https://github.com/cilium/cilium
- HEAD
- refs/heads/1.2.7-hotfix1-fqdn-regen
- refs/heads/EndpointPolicyEnformcement
- refs/heads/all-scalability-improvements
- refs/heads/beta/service-mesh
- refs/heads/bpf-metrics
- refs/heads/brb/brb-patch-2
- refs/heads/cilium-envoy-crd-pre-beta
- refs/heads/cilium-no-gopath
- refs/heads/cli-upgrade-v1.12-ci-test
- refs/heads/clustermesh511-upgrade-test
- refs/heads/committers-codeowners
- refs/heads/debug
- refs/heads/dev/joe/v1.8-with-hostfw-fixes
- refs/heads/enable_cnp_latency
- refs/heads/encrypt-node-fixes
- refs/heads/ensure-macos-build-succeeds
- refs/heads/envoy-policy-precedence
- refs/heads/envoy-warnings-cleanup
- refs/heads/extension-mysql
- refs/heads/feature/cep-scalability
- refs/heads/feature/devices-and-addresses
- refs/heads/feature/devices-reconciliation-v1.16
- refs/heads/feature/main/svc-icmp-response
- refs/heads/feature/service-refactor
- refs/heads/feature/service-refactor-fresh
- refs/heads/feature/v1.11/beta-test
- refs/heads/feature/v1.11/k8s-ingress
- refs/heads/fix-iphealth
- refs/heads/fqdn-fixl3-wildcard
- refs/heads/fristonio/iptables-manager-fix
- refs/heads/ft/main/chancez/push-dev-charts
- refs/heads/ft/main/push_chart_stable_branches_fix
- refs/heads/ft/main/test_push_chart_updates
- refs/heads/gce-example
- refs/heads/gh-readonly-queue/main/pr-27509-78a5f177693fb443cd946441f45826bf7fa2437a
- refs/heads/ginkgo-better-timeout
- refs/heads/graduation
- refs/heads/hf/main/ipam-pools-build-230605
- refs/heads/hf/master/v1.12-rc2-health-dbg-v1
- refs/heads/hf/master/wg-fix-ipam-k8s-v2
- refs/heads/hf/v1.10/cls-prio2
- refs/heads/hf/v1.10/debug-taint-removal
- refs/heads/hf/v1.10/v1.10.10-with-19452
- refs/heads/hf/v1.10/v1.10.2-fix-ipsec-ep-routes
- refs/heads/hf/v1.10/v1.10.5-with-identity-leak-fix
- refs/heads/hf/v1.10/v1.10.7-additional-logs
- refs/heads/hf/v1.10/v1.10.7-exclude-local
- refs/heads/hf/v1.10/v1.10.7-exclude-loopback
- refs/heads/hf/v1.10/v1.10.7-extra-logs
- refs/heads/hf/v1.10/v1.10.7-more-logs
- refs/heads/hf/v1.10/v1.10.8-deadlock-and-complexity-fix
- refs/heads/hf/v1.10/v1.10.8-deadlock-fix
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v3
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v4
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v5
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v6
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v7
- refs/heads/hf/v1.11/1.11.4-custom-taint
- refs/heads/hf/v1.11/19247-custom-taint-key
- refs/heads/hf/v1.11/dbg-svc-restore
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak-eni-attach-and-logging
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak-eni-attachment
- refs/heads/hf/v1.11/v1.11.3-with-19259
- refs/heads/hf/v1.11/v1.11.4-custom-taint
- refs/heads/hf/v1.11/v1.11.5-and-19247-eed5544
- refs/heads/hf/v1.11/xdp-multidev-v1
- refs/heads/hf/v1.11/xdp-multidev-v2-ipcache-fix
- refs/heads/hf/v1.12/next-net-v1
- refs/heads/hf/v1.12/v1.12.18-994
- refs/heads/hf/v1.12/v1.12.3-debug-k8s-heartbeat
- refs/heads/hf/v1.12/v1.12.3-debug-k8s-heartbeat-v2
- refs/heads/hf/v1.13/bpf-sock-l7-fix
- refs/heads/hf/v1.13/v1.13.12-without-deny-precedence
- refs/heads/hf/v1.13/v1.13.14-without-deny-precedence
- refs/heads/hf/v1.13/v1.13.14-without-deny-precedence-debug
- refs/heads/hf/v1.13/v1.13.14-without-deny-precedence-with-xfrm-fix
- refs/heads/hf/v1.13/v1.13.2-with-24875
- refs/heads/hf/v1.13/v1.13.3-with-26242
- refs/heads/hf/v1.14/cidr-identity-refcnt-fix
- refs/heads/hf/v1.14/v1.14-with-27327
- refs/heads/hf/v1.7/v1.7.15-with-neighbor-fix
- refs/heads/hf/v1.7/v1.7.15-with-neighbor-fix-2
- refs/heads/hf/v1.8/v1.8.13-with-19452
- refs/heads/hf/v1.8/v1.8.6-eni-cidr-fix-1
- refs/heads/hf/v1.8/v1.8.6-eni-cidr-fix-15303
- refs/heads/hf/v1.8/v1.8.7-with-fqdn-underscore-fix
- refs/heads/hf/v1.8/v1.8.8-eni-cidr-fix-1
- refs/heads/hf/v1.8/v1.8.8-with-encrypt-fixes
- refs/heads/hf/v1.9/v1.9.8-azure-ipam-fix
- refs/heads/hf/v1.9/v1.9.9-azure-pod-egress-fix
- refs/heads/images/runtime/20210830
- refs/heads/ipc-demo
- refs/heads/ktls-tx-only
- refs/heads/ktls-tx-only-v2
- refs/heads/ktls-tx-rx
- refs/heads/ktls-tx-rx-v2
- refs/heads/ktls-tx-rx-v3
- refs/heads/ktls-tx-rx-v4
- refs/heads/ktls-tx-rx-v5
- refs/heads/ldelossa/feat/bgp-control-plane
- refs/heads/ldelossa/segment-makefiles
- refs/heads/ldelossa/segment-makefiles-v2
- refs/heads/ldelossa/srv6-encap-fib
- refs/heads/lizrice/pr/cli-confusion
- refs/heads/main
- refs/heads/multi-stack-dev-vm
- refs/heads/pr/1-9-ci-test
- refs/heads/pr/aanm-update-k8s-conformance
- refs/heads/pr/aanm/bisect
- refs/heads/pr/aanm/test-31027
- refs/heads/pr/add-controller-identity
- refs/heads/pr/aditighag/lrp-skip-lb
- refs/heads/pr/asauber/link-local-as-host
- refs/heads/pr/asauber/max-ifindex-metric
- refs/heads/pr/avoid-ct-for-dsr
- refs/heads/pr/backend-state
- refs/heads/pr/bbb-cpy
- refs/heads/pr/bimmlerd/modularize-bandwidth-manager
- refs/heads/pr/bimmlerd/v1.12-backport-quay-org-from-env
- refs/heads/pr/bounded-loops
- refs/heads/pr/bpf-based-masquerading
- refs/heads/pr/bpf-edt-proxy
- refs/heads/pr/brb/arping-nexthop
- refs/heads/pr/brb/arping-via-gw
- refs/heads/pr/brb/auto-multi-dev-v2
- refs/heads/pr/brb/backport-1.8.5-nat-gc
- refs/heads/pr/brb/bpf-host-routing-wg
- refs/heads/pr/brb/bpf-lxc-no-redirect
- refs/heads/pr/brb/bpf-masq-no-socket-lb
- refs/heads/pr/brb/bpf-masq-veth
- refs/heads/pr/brb/bpf-multihoming
- refs/heads/pr/brb/cgroup-v2-test
- refs/heads/pr/brb/check-errors-in-logs
- refs/heads/pr/brb/check-wg
- refs/heads/pr/brb/ci
- refs/heads/pr/brb/ci-1111
- refs/heads/pr/brb/ci-2
- refs/heads/pr/brb/ci-4.19
- refs/heads/pr/brb/ci-arping-flake
- refs/heads/pr/brb/ci-bigtcp
- refs/heads/pr/brb/ci-bpf-netdev-without-egress
- refs/heads/pr/brb/ci-cleanup-svc
- refs/heads/pr/brb/ci-dbg-conformance-kind
- refs/heads/pr/brb/ci-dbg-external
- refs/heads/pr/brb/ci-dbg-flake-from-outside
- refs/heads/pr/brb/ci-demo
- refs/heads/pr/brb/ci-disable-ces-for-egress-gw
- refs/heads/pr/brb/ci-dp-disable-bpf-host-routing
- refs/heads/pr/brb/ci-dp-hubble-flows
- refs/heads/pr/brb/ci-dp-more-diversity
- refs/heads/pr/brb/ci-dp-v1.13
- refs/heads/pr/brb/ci-dp-v6
- refs/heads/pr/brb/ci-dp-verifier
- refs/heads/pr/brb/ci-e2e-enable-debug-ipsec
- refs/heads/pr/brb/ci-e2e-geneve-dsr
- refs/heads/pr/brb/ci-e2e-helm-mode-v1.13
- refs/heads/pr/brb/ci-e2e-lvh-retry
- refs/heads/pr/brb/ci-e2e-more-nodes
- refs/heads/pr/brb/ci-e2e-new-cli
- refs/heads/pr/brb/ci-e2e-nft
- refs/heads/pr/brb/ci-e2e-unsafe
- refs/heads/pr/brb/ci-e2e-unsafe-v2
- refs/heads/pr/brb/ci-e2e-upgrade-tests
- refs/heads/pr/brb/ci-e2e-upgrade-tests-ipsec
- refs/heads/pr/brb/ci-early-terminate-conn-disrupt
- refs/heads/pr/brb/ci-eks-ipsec-upgrade
- refs/heads/pr/brb/ci-encrypt-l7
- refs/heads/pr/brb/ci-fix-ip-masq-dry-run
- refs/heads/pr/brb/ci-ipsec-upgrade-fix
- refs/heads/pr/brb/ci-ipsec-upgrade-missed-tail-calls
- refs/heads/pr/brb/ci-ipsec-upgrade-v1.13
- refs/heads/pr/brb/ci-ipsec-upgrade-vol2
- refs/heads/pr/brb/ci-keep-missed-tail-calls
- refs/heads/pr/brb/ci-l7-nodeport
- refs/heads/pr/brb/ci-lvh-4.19
- refs/heads/pr/brb/ci-lvh-5.4
- refs/heads/pr/brb/ci-lvh-5.4-v2
- refs/heads/pr/brb/ci-lvh-bpf-next
- refs/heads/pr/brb/ci-no-self-hosted
- refs/heads/pr/brb/ci-pass-kernel-env
- refs/heads/pr/brb/ci-prepull-l4lb
- refs/heads/pr/brb/ci-refactor-svc-suite
- refs/heads/pr/brb/ci-rm-smoke-tests
- refs/heads/pr/brb/ci-sanity
- refs/heads/pr/brb/ci-test
- refs/heads/pr/brb/ci-test-2
- refs/heads/pr/brb/ci-test-k8s-vsn-swap
- refs/heads/pr/brb/ci-test-large-runners
- refs/heads/pr/brb/ci-uffff
- refs/heads/pr/brb/ci-upgrade-vol-2
- refs/heads/pr/brb/ci-upgrade-vol-3
- refs/heads/pr/brb/ci-wg-mtu
- refs/heads/pr/brb/ci-wg-mtu-vol2
- refs/heads/pr/brb/cilium-host-v6-from-ipam
- refs/heads/pr/brb/cli-bump-test
- refs/heads/pr/brb/datapath-loop-dbg
- refs/heads/pr/brb/dbg-ci
- refs/heads/pr/brb/dbg-conformance-gke
- refs/heads/pr/brb/dbg-master-np-vxlan-ipcache-ci
- refs/heads/pr/brb/debug-nodeport-bpf-flake
- refs/heads/pr/brb/do-not-derive-pod-cidrs-from-dev
- refs/heads/pr/brb/do-not-query-dev-for-arping
- refs/heads/pr/brb/docs-clarify-egress-gw-ip-addr-dp
- refs/heads/pr/brb/drop-notify
- refs/heads/pr/brb/dsr
- refs/heads/pr/brb/dsr-v2
- refs/heads/pr/brb/dualstack-ci
- refs/heads/pr/brb/enable-ipv6-per-endpoint-routes
- refs/heads/pr/brb/enable-route-mtu-cni
- refs/heads/pr/brb/fib-lookup-src
- refs/heads/pr/brb/fix-backend-id-u32
- refs/heads/pr/brb/fix-ci-dp-deprecation-warn
- refs/heads/pr/brb/fix-clang-vsn-regexp
- refs/heads/pr/brb/fix-egress-ip-16147
- refs/heads/pr/brb/fix-external-ip-dp
- refs/heads/pr/brb/fix-maglev-del
- refs/heads/pr/brb/fix-nodeport-hostnetns
- refs/heads/pr/brb/fix-stale-dsr
- refs/heads/pr/brb/fix-svc-backend-selection
- refs/heads/pr/brb/fix-third-host
- refs/heads/pr/brb/gh-action-cgr
- refs/heads/pr/brb/gh-action-lvh
- refs/heads/pr/brb/gh-install-cli-backup
- refs/heads/pr/brb/ginkgo-kpr-strict
- refs/heads/pr/brb/ginkgo-rm-update-tests
- refs/heads/pr/brb/go-crazy
- refs/heads/pr/brb/hubble-tcp-ack-seq-no
- refs/heads/pr/brb/improve-svc-restore
- refs/heads/pr/brb/istio-getsockopt
- refs/heads/pr/brb/it-cannot-be-truth
- refs/heads/pr/brb/kpr-svc-mesh
- refs/heads/pr/brb/kubeproxy-free-ci
- refs/heads/pr/brb/l7-np-bpf
- refs/heads/pr/brb/l7-rerevert
- refs/heads/pr/brb/lets-be-friends-with-ipsec
- refs/heads/pr/brb/lvh-kind-127
- refs/heads/pr/brb/lvh-kind-ipsec-upgrade
- refs/heads/pr/brb/meyskens/auth-ep-gc-locks
- refs/heads/pr/brb/multi-network
- refs/heads/pr/brb/no-cache-snat
- refs/heads/pr/brb/no-rev-nat-bpf-lxc-ingress
- refs/heads/pr/brb/node-id-per-fam
- refs/heads/pr/brb/nodeport-xlr-flag
- refs/heads/pr/brb/perf-wg
- refs/heads/pr/brb/pin-lvh
- refs/heads/pr/brb/push-ci-charts
- refs/heads/pr/brb/pwru
- refs/heads/pr/brb/rm-arping-l2-addr-check
- refs/heads/pr/brb/rm-no-redirect
- refs/heads/pr/brb/rm-np-deadcode
- refs/heads/pr/brb/rm-partial-host-svc
- refs/heads/pr/brb/rm-test-gke
- refs/heads/pr/brb/test-bpf-masq
- refs/heads/pr/brb/test-ci-e2e
- refs/heads/pr/brb/test-ci-e2e-v1.13
- refs/heads/pr/brb/test-kind
- refs/heads/pr/brb/third-host-more-pain
- refs/heads/pr/brb/timing-l4lb-gh-action
- refs/heads/pr/brb/triage-flake-v2
- refs/heads/pr/brb/triage-lb-flake
- refs/heads/pr/brb/unquarantine-svc
- refs/heads/pr/brb/v1.10-istio-snat
- refs/heads/pr/brb/v1.12-ci-e2e
- refs/heads/pr/brb/v1.12-ci-ipsec-upgrade
- refs/heads/pr/brb/v1.12-test-ipsec-upgrade
- refs/heads/pr/brb/v1.13-ci-e2e
- refs/heads/pr/brb/v1.13-remote-np
- refs/heads/pr/brb/v1.13-upgrade-fixes
- refs/heads/pr/brb/v1.14-ci-e2e-upgrade
- refs/heads/pr/brb/v1.14-drop-notify
- refs/heads/pr/brb/v1.15-enable-route-mtu-cni
- refs/heads/pr/brb/v1.6.9-iptables-W
- refs/heads/pr/brb/v1.8-fix-icmp-port-check
- refs/heads/pr/brb/wg-duplicate-node-ip
- refs/heads/pr/brb/wg-encrypt-node-test
- refs/heads/pr/brb/wg-hack
- refs/heads/pr/brb/wg-ipam-fix
- refs/heads/pr/brb/wg-kpr
- refs/heads/pr/brb/wg-test
- refs/heads/pr/brb/wip
- refs/heads/pr/brb/wip-ci
- refs/heads/pr/brb/wip-sync-policy-map
- refs/heads/pr/brb/xdp-egress-gw
- refs/heads/pr/brb/xdp-multidev-with-bpf-multihoming
- refs/heads/pr/brb/xdp-multidev-with-bpf-multihoming-v2
- refs/heads/pr/bruno/sleepy-pawn
- refs/heads/pr/bugtool-systemd
- refs/heads/pr/bwm-base2
- refs/heads/pr/bwm-fq
- refs/heads/pr/bwm-priority
- refs/heads/pr/chancez/add_hubble_l7_dashboard_prometheus_example
- refs/heads/pr/chancez/fix_websocket_l7_policies
- refs/heads/pr/chancez/flow_filter_namespace
- refs/heads/pr/chancez/hubble_metrics_tls_docs
- refs/heads/pr/chancez/hubble_plus_plus
- refs/heads/pr/chancez/static_peers_hubble_relay
- refs/heads/pr/christarazi/controlplane-fqdn
- refs/heads/pr/christarazi/ipcache-async-cep-pods-namedports
- refs/heads/pr/christarazi/prep-from-cidr-tests
- refs/heads/pr/ci-k8s-1.30
- refs/heads/pr/datapath-opt
- refs/heads/pr/dbkm/nodeport-lb
- refs/heads/pr/debug-dns-timeout
- refs/heads/pr/eproutes-redir
- refs/heads/pr/example/neigh-state-manager
- refs/heads/pr/fastdp
- refs/heads/pr/fastdp2
- refs/heads/pr/feroz/allow-sbom-read
- refs/heads/pr/feroz/set-container-scan-failure-flag
- refs/heads/pr/fib-consolidation
- refs/heads/pr/fix-aks-workflow
- refs/heads/pr/fix-k8s-all-sha1
- refs/heads/pr/fix-net-next-1.16
- refs/heads/pr/fix-pod-pacing
- refs/heads/pr/fix-tail-call-replace
- refs/heads/pr/fristonio/feat-19038
- refs/heads/pr/fristonio/fix-istio-k8sT
- refs/heads/pr/fristonio/ipv6-masquerading
- refs/heads/pr/fristonio/test-dual-stack
- refs/heads/pr/fristonio/test-ipv6-dualstack
- refs/heads/pr/gandro+brb/fix-monitor-aggregation-np-v2
- refs/heads/pr/gandro+brb/mv-trace-point-to-rev-nodeport
- refs/heads/pr/gandro+brb/wg-host-encryption-v3
- refs/heads/pr/gandro+brb/wg-host2host
- refs/heads/pr/gandro+brb/wg-host2host-kind
- refs/heads/pr/gandro/bump-hubble-2020-03-25
- refs/heads/pr/gandro/ci-conformance-multicluster-fix-log-gathering
- refs/heads/pr/gandro/ci-delete-crds-in-cleanupcomponents
- refs/heads/pr/gandro/ci-fix-status-if-workflows-are-skipped
- refs/heads/pr/gandro/ci-wait-for-all-relevant-images-do-not-merge-test
- refs/heads/pr/gandro/enable-hubble-by-default
- refs/heads/pr/gandro/portmap-refcount
- refs/heads/pr/gandro/re-enable-wireguard-in-multicluster-ci
- refs/heads/pr/gandro/svc-healthchecknodeport
- refs/heads/pr/gc-on-svc-update
- refs/heads/pr/getname-hooks
- refs/heads/pr/giorio94/1.14/test-cilium-cli-2184
- refs/heads/pr/giorio94/main/cluster-name-validation-strict
- refs/heads/pr/giorio94/main/clustermesh-deprecated-cleanup
- refs/heads/pr/giorio94/main/gha-cl2-agents-pprof
- refs/heads/pr/giorio94/main/gha-cl2-compress-agent-pprofs
- refs/heads/pr/giorio94/main/gha-cluster-name
- refs/heads/pr/giorio94/main/gha-conformance-clustermesh-lb
- refs/heads/pr/giorio94/main/test-cilium-cli-2184
- refs/heads/pr/giorio94/main/tests-clustermesh-upgrade-interrupted
- refs/heads/pr/gray/30837-with-pwru
- refs/heads/pr/gray/main/connectivity-wg-proxy-nodeport
- refs/heads/pr/gray/main/decouple-ipsec-gh-actions
- refs/heads/pr/gray/main/egress-proxy-ipsec-fix2
- refs/heads/pr/gray/main/fix-leak-detection-race
- refs/heads/pr/gray/main/xfrm-delete-flake
- refs/heads/pr/gray/main/xfrm-delete-flake2
- refs/heads/pr/gray/pwru-action
- refs/heads/pr/gray/v1.15/decouple-ipsec-gh-actions
- refs/heads/pr/health
- refs/heads/pr/health-data-path
- refs/heads/pr/hubble-tls-cert-gen-via-k8s-job
- refs/heads/pr/ianvernon/kvstore-client-type
- refs/heads/pr/ianvernon/kvstore-context
- refs/heads/pr/ianvernon/more-endpoint-cleanup
- refs/heads/pr/ianvernon/resolve-cidr-policy-perf-improvement
- refs/heads/pr/increase-verifier-test-build-timeout
- refs/heads/pr/ipip
- refs/heads/pr/ipip-encap
- refs/heads/pr/ipip-encap2
- refs/heads/pr/ipip2
- refs/heads/pr/ipip4
- refs/heads/pr/ipip6
- refs/heads/pr/jibi/differentiate-udp-tcp-svcs-take-4
- refs/heads/pr/jibi/fix-differentiate-udp-tcp-svc-upgrade
- refs/heads/pr/jibi/ip-list-contains-addr
- refs/heads/pr/joamaki/gather-network-info
- refs/heads/pr/joamaki/idless-service-restapi
- refs/heads/pr/joe/ariane-scheduled-cilium-only
- refs/heads/pr/joe/backport-28007-1.11
- refs/heads/pr/joe/bump-ginkgo-seed
- refs/heads/pr/joe/docker-build-log-tracing
- refs/heads/pr/joe/ipcache-cidr-policy
- refs/heads/pr/joe/lost-identity
- refs/heads/pr/joe/policymap-format-test
- refs/heads/pr/joe/ready-to-merge
- refs/heads/pr/joe/release-codeowners
- refs/heads/pr/joe/sw-quay
- refs/heads/pr/joe/test-labeler
- refs/heads/pr/joe/test-lvh-fix
- refs/heads/pr/joe/v1.13-stability-check
- refs/heads/pr/joe/v1.7-dev-env
- refs/heads/pr/jrajahalme/gh-filter-test-files
- refs/heads/pr/jrfastab/backport-ooo-ipsec-fixes
- refs/heads/pr/jrfastab/backport-v111-loopback
- refs/heads/pr/jrfastab/backport-v115
- refs/heads/pr/jrfastab/dbgNodeId
- refs/heads/pr/jrfastab/dbgNodeId111
- refs/heads/pr/jrfastab/dbgNodeId111v2
- refs/heads/pr/jrfastab/dbgv114
- refs/heads/pr/jrfastab/eks-encrypt-ipamupdate
- refs/heads/pr/jrfastab/fix-encrypt-subnets
- refs/heads/pr/jrfastab/fix-ixsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/fixes-ipsec-init
- refs/heads/pr/jrfastab/v1.8-fix-ipsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/v1.9-fix-ipsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/v111-debug-ooo
- refs/heads/pr/jrfastab/v111-debug-ooo-v2
- refs/heads/pr/jwi/main/ipsec-rhel8
- refs/heads/pr/jwi/v1.14/ci-ipsec
- refs/heads/pr/jwi/v1.15/bpf-complexity
- refs/heads/pr/jwi/v1.15/ci-ipsec
- refs/heads/pr/k8s-nat46x64
- refs/heads/pr/k8s-nat46x64-2
- refs/heads/pr/kaworu/helm-hubble-cli.yaml
- refs/heads/pr/kkourt/azure-ipam-test-race
- refs/heads/pr/kkourt/bpftool-update
- refs/heads/pr/kkourt/ct-rst-timeout-wip
- refs/heads/pr/kkourt/v1.11-backport-2022-01-26
- refs/heads/pr/kkourt/v1.9-lxc-complexity
- refs/heads/pr/l4lb-improvements-tmp
- refs/heads/pr/learnitall/ginkgo-race-workflow
- refs/heads/pr/learnitall/test-startup-script-changes
- refs/heads/pr/lmb/1.14-cni
- refs/heads/pr/lmb/1.15-cni
- refs/heads/pr/lmb/update-cni-plugin
- refs/heads/pr/marga/v1.11-without-deny-precedence
- refs/heads/pr/marseel/scale_test_1_15
- refs/heads/pr/max/upgrade-llvm-18-1-6
- refs/heads/pr/mhofstetter/guestbook-registry
- refs/heads/pr/mhofstetter/junit-fetch-nullglob
- refs/heads/pr/mhofstetter/ssh-store-consolelog
- refs/heads/pr/mhofstetter/test-ingress
- refs/heads/pr/michi/circular-struggle
- refs/heads/pr/michi/clustermesh
- refs/heads/pr/michi/crdregister
- refs/heads/pr/michi/debug
- refs/heads/pr/michi/description
- refs/heads/pr/michi/dns-refactor12
- refs/heads/pr/michi/ipsec-workflows
- refs/heads/pr/michi/l7drop
- refs/heads/pr/michi/majestic-ketchup
- refs/heads/pr/michi/mega-ketchup
- refs/heads/pr/michi/peerapi
- refs/heads/pr/michi/rest
- refs/heads/pr/michi/scaletest
- refs/heads/pr/michi/sleep-on-it
- refs/heads/pr/michi/test
- refs/heads/pr/michi/weekly-bot
- refs/heads/pr/monitor-wait-ci
- refs/heads/pr/move-image-to-one-repo
- refs/heads/pr/nat-gw-tests
- refs/heads/pr/nathanjsweet/add-complex-allow-test-to-policy-map-tests
- refs/heads/pr/nathanjsweet/add-lockdown-mode-for-policy-map-overflows
- refs/heads/pr/nathanjsweet/differentiate-protocol-in-services
- refs/heads/pr/nathanjsweet/node-port-addresses
- refs/heads/pr/nathanjsweet/refactor-mapstate
- refs/heads/pr/nathanjsweet/update-k8s-control-plane-tests-to-1-27
- refs/heads/pr/nebril/add-dns-concurrency-limit
- refs/heads/pr/nebril/fix-precheck
- refs/heads/pr/nebril/fqdn-proxy-ha
- refs/heads/pr/nebril/fqdn-proxy-interface
- refs/heads/pr/nebril/gke-workflow-migrate-from-cli
- refs/heads/pr/nebril/quarantine-1.14-nodeport
- refs/heads/pr/nebril/test-bottlerocket
- refs/heads/pr/nebril/test-helm-gke-fix
- refs/heads/pr/nebril/test-our-ghaction-shenanigans
- refs/heads/pr/nebril/test-rebase-helm
- refs/heads/pr/nebril/trololo
- refs/heads/pr/nebril/update-cli-9.1-test
- refs/heads/pr/netkit
- refs/heads/pr/netkit3
- refs/heads/pr/netns-switch
- refs/heads/pr/netns-switch-no-peer
- refs/heads/pr/nodeport-fix
- refs/heads/pr/nodeport-improvements2
- refs/heads/pr/nodeport-nat-improvements
- refs/heads/pr/nodeport-nat-improvements2
- refs/heads/pr/nodeport-retry-sport
- refs/heads/pr/pchaigno/deprecate-bpf_network-f
- refs/heads/pr/pchaigno/fix-4.19-bpf-program-size
- refs/heads/pr/pchaigno/hotfix1-ipsec-fix
- refs/heads/pr/pchaigno/hotfix1-ipsec-fix-brb-v0
- refs/heads/pr/pchaigno/optim-complexity-ipcache-lookup
- refs/heads/pr/pchaigno/rework-config-probes
- refs/heads/pr/pchaigno/tmp-base-branch
- refs/heads/pr/pin-1.10-workflows-k8s-version
- refs/heads/pr/pin-1.11-workflows-k8s-version
- refs/heads/pr/pin-1.12-workflows-k8s-version
- refs/heads/pr/pin-1.13-workflows-k8s-version
- refs/heads/pr/pin-cloud-provider-master-workflows
- refs/heads/pr/pr/fix-ipam-node-manager-semaphore-error-handling
- refs/heads/pr/publish-test-images
- refs/heads/pr/qmonnet/docs-20230224
- refs/heads/pr/qmonnet/docs-bump
- refs/heads/pr/qmonnet/ipsec/no-missed-tail-call-1.13
- refs/heads/pr/qmonnet/standalone-lb-docs
- refs/heads/pr/qmonnet/sync-joblists
- refs/heads/pr/rastislavs/bgp-e2e-test
- refs/heads/pr/ray/late-dns-proxy
- refs/heads/pr/rgo3/1.12-run-no-unexpected-drops-for-patch
- refs/heads/pr/rgo3/fix-k8s-vm-provisioning-1.13
- refs/heads/pr/rgo3/fix-missing-health-endpoint
- refs/heads/pr/rolinh/better-policy-verdict
- refs/heads/pr/rolinh/hubble-dump-all
- refs/heads/pr/rolinh/hubble-fix-maxflows-rounding
- refs/heads/pr/route-test
- refs/heads/pr/run-tests-in-parallel
- refs/heads/pr/scalability-crd-only
- refs/heads/pr/squeed/make-ccache
- refs/heads/pr/squeed/per-node-config
- refs/heads/pr/squeed/remote-cluster-leak
- refs/heads/pr/stacy/docs-update
- refs/heads/pr/tammach/accesslog-envoy
- refs/heads/pr/tammach/ci-cm
- refs/heads/pr/tammach/cleanup-helm-1.16
- refs/heads/pr/tammach/envoy-1.30
- refs/heads/pr/tammach/headless-service-flake
- refs/heads/pr/tammach/ingress-controller-e2e-config6
- refs/heads/pr/tammach/more-ingress-tests
- refs/heads/pr/tammach/rennovate-statedb
- refs/heads/pr/tammach/revert/fib-lookup
- refs/heads/pr/tammach/ubuntu-24.04
- refs/heads/pr/tammach/ubuntu-24.04-no-llvm
- refs/heads/pr/tc-np-test
- refs/heads/pr/tcx
- refs/heads/pr/tcx-helm
- refs/heads/pr/tcx-misc
- refs/heads/pr/test-419-ci
- refs/heads/pr/test-increase-update-delete-timeout
- refs/heads/pr/test-k8s-all-tests
- refs/heads/pr/test-lb-super-netperf
- refs/heads/pr/test-nightly
- refs/heads/pr/test-upstream-timeout
- refs/heads/pr/tgraf/chaos-testing
- refs/heads/pr/tgraf/clustermesh-stale-state
- refs/heads/pr/tgraf/eni-ipam
- refs/heads/pr/tgraf/new-endpoint-state
- refs/heads/pr/tgraf/new-policy
- refs/heads/pr/tgraf/remove-tunnel-map
- refs/heads/pr/tgraf/scoped-ipam
- refs/heads/pr/tgraf/sctp
- refs/heads/pr/tgraf/split-lxc-prog
- refs/heads/pr/thorn3r/cesBlanketTest
- refs/heads/pr/thorn3r/clustermesh511
- refs/heads/pr/tklauser/build-push-images-env-var
- refs/heads/pr/tommyp1ckles/debugging-aks-conformance
- refs/heads/pr/tp/add-logging-for-wait-for-pods-term-condition
- refs/heads/pr/tp/backport-31380
- refs/heads/pr/tp/bump-cilium-cli
- refs/heads/pr/tp/cleanup-ipam-ips-metric-docs
- refs/heads/pr/tp/complexity-issue-verifier-case-main
- refs/heads/pr/tp/dont-terminate-on-node-config-changee
- refs/heads/pr/tp/eps-modular-health
- refs/heads/pr/tp/fix-stuck-ginko-pod-v2
- refs/heads/pr/tp/forward-hubble-for-e2e
- refs/heads/pr/tp/forward-hubble-for-e2e-v2
- refs/heads/pr/tp/switch-1.24-eks-region
- refs/heads/pr/tp/switch-1.24-eks-region-v1.13
- refs/heads/pr/tp/use-helm-default-vars-for-clustermesh-downgrade-c1
- refs/heads/pr/tweak-github-action-ref
- refs/heads/pr/twpayne/hubble-recent-events-buffer
- refs/heads/pr/twpayne/hubble-ring-buffer-benchmarks
- refs/heads/pr/update-azure
- refs/heads/pr/update-readme-for-releases
- refs/heads/pr/update-tm-network
- refs/heads/pr/v1.10-backport-2022-06-13
- refs/heads/pr/v1.10-backport-2022-10-03
- refs/heads/pr/v1.10-eni-stability-improvements-v1
- refs/heads/pr/v1.10-neigh-clean
- refs/heads/pr/v1.11-backport-2022-10-03
- refs/heads/pr/v1.11-test/issue-692
- refs/heads/pr/v1.12-backport-2023-10-10
- refs/heads/pr/v1.12-test/issue-692
- refs/heads/pr/v1.13-backport-2023-10-31
- refs/heads/pr/v1.13-backport-2024-04-22-03-42
- refs/heads/pr/v1.13-test/issue-692
- refs/heads/pr/v1.14-backport-2024-06-18-02-46
- refs/heads/pr/v1.14.1
- refs/heads/pr/v1.7-stability-test
- refs/heads/pr/v1.7.9-hf-13205
- refs/heads/pr/v3-cpu
- refs/heads/pr/v6-host-addr2
- refs/heads/pr/vk/bpf/tests/csum
- refs/heads/pr/vk/ci/test/concurrent/run
- refs/heads/pr/vk/doc/ipsec
- refs/heads/pr/vk/ipsec/key/rotate
- refs/heads/pr/vk/test/ipsec/tests/concurrent/run
- refs/heads/pr/wip/bijective-nodemap
- refs/heads/regex_improved
- refs/heads/renovate/v1.13-all-dependencies
- refs/heads/renovate/v1.14-all-dependencies
- refs/heads/renovate/v1.15-aanm-test
- refs/heads/renovate/v1.15-all-dependencies
- refs/heads/renovate/v1.16-cilium-cli
- refs/heads/renovate/v1.16-go
- refs/heads/revert-29086-2023-11-09-backport-1.14
- refs/heads/revert-33302-policy-catch-invalid-port-wildcard
- refs/heads/rib
- refs/heads/run-ci-wihout-building-cilium
- refs/heads/sh-dep-test-l4lb
- refs/heads/sidecar-http-proxy
- refs/heads/sockmap-v5
- refs/heads/sockops-build-fix
- refs/heads/tam/integration-tests
- refs/heads/tam/more-ingress-tests
- refs/heads/tb/bpf-remove-bear
- refs/heads/test-branch
- refs/heads/test-ipsec
- refs/heads/test-sig-bgp-notifs
- refs/heads/test/brlbil/upload
- refs/heads/test/skip-workflows
- refs/heads/tgraf/process-policy
- refs/heads/thorn3r/cesScaleTest
- refs/heads/thorn3rCES
- refs/heads/tinker/learnitall/scale-test-1
- refs/heads/tinker/learnitall/scale-test-2
- refs/heads/tklauser+brb/wip/multi-homing
- refs/heads/unit-test-ipsec
- refs/heads/v0.10
- refs/heads/v0.11
- refs/heads/v0.12
- refs/heads/v0.13
- refs/heads/v0.8
- refs/heads/v0.9
- refs/heads/v1.0
- refs/heads/v1.0.0-rc2
- refs/heads/v1.0.0-rc3
- refs/heads/v1.1
- refs/heads/v1.10
- refs/heads/v1.11
- refs/heads/v1.12
- refs/heads/v1.12.11-base
- refs/heads/v1.13
- refs/heads/v1.14
- refs/heads/v1.15
- refs/heads/v1.16
- refs/heads/v1.2
- refs/heads/v1.3
- refs/heads/v1.3.1
- refs/heads/v1.3.1-release
- refs/heads/v1.3.7-release
- refs/heads/v1.4
- refs/heads/v1.4.5-release
- refs/heads/v1.5
- refs/heads/v1.5.2-rc1-with-clusterip-fix
- refs/heads/v1.5.4-release
- refs/heads/v1.6
- refs/heads/v1.7
- refs/heads/v1.7.9-1
- refs/heads/v1.7.9.1
- refs/heads/v1.8
- refs/heads/v1.9
- refs/heads/verify-external-workload-dns-setup-redux
- refs/heads/vladu/identity-type-metrics
- refs/heads/weavescope
- refs/heads/wip-ktls-tx-rx
- refs/heads/wip-sockmap
- refs/heads/wip-sockmap-v2
- refs/heads/wip-sockmap-v3
- refs/heads/wip-sockmap-v4
- refs/heads/xfrm-subnet-test
- refs/heads/yutaro/bgp-cplane-etp-local/doc
- refs/heads/yutaro/oss/eni-overlapping-mark
- refs/remotes/bruno/hf/v1.10/v1.10.3-bpf-snat-and-masq-fixes
- refs/remotes/joe/submit/quarantine-etcd
- refs/remotes/origin/1.2-backports-18-09-12
- refs/remotes/origin/ipvlan3
- refs/remotes/origin/pr/add-reserved-health
- refs/remotes/origin/pr/brb/nodeport-lb
- refs/remotes/origin/pr/ianvernon/5859
- refs/remotes/origin/pr/ianvernon/dynamic-ep-cfg
- refs/remotes/origin/pr/tgraf/kube-dns-fixed-identity
- refs/semaphoreci/6384f501b324813e55cfbe818c04a40f2a923765
- refs/semaphoreci/7f69b285bac8a1be414e8769799962ae1408d9e1
- refs/semaphoreci/b5eb6622da121ad36b8f375a084392f7feeec64a
- refs/semaphoreci/d9e7e28f39d34a7050a9c1cad2a26d84f5f4eff1
- refs/semaphoreci/f55ec535d85f387ef981265967fabb3c1b5f1ec6
- refs/tags/0.10.1
- refs/tags/1.1.1
- refs/tags/1.9.0-rc0
- refs/tags/v0.11
- refs/tags/v0.12.0
- refs/tags/v0.13.1
- refs/tags/v0.8.0
- refs/tags/v0.8.1
- refs/tags/v0.8.2
- refs/tags/v0.9.0
- refs/tags/v0.9.0-rc1
- refs/tags/v1.0.0-rc2
- Branches list truncated to 687 entries, 4 were omitted.
- v1.0.0-rc14
- v1.0.0-rc13
- v1.0.0-rc11
- v1.0.0-rc10
- v1.0.0-rc1
- v1.0.0
- v0.13.9
- v0.13.8
- v0.13.7
- v0.13.6
- v0.13.5
- v0.13.4
- v0.13.3
- v0.13.28
- v0.13.25
- v0.13.24
- v0.13.23
- v0.13.22
- v0.13.21
- v0.13.20
- v0.13.2
- v0.13.19
- v0.13.18
- v0.13.17
- v0.13.16
- v0.13.15
- v0.13.14
- v0.13.13
- v0.13.12
- v0.13.11
- v0.13.10
- v0.10.0
- 1.9.9
- 1.9.8
- 1.9.7
- 1.9.6
- 1.9.5
- 1.9.4
- 1.9.3
- 1.9.2
- 1.9.18
- 1.9.17
- 1.9.16
- 1.9.15
- 1.9.14
- 1.9.13
- 1.9.12
- 1.9.11
- 1.9.10
- 1.9.1
- 1.9.0-rc3
- 1.9.0-rc2
- 1.9.0-rc1
- 1.9.0
- 1.8.9
- 1.8.8
- 1.8.7
- 1.8.6
- 1.8.5
- 1.8.4
- 1.8.3
- 1.8.2
- 1.8.13
- 1.8.12
- 1.8.11
- 1.8.10
- 1.8.1
- 1.8.0-rc4
- 1.8.0-rc3
- 1.8.0-rc2
- 1.8.0-rc1
- 1.8.0
- 1.7.9
- 1.7.8
- 1.7.7
- 1.7.6
- 1.7.5
- 1.7.4
- 1.7.3
- 1.7.2
- 1.7.16
- 1.7.15
- 1.7.14
- 1.7.13
- 1.7.12
- 1.7.11
- 1.7.10
- 1.7.1
- 1.7.0-rc4
- 1.7.0-rc3
- 1.7.0
- 1.6.9
- 1.6.8
- 1.6.7
- 1.6.6
- 1.6.5
- 1.6.4
- 1.6.3
- 1.6.2
- 1.6.12
- 1.6.11
- 1.6.10
- 1.6.1
- 1.6.0
- 1.5.9
- 1.5.8
- 1.5.7
- 1.5.6
- 1.5.5
- 1.5.4
- 1.5.3
- 1.5.2
- 1.5.13
- 1.5.12
- 1.5.11
- 1.5.10
- 1.5.1
- 1.5.0-rc6
- 1.5.0-rc5
- 1.5.0-rc4
- 1.5.0-rc3
- 1.5.0-rc2
- 1.5.0
- 1.4.9
- 1.4.8
- 1.4.7
- 1.4.6
- 1.4.5
- 1.4.4
- 1.4.3
- 1.4.2
- 1.4.10
- 1.4.1
- 1.4.0-rc9
- 1.4.0-rc8
- 1.4.0-rc7
- 1.4.0-rc6
- 1.4.0-rc5
- 1.4.0-rc2
- 1.4.0
- 1.3.8
- 1.3.7
- 1.3.6
- 1.3.5
- 1.3.4
- 1.3.3
- 1.3.2
- 1.3.1
- 1.3.0-rc5
- 1.3.0-rc4
- 1.3.0
- 1.2.8
- 1.2.7
- 1.2.6
- 1.2.5
- 1.2.4
- 1.2.3
- 1.2.2
- 1.2.1
- 1.2.0-rc3
- 1.2.0-rc2
- 1.2.0-rc1
- 1.2.0
- 1.16.0-rc.1
- 1.16.0-rc.0
- 1.16.0-pre.3
- 1.16.0-pre.2
- 1.16.0-pre.1
- 1.16.0-pre.0
- 1.15.7
- 1.15.6
- 1.15.5
- 1.15.4
- 1.15.3
- 1.15.2
- 1.15.1
- 1.15.0-rc.1
- 1.15.0-rc.0
- 1.15.0-pre.3
- 1.15.0-pre.2
- 1.15.0-pre.1
- 1.15.0-pre.0
- 1.15.0
- 1.14.9
- 1.14.8
- 1.14.7
- 1.14.6
- 1.14.5
- 1.14.4
- 1.14.3
- 1.14.2
- 1.14.13
- 1.14.12
- 1.14.11
- 1.14.10
- 1.14.1
- 1.14.0-snapshot.4
- 1.14.0-snapshot.3
- 1.14.0-snapshot.2
- 1.14.0-snapshot.1
- 1.14.0-snapshot.0
- 1.14.0-rc.1
- 1.14.0-rc.0
- 1.14.0-pre.2
- 1.14.0
- 1.13.9
- 1.13.8
- 1.13.7
- 1.13.6
- 1.13.5
- 1.13.4
- 1.13.3
- 1.13.2
- 1.13.18
- 1.13.17
- 1.13.16
- 1.13.15
- 1.13.14
- 1.13.13
- 1.13.12
- 1.13.11
- 1.13.10
- 1.13.1
- 1.13.0-rc5
- 1.13.0-rc4
- 1.13.0-rc3
- 1.13.0-rc2
- 1.13.0-rc1
- 1.13.0-rc0
- 1.13.0
- 1.12.9
- 1.12.8
- 1.12.7
- 1.12.6
- 1.12.5
- 1.12.4
- 1.12.3
- 1.12.2
- 1.12.19
- 1.12.18
- 1.12.17
- 1.12.16
- 1.12.15
- 1.12.14
- 1.12.13
- 1.12.12
- 1.12.11
- 1.12.10
- 1.12.1
- 1.12.0-rc3
- 1.12.0-rc2
- 1.12.0-rc1
- 1.12.0-rc0
- 1.12.0
- 1.11.9
- 1.11.8
- 1.11.7
- 1.11.6
- 1.11.5
- 1.11.4
- 1.11.3
- 1.11.20
- 1.11.2
- 1.11.19
- 1.11.18
- 1.11.17
- 1.11.16
- 1.11.15
- 1.11.14
- 1.11.13
- 1.11.12
- 1.11.11
- 1.11.10
- 1.11.1
- 1.11.0-rc3
- 1.11.0-rc2
- 1.11.0-rc1
- 1.11.0-rc0
- 1.11.0
- 1.10.9
- 1.10.8
- 1.10.7
- 1.10.6
- 1.10.5
- 1.10.4
- 1.10.3
- 1.10.20
- 1.10.2
- 1.10.19
- 1.10.18
- 1.10.17
- 1.10.16
- 1.10.15
- 1.10.14
- 1.10.13
- 1.10.12
- 1.10.11
- 1.10.10
- 1.10.1
- 1.10.0-rc2
- 1.10.0-rc1
- 1.10.0-rc0
- 1.10.0
- 1.1.6
- 1.1.5
- 1.1.4
- 1.1.3
- 1.1.2
- 1.1.0
- 1.0.7
- 1.0.6
- 1.0.5
- 1.0.4
- Releases list truncated to 313 entries, 325 were omitted.
Take a new snapshot of a software origin
If the archived software origin currently browsed is not synchronized with its upstream version (for instance when new commits have been issued), you can explicitly request Software Heritage to take a new snapshot of it.
Use the form below to proceed. Once a request has been submitted and accepted, it will be processed as soon as possible. You can then check its processing state by visiting this dedicated page.
Processing "take a new snapshot" request ...
Permalinks
To reference or cite the objects present in the Software Heritage archive, permalinks based on SoftWare Hash IDentifiers (SWHIDs) must be used.
Select below a type of object currently browsed in order to display its associated SWHID and permalink.
| Revision | Author | Date | Message | Commit Date |
|---|---|---|---|---|
| cc35b90 | Romain Lenglet | 01 May 2018, 21:11:39 UTC | xds: Never wait for ACKs from sidecar Envoy proxies Signed-off-by: Romain Lenglet <romain@covalent.io> | 01 May 2018, 21:40:50 UTC |
| f1d96e0 | Romain Lenglet | 01 May 2018, 21:40:17 UTC | Set version to 1.0.1-sidecar-http-proxy Signed-off-by: Romain Lenglet <romain@covalent.io> | 01 May 2018, 21:40:50 UTC |
| 61e157b | Thomas Graf | 28 April 2018, 10:29:45 UTC | Prepare for 1.0.1 release Signed-off-by: Thomas Graf <thomas@cilium.io> | 30 April 2018, 21:55:54 UTC |
| ea038a9 | Amey Bhide | 12 April 2018, 00:50:42 UTC | Adds flag to clean up cilium state before startup [ upstream commit 38ba456dff36f041d586c0dc9f03f7a1362f84f8 ] Signed-off-by: Amey Bhide <amey@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 30 April 2018, 21:22:29 UTC |
| 36c895a | Jarno Rajahalme | 27 April 2018, 17:46:26 UTC | policy: Do not enable DROP_ALL mode if not needed. [ upstream commit fb333388579c20a4ca9a6e286520b81f7701647c ] Do not enable DROP_ALL mode if it is known that the current policy enforcement mode and policy passes all traffic. This is true when: - Policy enforcement mode is "never" - Policy enforcement mode is "default" and no policy is loaded. This commit adds the exception for the second case. Fixes: #3933 Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 30 April 2018, 21:22:29 UTC |
| 62eb1b0 | Thomas Graf | 27 April 2018, 17:27:55 UTC | endpoint: Improve logging of endpoint lifecycle events [ upstream commit 12b6876da414a50308ecafa1932c0b9c2fbd7843 ] This commit introduces several info level log messages: New endpoint event: ``` msg="New endpoint" containerID=cilium-loc endpointID=29898 ipv4=10.11.242.54 ipv6="f00d::a0f:0:0:74ca" k8sPodName= policyRevision=0 ``` Removed endpoint event: ``` msg="Removed endpoint" containerID=03ed013784 endpointID=56326 ipv4=10.11.129.91 ipv6="f00d::a0f:0:0:dc06" k8sPodName= policyRevision=2 ``` BPF program generation: ``` msg="Regenerating BPF program" containerID=cilium-loc endpointID=29898 ipv4=10.11.242.54 ipv6="f00d::a0f:0:0:74ca" k8sPodName= policyRevision=0 msg="Regeneration of BPF program has completed" buildTime=2.32680802s containerID=cilium-loc endpointID=29898 ipv4=10.11.242.54 ipv6="f00d::a0f:0:0:74ca" k8sPodName= policyRevision=0 ``` Endpoint identity changes: ``` msg="Identity of endpoint has changed" containerID=cilium-loc endpointID=29898 identity=1261 identityLabels="reserved:health" ipv4=10.11.242.54 ipv6="f00d::a0f:0:0:74ca" k8sPodName= policyRevision=0 ``` Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 30 April 2018, 21:22:29 UTC |
| d133b17 | Jarno Rajahalme | 26 April 2018, 22:26:46 UTC | maps: Use pointer receivers for MapValue types. [ upstream commit c19e930db4fd9c32ff11909c00f45ccb8f11c3d6 ] bpf.MapValue interface function GetValuePtr() returns a pointer to a new temporary if the function receiver is a value rather than a pointer. endpoint, lxcmap, ipcache, and lbmap were also using value receivers for their implementations of MapValue interface. The problem with this is that any lookups would fail to return the actual value, as the bpf.LookupElement would write the value into a temporary unaccessible to the caller. No such lookups were performed, so this did not cause any problems in practice. Fix the implementations to prevent future problems. This fix is otherwise low risk, but it has happened earlier in development that GetValuePtr() implmentations were not fixed properly and a pointer to the pointer receiver was returned. This is not noticed by the compiler, and would result in garbage data being written to/read from the bpf maps. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Maciej Kwiek <maciej.iai@gmail.com> | 27 April 2018, 09:59:22 UTC |
| 0d21846 | Jarno Rajahalme | 26 April 2018, 23:16:08 UTC | daemon: Sync local IPs to lxcmap periodically. [ upstream commit 7fe082dfbd834aeb15add1e8d90707b4d3e832d8 ] LXCMap should not get out of sync, but there is some evidence that sometimes it does. Add a new controller to refresh the host entries in the lxcmap every 5 seconds, but only if they are not already there. No garbage collection of potentially stale host entries in the lxcmap is done. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Maciej Kwiek <maciej.iai@gmail.com> | 27 April 2018, 09:59:22 UTC |
| 921bcae | Joe Stringer | 26 April 2018, 02:53:57 UTC | monitor: Fix IPv6 string formatting in CT messages [ upstream commit 7ccfaf9563f9c02d717339e005dff44b7eda8170 ] Previously: Conntrack lookup 1/2: src=[::303a366463]:0 dst=[::303a31623938]:32768 Now: Conntrack lookup 1/2: src=[::0:dc06]:0 dst=[::0:981b]:32768 Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Maciej Kwiek <maciej.iai@gmail.com> | 26 April 2018, 16:15:31 UTC |
| e47fb9b | Ray Bejjani | 23 April 2018, 15:58:31 UTC | doc: Add a section about CiliumEndpoint CRDs [ upstream commit 2ab1b52a8b03da2d6dcd535e2be78d2555fbc862 ] Signed-off-by: Ray Bejjani <ray@covalent.io> Signed-off-by: Maciej Kwiek <maciej.iai@gmail.com> | 26 April 2018, 16:15:31 UTC |
| 54227ac | Ian Vernon | 18 April 2018, 20:50:20 UTC | Documentation: remove bash-test framework references [ upstream commit c14be592c54459848c334960c8bc657e53ccd031 ] Also do some minor fixups of grammatical errors, and some rewording to make sentences more clear. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Maciej Kwiek <maciej.iai@gmail.com> | 26 April 2018, 16:15:31 UTC |
| 0cd257b | Thomas Graf | 24 April 2018, 04:10:05 UTC | Prepare 1.0.0 release Signed-off-by: Thomas Graf <thomas@cilium.io> | 24 April 2018, 05:42:39 UTC |
| 5d23ebd | Romain Lenglet | 23 April 2018, 21:15:34 UTC | ipcache: Fix ipcache deletion of old identities on update [ upstream commit 50f0f7082f7059df1e395bf12a907c279672e04e ] Fix the scope of the cachedIdentity variable in ipIdentityWatcher. Make the agent crash in case an invalid IP-ID mapping is deleted. Fixes: https://github.com/cilium/cilium/issues/3825 Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 24 April 2018, 04:03:32 UTC |
| 86a2112 | André Martins | 11 April 2018, 12:45:21 UTC | test: update k8s tests for 1.8, 1.9, 1.10 and 1.11 [ upstream commit d59189fdd9e3aac40e067a9d8afcd11b59a5ee88 ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 24 April 2018, 04:03:32 UTC |
| 0bbe9b6 | Eloy Coto | 20 April 2018, 07:06:48 UTC | Test: Fix issues with Updates and Kube-dns [ upstream commit c01603b2450536d5f5c8215aebed9d00957b096a ] On `k8sT/Update.go` the system install a new cilium v1.0 image, but it does not wait for Kubedns to be ready, so time to time the kubedns was not ready at all. With this commit we make sure that the DNS is ready before applied any policy. Signed-off-by: Eloy Coto <eloy.coto@gmail.com> Signed-off-by: Ray Bejjani <ray@covalent.io> | 24 April 2018, 00:05:41 UTC |
| 8e0825a | Romain Lenglet | 19 April 2018, 22:58:31 UTC | etcd: Clear the etcd status error when connectivity is OK [ upstream commit 5fb78adb81052b449834de960704ff017fbb950a ] Fixes: 9f9086e5c68aea7556dbec3b98a249ca7520863a Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 24 April 2018, 00:05:41 UTC |
| f43b949 | Joe Stringer | 06 April 2018, 00:46:17 UTC | bpf: Fix default build config [ upstream commit c7b00124fb1ed598dc2607f950c995075a3beaa5 ] The policy prog array is indexed by LXC index, so it needs to be as big as the ENDPOINTS_MAP_SIZE. Fix it up in the node_config. This only affects developers that build the bpf/ directory then attempt to load BPF programs from it directly into the kernel without using the rest of Cilium to orchestrate. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 24 April 2018, 00:05:41 UTC |
| 82b5b75 | Joe Stringer | 19 April 2018, 05:17:34 UTC | bpf: Fix tracing message for egress policy [ upstream commit adc46707494ba108aef26d9e85dd56ee8290afee ] Previously, this would print the source and destination in the wrong order. Fix it up. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 24 April 2018, 00:05:41 UTC |
| e6befe1 | Thomas Graf | 22 April 2018, 17:23:54 UTC | Prepare for 1.0.0-rc14 release Signed-off-by: Thomas Graf <thomas@cilium.io> | 22 April 2018, 17:59:58 UTC |
| b4cb0ca | Jarno Rajahalme | 20 April 2018, 23:07:28 UTC | envoy: Use distinct Stats stores for each instance of a xDS client. [ upstream commit 2110a64e4b51d1baef6efa21557621b11968cf21 ] Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 22 April 2018, 04:45:20 UTC |
| 2270bfe | Jarno Rajahalme | 20 April 2018, 23:07:28 UTC | envoy: Minor cleanup. [ upstream commit 181fada8bbe3de78c40ce160b81c61c67cc47d92 ] Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 22 April 2018, 04:45:20 UTC |
| 2662716 | Jarno Rajahalme | 20 April 2018, 23:07:27 UTC | envoy: Initialize thread local host map with an empty map. [ upstream commit 94be14c72260cde45d1b7a981bb3629e7d54d3f5 ] Initialize with an empty map instead of a nullptr to make it less likely that a null pointer is found when resolving. Due to worker threads possibly initializing later than the main thread it is still possible (at least in theory) that a worker thread resolves before initializing so we still check the value of the thread local pointer. Perform the null pointer check before dereferencing it, as libc++ assertions fail otherwise. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 22 April 2018, 04:45:20 UTC |
| 6b3f8cb | Romain Lenglet | 20 April 2018, 21:44:01 UTC | npds: Don't wait for ACK from sidecar proxy with no L7 rules [ upstream commit 0118ac2c39df0070743107f89dc4e1f2e78678f5 ] Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 22 April 2018, 04:45:20 UTC |
| 21742ba | Romain Lenglet | 20 April 2018, 20:32:46 UTC | npds: Don't update NetworkPolicy if none has been calculated [ upstream commit 553ba7163c96e4af595e21af7119c7866168f473 ] Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 22 April 2018, 04:45:20 UTC |
| 7d571e7 | Joe Stringer | 20 April 2018, 17:57:13 UTC | xds: Validate NPHDS updates before upserting [ upstream commit c2adbfe63c7058ffad74dfb8e4ff6006a4fd6386 ] This should catch recent errors such as the one reported in #3825. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 22 April 2018, 04:45:20 UTC |
| cf8c68e | Ian Vernon | 20 April 2018, 17:05:32 UTC | ginkgo-kubernetes-all.Jenkinsfile: increase timeouts [ upstream commit 803bd5437ad4d2a991b472035686f0f46ae32c86 ] Use a more generous timeout to allow for variability in build times. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 22 April 2018, 04:45:20 UTC |
| 2172cd1 | Thomas Graf | 20 April 2018, 15:29:05 UTC | workloads: Silence noisy harmless warning [ upstream commit 53065cc51a7ac148571e7bafa160c354d99d3fa7 ] The following warning is repeated up to 20 times when a container create event is being handled but the container has already exited again: level=warning msg="Unable to inspect container, retrying..." containerID=ad5fd3ea00 error="unable to inspect container 'ad5fd3ea0031e00f5d0dbaac16b69bfb6c3b9d2894cbcf326be86ae2dd67df5f': Error: No such container: ad5fd3ea0031e00f5d0dbaac16b69bfb6c3b9d2894cbcf326be86ae2dd67df5f" maxRetry=20 retry=8 subsys=containerd-watcher The warning is absolutely harmless, move it to a debug message. Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 22 April 2018, 04:45:20 UTC |
| 92faf3d | André Martins | 20 April 2018, 15:05:00 UTC | k8s: only watch for ingress changes if LB is enabled [ upstream commit 94f9a2cd4c2d24acc5f1159c507a2dc04a36c37f ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 22 April 2018, 04:45:20 UTC |
| b746224 | Joe Stringer | 19 April 2018, 19:00:58 UTC | ipcache: Avoid issuing delete for identity=0 [ upstream commit 3a7ceb132e0b3db1ec4bc7e367dbfdc09087ba70 ] Fixes: b6c5cb0f1bf5 ("ipcache: Shift NPHDS logic to envoy") Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 22 April 2018, 04:45:20 UTC |
| f0dfa85 | André Martins | 19 April 2018, 00:00:19 UTC | start.sh: add routes based on VM name [ upstream commit 4923337104969f95825013f1b162ee935dc0d969 ] Add routes without hardcoded VM prefix name Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 22 April 2018, 04:45:20 UTC |
| ce6b79e | André Martins | 18 April 2018, 23:59:33 UTC | Vagrantfile: re-add workaround for kube-proxy in node-2 [ upstream commit d5795a3405b44cbf2610e1096d397f79f64325c2 ] Since kube-proxy doesn't redirect traffic to the proper interface when translating from service IP to backend IP we need to re-add this workaround. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 22 April 2018, 04:45:20 UTC |
| 8183260 | Jarno Rajahalme | 19 April 2018, 01:27:06 UTC | envoy: Manage life-cycles of singleton maps properly. [ upstream commit 3179a2c326762d5c3b3e90a992a75a09b2183940 ] Both policy and host maps are managed as singletons, which are initialized when first required, and destructed when the last listener referring to them via Cilium filter instances is removed. Internally, the maps "post" configuration changes to Envoy worker threads via thread dispatch queues. These changes are packaged as C++ lambda closures. The problem with this is that while the "posts" are queued, it is possible for all the listeners to be removed, and thus the associated singleton maps being freed. If the posted closure refers to the (now stale) map, bad things can happen. Fix this by capturing either a weak or shared pointer to the lambda closure. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 22 April 2018, 04:45:20 UTC |
| e63acd9 | Eloy Coto | 19 April 2018, 16:33:15 UTC | Backport: Don't failfast on branch V1.0 Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 20 April 2018, 18:39:16 UTC |
| 7f322b0 | André Martins | 19 April 2018, 21:56:50 UTC | k8s/specs: update image tag to v1.0.0-rc13 Signed-off-by: André Martins <andre@cilium.io> | 20 April 2018, 16:57:27 UTC |
| a8a85ed | André Martins | 19 April 2018, 21:54:59 UTC | k8s/specs: change imagePullPolicy to IfNotPresent Since we never change the image of docker image releases we can change the imagePullPolicy to IfNotPresent to avoid wasting resources. Signed-off-by: André Martins <andre@cilium.io> | 20 April 2018, 16:57:27 UTC |
| 0361f2b | André Martins | 18 April 2018, 15:23:53 UTC | k8s: add some fixes to the kubernetes spec file This fixes the previous commit which had the RestartAlways set in the wrong place. Restart always will guarantee that kubelet will restart cilium in case of failure. Fixes: (e200aaffc1) k8s: add some fixes to the kubernetes spec file Signed-off-by: André Martins <andre@cilium.io> | 20 April 2018, 16:57:27 UTC |
| d873a25 | Manali Bhutiyani | 18 April 2018, 19:48:26 UTC | Kafka : remove noise from logging EOF messages in Kafka parser We keep seeing a lot of these on normal client (produce/consume) connection close. We should not be logging valid EOF as errors. [ upstream commit d9143000325e61a9ed63817b453f7cffbf76de89 ] level=error msg="Unable to parse Kafka request; closing Kafka request connection" error=EOF id="rx:10.15.161.35:57590->10.15.28.238:10551<->tx:closed" Fixes: #3792 Signed-Off-By: Manali Bhutiyani <manali@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 19 April 2018, 18:43:27 UTC |
| cf50c76 | Romain Lenglet | 14 April 2018, 09:26:01 UTC | doc: Fix spelling [ upstream commit e89d35c2a21319b3f5ec2e19405aa6646652b1c4 ] Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 19 April 2018, 18:43:27 UTC |
| c745392 | Romain Lenglet | 12 April 2018, 19:05:14 UTC | doc: Replace cilium-sidecar.yaml with a config map setting [ upstream commit 95d04e633f2e97244c5bc78c4fa0c6052466971d ] Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 19 April 2018, 18:43:27 UTC |
| e200aaf | André Martins | 18 April 2018, 15:23:53 UTC | k8s: add some fixes to the kubernetes spec file Restart always will guarantee that kubelet will restart cilium in case of failure. Signed-off-by: André Martins <andre@cilium.io> | 19 April 2018, 04:15:01 UTC |
| 87aa854 | Jarno Rajahalme | 16 April 2018, 23:06:15 UTC | docs: Refine backporting instructions. [ upstream commit 9f25a9058963800edf3b368aa9d617856f121f1c ] Refine backporting instructions by explicitly specifying how to use GitHub labels. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 19 April 2018, 03:41:11 UTC |
| 64c03f0 | Joe Stringer | 17 April 2018, 22:13:47 UTC | policy: Support reserved:cluster entity [ upstream commit 45038629e6e7a881bf6f8a3f91ed34f8a6e61828 ] The support for this entity was already plumbed through most of Cilium, it just wasn't exposed in the API. Expose it there. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 19 April 2018, 03:41:11 UTC |
| 8a9a6a5 | Joe Stringer | 17 April 2018, 16:55:39 UTC | monitor: Fix CT entry dst port printing [ upstream commit 1355c81a101fc489eaa083b9946874d0d186b2e2 ] Ports were not being printed correctly for ports in CT entry monitoring output. Fix it. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 19 April 2018, 03:41:11 UTC |
| aadca0d | Joe Stringer | 17 April 2018, 06:51:57 UTC | xds: Add tests for cache.Lookup [ upstream commit c6612a9c6a69bc5e3cffe91d74afd5f4c53267f1 ] Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 19 April 2018, 03:41:11 UTC |
| 7ae3ba6 | Joe Stringer | 13 April 2018, 18:34:32 UTC | daemon: Push reserved IP->Identity mappings to XDS [ upstream commit 11c8f3923fb538a583a3e45c9cf1530e9f6312b1 ] Previously we were only handling the BPF case and missing these IPs in XDS, so presumably we would not apply L3/L4 policies correctly for the XDS (eg Envoy sidecar) case. CC: Ian Vernon <ian@cilium.io> Fixes: 7448e41aa047 ("endpoint: sync endpoint IP-SecID map to kvstore") Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 19 April 2018, 03:41:11 UTC |
| 9ea1c96 | Joe Stringer | 16 April 2018, 21:35:20 UTC | envoy: Handle IP->ID deletes inside cache [ upstream commit e24b30d6dc2dce7cd5866f7cdb78958f4fe94296 ] Don't reach back up to the ipcache to handle deletes like this, rather look through the cache and update the entries in place. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 19 April 2018, 03:41:11 UTC |
| 36bbfe5 | Joe Stringer | 13 April 2018, 07:26:37 UTC | ipcache: Shift NPHDS logic to envoy [ upstream commit b6c5cb0f1bf5b8496c89c89ffaff4c2740fe3ba5 ] There was a bunch of Network Policy Hosts Discovery Service logic littering the ipcache logic, shift it into envoy. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 19 April 2018, 03:41:11 UTC |
| 7a4b94e | Ian Vernon | 17 April 2018, 19:55:04 UTC | pkg/envoy: always use dport in proxy statistics [ upstream commit a1e7a25405a8a65285af4a1dd00b8c93d478ec17 ] Even on egress, rules are always defined with 'ToPorts'; thus, in proxy statistics, only use the port to which traffic is flowing (destination port). Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 19 April 2018, 03:41:11 UTC |
| 860c19f | Joe Stringer | 16 April 2018, 22:42:17 UTC | bpf: Fix log message about not supporting CIDR [ upstream commit f3ca26e764ce25d9c8f946ec8088cd295e4d0815 ] Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 19 April 2018, 03:41:11 UTC |
| 8989880 | Ian Vernon | 05 April 2018, 21:12:51 UTC | bpf/lib: unconditionally create ipcache bpf map in datapath [ upstream commit b2e94027ec0f901a189380f1b22740a960cd760c ] In case the opening and creating of the map in userspace fails, it now will be unconditionally created in the datapath. This will not affect the datapath because the lookup into the map is only performed when egress policy is enabled in the datapath for a specific endpoint. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 19 April 2018, 03:41:11 UTC |
| 4155c14 | Ian Vernon | 04 April 2018, 20:37:05 UTC | pkg/bpf: add additional logging and error handling [ upstream commit 5df8397ee957021550e21997e4c1e3f8ac4a06a7 ] * Add logs for when we append to list of maps to open after bpffs is mounted. * Log errors that occur when opening / creating maps which are stored in list of maps to open after bpffs is mounted. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 19 April 2018, 03:41:11 UTC |
| f612888 | Ian Vernon | 06 April 2018, 07:58:01 UTC | pkg/logging/logfields: add log field for BPF map name [ upstream commit 09f1936d39f21704036385286e5d72a90c3eb393 ] Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 19 April 2018, 03:41:11 UTC |
| 030f253 | Ian Vernon | 04 April 2018, 19:20:33 UTC | pkg/maps/ipcache: log if map unable to be opened [ upstream commit 11091ed6611867a8274d55e798f1973777b6d79f ] Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 19 April 2018, 03:41:11 UTC |
| cf4887c | Thomas Graf | 18 April 2018, 21:25:45 UTC | Disable code owners reviews in 1.0 branch Signed-off-by: Thomas Graf <thomas@cilium.io> | 18 April 2018, 22:22:03 UTC |
| 02bea38 | Ray Bejjani | 17 April 2018, 12:08:21 UTC | scripts: contrib/backports/check_stable prints PR link [ upstream commit 63b39052f349da7c87c5f4a8d1a7c02e823fe5e2 ] Signed-off-by: Ray Bejjani <ray@covalent.io> | 17 April 2018, 18:49:49 UTC |
| ecdc2d2 | Ray Bejjani | 17 April 2018, 12:05:26 UTC | scripts: contrib/backports/check_stable handles backports-done label [ upstream commit 29cab3a38109a5349fc37e0dfa55b64ae291fd9f ] We sometimes leave the "stable/backport-done" label on PRs. Instead of confusing ourselves, we now filter these out. Signed-off-by: Ray Bejjani <ray@covalent.io> | 17 April 2018, 18:49:49 UTC |
| ff19397 | Eloy Coto | 16 April 2018, 14:13:14 UTC | Test: Increase logs for Kube-dns issues [ upstream commit 25c80eb7b366977f6d2696d0bc19bd110d1e0647 ] - Added kubedns logs in reportFailed. - Added a new fallback option in `WaitForKubeDNSEntry` to know in case of fail if the issue is that the DNS entry does not exits, or cannot connect to kube-dns service. - Use service IP instead of the kube-dns pod IP. Signed-off-by: Eloy Coto <eloy.coto@gmail.com> Signed-off-by: Ray Bejjani <ray@covalent.io> | 17 April 2018, 18:49:49 UTC |
| 62c48d7 | Thomas Graf | 15 April 2018, 16:50:03 UTC | Prepare for 1.0.0-rc13 Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:29:04 UTC |
| 2e0c7fa | Thomas Graf | 15 April 2018, 02:02:09 UTC | policy: Add TestWildcardL4RulesIngress and TestWildcardL4RulesEgress [ upstream commit 82950581c84eec44bfbc3209db0f8de80344a8aa ] Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| 5f4e908 | Ian Vernon | 13 April 2018, 04:08:19 UTC | pkg/policy: change parser type logic for merging L4Filter [ upstream commit 3ebcca016553f7e9bd80b512f9e9471f5df9d0c6 ] If any L4Filters being merged together have rules on L7, even if one of the rules allows all on L7, allow all on L7, but set the parser type of the be the L7Parser type of the L4Filter which contains L7-related rules. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| 4d664df | Ian Vernon | 12 April 2018, 17:37:54 UTC | pkg/policy: do not use length checks on L4Filter.Endpoints [ upstream commit 030fea128ec7636fcc374f608842b5e25803287a ] Length of this slice is not a reliable indicator of what information is encoded in the slice anymore because we now use the WildcardEndpointSelector within this slice to represent that the L4Filter selects all endpoints. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| 7ca251e | Ian Vernon | 12 April 2018, 17:24:10 UTC | pkg/policy: remove redundant length check in AllowsAllAtL3 [ upstream commit 62db3530301bd6f93e803a5a20da19ecfbb0fb7d ] This length check is performed within EndpointSelectorSlice.SelectsAllEndpoints, so just remove it from AllowsAllAtL3. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| 9474fd5 | Romain Lenglet | 14 April 2018, 11:26:25 UTC | test: Force using IPv4 for egress connections to google.com [ upstream commit 232274b5a25fc847644a8aefed88b85a6b4ec91f ] Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| 7e8491d | Romain Lenglet | 14 April 2018, 08:18:40 UTC | test: Always execute "cilium endpoint get" with -o json [ upstream commit 5dc1865b7527e324d8cc142446441742c447ff8a ] Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| 0b2517e | Romain Lenglet | 14 April 2018, 07:12:55 UTC | policy: Replace adding L3-only rules into L4PolicyMap with extra loop [ upstream commit 6b0115c81e38f06feac767f4a1f656c2518742d7 ] Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| e5938c4 | Romain Lenglet | 13 April 2018, 22:37:56 UTC | policy: Synthesize wildcard L7 rules for L3-only rules [ upstream commit 8c0ba61abf47844e27252b64f3a912fbc1fc23c8 ] Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| aef393c | Romain Lenglet | 12 April 2018, 18:44:27 UTC | test: Fix Star Wars demo test [ upstream commit 9da6d710df4a286dc35c2aee61264b85ebceb3fc ] Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| 10724e7 | André Martins | 14 April 2018, 00:04:33 UTC | test: fix star wars demo [ upstream commit 645afa10741355d6fcd09c316ac01def0024a928 ] Once a new endpoint is created, it can trigger regeneration for all the remaining endpoints. By not checking if all of them were in ready state before testing the connection all the traffic could potentially be dropped until the security labels are assigned to that particular endpoint. Since the communication was always denied, before the endpoint had its security ID assigned, the tests would always fail as it was expecting the connection to be successfull. For this reason we should wait for all endpoints to be in ready state before testing out any connection tests. As an example for endpoint 36125 the monitor would show the following: ``` <- endpoint 36125 flow 0xfd750d60 identity 0->0 state new ifindex 0: 9a:1a:e4:12:33:29 -> ff:ff:ff:ff:ff:ff ARP -> lxc8d11b: ca:f4:2e:75:46:11 -> 9a:1a:e4:12:33:29 ARP <- endpoint 36125 flow 0xae0d91ac identity 0->0 state new ifindex 0: 10.1.139.2:45668 -> 172.20.0.10:53 udp xx drop (Policy denied (L3)) flow 0xae0d91ac to endpoint 0, identity 0->0: 10.1.139.2:45668 -> 172.20.0.10:53 udp <- endpoint 36125 flow 0xae0d91ac identity 0->0 state new ifindex 0: 10.1.139.2:45668 -> 172.20.0.10:53 udp xx drop (Policy denied (L3)) flow 0xae0d91ac to endpoint 0, identity 0->0: 10.1.139.2:45668 -> 172.20.0.10:53 udp <- endpoint 36125 flow 0xae0d91ac identity 0->0 state new ifindex 0: 10.1.139.2:45668 -> 172.20.0.10:53 udp xx drop (Policy denied (L3)) flow 0xae0d91ac to endpoint 0, identity 0->0: 10.1.139.2:45668 -> 172.20.0.10:53 udp <- endpoint 36125 flow 0xae0d91ac identity 0->0 state new ifindex 0: 10.1.139.2:45668 -> 172.20.0.10:53 udp xx drop (Policy denied (L3)) flow 0xae0d91ac to endpoint 0, identity 0->0: 10.1.139.2:45668 -> 172.20.0.10:53 udp >> Endpoint regenerated: 36125 (k8s:class=spaceship,k8s:org=alliance,k8s:io.kubernetes.pod.namespace=default) <- endpoint 56687 flow 0xb1f87f1 identity 21577->0 state new ifindex 0: fe80::c41d:a6ff:fef1:7998 -> ff02::2 RouterSolicitation ``` Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| 34846e9 | Jarno Rajahalme | 13 April 2018, 23:30:38 UTC | bpf: Make all funtions in lib/policy.h conditional on DROP_ALL [ upstream commit 786376ee9c1489505f722f20e5b20e35f7b7e9ad ] Make all policy decision functions conditional on DROP_ALL to avoid regressions in future. Suggested-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| a068821 | Jarno Rajahalme | 13 April 2018, 23:02:04 UTC | bpf: Honor DROP_ALL also in ingress to a container. [ upstream commit ce741afa31adcc7fb39939112f64fc2e3c757d0d ] Even if DROP_ALL is defined, the bpf program can be compiled so that the actual ingress policy check returns OK (e.g., POLICY_INGRESS not defined). Check for DROP_ALL in higher level code that is not conditional to any other compile time definitions. Fixes: https://github.com/cilium/cilium/issues/3731 Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| 6a127e9 | Jarno Rajahalme | 13 April 2018, 20:13:56 UTC | envoy: Remove assert, reduce logging. [ upstream commit 1e1fbbd899c625f809ab12d794e8c5c2b32f46e7 ] Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| 9ea7a10 | Thomas Graf | 13 April 2018, 06:44:46 UTC | policy: Do not wildcard CIDR 0/0 for world and all entity [ upstream commit 118ad8232628214938e3955cb14bf43cce55b482 ] With the introduction of label based egress including the world and all identity, it is no longer required to whitelist CIDR 0/0 for the world and all entity as it is covered by the identity based policy map which also supports L4. This allows to define rules such as: [{ "endpointSelector": {"matchLabels": {}}, "egress": [{ "toEntities": ["world"], "toPorts": [ {"ports":[ {"port": "80", "protocol": "TCP"}, {"port": "53", "protocol": "UDP"} ]} ] }] }] Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| e1a49d9 | Jarno Rajahalme | 12 April 2018, 22:32:21 UTC | daemon: Regenerate endpoint in PATCH handler also when endpoint is in waiting-for-identity state. [ upstream commit 3ba379a817e50a1b79192ff5cae48a647a832545 ] commit 41c08396ce ("daemon: Only regenerate in PATCH from valid state") intended to limit endpoint regeneration calls from the API PATCH endpoint handler to valid endpoint states, but inadvertently limited the allowed states only to waiting-to-regenerate, while the endpoint should also be built while in the waiting-for-identity state. The symptom was that endpoints created via docker never built the initial drop-all bpf program while waiting for identity. This commit allows endpoint regeneration via the PATCH endpoint API also when the endpoint is in wairing-for-identity state. Fixes: 41c08396ce ("daemon: Only regenerate in PATCH from valid state") Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| 1384437 | Joe Stringer | 12 April 2018, 18:05:30 UTC | tunnel: Remove old tunnel map upon upgrade. [ upstream commit b1955077d001b7570ac26d0131cb535a780bb795 ] This fixes up #3681 to ensure we don't end up with extraneous map entries on the filesystem after upgrade. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| 36deff3 | André Martins | 11 April 2018, 12:45:23 UTC | test: update kubedns to 1.14.9 [ upstream commit d0b8fe7be293f0c2c4e6253a7859a1aa507d33e9 ] Since kubedns 1.14.9 contains bug fixes it might help in kube-dns issues the CI is having Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| d93418d | Joe Stringer | 12 April 2018, 04:26:20 UTC | bpf: Rename tunnel_endpoint_map -> cilium_tunnel_map [ upstream commit f117836ffaeb381b7db5d05f44843fc82a2586f5 ] Rename the tunnel endpoint map so it has the same prefix as all of the other cilium maps. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| 94f2e03 | Jarno Rajahalme | 11 April 2018, 22:59:46 UTC | envoy: Pass 'non-redirect' http traffic through. [ upstream commit 768fbdfc3163eea0289f6564ee8bf6db8f376ab1 ] Cilium only creates a host proxy redirect when the relevant policy has http rules. A sidecar proxy gets also traffic that would not have been redirected with a host proxy. To emulate the host proxy behavior we pass (allow) traffic through a sidecar if it is passed through by the bpf datapath and would not have been redirected to a host proxy. There are two cases in cilium network policy enforcement where we can detect that the given packet would not have been forwarded to a host proxy: 1. There is no port policy that covers this connection. Cilium always configures a port policy for a redirect, and hence if we find that there is no applicable port policy, the connection must have been passed by the bpf datapath to a sidecar and the sidecar proxy should pass it through, i.e., consider the decision made by the bpf datapath final. 2. There is a port policy, but it does not have any http rules. Again, in this case this request would not have been redirected to a host proxy, and we must consider bpf datapath policy decision as final by passing the request through the sidecar proxy. There changes are marked with TODOs as they will need to be reconsidered when a non-bpf datapaths are supported. Suggested-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| 0df6e7b | Jarno Rajahalme | 12 April 2018, 17:44:03 UTC | endpoint: Fix label replacement. [ upstream commit 8515b21011f2969f85c29f41957f2def6513f590 ] Fix bugs in label updates: - Information labels were never deleted - Information label assignments were logged even when nothing changed - Identity label updates never updated the Source or Value of an existing label Add unit test for label updates. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| 0c78c4a | Ian Vernon | 11 April 2018, 18:28:51 UTC | test/k8sT: do not access redis-master via hostname, only service IP [ upstream commit 99297d4143ac5717e6c172f2be41350ae2c33763 ] In K8s 1.7 tests, there are issues accessing redis-master via hostname. Disable accessing redis-master via its hostname until K8s 1.7 is updated in CI to a newer version. See GH-3462 for more information. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 13 April 2018, 07:38:24 UTC |
| 4dcac3d | Eloy Coto | 11 April 2018, 10:27:31 UTC | Test: Add separate logs per each cilium pod [ upstream commit b97c14d3fc13f1435fe0c510fee36b037dd5138d ] Fix 3636 Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 13 April 2018, 07:38:24 UTC |
| 72942f6 | Ian Vernon | 10 April 2018, 18:24:00 UTC | pkg/endpoint: log what caused policy changes [ upstream commit 1df6acc7e545ae8a2be4c9cb9af008dbfb72d493 ] Before this commit, we only logged whether policy was changed or not for a given endpoint or consumable, not what caused the policy change itself. To get more visibility into what might trigger regenerations, log at debug level what causes policy changes. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 13 April 2018, 07:38:24 UTC |
| e29063f | Romain Lenglet | 11 April 2018, 19:13:38 UTC | doc: Use K8s-version-specific YAML files in Istio GSG [ upstream commit 323973b644944944fa1b98a6e6abccbd2f148d2a ] Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 13 April 2018, 07:38:24 UTC |
| cd684ef | Romain Lenglet | 10 April 2018, 09:46:26 UTC | examples/kubernetes: Generate daemon sets defs for sidecar mode [ upstream commit b542e40b54331f131c9c013274642555ac0869da ] Clean up examples/kubernetes/Makefile. Add support for V=0 quiet option. Add support for multiple daemon set definitions for each Kubernetes version. Generate */cilium-sidecar*.yaml daemon set files for running Cilium along with Istio. Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 13 April 2018, 07:38:24 UTC |
| 00c2154 | Romain Lenglet | 04 April 2018, 15:48:16 UTC | doc: Update Istio GSG for Istio 0.7.0 [ upstream commit a04087ac01560b6cb0070049e029ced2710d3ece ] Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 13 April 2018, 07:38:24 UTC |
| f5715e8 | André Martins | 10 April 2018, 23:58:42 UTC | examples/k8s: fix 1.8 spec files Signed-off-by: André Martins <andre@cilium.io> | 11 April 2018, 22:56:08 UTC |
| 3a20bad | André Martins | 10 April 2018, 17:06:04 UTC | examples/k8s: change image to point to 1.0 Signed-off-by: André Martins <andre@cilium.io> | 11 April 2018, 22:56:08 UTC |
| 3e2f87a | Eloy Coto | 03 April 2018, 10:29:14 UTC | Test: trigger AfterFailed before AfterEach when is in Context [ upstream commit cb9020a3996555ab7444d44c1434f863dea1340b ] When a context is defined with a AfterEach the AfterEach function will be called before `JustAfterEach` and `AfterFailed` and some info cannot be retrieved correctly because no longer exits. With this commit all the `JustAfterEach` and `AfterFailed` will be called just before the AfterEach. Fix #3481 Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 11 April 2018, 21:50:19 UTC |
| 446c56e | Thomas Graf | 10 April 2018, 22:30:15 UTC | health: Do sanity checking on health response [ upstream commit c9b0328ba5aeff9cf201972a78c3791c41978045 ] Check all fields for potential nil pointers. Some of the fields can be omitted if the health API is triggered while the agent is still bootstrapping. Fixes: #3628 Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 11 April 2018, 21:50:19 UTC |
| cb8c413 | André Martins | 11 April 2018, 11:40:18 UTC | pkg/node: fix nil pointer dereference [ upstream commit 7a733601f25665637e5a6d760d33bfcda0ae1dad ] If a node doesn't have any IPv6 address cilium can panic while trying to delete the IPv6 routes of that node. Signed-off-by: André Martins <andre@cilium.io> Reported-by: Markus Padourek <markus.padourek@gmail.com> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 11 April 2018, 21:50:19 UTC |
| d602827 | Romain Lenglet | 09 April 2018, 20:53:32 UTC | proxy: Create access log file and setup notifier at startup [ upstream commit 1024913b09ee4a76511e9f7028fdd5528b6df649 ] Move the access log file and notifier and metadata configuration at daemon startup instead of when creating the first redirect, so access logging is usable with sidecar proxies, for which Cilium doesn't create redirects. Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 11 April 2018, 02:12:46 UTC |
| ab265e9 | Eloy Coto | 10 April 2018, 11:09:54 UTC | Bugtool: Add gops output [ upstream commit 4fa2bcad0d1c92e12dffdf89513fb59aff915003 ] - Add gops output for cilium agent to know what happens to the agent in case of something wrong. Signed-off-by: Eloy Coto <eloy.coto@gmail.com> Signed-off-by: Thomas Graf <thomas@cilium.io> | 11 April 2018, 02:12:46 UTC |
| 999dfc4 | Thomas Graf | 10 April 2018, 07:41:48 UTC | agent: Provide non-blocking agent status [ upstream commit 56d43d548e721d1fed50fb55ed2c00e8b4f789b9 ] Signed-off-by: Thomas Graf <thomas@cilium.io> | 11 April 2018, 02:12:46 UTC |
| f2144f4 | Thomas Graf | 10 April 2018, 01:26:38 UTC | bpf: Remove connection tracking entries on policy deny [ upstream commit 9095ef8918e38645be1e8a94342d84ea1978306f ] Signed-off-by: Thomas Graf <thomas@cilium.io> | 11 April 2018, 02:12:46 UTC |
| 9017181 | Thomas Graf | 10 April 2018, 01:48:13 UTC | policy: Remove connection tracking cleanup on policy change [ upstream commit 4d8b510195807cf5a4c5e1f81c3b182a4a3c58f6 ] Signed-off-by: Thomas Graf <thomas@cilium.io> | 11 April 2018, 02:12:46 UTC |
| d6bead6 | Joe Stringer | 09 April 2018, 21:46:03 UTC | policy: Log errors inserting CIDR entries [ upstream commit 51fdcf01048a439b335c671a25db4954d7e20557 ] Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 11 April 2018, 02:12:46 UTC |
| e10e079 | Joe Stringer | 09 April 2018, 22:19:37 UTC | cidrmap: Allow insert of any length of CIDR [ upstream commit 3ce8067d1b0fa810d3b2690efb2bde2e20cff78c ] Previously, when attempting to insert CIDRs that differ in length from the maximum prefix length of the protocol type (32 for IPv4, 128 for IPv6), we could end up rejecting the CIDR. Tweak it so that it will accept different CIDR lengths unless the CIDRMap is created without dynamic prefix length (The special XDP prefilter case). Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 11 April 2018, 02:12:46 UTC |
| c1be0f8 | Thomas Graf | 09 April 2018, 22:39:00 UTC | policy: Do not make initial endpoint DROP_ALL mode dependent on policy option [ upstream commit b35644e0d05c74b0cc6697f3b5680b666aab4991 ] The current code only puts a DROP_ALL in place if the endpoint has ingress or egress policy enforcement enabled. This option is derived based on policies which select the endpoint so the option is likely still disabled at the time we determine this for the first time. This leaves the endpoint unprotected until the labels have been derived and thus policy could have been inspected to affect the ingress/egress policy enforcement bits. Signed-off-by: Thomas Graf <thomas@cilium.io> | 11 April 2018, 02:12:46 UTC |
| 71a537f | Thomas Graf | 09 April 2018, 21:26:05 UTC | bpf: Remove proxy_port from conntrack table [ upstream commit 8152d64a1bdf49b3476cc141f1895cf87e3f0c11 ] It is no longer required as the policy map is used to derived the proxy port and the reverse translation occurs via proxymap. Signed-off-by: Thomas Graf <thomas@cilium.io> | 11 April 2018, 02:12:46 UTC |
| b2e7426 | Thomas Graf | 09 April 2018, 21:36:05 UTC | policy: Remove logic to reset proxy port [ upstream commit ca1f1fe757f03e5f3791cd0553fd65196fd635ce ] Since commit 52a948c40 ("bpf: Derive proxy_port from policy rather than CT"), the proxy port is always derived from the policy table. This makes it unnecessary to clean up the proxy_port in the connection tracking table and all of the logic can be removed. Signed-off-by: Thomas Graf <thomas@cilium.io> | 11 April 2018, 02:12:46 UTC |
| 78648e6 | Michal Rostecki | 09 April 2018, 09:36:44 UTC | daemon/endpoint: Handle DeleteElement error properly [ upstream commit 0b19157050c95049bc23e9ca55936002d064b615 ] Error from lxcmap.DeleteElement should be added to the slice of errors, not override it. Signed-off-by: Michal Rostecki <mrostecki@suse.com> Signed-off-by: Thomas Graf <thomas@cilium.io> | 11 April 2018, 02:12:46 UTC |
