by: Joe Stringer <joe@cilium.io> | 21 November 2020, 01:31:56 UTC |
e363b4a | Joe Stringer | 20 November 2020, 01:42:38 UTC | helm: Fix documentation URL for v1.10 v1.10 will need more than the first 3 digits of the version semver, it will need the full $major.$minor. Fix this up. Signed-off-by: Joe Stringer <joe@cilium.io> | 21 November 2020, 01:31:56 UTC |
cb98323 | Joe Stringer | 19 November 2020, 02:47:58 UTC | helm: Add artifacthub CRD annotations. Artifact Hub suggests that if we add such annotations to our charts, then they will show up in the Artifact Hub UI somewhere: https://artifacthub.io/docs/topics/annotations/helm/ Signed-off-by: Joe Stringer <joe@cilium.io> | 21 November 2020, 01:31:56 UTC |
25f45b5 | Joe Stringer | 19 November 2020, 02:08:47 UTC | helm: Remove wellKnownIdentities This option was too specific and doesn't make sense to expose as a user-visible flag in the helm charts. Remove it. Signed-off-by: Joe Stringer <joe@cilium.io> | 21 November 2020, 01:31:56 UTC |
e2b3707 | Joe Stringer | 19 November 2020, 02:06:28 UTC | helm: Remove 'kvstore' option. This was not referenced anywhere else, remove it. Signed-off-by: Joe Stringer <joe@cilium.io> | 21 November 2020, 01:31:56 UTC |
3f0b81a | Joe Stringer | 19 November 2020, 04:56:46 UTC | helm: Fix autogeneration of helm value descriptions These mostly needed '--' at the start for the helm-docs container to pick up the descriptions and render them into the README.md. While we're at it, Remove stuttering via the old go style of typing the variable at the start of the sentence, use full sentences, and remove any comments that were named exactly the same as the variable. Signed-off-by: Joe Stringer <joe@cilium.io> | 21 November 2020, 01:31:56 UTC |
476133a | Joe Stringer | 19 November 2020, 01:16:48 UTC | helm: Improve Cilium helm charts Expand the charts to include other common fields so that external systems can pull & use icons, tags, k8s version support, etc. Furthermore, flesh out the readme so it renders better. While we're at it, add an SVG without the cilium word so that it's more likely to render correctly in a square on external sites. Signed-off-by: Joe Stringer <joe@cilium.io> | 21 November 2020, 01:31:56 UTC |
b8a9c79 | Joe Stringer | 19 November 2020, 02:32:15 UTC | helm: Add LICENSE to charts This should allow external sites to better represent Cilium in artifacts generated from the Helm charts. Signed-off-by: Joe Stringer <joe@cilium.io> | 21 November 2020, 01:31:56 UTC |
5a12dfc | Chris Tarazi | 09 November 2020, 19:07:15 UTC | ipam: Remove unnecessary deep copies As a followup from https://github.com/cilium/cilium/pull/13865, this commit removes the unnecessary deep copies and reduces the number of return values. Instead, the copies are replaced by directly dereferencing the pointers, which also takes care of reducing the number of return values as the args are updated directly. Signed-off-by: Chris Tarazi <chris@isovalent.com> | 20 November 2020, 20:06:21 UTC |
9d3bf0e | Deepesh Pathak | 17 November 2020, 20:37:51 UTC | kvstore: add tests for etcd kvstore ratelimiter Signed-off-by: Deepesh Pathak <deepshpathak@gmail.com> | 20 November 2020, 12:37:53 UTC |
948dfcf | Deepesh Pathak | 17 November 2020, 20:37:22 UTC | kvstore: fix ratelimiting for DeleteIfLocked backend operation Signed-off-by: Deepesh Pathak <deepshpathak@gmail.com> | 20 November 2020, 12:37:53 UTC |
c0b6841 | Aditi Ghag | 19 November 2020, 17:08:06 UTC | agent: Make intent of signaling channels clear and optimize memory When channels are used merely for signalling purposes, use an empty struct as the channel type since the value of the channel is never read. Also, this can help with memory optimizations since the empty struct occupies 0 bytes of storage. Signed-off-by: Aditi Ghag <aditi@cilium.io> | 20 November 2020, 10:20:40 UTC |
4857e44 | Aditi Ghag | 19 November 2020, 16:58:17 UTC | cleanup: Removed the unused function and channel Suggested-by: Tobias Klauser <tklauser@distanz.ch> Suggested-by: Sebastian Wicki <sebastian@isovalent.com> Signed-off-by: Aditi Ghag <aditi@cilium.io> | 20 November 2020, 10:20:40 UTC |
5495005 | Joe Stringer | 18 November 2020, 19:38:07 UTC | docs: Improve visibility limitations docs Signed-off-by: Joe Stringer <joe@cilium.io> | 20 November 2020, 10:12:35 UTC |
040d79d | Paul Chaignon | 18 November 2020, 21:29:09 UTC | CODEOWNERS: Split codeowners for the documentation With recent changes to the review process, @cilium/docs was renamed to @cilium/docs-structure to clarify that reviews from that team should focus on the documentation's structure rather than its technical content. Of course, we still need reviews for the technical content. So the next step, implemented in this commit, is to assign each of the different reviewer team their own pages in the documentation. Signed-off-by: Paul Chaignon <paul@cilium.io> | 20 November 2020, 10:08:46 UTC |
ddb2423 | Joe Stringer | 20 November 2020, 06:12:26 UTC | install: Disable operator HA for quick/experimental installs Users who have HA as a requirement can deploy more explicitly via helm and specify the number of replicas they require (--set operator.replicas). Set the default to 1 for the quick installs for trying Cilium out. Fixes: #14089 Signed-off-by: Joe Stringer <joe@cilium.io> | 20 November 2020, 09:04:59 UTC |
b052272 | Chris Tarazi | 19 November 2020, 23:24:16 UTC | daemon: Disable parts of Cilium API in LB mode The reason for this commit is to avoid exposing an API for entities that do not exist in LB-only mode such as endpoints and identity. Otherwise, the logs will get polluted with useless messages such as: ``` level=info msg="Delete endpoint request" id="container-id:905e9520571d56b77fb01c8ab01f4f306092f2b6234fa8c5b7538dcfa0a03d11" subsys=daemon level=info msg="API call has been processed" error="endpoint not found" name=endpoint-delete processingDuration="12.37µs" subsys=rate totalDuration="68.216µs" uuid=34c79b54-298f-11eb-969d-0cc47a03f925 waitDurationTotal="41.669µs" level=info msg="Processing API request with rate limiter" name=endpoint-delete parallelRequests=4 subsys=rate uuid=34d60724-298f-11eb-969d-0cc47a03f925 level=info msg="API request released by rate limiter" name=endpoint-delete parallelRequests=4 subsys=rate uuid=34d60724-298f-11eb-969d-0cc47a03f925 waitDurationTotal="39.987µs" ``` Fixes: https://github.com/cilium/cilium/issues/14086 Signed-off-by: Chris Tarazi <chris@isovalent.com> | 20 November 2020, 07:50:06 UTC |
589bfe9 | Vigneshwaren Sunder | 19 November 2020, 12:35:07 UTC | Update README with jsdelivr for Images Signed-off-by: Vigneshwaren Sunder <vickymailed@gmail.com> | 20 November 2020, 00:51:24 UTC |
57784e3 | ArthurChiao | 18 November 2020, 07:59:25 UTC | metrics: add cilium_datapath_nat_gc_entries Signed-off-by: ArthurChiao <arthurchiao@hotmail.com> | 19 November 2020, 22:50:37 UTC |
e4bf8ca | ArthurChiao | 19 November 2020, 03:54:26 UTC | metrics: replace replicated "direction" strings with LabelDirection constant Signed-off-by: ArthurChiao <arthurchiao@hotmail.com> | 19 November 2020, 22:50:37 UTC |
d43d79d | Tom Payne | 19 November 2020, 16:03:08 UTC | pkg/hubble/filters: Remove unnecessary escape Signed-off-by: Tom Payne <tom@isovalent.com> | 19 November 2020, 22:49:27 UTC |
bbd156a | Tom Payne | 18 November 2020, 17:36:28 UTC | pkg/hubble/filters: Allow underscores in FQDN and node name patterns Signed-off-by: Tom Payne <tom@isovalent.com> | 19 November 2020, 22:49:27 UTC |
cb9f9eb | Tom Payne | 16 November 2020, 14:53:08 UTC | pkg/hubble: Add NodeNameFilter Signed-off-by: Tom Payne <tom@isovalent.com> | 19 November 2020, 22:49:27 UTC |
46d979b | Tom Payne | 09 November 2020, 10:37:30 UTC | api/v1/flow: Add node_name field to FlowFilter Signed-off-by: Tom Payne <tom@isovalent.com> | 19 November 2020, 22:49:27 UTC |
b32d8ff | Tom Payne | 09 November 2020, 10:10:18 UTC | pkg/hubble/filters: Make FQDN filter patterns more robust This commit fixes the following problems in the FQDN pattern compiler: * Only a single trailing dot was stripped. It also refactors the code to make FQDN patterns useable elsewhere and compiles multiple patterns to a single regular expression. Signed-off-by: Tom Payne <tom@isovalent.com> | 19 November 2020, 22:49:27 UTC |
8835bfa | Kornilios Kourtis | 16 November 2020, 22:09:12 UTC | test/Makefile: fix registryCredentials typo Signed-off-by: Kornilios Kourtis <kornilios@isovalent.com> | 19 November 2020, 19:23:51 UTC |
c5ed9ae | Martynas Pumputis | 17 November 2020, 13:10:45 UTC | node: Add unit test for node arpinging The unit test checks whether permanent arp entries for a remote node are properly handled, i.e. added upon node update and removed upon node removal. Signed-off-by: Martynas Pumputis <m@lambda.lt> | 19 November 2020, 16:05:21 UTC |
c6198b1 | Martynas Pumputis | 30 October 2020, 14:30:10 UTC | node: Clean up insertNeighbor() logging * Add missing logfields * Inline neighborLog and get rid of debug statement * Convert the code to be more idiomatic Signed-off-by: Martynas Pumputis <m@lambda.lt> | 19 November 2020, 16:05:21 UTC |
e3d019d | Paul Chaignon | 18 November 2020, 21:12:24 UTC | test: Don't wait for network to schedule test-verifier The test-verifier pod needs to run when Cilium is uninstall and therefore shouldn't wait for the network to be ready to be scheduled to a node. Fixes: 417cded ("test: Move RuntimeVerifier to K8sVerifier") Signed-off-by: Paul Chaignon <paul@cilium.io> | 19 November 2020, 16:00:43 UTC |
7b041c2 | Rahul Jadhav | 31 October 2020, 02:22:45 UTC | hubble/filters: filter hubble observe TCP flow packets by TCP flags Allows setting filter parameters based on TCP flags. Hubble observe allows one to filter based on several L4/L7 protocols, TCP been one. However, on applying a TCP filter the amount of output from observe is overwhelming since TCP packets are too frequent. This commit allows one to use TCP flags to filter the observed output. This patch allows one to filter TCP flow packets using TCP flags such as SYN, ACK, FIN, RST, URG, CWR, NS, ECE, PSH. ```release-note TCP flags based filter for hubble. ``` Fixes: #12827 Signed-off-by: Rahul Jadhav <nyrahul@gmail.com> | 19 November 2020, 13:53:21 UTC |