https://github.com/cilium/cilium
- HEAD
- refs/heads/1.2.7-hotfix1-fqdn-regen
- refs/heads/EndpointPolicyEnformcement
- refs/heads/all-scalability-improvements
- refs/heads/beta/service-mesh
- refs/heads/bpf-metrics
- refs/heads/brb/brb-patch-2
- refs/heads/cilium-envoy-crd-pre-beta
- refs/heads/cilium-no-gopath
- refs/heads/cli-upgrade-v1.12-ci-test
- refs/heads/clustermesh511-upgrade-test
- refs/heads/committers-codeowners
- refs/heads/debug
- refs/heads/dev/joe/v1.8-with-hostfw-fixes
- refs/heads/enable_cnp_latency
- refs/heads/encrypt-node-fixes
- refs/heads/ensure-macos-build-succeeds
- refs/heads/envoy-policy-precedence
- refs/heads/envoy-warnings-cleanup
- refs/heads/extension-mysql
- refs/heads/feature/cep-scalability
- refs/heads/feature/devices-and-addresses
- refs/heads/feature/devices-reconciliation-v1.16
- refs/heads/feature/main/svc-icmp-response
- refs/heads/feature/service-refactor
- refs/heads/feature/service-refactor-fresh
- refs/heads/feature/v1.11/beta-test
- refs/heads/feature/v1.11/k8s-ingress
- refs/heads/fix-iphealth
- refs/heads/fqdn-fixl3-wildcard
- refs/heads/fristonio/iptables-manager-fix
- refs/heads/ft/main/chancez/push-dev-charts
- refs/heads/ft/main/push_chart_stable_branches_fix
- refs/heads/ft/main/test_push_chart_updates
- refs/heads/gce-example
- refs/heads/gh-readonly-queue/main/pr-27509-78a5f177693fb443cd946441f45826bf7fa2437a
- refs/heads/ginkgo-better-timeout
- refs/heads/graduation
- refs/heads/hf/main/ipam-pools-build-230605
- refs/heads/hf/master/v1.12-rc2-health-dbg-v1
- refs/heads/hf/master/wg-fix-ipam-k8s-v2
- refs/heads/hf/v1.10/cls-prio2
- refs/heads/hf/v1.10/debug-taint-removal
- refs/heads/hf/v1.10/v1.10.10-with-19452
- refs/heads/hf/v1.10/v1.10.2-fix-ipsec-ep-routes
- refs/heads/hf/v1.10/v1.10.5-with-identity-leak-fix
- refs/heads/hf/v1.10/v1.10.7-additional-logs
- refs/heads/hf/v1.10/v1.10.7-exclude-local
- refs/heads/hf/v1.10/v1.10.7-exclude-loopback
- refs/heads/hf/v1.10/v1.10.7-extra-logs
- refs/heads/hf/v1.10/v1.10.7-more-logs
- refs/heads/hf/v1.10/v1.10.8-deadlock-and-complexity-fix
- refs/heads/hf/v1.10/v1.10.8-deadlock-fix
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v3
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v4
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v5
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v6
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v7
- refs/heads/hf/v1.11/1.11.4-custom-taint
- refs/heads/hf/v1.11/19247-custom-taint-key
- refs/heads/hf/v1.11/dbg-svc-restore
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak-eni-attach-and-logging
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak-eni-attachment
- refs/heads/hf/v1.11/v1.11.3-with-19259
- refs/heads/hf/v1.11/v1.11.4-custom-taint
- refs/heads/hf/v1.11/v1.11.5-and-19247-eed5544
- refs/heads/hf/v1.11/xdp-multidev-v1
- refs/heads/hf/v1.11/xdp-multidev-v2-ipcache-fix
- refs/heads/hf/v1.12/next-net-v1
- refs/heads/hf/v1.12/v1.12.18-994
- refs/heads/hf/v1.12/v1.12.3-debug-k8s-heartbeat
- refs/heads/hf/v1.12/v1.12.3-debug-k8s-heartbeat-v2
- refs/heads/hf/v1.13/bpf-sock-l7-fix
- refs/heads/hf/v1.13/v1.13.12-without-deny-precedence
- refs/heads/hf/v1.13/v1.13.14-without-deny-precedence
- refs/heads/hf/v1.13/v1.13.14-without-deny-precedence-debug
- refs/heads/hf/v1.13/v1.13.14-without-deny-precedence-with-xfrm-fix
- refs/heads/hf/v1.13/v1.13.2-with-24875
- refs/heads/hf/v1.13/v1.13.3-with-26242
- refs/heads/hf/v1.14/cidr-identity-refcnt-fix
- refs/heads/hf/v1.14/v1.14-with-27327
- refs/heads/hf/v1.7/v1.7.15-with-neighbor-fix
- refs/heads/hf/v1.7/v1.7.15-with-neighbor-fix-2
- refs/heads/hf/v1.8/v1.8.13-with-19452
- refs/heads/hf/v1.8/v1.8.6-eni-cidr-fix-1
- refs/heads/hf/v1.8/v1.8.6-eni-cidr-fix-15303
- refs/heads/hf/v1.8/v1.8.7-with-fqdn-underscore-fix
- refs/heads/hf/v1.8/v1.8.8-eni-cidr-fix-1
- refs/heads/hf/v1.8/v1.8.8-with-encrypt-fixes
- refs/heads/hf/v1.9/v1.9.8-azure-ipam-fix
- refs/heads/hf/v1.9/v1.9.9-azure-pod-egress-fix
- refs/heads/images/runtime/20210830
- refs/heads/ipc-demo
- refs/heads/ktls-tx-only
- refs/heads/ktls-tx-only-v2
- refs/heads/ktls-tx-rx
- refs/heads/ktls-tx-rx-v2
- refs/heads/ktls-tx-rx-v3
- refs/heads/ktls-tx-rx-v4
- refs/heads/ktls-tx-rx-v5
- refs/heads/ldelossa/feat/bgp-control-plane
- refs/heads/ldelossa/segment-makefiles
- refs/heads/ldelossa/segment-makefiles-v2
- refs/heads/ldelossa/srv6-encap-fib
- refs/heads/lizrice/pr/cli-confusion
- refs/heads/main
- refs/heads/multi-stack-dev-vm
- refs/heads/pr/1-9-ci-test
- refs/heads/pr/aanm-update-k8s-conformance
- refs/heads/pr/aanm/bisect
- refs/heads/pr/aanm/test-31027
- refs/heads/pr/add-controller-identity
- refs/heads/pr/aditighag/lrp-skip-lb
- refs/heads/pr/asauber/link-local-as-host
- refs/heads/pr/asauber/max-ifindex-metric
- refs/heads/pr/avoid-ct-for-dsr
- refs/heads/pr/backend-state
- refs/heads/pr/bbb-cpy
- refs/heads/pr/bimmlerd/modularize-bandwidth-manager
- refs/heads/pr/bimmlerd/v1.12-backport-quay-org-from-env
- refs/heads/pr/bounded-loops
- refs/heads/pr/bpf-based-masquerading
- refs/heads/pr/bpf-edt-proxy
- refs/heads/pr/brb/arping-nexthop
- refs/heads/pr/brb/arping-via-gw
- refs/heads/pr/brb/auto-multi-dev-v2
- refs/heads/pr/brb/backport-1.8.5-nat-gc
- refs/heads/pr/brb/bpf-host-routing-wg
- refs/heads/pr/brb/bpf-lxc-no-redirect
- refs/heads/pr/brb/bpf-masq-no-socket-lb
- refs/heads/pr/brb/bpf-masq-veth
- refs/heads/pr/brb/bpf-multihoming
- refs/heads/pr/brb/cgroup-v2-test
- refs/heads/pr/brb/check-errors-in-logs
- refs/heads/pr/brb/check-wg
- refs/heads/pr/brb/ci
- refs/heads/pr/brb/ci-1111
- refs/heads/pr/brb/ci-2
- refs/heads/pr/brb/ci-4.19
- refs/heads/pr/brb/ci-arping-flake
- refs/heads/pr/brb/ci-bigtcp
- refs/heads/pr/brb/ci-bpf-netdev-without-egress
- refs/heads/pr/brb/ci-cleanup-svc
- refs/heads/pr/brb/ci-dbg-conformance-kind
- refs/heads/pr/brb/ci-dbg-external
- refs/heads/pr/brb/ci-dbg-flake-from-outside
- refs/heads/pr/brb/ci-demo
- refs/heads/pr/brb/ci-disable-ces-for-egress-gw
- refs/heads/pr/brb/ci-dp-disable-bpf-host-routing
- refs/heads/pr/brb/ci-dp-hubble-flows
- refs/heads/pr/brb/ci-dp-more-diversity
- refs/heads/pr/brb/ci-dp-v1.13
- refs/heads/pr/brb/ci-dp-v6
- refs/heads/pr/brb/ci-dp-verifier
- refs/heads/pr/brb/ci-e2e-enable-debug-ipsec
- refs/heads/pr/brb/ci-e2e-geneve-dsr
- refs/heads/pr/brb/ci-e2e-helm-mode-v1.13
- refs/heads/pr/brb/ci-e2e-lvh-retry
- refs/heads/pr/brb/ci-e2e-more-nodes
- refs/heads/pr/brb/ci-e2e-new-cli
- refs/heads/pr/brb/ci-e2e-nft
- refs/heads/pr/brb/ci-e2e-unsafe
- refs/heads/pr/brb/ci-e2e-unsafe-v2
- refs/heads/pr/brb/ci-e2e-upgrade-tests
- refs/heads/pr/brb/ci-e2e-upgrade-tests-ipsec
- refs/heads/pr/brb/ci-early-terminate-conn-disrupt
- refs/heads/pr/brb/ci-eks-ipsec-upgrade
- refs/heads/pr/brb/ci-encrypt-l7
- refs/heads/pr/brb/ci-fix-ip-masq-dry-run
- refs/heads/pr/brb/ci-ipsec-upgrade-fix
- refs/heads/pr/brb/ci-ipsec-upgrade-missed-tail-calls
- refs/heads/pr/brb/ci-ipsec-upgrade-v1.13
- refs/heads/pr/brb/ci-ipsec-upgrade-vol2
- refs/heads/pr/brb/ci-keep-missed-tail-calls
- refs/heads/pr/brb/ci-l7-nodeport
- refs/heads/pr/brb/ci-lvh-4.19
- refs/heads/pr/brb/ci-lvh-5.4
- refs/heads/pr/brb/ci-lvh-5.4-v2
- refs/heads/pr/brb/ci-lvh-bpf-next
- refs/heads/pr/brb/ci-no-self-hosted
- refs/heads/pr/brb/ci-pass-kernel-env
- refs/heads/pr/brb/ci-prepull-l4lb
- refs/heads/pr/brb/ci-refactor-svc-suite
- refs/heads/pr/brb/ci-rm-smoke-tests
- refs/heads/pr/brb/ci-sanity
- refs/heads/pr/brb/ci-test
- refs/heads/pr/brb/ci-test-2
- refs/heads/pr/brb/ci-test-k8s-vsn-swap
- refs/heads/pr/brb/ci-test-large-runners
- refs/heads/pr/brb/ci-uffff
- refs/heads/pr/brb/ci-upgrade-vol-2
- refs/heads/pr/brb/ci-upgrade-vol-3
- refs/heads/pr/brb/ci-wg-mtu
- refs/heads/pr/brb/ci-wg-mtu-vol2
- refs/heads/pr/brb/cilium-host-v6-from-ipam
- refs/heads/pr/brb/cli-bump-test
- refs/heads/pr/brb/datapath-loop-dbg
- refs/heads/pr/brb/dbg-ci
- refs/heads/pr/brb/dbg-conformance-gke
- refs/heads/pr/brb/dbg-master-np-vxlan-ipcache-ci
- refs/heads/pr/brb/debug-nodeport-bpf-flake
- refs/heads/pr/brb/do-not-derive-pod-cidrs-from-dev
- refs/heads/pr/brb/do-not-query-dev-for-arping
- refs/heads/pr/brb/docs-clarify-egress-gw-ip-addr-dp
- refs/heads/pr/brb/drop-notify
- refs/heads/pr/brb/dsr
- refs/heads/pr/brb/dsr-v2
- refs/heads/pr/brb/dualstack-ci
- refs/heads/pr/brb/enable-ipv6-per-endpoint-routes
- refs/heads/pr/brb/enable-route-mtu-cni
- refs/heads/pr/brb/fib-lookup-src
- refs/heads/pr/brb/fix-backend-id-u32
- refs/heads/pr/brb/fix-ci-dp-deprecation-warn
- refs/heads/pr/brb/fix-clang-vsn-regexp
- refs/heads/pr/brb/fix-egress-ip-16147
- refs/heads/pr/brb/fix-external-ip-dp
- refs/heads/pr/brb/fix-maglev-del
- refs/heads/pr/brb/fix-nodeport-hostnetns
- refs/heads/pr/brb/fix-stale-dsr
- refs/heads/pr/brb/fix-svc-backend-selection
- refs/heads/pr/brb/fix-third-host
- refs/heads/pr/brb/gh-action-cgr
- refs/heads/pr/brb/gh-action-lvh
- refs/heads/pr/brb/gh-install-cli-backup
- refs/heads/pr/brb/ginkgo-kpr-strict
- refs/heads/pr/brb/ginkgo-rm-update-tests
- refs/heads/pr/brb/go-crazy
- refs/heads/pr/brb/hubble-tcp-ack-seq-no
- refs/heads/pr/brb/improve-svc-restore
- refs/heads/pr/brb/istio-getsockopt
- refs/heads/pr/brb/it-cannot-be-truth
- refs/heads/pr/brb/kpr-svc-mesh
- refs/heads/pr/brb/kubeproxy-free-ci
- refs/heads/pr/brb/l7-np-bpf
- refs/heads/pr/brb/l7-rerevert
- refs/heads/pr/brb/lets-be-friends-with-ipsec
- refs/heads/pr/brb/lvh-kind-127
- refs/heads/pr/brb/lvh-kind-ipsec-upgrade
- refs/heads/pr/brb/meyskens/auth-ep-gc-locks
- refs/heads/pr/brb/multi-network
- refs/heads/pr/brb/no-cache-snat
- refs/heads/pr/brb/no-rev-nat-bpf-lxc-ingress
- refs/heads/pr/brb/node-id-per-fam
- refs/heads/pr/brb/nodeport-xlr-flag
- refs/heads/pr/brb/perf-wg
- refs/heads/pr/brb/pin-lvh
- refs/heads/pr/brb/push-ci-charts
- refs/heads/pr/brb/pwru
- refs/heads/pr/brb/rm-arping-l2-addr-check
- refs/heads/pr/brb/rm-no-redirect
- refs/heads/pr/brb/rm-np-deadcode
- refs/heads/pr/brb/rm-partial-host-svc
- refs/heads/pr/brb/rm-test-gke
- refs/heads/pr/brb/test-bpf-masq
- refs/heads/pr/brb/test-ci-e2e
- refs/heads/pr/brb/test-ci-e2e-v1.13
- refs/heads/pr/brb/test-kind
- refs/heads/pr/brb/third-host-more-pain
- refs/heads/pr/brb/timing-l4lb-gh-action
- refs/heads/pr/brb/triage-flake-v2
- refs/heads/pr/brb/triage-lb-flake
- refs/heads/pr/brb/unquarantine-svc
- refs/heads/pr/brb/v1.10-istio-snat
- refs/heads/pr/brb/v1.12-ci-e2e
- refs/heads/pr/brb/v1.12-ci-ipsec-upgrade
- refs/heads/pr/brb/v1.12-test-ipsec-upgrade
- refs/heads/pr/brb/v1.13-ci-e2e
- refs/heads/pr/brb/v1.13-remote-np
- refs/heads/pr/brb/v1.13-upgrade-fixes
- refs/heads/pr/brb/v1.14-ci-e2e-upgrade
- refs/heads/pr/brb/v1.14-drop-notify
- refs/heads/pr/brb/v1.15-enable-route-mtu-cni
- refs/heads/pr/brb/v1.6.9-iptables-W
- refs/heads/pr/brb/v1.8-fix-icmp-port-check
- refs/heads/pr/brb/wg-duplicate-node-ip
- refs/heads/pr/brb/wg-encrypt-node-test
- refs/heads/pr/brb/wg-hack
- refs/heads/pr/brb/wg-ipam-fix
- refs/heads/pr/brb/wg-kpr
- refs/heads/pr/brb/wg-test
- refs/heads/pr/brb/wip
- refs/heads/pr/brb/wip-ci
- refs/heads/pr/brb/wip-sync-policy-map
- refs/heads/pr/brb/xdp-egress-gw
- refs/heads/pr/brb/xdp-multidev-with-bpf-multihoming
- refs/heads/pr/brb/xdp-multidev-with-bpf-multihoming-v2
- refs/heads/pr/bruno/sleepy-pawn
- refs/heads/pr/bugtool-systemd
- refs/heads/pr/bwm-base2
- refs/heads/pr/bwm-fq
- refs/heads/pr/bwm-priority
- refs/heads/pr/chancez/add_hubble_l7_dashboard_prometheus_example
- refs/heads/pr/chancez/fix_websocket_l7_policies
- refs/heads/pr/chancez/flow_filter_namespace
- refs/heads/pr/chancez/hubble_metrics_tls_docs
- refs/heads/pr/chancez/hubble_plus_plus
- refs/heads/pr/chancez/static_peers_hubble_relay
- refs/heads/pr/christarazi/controlplane-fqdn
- refs/heads/pr/christarazi/ipcache-async-cep-pods-namedports
- refs/heads/pr/christarazi/prep-from-cidr-tests
- refs/heads/pr/ci-k8s-1.30
- refs/heads/pr/datapath-opt
- refs/heads/pr/dbkm/nodeport-lb
- refs/heads/pr/debug-dns-timeout
- refs/heads/pr/eproutes-redir
- refs/heads/pr/example/neigh-state-manager
- refs/heads/pr/fastdp
- refs/heads/pr/fastdp2
- refs/heads/pr/feroz/allow-sbom-read
- refs/heads/pr/feroz/set-container-scan-failure-flag
- refs/heads/pr/fib-consolidation
- refs/heads/pr/fix-aks-workflow
- refs/heads/pr/fix-k8s-all-sha1
- refs/heads/pr/fix-net-next-1.16
- refs/heads/pr/fix-pod-pacing
- refs/heads/pr/fix-tail-call-replace
- refs/heads/pr/fristonio/feat-19038
- refs/heads/pr/fristonio/fix-istio-k8sT
- refs/heads/pr/fristonio/ipv6-masquerading
- refs/heads/pr/fristonio/test-dual-stack
- refs/heads/pr/fristonio/test-ipv6-dualstack
- refs/heads/pr/gandro+brb/fix-monitor-aggregation-np-v2
- refs/heads/pr/gandro+brb/mv-trace-point-to-rev-nodeport
- refs/heads/pr/gandro+brb/wg-host-encryption-v3
- refs/heads/pr/gandro+brb/wg-host2host
- refs/heads/pr/gandro+brb/wg-host2host-kind
- refs/heads/pr/gandro/bump-hubble-2020-03-25
- refs/heads/pr/gandro/ci-conformance-multicluster-fix-log-gathering
- refs/heads/pr/gandro/ci-delete-crds-in-cleanupcomponents
- refs/heads/pr/gandro/ci-fix-status-if-workflows-are-skipped
- refs/heads/pr/gandro/ci-wait-for-all-relevant-images-do-not-merge-test
- refs/heads/pr/gandro/enable-hubble-by-default
- refs/heads/pr/gandro/portmap-refcount
- refs/heads/pr/gandro/re-enable-wireguard-in-multicluster-ci
- refs/heads/pr/gandro/svc-healthchecknodeport
- refs/heads/pr/gc-on-svc-update
- refs/heads/pr/getname-hooks
- refs/heads/pr/giorio94/1.14/test-cilium-cli-2184
- refs/heads/pr/giorio94/main/cluster-name-validation-strict
- refs/heads/pr/giorio94/main/clustermesh-deprecated-cleanup
- refs/heads/pr/giorio94/main/gha-cl2-agents-pprof
- refs/heads/pr/giorio94/main/gha-cl2-compress-agent-pprofs
- refs/heads/pr/giorio94/main/gha-cluster-name
- refs/heads/pr/giorio94/main/gha-conformance-clustermesh-lb
- refs/heads/pr/giorio94/main/test-cilium-cli-2184
- refs/heads/pr/giorio94/main/tests-clustermesh-upgrade-interrupted
- refs/heads/pr/gray/30837-with-pwru
- refs/heads/pr/gray/main/connectivity-wg-proxy-nodeport
- refs/heads/pr/gray/main/decouple-ipsec-gh-actions
- refs/heads/pr/gray/main/egress-proxy-ipsec-fix2
- refs/heads/pr/gray/main/fix-leak-detection-race
- refs/heads/pr/gray/main/xfrm-delete-flake
- refs/heads/pr/gray/main/xfrm-delete-flake2
- refs/heads/pr/gray/pwru-action
- refs/heads/pr/gray/v1.15/decouple-ipsec-gh-actions
- refs/heads/pr/health
- refs/heads/pr/health-data-path
- refs/heads/pr/hubble-tls-cert-gen-via-k8s-job
- refs/heads/pr/ianvernon/kvstore-client-type
- refs/heads/pr/ianvernon/kvstore-context
- refs/heads/pr/ianvernon/more-endpoint-cleanup
- refs/heads/pr/ianvernon/resolve-cidr-policy-perf-improvement
- refs/heads/pr/increase-verifier-test-build-timeout
- refs/heads/pr/ipip
- refs/heads/pr/ipip-encap
- refs/heads/pr/ipip-encap2
- refs/heads/pr/ipip2
- refs/heads/pr/ipip4
- refs/heads/pr/ipip6
- refs/heads/pr/jibi/differentiate-udp-tcp-svcs-take-4
- refs/heads/pr/jibi/fix-differentiate-udp-tcp-svc-upgrade
- refs/heads/pr/jibi/ip-list-contains-addr
- refs/heads/pr/joamaki/gather-network-info
- refs/heads/pr/joamaki/idless-service-restapi
- refs/heads/pr/joe/ariane-scheduled-cilium-only
- refs/heads/pr/joe/backport-28007-1.11
- refs/heads/pr/joe/bump-ginkgo-seed
- refs/heads/pr/joe/docker-build-log-tracing
- refs/heads/pr/joe/ipcache-cidr-policy
- refs/heads/pr/joe/lost-identity
- refs/heads/pr/joe/policymap-format-test
- refs/heads/pr/joe/ready-to-merge
- refs/heads/pr/joe/release-codeowners
- refs/heads/pr/joe/sw-quay
- refs/heads/pr/joe/test-labeler
- refs/heads/pr/joe/test-lvh-fix
- refs/heads/pr/joe/v1.13-stability-check
- refs/heads/pr/joe/v1.7-dev-env
- refs/heads/pr/jrajahalme/gh-filter-test-files
- refs/heads/pr/jrfastab/backport-ooo-ipsec-fixes
- refs/heads/pr/jrfastab/backport-v111-loopback
- refs/heads/pr/jrfastab/backport-v115
- refs/heads/pr/jrfastab/dbgNodeId
- refs/heads/pr/jrfastab/dbgNodeId111
- refs/heads/pr/jrfastab/dbgNodeId111v2
- refs/heads/pr/jrfastab/dbgv114
- refs/heads/pr/jrfastab/eks-encrypt-ipamupdate
- refs/heads/pr/jrfastab/fix-encrypt-subnets
- refs/heads/pr/jrfastab/fix-ixsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/fixes-ipsec-init
- refs/heads/pr/jrfastab/v1.8-fix-ipsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/v1.9-fix-ipsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/v111-debug-ooo
- refs/heads/pr/jrfastab/v111-debug-ooo-v2
- refs/heads/pr/jwi/main/ipsec-rhel8
- refs/heads/pr/jwi/v1.14/ci-ipsec
- refs/heads/pr/jwi/v1.15/bpf-complexity
- refs/heads/pr/jwi/v1.15/ci-ipsec
- refs/heads/pr/k8s-nat46x64
- refs/heads/pr/k8s-nat46x64-2
- refs/heads/pr/kaworu/helm-hubble-cli.yaml
- refs/heads/pr/kkourt/azure-ipam-test-race
- refs/heads/pr/kkourt/bpftool-update
- refs/heads/pr/kkourt/ct-rst-timeout-wip
- refs/heads/pr/kkourt/v1.11-backport-2022-01-26
- refs/heads/pr/kkourt/v1.9-lxc-complexity
- refs/heads/pr/l4lb-improvements-tmp
- refs/heads/pr/learnitall/ginkgo-race-workflow
- refs/heads/pr/learnitall/test-startup-script-changes
- refs/heads/pr/lmb/1.14-cni
- refs/heads/pr/lmb/1.15-cni
- refs/heads/pr/lmb/update-cni-plugin
- refs/heads/pr/marga/v1.11-without-deny-precedence
- refs/heads/pr/marseel/scale_test_1_15
- refs/heads/pr/max/upgrade-llvm-18-1-6
- refs/heads/pr/mhofstetter/guestbook-registry
- refs/heads/pr/mhofstetter/junit-fetch-nullglob
- refs/heads/pr/mhofstetter/ssh-store-consolelog
- refs/heads/pr/mhofstetter/test-ingress
- refs/heads/pr/michi/circular-struggle
- refs/heads/pr/michi/clustermesh
- refs/heads/pr/michi/crdregister
- refs/heads/pr/michi/debug
- refs/heads/pr/michi/description
- refs/heads/pr/michi/dns-refactor12
- refs/heads/pr/michi/ipsec-workflows
- refs/heads/pr/michi/l7drop
- refs/heads/pr/michi/majestic-ketchup
- refs/heads/pr/michi/mega-ketchup
- refs/heads/pr/michi/peerapi
- refs/heads/pr/michi/rest
- refs/heads/pr/michi/scaletest
- refs/heads/pr/michi/sleep-on-it
- refs/heads/pr/michi/test
- refs/heads/pr/michi/weekly-bot
- refs/heads/pr/monitor-wait-ci
- refs/heads/pr/move-image-to-one-repo
- refs/heads/pr/nat-gw-tests
- refs/heads/pr/nathanjsweet/add-complex-allow-test-to-policy-map-tests
- refs/heads/pr/nathanjsweet/add-lockdown-mode-for-policy-map-overflows
- refs/heads/pr/nathanjsweet/differentiate-protocol-in-services
- refs/heads/pr/nathanjsweet/node-port-addresses
- refs/heads/pr/nathanjsweet/refactor-mapstate
- refs/heads/pr/nathanjsweet/update-k8s-control-plane-tests-to-1-27
- refs/heads/pr/nebril/add-dns-concurrency-limit
- refs/heads/pr/nebril/fix-precheck
- refs/heads/pr/nebril/fqdn-proxy-ha
- refs/heads/pr/nebril/fqdn-proxy-interface
- refs/heads/pr/nebril/gke-workflow-migrate-from-cli
- refs/heads/pr/nebril/quarantine-1.14-nodeport
- refs/heads/pr/nebril/test-bottlerocket
- refs/heads/pr/nebril/test-helm-gke-fix
- refs/heads/pr/nebril/test-our-ghaction-shenanigans
- refs/heads/pr/nebril/test-rebase-helm
- refs/heads/pr/nebril/trololo
- refs/heads/pr/nebril/update-cli-9.1-test
- refs/heads/pr/netkit
- refs/heads/pr/netkit3
- refs/heads/pr/netns-switch
- refs/heads/pr/netns-switch-no-peer
- refs/heads/pr/nodeport-fix
- refs/heads/pr/nodeport-improvements2
- refs/heads/pr/nodeport-nat-improvements
- refs/heads/pr/nodeport-nat-improvements2
- refs/heads/pr/nodeport-retry-sport
- refs/heads/pr/pchaigno/deprecate-bpf_network-f
- refs/heads/pr/pchaigno/fix-4.19-bpf-program-size
- refs/heads/pr/pchaigno/hotfix1-ipsec-fix
- refs/heads/pr/pchaigno/hotfix1-ipsec-fix-brb-v0
- refs/heads/pr/pchaigno/optim-complexity-ipcache-lookup
- refs/heads/pr/pchaigno/rework-config-probes
- refs/heads/pr/pchaigno/tmp-base-branch
- refs/heads/pr/pin-1.10-workflows-k8s-version
- refs/heads/pr/pin-1.11-workflows-k8s-version
- refs/heads/pr/pin-1.12-workflows-k8s-version
- refs/heads/pr/pin-1.13-workflows-k8s-version
- refs/heads/pr/pin-cloud-provider-master-workflows
- refs/heads/pr/pr/fix-ipam-node-manager-semaphore-error-handling
- refs/heads/pr/publish-test-images
- refs/heads/pr/qmonnet/docs-20230224
- refs/heads/pr/qmonnet/docs-bump
- refs/heads/pr/qmonnet/ipsec/no-missed-tail-call-1.13
- refs/heads/pr/qmonnet/standalone-lb-docs
- refs/heads/pr/qmonnet/sync-joblists
- refs/heads/pr/rastislavs/bgp-e2e-test
- refs/heads/pr/ray/late-dns-proxy
- refs/heads/pr/rgo3/1.12-run-no-unexpected-drops-for-patch
- refs/heads/pr/rgo3/fix-k8s-vm-provisioning-1.13
- refs/heads/pr/rgo3/fix-missing-health-endpoint
- refs/heads/pr/rolinh/better-policy-verdict
- refs/heads/pr/rolinh/hubble-dump-all
- refs/heads/pr/rolinh/hubble-fix-maxflows-rounding
- refs/heads/pr/route-test
- refs/heads/pr/run-tests-in-parallel
- refs/heads/pr/scalability-crd-only
- refs/heads/pr/squeed/make-ccache
- refs/heads/pr/squeed/per-node-config
- refs/heads/pr/squeed/remote-cluster-leak
- refs/heads/pr/stacy/docs-update
- refs/heads/pr/tammach/accesslog-envoy
- refs/heads/pr/tammach/ci-cm
- refs/heads/pr/tammach/cleanup-helm-1.16
- refs/heads/pr/tammach/envoy-1.30
- refs/heads/pr/tammach/headless-service-flake
- refs/heads/pr/tammach/ingress-controller-e2e-config6
- refs/heads/pr/tammach/more-ingress-tests
- refs/heads/pr/tammach/rennovate-statedb
- refs/heads/pr/tammach/revert/fib-lookup
- refs/heads/pr/tammach/ubuntu-24.04
- refs/heads/pr/tammach/ubuntu-24.04-no-llvm
- refs/heads/pr/tc-np-test
- refs/heads/pr/tcx
- refs/heads/pr/tcx-helm
- refs/heads/pr/tcx-misc
- refs/heads/pr/test-419-ci
- refs/heads/pr/test-increase-update-delete-timeout
- refs/heads/pr/test-k8s-all-tests
- refs/heads/pr/test-lb-super-netperf
- refs/heads/pr/test-nightly
- refs/heads/pr/test-upstream-timeout
- refs/heads/pr/tgraf/chaos-testing
- refs/heads/pr/tgraf/clustermesh-stale-state
- refs/heads/pr/tgraf/eni-ipam
- refs/heads/pr/tgraf/new-endpoint-state
- refs/heads/pr/tgraf/new-policy
- refs/heads/pr/tgraf/remove-tunnel-map
- refs/heads/pr/tgraf/scoped-ipam
- refs/heads/pr/tgraf/sctp
- refs/heads/pr/tgraf/split-lxc-prog
- refs/heads/pr/thorn3r/cesBlanketTest
- refs/heads/pr/thorn3r/clustermesh511
- refs/heads/pr/tklauser/build-push-images-env-var
- refs/heads/pr/tommyp1ckles/debugging-aks-conformance
- refs/heads/pr/tp/add-logging-for-wait-for-pods-term-condition
- refs/heads/pr/tp/backport-31380
- refs/heads/pr/tp/bump-cilium-cli
- refs/heads/pr/tp/cleanup-ipam-ips-metric-docs
- refs/heads/pr/tp/complexity-issue-verifier-case-main
- refs/heads/pr/tp/dont-terminate-on-node-config-changee
- refs/heads/pr/tp/eps-modular-health
- refs/heads/pr/tp/fix-stuck-ginko-pod-v2
- refs/heads/pr/tp/forward-hubble-for-e2e
- refs/heads/pr/tp/forward-hubble-for-e2e-v2
- refs/heads/pr/tp/switch-1.24-eks-region
- refs/heads/pr/tp/switch-1.24-eks-region-v1.13
- refs/heads/pr/tp/use-helm-default-vars-for-clustermesh-downgrade-c1
- refs/heads/pr/tweak-github-action-ref
- refs/heads/pr/twpayne/hubble-recent-events-buffer
- refs/heads/pr/twpayne/hubble-ring-buffer-benchmarks
- refs/heads/pr/update-azure
- refs/heads/pr/update-readme-for-releases
- refs/heads/pr/update-tm-network
- refs/heads/pr/v1.10-backport-2022-06-13
- refs/heads/pr/v1.10-backport-2022-10-03
- refs/heads/pr/v1.10-eni-stability-improvements-v1
- refs/heads/pr/v1.10-neigh-clean
- refs/heads/pr/v1.11-backport-2022-10-03
- refs/heads/pr/v1.11-test/issue-692
- refs/heads/pr/v1.12-backport-2023-10-10
- refs/heads/pr/v1.12-test/issue-692
- refs/heads/pr/v1.13-backport-2023-10-31
- refs/heads/pr/v1.13-backport-2024-04-22-03-42
- refs/heads/pr/v1.13-test/issue-692
- refs/heads/pr/v1.14-backport-2024-06-18-02-46
- refs/heads/pr/v1.14.1
- refs/heads/pr/v1.7-stability-test
- refs/heads/pr/v1.7.9-hf-13205
- refs/heads/pr/v3-cpu
- refs/heads/pr/v6-host-addr2
- refs/heads/pr/vk/bpf/tests/csum
- refs/heads/pr/vk/ci/test/concurrent/run
- refs/heads/pr/vk/doc/ipsec
- refs/heads/pr/vk/ipsec/key/rotate
- refs/heads/pr/vk/test/ipsec/tests/concurrent/run
- refs/heads/pr/wip/bijective-nodemap
- refs/heads/regex_improved
- refs/heads/renovate/v1.13-all-dependencies
- refs/heads/renovate/v1.14-all-dependencies
- refs/heads/renovate/v1.15-aanm-test
- refs/heads/renovate/v1.15-all-dependencies
- refs/heads/renovate/v1.16-cilium-cli
- refs/heads/renovate/v1.16-go
- refs/heads/revert-29086-2023-11-09-backport-1.14
- refs/heads/revert-33302-policy-catch-invalid-port-wildcard
- refs/heads/rib
- refs/heads/run-ci-wihout-building-cilium
- refs/heads/sh-dep-test-l4lb
- refs/heads/sidecar-http-proxy
- refs/heads/sockmap-v5
- refs/heads/sockops-build-fix
- refs/heads/tam/integration-tests
- refs/heads/tam/more-ingress-tests
- refs/heads/tb/bpf-remove-bear
- refs/heads/test-branch
- refs/heads/test-ipsec
- refs/heads/test-sig-bgp-notifs
- refs/heads/test/brlbil/upload
- refs/heads/test/skip-workflows
- refs/heads/tgraf/process-policy
- refs/heads/thorn3r/cesScaleTest
- refs/heads/thorn3rCES
- refs/heads/tinker/learnitall/scale-test-1
- refs/heads/tinker/learnitall/scale-test-2
- refs/heads/tklauser+brb/wip/multi-homing
- refs/heads/unit-test-ipsec
- refs/heads/v0.10
- refs/heads/v0.11
- refs/heads/v0.12
- refs/heads/v0.13
- refs/heads/v0.8
- refs/heads/v0.9
- refs/heads/v1.0
- refs/heads/v1.0.0-rc2
- refs/heads/v1.0.0-rc3
- refs/heads/v1.1
- refs/heads/v1.10
- refs/heads/v1.11
- refs/heads/v1.12
- refs/heads/v1.12.11-base
- refs/heads/v1.13
- refs/heads/v1.14
- refs/heads/v1.15
- refs/heads/v1.16
- refs/heads/v1.2
- refs/heads/v1.3
- refs/heads/v1.3.1
- refs/heads/v1.3.1-release
- refs/heads/v1.3.7-release
- refs/heads/v1.4
- refs/heads/v1.4.5-release
- refs/heads/v1.5
- refs/heads/v1.5.2-rc1-with-clusterip-fix
- refs/heads/v1.5.4-release
- refs/heads/v1.6
- refs/heads/v1.7
- refs/heads/v1.7.9-1
- refs/heads/v1.7.9.1
- refs/heads/v1.8
- refs/heads/v1.9
- refs/heads/verify-external-workload-dns-setup-redux
- refs/heads/vladu/identity-type-metrics
- refs/heads/weavescope
- refs/heads/wip-ktls-tx-rx
- refs/heads/wip-sockmap
- refs/heads/wip-sockmap-v2
- refs/heads/wip-sockmap-v3
- refs/heads/wip-sockmap-v4
- refs/heads/xfrm-subnet-test
- refs/heads/yutaro/bgp-cplane-etp-local/doc
- refs/heads/yutaro/oss/eni-overlapping-mark
- refs/remotes/bruno/hf/v1.10/v1.10.3-bpf-snat-and-masq-fixes
- refs/remotes/joe/submit/quarantine-etcd
- refs/remotes/origin/1.2-backports-18-09-12
- refs/remotes/origin/ipvlan3
- refs/remotes/origin/pr/add-reserved-health
- refs/remotes/origin/pr/brb/nodeport-lb
- refs/remotes/origin/pr/ianvernon/5859
- refs/remotes/origin/pr/ianvernon/dynamic-ep-cfg
- refs/remotes/origin/pr/tgraf/kube-dns-fixed-identity
- refs/semaphoreci/6384f501b324813e55cfbe818c04a40f2a923765
- refs/semaphoreci/7f69b285bac8a1be414e8769799962ae1408d9e1
- refs/semaphoreci/b5eb6622da121ad36b8f375a084392f7feeec64a
- refs/semaphoreci/d9e7e28f39d34a7050a9c1cad2a26d84f5f4eff1
- refs/semaphoreci/f55ec535d85f387ef981265967fabb3c1b5f1ec6
- refs/tags/0.10.1
- refs/tags/1.1.1
- refs/tags/1.9.0-rc0
- refs/tags/v0.11
- refs/tags/v0.12.0
- refs/tags/v0.13.1
- refs/tags/v0.8.0
- refs/tags/v0.8.1
- refs/tags/v0.8.2
- refs/tags/v0.9.0
- refs/tags/v0.9.0-rc1
- refs/tags/v1.0.0-rc2
- Branches list truncated to 687 entries, 4 were omitted.
- v1.0.0-rc14
- v1.0.0-rc13
- v1.0.0-rc11
- v1.0.0-rc10
- v1.0.0-rc1
- v1.0.0
- v0.13.9
- v0.13.8
- v0.13.7
- v0.13.6
- v0.13.5
- v0.13.4
- v0.13.3
- v0.13.28
- v0.13.25
- v0.13.24
- v0.13.23
- v0.13.22
- v0.13.21
- v0.13.20
- v0.13.2
- v0.13.19
- v0.13.18
- v0.13.17
- v0.13.16
- v0.13.15
- v0.13.14
- v0.13.13
- v0.13.12
- v0.13.11
- v0.13.10
- v0.10.0
- 1.9.9
- 1.9.8
- 1.9.7
- 1.9.6
- 1.9.5
- 1.9.4
- 1.9.3
- 1.9.2
- 1.9.18
- 1.9.17
- 1.9.16
- 1.9.15
- 1.9.14
- 1.9.13
- 1.9.12
- 1.9.11
- 1.9.10
- 1.9.1
- 1.9.0-rc3
- 1.9.0-rc2
- 1.9.0-rc1
- 1.9.0
- 1.8.9
- 1.8.8
- 1.8.7
- 1.8.6
- 1.8.5
- 1.8.4
- 1.8.3
- 1.8.2
- 1.8.13
- 1.8.12
- 1.8.11
- 1.8.10
- 1.8.1
- 1.8.0-rc4
- 1.8.0-rc3
- 1.8.0-rc2
- 1.8.0-rc1
- 1.8.0
- 1.7.9
- 1.7.8
- 1.7.7
- 1.7.6
- 1.7.5
- 1.7.4
- 1.7.3
- 1.7.2
- 1.7.16
- 1.7.15
- 1.7.14
- 1.7.13
- 1.7.12
- 1.7.11
- 1.7.10
- 1.7.1
- 1.7.0-rc4
- 1.7.0-rc3
- 1.7.0
- 1.6.9
- 1.6.8
- 1.6.7
- 1.6.6
- 1.6.5
- 1.6.4
- 1.6.3
- 1.6.2
- 1.6.12
- 1.6.11
- 1.6.10
- 1.6.1
- 1.6.0
- 1.5.9
- 1.5.8
- 1.5.7
- 1.5.6
- 1.5.5
- 1.5.4
- 1.5.3
- 1.5.2
- 1.5.13
- 1.5.12
- 1.5.11
- 1.5.10
- 1.5.1
- 1.5.0-rc6
- 1.5.0-rc5
- 1.5.0-rc4
- 1.5.0-rc3
- 1.5.0-rc2
- 1.5.0
- 1.4.9
- 1.4.8
- 1.4.7
- 1.4.6
- 1.4.5
- 1.4.4
- 1.4.3
- 1.4.2
- 1.4.10
- 1.4.1
- 1.4.0-rc9
- 1.4.0-rc8
- 1.4.0-rc7
- 1.4.0-rc6
- 1.4.0-rc5
- 1.4.0-rc2
- 1.4.0
- 1.3.8
- 1.3.7
- 1.3.6
- 1.3.5
- 1.3.4
- 1.3.3
- 1.3.2
- 1.3.1
- 1.3.0-rc5
- 1.3.0-rc4
- 1.3.0
- 1.2.8
- 1.2.7
- 1.2.6
- 1.2.5
- 1.2.4
- 1.2.3
- 1.2.2
- 1.2.1
- 1.2.0-rc3
- 1.2.0-rc2
- 1.2.0-rc1
- 1.2.0
- 1.16.0-rc.1
- 1.16.0-rc.0
- 1.16.0-pre.3
- 1.16.0-pre.2
- 1.16.0-pre.1
- 1.16.0-pre.0
- 1.15.7
- 1.15.6
- 1.15.5
- 1.15.4
- 1.15.3
- 1.15.2
- 1.15.1
- 1.15.0-rc.1
- 1.15.0-rc.0
- 1.15.0-pre.3
- 1.15.0-pre.2
- 1.15.0-pre.1
- 1.15.0-pre.0
- 1.15.0
- 1.14.9
- 1.14.8
- 1.14.7
- 1.14.6
- 1.14.5
- 1.14.4
- 1.14.3
- 1.14.2
- 1.14.13
- 1.14.12
- 1.14.11
- 1.14.10
- 1.14.1
- 1.14.0-snapshot.4
- 1.14.0-snapshot.3
- 1.14.0-snapshot.2
- 1.14.0-snapshot.1
- 1.14.0-snapshot.0
- 1.14.0-rc.1
- 1.14.0-rc.0
- 1.14.0-pre.2
- 1.14.0
- 1.13.9
- 1.13.8
- 1.13.7
- 1.13.6
- 1.13.5
- 1.13.4
- 1.13.3
- 1.13.2
- 1.13.18
- 1.13.17
- 1.13.16
- 1.13.15
- 1.13.14
- 1.13.13
- 1.13.12
- 1.13.11
- 1.13.10
- 1.13.1
- 1.13.0-rc5
- 1.13.0-rc4
- 1.13.0-rc3
- 1.13.0-rc2
- 1.13.0-rc1
- 1.13.0-rc0
- 1.13.0
- 1.12.9
- 1.12.8
- 1.12.7
- 1.12.6
- 1.12.5
- 1.12.4
- 1.12.3
- 1.12.2
- 1.12.19
- 1.12.18
- 1.12.17
- 1.12.16
- 1.12.15
- 1.12.14
- 1.12.13
- 1.12.12
- 1.12.11
- 1.12.10
- 1.12.1
- 1.12.0-rc3
- 1.12.0-rc2
- 1.12.0-rc1
- 1.12.0-rc0
- 1.12.0
- 1.11.9
- 1.11.8
- 1.11.7
- 1.11.6
- 1.11.5
- 1.11.4
- 1.11.3
- 1.11.20
- 1.11.2
- 1.11.19
- 1.11.18
- 1.11.17
- 1.11.16
- 1.11.15
- 1.11.14
- 1.11.13
- 1.11.12
- 1.11.11
- 1.11.10
- 1.11.1
- 1.11.0-rc3
- 1.11.0-rc2
- 1.11.0-rc1
- 1.11.0-rc0
- 1.11.0
- 1.10.9
- 1.10.8
- 1.10.7
- 1.10.6
- 1.10.5
- 1.10.4
- 1.10.3
- 1.10.20
- 1.10.2
- 1.10.19
- 1.10.18
- 1.10.17
- 1.10.16
- 1.10.15
- 1.10.14
- 1.10.13
- 1.10.12
- 1.10.11
- 1.10.10
- 1.10.1
- 1.10.0-rc2
- 1.10.0-rc1
- 1.10.0-rc0
- 1.10.0
- 1.1.6
- 1.1.5
- 1.1.4
- 1.1.3
- 1.1.2
- 1.1.0
- 1.0.7
- 1.0.6
- 1.0.5
- 1.0.4
- Releases list truncated to 313 entries, 325 were omitted.
Take a new snapshot of a software origin
If the archived software origin currently browsed is not synchronized with its upstream version (for instance when new commits have been issued), you can explicitly request Software Heritage to take a new snapshot of it.
Use the form below to proceed. Once a request has been submitted and accepted, it will be processed as soon as possible. You can then check its processing state by visiting this dedicated page.
Processing "take a new snapshot" request ...
Permalinks
To reference or cite the objects present in the Software Heritage archive, permalinks based on SoftWare Hash IDentifiers (SWHIDs) must be used.
Select below a type of object currently browsed in order to display its associated SWHID and permalink.
| Revision | Author | Date | Message | Commit Date |
|---|---|---|---|---|
| 31d8e02 | Thomas Graf | 05 April 2019, 09:28:50 UTC | Prepare 1.4.3 release Signed-off-by: Thomas Graf <thomas@cilium.io> | 05 April 2019, 09:41:58 UTC |
| acceb68 | Maciej Kwiek | 03 April 2019, 09:58:31 UTC | Run operator in dev vm [ upstream commit d9e1a27b0e89c4379b2e67383cdd07e0e136ad54 ] Signed-off-by: Maciej Kwiek <maciej@covalent.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 05 April 2019, 09:17:04 UTC |
| de64bc5 | Thomas Graf | 03 April 2019, 12:54:32 UTC | endpoint: Use IsSet() to check if endpoint IP is set [ upstream commit 569b3f0ace7f542434167ed1676604d2690d5a7c ] When restored from JSON, the endpoint.IPv[46] field can become an empty slice instead of being nil. Use IsSet() to check whether the address is available. This resulted in unnecessary work being performed. In particular running an additional controller to synchronize the inexisting IP address to the ipcache was expensive. Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 05 April 2019, 09:17:04 UTC |
| fbc62c6 | Jarno Rajahalme | 05 April 2019, 03:44:11 UTC | envoy: Use fixed envoy image Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 05 April 2019, 09:15:18 UTC |
| c999023 | Joe Stringer | 02 April 2019, 03:04:06 UTC | kvstore/allocator: Add test for identity clash [ upstream commit 4b45f062f18e59162fce2871a8f03ea056029589 ] Add a test which checks for regressions in the bug #7559. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 03 April 2019, 12:15:28 UTC |
| 5b8a512 | Joe Stringer | 02 April 2019, 15:51:39 UTC | kvstore: Add test for GetPrefix() [ upstream commit 18dd2a4a2d8c9eaca6c5d5c4e9185dd4f0870b1a ] Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 03 April 2019, 12:15:28 UTC |
| 7220bf9 | Joe Stringer | 01 April 2019, 23:36:22 UTC | kvstore: Fix identity override with labels prefix [ upstream commit bad8a9dfe2d10d306bc838d1e16cec2f7f971c0e ] Previously, when attempting to determine whether an identity exists for a set of labels, we would perform a prefix lookup with the desired labels and if an identity is found, unconditionally use that identity, without checking that the set of specified labels matches the labels of the identity that was found. This could lead to a situation where if an endpoint is deployed on a node with a labels subset of another endpoint's labels, the local node would override the labels for that identity with the shorter set of labels. As a result, policy which selects the longer set of labels may potentially not apply, which assuming a "deny-all" ingress security posture, would lead to packet drops when the policy would appear to allow traffic to the endpoint with the longer set of labels. This patch fixes the issue by returning the key that was found, then trimming the suffix (which represents the node IP), then comparing the length of this key against the labels that were used to perform the lookup. If the length is the same, then the labels are the same and the identity can be reused. Otherwise, it cannot be reused and we will back out and attempt to allocate a new numeric identity for this set of labels. Note this still leaves one possibility open: The kvstore GetPrefix() interface does not guarantee which key will be found if two keys with the same prefix are in the kvstore and a prefix lookup is performed for the shorter key. In this case, GetNoCache() may return that no key is found when there is in fact an identity for the shorter prefix. This could potentially lead to an increase in the number of identities for the shorter prefix, however this will not affect existing identities. This situation is deemed unlikely enough that cleaning up this case is deferred for now. Fixes: #7559 Reported-by: Rui Gu <rui@covalent.io> Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 03 April 2019, 12:15:28 UTC |
| 144a4f6 | André Martins | 02 April 2019, 11:46:29 UTC | .travis: run travis on all PRs [ upstream commit ff492a7de56d12471baf9b7680c5d6bafb651b21 ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 02 April 2019, 18:22:25 UTC |
| d5aa127 | Joe Stringer | 29 March 2019, 21:22:48 UTC | contrib/backporting: Fix commit order in check-stable [ upstream commit c591173c53de845c4ed87a75c9951dc6021641d9 ] For particular PRs, for example #7476, the chronoligcal ordering of commits based upon AuthorDate is not the same as the revision list ordering in git, which caused the list of commits to be out-of-order when printing on the commandline. This could cause problems during backporting where backporters would inadvertently attempt to backport later commits before earlier commits that they depend on, leading to more conflicts than necessary during the backport process. Fix this up by using the canonical commit ordering in the branch that was merged, and only use GitHub's PR commit list as a way to determine the total number of commits being merged in the PR. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 02 April 2019, 18:22:25 UTC |
| 2fd7aec | Ian Vernon | 02 April 2019, 01:52:01 UTC | fix unit test breakage * Set NodeMAC directly instead of calling nonexistent helper function * Remove unused imports from node, allocator tests * Fix assertion when checking length of Endpoints slice in L4Filter Signed-off by: Ian Vernon <ian@cilium.io> | 02 April 2019, 17:41:46 UTC |
| 74566d5 | Joe Stringer | 29 March 2019, 22:40:41 UTC | Revert "policy: Simplify l7 rule generation for l4-only rules" [ upstream commit 90a36a9118940c9f498373d780152295d4ff2cc5 ] This reverts commit 13c705070d71e44b11a1c0f57b8de89a89c93e6b. The wildcardL3L4Rules() function is used from L3-only rules as well as L3-dependent L4 and L4-only rules, so in these cases the empty endpoint set has different meaning: In L3-only, it means "select nothing at all"; in any L4 type of rule, it means "select all endpoints with this port" - ie a wildcard. Shift this code back to where it used to be, and add a comment to describe why it's there. Signed-off-by: Joe Stringer <joe@cilium.io> | 02 April 2019, 17:41:46 UTC |
| 78194b9 | Joe Stringer | 26 March 2019, 17:50:03 UTC | policy: Simplify l7 rule generation for l4-only rules [ upstream commit 13c705070d71e44b11a1c0f57b8de89a89c93e6b ] This logic is almost equivalent to the version introduced in the previous patch, however now if the wildcard selector is explicitly defined in the rules then we won't end up adding yet another wildcard selector to iterate through. In cases where the wildcard selector is early on in the set of `toEndpoints`/`fromEndpoints`, this will reduce iteration over those endpoint selector slices. Signed-off-by: Joe Stringer <joe@cilium.io> | 02 April 2019, 17:41:46 UTC |
| 7e8b41a | Joe Stringer | 21 March 2019, 23:25:52 UTC | policy: Generate L7 allow-all for L4-only rules [ upstream commit 1ef4ec5ea0cd09f122ec12a9ff18ded8ce7a48e8 ] Previously, if an L4-only rule shadowed an L7 rule on the same port/protocol, we would redirect the traffic to the proxy, but we would *not* generate xDS filters to allow that traffic. This would result in unexpectedly dropping traffic that should otherwise be allowed. The included test previously failed, with the functional change in this commit it now passes. Fixes: #7438 Signed-off-by: Joe Stringer <joe@cilium.io> | 02 April 2019, 17:41:46 UTC |
| 2c04f47 | Joe Stringer | 22 March 2019, 16:50:46 UTC | daemon/policy: Consolidate policy testing primitives [ upstream commit f63302b3e97a147428d8dd8070cfb5a967a29dd5 ] Reuse the same CNP, PNP primitives for policy testing. Signed-off-by: Joe Stringer <joe@cilium.io> | 02 April 2019, 17:41:46 UTC |
| 86518c8 | Joe Stringer | 22 March 2019, 17:22:00 UTC | daemon/policy: Share labels declarations in tests [ upstream commit b731c6bac16cdd912ada5be74388a3578a720d4f ] Signed-off-by: Joe Stringer <joe@cilium.io> | 02 April 2019, 17:41:46 UTC |
| 1fc74b2 | Joe Stringer | 22 March 2019, 16:51:22 UTC | daemon/policy: Refactor test endpoint initialization [ upstream commit cd8d72ef3e40ba75178c0b6a07c2e1bb5e9c9dff ] [ Backporter's notes: Had to rebase to remove code that was added by the intermediate commit 55b0fd3d22a9 ("selectively regenerate endpoints on policy change") ] Consolidate the initialization of the test endpoints to simplify the core logic of individual tests. Signed-off-by: Joe Stringer <joe@cilium.io> | 02 April 2019, 17:41:46 UTC |
| 3b864a0 | Joe Stringer | 29 March 2019, 17:25:42 UTC | Revert "Revert "policy: Simplify l7 rule generation for l4-only rules"" This reverts commit 776875cf28bbc68c042921bd8c4acfa6da99492a. It was prematurely backported before the commits which it backported. To ease the backport of all of these commits in the canonical order, undo this previous commit. An upcoming commit will re-apply the commit with the entire commit backported properly. Signed-off-by: Joe Stringer <joe@cilium.io> | 02 April 2019, 17:41:46 UTC |
| d3aec5b | Ray Bejjani | 01 April 2019, 16:09:43 UTC | Revert "dnsproxy: Return DNS response before cache update" After discussion in the community meeting we decided to revert this change. Although small it may have unexpected side-effects and would constitute an unexpected change for a minor release. This reverts commit 8d1cc318307a546c00217a40a04ebdbaf984c2fd. Signed-off-by: Ray Bejjani <ray@covalent.io> | 02 April 2019, 16:18:14 UTC |
| 191aafb | André Martins | 26 March 2019, 21:14:55 UTC | update loopback CNI plugin to v0.7.5 in runtime docker image [ upstream commit 996cba01a44d00b17fb32502d2e30704f2059cce ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 27 March 2019, 21:01:47 UTC |
| 41d479e | André Martins | 26 March 2019, 21:11:53 UTC | vendor: update github.com/containernetworking/cni to v0.7.0-rc2 [ upstream commit c6cdb7d3c949189f98b5dbd50677f132ea5e60ef ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 27 March 2019, 21:01:47 UTC |
| 7f299be | André Martins | 26 March 2019, 21:09:25 UTC | vendor: update github.com/containernetworking/plugins to v0.7.5 [ upstream commit f62cc7bb0f88a5da052e3e46f636ffc820a7399c ] This is the same version used by k8s so we should be using the same one Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 27 March 2019, 21:01:47 UTC |
| 938dfb1 | André Martins | 26 March 2019, 10:00:25 UTC | test update k8s to 1.11.9, 1.12.7, 1.13.5 and 1.14.0 [ upstream commit 5ca566cec7b659f8333712bf329975dd35c462c9 ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 27 March 2019, 21:01:47 UTC |
| 776875c | Joe Stringer | 27 March 2019, 00:56:16 UTC | Revert "policy: Simplify l7 rule generation for l4-only rules" [ upstream commit 90a36a9118940c9f498373d780152295d4ff2cc5 ] This reverts commit 13c705070d71e44b11a1c0f57b8de89a89c93e6b. The wildcardL3L4Rules() function is used from L3-only rules as well as L3-dependent L4 and L4-only rules, so in these cases the empty endpoint set has different meaning: In L3-only, it means "select nothing at all"; in any L4 type of rule, it means "select all endpoints with this port" - ie a wildcard. Shift this code back to where it used to be, and add a comment to describe why it's there. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 27 March 2019, 21:01:47 UTC |
| fd7f713 | André Martins | 15 March 2019, 13:11:50 UTC | k8s: add protobuf by default for k8s client [ upstream commit 98e81da87fd282f5b1f89a4a169d439e5210ae8b ] As k8s types support protobuf we can make use of it but we still need to leave the k8s client for cilium types unmodified since there is no support on Custom Resources for protobuf. Signed-off-by: André Martins <andre@cilium.dev> Signed-off-by: André Martins <andre@cilium.io> | 27 March 2019, 18:34:28 UTC |
| e966258 | André Martins | 15 March 2019, 13:04:30 UTC | k8s: add method to create default Cilium K8s Client [ upstream commit 84c896a5f468d2faa290ff47c115cd2a8bbc7cc4 ] Signed-off-by: André Martins <andre@cilium.dev> Signed-off-by: André Martins <andre@cilium.io> | 27 March 2019, 18:34:28 UTC |
| 870acb4 | André Martins | 21 March 2019, 15:25:59 UTC | vendor: update dependencies to k8s 1.14.0-rc.1 [ upstream commit 83caf91608beeac67048cbdc49a064e6e3376523 ] k8s 1.14.0-rc.1 is stable enough release so we can update k8s libraries with this version. Signed-off-by: André Martins <andre@cilium.dev> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 26 March 2019, 12:59:13 UTC |
| 5b9cfcc | André Martins | 21 March 2019, 15:28:16 UTC | k8s: generate code from k8s 1.14.0-rc.1 [ upstream commit 24f1bbddee992a1fd35b635dad727873bc260dbd ] Generated code based on the new k8s 1.14.0-rc.1 k8s code-generator Signed-off-by: André Martins <andre@cilium.dev> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 26 March 2019, 12:59:13 UTC |
| c26df3d | André Martins | 21 March 2019, 15:30:37 UTC | test: set coredns deployment closer to the upstream version [ upstream commit e50045a15640d1142d2b36bd79c3beb4cccceee8 ] Users will most likely use a coredns deployment based on the upstream version available so our CI should use a configuration closer to the one available upstream. configuration changed from the upstream version - replaced [0] with [1] - removed [3] to avoid caching entries for more than 30 seconds as tests can take less than 30 seconds to complete. [0] ``` forward . /etc/resolv.conf ``` [1] ``` proxy . /etc/resolv.conf { fail_timeout 10s max_fails 0 } ``` [2] ``` cache 30 ``` Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 26 March 2019, 12:59:13 UTC |
| 5b8f46a | André Martins | 21 March 2019, 15:31:07 UTC | test: run k8s 1.14.0-rc.1 by default on all PRs [ upstream commit 62f43aa98b5f0375622a624f7c202f30f400e972 ] k8s 1.14.0-rc.1 is a stable enough release that we can start using to test on all PRs Signed-off-by: André Martins <andre@cilium.dev> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 26 March 2019, 12:59:13 UTC |
| d590ced | Eloy Coto | 07 March 2019, 12:13:29 UTC | Documentation: Add Kubernetes 1.14 support. [ upstream commit 9ab5e64f041ed2a57f19a3403ba5c8f29561b5a9 ] - Add Kubernetes 1.14 support in documentation. - Disable 1.8 and 1.9 documentation due is not longer supported. Signed-off-by: Eloy Coto <eloy.coto@gmail.com> [ backporting: retaining 1.8 and 1.9 support where 1.4 was released with. dropping would be in 1.5 then. ] Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 25 March 2019, 23:31:54 UTC |
| f2b9cf4 | Eloy Coto | 07 March 2019, 07:53:14 UTC | Examples: Added kubernetes 1.14 manifest [ upstream commit eacd41c9e5c33d1087a7cd0c1f55123a6d0a03cb ] Add 1.14 manifests files Signed-off-by: Eloy Coto <eloy.coto@gmail.com> [ backporting: reran make on k8s examples ] Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 25 March 2019, 23:31:54 UTC |
| 8028a5a | Eloy Coto | 08 February 2019, 07:55:05 UTC | Test: Add Kuberentes 1.14-rc.1 to the build system. [ upstream commit 382590446705bed400be3696280eca7d1483bf4b ] Added kubernetes 1.14 to the build Signed-off-by: Eloy Coto <eloy.coto@gmail.com> [ backporting: moved <1.15 constraint to cilium 1.4 ] Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 25 March 2019, 23:31:54 UTC |
| b74a7e2 | Joe Stringer | 20 March 2019, 20:04:29 UTC | test/health: Check that peers are discovered [ upstream commit 5eb05f61a3daa2fb6a5f5efc61a9f62d1c1fd369 ] Previously, this test would only check that the "status" field reports no issues. However, if the peer was never discovered, this would be the case but something has gone wrong. First, check if the peer field is there. If it is not there, fail. Then, check that the status indicates success. The test should only pass if the peer has been probed AND there is no error response. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 25 March 2019, 23:31:54 UTC |
| 609cefe | Joe Stringer | 20 March 2019, 20:15:41 UTC | node: Fix health endpoint IP fetch with IP disable [ upstream commit 83dc10bf6d5d4b04fdbaa908586feb39d841a822 ] If either IPv4 or IPv6 was disabled, the health endpoint IP fetch would previously completely fail (silently), which would cause health endpoint connectivity probing to be disabled. Fixes: #7456 Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 25 March 2019, 23:31:54 UTC |
| 3b308a6 | Joe Stringer | 20 March 2019, 17:12:44 UTC | k8s: Fix node equality function for health IPs [ upstream commit fcc2a2c5db8df43e1aaa1ee02d18856ec0dfe80a ] Fix up the node equality function which caused Cilium to ignore updates for health IPs, which could cause cilium-health IP changes to be ignored. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 25 March 2019, 23:31:54 UTC |
| e979323 | Thomas Graf | 22 March 2019, 00:22:39 UTC | ipcache: Allow CIDR ipcache overwrite from all sources [ upstream commit b59acbadb47424a760eaf3475c1ca95e0ed73977 ] The existing logic prevented any ipcache update of an entry that was triggered by a CIDR policy entry. This meant that if a CIDR policy in the PodCIDR covering yet unused PodIPs could prevent the ipcache being updated to map to PodIPs being used later on. Fixes: f3bbcd8e886 ("identity: Use local identities to represent CIDR") Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 25 March 2019, 19:18:03 UTC |
| 8d1cc31 | Ray Bejjani | 22 March 2019, 16:02:32 UTC | dnsproxy: Return DNS response before cache update [ upstream commit 0d1f22b6c8b40c242e9fd7e351fb71c0fbebf69a ] We may have slow update behaviour when running the proxy on a loaded system. In these cases it is more reliable to return the DNS response to the requesting pod before we block. This assumes that it is better to absorb a delay in regenerating in a TCP connection setup than to delay the DNS response beyond its timeout. Signed-off-by: Ray Bejjani <ray@covalent.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 25 March 2019, 19:18:03 UTC |
| 7e3487a | André Martins | 07 March 2019, 09:40:56 UTC | flannel: forcefully disabling IPv6 mode on flannel [ upstream commit 05b4d2b32f1440abdc0e279265db7543ce501147 ] Signed-off-by: André Martins <andre@cilium.dev> | 23 March 2019, 13:05:45 UTC |
| c44514a | Daniel T. Lee | 17 March 2019, 18:07:45 UTC | docs, bpf: Remove struct padding with aligning members [ upstream commit 93e0035b5d193de5c41520b9e2d1cf92908c44c9 ] Currently, BPF doesn't work with a padded structure due to data alignment. This commit adds description to the BPF document about how to remove struct padding with aligning members by using #pragma pack. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 20 March 2019, 15:15:38 UTC |
| 585fe1a | Daniel Borkmann | 18 March 2019, 09:24:55 UTC | ipsec, daemon: reject unsupported config options [ upstream commit 608189ce8e9a38c26bdfee1e3dffa5f8f9859615 ] This avoids obscure startup errors on Cilium daemon and/or false user expectations, thus lets error out early with a clear error message. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 20 March 2019, 15:15:38 UTC |
| f64cdbc | Daniel Borkmann | 18 March 2019, 09:16:04 UTC | ipsec, doc: remove note on 1.4.1 release [ upstream commit 52eb6da68ed244a47574acdd5780fb2958be56fa ] Replace it with 'upcoming release' since it hasn't been merged into 1.4.1 or 1.4.2 at this point and to avoid confusion for users following the guide. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 20 March 2019, 15:15:38 UTC |
| cd0d955 | Daniel Borkmann | 16 March 2019, 22:19:42 UTC | ipsec, bpf: fix build error when tunneling is disabled [ upstream commit e012ff0cc9b03f692151ea78f3e073840ca40880 ] If we don't have encap index defined (ENCAP_IFINDEX), then we also cannot redirect to it. This compilation error is thrown instead: 2019-03-16T08:38:33.30268603Z level=warning msg="/var/lib/cilium/bpf/bpf_netdev.c:548:11: warning: implicit declaration of function '__encap_and_redirect_with_nodeid' is invalid in C99 [-Wimplicit-function-declaration]" subsys=daemon 2019-03-16T08:38:33.302694714Z level=warning msg=" return __encap_and_redirect_with_nodeid(skb, tunnel_endpoint, seclabel, TRACE_PAYLOAD_LEN);" subsys=daemon 2019-03-16T08:38:33.302702926Z level=warning msg=" ^" subsys=daemon 2019-03-16T08:38:33.302708262Z level=warning msg="1 warning generated." subsys=daemon Fixes: 3b6245843aef ("cilium: ipsec, add BPF datapath encryption direction") Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 20 March 2019, 15:15:38 UTC |
| 70aa6de | Daniel Borkmann | 18 March 2019, 10:05:06 UTC | daemon: fix conntrack map dump wrt addresses [ upstream commit 3c58577ece0c299f7b5aacabac4d0ff56d70ea38 ] The CT dump currently shows swapped src/dst address entries even though it's correctly using src address resp. dst address as data. Issue is that 7afe903203c3 ("bpf: Global 5 tuple conntrack.") did not swap the initial tuple for the lookup when converting from local to global table, and all the current code right now is doing workarounds in order to not break CT table during version upgrade. Thus same needs to be done here for the dump. Issue became more apparent after aaf6ba39ad4e ("ctmap: Fix order of CtKey{4,6} struct fields"), which might have had been swapped on purpose but without further comments in the code on why it was swapped on daemon side. In this case, reverting aaf6ba39ad4e doesn't fully fix it either since then direction also needs to be swapped. Instead, make it less confusing and only swap what needs to be swapped, that is, the address parts since in the datapath this is the only thing that should have been done but was missed back then. For next major version upgrade (aka 2.0), this will be properly fixed (at the cost of disruptive upgrade). Fixes: 7afe903203c3 ("bpf: Global 5 tuple conntrack.") Fixes: aaf6ba39ad4e ("ctmap: Fix order of CtKey{4,6} struct fields") Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 20 March 2019, 15:15:38 UTC |
| f4220d0 | André Martins | 14 March 2019, 09:35:46 UTC | pkg/kvstore: attempt to stop giving LeaseIDs for a closed session [ upstream commit 9c0e8d55c550e1472e21faa40d85a4d2d1acc328 ] There is a race between the `e.Session.Done` when is closed and the time a new session is assigned to `e.session` which can cause new requests to etcd to use an already expired lease. Although this change does not fix the issue completly it helps by making the race window to be smaller. Signed-off-by: André Martins <andre@cilium.dev> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 20 March 2019, 15:15:38 UTC |
| deca0e7 | Nirmoy Das | 13 March 2019, 14:50:07 UTC | mtu: autodetect MTU for IPv6 only network [ upstream commit 8827a1ef79d4d149cce358315de60ae6d7cb57dc ] autoDetect() fails On IPv6 only deployement. This PR adds a fails safe if IPv4 check fails Signed-off-by: Nirmoy Das <ndas@suse.de> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 20 March 2019, 15:15:38 UTC |
| a4b29e8 | André Martins | 14 March 2019, 14:50:58 UTC | kvstore: make session orphan if the leaseID was used on a failed request [ upstream commit 7e1fc827bb0dcc13115722db639f25167921ccdc ] If we don't check which lease ID has errored on a request made to the kvstore, when we marking as session as orphan we can accidentally mark an already renewed session as orphan so we need to verify if the lease ID of a session that we want the mark it as orphan belongs to the same session that should be marked as an orphan. Fixes: bdc929e9d601 ("kvstore: forcefully close etcd session on error") Signed-off-by: André Martins <andre@cilium.dev> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 20 March 2019, 15:15:38 UTC |
| dff40df | André Martins | 14 March 2019, 10:39:50 UTC | contrib/backporting: add direct URL to create github tokens [ upstream commit 588dc0f46b1cfad382d848bc2bbbaf7440cb69d4 ] Signed-off-by: André Martins <andre@cilium.dev> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 20 March 2019, 15:15:38 UTC |
| fca1ad4 | André Martins | 14 March 2019, 10:36:28 UTC | contrib/backporting: print helper message how to install missing library [ upstream commit 1ab9eb82ec59080bd0ad4e79a1e6136113d5458b ] Fixes: 8ae80d14be1b ("Add label script for backporting") Signed-off-by: André Martins <andre@cilium.dev> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 20 March 2019, 15:15:38 UTC |
| 0c6a9e7 | André Martins | 13 March 2019, 16:19:35 UTC | kvstore: forcefully close etcd session on error [ upstream commit bdc929e9d60103153458f940ba73a80cdfcdd796 ] If etcd returns an error of lease not found we need to close the session so it gets renewed automatically. Signed-off-by: André Martins <andre@cilium.dev> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 20 March 2019, 15:15:38 UTC |
| 912bccd | Thomas Graf | 13 March 2019, 11:51:15 UTC | node: Use default kvstore synchronization interval [ upstream commit dc8a343a260594a1a95ff5ede63cd13f8c97f81b ] Use the default 5 minute interval that can be changed with the `--kvstore-periodic-sync` option. Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 20 March 2019, 15:15:38 UTC |
| 2061f6d | Thomas Graf | 04 March 2019, 23:35:16 UTC | kvstore: Make kvstore periodic sync interval configurable [ upstream commit ba50f395eaf3b8599ccf1ed9c8413d55739caac9 ] Changes the default to 5 minutes as a saner default for mid-scale environments and make the interval configurable if needed. Fixes: #7223 Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 20 March 2019, 15:15:38 UTC |
| bed03f3 | John Fastabend | 15 March 2019, 19:01:46 UTC | cilium: ipsec, support kernel without ipv6 support [ upstream commit a7b09677ac94f4f5fdf07c81adcc0f6ce97e92b3 ] If kernel does not have ipv6 support forwarding file will not exist so do not try to set the file if ipv6 is disabled. Signed-off-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 16 March 2019, 00:57:57 UTC |
| efd2a5c | Eloy Coto | 13 March 2019, 09:17:21 UTC | Daemon/PolicyAdd lock policyRepo to avoid fqdn races. This is an small backport to fix the FQDN race found in the issue #7105 and largely discussed in PR #7220. Due in master a new behaviour will be used that cannot be backported to 1.4, fix the issue in 1.4 with a specific commit. This commit will lock PolicyRepo in the start, so rules are never going to be overwritted by Fqdn GeneratedRule callback. PR: https://github.com/cilium/cilium/pull/7220 Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 15 March 2019, 09:41:36 UTC |
| c3b07e9 | André Martins | 12 March 2019, 18:44:40 UTC | operator: do not restart unmanaged hostNetwork pods [ upstream commit 7d20752914eb90f36620e07ed1afa0281ed2496f ] Fixes: da2318f22b2a ("do not make any more pod annotations") Reported-by: Rahul Prabhu <rahuldprabhu@gmail.com> Signed-off-by: André Martins <andre@cilium.dev> | 14 March 2019, 20:52:28 UTC |
| 8d7f202 | André Martins | 08 March 2019, 18:52:08 UTC | k8s: ignore kubectl.kubernetes.io/last-applied-configuration annotation [ upstream commit 100d83c27535274e61f1da57b44fd2121f7e0564 ] This annotation does not give any real usability for CNP Status and it might even increase the CNP status for a big policy with a small-medium cluster (50 nodes). Signed-off-by: André Martins <andre@cilium.dev> | 14 March 2019, 20:52:28 UTC |
| 799acfc | Thomas Graf | 06 March 2019, 13:40:44 UTC | kvstore: Cancel local lock operation based on parent context [ upstream commit 5a62d3786f173060b7f8ed91426a45eba538dacd ] Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 12 March 2019, 00:15:56 UTC |
| 9ea8ef7 | Thomas Graf | 06 March 2019, 13:34:02 UTC | kvstore: Pass context into LockPath() [ upstream commit 0e1bf88b295e65a51abf849114694c81b8f87e18 ] Abort the distributed lock operation when the parent context is cancelled. Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 12 March 2019, 00:15:56 UTC |
| 51c8995 | Thomas Graf | 06 March 2019, 13:08:05 UTC | allocator: Cancel allocation retries via context [ upstream commit f3612691874a10a4005e9b96cd1c4f05c2ca867b ] The existing code retried for N times to allocate an identity before giving up. Cancel the retries when the caller context is cancelled. Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 12 March 2019, 00:15:56 UTC |
| 852dffe | Thomas Graf | 06 March 2019, 12:59:40 UTC | allocator: Pass context into Allocate() and Release() functions [ upstream commit 93cdf81d07eef997dc2fdb78311fa8d1405b758a ] This allows to cancels these potentially blocking operations via the context. Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 12 March 2019, 00:15:56 UTC |
| fc748df | Thomas Graf | 06 March 2019, 12:54:30 UTC | allocator: Allow initial kvstore sync to be cancelled [ upstream commit 88d15f7cb39228acdb7083b076de4cfc65fd65e9 ] Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 12 March 2019, 00:15:56 UTC |
| 364d9ee | Thomas Graf | 06 March 2019, 12:48:50 UTC | identity: Allow identity initialization wait to be cancelled via context [ upstream commit ad4c775194975d7bb87ee93f519a0cfc1bfd82f3 ] Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 12 March 2019, 00:15:56 UTC |
| 84bed60 | Thomas Graf | 06 March 2019, 12:44:50 UTC | identity: Pass context into allocation and release functions [ upstream commit 21bec3bb0c756e99754d9ab25f24171e500a001f ] This will allow to abort allocation and release based on context Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 12 March 2019, 00:15:56 UTC |
| 02bb0aa | Thomas Graf | 06 March 2019, 12:35:55 UTC | endpoint: Pass context into identityLabelsChanged() via runLabelsResolver() [ upstream commit 35f1a6792c87e2b4bc7e4e11e0fe73acf1a72a12 ] For blocking calls, the context is coming from the original caller waiting for the call to complete. For controller based runs, the context is currently falling back to the background context. Once GH-7320 is done, it can be tied to a controller lifecycle bound context. Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 12 March 2019, 00:15:56 UTC |
| 090164c | Thomas Graf | 06 March 2019, 12:29:55 UTC | endpoint: Pass context into endpoint.UpdateLabels() [ upstream commit a3539939fa1915aa72ab7e5caf76bdf14c4b8d30 ] If a context is available in the caller of endpoint.UpdateLabels(), pass it in so we can cancel blocking operations. Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 12 March 2019, 00:15:56 UTC |
| f046413 | John Fastabend | 21 January 2019, 21:57:36 UTC | cilium: ipsec, route rules unit tests [ upstream commit 7217335542b7a5ba0b9e72facde4c534575e0bd3 ] Signed-off-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Ian Vernon <ian@cilium.io> | 11 March 2019, 18:16:57 UTC |
| aad9d07 | John Fastabend | 05 February 2019, 18:29:12 UTC | cilium: ipsec, refactor reading IPSec keys to support io.Reader [ upstream commit 8f316949b850b66cebfdcd4a40fa779be62f3eb9 ] Refactor code to read keys from io.Reader with a wrapper to use a file as the io.Reader. This simplifies the unit tests but also allows us to read keys from other readers if needed. Signed-off-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Ian Vernon <ian@cilium.io> | 11 March 2019, 18:16:57 UTC |
| 6aac653 | John Fastabend | 05 February 2019, 18:27:08 UTC | cilium: route, fix deleteRule to include mask and support IPv6 [ upstream commit 41433b20784707a577fdd40403906cf9be2ce9cd ] Unit tests found that deleteRule should include a mask to properly specify delete rule and also that we never remove IPv6 rules. Fix here. Signed-off-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Ian Vernon <ian@cilium.io> | 11 March 2019, 18:16:57 UTC |
| f129292 | John Fastabend | 21 January 2019, 22:24:59 UTC | cilium: ipsec, add ipsec unit test [ upstream commit 726c41ba96d30af8a4372190849eebb215d99780 ] Signed-off-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Ian Vernon <ian@cilium.io> | 11 March 2019, 18:16:57 UTC |
| 43b56c4 | Jarno Rajahalme | 08 March 2019, 23:08:53 UTC | proxy: Break GC loop between Redirect and RedirectImplementation [ upstream commit 74e75c86f042d4e19e90959e2d5a31f5f3091a30 ] A RedirectImplemenation may point back to the Redirect, so we must nil the 'implementation' pointer in Redirect to allow Go garbage collection to clean them up once a Redirect is removed. As of now Kafka and DNS redirect implementations point back to the Redirect. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 11 March 2019, 18:16:57 UTC |
| 597d6cf | John Fastabend | 07 March 2019, 16:54:44 UTC | cilium: scrub keys from bugtool xfrm [ upstream commit c4c58ea4a31c460a543c11ed69156d3c0075c14a ] Remove keys from xfrm debug output. We want the state output to identify any issues with xfrm setup, the output has the stats. We don't however want to record any keys. Fixes: 53b310438ee53 ("cilium: bugtool add xfrm details") Reported-by: Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Ian Vernon <ian@cilium.io> | 11 March 2019, 18:16:57 UTC |
| 9d6e6df | Martynas Pumputis | 07 March 2019, 16:02:18 UTC | docs: Add note about vbox guest additions and net-next [ upstream commit a3d98b12e471aaca42593e75854b31507d6f7091 ] Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Ian Vernon <ian@cilium.io> | 11 March 2019, 18:16:57 UTC |
| 5b0b76e | Martynas Pumputis | 07 March 2019, 15:28:01 UTC | test: Do not print from Vagrantfile when NETNEXT=true [ upstream commit ef87f547807fb384f9abd1aeaf9cc8b9020f1ef3 ] Previously, any vagrant command was printing to stdout "Vagrant to use net-next version" when `NETNEXT` was set to true. This didn't allow to use `vagrant ssh-config` output directly without any modifications. Thus, we remove the printing. Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Ian Vernon <ian@cilium.io> | 11 March 2019, 18:16:57 UTC |
| 29dacd4 | Jarno Rajahalme | 08 March 2019, 02:14:50 UTC | endpointmanager: IPv6 support. [ upstream commit 0992a648380d0a9335c4e9093b83fc06622d7fba ] Fix IPv6 lookups. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 11 March 2019, 18:16:57 UTC |
| b3231f6 | Jarno Rajahalme | 08 March 2019, 15:58:30 UTC | proxylib: Fix unit test flake when counting access log entries [ upstream commit 6a3b75e06c8e7e46b734b0bb3cb770e7c6e768b3 ] Modify the access log check function to allow for upto 5 seconds to receive the logs, but also to stop waiting after 50 milliseconds if the expecgted number of passes and drops have been received. The additional time allows for successful completion in resource limited test environments, while the short wait after the expected number of passes and drops has been received allows for the case where extraneous logs are being generated. Fixes: #6135 Fixes: #6447 Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 11 March 2019, 18:16:57 UTC |
| 4fd9bdc | André Martins | 06 March 2019, 21:46:35 UTC | Gopkg: remove leftover files [ upstream commit 85322e21fca39c55c4f5b87337aa5aeffc140724 ] Fixes: d2aec8168386 ("vendor: update to k8s 1.13.4") Signed-off-by: André Martins <andre@cilium.dev> Signed-off-by: Ian Vernon <ian@cilium.io> | 11 March 2019, 18:16:57 UTC |
| 53c34ae | Thomas Graf | 04 March 2019, 22:47:35 UTC | workloads: Only set k8s pod/namespace name if not already set [ upstream commit fd8e4f8f5f7894b1518f92a013021a7dbc348a72 ] Avoid unnecessary work and potentially overwriting the pod and namespace name if already set via the CNI plugin. Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 11 March 2019, 18:16:57 UTC |
| 52eaa4e | Thomas Graf | 04 March 2019, 22:47:35 UTC | workloads: Fetch labels only after successful endpoint association [ upstream commit 770d08873cbcc8802b492246a71606bf40d54f92 ] The current code fetches the container labels and inherits the pod labels for each of the 20 attempts to correlate a container event with an existing endpoint. This triggers unnecessary interactions with the apiserver. Refactor the handleCreateWorkload code to allow moving the label fetching code to the end, ensuring that the costly work is only performed once the endpoint has been associated successfully. Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 11 March 2019, 18:16:57 UTC |
| bd3b62a | Thomas Graf | 04 March 2019, 22:47:35 UTC | workloads: Disable periodic runtime sync in Kubernetes modes [ upstream commit 3e5993e463e0506655ad44733c87e76160ad3857 ] The periodic container runtime sync is a fall-back saftey net in case container runtime events have been missed and unmanaged containers are running on the local node. This is primarily a leftover from pre Kubernetes times. In the case of Kubernetes, kubelet is doing a great job of managing all containers, cleaning up stale containers and issuing CNI ADD/DEL calls correctly. Disable the periodic check for Kubernetes but keep the go routine to clean up no longer used event handling channels. Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 11 March 2019, 18:16:57 UTC |
| 05344b0 | John Fastabend | 06 March 2019, 17:07:31 UTC | cilium: bugtool add xfrm details [ upstream commit 53b310438ee539e75652c9725578bf3beaab78c4 ] Signed-off-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Martynas Pumputis <m@lambda.lt> | 10 March 2019, 18:35:08 UTC |
| 2d40587 | André Martins | 01 March 2019, 22:01:07 UTC | vendor: update to k8s 1.13.4 [ upstream commit d2aec81683860d2bac208f6be04c4a14cda3521e ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Martynas Pumputis <m@lambda.lt> | 10 March 2019, 18:35:08 UTC |
| 0291e57 | André Martins | 01 March 2019, 22:00:33 UTC | test: update k8s version 1.10, 1.11, 1.12 and 1.13 [ upstream commit e2cc1df2320d77e1fce894e92dd8b54baaad7714 ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Martynas Pumputis <m@lambda.lt> | 10 March 2019, 18:35:08 UTC |
| 196f5ca | André Martins | 27 February 2019, 11:33:09 UTC | docs: fix gke guide [ upstream commit 8796bda58736f51820837008034cf0f31b8252b4 ] Add missing steps that were required for a successful run of the getting started guide. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Martynas Pumputis <m@lambda.lt> | 10 March 2019, 18:35:08 UTC |
| 1d8858b | Thomas Graf | 08 March 2019, 10:37:04 UTC | doc: Fix etcd key paths for external etcd installation [ upstream commit 29ef87aa4e24a9d6058e070ba96ad0cbce04de4e ] The paths in the standard installation YAML: # ca-file: '/var/lib/etcd-secrets/etcd-client-ca.crt' # key-file: '/var/lib/etcd-secrets/etcd-client.key' # cert-file: '/var/lib/etcd-secrets/etcd-client.crt' was not aligned with the paths used in the key creation instructions: kubectl create secret generic -n kube-system cilium-etcd-secrets \ --from-file=etcd-ca=ca.crt \ --from-file=etcd-client-key=client.key \ --from-file=etcd-client-crt=client.crt Signed-off-by: Thomas Graf <thomas@cilium.io> | 08 March 2019, 22:02:38 UTC |
| e593a07 | Ian Vernon | 07 March 2019, 19:20:11 UTC | Prepare for v1.4.2 release Signed-off by: Ian Vernon <ian@cilium.io> | 08 March 2019, 18:02:39 UTC |
| 7b10bb8 | John Fastabend | 05 March 2019, 05:52:51 UTC | cilium: ipsec, zero cb[0] to avoid incorrectly encrypting [ upstream commit a59a7c48da527724bfb1f1169b166b046ba89fba ] This zero's the skb->cb[0] field used to indicate a pkt needs to be encrypted after its other use as the CB_SRC_LABEL. This removes any chance of a redirect causing an unexpected encryption. Signed-off-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Ian Vernon <ian@cilium.io> | 06 March 2019, 10:18:26 UTC |
| 11434ca | Martynas Pumputis | 05 March 2019, 11:22:28 UTC | contrib: Update backporting README [ upstream commit 1010c58f4c2da2862c6159c73b331f28c613f14b ] Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Ian Vernon <ian@cilium.io> | 06 March 2019, 10:18:26 UTC |
| a757b6e | Martynas Pumputis | 05 March 2019, 10:26:38 UTC | contrib: Fix cherry-pick to avoid omitting parts of patch [ upstream commit 20c8e6ca506349e9755fc4752893c2959b656262 ] The cherry-pick script inserts "[ upstream commit $ID ]" into a commit message after its title. This is done by splitting the original commit message into two parts with sed - one before the first empty line and everything else. Sometimes, extracting the later part did not properly work - some parts of commit message were omitted, and I haven't spent much time trying to understand why sed decided to omit. This commit changes the sed pattern to print everything after the first empty line. I have tested it with the 7ba1142f60 ("contrib: `$a` corrupted patch in Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Ian Vernon <ian@cilium.io> | 06 March 2019, 10:18:26 UTC |
| f67ec68 | John Fastabend | 27 February 2019, 23:06:29 UTC | cilium: push decryption up so we can decrypt even if not endpoint [ upstream commit 1466d7fe7636c1cea644c80a25a41f5717ce6c72 ] Currently we check if there is a corresponding endpoint for the ip4 header before decrypting it. But, if we are encrypting the traffic to the tunnel for an unmanaged pod we mey not have an endpoint in the table. If this is the case move ESP check out of if/else and decrypt using IPsec stack. Signed-off-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Martynas Pumputis <m@lambda.lt> | 05 March 2019, 19:47:37 UTC |
| fcdc88e | John Fastabend | 08 February 2019, 16:17:30 UTC | cilium: populate wildcard src->dst policy for ipsec [ upstream commit 05ea001368660bd69f1cb98ec46f7e21a6c17a94 ] Policy/State rules are populated when we receive kvstore or k8s events. On egress we must match the (dst_addr, spi) tuple via the xfrm policy and then link this to a state using the tmpl including the same (dst_addr, spi). This results in a pair of policy/state rules per node on the host. The above rules also specify a src address so that we only match Cilium managed traffic. This includes the IP address on cilium_host and the endpoint allocation range. On the ingress side we have been doing the same but swapped. The tuple (src, dst, spi) is used in the policy to match traffic and then linked to the state via the tmpl. These are also added on update events. However, this creates more rule than are actually needed. By wildcarding the source on ingress traffic we can match all traffic for the node with a single rule. Further the existing scheme is buggy and dst-ip/spi pairs can collide. The fix is to insert a wildcard decrypt rule when the local node update event is received. Then on node update events only add the egress rule. Signed-off-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Martynas Pumputis <m@lambda.lt> | 05 March 2019, 19:47:37 UTC |
| 4063e87 | Joe Stringer | 01 March 2019, 00:01:26 UTC | daemon: Remove old health EP state dirs in restore [ upstream commit fb97f6dbede99522e08c4e7c23cf448675f70fb0 ] In the restore logic, when attempting to restore endpoints, if there are old health endpoint state files left on the filesystem, clean them up as these endpoints will not be restored, and otherwise they will just hang around forever. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Martynas Pumputis <m@lambda.lt> | 05 March 2019, 19:47:37 UTC |
| 2711b92 | Joe Stringer | 01 March 2019, 23:23:43 UTC | api: Return 500 when API handlers panic. [ upstream commit bbb8ab841c8e34f0dc4c3a505e0a04ccf5823530 ] Previously, when an API handler panicked, the resulting return code for the request would be 200 OK, implying that the API request was satisfied despite the fact that the handler panicked while handling the request. Fix this by writing the header code for internal server error with a message asking the user to check the cilium logs for details. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Martynas Pumputis <m@lambda.lt> | 05 March 2019, 19:47:37 UTC |
| 480d77b | Thomas Graf | 28 February 2019, 22:23:37 UTC | ipcache: Protect from delete events for alive IP but mismatching key [ upstream commit 0ad6d82b100dfbd8cdf0e79cc8333b49a4471a38 ] kvstore delete events covering global CIDR identities of Cilium 1.2 can currently overwrite and delete local CIDR identities in the ipcache. This can lead to non-recoverable situations after an upgrade as the delete event will remove an ipcache entry. Fixes: #7156 Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Martynas Pumputis <m@lambda.lt> | 05 March 2019, 19:47:37 UTC |
| 07dd741 | Thomas Graf | 28 February 2019, 12:25:41 UTC | store: Protect from deletion of local key via kvstore event [ upstream commit 10753fc1ed7df543e339671727029c3c11155538 ] Ensure that local keys can never be removed via a kvstore delete event. The most likely reason for this to happen is if the lease of an old agent expires before the new agent with a matching local key manages to update the key and establish a new lease. Fixes: #7222 Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Martynas Pumputis <m@lambda.lt> | 05 March 2019, 19:47:37 UTC |
| 63a9fc9 | Joe Stringer | 28 February 2019, 20:44:49 UTC | test: Wait for cilium to start in runtime provision [ upstream commit efca10b1f88b8b7808aeaa5c3a1449b23e670e7b ] Refactor the code used to ensure that the dev VM's cilium has successfully started into a script and reuse it from the ginkgo provision scripts. This should ensure that if Cilium crashes shortly after startup, the CI provision step will fail with a useful error message in the logs. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Maciej Kwiek <maciej@covalent.io> | 01 March 2019, 20:10:20 UTC |
| 5581098 | Ian Vernon | 28 February 2019, 17:07:34 UTC | contrib: fix extraction of cilium-docker binary [ upstream commit f85aab285b9c49246dd6691312c844268d729dc9 ] Commit 084674e4cd84a7c76f28fba404ee340b8bc74d95 changed the location of the `cilium-docker` binary to be at `/usr/bin/cilium-docker` instead of `/user/bin/cilium-docker/cilium-docker`, so the uploadrev script needs to be updated accordingly to extract the binary from its new location in the image. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Maciej Kwiek <maciej@covalent.io> | 01 March 2019, 20:10:20 UTC |
| 93a712d | Joe Stringer | 28 February 2019, 00:57:13 UTC | contrib: Update rebase-bindata to use fix-sha.sh [ upstream commit 7058789aa0053d0856a3a97079fe33ae6b07f145 ] Signed-off-by: Joe Stringer <joe@cilium.io> | 01 March 2019, 09:05:50 UTC |
| e93ddd3 | Joe Stringer | 28 February 2019, 00:11:45 UTC | contrib: Add new script to auto-fix bpf.sha [ upstream commit fc13da7b3c49de777fefa655c916b7285ed9208c ] Add a script we can use to fix up the bpf.sha. Run it, then run "git add daemon/bpf.sha". Signed-off-by: Joe Stringer <joe@cilium.io> | 01 March 2019, 09:05:50 UTC |
| 6371817 | Joe Stringer | 27 February 2019, 23:47:04 UTC | cherry-pick: Print sha when applying patch. [ upstream commit 1cd5161bf9a93126b13511e3536505e3aae05d84 ] Make the "git am" output quiet, and print similar output but with more information - not just the commit title, but the sha too. This is useful when applying multiple commits at once, if there is a failure in the middle as it's easier to tell where in the list of cherry-picks you got up to. Signed-off-by: Joe Stringer <joe@cilium.io> | 01 March 2019, 09:05:50 UTC |
| a297c96 | Joe Stringer | 27 February 2019, 23:45:55 UTC | check-stable: Sort PRs by merge date [ upstream commit f3871edd645bbb0f5997bd76a3936e8214c5d55a ] By the power of the dark art of the bourne again shell, sort the output of the "check-stable" PR by merge date, oldest to newest. This should ease backporting as sorting by PR number was inaccurate and would sometimes reorder PRs, leading to more conflicts than necessary. Signed-off-by: Joe Stringer <joe@cilium.io> | 01 March 2019, 09:05:50 UTC |
| 1eeb7e2 | Thomas Graf | 27 February 2019, 10:34:14 UTC | workloads: Don't spin up receive queue in periodic watcher [ upstream commit 32c678f2d7fff6d4764b608e571a983a5a17e06d ] The periodic watcher will call handleCreateWorkload() directly. There is no reason to also spin up a new receive queue. Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Joe Stringer <joe@cilium.io> | 01 March 2019, 09:05:50 UTC |
