https://github.com/cilium/cilium
- HEAD
- refs/heads/1.2.7-hotfix1-fqdn-regen
- refs/heads/EndpointPolicyEnformcement
- refs/heads/all-scalability-improvements
- refs/heads/beta/service-mesh
- refs/heads/bpf-metrics
- refs/heads/brb/brb-patch-2
- refs/heads/cilium-envoy-crd-pre-beta
- refs/heads/cilium-no-gopath
- refs/heads/cli-upgrade-v1.12-ci-test
- refs/heads/clustermesh511-upgrade-test
- refs/heads/committers-codeowners
- refs/heads/debug
- refs/heads/dev/joe/v1.8-with-hostfw-fixes
- refs/heads/enable_cnp_latency
- refs/heads/encrypt-node-fixes
- refs/heads/ensure-macos-build-succeeds
- refs/heads/envoy-policy-precedence
- refs/heads/envoy-warnings-cleanup
- refs/heads/extension-mysql
- refs/heads/feature/cep-scalability
- refs/heads/feature/devices-and-addresses
- refs/heads/feature/devices-reconciliation-v1.16
- refs/heads/feature/main/svc-icmp-response
- refs/heads/feature/service-refactor
- refs/heads/feature/service-refactor-fresh
- refs/heads/feature/v1.11/beta-test
- refs/heads/feature/v1.11/k8s-ingress
- refs/heads/fix-iphealth
- refs/heads/fqdn-fixl3-wildcard
- refs/heads/fristonio/iptables-manager-fix
- refs/heads/ft/main/chancez/push-dev-charts
- refs/heads/ft/main/push_chart_stable_branches_fix
- refs/heads/ft/main/test_push_chart_updates
- refs/heads/gce-example
- refs/heads/gh-readonly-queue/main/pr-27509-78a5f177693fb443cd946441f45826bf7fa2437a
- refs/heads/ginkgo-better-timeout
- refs/heads/graduation
- refs/heads/hf/main/ipam-pools-build-230605
- refs/heads/hf/master/v1.12-rc2-health-dbg-v1
- refs/heads/hf/master/wg-fix-ipam-k8s-v2
- refs/heads/hf/v1.10/cls-prio2
- refs/heads/hf/v1.10/debug-taint-removal
- refs/heads/hf/v1.10/v1.10.10-with-19452
- refs/heads/hf/v1.10/v1.10.2-fix-ipsec-ep-routes
- refs/heads/hf/v1.10/v1.10.5-with-identity-leak-fix
- refs/heads/hf/v1.10/v1.10.7-additional-logs
- refs/heads/hf/v1.10/v1.10.7-exclude-local
- refs/heads/hf/v1.10/v1.10.7-exclude-loopback
- refs/heads/hf/v1.10/v1.10.7-extra-logs
- refs/heads/hf/v1.10/v1.10.7-more-logs
- refs/heads/hf/v1.10/v1.10.8-deadlock-and-complexity-fix
- refs/heads/hf/v1.10/v1.10.8-deadlock-fix
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v3
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v4
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v5
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v6
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v7
- refs/heads/hf/v1.11/1.11.4-custom-taint
- refs/heads/hf/v1.11/19247-custom-taint-key
- refs/heads/hf/v1.11/dbg-svc-restore
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak-eni-attach-and-logging
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak-eni-attachment
- refs/heads/hf/v1.11/v1.11.3-with-19259
- refs/heads/hf/v1.11/v1.11.4-custom-taint
- refs/heads/hf/v1.11/v1.11.5-and-19247-eed5544
- refs/heads/hf/v1.11/xdp-multidev-v1
- refs/heads/hf/v1.11/xdp-multidev-v2-ipcache-fix
- refs/heads/hf/v1.12/next-net-v1
- refs/heads/hf/v1.12/v1.12.18-994
- refs/heads/hf/v1.12/v1.12.3-debug-k8s-heartbeat
- refs/heads/hf/v1.12/v1.12.3-debug-k8s-heartbeat-v2
- refs/heads/hf/v1.13/bpf-sock-l7-fix
- refs/heads/hf/v1.13/v1.13.12-without-deny-precedence
- refs/heads/hf/v1.13/v1.13.14-without-deny-precedence
- refs/heads/hf/v1.13/v1.13.14-without-deny-precedence-debug
- refs/heads/hf/v1.13/v1.13.14-without-deny-precedence-with-xfrm-fix
- refs/heads/hf/v1.13/v1.13.2-with-24875
- refs/heads/hf/v1.13/v1.13.3-with-26242
- refs/heads/hf/v1.14/cidr-identity-refcnt-fix
- refs/heads/hf/v1.14/v1.14-with-27327
- refs/heads/hf/v1.7/v1.7.15-with-neighbor-fix
- refs/heads/hf/v1.7/v1.7.15-with-neighbor-fix-2
- refs/heads/hf/v1.8/v1.8.13-with-19452
- refs/heads/hf/v1.8/v1.8.6-eni-cidr-fix-1
- refs/heads/hf/v1.8/v1.8.6-eni-cidr-fix-15303
- refs/heads/hf/v1.8/v1.8.7-with-fqdn-underscore-fix
- refs/heads/hf/v1.8/v1.8.8-eni-cidr-fix-1
- refs/heads/hf/v1.8/v1.8.8-with-encrypt-fixes
- refs/heads/hf/v1.9/v1.9.8-azure-ipam-fix
- refs/heads/hf/v1.9/v1.9.9-azure-pod-egress-fix
- refs/heads/images/runtime/20210830
- refs/heads/ipc-demo
- refs/heads/ktls-tx-only
- refs/heads/ktls-tx-only-v2
- refs/heads/ktls-tx-rx
- refs/heads/ktls-tx-rx-v2
- refs/heads/ktls-tx-rx-v3
- refs/heads/ktls-tx-rx-v4
- refs/heads/ktls-tx-rx-v5
- refs/heads/ldelossa/feat/bgp-control-plane
- refs/heads/ldelossa/segment-makefiles
- refs/heads/ldelossa/segment-makefiles-v2
- refs/heads/ldelossa/srv6-encap-fib
- refs/heads/lizrice/pr/cli-confusion
- refs/heads/main
- refs/heads/multi-stack-dev-vm
- refs/heads/pr/1-9-ci-test
- refs/heads/pr/aanm-update-k8s-conformance
- refs/heads/pr/aanm/bisect
- refs/heads/pr/aanm/test-31027
- refs/heads/pr/add-controller-identity
- refs/heads/pr/aditighag/lrp-skip-lb
- refs/heads/pr/asauber/link-local-as-host
- refs/heads/pr/asauber/max-ifindex-metric
- refs/heads/pr/avoid-ct-for-dsr
- refs/heads/pr/backend-state
- refs/heads/pr/bbb-cpy
- refs/heads/pr/bimmlerd/modularize-bandwidth-manager
- refs/heads/pr/bimmlerd/v1.12-backport-quay-org-from-env
- refs/heads/pr/bounded-loops
- refs/heads/pr/bpf-based-masquerading
- refs/heads/pr/bpf-edt-proxy
- refs/heads/pr/brb/arping-nexthop
- refs/heads/pr/brb/arping-via-gw
- refs/heads/pr/brb/auto-multi-dev-v2
- refs/heads/pr/brb/backport-1.8.5-nat-gc
- refs/heads/pr/brb/bpf-host-routing-wg
- refs/heads/pr/brb/bpf-lxc-no-redirect
- refs/heads/pr/brb/bpf-masq-no-socket-lb
- refs/heads/pr/brb/bpf-masq-veth
- refs/heads/pr/brb/bpf-multihoming
- refs/heads/pr/brb/cgroup-v2-test
- refs/heads/pr/brb/check-errors-in-logs
- refs/heads/pr/brb/check-wg
- refs/heads/pr/brb/ci
- refs/heads/pr/brb/ci-1111
- refs/heads/pr/brb/ci-2
- refs/heads/pr/brb/ci-4.19
- refs/heads/pr/brb/ci-arping-flake
- refs/heads/pr/brb/ci-bigtcp
- refs/heads/pr/brb/ci-bpf-netdev-without-egress
- refs/heads/pr/brb/ci-cleanup-svc
- refs/heads/pr/brb/ci-dbg-conformance-kind
- refs/heads/pr/brb/ci-dbg-external
- refs/heads/pr/brb/ci-dbg-flake-from-outside
- refs/heads/pr/brb/ci-demo
- refs/heads/pr/brb/ci-disable-ces-for-egress-gw
- refs/heads/pr/brb/ci-dp-disable-bpf-host-routing
- refs/heads/pr/brb/ci-dp-hubble-flows
- refs/heads/pr/brb/ci-dp-more-diversity
- refs/heads/pr/brb/ci-dp-v1.13
- refs/heads/pr/brb/ci-dp-v6
- refs/heads/pr/brb/ci-dp-verifier
- refs/heads/pr/brb/ci-e2e-enable-debug-ipsec
- refs/heads/pr/brb/ci-e2e-geneve-dsr
- refs/heads/pr/brb/ci-e2e-helm-mode-v1.13
- refs/heads/pr/brb/ci-e2e-lvh-retry
- refs/heads/pr/brb/ci-e2e-more-nodes
- refs/heads/pr/brb/ci-e2e-new-cli
- refs/heads/pr/brb/ci-e2e-nft
- refs/heads/pr/brb/ci-e2e-unsafe
- refs/heads/pr/brb/ci-e2e-unsafe-v2
- refs/heads/pr/brb/ci-e2e-upgrade-tests
- refs/heads/pr/brb/ci-e2e-upgrade-tests-ipsec
- refs/heads/pr/brb/ci-early-terminate-conn-disrupt
- refs/heads/pr/brb/ci-eks-ipsec-upgrade
- refs/heads/pr/brb/ci-encrypt-l7
- refs/heads/pr/brb/ci-fix-ip-masq-dry-run
- refs/heads/pr/brb/ci-ipsec-upgrade-fix
- refs/heads/pr/brb/ci-ipsec-upgrade-missed-tail-calls
- refs/heads/pr/brb/ci-ipsec-upgrade-v1.13
- refs/heads/pr/brb/ci-ipsec-upgrade-vol2
- refs/heads/pr/brb/ci-keep-missed-tail-calls
- refs/heads/pr/brb/ci-l7-nodeport
- refs/heads/pr/brb/ci-lvh-4.19
- refs/heads/pr/brb/ci-lvh-5.4
- refs/heads/pr/brb/ci-lvh-5.4-v2
- refs/heads/pr/brb/ci-lvh-bpf-next
- refs/heads/pr/brb/ci-no-self-hosted
- refs/heads/pr/brb/ci-pass-kernel-env
- refs/heads/pr/brb/ci-prepull-l4lb
- refs/heads/pr/brb/ci-refactor-svc-suite
- refs/heads/pr/brb/ci-rm-smoke-tests
- refs/heads/pr/brb/ci-sanity
- refs/heads/pr/brb/ci-test
- refs/heads/pr/brb/ci-test-2
- refs/heads/pr/brb/ci-test-k8s-vsn-swap
- refs/heads/pr/brb/ci-test-large-runners
- refs/heads/pr/brb/ci-uffff
- refs/heads/pr/brb/ci-upgrade-vol-2
- refs/heads/pr/brb/ci-upgrade-vol-3
- refs/heads/pr/brb/ci-wg-mtu
- refs/heads/pr/brb/ci-wg-mtu-vol2
- refs/heads/pr/brb/cilium-host-v6-from-ipam
- refs/heads/pr/brb/cli-bump-test
- refs/heads/pr/brb/datapath-loop-dbg
- refs/heads/pr/brb/dbg-ci
- refs/heads/pr/brb/dbg-conformance-gke
- refs/heads/pr/brb/dbg-master-np-vxlan-ipcache-ci
- refs/heads/pr/brb/debug-nodeport-bpf-flake
- refs/heads/pr/brb/do-not-derive-pod-cidrs-from-dev
- refs/heads/pr/brb/do-not-query-dev-for-arping
- refs/heads/pr/brb/docs-clarify-egress-gw-ip-addr-dp
- refs/heads/pr/brb/drop-notify
- refs/heads/pr/brb/dsr
- refs/heads/pr/brb/dsr-v2
- refs/heads/pr/brb/dualstack-ci
- refs/heads/pr/brb/enable-ipv6-per-endpoint-routes
- refs/heads/pr/brb/enable-route-mtu-cni
- refs/heads/pr/brb/fib-lookup-src
- refs/heads/pr/brb/fix-backend-id-u32
- refs/heads/pr/brb/fix-ci-dp-deprecation-warn
- refs/heads/pr/brb/fix-clang-vsn-regexp
- refs/heads/pr/brb/fix-egress-ip-16147
- refs/heads/pr/brb/fix-external-ip-dp
- refs/heads/pr/brb/fix-maglev-del
- refs/heads/pr/brb/fix-nodeport-hostnetns
- refs/heads/pr/brb/fix-stale-dsr
- refs/heads/pr/brb/fix-svc-backend-selection
- refs/heads/pr/brb/fix-third-host
- refs/heads/pr/brb/gh-action-cgr
- refs/heads/pr/brb/gh-action-lvh
- refs/heads/pr/brb/gh-install-cli-backup
- refs/heads/pr/brb/ginkgo-kpr-strict
- refs/heads/pr/brb/ginkgo-rm-update-tests
- refs/heads/pr/brb/go-crazy
- refs/heads/pr/brb/hubble-tcp-ack-seq-no
- refs/heads/pr/brb/improve-svc-restore
- refs/heads/pr/brb/istio-getsockopt
- refs/heads/pr/brb/it-cannot-be-truth
- refs/heads/pr/brb/kpr-svc-mesh
- refs/heads/pr/brb/kubeproxy-free-ci
- refs/heads/pr/brb/l7-np-bpf
- refs/heads/pr/brb/l7-rerevert
- refs/heads/pr/brb/lets-be-friends-with-ipsec
- refs/heads/pr/brb/lvh-kind-127
- refs/heads/pr/brb/lvh-kind-ipsec-upgrade
- refs/heads/pr/brb/meyskens/auth-ep-gc-locks
- refs/heads/pr/brb/multi-network
- refs/heads/pr/brb/no-cache-snat
- refs/heads/pr/brb/no-rev-nat-bpf-lxc-ingress
- refs/heads/pr/brb/node-id-per-fam
- refs/heads/pr/brb/nodeport-xlr-flag
- refs/heads/pr/brb/perf-wg
- refs/heads/pr/brb/pin-lvh
- refs/heads/pr/brb/push-ci-charts
- refs/heads/pr/brb/pwru
- refs/heads/pr/brb/rm-arping-l2-addr-check
- refs/heads/pr/brb/rm-no-redirect
- refs/heads/pr/brb/rm-np-deadcode
- refs/heads/pr/brb/rm-partial-host-svc
- refs/heads/pr/brb/rm-test-gke
- refs/heads/pr/brb/test-bpf-masq
- refs/heads/pr/brb/test-ci-e2e
- refs/heads/pr/brb/test-ci-e2e-v1.13
- refs/heads/pr/brb/test-kind
- refs/heads/pr/brb/third-host-more-pain
- refs/heads/pr/brb/timing-l4lb-gh-action
- refs/heads/pr/brb/triage-flake-v2
- refs/heads/pr/brb/triage-lb-flake
- refs/heads/pr/brb/unquarantine-svc
- refs/heads/pr/brb/v1.10-istio-snat
- refs/heads/pr/brb/v1.12-ci-e2e
- refs/heads/pr/brb/v1.12-ci-ipsec-upgrade
- refs/heads/pr/brb/v1.12-test-ipsec-upgrade
- refs/heads/pr/brb/v1.13-ci-e2e
- refs/heads/pr/brb/v1.13-remote-np
- refs/heads/pr/brb/v1.13-upgrade-fixes
- refs/heads/pr/brb/v1.14-ci-e2e-upgrade
- refs/heads/pr/brb/v1.14-drop-notify
- refs/heads/pr/brb/v1.15-enable-route-mtu-cni
- refs/heads/pr/brb/v1.6.9-iptables-W
- refs/heads/pr/brb/v1.8-fix-icmp-port-check
- refs/heads/pr/brb/wg-duplicate-node-ip
- refs/heads/pr/brb/wg-encrypt-node-test
- refs/heads/pr/brb/wg-hack
- refs/heads/pr/brb/wg-ipam-fix
- refs/heads/pr/brb/wg-kpr
- refs/heads/pr/brb/wg-test
- refs/heads/pr/brb/wip
- refs/heads/pr/brb/wip-ci
- refs/heads/pr/brb/wip-sync-policy-map
- refs/heads/pr/brb/xdp-egress-gw
- refs/heads/pr/brb/xdp-multidev-with-bpf-multihoming
- refs/heads/pr/brb/xdp-multidev-with-bpf-multihoming-v2
- refs/heads/pr/bruno/sleepy-pawn
- refs/heads/pr/bugtool-systemd
- refs/heads/pr/bwm-base2
- refs/heads/pr/bwm-fq
- refs/heads/pr/bwm-priority
- refs/heads/pr/chancez/add_hubble_l7_dashboard_prometheus_example
- refs/heads/pr/chancez/fix_websocket_l7_policies
- refs/heads/pr/chancez/flow_filter_namespace
- refs/heads/pr/chancez/hubble_metrics_tls_docs
- refs/heads/pr/chancez/hubble_plus_plus
- refs/heads/pr/chancez/static_peers_hubble_relay
- refs/heads/pr/christarazi/controlplane-fqdn
- refs/heads/pr/christarazi/ipcache-async-cep-pods-namedports
- refs/heads/pr/christarazi/prep-from-cidr-tests
- refs/heads/pr/ci-k8s-1.30
- refs/heads/pr/datapath-opt
- refs/heads/pr/dbkm/nodeport-lb
- refs/heads/pr/debug-dns-timeout
- refs/heads/pr/eproutes-redir
- refs/heads/pr/example/neigh-state-manager
- refs/heads/pr/fastdp
- refs/heads/pr/fastdp2
- refs/heads/pr/feroz/allow-sbom-read
- refs/heads/pr/feroz/set-container-scan-failure-flag
- refs/heads/pr/fib-consolidation
- refs/heads/pr/fix-aks-workflow
- refs/heads/pr/fix-k8s-all-sha1
- refs/heads/pr/fix-net-next-1.16
- refs/heads/pr/fix-pod-pacing
- refs/heads/pr/fix-tail-call-replace
- refs/heads/pr/fristonio/feat-19038
- refs/heads/pr/fristonio/fix-istio-k8sT
- refs/heads/pr/fristonio/ipv6-masquerading
- refs/heads/pr/fristonio/test-dual-stack
- refs/heads/pr/fristonio/test-ipv6-dualstack
- refs/heads/pr/gandro+brb/fix-monitor-aggregation-np-v2
- refs/heads/pr/gandro+brb/mv-trace-point-to-rev-nodeport
- refs/heads/pr/gandro+brb/wg-host-encryption-v3
- refs/heads/pr/gandro+brb/wg-host2host
- refs/heads/pr/gandro+brb/wg-host2host-kind
- refs/heads/pr/gandro/bump-hubble-2020-03-25
- refs/heads/pr/gandro/ci-conformance-multicluster-fix-log-gathering
- refs/heads/pr/gandro/ci-delete-crds-in-cleanupcomponents
- refs/heads/pr/gandro/ci-fix-status-if-workflows-are-skipped
- refs/heads/pr/gandro/ci-wait-for-all-relevant-images-do-not-merge-test
- refs/heads/pr/gandro/enable-hubble-by-default
- refs/heads/pr/gandro/portmap-refcount
- refs/heads/pr/gandro/re-enable-wireguard-in-multicluster-ci
- refs/heads/pr/gandro/svc-healthchecknodeport
- refs/heads/pr/gc-on-svc-update
- refs/heads/pr/getname-hooks
- refs/heads/pr/giorio94/1.14/test-cilium-cli-2184
- refs/heads/pr/giorio94/main/cluster-name-validation-strict
- refs/heads/pr/giorio94/main/clustermesh-deprecated-cleanup
- refs/heads/pr/giorio94/main/gha-cl2-agents-pprof
- refs/heads/pr/giorio94/main/gha-cl2-compress-agent-pprofs
- refs/heads/pr/giorio94/main/gha-cluster-name
- refs/heads/pr/giorio94/main/gha-conformance-clustermesh-lb
- refs/heads/pr/giorio94/main/test-cilium-cli-2184
- refs/heads/pr/giorio94/main/tests-clustermesh-upgrade-interrupted
- refs/heads/pr/gray/30837-with-pwru
- refs/heads/pr/gray/main/connectivity-wg-proxy-nodeport
- refs/heads/pr/gray/main/decouple-ipsec-gh-actions
- refs/heads/pr/gray/main/egress-proxy-ipsec-fix2
- refs/heads/pr/gray/main/fix-leak-detection-race
- refs/heads/pr/gray/main/xfrm-delete-flake
- refs/heads/pr/gray/main/xfrm-delete-flake2
- refs/heads/pr/gray/pwru-action
- refs/heads/pr/gray/v1.15/decouple-ipsec-gh-actions
- refs/heads/pr/health
- refs/heads/pr/health-data-path
- refs/heads/pr/hubble-tls-cert-gen-via-k8s-job
- refs/heads/pr/ianvernon/kvstore-client-type
- refs/heads/pr/ianvernon/kvstore-context
- refs/heads/pr/ianvernon/more-endpoint-cleanup
- refs/heads/pr/ianvernon/resolve-cidr-policy-perf-improvement
- refs/heads/pr/increase-verifier-test-build-timeout
- refs/heads/pr/ipip
- refs/heads/pr/ipip-encap
- refs/heads/pr/ipip-encap2
- refs/heads/pr/ipip2
- refs/heads/pr/ipip4
- refs/heads/pr/ipip6
- refs/heads/pr/jibi/differentiate-udp-tcp-svcs-take-4
- refs/heads/pr/jibi/fix-differentiate-udp-tcp-svc-upgrade
- refs/heads/pr/jibi/ip-list-contains-addr
- refs/heads/pr/joamaki/gather-network-info
- refs/heads/pr/joamaki/idless-service-restapi
- refs/heads/pr/joe/ariane-scheduled-cilium-only
- refs/heads/pr/joe/backport-28007-1.11
- refs/heads/pr/joe/bump-ginkgo-seed
- refs/heads/pr/joe/docker-build-log-tracing
- refs/heads/pr/joe/ipcache-cidr-policy
- refs/heads/pr/joe/lost-identity
- refs/heads/pr/joe/policymap-format-test
- refs/heads/pr/joe/ready-to-merge
- refs/heads/pr/joe/release-codeowners
- refs/heads/pr/joe/sw-quay
- refs/heads/pr/joe/test-labeler
- refs/heads/pr/joe/test-lvh-fix
- refs/heads/pr/joe/v1.13-stability-check
- refs/heads/pr/joe/v1.7-dev-env
- refs/heads/pr/jrajahalme/gh-filter-test-files
- refs/heads/pr/jrfastab/backport-ooo-ipsec-fixes
- refs/heads/pr/jrfastab/backport-v111-loopback
- refs/heads/pr/jrfastab/backport-v115
- refs/heads/pr/jrfastab/dbgNodeId
- refs/heads/pr/jrfastab/dbgNodeId111
- refs/heads/pr/jrfastab/dbgNodeId111v2
- refs/heads/pr/jrfastab/dbgv114
- refs/heads/pr/jrfastab/eks-encrypt-ipamupdate
- refs/heads/pr/jrfastab/fix-encrypt-subnets
- refs/heads/pr/jrfastab/fix-ixsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/fixes-ipsec-init
- refs/heads/pr/jrfastab/v1.8-fix-ipsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/v1.9-fix-ipsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/v111-debug-ooo
- refs/heads/pr/jrfastab/v111-debug-ooo-v2
- refs/heads/pr/jwi/main/ipsec-rhel8
- refs/heads/pr/jwi/v1.14/ci-ipsec
- refs/heads/pr/jwi/v1.15/bpf-complexity
- refs/heads/pr/jwi/v1.15/ci-ipsec
- refs/heads/pr/k8s-nat46x64
- refs/heads/pr/k8s-nat46x64-2
- refs/heads/pr/kaworu/helm-hubble-cli.yaml
- refs/heads/pr/kkourt/azure-ipam-test-race
- refs/heads/pr/kkourt/bpftool-update
- refs/heads/pr/kkourt/ct-rst-timeout-wip
- refs/heads/pr/kkourt/v1.11-backport-2022-01-26
- refs/heads/pr/kkourt/v1.9-lxc-complexity
- refs/heads/pr/l4lb-improvements-tmp
- refs/heads/pr/learnitall/ginkgo-race-workflow
- refs/heads/pr/learnitall/test-startup-script-changes
- refs/heads/pr/lmb/1.14-cni
- refs/heads/pr/lmb/1.15-cni
- refs/heads/pr/lmb/update-cni-plugin
- refs/heads/pr/marga/v1.11-without-deny-precedence
- refs/heads/pr/marseel/scale_test_1_15
- refs/heads/pr/max/upgrade-llvm-18-1-6
- refs/heads/pr/mhofstetter/guestbook-registry
- refs/heads/pr/mhofstetter/junit-fetch-nullglob
- refs/heads/pr/mhofstetter/ssh-store-consolelog
- refs/heads/pr/mhofstetter/test-ingress
- refs/heads/pr/michi/circular-struggle
- refs/heads/pr/michi/clustermesh
- refs/heads/pr/michi/crdregister
- refs/heads/pr/michi/debug
- refs/heads/pr/michi/description
- refs/heads/pr/michi/dns-refactor12
- refs/heads/pr/michi/ipsec-workflows
- refs/heads/pr/michi/l7drop
- refs/heads/pr/michi/majestic-ketchup
- refs/heads/pr/michi/mega-ketchup
- refs/heads/pr/michi/peerapi
- refs/heads/pr/michi/rest
- refs/heads/pr/michi/scaletest
- refs/heads/pr/michi/sleep-on-it
- refs/heads/pr/michi/test
- refs/heads/pr/michi/weekly-bot
- refs/heads/pr/monitor-wait-ci
- refs/heads/pr/move-image-to-one-repo
- refs/heads/pr/nat-gw-tests
- refs/heads/pr/nathanjsweet/add-complex-allow-test-to-policy-map-tests
- refs/heads/pr/nathanjsweet/add-lockdown-mode-for-policy-map-overflows
- refs/heads/pr/nathanjsweet/differentiate-protocol-in-services
- refs/heads/pr/nathanjsweet/node-port-addresses
- refs/heads/pr/nathanjsweet/refactor-mapstate
- refs/heads/pr/nathanjsweet/update-k8s-control-plane-tests-to-1-27
- refs/heads/pr/nebril/add-dns-concurrency-limit
- refs/heads/pr/nebril/fix-precheck
- refs/heads/pr/nebril/fqdn-proxy-ha
- refs/heads/pr/nebril/fqdn-proxy-interface
- refs/heads/pr/nebril/gke-workflow-migrate-from-cli
- refs/heads/pr/nebril/quarantine-1.14-nodeport
- refs/heads/pr/nebril/test-bottlerocket
- refs/heads/pr/nebril/test-helm-gke-fix
- refs/heads/pr/nebril/test-our-ghaction-shenanigans
- refs/heads/pr/nebril/test-rebase-helm
- refs/heads/pr/nebril/trololo
- refs/heads/pr/nebril/update-cli-9.1-test
- refs/heads/pr/netkit
- refs/heads/pr/netkit3
- refs/heads/pr/netns-switch
- refs/heads/pr/netns-switch-no-peer
- refs/heads/pr/nodeport-fix
- refs/heads/pr/nodeport-improvements2
- refs/heads/pr/nodeport-nat-improvements
- refs/heads/pr/nodeport-nat-improvements2
- refs/heads/pr/nodeport-retry-sport
- refs/heads/pr/pchaigno/deprecate-bpf_network-f
- refs/heads/pr/pchaigno/fix-4.19-bpf-program-size
- refs/heads/pr/pchaigno/hotfix1-ipsec-fix
- refs/heads/pr/pchaigno/hotfix1-ipsec-fix-brb-v0
- refs/heads/pr/pchaigno/optim-complexity-ipcache-lookup
- refs/heads/pr/pchaigno/rework-config-probes
- refs/heads/pr/pchaigno/tmp-base-branch
- refs/heads/pr/pin-1.10-workflows-k8s-version
- refs/heads/pr/pin-1.11-workflows-k8s-version
- refs/heads/pr/pin-1.12-workflows-k8s-version
- refs/heads/pr/pin-1.13-workflows-k8s-version
- refs/heads/pr/pin-cloud-provider-master-workflows
- refs/heads/pr/pr/fix-ipam-node-manager-semaphore-error-handling
- refs/heads/pr/publish-test-images
- refs/heads/pr/qmonnet/docs-20230224
- refs/heads/pr/qmonnet/docs-bump
- refs/heads/pr/qmonnet/ipsec/no-missed-tail-call-1.13
- refs/heads/pr/qmonnet/standalone-lb-docs
- refs/heads/pr/qmonnet/sync-joblists
- refs/heads/pr/rastislavs/bgp-e2e-test
- refs/heads/pr/ray/late-dns-proxy
- refs/heads/pr/rgo3/1.12-run-no-unexpected-drops-for-patch
- refs/heads/pr/rgo3/fix-k8s-vm-provisioning-1.13
- refs/heads/pr/rgo3/fix-missing-health-endpoint
- refs/heads/pr/rolinh/better-policy-verdict
- refs/heads/pr/rolinh/hubble-dump-all
- refs/heads/pr/rolinh/hubble-fix-maxflows-rounding
- refs/heads/pr/route-test
- refs/heads/pr/run-tests-in-parallel
- refs/heads/pr/scalability-crd-only
- refs/heads/pr/squeed/make-ccache
- refs/heads/pr/squeed/per-node-config
- refs/heads/pr/squeed/remote-cluster-leak
- refs/heads/pr/stacy/docs-update
- refs/heads/pr/tammach/accesslog-envoy
- refs/heads/pr/tammach/ci-cm
- refs/heads/pr/tammach/cleanup-helm-1.16
- refs/heads/pr/tammach/envoy-1.30
- refs/heads/pr/tammach/headless-service-flake
- refs/heads/pr/tammach/ingress-controller-e2e-config6
- refs/heads/pr/tammach/more-ingress-tests
- refs/heads/pr/tammach/rennovate-statedb
- refs/heads/pr/tammach/revert/fib-lookup
- refs/heads/pr/tammach/ubuntu-24.04
- refs/heads/pr/tammach/ubuntu-24.04-no-llvm
- refs/heads/pr/tc-np-test
- refs/heads/pr/tcx
- refs/heads/pr/tcx-helm
- refs/heads/pr/tcx-misc
- refs/heads/pr/test-419-ci
- refs/heads/pr/test-increase-update-delete-timeout
- refs/heads/pr/test-k8s-all-tests
- refs/heads/pr/test-lb-super-netperf
- refs/heads/pr/test-nightly
- refs/heads/pr/test-upstream-timeout
- refs/heads/pr/tgraf/chaos-testing
- refs/heads/pr/tgraf/clustermesh-stale-state
- refs/heads/pr/tgraf/eni-ipam
- refs/heads/pr/tgraf/new-endpoint-state
- refs/heads/pr/tgraf/new-policy
- refs/heads/pr/tgraf/remove-tunnel-map
- refs/heads/pr/tgraf/scoped-ipam
- refs/heads/pr/tgraf/sctp
- refs/heads/pr/tgraf/split-lxc-prog
- refs/heads/pr/thorn3r/cesBlanketTest
- refs/heads/pr/thorn3r/clustermesh511
- refs/heads/pr/tklauser/build-push-images-env-var
- refs/heads/pr/tommyp1ckles/debugging-aks-conformance
- refs/heads/pr/tp/add-logging-for-wait-for-pods-term-condition
- refs/heads/pr/tp/backport-31380
- refs/heads/pr/tp/bump-cilium-cli
- refs/heads/pr/tp/cleanup-ipam-ips-metric-docs
- refs/heads/pr/tp/complexity-issue-verifier-case-main
- refs/heads/pr/tp/dont-terminate-on-node-config-changee
- refs/heads/pr/tp/eps-modular-health
- refs/heads/pr/tp/fix-stuck-ginko-pod-v2
- refs/heads/pr/tp/forward-hubble-for-e2e
- refs/heads/pr/tp/forward-hubble-for-e2e-v2
- refs/heads/pr/tp/switch-1.24-eks-region
- refs/heads/pr/tp/switch-1.24-eks-region-v1.13
- refs/heads/pr/tp/use-helm-default-vars-for-clustermesh-downgrade-c1
- refs/heads/pr/tweak-github-action-ref
- refs/heads/pr/twpayne/hubble-recent-events-buffer
- refs/heads/pr/twpayne/hubble-ring-buffer-benchmarks
- refs/heads/pr/update-azure
- refs/heads/pr/update-readme-for-releases
- refs/heads/pr/update-tm-network
- refs/heads/pr/v1.10-backport-2022-06-13
- refs/heads/pr/v1.10-backport-2022-10-03
- refs/heads/pr/v1.10-eni-stability-improvements-v1
- refs/heads/pr/v1.10-neigh-clean
- refs/heads/pr/v1.11-backport-2022-10-03
- refs/heads/pr/v1.11-test/issue-692
- refs/heads/pr/v1.12-backport-2023-10-10
- refs/heads/pr/v1.12-test/issue-692
- refs/heads/pr/v1.13-backport-2023-10-31
- refs/heads/pr/v1.13-backport-2024-04-22-03-42
- refs/heads/pr/v1.13-test/issue-692
- refs/heads/pr/v1.14-backport-2024-06-18-02-46
- refs/heads/pr/v1.14.1
- refs/heads/pr/v1.7-stability-test
- refs/heads/pr/v1.7.9-hf-13205
- refs/heads/pr/v3-cpu
- refs/heads/pr/v6-host-addr2
- refs/heads/pr/vk/bpf/tests/csum
- refs/heads/pr/vk/ci/test/concurrent/run
- refs/heads/pr/vk/doc/ipsec
- refs/heads/pr/vk/ipsec/key/rotate
- refs/heads/pr/vk/test/ipsec/tests/concurrent/run
- refs/heads/pr/wip/bijective-nodemap
- refs/heads/regex_improved
- refs/heads/renovate/v1.13-all-dependencies
- refs/heads/renovate/v1.14-all-dependencies
- refs/heads/renovate/v1.15-aanm-test
- refs/heads/renovate/v1.15-all-dependencies
- refs/heads/renovate/v1.16-cilium-cli
- refs/heads/renovate/v1.16-go
- refs/heads/revert-29086-2023-11-09-backport-1.14
- refs/heads/revert-33302-policy-catch-invalid-port-wildcard
- refs/heads/rib
- refs/heads/run-ci-wihout-building-cilium
- refs/heads/sh-dep-test-l4lb
- refs/heads/sidecar-http-proxy
- refs/heads/sockmap-v5
- refs/heads/sockops-build-fix
- refs/heads/tam/integration-tests
- refs/heads/tam/more-ingress-tests
- refs/heads/tb/bpf-remove-bear
- refs/heads/test-branch
- refs/heads/test-ipsec
- refs/heads/test-sig-bgp-notifs
- refs/heads/test/brlbil/upload
- refs/heads/test/skip-workflows
- refs/heads/tgraf/process-policy
- refs/heads/thorn3r/cesScaleTest
- refs/heads/thorn3rCES
- refs/heads/tinker/learnitall/scale-test-1
- refs/heads/tinker/learnitall/scale-test-2
- refs/heads/tklauser+brb/wip/multi-homing
- refs/heads/unit-test-ipsec
- refs/heads/v0.10
- refs/heads/v0.11
- refs/heads/v0.12
- refs/heads/v0.13
- refs/heads/v0.8
- refs/heads/v0.9
- refs/heads/v1.0
- refs/heads/v1.0.0-rc2
- refs/heads/v1.0.0-rc3
- refs/heads/v1.1
- refs/heads/v1.10
- refs/heads/v1.11
- refs/heads/v1.12
- refs/heads/v1.12.11-base
- refs/heads/v1.13
- refs/heads/v1.14
- refs/heads/v1.15
- refs/heads/v1.16
- refs/heads/v1.2
- refs/heads/v1.3
- refs/heads/v1.3.1
- refs/heads/v1.3.1-release
- refs/heads/v1.3.7-release
- refs/heads/v1.4
- refs/heads/v1.4.5-release
- refs/heads/v1.5
- refs/heads/v1.5.2-rc1-with-clusterip-fix
- refs/heads/v1.5.4-release
- refs/heads/v1.6
- refs/heads/v1.7
- refs/heads/v1.7.9-1
- refs/heads/v1.7.9.1
- refs/heads/v1.8
- refs/heads/v1.9
- refs/heads/verify-external-workload-dns-setup-redux
- refs/heads/vladu/identity-type-metrics
- refs/heads/weavescope
- refs/heads/wip-ktls-tx-rx
- refs/heads/wip-sockmap
- refs/heads/wip-sockmap-v2
- refs/heads/wip-sockmap-v3
- refs/heads/wip-sockmap-v4
- refs/heads/xfrm-subnet-test
- refs/heads/yutaro/bgp-cplane-etp-local/doc
- refs/heads/yutaro/oss/eni-overlapping-mark
- refs/remotes/bruno/hf/v1.10/v1.10.3-bpf-snat-and-masq-fixes
- refs/remotes/joe/submit/quarantine-etcd
- refs/remotes/origin/1.2-backports-18-09-12
- refs/remotes/origin/ipvlan3
- refs/remotes/origin/pr/add-reserved-health
- refs/remotes/origin/pr/brb/nodeport-lb
- refs/remotes/origin/pr/ianvernon/5859
- refs/remotes/origin/pr/ianvernon/dynamic-ep-cfg
- refs/remotes/origin/pr/tgraf/kube-dns-fixed-identity
- refs/semaphoreci/6384f501b324813e55cfbe818c04a40f2a923765
- refs/semaphoreci/7f69b285bac8a1be414e8769799962ae1408d9e1
- refs/semaphoreci/b5eb6622da121ad36b8f375a084392f7feeec64a
- refs/semaphoreci/d9e7e28f39d34a7050a9c1cad2a26d84f5f4eff1
- refs/semaphoreci/f55ec535d85f387ef981265967fabb3c1b5f1ec6
- refs/tags/0.10.1
- refs/tags/1.1.1
- refs/tags/1.9.0-rc0
- refs/tags/v0.11
- refs/tags/v0.12.0
- refs/tags/v0.13.1
- refs/tags/v0.8.0
- refs/tags/v0.8.1
- refs/tags/v0.8.2
- refs/tags/v0.9.0
- refs/tags/v0.9.0-rc1
- refs/tags/v1.0.0-rc2
- Branches list truncated to 687 entries, 4 were omitted.
- v1.0.0-rc14
- v1.0.0-rc13
- v1.0.0-rc11
- v1.0.0-rc10
- v1.0.0-rc1
- v1.0.0
- v0.13.9
- v0.13.8
- v0.13.7
- v0.13.6
- v0.13.5
- v0.13.4
- v0.13.3
- v0.13.28
- v0.13.25
- v0.13.24
- v0.13.23
- v0.13.22
- v0.13.21
- v0.13.20
- v0.13.2
- v0.13.19
- v0.13.18
- v0.13.17
- v0.13.16
- v0.13.15
- v0.13.14
- v0.13.13
- v0.13.12
- v0.13.11
- v0.13.10
- v0.10.0
- 1.9.9
- 1.9.8
- 1.9.7
- 1.9.6
- 1.9.5
- 1.9.4
- 1.9.3
- 1.9.2
- 1.9.18
- 1.9.17
- 1.9.16
- 1.9.15
- 1.9.14
- 1.9.13
- 1.9.12
- 1.9.11
- 1.9.10
- 1.9.1
- 1.9.0-rc3
- 1.9.0-rc2
- 1.9.0-rc1
- 1.9.0
- 1.8.9
- 1.8.8
- 1.8.7
- 1.8.6
- 1.8.5
- 1.8.4
- 1.8.3
- 1.8.2
- 1.8.13
- 1.8.12
- 1.8.11
- 1.8.10
- 1.8.1
- 1.8.0-rc4
- 1.8.0-rc3
- 1.8.0-rc2
- 1.8.0-rc1
- 1.8.0
- 1.7.9
- 1.7.8
- 1.7.7
- 1.7.6
- 1.7.5
- 1.7.4
- 1.7.3
- 1.7.2
- 1.7.16
- 1.7.15
- 1.7.14
- 1.7.13
- 1.7.12
- 1.7.11
- 1.7.10
- 1.7.1
- 1.7.0-rc4
- 1.7.0-rc3
- 1.7.0
- 1.6.9
- 1.6.8
- 1.6.7
- 1.6.6
- 1.6.5
- 1.6.4
- 1.6.3
- 1.6.2
- 1.6.12
- 1.6.11
- 1.6.10
- 1.6.1
- 1.6.0
- 1.5.9
- 1.5.8
- 1.5.7
- 1.5.6
- 1.5.5
- 1.5.4
- 1.5.3
- 1.5.2
- 1.5.13
- 1.5.12
- 1.5.11
- 1.5.10
- 1.5.1
- 1.5.0-rc6
- 1.5.0-rc5
- 1.5.0-rc4
- 1.5.0-rc3
- 1.5.0-rc2
- 1.5.0
- 1.4.9
- 1.4.8
- 1.4.7
- 1.4.6
- 1.4.5
- 1.4.4
- 1.4.3
- 1.4.2
- 1.4.10
- 1.4.1
- 1.4.0-rc9
- 1.4.0-rc8
- 1.4.0-rc7
- 1.4.0-rc6
- 1.4.0-rc5
- 1.4.0-rc2
- 1.4.0
- 1.3.8
- 1.3.7
- 1.3.6
- 1.3.5
- 1.3.4
- 1.3.3
- 1.3.2
- 1.3.1
- 1.3.0-rc5
- 1.3.0-rc4
- 1.3.0
- 1.2.8
- 1.2.7
- 1.2.6
- 1.2.5
- 1.2.4
- 1.2.3
- 1.2.2
- 1.2.1
- 1.2.0-rc3
- 1.2.0-rc2
- 1.2.0-rc1
- 1.2.0
- 1.16.0-rc.1
- 1.16.0-rc.0
- 1.16.0-pre.3
- 1.16.0-pre.2
- 1.16.0-pre.1
- 1.16.0-pre.0
- 1.15.7
- 1.15.6
- 1.15.5
- 1.15.4
- 1.15.3
- 1.15.2
- 1.15.1
- 1.15.0-rc.1
- 1.15.0-rc.0
- 1.15.0-pre.3
- 1.15.0-pre.2
- 1.15.0-pre.1
- 1.15.0-pre.0
- 1.15.0
- 1.14.9
- 1.14.8
- 1.14.7
- 1.14.6
- 1.14.5
- 1.14.4
- 1.14.3
- 1.14.2
- 1.14.13
- 1.14.12
- 1.14.11
- 1.14.10
- 1.14.1
- 1.14.0-snapshot.4
- 1.14.0-snapshot.3
- 1.14.0-snapshot.2
- 1.14.0-snapshot.1
- 1.14.0-snapshot.0
- 1.14.0-rc.1
- 1.14.0-rc.0
- 1.14.0-pre.2
- 1.14.0
- 1.13.9
- 1.13.8
- 1.13.7
- 1.13.6
- 1.13.5
- 1.13.4
- 1.13.3
- 1.13.2
- 1.13.18
- 1.13.17
- 1.13.16
- 1.13.15
- 1.13.14
- 1.13.13
- 1.13.12
- 1.13.11
- 1.13.10
- 1.13.1
- 1.13.0-rc5
- 1.13.0-rc4
- 1.13.0-rc3
- 1.13.0-rc2
- 1.13.0-rc1
- 1.13.0-rc0
- 1.13.0
- 1.12.9
- 1.12.8
- 1.12.7
- 1.12.6
- 1.12.5
- 1.12.4
- 1.12.3
- 1.12.2
- 1.12.19
- 1.12.18
- 1.12.17
- 1.12.16
- 1.12.15
- 1.12.14
- 1.12.13
- 1.12.12
- 1.12.11
- 1.12.10
- 1.12.1
- 1.12.0-rc3
- 1.12.0-rc2
- 1.12.0-rc1
- 1.12.0-rc0
- 1.12.0
- 1.11.9
- 1.11.8
- 1.11.7
- 1.11.6
- 1.11.5
- 1.11.4
- 1.11.3
- 1.11.20
- 1.11.2
- 1.11.19
- 1.11.18
- 1.11.17
- 1.11.16
- 1.11.15
- 1.11.14
- 1.11.13
- 1.11.12
- 1.11.11
- 1.11.10
- 1.11.1
- 1.11.0-rc3
- 1.11.0-rc2
- 1.11.0-rc1
- 1.11.0-rc0
- 1.11.0
- 1.10.9
- 1.10.8
- 1.10.7
- 1.10.6
- 1.10.5
- 1.10.4
- 1.10.3
- 1.10.20
- 1.10.2
- 1.10.19
- 1.10.18
- 1.10.17
- 1.10.16
- 1.10.15
- 1.10.14
- 1.10.13
- 1.10.12
- 1.10.11
- 1.10.10
- 1.10.1
- 1.10.0-rc2
- 1.10.0-rc1
- 1.10.0-rc0
- 1.10.0
- 1.1.6
- 1.1.5
- 1.1.4
- 1.1.3
- 1.1.2
- 1.1.0
- 1.0.7
- 1.0.6
- 1.0.5
- 1.0.4
- Releases list truncated to 313 entries, 325 were omitted.
Take a new snapshot of a software origin
If the archived software origin currently browsed is not synchronized with its upstream version (for instance when new commits have been issued), you can explicitly request Software Heritage to take a new snapshot of it.
Use the form below to proceed. Once a request has been submitted and accepted, it will be processed as soon as possible. You can then check its processing state by visiting this dedicated page.
Processing "take a new snapshot" request ...
Permalinks
To reference or cite the objects present in the Software Heritage archive, permalinks based on SoftWare Hash IDentifiers (SWHIDs) must be used.
Select below a type of object currently browsed in order to display its associated SWHID and permalink.
| Revision | Author | Date | Message | Commit Date |
|---|---|---|---|---|
| 78e2cf4 | Ian Vernon | 09 May 2019, 01:14:37 UTC | Prepare for v1.5.1 Signed-off by: Ian Vernon <ian@cilium.io> | 09 May 2019, 16:31:47 UTC |
| 85d5fa6 | Joe Stringer | 07 May 2019, 17:23:15 UTC | docs: Improve configmap documentation [ upstream commit 2a79e2059383ddcf0e227f3bb92565b048f40e3c ] The existing documentation makes it super easy to accidentally flush out all cilium state and break your cluster. Document that better. While we're at it, adapt some of the configmap descriptions for other options to provide more detail. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 09 May 2019, 01:02:35 UTC |
| 6fb026b | André Martins | 07 May 2019, 20:29:18 UTC | cilium/cmd: dump bpf lb list if map exists [ upstream commit 60862e752712ed403d88d8eb4a204d80c917f275 ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 09 May 2019, 01:02:35 UTC |
| 24d0dd9 | André Martins | 07 May 2019, 09:39:29 UTC | test/provision: update k8s testing versions to v1.11.10 and v1.12.8 [ upstream commit fdf5191739015e63fd8378d75246268ed46f7090 ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 09 May 2019, 01:02:35 UTC |
| 67d1ffd | André Martins | 03 May 2019, 17:06:41 UTC | maps/ctmap: add ctmap benchmark [ upstream commit dc4a3028618efa814781b7fd5513ee136666ad8c ] ``` sudo go test -tags=privileged_tests --check.vv --check.b --check.bmem --check.f="Benchmark_MapUpdate" START: ctmap_privileged_test.go:40: CTMapTestSuite.Benchmark_MapUpdate PASS: ctmap_privileged_test.go:40: CTMapTestSuite.Benchmark_MapUpdate 500000 5415 ns/op 0 B/op 0 allocs/op OK: 1 passed PASS ok github.com/cilium/cilium/pkg/maps/ctmap 3.481s ``` Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 09 May 2019, 01:02:35 UTC |
| 3995a84 | André Martins | 09 April 2019, 21:10:47 UTC | pkg/bpf: use own binary which does not require to create buffers [ upstream commit 0b99c841811f0fc9766f887fd5745a6ccdb58ed9 ] Golang library in the binary.read function allocates buffers. As we provide the memory already pre-allocated to the binary.read we don't actually need those buffers from being allocated. For this reason we will fork the golang library and read the slice of bytes directly to the given interface. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 09 May 2019, 01:02:35 UTC |
| b2f4fe5 | André Martins | 09 April 2019, 20:42:38 UTC | pkg/bpf: add newer LookupElement, GetNextKey and UpdateElement functions [ upstream commit 55276eea4f629a8c4080cc1a30d1386b9fbb4f54 ] We should reuse the same bpfAttrMapOpElem element for each iteration instead of creating a new structure of type `bpfAttrMapOpElem`. This avoids memory from being allocated every time we want to perform an operation in a BPF map. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 09 May 2019, 01:02:35 UTC |
| 389cd5a | André Martins | 03 May 2019, 19:08:18 UTC | pkg/{bpf,datapath,maps}: use same MapKey and MapValue in map iterations [ upstream commit 79c247a955f8c3e02f05dc172fce67e2dd268b2b ] As allocating a new MapKey and MapValue is proven to be expensive we can reuse the same MapKey and MapValue, avoiding re-allocating memory for each map iteration. The caller only needs to guarantee the Key and Value will be DeepCopies during the call back to avoid data override. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 09 May 2019, 01:02:35 UTC |
| 043f5dd | André Martins | 09 April 2019, 20:08:55 UTC | pkg/bpf: add DeepCopyMapKey and DeepCopyMapValue [ upstream commit 6483724330b59947dce0c400660561f410031830 ] As we will re use the same Key and Value over userspace map iterations we will need to have DeepCopy methods in order to DeepCopy those values when doing DumpWithCallback. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 09 May 2019, 01:02:35 UTC |
| 0889d19 | Joe Stringer | 07 May 2019, 00:08:35 UTC | daemon: Use all labels to restore endpoint identity [ upstream commit dd7c78d67a0ea4dfcc018942814c668afea15b5d ] It was previously assumed that upon restart, Cilium would attempt to adjust the labels for existing endpoints based upon the `--labels` option of the current run of the daemon. The logic was there to resolve the new identity, wait if necessary, and so on; However, it was only filtering the previous set of security relevant labels using the new filter, rather than starting from scratch. As a result, if one only ever narrowed the set of labels, then the new identity would be calculated correctly. However, if a user ever removed labels from the filtering set, thereby expanding the set of labels that would be considered security-relevant, then the resolution logic would never take this into account. Fix it by using the total set of known labels from a previous run to calculate the new version of security-relevant labels for determining the identity of an endpoint. While we're at it, ensure that the endpoint's orchestration labels are updated to reflect the new set of security-relevant labels. Fixes: #7914 Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 09 May 2019, 01:02:35 UTC |
| c873f5c | Joe Stringer | 06 May 2019, 20:38:46 UTC | datapath/iptables: Warn when ipv6 modules not available [ upstream commit d3ec0ed2f9b5af5d3eb028d3a46d83ed21c77d0b ] Reduce the severity of this log from Fatal to Warning, so that if a distribution doesn't provide this functionality or builds it into their base kernel image, Cilium will complain but still run. This is similar to the fix a058705f5e9a ("datapath/iptables: Warn when iptables modules are not available"). Fixes: 5b17c993e579 ("datapath/iptables: Check iptables kernel modules") Fixes: #7928 Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 09 May 2019, 01:02:35 UTC |
| bbbcaf6 | André Martins | 08 April 2019, 12:11:39 UTC | ipcache: print tunnel endpoint for RemoteEndpointInfo [ upstream commit a66d045d67d1357edb83767105fa4b8b67406f48 ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 09 May 2019, 01:02:35 UTC |
| 11596e2 | Joe Stringer | 06 May 2019, 22:45:24 UTC | docs,examples: Fix up custom CNI for microk8s [ upstream commit 44018adc91e2e67ad1c57a200a784dddec16f512 ] Microk8s is typically installed via snap, which commonly has readonly filesystems that cause interesting problems with the standard cni-install scripts. To work around such issues, extend the microk8s examples and documentations to use a custom CNI configuration file. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 08 May 2019, 13:40:06 UTC |
| edf8fda | Dan Wendlandt | 26 April 2019, 15:51:05 UTC | Docs: minor fixes to AWS EKS and AWS Metadata filtering GSGs [ upstream commit ec6a5d1410f9400cf2448052b63876fb93a47ef7 ] Signed-off-by: Dan Wendlandt <dan@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 08 May 2019, 13:40:06 UTC |
| 1ed24a4 | Martynas Pumputis | 03 May 2019, 14:27:55 UTC | test: Do not set enable-legacy-services in v1.4 ConfigMap [ upstream commit cdb5546983101e0eed933abfe94ca933e31dd12b ] v1.4 does not support the flag. Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Ray Bejjani <ray@covalent.io> | 08 May 2019, 13:40:06 UTC |
| d0ba534 | André Martins | 02 May 2019, 18:26:40 UTC | pkg/kvstore: disable metric collection if KVStore metrics are not enabled [ upstream commit 035c36b92075918e2215c2d8eddbd6ec2e79b42d ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 08 May 2019, 13:40:06 UTC |
| 1d9c9e3 | André Martins | 30 April 2019, 20:06:47 UTC | pkg/bpf: only account for bpf syscalls if syscall metric is enabled [ upstream commit 603df325f21b545021e434263cd891332766617c ] This will make bpf syscalls to not be accounted by default as they consume lots of memory allocations. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 08 May 2019, 13:40:06 UTC |
| efa49e5 | André Martins | 06 May 2019, 15:12:53 UTC | pkg/metrics: set all metrics as a no-op unless they are enabled [ upstream commit 0fec218c33ffc87d204a64e146e427b1bafdaf8f ] When initializing Cilium, all metrics will be set as a no-op. Registration as well as the real implementation of those metrics will only be enforced made once CreateConfiguration function is called with the given metric names. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 08 May 2019, 13:40:06 UTC |
| 5c426ca | André Martins | 06 May 2019, 15:11:53 UTC | common: add MapStringStructToSlice function [ upstream commit 2ab1496a0cb207a52c2d17037d701e99abbe3246 ] This allows to convert a map[string]struct{} into a slice of string which contains all keys from the given map. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 08 May 2019, 13:40:06 UTC |
| 10f0689 | André Martins | 02 May 2019, 17:04:57 UTC | pkg/metrics: set subsystems and labels as constants [ upstream commit 50332b9e3bc762d9b77b8300ec0b8fd27e22fc66 ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 08 May 2019, 13:40:06 UTC |
| 8f87e30 | André Martins | 30 April 2019, 20:05:31 UTC | pkg/option: add metrics option to enable or disable from default metrics [ upstream commit feb42877c1030f199724a15d642b3dfd0563fc5e ] This gives the ability to enable or disable metrics in cilium from the given default list of metrics in Cilium. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 08 May 2019, 13:40:06 UTC |
| 93fdd78 | André Martins | 06 May 2019, 13:09:17 UTC | pkg/metrics: add no-op implementations for disabled metrics [ upstream commit 0e1049b96bc09718a836e894fbe1f9166a4e24c8 ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 08 May 2019, 13:40:06 UTC |
| 3a528df | André Martins | 02 May 2019, 17:07:15 UTC | daemon: use constant SubsystemAgent from pkg/metrics [ upstream commit 1fdebd4723e36d7f46a10092bf96cd84ba4ef84f ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 08 May 2019, 13:40:06 UTC |
| b4f426b | André Martins | 06 May 2019, 11:33:39 UTC | pkg/metrics: use interfaces for all metrics [ upstream commit d0504eea7d981973b2c2fac7af7cc774bdaf2809 ] Having interfaces will allow the ability to use different implementations for the same metric. For example, in case a user wants to disable a particular metric, that metric will have a no-op implementation of the given interface. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 08 May 2019, 13:40:06 UTC |
| 3deb313 | André Martins | 06 May 2019, 11:29:51 UTC | pkg/metrics: add CounterVec and GaugeVec interfaces [ upstream commit e03b20029520d67d402fa9cd04d199e18a2591bf ] As prometheus golang_library does not offer those interfaces we need to add our own specification of those interfaces. This will allow to have no-op implementations of those interfaces where they will be used when a metric is disabled. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 08 May 2019, 13:40:06 UTC |
| c18acc1 | André Martins | 06 May 2019, 19:55:20 UTC | pkg/buildqueue: remove unused package [ upstream commit 43cc0d39940bd4036530f29a8c3850f16ec12503 ] It seems this package is not being used anywhere and so we can remove it. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 08 May 2019, 13:40:06 UTC |
| f07e7ab | Martynas Pumputis | 26 April 2019, 15:25:11 UTC | bpf: Set BPF_F_NO_PREALLOC before comparing maps [ upstream commit 6c4f620679dca4676a68be2e007b030275daa94f ] Previously, the `bpf.Map.CheckAndUpgrade` method didn't take into consideration the `--preallocate-bpf-maps` flag of the cilium-agent. Therefore, in the case of the map with `type=BPF_MAP_TYPE_HASH` and `flags=BPF_F_NO_PREALLOC(0x1)`, it was wrongly detecting that the map needs to be updated (= removed and recreated). This led to the CT maps w/o prealloc on older kernels to be destroyed each time cilium-agent has restarted. Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Ray Bejjani <ray@covalent.io> | 08 May 2019, 13:40:06 UTC |
| 2193237 | André Martins | 30 April 2019, 18:26:30 UTC | examples/kubernetes: add node to cilium RBAC [ upstream commit 9ae14a903ac9b9bac94b333b7f1d81134a26b7dc ] Add node patch permissions to Cilium RBAC so that we can perform Patch operations to update the annotations in the Node structure of k8s. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 08 May 2019, 13:40:06 UTC |
| 32528c0 | André Martins | 30 April 2019, 18:20:14 UTC | pkg/k8s: patch node annotations [ upstream commit 76900b5baf152ff3868355db75108c0081f60ab8 ] Instead of using Update, which requires to have a copy of node identity locally we can use the patch directly to update Cilium annotations to k8s. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 08 May 2019, 13:40:06 UTC |
| acf58fc | André Martins | 06 May 2019, 11:14:30 UTC | pkg/metrics: add namespace to fqdn_gc_deletions_total [ upstream commit 160f77b64618f7f9f24529e2a3d09625957d1590 ] The fqdn_gc_deletions_total misses the Cilium namespace and it's currently exporter without it. This commit fixes that omission. Fixes: 5a68e1f11dc3 ("FQDN: Add metrics for Garbage collector cleanup.") Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 08 May 2019, 13:40:06 UTC |
| fb03ccd | André Martins | 30 April 2019, 13:35:13 UTC | examples/kubernetes: add node/status to cilium RBAC [ upstream commit 76d6a4a65cb3262dfa218ac9172633149ddca1ff ] This allows to patch the node status of a particular node. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 08 May 2019, 13:40:06 UTC |
| 60de83f | André Martins | 30 April 2019, 13:26:43 UTC | pkg/k8s: patch node status with NetworkUnavailable as false [ upstream commit 0e5e9b56d81fc2d55978d6757b8ef4543cf9e175 ] When Cilium is installed in the node we can signalize the node has its network available as Cilium is manage the connectivity between nodes. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 08 May 2019, 13:40:06 UTC |
| 5d0d09e | André Martins | 30 April 2019, 13:24:42 UTC | pkg/k8s: switch AnnotateNode as a controller [ upstream commit 850ff6601ac1bbfbae0ec41363da8ccbdafb8bf8 ] To make sure the node is annotated with the Cilium annotations we should run it behind a controller which will run until the update call returns successful Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 08 May 2019, 13:40:06 UTC |
| 3a8e2ed | Jimmy Jones | 07 May 2019, 20:15:08 UTC | Typo in encryption algorithm: GMC -> GCM | 07 May 2019, 21:44:54 UTC |
| f423031 | Martynas Pumputis | 02 May 2019, 15:31:01 UTC | daemon: Do not init config when running with --cmdref [ upstream commit da0bd7f87397dd9c8f75ab3ac4cb677673d60a40 ] Previously, `cilium-agent --cmdref <..>` was logging to stderr: level=info msg="Skipped reading configuration file" reason="Config File \"ciliumd\" Not Found in \"[/home/brb]\"" subsys=daemon Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Ian Vernon <ian@cilium.io> | 03 May 2019, 17:33:55 UTC |
| 53b186a | Martynas Pumputis | 02 May 2019, 15:51:53 UTC | daemon: Set $HOME as dir to look for default config ciliumd.yaml [ upstream commit c7efbba9300cafcadb44abc17e835ec72ce514bc ] Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Ian Vernon <ian@cilium.io> | 03 May 2019, 17:33:55 UTC |
| 221ae35 | Martynas Pumputis | 02 May 2019, 15:27:24 UTC | cli: Do not cli init when running cilium-agent [ upstream commit 00a064330031e2a3cf1e7fe9248511be5186c37f ] Previously, the cli init (`cilium/cmd/root.go:func init()`) was called regardless a process was running as cilium-agent. One side-effect of this was that config parsing params of cli were set for cilium-agent. Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Ian Vernon <ian@cilium.io> | 03 May 2019, 17:33:55 UTC |
| 4255fed | Martynas Pumputis | 02 May 2019, 15:25:09 UTC | components: Fix cilium-agent process detection [ upstream commit 83c8e76ceb5ba525bdc657b53be4bb07a90f839d ] Previously, the `components.IsCiliumAgent()` function was not able to detect when cilium-agent was started from not the same dir as the binary, e.g. `../daemon/cilium-agent`. Fixes: b9064c5e8 ("cmd: Detect BPF map root properly") Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Ian Vernon <ian@cilium.io> | 03 May 2019, 17:33:55 UTC |
| 608f30f | Martynas Pumputis | 02 May 2019, 12:12:10 UTC | bpf: Force preallocation for SNAT maps of LRU type [ upstream commit ef96dbd91d8028512ef9fe5680332c737b0e0ed5 ] As reported by a user and tgraf, the bpf/hashtab.c in the kernel has the following precondition when creating maps: if (lru && !prealloc) return -ENOTSUPP; Previously, the SNAT related maps set `CONDITIONAL_PREALLOC` regardless of the maps type. Thus, when `HAVE_LRU_MAP_TYPE` was detected and `--preallocate-bpf-maps=false` was passed to cilium-agent, the kernel was failing to load the map with the following error: Map object 'cilium_snat_v4_external' rejected: Unknown error 524 (524)! Fixes: 0e785f9675 ("bpf: initial bpf-based masquerading support") Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Ian Vernon <ian@cilium.io> | 03 May 2019, 17:33:55 UTC |
| 39a9e07 | Martynas Pumputis | 02 May 2019, 13:55:47 UTC | docs: Add k8s 1.14 to supported versions for testing [ upstream commit fb25ed369e63e68ed04b0c6515cb49323279bc13 ] Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Ian Vernon <ian@cilium.io> | 03 May 2019, 17:33:55 UTC |
| 216cb78 | Ray Bejjani | 30 April 2019, 14:28:01 UTC | CI: Wait on create/delete in helpers.SampleContainersAction [ upstream commit 8abfb186ed93beabd5ee1d769981675ea9c918b3 ] We use this utility function in a number of test suites, cleaning up when they end. We don't wait for the deletes (or creates) to complete and this may cause a race with later tests. We now enforce a wait when creating or deleting endpoints. Signed-off-by: Ray Bejjani <ray@covalent.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 02 May 2019, 03:27:33 UTC |
| 48e1ea2 | Joe Stringer | 30 April 2019, 19:13:21 UTC | endpoint: Fix bug with endpoint state metrics [ upstream commit 63cac3aaa30b1237bc3324ef799d11c2d4c17464 ] Endpoint 'state' field is not stored/restored from the filesystem across Cilium restart. However, the metrics decrement/increment code during `SetStateLocked()` attempted to ensure that the metrics are not decremented for old states during restore by checking the destination state. When commit 69b90d33381d ("endpointmanager: Avoid regenerating restoring endpoints") attempted to provide stronger guarantees about the state of an endpoint's datapath during restore, it tripped this check because it transitions from 'Restoring' state to 'Restoring' state. As a result, in normal operation after a Cilium restart the metrics for endpoints in the restoring state would get stuck at a value above zero, even after the endpoint transitions into 'Ready' state. Fixes: 69b90d33381d ("endpointmanager: Avoid regenerating restoring endpoints") Reported-by: Luan Guimarães <luang@protonmail.ch> Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 02 May 2019, 03:27:33 UTC |
| 8b4052c | Michal Rostecki | 30 April 2019, 18:13:17 UTC | datapath/iptables: Warn when iptables modules are not available [ upstream commit a058705f5e9a980fe31177a80dc7974adf391aa0 ] Before this change, lack of iptables modules made Cilium fail with a fatal error. However, it seems that some Linux distibutions (i.e. CoreOS Container Linux) do not ship all netfilter modules we look for. Fixes: 5b17c993e579 ("datapath/iptables: Check iptables kernel modules") Ref: #7892 Signed-off-by: Michal Rostecki <mrostecki@opensuse.org> Signed-off-by: Ian Vernon <ian@cilium.io> | 02 May 2019, 03:27:33 UTC |
| f02018e | André Martins | 10 April 2019, 11:53:26 UTC | kubernetes/node-init: delete cilium running before kubelet restart [ upstream commit 86357c38423f070293bd377797ef5c96628cecb7 ] We still need to delete Cilium in case it started before we have changed kubelet configuration. This prevents Cilium from pre-allocating all IP addresses managed by cbr0. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 30 April 2019, 17:04:39 UTC |
| f6fe733 | André Martins | 10 April 2019, 11:46:16 UTC | kubernetes/node-init: add more aggressive node-init script [ upstream commit 5bb5b90971c74beb98b0f700cfa2949f122c7d36 ] As node-init script is set with an env variable we can not use another environment variable to enable or disable the automatic deletion of pods managed by kubenet. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 30 April 2019, 17:04:39 UTC |
| db57c56 | André Martins | 10 April 2019, 10:18:37 UTC | kubernetes/node-init: Install cilium cni config before restart kubelet [ upstream commit c24e9d520b62c3639caef4b69bac8a6f7932ea01 ] If the CNI configuration is installed afterwards there might be a race where scheduled pods might be managed by kubenet instead of Cilium. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 30 April 2019, 17:04:39 UTC |
| 067ebc5 | André Martins | 10 April 2019, 09:56:56 UTC | kubernetes/node-init: do not run script on an already setup node [ upstream commit e6ad6169dc4cdef24f093a4706d002613d8f5473 ] If the DaemonSet is accidentally removed it can be re-added without fearing the script will be executed again. However, if the node is restarted, or upgraded, the node-init script might need to be ran again which node-init will detected based on the existence of a file stored in the `/tmp` directory. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 30 April 2019, 17:04:39 UTC |
| de0caa9 | André Martins | 10 April 2019, 09:52:40 UTC | kubernetes/node-init: run cilium-node-init in hostNetwork [ upstream commit 493723f25d024d7cd1bcc488eaa34862b8e3dbeb ] cilium-node-init does not depend on any CNI plugin to be setup so we can run it on hostNetwork. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 30 April 2019, 17:04:39 UTC |
| 5cde8e1 | André Martins | 10 April 2019, 09:51:18 UTC | kubernetes/node-init: run cilium-node-init on any tainted node [ upstream commit 5540c5b5bb6c5f124f29faf75aa1cf5500117c11 ] the node-init script is essential for the cluster to run with cilium therefore it should run on any tainted node. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 30 April 2019, 17:04:39 UTC |
| e1a4d8e | Martynas Pumputis | 26 April 2019, 09:11:07 UTC | daemon: Replace viper.BindEnv with option.BindEnvWithLegacyEnvFallback [ upstream commit ae233a9412a7203aa1e16a7b1daf041840196f67 ] As mentioned in the previous commit, the `viper.BindEnv` does not support multiple ENV bounds for the same option, so we work around this limitation with `option.BindEnvWithLegacyEnvFallback`. The ENV binding order is the following: 1. Bind the ENV param derived from the option name if it's non-empty. 2. Bind the legacy ENV param otherwise. Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Ian Vernon <ian@cilium.io> | 30 April 2019, 17:04:39 UTC |
| 4e4d426 | Martynas Pumputis | 26 April 2019, 09:00:58 UTC | option: Add BindEnvWithLegacyEnvFallback function [ upstream commit 0250ccc12913178a9572bd64ac833cda4c819b48 ] This commit introduces `BindEnvWithLegacyEnvFallback` function which is used to work around the `viper.BindEnv` limitation: only one ENV param can be bound for a given option. This limitation prevents from some ENV params introduced for the backward compatibility in `daemon/deamon_main.go` being usable. E.g. A value of `CILIUM_GLOBAL_CT_MAX_TCP` is actually never used. Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Ian Vernon <ian@cilium.io> | 30 April 2019, 17:04:39 UTC |
| 7d4606f | Ian Vernon | 25 April 2019, 19:53:35 UTC | policy: add debug log when error from `updateEndpointsCaches` is non-nil [ upstream commit d545ecccfe29b94a4ca57444eb2380b2c2ae5936 ] This error is harmless for the most part, but means that an endpoint has been deleted or has a nil identity while we are still trying to update the caches in the rules for it, which is not optimal functionality. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 30 April 2019, 17:04:39 UTC |
| fbc15d6 | Ian Vernon | 24 April 2019, 23:59:08 UTC | policy: ensure Endpoint lock held while accessing identity [ upstream commit b72f8b46c47e9063a1795093a0f7abe8aba55750 ] Because the endpoint identity is mutable, we need to hold the lock for the endpoint while we are updating the caches in the rules which specify what identities are selected by that rule. The endpoint's identity may change while we are updating the caches, which could result in an identity being left behind in said caches. Also, the endpoint's identity may be set to a nil value, which would result in a panic, since fields within the identity are dereferenced to access the identity's labels when the caches within the rules are updated. The locks which check liveness with the endpoint are used here because if the endpoint is being deleted, we don't need to update the caches within the rules anymore for it. Also, when an endpoint is deleted, its security identity is set to `nil` in `pkg/endpoint.go:LeaveLocked`. Read-locking is needed because no updating of the security identity is performed here. There is still a possibility that the endpoint's identity could be nil while it is 'alive', as the endpoint is inserted into the endpointmanager before its identity is allocated in `daemon/endpoint.go:createEndpoint`. This is OK, as once an endpoint's identity is changed, another regeneration will occur for it, which will populate the caches within the rules with its new identity. This case, while possible, is not probable. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 30 April 2019, 17:04:39 UTC |
| bedb382 | Ian Vernon | 24 April 2019, 23:51:03 UTC | policy: add RLockAlive, RUnlock to Endpoint interface [ upstream commit 2449ab6a47128f01fd052adb6c7d59a7d56ea283 ] This is done to ensure that the Endpoint's security identity is not concurrently accessed by threads which update the caches in the rules and threads which change the identity of the endpoint itself. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 30 April 2019, 17:04:39 UTC |
| f7b4116 | Ian Vernon | 24 April 2019, 23:49:38 UTC | endpoint: fix comment for GetSecurityIdentity [ upstream commit e6e5133c6a06bd50f80ae5f7ec4fb19fd83e4ef4 ] Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 30 April 2019, 17:04:39 UTC |
| e453771 | André Martins | 29 April 2019, 16:50:05 UTC | examples/kubernetes: fix generated files Signed-off-by: André Martins <andre@cilium.io> | 30 April 2019, 12:25:04 UTC |
| 45933ad | Daniel Borkmann | 26 April 2019, 13:39:23 UTC | ginko: adjust timeout to something more appropriate [ upstream commit b540ac6dc2788d6e9d65043a2ce9419141aa1a34 ] Looking at the Cilium 1.5 main CI runs under ... https://jenkins.cilium.io/view/Cilium-v1.5/job/cilium-v1.5-standard/ ... the timeout of 1h 15 min is way too short. Runs did finish successfully in the range of 1h 10min, 1h 13min, for example, but others got aborted at 1h 16min. Increase it to 110 min so that we hit aborts less frequent, only if something is really off. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: André Martins <andre@cilium.io> | 30 April 2019, 12:25:04 UTC |
| a8fed0b | Ian Vernon | 26 April 2019, 15:16:15 UTC | test: make function provided to WithTimeout run asynchronously [ upstream commit 149998951b493fea232dbe24d57c38f4998c9b54 ] The provided function was previously ran in the same goroutine as that which would fail upon timeout. If the function itself took longer than the amount of time in the timeout, or got stuck, the timeout would never get hit because it was running in the same goroutine as the function itself. So, run the function in a goroutine and return the result via a channel, which we can select upon. If the timeout is hit before the function exits, `WithTimeout` will now return an error as expected instead of waiting forever. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: André Martins <andre@cilium.io> | 30 April 2019, 12:25:04 UTC |
| cd6827e | Martynas Pumputis | 26 April 2019, 12:19:04 UTC | docs: Add upgrade guide from >=1.4.0 to 1.5 [ upstream commit 2dcd58c504b20ed3c96e34502b2a82d2bc2ae35c ] Mention about possible breakage of established connections due to the change in the CT TCP maps and how to avoid it. Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: André Martins <andre@cilium.io> | 30 April 2019, 12:25:04 UTC |
| 5f8afbb | Thomas Graf | 25 April 2019, 14:54:57 UTC | nodediscovery: Try to register node forever [ upstream commit 40fb2b59814fb2267102547e0c2dd2123554fd91 ] Restarting the agent is very unlikely to help succeed so just keep on restarting. Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: André Martins <andre@cilium.io> | 30 April 2019, 12:25:04 UTC |
| 9b7b48f | Martynas Pumputis | 26 April 2019, 09:32:39 UTC | docs: Mention enable-legacy-services flag in upgrade docs [ upstream commit 85011f5284b111abf900badb1e1382ba1640e3bf ] Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: André Martins <andre@cilium.io> | 30 April 2019, 12:25:04 UTC |
| 1650e9f | Thomas Graf | 25 April 2019, 19:20:54 UTC | operator: Add more logging to see where the operator blocks on startup [ upstream commit 7881196da7be4d8b90458098f9cdcdbc5f3d0296 ] Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: André Martins <andre@cilium.io> | 30 April 2019, 12:25:04 UTC |
| 7e12c74 | Thomas Graf | 25 April 2019, 19:20:54 UTC | operator: Start health API earlier [ upstream commit cc66f0a90324de7ef2085359babf57da57c7e792 ] This avoids getting the operator killed while waiting on k8s apiserver connectivity Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: André Martins <andre@cilium.io> | 30 April 2019, 12:25:04 UTC |
| 803a323 | 刘群 | 24 April 2019, 06:07:52 UTC | doc: fix up Ubuntu apt-get install command [ upstream commit c60d1100d3240aaffe489db3770de6d6254ad711 ] The libmnl package in Ubuntu/Debian packaging system is named as `libmnl0`, not `libmnl`. We should install `libmnl-dev` or `libmnl0` instead: ``` $ sudo apt install libmnl-dev libmnl0 Reading package lists... Done Building dependency tree Reading state information... Done libmnl0 is already the newest version (1.0.3-5). The following NEW packages will be installed: libmnl-dev 0 upgraded, 1 newly installed, 0 to remove and 68 not upgraded. Need to get 11.0 kB of archives. After this operation, 88.1 kB of additional disk space will be used. Do you want to continue? [Y/n] ``` Otherwise apt reports error message `E: Unable to locate package libmnl`. Signed-off-by: Liu Qun <517067180@qq.com> Signed-off-by: André Martins <andre@cilium.io> | 30 April 2019, 12:25:04 UTC |
| caf637c | Ian Vernon | 24 April 2019, 20:36:44 UTC | endpoint: do not serialize JSON for EventQueue field [ upstream commit 3d21702b31a0e5c32f589a8af39dca7c0c0b9736 ] This field's lifecycle should be managed by the agent, and should not persist across cilium-agent restarts. Signed-off by: Ian Vernon <ian@cilium.io>: Signed-off-by: André Martins <andre@cilium.io> | 30 April 2019, 12:25:04 UTC |
| d79682f | Ian Vernon | 23 April 2019, 19:55:50 UTC | contrib: fix up check-fmt.sh [ upstream commit fe14d1d35349cf63549adee4cd20755eaa11a768 ] * Set the pipefail option so that the script fails when a piped command fails. This fixes the issue where `gofmt` was not actually run in the `make jenkins-precheck` target, as the commad to get all files to run `gofmt` failed when `./daemon/bindata.go` was not found, but the script itself did not exit with a non-zero return code. Said file was not able to be found in said target because `make` had not been ran yet. As a result, the `find` command silently failed, which resulted in the contents of the `diff` variable being empty, which the script assumed meant that there were no violations of `gofmt`. * Use bash as the shell for the script to be able to use the pipefail option. With these changes, the `jenkins-precheck` target should correctly catch `gofmt` violations on Jenkins. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: André Martins <andre@cilium.io> | 30 April 2019, 12:25:04 UTC |
| 6da61f7 | André Martins | 24 April 2019, 09:24:50 UTC | operator: add ca-certificates to operator [ upstream commit 16bc8409d0309afba297b83cf62581c1a8344a5d ] As the operator is running based on a scratch image it does not contain any ca-certificates installed which prevents cilium-operator from verifying if a TLS connection is secure. We will use the ca-certificates available from the alpine:3.9.3 and use those ones in production. Signed-off-by: André Martins <andre@cilium.io> | 30 April 2019, 12:25:04 UTC |
| ae861bd | Joe Stringer | 19 April 2019, 20:59:07 UTC | docs: Document how to get started with MicroK8s [ upstream commit 3b7d8bf831349e556087ec65ff98ed6de521bb2c ] Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: André Martins <andre@cilium.io> | 30 April 2019, 12:25:04 UTC |
| 666d967 | Joe Stringer | 19 April 2019, 20:35:18 UTC | examples: Generate microk8s YAMLs [ upstream commit d00be86f87119fb9f21bf8dd831c7126c3a7d01a ] Generate the microk8s YAMLs for each kubernetes version. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: André Martins <andre@cilium.io> | 30 April 2019, 12:25:04 UTC |
| 830701d | Joe Stringer | 19 April 2019, 18:08:31 UTC | examples: Add YAML generation for microk8s [ upstream commit 70c6332a88dd5f557a7df1d692b6e502f0766d0a ] Introduce YAMLs generation for microk8s[0], which uses containerd as the runtime by default, but with socket paths determined via the snap filesystem rather than directly under /var/run. [0] https://microk8s.io/ Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: André Martins <andre@cilium.io> | 30 April 2019, 12:25:04 UTC |
| acb34db | Joe Stringer | 20 April 2019, 00:10:34 UTC | contrib: Simplify microk8s prepull YAML [ upstream commit 38511bf6998d0531db17fd9f6076a16077e98404 ] This YAML depended upon docker being the runtime for microk8s, which is no longer the case in newer (>=v1.14) versions. Adjust it to just pull via the standard mechanism rather than invoking docker. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: André Martins <andre@cilium.io> | 30 April 2019, 12:25:04 UTC |
| e47b37c | Ian Vernon | 26 April 2019, 03:20:13 UTC | Prepare for v1.5.0 Signed-off by: Ian Vernon <ian@cilium.io> | 26 April 2019, 03:21:47 UTC |
| 9e1b804 | Ian Vernon | 24 April 2019, 20:52:47 UTC | Prepare v1.5.0-rc6 Signed-off by: Ian Vernon <ian@cilium.io> | 24 April 2019, 20:53:54 UTC |
| 11f2de8 | Thomas Graf | 23 April 2019, 16:48:27 UTC | iptables: Correctly remove Cilium chains when IPv6 is disabled [ upstream commit e4849ea9046093751bb9fdf311f93d85d91386b8 ] The Cilium chain removal in RemoveRules() was made dependent on IPv6 being enabled, this is incorrect and leads to the following error when Ipv6 is disabled: ``` level=warning msg="iptables: Chain already exists." subsys=iptables level=error msg="Error while initializing daemon" error="cannot add custom chain CILIUM_OUTPUT: exit status 1" subsys=daemon ``` Fixes: 5b17c993e57 ("datapath/iptables: Check iptables kernel modules") Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Joe Stringer <joe@cilium.io> | 24 April 2019, 15:09:00 UTC |
| 1cf8902 | Joe Stringer | 22 April 2019, 23:54:57 UTC | k8s: Fix unformatted go source code [ upstream commit c6548df941b48462441c653c3531fdff6f49dd56 ] make complains: ``` Unformatted Go source code: ./pkg/k8s/json_patch.go Signed-off-by: Joe Stringer <joe@cilium.io> | 24 April 2019, 15:09:00 UTC |
| ffc84af | Martynas Pumputis | 23 April 2019, 14:06:03 UTC | examples: Do not bind mount /sbin/modprobe [ upstream commit e2b3db3bc33fcffa70fc4c5e1a7955d56f664cc9 ] The host's modprobe might be dynamically linked which running from a container might not work as expected. E.g.: [ 1112.449703] modprobe[10018]: segfault at 1a010 ip 00007f31ba4598b8 sp 00007fff6848d1d8 error 4 in libc-2.27.so[7f31ba2ef000+1e7000] (Experienced on GKE) Fixes: 464978c0 ("k8s: Add SYS_MODULE capability, module paths") Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Joe Stringer <joe@cilium.io> | 24 April 2019, 15:09:00 UTC |
| fa09137 | Martynas Pumputis | 23 April 2019, 12:07:20 UTC | Update cilium-runtime image [ upstream commit a12e489d125e390b2f133ef9ca418b64168f5435 ] The updated image includes `modprobe`. Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Joe Stringer <joe@cilium.io> | 24 April 2019, 15:09:00 UTC |
| 047d7b0 | Martynas Pumputis | 23 April 2019, 10:39:35 UTC | contrib: Install modprobe to cilium-runtime image [ upstream commit 03414984883ee94c796b80971b72fd9f4708e7fd ] Currently, the cilium-agent relies on `modprobe` to install missing kernel modules. The `kmod` package for Ubuntu installs the `modprobe` executable and we currently do not ship it with the Cilium container image which can lead to the following error (reported by a user): ``` IPv6 is enabled and ip6tables modules could not be initialized" error="could not load module ip6_tables: exec: \"modprobe\": executable file not found in $PATH" subsys=iptables ``` Fixes: e45c4b2 ("datapath/iptables: Check iptables kernel modules") Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Joe Stringer <joe@cilium.io> | 24 April 2019, 15:09:00 UTC |
| f0330a9 | André Martins | 23 April 2019, 09:11:51 UTC | k8s: fix panic of closed channel [ upstream commit 218f4dc5ff9019d78b896e452a93c2491854ee6a ] The channel was previously closed and it does not need to be re-closed again. Fixes: a63342e75944 ("k8s: Fix leak of k8s controller on kvstore connect & disconnect") Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Joe Stringer <joe@cilium.io> | 24 April 2019, 15:09:00 UTC |
| 8257ba7 | André Martins | 12 April 2019, 18:43:41 UTC | operator: GC nodes from existing CNPs [ upstream commit 0cd1be0e64dc848ea9db83a90e6e2564a4a22f9f ] As nodes can be removed from the cluster their status in the CNP can be left behind. The operator will be checking if nodes are still running and if not, they will be removed from the CNP Node Status. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 23 April 2019, 07:01:38 UTC |
| 371ae43 | Joe Stringer | 22 April 2019, 18:44:16 UTC | contrib: Fix cherry-pick script [ upstream commit d1c258aa45ecd28920102193e7d42ed1c4dceec8 ] This script doesn't work currently because it invokes bash-only features (BASH_SOURCE) when the top of the script states it's supposed to be a generic 'sh' script. Fix it by relying on bash. Fixes: 65b001f43779 ("contrib: Exit early if no git remote is found") Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 23 April 2019, 07:01:38 UTC |
| 8c0ddf5 | Martynas Pumputis | 22 April 2019, 17:06:33 UTC | daemon: Log duration of service restoration and migration [ upstream commit b2f70aaf6fc28789d62fa5674f7f5053c351380b ] Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Ian Vernon <ian@cilium.io> | 23 April 2019, 07:01:38 UTC |
| 4785644 | André Martins | 11 April 2019, 08:51:13 UTC | operator: GC leftover nodes in the kvstore [ upstream commit cc11f4d97ed51a9ef2046366487e7ddacdb98dde ] If the operator stops running and at the same time nodes are evicted from the cluster, those nodes will never be removed from the kvstore as the operator is the entity that handles the synchronization of nodes from k8s to the kvstore. With this change the operator will remove the nodes from the KVStore that are no longer running in a k8s cluster. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 23 April 2019, 07:01:38 UTC |
| 00c9339 | André Martins | 11 April 2019, 08:48:44 UTC | kvstore/store: add SharedKeysMap() method [ upstream commit 24309166d9b7b89e01a3d79b64f46df603577f1d ] SharedKeysMap will be used to access the SharedKeys map without holding the lock of the shared map. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 23 April 2019, 07:01:38 UTC |
| 3263d8b | André Martins | 11 April 2019, 08:45:57 UTC | pkg/kvstore: refactored GetKeyName() to own interface [ upstream commit a3b8f7d50d4366ad42fd0ee8efd933b0d95e8a32 ] As DeleteLocalKey only requires the name of the Key it does not actually need a structure to implement the LocalKey interface. This allows to delete LocalKeys based on the name. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 23 April 2019, 07:01:38 UTC |
| 839b826 | Martynas Pumputis | 18 April 2019, 08:50:54 UTC | test: Add test for service migration between legacy and v2 [ upstream commit 0581293e7a4176258e196a724a027b6bdd60799a ] The test is based on a dummy TCP listener and sender [1] which panic if recv or send fails. Running those in containers make a container to restart if there were any failures. So, by inspecting restart count we can see whether there were any interruptions in established connections after we migrate between legacy and v2 services. We set bpf-ct-global-tcp-max=1000000 and preallocate-bpf-maps=true to make sure that CT does not get recreated due to different size to avoid losing connections. [1]: https://github.com/cilium/migrate-svc-test Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Ian Vernon <ian@cilium.io> | 23 April 2019, 07:01:38 UTC |
| 48c9930 | Jarno Rajahalme | 22 April 2019, 14:55:02 UTC | istio: Update to release 1.1.3 [ upstream commit 08d1cfd851070e22a2b9d3c52a192653a06cba34 ] Update the CI and the getting started guide to Istio 1.1.3. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Joe Stringer <joe@wand.net.nz> | 22 April 2019, 21:19:22 UTC |
| c4f761c | Maciej Kwiek | 19 April 2019, 11:01:04 UTC | Check for dup container id before ep creation [ upstream commit 3c71bc7b029899ad2c88ac82c55632e6c0d876e9 ] Endpoint creation fails if there already exists endpoint with the same ContainerID. Signed-off-by: Maciej Kwiek <maciej@covalent.io> Signed-off-by: Joe Stringer <joe@wand.net.nz> | 22 April 2019, 21:19:22 UTC |
| 00512c3 | Ian Vernon | 19 April 2019, 17:09:46 UTC | examples: do not specify "type: Directory" for mounting `/lib/modules` [ upstream commit f417f31e15501f7130fdb4db8c8ebd80cc42270d ] On some distributions, the path to `/lib/modules` is a symlink, not a directory. In such cases, deploying the Cilium DaemonSet with "type: Directory" for the volumeMount for mounting `/lib/modules` will fail because a symlink is not a directory. Such cases will result in the following errors when deploying the Cilium DaemonSet: ``` Warning FailedMount 1m (x9 over 3m) kubelet,<IP redacted> MountVolume.SetUp failed for volume "lib-modules" : hostPath type check failed: /lib/modules is not a directory ``` To resolve this issue, do not specify the type of the volumeMount. If `/lib/modules` is a symlink, the actual path will be resolved and the volume will be mounted correctly. This was tested manually. Fixes: #7785 Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Joe Stringer <joe@wand.net.nz> | 22 April 2019, 21:19:22 UTC |
| 409ff03 | Joe Stringer | 19 April 2019, 21:34:37 UTC | docs: Update kubernetes compatibility list [ upstream commit 9cfd5303cfc60c45fffd4a823709ef1309e9046b ] Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Joe Stringer <joe@wand.net.nz> | 22 April 2019, 21:19:22 UTC |
| 3753ed3 | Jarno Rajahalme | 19 April 2019, 19:52:29 UTC | docs: Update urllib3 dependency to address CVE-2019-11324 [ upstream commit 27483b9277fd41b06735c558eff7eb8508e2c39f ] Update urllib3 dependency to 1.24.2 to address CVE-2019-11324 (https://nvd.nist.gov/vuln/detail/CVE-2019-11324). Note that this only affects the documentation build process, which requires the manual steps for installing the required Python dependencies as documented in Documentation/contributing.rst. We do not depend on urllib3 otherwise. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Joe Stringer <joe@wand.net.nz> | 22 April 2019, 21:19:22 UTC |
| ae9ef6a | Joe Stringer | 18 April 2019, 23:25:05 UTC | bugtool: Add tests for filepath walk [ upstream commit e92cf2f2155153ba6472e12d61fe8abcde6336c6 ] Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Joe Stringer <joe@wand.net.nz> | 22 April 2019, 21:19:22 UTC |
| 92d78b5 | Joe Stringer | 18 April 2019, 23:25:48 UTC | bugtool: Copy symlinks as-is [ upstream commit 0797609dfd95b84cd98892a803ffa9c4fe2247b9 ] If a symlink can't be followed, then just copy the symlink itself rather than the underlying file. Fixes: #7774 Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Joe Stringer <joe@wand.net.nz> | 22 April 2019, 21:19:22 UTC |
| 0f7927a | Joe Stringer | 18 April 2019, 21:46:53 UTC | bugtool: Be more resilient to file errors [ upstream commit bd194665adf17c9be2bb5ea5323b6caa7de54dc9 ] When walking paths, if there are any problems while attempting to open or read the file, skip that file and continue; only fail out on creation of the archive if there is an error after writing the header, ie specifically when copying the content of the file into the tar. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Joe Stringer <joe@wand.net.nz> | 22 April 2019, 21:19:22 UTC |
| 9353ec3 | Joe Stringer | 18 April 2019, 18:22:08 UTC | bugtool: Factor out path walk function [ upstream commit 5a9d6b514932f8787647acf63b1c13511eef944f ] By factoring out the walk function into a receiver function on an object, we can mock it out and unit test. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Joe Stringer <joe@wand.net.nz> | 22 April 2019, 21:19:22 UTC |
| b1b6a9b | Joe Stringer | 17 April 2019, 23:29:37 UTC | bugtool: Fix up newline characters in error messages [ upstream commit 4011e5af7e90fc20b3f163dee281cc1c6ca41ec2 ] Prior to this commit, multiple error messages would often get concatenated together rather than printed once per line. Fix this up by ensuring that the `Fprintf()` calls end with a newline character. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Joe Stringer <joe@wand.net.nz> | 22 April 2019, 21:19:22 UTC |
| f560bab | Daniel Borkmann | 18 April 2019, 23:08:40 UTC | docs: clarify kernel version for BPF based masquerading [ upstream commit 20a824066380335b2fb398bbfcdbd5f53e4ebd1c ] Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Joe Stringer <joe@wand.net.nz> | 22 April 2019, 21:19:22 UTC |
| 858eb7b | Joe Stringer | 18 April 2019, 17:55:40 UTC | loader: Improve logging of template build failures [ upstream commit 6465c2aac3efc2e49349578836e2917812fc4350 ] Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Joe Stringer <joe@wand.net.nz> | 22 April 2019, 21:19:22 UTC |
| 826d75a | Ian Vernon | 19 April 2019, 00:16:28 UTC | Prepare for v1.5.0-rc5 Signed-off by: Ian Vernon <ian@cilium.io> | 19 April 2019, 00:18:12 UTC |
| 9c4b907 | Martynas Pumputis | 18 April 2019, 09:10:05 UTC | test: Allow Cilium 1.4 to be run with K8s 1.14 [ upstream commit 2cdda25c5d1cd6239f0427f98e8fffaa4fa675ea ] This commit makes it possible to run upgrade tests on k8s 1.14 with Cilium 1.4. Signed-off-by: Martynas Pumputis <m@lambda.lt> | 19 April 2019, 00:02:12 UTC |
