Skip to main content

Browse the archive

https://github.com/cilium/cilium
12 July 2024, 03:14:21 UTC
sort by:
Revision Author Date Message Commit Date
228c4e5 Thomas Graf 08 June 2018, 22:30:36 UTC Prepare for 1.0.4 release Signed-off-by: Thomas Graf <thomas@cilium.io> 08 June 2018, 22:34:01 UTC
1a1a6a5 ashwinp 01 June 2018, 21:51:31 UTC GH-4339 Add k8s label source in GetPolicyLabels [ upstream commit 41a03c1dba41ab20bed154df71a47cd6c0b1daf3 ] Signed-off-by: ashwinp <ashwin@covalent.io> Signed-off-by: John Fastabend <john.fastabend@gmail.com> 08 June 2018, 22:17:22 UTC
3e034f0 Thomas Graf 30 May 2018, 23:29:12 UTC identity: Resolve unknown identity to label reserved:unknown [ upstream commit a1629015283a12f7c27359ee3c7ad4677fd2c543 ] ``` $ cilium identity get 0 ID LABELS 0 reserved:unknown ``` Fixes: #4296 Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: John Fastabend <john.fastabend@gmail.com> 08 June 2018, 22:17:22 UTC
23a17e7 Thomas Graf 30 May 2018, 18:00:26 UTC identity: Ignore nil identity when generating IdentityCache [ upstream commit b4740f994237b122a1d809a50839fbe0cfb1a115 ] Fixes: #4213 Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: John Fastabend <john.fastabend@gmail.com> 08 June 2018, 22:17:22 UTC
ba851a0 Steven Ceuppens 25 May 2018, 09:05:10 UTC Add "docker info" output to bugtool [ upstream commit 3a8c7999f0b0436102b7a6534c1fc8707a30b09f ] Fixes: #3990 Signed-Off-By: Steven Ceuppens <steven.ceuppens@icloud.com> Signed-off-by: John Fastabend <john.fastabend@gmail.com> 08 June 2018, 22:17:22 UTC
8556733 Jarno Rajahalme 24 May 2018, 21:07:08 UTC init.sh: Use 'ip route replace' instead of 'ip route add' [ upstream commit bfd55b2c45611edac2903a21021a343f1f327734 ] Since we no longer delete the old cilium_host/cilium_net veth pair if they already exist, 'ip route add' will complain of existing routes. Fix this by using 'ip route replace' instead. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: John Fastabend <john.fastabend@gmail.com> 08 June 2018, 22:17:22 UTC
07b9c46 Ian Vernon 24 May 2018, 02:35:55 UTC daemon: trigger policy updates upon daemon configuration update [ upstream commit 659d5acfa8c54f1257d3d57ab8d5732109ee1cca ] Daemon configuration directly affects endpoint programs; trigger= policy updates accordingly. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: John Fastabend <john.fastabend@gmail.com> 08 June 2018, 22:17:22 UTC
371ca55 Ian Vernon 24 May 2018, 01:54:12 UTC pkg/endpointmanager: always regenerate if policy forcibly computed [ upstream commit 3b9b744a5fc0e4f8b7d95d28017665c81b4d6c3f ] Regardless of if there is no change in the computed policy for an endpoint, still try to regenerate it. Previously, only a difference in the endpoint's policy and configuration, not the agent's configuration, resulted in an endpoint regeneration, which was incorrect. This is because if there is a change in the configuration of the cilium-agent, a regeneration of endpoints may still be required, beacuse the endpoint's program is compiled not only with its headerfile (lxc_config.h), but the agent's headerfile (node_config.h) as well. Thus, checking only the result of pkg/endpoint/policy.go:regeneratePolicy` is not sufficient for determining whether an endpoint's program should be rebuilt. Signed-off-by: Ian Vernon <ian@cilium.io> Signed-off-by: John Fastabend <john.fastabend@gmail.com> 08 June 2018, 22:17:22 UTC
7e40d8f Nirmoy Das 23 May 2018, 21:21:20 UTC cilium status: fix --brief to print less when cilium isn't running [ upstream commit 444062a596ef2a9097d30f0416762c3812d7fcc9 ] Fixes: #2880 Signed-off-by: Nirmoy Das <ndas@suse.de> Signed-off-by: John Fastabend <john.fastabend@gmail.com> 08 June 2018, 22:17:22 UTC
b54c90e André Martins 23 May 2018, 10:39:16 UTC test: download exact k8s version of k8s upstream e2e [ upstream commit a7ff13572305b392a5a18f7dc8b04dce4c263a52 ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: John Fastabend <john.fastabend@gmail.com> 08 June 2018, 22:17:22 UTC
6392b2e Jarno Rajahalme 24 May 2018, 00:02:37 UTC bpf: Only create veth pair if it does not already exist. [ upstream commit 3edbdbed185147388fc646eabdbfcc2395d08f6e ] Deleting and re-creating a veth pair will pick up new MAC addresses and interface indices, avoid that by figuring out if the veth pair already exists. This fixes a frequest CI issue, but also hides underlying problems relating to endpoint bpf regeneration on daemon config changes or restarts. New GH issues are opened to keep track of those. Fixes: #4198 Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: John Fastabend <john.fastabend@gmail.com> 08 June 2018, 22:17:22 UTC
c3d29c3 André Martins 21 May 2018, 22:22:19 UTC test: update k8s versions to 1.7.15, 1.8.13, 1.9.8, 1.10.3 and 1.11.0-beta.0 [ upstream commit dfa50f88317bec8921092989316ffa3ad0e0cb99 ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: John Fastabend <john.fastabend@gmail.com> 08 June 2018, 22:17:22 UTC
f611e5c Ray Bejjani 25 May 2018, 16:20:49 UTC fixup: Remove incompatible example policy Signed-off-by: Ray Bejjani <ray@covalent.io> 28 May 2018, 13:55:53 UTC
7eeda2c Joe Stringer 25 March 2018, 23:25:18 UTC test: Don't gather logs in -holdEnvironment [ upstream commit 7283ead55132b4509cf79e0214cfc17dba132289 ] When developers are running a test repeatedly using `-cilium.holdEnvironment`, they typically do not need to gather logs because they are manually investigating the failure when it fails rather than after the failure. In such cases, disable log gathering since it's not used. This speeds up the iterative cycle for retrying a test. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 28 May 2018, 13:55:53 UTC
e0b0533 Arvind Soni 16 May 2018, 21:39:48 UTC Fix image formatting and simplifies app yaml [ upstream commit bf4794429f2e819af5353640589cf0319dc10904 ] Fixed the squished images Fixed the application yaml to not create deployments for client pods this avoids users to change the pod name while following instructions for e.g. xwing-ab57d becomes xwing and you won't have the random string Signed-off-by: Arvind Soni <arvindsoni@gmail.com> Signed-off-by: Ray Bejjani <ray@covalent.io> 28 May 2018, 13:55:53 UTC
fa5e97c Romain Lenglet 18 May 2018, 00:21:30 UTC xds: Match the client's version if higher than the server's [ upstream commit 595ba35a4f0683d861b44dd7b8e3d81b3c9edc74 ] When Cilium restarts but the xDS clients survive, they keep requesting the last version they had received from the previous Cilium instance. Handle this case by bumping the server's resource version to match the clients'. Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 28 May 2018, 13:55:53 UTC
6568566 ashwinp 18 May 2018, 01:56:09 UTC GH4164 Append rule labels while parsing api.Rule [ upstream commit ae39ed96f2821e30a2a6670ac1f2e5d838b73f52 ] - Fix the Bug - Add unit test to check for rule labels Fixes: #4164 Signed-off-by: ashwinp <ashwin@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 28 May 2018, 13:55:53 UTC
4fee7da Jarno Rajahalme 18 May 2018, 21:44:29 UTC bugtool: Add '-a' option to netstat. [ upstream commit c5b3378e4795f2df21640543a696ed376a008196 ] It is valuable to get both listening and non-listening sockets, rather than non-listening sockets only, for example to verify that proxy ports are listening. Add the '-a' option to 'netstat' to accomplish this. Signed-off-buy: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 28 May 2018, 13:55:53 UTC
ca6b754 Romain Lenglet 18 May 2018, 22:50:55 UTC ipcache: Create copies of NPHDS cache resources when deleting [ upstream commit 63b5cdfeee584928042b868f01776b240a577390 ] Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 28 May 2018, 13:55:53 UTC
63ce803 André Martins 21 May 2018, 14:21:44 UTC pkg/bpf: Use pointer receivers for MapKeys types [ upstream commit 659aea26230134920fa519da2a603bc636a07a13 ] bpf.MapValue interface function GetValuePtr() returns a pointer to a new temporary if the function receiver is a value rather than a pointer. endpoint, lxcmap, ipcache, and lbmap were also using value receivers for their implementations of MapValue interface. The problem with this is that any lookups would fail to return the actual value, as the bpf.LookupElement would write the value into a temporary unaccessible to the caller. No such lookups were performed, so this did not cause any problems in practice. Fix the implementations to prevent future problems. This fix is otherwise low risk, but it has happened earlier in development that GetValuePtr() implmentations were not fixed properly and a pointer to the pointer receiver was returned. This is not noticed by the compiler, and would result in garbage data being written to/read from the bpf maps. Fixes: e76192a27b (bpf: Refactor EndpointKey) Fixes: 888a179908 (pkg/maps: add BPF ipcache map) Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 28 May 2018, 13:55:53 UTC
4656989 André Martins 22 May 2018, 19:17:51 UTC docs: layout fixes in GSG [ upstream commit f4f8363a3fd0801580d728827917cf03da062049 ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 28 May 2018, 13:55:53 UTC
190f43a André Martins 21 May 2018, 19:09:25 UTC docs: remove duplicated cilium installation instructions from GSG [ upstream commit 3c9c780875dce962ae27bf2ae6920708ef88a1ae ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 28 May 2018, 13:55:53 UTC
1f4dcc1 André Martins 21 May 2018, 19:04:07 UTC docs: change minikube GSG to have necessary flags to run CNI [ upstream commit 5143fd129a8c9d13b2d55c80305e5d9771c5a875 ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 28 May 2018, 13:55:53 UTC
d9c6e7b Joe Stringer 21 May 2018, 21:33:29 UTC docs: Attempt to use RTD version for GH URLs [ upstream commit 88ad237600d32449c5c6d1f0a6103cf4e65bc415 ] ReadTheDocs (RTD) provides an environment variable `READTHEDOCS_VERSION` which describes the branch of documentation that is currently being built. We should use this branch to create URLs to GitHub resources such as kubernetes YAMLs for Cilium install. This will mean that, for instance, if we build the branch `v1.0` on RTD then it will point to the latest version of the docs that are present on that branch. There's some special cases - if we're building locally, then the environment variable will not be there, and also on RTD the `latest` branch name that it provides should point to our `master` branch. In these cases, use HEAD for generating the URLs. Fixes: #4183 Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 28 May 2018, 13:55:53 UTC
dcc4f78 Eloy Coto 22 May 2018, 13:18:47 UTC Test: Fix issues with Ginkgo Kubernetes Job [ upstream commit 4fac2855c1292c663399242815e332a99b092d28 ] Jenkins Kubernetes job does not have Cilium library loaded, so can't update the commit status. Signed-off-by: Eloy Coto <eloy.coto@gmail.com> Signed-off-by: Ray Bejjani <ray@covalent.io> 28 May 2018, 13:55:53 UTC
dd0a7b9 André Martins 21 May 2018, 19:33:25 UTC examples/policies: add missing policies from GSGs Signed-off-by: André Martins <andre@cilium.io> 23 May 2018, 10:11:27 UTC
4724f63 Shantanu Deshpande 17 May 2018, 07:04:51 UTC Misc fixes for kops installation guide [ upstream commit 9e9a475796e4ae02e63afdb2dda4b2e532274b47 ] Signed-off-by: Shantanu Deshpande <shantanud106@gmail.com> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 19 May 2018, 08:40:07 UTC
ee147eb Shantanu Deshpande 17 May 2018, 06:45:56 UTC Fixes 'any' reference target not found warning [ upstream commit 102d30fbc467b9591c2c4f6c73058b55fa0e338a ] Signed-off-by: Shantanu Deshpande <shantanud106@gmail.com> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 19 May 2018, 08:40:07 UTC
5819552 Shantanu Deshpande 17 May 2018, 06:41:55 UTC Add org to spellcheck wordlist [ upstream commit 04934a61c79f205a5cf6dd53feea6d1b9f0594ed ] Signed-off-by: Shantanu Deshpande <shantanud106@gmail.com> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 19 May 2018, 08:40:07 UTC
5fe05bf Tasdik Rahman 16 May 2018, 16:30:48 UTC docs: k8s: updating formatting [ upstream commit 4507c859884a52997edcb0db4db0156c883116f6 ] Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 19 May 2018, 08:40:07 UTC
192c7d6 Tasdik Rahman 16 May 2018, 12:49:47 UTC docs: k8s: updating docs for k8s v1.9, 1.10 and 1.11 support [ upstream commit 7b06be693b35d213dfa5a030146231f8e2ec6461 ] Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 19 May 2018, 08:40:07 UTC
1695a04 Ray Bejjani 11 May 2018, 15:03:31 UTC endpoint: Force regeneration when there are underlying errors [ upstream commit 9e960a1dc63cb987e2f3554ef6a241c38100079b ] A corner case exists where a datapath generation error is logged in endpoint.Status, but later calls to TriggerPolicyUpdates would no-op since the policy is "up-to-date". This will likely be fixed when we transition to desired/realised states. In the meantime, this change allows an endpoint to recover from transient failures. Signed-off-by: Ray Bejjani <ray@covalent.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 19 May 2018, 08:40:07 UTC
2b27f09 André Martins 16 May 2018, 11:26:57 UTC makefile: backported master's makefile Signed-off-by: André Martins <andre@cilium.io> 17 May 2018, 08:46:53 UTC
698038a André Martins 15 May 2018, 22:27:24 UTC jenkins: update all jenkins files Signed-off-by: André Martins <andre@cilium.io> 17 May 2018, 08:46:53 UTC
4854685 André Martins 15 May 2018, 22:19:24 UTC docs: update kubernetes generated files Signed-off-by: André Martins <andre@cilium.io> 17 May 2018, 08:46:53 UTC
8911ad9 André Martins 15 May 2018, 22:07:56 UTC docs: backported all document changes from master this will allow us to get rid of the doc-1.0 Signed-off-by: André Martins <andre@cilium.io> 17 May 2018, 08:46:53 UTC
a2ebe00 Thomas Graf 16 May 2018, 19:13:52 UTC Adjust NEWS after additional 1.0.3 backports Signed-off-by: Thomas Graf <thomas@cilium.io> 16 May 2018, 22:53:08 UTC
d19820b Ian Vernon 25 April 2018, 18:14:59 UTC pkg/policy/api: add basic HTTP Rule sanitization [ upstream commit 30d7c7db55837724c45f93454bc061b82af42486 ] Check whether the HTTP Path and Method are regular expressions per golang's regexp.Compile(). While Envoy uses ECMAScript for regular expression matching, which does not correspond fully to golang's regexp library's regular expression matching, it's best that we have at least some type of regular expression validation for now for fields requiring regular expressions in HTTP Rules. A future fix would be to validate against ECMAScript. See: http://en.cppreference.com/w/cpp/regex/ecmascript Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 16 May 2018, 22:12:03 UTC
2396cbd Joe Stringer 15 May 2018, 21:44:11 UTC bpf: Respond to all ARP requests [ upstream commit fdcf8cc40152eadb74494de0afd80bb8bd4475cd ] Previously, Cilium would only respond to ARP requests for the gateway IP address. However, in rare cases Cilium could change the gateway IP address upon restart, and this could cause connectivity disruption for existing containers. For instance, if a container has a link scope route for the old gateway G1, and the ARP entry times out, then Cilium is restarted, the new Cilium will install a BPF program that responds to requests for a new gateway G2. However, the endpoint does not have a link scope route for G2. It will ARP for G1, but the new BPF program will only respond to ARP requests for G2. Cilium will forward the ARP request to the Linux stack, but there's no G1 IP configured so Linux does not respond. As a result, the endpoint is stuck without the ability to send any traffic. We really only want to force the endpoint to send traffic through the veth device, and after that point we will route via L3 to the appropriate destination. So, if we respond to ARP requests for all IPs with the mac of the other side of the veth pair, then the endpoint will always see an ARP response for an IP, and it will send the traffic out the veth pair, after which point Cilium can route the traffic. This fixes an issue during Cilium restart where endpoints could lose connectivity and would not get back into a good state without being restarted. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 16 May 2018, 22:12:03 UTC
d5c9033 Ray Bejjani 15 May 2018, 16:45:59 UTC monitor: Fatal on critical errors instead of panic [ upstream commit 600202a60daab28740933d3dd085f6f8c9e490bd ] The monitor would throw a panic when the BPF perf ring buffer or the cilium-agent events pipe would return errors. This was causing our CI panic checkers to trigger. Switching to Fatal avoids the panic, but keeps it clear that this is a bad event. Fatal does a exit(1). Signed-off-by: Ray Bejjani <ray@covalent.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 16 May 2018, 22:12:03 UTC
4441b54 Ray Bejjani 15 May 2018, 19:34:20 UTC monitor: More correctly cancel contexts on exit [ upstream commit 552abd5d96d23939d3b6f90cd712416fa147211c ] We previously used a deferred cancel for the main coordination context. For some reason, the defer was deferred too much and we would see the agent pipe close before we cancel the context. This caused Fatal errors and was unseemly. Signed-off-by: Ray Bejjani <ray@covalent.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 16 May 2018, 22:12:03 UTC
a907aac Joe Stringer 14 May 2018, 22:32:08 UTC bpf: Fix failure handling in CreateMap [ upstream commit 250f7c043a17ee1e97ded71dc16232bf2122c51f ] When the Golang syscall returns an fd plus an error, it is possible for the fd to be negative (which indicates an error), along with a non-nil error. Previously, if the call returned a negative FD, then we would not treat this as an error, because we did the fd check first and returned it with no error if it was nonzero. Instead, check the error first and return an error if it is non-nil. This avoids the bad file descriptor being passed further down into the map pinning syscall, which would subsequently fail, but hiding the original problem. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 16 May 2018, 22:12:03 UTC
78874ee Thomas Graf 15 May 2018, 11:08:04 UTC agent: Fix panic when node.GetNodes() is empty [ upstream commit 53c30017616745b2b8956bc25c810c12aca18c70 ] Fix the following panic: ``` cilium-agent[16942]: panic: runtime error: invalid memory address or nil pointer dereference cilium-agent[16942]: [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x18ea5f9] cilium-agent[16942]: goroutine 217 [running]: cilium-agent[16942]: main.(*Daemon).getStatus(0xc4221faea0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...) cilium-agent[16942]: /home/vagrant/go/src/github.com/cilium/cilium/daemon/status.go:178 +0x3c9 cilium-agent[16942]: main.(*Daemon).collectStatus(0xc4221faea0) cilium-agent[16942]: /home/vagrant/go/src/github.com/cilium/cilium/daemon/status.go:111 +0x63 cilium-agent[16942]: created by main.(*Daemon).startStatusCollector cilium-agent[16942]: /home/vagrant/go/src/github.com/cilium/cilium/daemon/status.go:122 +0x3f ``` Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 16 May 2018, 22:12:03 UTC
83ebb79 Thomas Graf 15 May 2018, 15:04:09 UTC Prepare for 1.0.3 release Signed-off-by: Thomas Graf <thomas@cilium.io> 15 May 2018, 15:06:14 UTC
a49d03a Romain Lenglet 12 May 2018, 00:33:25 UTC k8s: Consistently check for namespace labels in endpoint selectors [ upstream commit ccd046cfbe139351bb6c596b4ccc87f485e3b7fc ] Some checks were only looking for the K8s namespace label in matchLabels, wheras others were looking in both matchLabels and matchExpressions. Make it consistent by doing only the latter. Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 15 May 2018, 14:33:53 UTC
deee256 Romain Lenglet 09 May 2018, 08:10:20 UTC controller: Skip StopFunc when stopping controller for update [ upstream commit 4ee0cd4b88e6a32349bac3bd94deb3047c070c2d ] Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 15 May 2018, 14:33:53 UTC
3b87922 Joe Stringer 11 May 2018, 22:52:18 UTC bpf: Ensure maps are restored on load failure [ upstream commit 318aa7a9551cacc239abd005f46aeb6e11036ea3 ] Previously, `set -e` at the top of these bash scripts prevented the second `cilium-map-migrate` from being invoked in error cases. This meant that the second `cilium-map-migrate` only ever saw error code 0, and the moved maps would remain as /sys/fs/bpf/tc/globals/foo:pending on the filesystem if the script failed. Fix this by dropping out of error mode briefly for the BPF load invocation, store the return code, then go back into error mode. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 15 May 2018, 14:33:53 UTC
6aebc15 Joe Stringer 11 May 2018, 21:36:40 UTC k8s: Bump CRD schema version. [ upstream commit 1fe51afd5b41e43f603ae3daab23521a4fae6529 ] In commit 54b8658b252a ("k8s: Support IPv6 addresses in CIDR policy"), the schema for validating CNP was updated, but the schema version was not bumped. As a result, during upgrade, the new schema validation resource is not updated in k8s, so the new schema does not apply. Bump the schema version to ensure that the new CRD validation is pushed on Cilium startup. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 15 May 2018, 14:33:53 UTC
27a6c26 Ray Bejjani 11 May 2018, 11:23:49 UTC controller: Cleanup global manager on UpdateController [ upstream commit 2bb129505b98f18d778102bcc6d79a223514315f ] We left controllers that are being replaced in the global list during UpdateController. The intent is to wholly replace the previous controller, and this includes in the global list (also then removing it's statistics). Signed-off-by: Ray Bejjani <ray@covalent.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 15 May 2018, 14:33:53 UTC
f094b86 Thomas Graf 11 May 2018, 15:51:30 UTC Prepare for 1.0.2 release Signed-off-by: Thomas Graf <thomas@cilium.io> 11 May 2018, 15:53:12 UTC
475d20b Joe Stringer 11 May 2018, 00:04:33 UTC k8s: CIDR: Format IPv6 CIDR regex [ upstream commit f335a3a678975b752a46c4e4eaadf7bbc11ed91c ] The precheck script complains if you don't consistently indent things, appease it even if it makes the regex harder to read. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> 11 May 2018, 15:18:53 UTC
72c4125 Joe Stringer 11 May 2018, 00:01:42 UTC k8s: CIDR: Disallow IPv4-mapped IPv6 addresses [ upstream commit 4c8a3944de8d7a229e2d1b2a782d69673d0151d3 ] Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> 11 May 2018, 15:18:53 UTC
888231e Joe Stringer 10 May 2018, 23:35:36 UTC k8s: CIDR: Expand v6 regex to make it more readable [ upstream commit 06eeec16fae354a0da65503207dcb02b141d2223 ] No functional changes. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> 11 May 2018, 15:18:53 UTC
8367aeb Joe Stringer 10 May 2018, 18:06:09 UTC docs: Describe downgrade impact of IPv6 CRD validation [ upstream commit dad044f7f62035e4284e6c9dc6e2b53ac5e07a94 ] Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> 11 May 2018, 15:18:53 UTC
11c8eec Joe Stringer 04 May 2018, 00:53:15 UTC k8s: Add CRD IP address validation unit tests [ upstream commit 2eeb203021a005fbf5b68fd460c3776f304a4212 ] Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> 11 May 2018, 15:18:53 UTC
e56d0d3 Joe Stringer 03 May 2018, 23:14:24 UTC k8s: Support IPv6 addresses in CIDR policy [ upstream commit 54b8658b252aca94216c5df53f18d352c1739a8d ] Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> 11 May 2018, 15:18:53 UTC
f1d0311 Ray Bejjani 02 May 2018, 16:13:02 UTC monitor: refactor globals into an object [ upstream commit d1e423e50f85e05b935d15b29354d1c0578deb47 ] We previously treated the package as the execution context. This made it difficult to enforce isolation between subcomponents. This changes restructures the code into an explicit Monitor class with a singleton instance. We also clean up how listeners are cleaned up, avoiding giving the listener handler goroutine direct access to the internals of Monitor. Signed-off-by: Ray Bejjani <ray@covalent.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> 11 May 2018, 15:18:53 UTC
104327c Ray Bejjani 02 May 2018, 13:29:17 UTC monitor: only read perf buffer on listener connect [ upstream commit e8bb880cf69a69fe1081a08b2981e4a906f7474a ] Reading the perf ring buffer seems to be a CPU intensive operation. We would read this data, then discard it, when no listeners were connected. node-monitor now only reads the perf buffer when ther is somewhere to send the data to. Signed-off-by: Ray Bejjani <ray@covalent.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> 11 May 2018, 15:18:53 UTC
5770caf Ray Bejjani 02 May 2018, 17:13:25 UTC monitor: pass payload objects by reference [ upstream commit 6f8e9339db143236f643e1dfa959a5258caaee51 ] The payload object was mostly used to move around a slice and some numbers. While harmless, it might be passed by value and that might cause slightly more garbage to be generated. Signed-off-by: Ray Bejjani <ray@covalent.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> 11 May 2018, 15:18:53 UTC
c3eb843 Maciej Kwiek 20 April 2018, 10:06:39 UTC Log monitor client disconnect nicely [ upstream commit 5298a98390e2d3febc7c6e8a51bb5366101b2b10 ] Logs indicated a problem every time `cilium monitor` cmd was terminated. Error is checked for being a broken pipe, if that's the case, only info log message is emitted. Signed-off-by: Maciej Kwiek <maciej@covalent.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> 11 May 2018, 15:18:53 UTC
dcc4b36 Ray Bejjani 03 May 2018, 20:17:41 UTC monitor: Don't spinloop on node-monitor crashes [ upstream commit 7c6923d7f0269eee1a06c3e15f58353cbfe8989c ] cilium-agent supervises node-monitor and normally blocks on reading its status output. This can go awry when node-monitor crashes on startup. This change ensures cilium-agent attempts to restart node-monitor after a 1 second delay. Signed-off-by: Ray Bejjani <ray@covalent.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> 11 May 2018, 15:18:53 UTC
930c82b Joe Stringer 10 May 2018, 19:47:01 UTC manifests: Pin bookinfo container image versions [ upstream commit c66a3c0ec50b8111c4e01f2ab292f545a7580c55 ] We rely on specific contents of images in the 'bookinfo' tests, in particular that the images contain the 'wget' binary. Pin the container image versions in the manifests file to ensure that the tests don't break because of upstream changes to the images. Signed-off-by: Joe Stringer <joe@covalent.io> 11 May 2018, 08:14:39 UTC
4d63321 Jarno Rajahalme 09 May 2018, 22:29:45 UTC proxy: Test if port is available before allocating it for a proxy. [ upstream commit c027245cf9dc08c59c75f440898516b68677c193 ] Try to listen on a port before handing it for a proxy to listen on, as the current code structure does not allow for re-allocation after a redirect has been created. This fixes problem of starting proxy listeners on ports that are already in use by some other processes (such as kube-proxy on port 10256). There still exists a small race window between checking the port and creating the new redirect on the port where some other process may bind the port. This can be onloy fixed by detecting the error case when it happens and reallocating a new port for the redirect. However, this fix will solve the problem in the typical case where the other processes listening on ports in the proxy-port range are already running when cilium starts. Fixes: #3991 Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Joe Stringer <joe@covalent.io> 11 May 2018, 08:14:39 UTC
a45faae Ian Vernon 09 May 2018, 22:05:18 UTC vagrant: configure journald to allow for large amounts of logs [ upstream commit a978b9752c2233aa7bd1a91449b15115242a3dc0 ] We have observed large gaps in time in Cilium logs in runtime tests. Configure journald rate limit interval and rate limit burst to allow for more logs so that if we hit an issue in Cilium, logs are not lost. Signed-off by: Ian Vernon <ian@cilium.io. Signed-off-by: Joe Stringer <joe@covalent.io> 11 May 2018, 08:14:39 UTC
8325e81 Joe Stringer 08 May 2018, 23:52:10 UTC k8sT/Services: Remove fetch http://details:9080/ [ upstream commit a202d639c857979ca3e512adbe3b04998c016a32 ] The details app doesn't provide a handler for "/", so remove the accesses of this URL. The test doesn't validate access for it anyway, so we can safely remove it without changing what the test validates. Signed-off-by: Joe Stringer <joe@covalent.io> 11 May 2018, 08:14:39 UTC
5944ab7 Joe Stringer 08 May 2018, 23:49:36 UTC k8sT/Services: Fix URL for bookinfo tests [ upstream commit 4447b9c5b2ca228159f5d1b5841edff88377ebf3 ] The ratings service never seemed to serve anything other than a 404 on the "/" path. Fix it so that we are attempting to reach paths that serve a real page. Fixes: #4042 Signed-off-by: Joe Stringer <joe@covalent.io> 11 May 2018, 08:14:39 UTC
511d846 Ian Vernon 08 May 2018, 03:45:29 UTC test/k8sT: do not set Debug=False during tests [ upstream commit 1fdee71eefe21a67dbefb5334eee1224a0f8ba84 ] We want debug logs in the K8s CI, so do not set Debug=False. This also relates to GH-4014, as it will alleviate the issue there, but does not actually fix the issue, which can be dealt with separately. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Joe Stringer <joe@covalent.io> 11 May 2018, 08:14:39 UTC
ade5f50 Shantanu Deshpande 07 May 2018, 06:54:18 UTC Fix weird indentation for rules [ upstream commit b58fb30e2af13fad526ab6f5454798e82ffb49a9 ] Fixing weird indentation rules in cilium endpoint get command Signed-off-by: Shantanu Deshpande <shantanud106@gmail.com> Signed-off-by: Joe Stringer <joe@covalent.io> 11 May 2018, 08:14:39 UTC
88fd939 Eloy Coto 04 May 2018, 07:37:37 UTC Test/K8s: Added debug logs in cilium DS [ upstream commit a16d702aec005098b49883c35059755f59cb9a5a ] Added ciliumDS in cilium daemonsets Fix #4001 Signed-off-by: Eloy Coto <eloy.coto@gmail.com> Signed-off-by: Joe Stringer <joe@covalent.io> 11 May 2018, 08:14:39 UTC
3a451bc Ray Bejjani 30 April 2018, 14:36:22 UTC test: Star Wars demo checks HTTP status in stdout [ upstream commit 005cb21e40cf260c4da03f31f833a52db3915f4f ] The test previously used CombineOutput to check for the HTTP code. This allows the HTTP response body to also satisfy the contains constraint. Thsi was undesirable and we now use just the stdout output. Signed-off-by: Ray Bejjani <ray@covalent.io> 05 May 2018, 12:09:25 UTC
0d09d25 Ray Bejjani 01 May 2018, 09:03:22 UTC test: Switch Kafka runtime test to use CombineOutput [ upstream commit 643d4f3a091ec5e4fc581d1fab2d32a37048f565 ] We corrected a bug when using CmdRes.Output and this kafka test needs the combined output now. Signed-off-by: Ray Bejjani <ray@covalent.io> 05 May 2018, 12:09:25 UTC
8e092db Ray Bejjani 30 April 2018, 14:34:52 UTC test: CmdRes.CombineOutput does not clobber stdout [ upstream commit 88f467fa0971d77eade0e7a42c2bc904cdee90eb ] CombineOutput accidentally reused stdout as the output buffer. This meant that stderr would, depending on call order, show up in the stdout output returned by getStdOut calls. Signed-off-by: Ray Bejjani <ray@covalent.io> 05 May 2018, 12:09:25 UTC
df91628 Eloy Coto 03 May 2018, 08:10:29 UTC Bugtool: Fix gops commands [ upstream commit 51e865530ab2c7c7bd0a202cf358e8a363fefbbd ] Due the changes made in `4fa2bcad0d1c92e12dffdf89513fb59aff915003` bugtool cannot retrieve gops stacks correctly. The main issue is that bugtool use `os.exec` and never pass that information to bash, so the output of gops stack was not correct. More info in #3981 With this change all commands run on bash, so parameters can be retrieved without issues. Fix #3981 Signed-off-by: Eloy Coto <eloy.coto@gmail.com> Signed-off-by: Ray Bejjani <ray@covalent.io> 05 May 2018, 12:09:25 UTC
f98dd09 Joe Stringer 27 April 2018, 21:17:05 UTC daemon: Check if device exists on endpoint restore [ upstream commit baefa4b9bc500224466895ac5aad597539d8b830 ] During endpoint restore, check whether the relevant device exists before attempting to restore, and skip it if the device isn't found. There's no point attempting to restore an endpoint if the corresponding device isn't there. Fixes: #3935 Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 05 May 2018, 12:09:25 UTC
73a30b3 Ray Bejjani 01 May 2018, 16:49:49 UTC docs: Correct RBAC urls in upgrade guide [ upstream commit 346d33b98be338c84a6c4ecc3178fa03b9acd1da ] These were renamed to have the cilium- prefixes but the link was not updated, apparently. Signed-off-by: Ray Bejjani <ray@covalent.io> 02 May 2018, 17:19:37 UTC
4f41dcd Manali Bhutiyani 30 April 2018, 20:18:52 UTC endpoint: Remove endpoint state directories left behind after build failure Failed regeneration files `XXXXX_next_fail` may stick around after regeneration. We are correctly deleting these files on regeneration, but not on deletion of endpoint. This commit deletes the endpoint XXX_next_fail files on endpoint deletion. [ upstream commit 79f48d8b6e2d5c4703c91dc0980b0ea5454445a0 ] Fixes: #3494 Fixes: #3175 Signed-Off-By: Manali Bhutiyani <manali@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 02 May 2018, 17:19:37 UTC
7407909 Jarno Rajahalme 30 April 2018, 17:52:50 UTC ctmap: Make GC bpf map dumps more robust. [ upstream commit c9bff58f6716b82ae89edb10a69639c375bcf97d ] Continue bpf CT map GC iteration from last known found element if the current element cannot be found. Start again from the beginning otherwise, but limit overall lookups to maximum number of elements in the map. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 02 May 2018, 17:19:37 UTC
1e399ef Jarno Rajahalme 27 April 2018, 17:44:28 UTC docs: Fix ginkgo command line. [ upstream commit 82c462e4840572ed874c190b7c5e3c6d9b5d7e70 ] Ginkgo needs the '-v' option to actually show the test names in the dry run mode. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 02 May 2018, 17:19:37 UTC
61e157b Thomas Graf 28 April 2018, 10:29:45 UTC Prepare for 1.0.1 release Signed-off-by: Thomas Graf <thomas@cilium.io> 30 April 2018, 21:55:54 UTC
ea038a9 Amey Bhide 12 April 2018, 00:50:42 UTC Adds flag to clean up cilium state before startup [ upstream commit 38ba456dff36f041d586c0dc9f03f7a1362f84f8 ] Signed-off-by: Amey Bhide <amey@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 30 April 2018, 21:22:29 UTC
36c895a Jarno Rajahalme 27 April 2018, 17:46:26 UTC policy: Do not enable DROP_ALL mode if not needed. [ upstream commit fb333388579c20a4ca9a6e286520b81f7701647c ] Do not enable DROP_ALL mode if it is known that the current policy enforcement mode and policy passes all traffic. This is true when: - Policy enforcement mode is "never" - Policy enforcement mode is "default" and no policy is loaded. This commit adds the exception for the second case. Fixes: #3933 Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 30 April 2018, 21:22:29 UTC
62eb1b0 Thomas Graf 27 April 2018, 17:27:55 UTC endpoint: Improve logging of endpoint lifecycle events [ upstream commit 12b6876da414a50308ecafa1932c0b9c2fbd7843 ] This commit introduces several info level log messages: New endpoint event: ``` msg="New endpoint" containerID=cilium-loc endpointID=29898 ipv4=10.11.242.54 ipv6="f00d::a0f:0:0:74ca" k8sPodName= policyRevision=0 ``` Removed endpoint event: ``` msg="Removed endpoint" containerID=03ed013784 endpointID=56326 ipv4=10.11.129.91 ipv6="f00d::a0f:0:0:dc06" k8sPodName= policyRevision=2 ``` BPF program generation: ``` msg="Regenerating BPF program" containerID=cilium-loc endpointID=29898 ipv4=10.11.242.54 ipv6="f00d::a0f:0:0:74ca" k8sPodName= policyRevision=0 msg="Regeneration of BPF program has completed" buildTime=2.32680802s containerID=cilium-loc endpointID=29898 ipv4=10.11.242.54 ipv6="f00d::a0f:0:0:74ca" k8sPodName= policyRevision=0 ``` Endpoint identity changes: ``` msg="Identity of endpoint has changed" containerID=cilium-loc endpointID=29898 identity=1261 identityLabels="reserved:health" ipv4=10.11.242.54 ipv6="f00d::a0f:0:0:74ca" k8sPodName= policyRevision=0 ``` Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 30 April 2018, 21:22:29 UTC
d133b17 Jarno Rajahalme 26 April 2018, 22:26:46 UTC maps: Use pointer receivers for MapValue types. [ upstream commit c19e930db4fd9c32ff11909c00f45ccb8f11c3d6 ] bpf.MapValue interface function GetValuePtr() returns a pointer to a new temporary if the function receiver is a value rather than a pointer. endpoint, lxcmap, ipcache, and lbmap were also using value receivers for their implementations of MapValue interface. The problem with this is that any lookups would fail to return the actual value, as the bpf.LookupElement would write the value into a temporary unaccessible to the caller. No such lookups were performed, so this did not cause any problems in practice. Fix the implementations to prevent future problems. This fix is otherwise low risk, but it has happened earlier in development that GetValuePtr() implmentations were not fixed properly and a pointer to the pointer receiver was returned. This is not noticed by the compiler, and would result in garbage data being written to/read from the bpf maps. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Maciej Kwiek <maciej.iai@gmail.com> 27 April 2018, 09:59:22 UTC
0d21846 Jarno Rajahalme 26 April 2018, 23:16:08 UTC daemon: Sync local IPs to lxcmap periodically. [ upstream commit 7fe082dfbd834aeb15add1e8d90707b4d3e832d8 ] LXCMap should not get out of sync, but there is some evidence that sometimes it does. Add a new controller to refresh the host entries in the lxcmap every 5 seconds, but only if they are not already there. No garbage collection of potentially stale host entries in the lxcmap is done. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Maciej Kwiek <maciej.iai@gmail.com> 27 April 2018, 09:59:22 UTC
921bcae Joe Stringer 26 April 2018, 02:53:57 UTC monitor: Fix IPv6 string formatting in CT messages [ upstream commit 7ccfaf9563f9c02d717339e005dff44b7eda8170 ] Previously: Conntrack lookup 1/2: src=[::303a366463]:0 dst=[::303a31623938]:32768 Now: Conntrack lookup 1/2: src=[::0:dc06]:0 dst=[::0:981b]:32768 Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Maciej Kwiek <maciej.iai@gmail.com> 26 April 2018, 16:15:31 UTC
e47fb9b Ray Bejjani 23 April 2018, 15:58:31 UTC doc: Add a section about CiliumEndpoint CRDs [ upstream commit 2ab1b52a8b03da2d6dcd535e2be78d2555fbc862 ] Signed-off-by: Ray Bejjani <ray@covalent.io> Signed-off-by: Maciej Kwiek <maciej.iai@gmail.com> 26 April 2018, 16:15:31 UTC
54227ac Ian Vernon 18 April 2018, 20:50:20 UTC Documentation: remove bash-test framework references [ upstream commit c14be592c54459848c334960c8bc657e53ccd031 ] Also do some minor fixups of grammatical errors, and some rewording to make sentences more clear. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Maciej Kwiek <maciej.iai@gmail.com> 26 April 2018, 16:15:31 UTC
0cd257b Thomas Graf 24 April 2018, 04:10:05 UTC Prepare 1.0.0 release Signed-off-by: Thomas Graf <thomas@cilium.io> 24 April 2018, 05:42:39 UTC
5d23ebd Romain Lenglet 23 April 2018, 21:15:34 UTC ipcache: Fix ipcache deletion of old identities on update [ upstream commit 50f0f7082f7059df1e395bf12a907c279672e04e ] Fix the scope of the cachedIdentity variable in ipIdentityWatcher. Make the agent crash in case an invalid IP-ID mapping is deleted. Fixes: https://github.com/cilium/cilium/issues/3825 Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Ian Vernon <ian@cilium.io> 24 April 2018, 04:03:32 UTC
86a2112 André Martins 11 April 2018, 12:45:21 UTC test: update k8s tests for 1.8, 1.9, 1.10 and 1.11 [ upstream commit d59189fdd9e3aac40e067a9d8afcd11b59a5ee88 ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> 24 April 2018, 04:03:32 UTC
0bbe9b6 Eloy Coto 20 April 2018, 07:06:48 UTC Test: Fix issues with Updates and Kube-dns [ upstream commit c01603b2450536d5f5c8215aebed9d00957b096a ] On `k8sT/Update.go` the system install a new cilium v1.0 image, but it does not wait for Kubedns to be ready, so time to time the kubedns was not ready at all. With this commit we make sure that the DNS is ready before applied any policy. Signed-off-by: Eloy Coto <eloy.coto@gmail.com> Signed-off-by: Ray Bejjani <ray@covalent.io> 24 April 2018, 00:05:41 UTC
8e0825a Romain Lenglet 19 April 2018, 22:58:31 UTC etcd: Clear the etcd status error when connectivity is OK [ upstream commit 5fb78adb81052b449834de960704ff017fbb950a ] Fixes: 9f9086e5c68aea7556dbec3b98a249ca7520863a Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 24 April 2018, 00:05:41 UTC
f43b949 Joe Stringer 06 April 2018, 00:46:17 UTC bpf: Fix default build config [ upstream commit c7b00124fb1ed598dc2607f950c995075a3beaa5 ] The policy prog array is indexed by LXC index, so it needs to be as big as the ENDPOINTS_MAP_SIZE. Fix it up in the node_config. This only affects developers that build the bpf/ directory then attempt to load BPF programs from it directly into the kernel without using the rest of Cilium to orchestrate. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 24 April 2018, 00:05:41 UTC
82b5b75 Joe Stringer 19 April 2018, 05:17:34 UTC bpf: Fix tracing message for egress policy [ upstream commit adc46707494ba108aef26d9e85dd56ee8290afee ] Previously, this would print the source and destination in the wrong order. Fix it up. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 24 April 2018, 00:05:41 UTC
e6befe1 Thomas Graf 22 April 2018, 17:23:54 UTC Prepare for 1.0.0-rc14 release Signed-off-by: Thomas Graf <thomas@cilium.io> 22 April 2018, 17:59:58 UTC
b4cb0ca Jarno Rajahalme 20 April 2018, 23:07:28 UTC envoy: Use distinct Stats stores for each instance of a xDS client. [ upstream commit 2110a64e4b51d1baef6efa21557621b11968cf21 ] Signed-off-by: Jarno Rajahalme <jarno@covalent.io> 22 April 2018, 04:45:20 UTC
2270bfe Jarno Rajahalme 20 April 2018, 23:07:28 UTC envoy: Minor cleanup. [ upstream commit 181fada8bbe3de78c40ce160b81c61c67cc47d92 ] Signed-off-by: Jarno Rajahalme <jarno@covalent.io> 22 April 2018, 04:45:20 UTC
2662716 Jarno Rajahalme 20 April 2018, 23:07:27 UTC envoy: Initialize thread local host map with an empty map. [ upstream commit 94be14c72260cde45d1b7a981bb3629e7d54d3f5 ] Initialize with an empty map instead of a nullptr to make it less likely that a null pointer is found when resolving. Due to worker threads possibly initializing later than the main thread it is still possible (at least in theory) that a worker thread resolves before initializing so we still check the value of the thread local pointer. Perform the null pointer check before dereferencing it, as libc++ assertions fail otherwise. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> 22 April 2018, 04:45:20 UTC
6b3f8cb Romain Lenglet 20 April 2018, 21:44:01 UTC npds: Don't wait for ACK from sidecar proxy with no L7 rules [ upstream commit 0118ac2c39df0070743107f89dc4e1f2e78678f5 ] Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> 22 April 2018, 04:45:20 UTC
21742ba Romain Lenglet 20 April 2018, 20:32:46 UTC npds: Don't update NetworkPolicy if none has been calculated [ upstream commit 553ba7163c96e4af595e21af7119c7866168f473 ] Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> 22 April 2018, 04:45:20 UTC
back to top