https://github.com/cilium/cilium
- HEAD
- refs/heads/1.2.7-hotfix1-fqdn-regen
- refs/heads/EndpointPolicyEnformcement
- refs/heads/all-scalability-improvements
- refs/heads/beta/service-mesh
- refs/heads/bpf-metrics
- refs/heads/brb/brb-patch-2
- refs/heads/cilium-envoy-crd-pre-beta
- refs/heads/cilium-no-gopath
- refs/heads/cli-upgrade-v1.12-ci-test
- refs/heads/clustermesh511-upgrade-test
- refs/heads/committers-codeowners
- refs/heads/debug
- refs/heads/dev/joe/v1.8-with-hostfw-fixes
- refs/heads/enable_cnp_latency
- refs/heads/encrypt-node-fixes
- refs/heads/ensure-macos-build-succeeds
- refs/heads/envoy-policy-precedence
- refs/heads/envoy-warnings-cleanup
- refs/heads/extension-mysql
- refs/heads/feature/cep-scalability
- refs/heads/feature/devices-and-addresses
- refs/heads/feature/devices-reconciliation-v1.16
- refs/heads/feature/main/svc-icmp-response
- refs/heads/feature/service-refactor
- refs/heads/feature/service-refactor-fresh
- refs/heads/feature/v1.11/beta-test
- refs/heads/feature/v1.11/k8s-ingress
- refs/heads/fix-iphealth
- refs/heads/fqdn-fixl3-wildcard
- refs/heads/fristonio/iptables-manager-fix
- refs/heads/ft/main/chancez/push-dev-charts
- refs/heads/ft/main/push_chart_stable_branches_fix
- refs/heads/ft/main/test_push_chart_updates
- refs/heads/gce-example
- refs/heads/gh-readonly-queue/main/pr-27509-78a5f177693fb443cd946441f45826bf7fa2437a
- refs/heads/ginkgo-better-timeout
- refs/heads/graduation
- refs/heads/hf/main/ipam-pools-build-230605
- refs/heads/hf/master/v1.12-rc2-health-dbg-v1
- refs/heads/hf/master/wg-fix-ipam-k8s-v2
- refs/heads/hf/v1.10/cls-prio2
- refs/heads/hf/v1.10/debug-taint-removal
- refs/heads/hf/v1.10/v1.10.10-with-19452
- refs/heads/hf/v1.10/v1.10.2-fix-ipsec-ep-routes
- refs/heads/hf/v1.10/v1.10.5-with-identity-leak-fix
- refs/heads/hf/v1.10/v1.10.7-additional-logs
- refs/heads/hf/v1.10/v1.10.7-exclude-local
- refs/heads/hf/v1.10/v1.10.7-exclude-loopback
- refs/heads/hf/v1.10/v1.10.7-extra-logs
- refs/heads/hf/v1.10/v1.10.7-more-logs
- refs/heads/hf/v1.10/v1.10.8-deadlock-and-complexity-fix
- refs/heads/hf/v1.10/v1.10.8-deadlock-fix
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v3
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v4
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v5
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v6
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v7
- refs/heads/hf/v1.11/1.11.4-custom-taint
- refs/heads/hf/v1.11/19247-custom-taint-key
- refs/heads/hf/v1.11/dbg-svc-restore
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak-eni-attach-and-logging
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak-eni-attachment
- refs/heads/hf/v1.11/v1.11.3-with-19259
- refs/heads/hf/v1.11/v1.11.4-custom-taint
- refs/heads/hf/v1.11/v1.11.5-and-19247-eed5544
- refs/heads/hf/v1.11/xdp-multidev-v1
- refs/heads/hf/v1.11/xdp-multidev-v2-ipcache-fix
- refs/heads/hf/v1.12/next-net-v1
- refs/heads/hf/v1.12/v1.12.18-994
- refs/heads/hf/v1.12/v1.12.3-debug-k8s-heartbeat
- refs/heads/hf/v1.12/v1.12.3-debug-k8s-heartbeat-v2
- refs/heads/hf/v1.13/bpf-sock-l7-fix
- refs/heads/hf/v1.13/v1.13.12-without-deny-precedence
- refs/heads/hf/v1.13/v1.13.14-without-deny-precedence
- refs/heads/hf/v1.13/v1.13.14-without-deny-precedence-debug
- refs/heads/hf/v1.13/v1.13.14-without-deny-precedence-with-xfrm-fix
- refs/heads/hf/v1.13/v1.13.2-with-24875
- refs/heads/hf/v1.13/v1.13.3-with-26242
- refs/heads/hf/v1.14/cidr-identity-refcnt-fix
- refs/heads/hf/v1.14/v1.14-with-27327
- refs/heads/hf/v1.7/v1.7.15-with-neighbor-fix
- refs/heads/hf/v1.7/v1.7.15-with-neighbor-fix-2
- refs/heads/hf/v1.8/v1.8.13-with-19452
- refs/heads/hf/v1.8/v1.8.6-eni-cidr-fix-1
- refs/heads/hf/v1.8/v1.8.6-eni-cidr-fix-15303
- refs/heads/hf/v1.8/v1.8.7-with-fqdn-underscore-fix
- refs/heads/hf/v1.8/v1.8.8-eni-cidr-fix-1
- refs/heads/hf/v1.8/v1.8.8-with-encrypt-fixes
- refs/heads/hf/v1.9/v1.9.8-azure-ipam-fix
- refs/heads/hf/v1.9/v1.9.9-azure-pod-egress-fix
- refs/heads/images/runtime/20210830
- refs/heads/ipc-demo
- refs/heads/ktls-tx-only
- refs/heads/ktls-tx-only-v2
- refs/heads/ktls-tx-rx
- refs/heads/ktls-tx-rx-v2
- refs/heads/ktls-tx-rx-v3
- refs/heads/ktls-tx-rx-v4
- refs/heads/ktls-tx-rx-v5
- refs/heads/ldelossa/feat/bgp-control-plane
- refs/heads/ldelossa/segment-makefiles
- refs/heads/ldelossa/segment-makefiles-v2
- refs/heads/ldelossa/srv6-encap-fib
- refs/heads/lizrice/pr/cli-confusion
- refs/heads/main
- refs/heads/multi-stack-dev-vm
- refs/heads/pr/1-9-ci-test
- refs/heads/pr/aanm-update-k8s-conformance
- refs/heads/pr/aanm/bisect
- refs/heads/pr/aanm/test-31027
- refs/heads/pr/add-controller-identity
- refs/heads/pr/aditighag/lrp-skip-lb
- refs/heads/pr/asauber/link-local-as-host
- refs/heads/pr/asauber/max-ifindex-metric
- refs/heads/pr/avoid-ct-for-dsr
- refs/heads/pr/backend-state
- refs/heads/pr/bbb-cpy
- refs/heads/pr/bimmlerd/modularize-bandwidth-manager
- refs/heads/pr/bimmlerd/v1.12-backport-quay-org-from-env
- refs/heads/pr/bounded-loops
- refs/heads/pr/bpf-based-masquerading
- refs/heads/pr/bpf-edt-proxy
- refs/heads/pr/brb/arping-nexthop
- refs/heads/pr/brb/arping-via-gw
- refs/heads/pr/brb/auto-multi-dev-v2
- refs/heads/pr/brb/backport-1.8.5-nat-gc
- refs/heads/pr/brb/bpf-host-routing-wg
- refs/heads/pr/brb/bpf-lxc-no-redirect
- refs/heads/pr/brb/bpf-masq-no-socket-lb
- refs/heads/pr/brb/bpf-masq-veth
- refs/heads/pr/brb/bpf-multihoming
- refs/heads/pr/brb/cgroup-v2-test
- refs/heads/pr/brb/check-errors-in-logs
- refs/heads/pr/brb/check-wg
- refs/heads/pr/brb/ci
- refs/heads/pr/brb/ci-1111
- refs/heads/pr/brb/ci-2
- refs/heads/pr/brb/ci-4.19
- refs/heads/pr/brb/ci-arping-flake
- refs/heads/pr/brb/ci-bigtcp
- refs/heads/pr/brb/ci-bpf-netdev-without-egress
- refs/heads/pr/brb/ci-cleanup-svc
- refs/heads/pr/brb/ci-dbg-conformance-kind
- refs/heads/pr/brb/ci-dbg-external
- refs/heads/pr/brb/ci-dbg-flake-from-outside
- refs/heads/pr/brb/ci-demo
- refs/heads/pr/brb/ci-disable-ces-for-egress-gw
- refs/heads/pr/brb/ci-dp-disable-bpf-host-routing
- refs/heads/pr/brb/ci-dp-hubble-flows
- refs/heads/pr/brb/ci-dp-more-diversity
- refs/heads/pr/brb/ci-dp-v1.13
- refs/heads/pr/brb/ci-dp-v6
- refs/heads/pr/brb/ci-dp-verifier
- refs/heads/pr/brb/ci-e2e-enable-debug-ipsec
- refs/heads/pr/brb/ci-e2e-geneve-dsr
- refs/heads/pr/brb/ci-e2e-helm-mode-v1.13
- refs/heads/pr/brb/ci-e2e-lvh-retry
- refs/heads/pr/brb/ci-e2e-more-nodes
- refs/heads/pr/brb/ci-e2e-new-cli
- refs/heads/pr/brb/ci-e2e-nft
- refs/heads/pr/brb/ci-e2e-unsafe
- refs/heads/pr/brb/ci-e2e-unsafe-v2
- refs/heads/pr/brb/ci-e2e-upgrade-tests
- refs/heads/pr/brb/ci-e2e-upgrade-tests-ipsec
- refs/heads/pr/brb/ci-early-terminate-conn-disrupt
- refs/heads/pr/brb/ci-eks-ipsec-upgrade
- refs/heads/pr/brb/ci-encrypt-l7
- refs/heads/pr/brb/ci-fix-ip-masq-dry-run
- refs/heads/pr/brb/ci-ipsec-upgrade-fix
- refs/heads/pr/brb/ci-ipsec-upgrade-missed-tail-calls
- refs/heads/pr/brb/ci-ipsec-upgrade-v1.13
- refs/heads/pr/brb/ci-ipsec-upgrade-vol2
- refs/heads/pr/brb/ci-keep-missed-tail-calls
- refs/heads/pr/brb/ci-l7-nodeport
- refs/heads/pr/brb/ci-lvh-4.19
- refs/heads/pr/brb/ci-lvh-5.4
- refs/heads/pr/brb/ci-lvh-5.4-v2
- refs/heads/pr/brb/ci-lvh-bpf-next
- refs/heads/pr/brb/ci-no-self-hosted
- refs/heads/pr/brb/ci-pass-kernel-env
- refs/heads/pr/brb/ci-prepull-l4lb
- refs/heads/pr/brb/ci-refactor-svc-suite
- refs/heads/pr/brb/ci-rm-smoke-tests
- refs/heads/pr/brb/ci-sanity
- refs/heads/pr/brb/ci-test
- refs/heads/pr/brb/ci-test-2
- refs/heads/pr/brb/ci-test-k8s-vsn-swap
- refs/heads/pr/brb/ci-test-large-runners
- refs/heads/pr/brb/ci-uffff
- refs/heads/pr/brb/ci-upgrade-vol-2
- refs/heads/pr/brb/ci-upgrade-vol-3
- refs/heads/pr/brb/ci-wg-mtu
- refs/heads/pr/brb/ci-wg-mtu-vol2
- refs/heads/pr/brb/cilium-host-v6-from-ipam
- refs/heads/pr/brb/cli-bump-test
- refs/heads/pr/brb/datapath-loop-dbg
- refs/heads/pr/brb/dbg-ci
- refs/heads/pr/brb/dbg-conformance-gke
- refs/heads/pr/brb/dbg-master-np-vxlan-ipcache-ci
- refs/heads/pr/brb/debug-nodeport-bpf-flake
- refs/heads/pr/brb/do-not-derive-pod-cidrs-from-dev
- refs/heads/pr/brb/do-not-query-dev-for-arping
- refs/heads/pr/brb/docs-clarify-egress-gw-ip-addr-dp
- refs/heads/pr/brb/drop-notify
- refs/heads/pr/brb/dsr
- refs/heads/pr/brb/dsr-v2
- refs/heads/pr/brb/dualstack-ci
- refs/heads/pr/brb/enable-ipv6-per-endpoint-routes
- refs/heads/pr/brb/enable-route-mtu-cni
- refs/heads/pr/brb/fib-lookup-src
- refs/heads/pr/brb/fix-backend-id-u32
- refs/heads/pr/brb/fix-ci-dp-deprecation-warn
- refs/heads/pr/brb/fix-clang-vsn-regexp
- refs/heads/pr/brb/fix-egress-ip-16147
- refs/heads/pr/brb/fix-external-ip-dp
- refs/heads/pr/brb/fix-maglev-del
- refs/heads/pr/brb/fix-nodeport-hostnetns
- refs/heads/pr/brb/fix-stale-dsr
- refs/heads/pr/brb/fix-svc-backend-selection
- refs/heads/pr/brb/fix-third-host
- refs/heads/pr/brb/gh-action-cgr
- refs/heads/pr/brb/gh-action-lvh
- refs/heads/pr/brb/gh-install-cli-backup
- refs/heads/pr/brb/ginkgo-kpr-strict
- refs/heads/pr/brb/ginkgo-rm-update-tests
- refs/heads/pr/brb/go-crazy
- refs/heads/pr/brb/hubble-tcp-ack-seq-no
- refs/heads/pr/brb/improve-svc-restore
- refs/heads/pr/brb/istio-getsockopt
- refs/heads/pr/brb/it-cannot-be-truth
- refs/heads/pr/brb/kpr-svc-mesh
- refs/heads/pr/brb/kubeproxy-free-ci
- refs/heads/pr/brb/l7-np-bpf
- refs/heads/pr/brb/l7-rerevert
- refs/heads/pr/brb/lets-be-friends-with-ipsec
- refs/heads/pr/brb/lvh-kind-127
- refs/heads/pr/brb/lvh-kind-ipsec-upgrade
- refs/heads/pr/brb/meyskens/auth-ep-gc-locks
- refs/heads/pr/brb/multi-network
- refs/heads/pr/brb/no-cache-snat
- refs/heads/pr/brb/no-rev-nat-bpf-lxc-ingress
- refs/heads/pr/brb/node-id-per-fam
- refs/heads/pr/brb/nodeport-xlr-flag
- refs/heads/pr/brb/perf-wg
- refs/heads/pr/brb/pin-lvh
- refs/heads/pr/brb/push-ci-charts
- refs/heads/pr/brb/pwru
- refs/heads/pr/brb/rm-arping-l2-addr-check
- refs/heads/pr/brb/rm-no-redirect
- refs/heads/pr/brb/rm-np-deadcode
- refs/heads/pr/brb/rm-partial-host-svc
- refs/heads/pr/brb/rm-test-gke
- refs/heads/pr/brb/test-bpf-masq
- refs/heads/pr/brb/test-ci-e2e
- refs/heads/pr/brb/test-ci-e2e-v1.13
- refs/heads/pr/brb/test-kind
- refs/heads/pr/brb/third-host-more-pain
- refs/heads/pr/brb/timing-l4lb-gh-action
- refs/heads/pr/brb/triage-flake-v2
- refs/heads/pr/brb/triage-lb-flake
- refs/heads/pr/brb/unquarantine-svc
- refs/heads/pr/brb/v1.10-istio-snat
- refs/heads/pr/brb/v1.12-ci-e2e
- refs/heads/pr/brb/v1.12-ci-ipsec-upgrade
- refs/heads/pr/brb/v1.12-test-ipsec-upgrade
- refs/heads/pr/brb/v1.13-ci-e2e
- refs/heads/pr/brb/v1.13-remote-np
- refs/heads/pr/brb/v1.13-upgrade-fixes
- refs/heads/pr/brb/v1.14-ci-e2e-upgrade
- refs/heads/pr/brb/v1.14-drop-notify
- refs/heads/pr/brb/v1.15-enable-route-mtu-cni
- refs/heads/pr/brb/v1.6.9-iptables-W
- refs/heads/pr/brb/v1.8-fix-icmp-port-check
- refs/heads/pr/brb/wg-duplicate-node-ip
- refs/heads/pr/brb/wg-encrypt-node-test
- refs/heads/pr/brb/wg-hack
- refs/heads/pr/brb/wg-ipam-fix
- refs/heads/pr/brb/wg-kpr
- refs/heads/pr/brb/wg-test
- refs/heads/pr/brb/wip
- refs/heads/pr/brb/wip-ci
- refs/heads/pr/brb/wip-sync-policy-map
- refs/heads/pr/brb/xdp-egress-gw
- refs/heads/pr/brb/xdp-multidev-with-bpf-multihoming
- refs/heads/pr/brb/xdp-multidev-with-bpf-multihoming-v2
- refs/heads/pr/bruno/sleepy-pawn
- refs/heads/pr/bugtool-systemd
- refs/heads/pr/bwm-base2
- refs/heads/pr/bwm-fq
- refs/heads/pr/bwm-priority
- refs/heads/pr/chancez/add_hubble_l7_dashboard_prometheus_example
- refs/heads/pr/chancez/fix_websocket_l7_policies
- refs/heads/pr/chancez/flow_filter_namespace
- refs/heads/pr/chancez/hubble_metrics_tls_docs
- refs/heads/pr/chancez/hubble_plus_plus
- refs/heads/pr/chancez/static_peers_hubble_relay
- refs/heads/pr/christarazi/controlplane-fqdn
- refs/heads/pr/christarazi/ipcache-async-cep-pods-namedports
- refs/heads/pr/christarazi/prep-from-cidr-tests
- refs/heads/pr/ci-k8s-1.30
- refs/heads/pr/datapath-opt
- refs/heads/pr/dbkm/nodeport-lb
- refs/heads/pr/debug-dns-timeout
- refs/heads/pr/eproutes-redir
- refs/heads/pr/example/neigh-state-manager
- refs/heads/pr/fastdp
- refs/heads/pr/fastdp2
- refs/heads/pr/feroz/allow-sbom-read
- refs/heads/pr/feroz/set-container-scan-failure-flag
- refs/heads/pr/fib-consolidation
- refs/heads/pr/fix-aks-workflow
- refs/heads/pr/fix-k8s-all-sha1
- refs/heads/pr/fix-net-next-1.16
- refs/heads/pr/fix-pod-pacing
- refs/heads/pr/fix-tail-call-replace
- refs/heads/pr/fristonio/feat-19038
- refs/heads/pr/fristonio/fix-istio-k8sT
- refs/heads/pr/fristonio/ipv6-masquerading
- refs/heads/pr/fristonio/test-dual-stack
- refs/heads/pr/fristonio/test-ipv6-dualstack
- refs/heads/pr/gandro+brb/fix-monitor-aggregation-np-v2
- refs/heads/pr/gandro+brb/mv-trace-point-to-rev-nodeport
- refs/heads/pr/gandro+brb/wg-host-encryption-v3
- refs/heads/pr/gandro+brb/wg-host2host
- refs/heads/pr/gandro+brb/wg-host2host-kind
- refs/heads/pr/gandro/bump-hubble-2020-03-25
- refs/heads/pr/gandro/ci-conformance-multicluster-fix-log-gathering
- refs/heads/pr/gandro/ci-delete-crds-in-cleanupcomponents
- refs/heads/pr/gandro/ci-fix-status-if-workflows-are-skipped
- refs/heads/pr/gandro/ci-wait-for-all-relevant-images-do-not-merge-test
- refs/heads/pr/gandro/enable-hubble-by-default
- refs/heads/pr/gandro/portmap-refcount
- refs/heads/pr/gandro/re-enable-wireguard-in-multicluster-ci
- refs/heads/pr/gandro/svc-healthchecknodeport
- refs/heads/pr/gc-on-svc-update
- refs/heads/pr/getname-hooks
- refs/heads/pr/giorio94/1.14/test-cilium-cli-2184
- refs/heads/pr/giorio94/main/cluster-name-validation-strict
- refs/heads/pr/giorio94/main/clustermesh-deprecated-cleanup
- refs/heads/pr/giorio94/main/gha-cl2-agents-pprof
- refs/heads/pr/giorio94/main/gha-cl2-compress-agent-pprofs
- refs/heads/pr/giorio94/main/gha-cluster-name
- refs/heads/pr/giorio94/main/gha-conformance-clustermesh-lb
- refs/heads/pr/giorio94/main/test-cilium-cli-2184
- refs/heads/pr/giorio94/main/tests-clustermesh-upgrade-interrupted
- refs/heads/pr/gray/30837-with-pwru
- refs/heads/pr/gray/main/connectivity-wg-proxy-nodeport
- refs/heads/pr/gray/main/decouple-ipsec-gh-actions
- refs/heads/pr/gray/main/egress-proxy-ipsec-fix2
- refs/heads/pr/gray/main/fix-leak-detection-race
- refs/heads/pr/gray/main/xfrm-delete-flake
- refs/heads/pr/gray/main/xfrm-delete-flake2
- refs/heads/pr/gray/pwru-action
- refs/heads/pr/gray/v1.15/decouple-ipsec-gh-actions
- refs/heads/pr/health
- refs/heads/pr/health-data-path
- refs/heads/pr/hubble-tls-cert-gen-via-k8s-job
- refs/heads/pr/ianvernon/kvstore-client-type
- refs/heads/pr/ianvernon/kvstore-context
- refs/heads/pr/ianvernon/more-endpoint-cleanup
- refs/heads/pr/ianvernon/resolve-cidr-policy-perf-improvement
- refs/heads/pr/increase-verifier-test-build-timeout
- refs/heads/pr/ipip
- refs/heads/pr/ipip-encap
- refs/heads/pr/ipip-encap2
- refs/heads/pr/ipip2
- refs/heads/pr/ipip4
- refs/heads/pr/ipip6
- refs/heads/pr/jibi/differentiate-udp-tcp-svcs-take-4
- refs/heads/pr/jibi/fix-differentiate-udp-tcp-svc-upgrade
- refs/heads/pr/jibi/ip-list-contains-addr
- refs/heads/pr/joamaki/gather-network-info
- refs/heads/pr/joamaki/idless-service-restapi
- refs/heads/pr/joe/ariane-scheduled-cilium-only
- refs/heads/pr/joe/backport-28007-1.11
- refs/heads/pr/joe/bump-ginkgo-seed
- refs/heads/pr/joe/docker-build-log-tracing
- refs/heads/pr/joe/ipcache-cidr-policy
- refs/heads/pr/joe/lost-identity
- refs/heads/pr/joe/policymap-format-test
- refs/heads/pr/joe/ready-to-merge
- refs/heads/pr/joe/release-codeowners
- refs/heads/pr/joe/sw-quay
- refs/heads/pr/joe/test-labeler
- refs/heads/pr/joe/test-lvh-fix
- refs/heads/pr/joe/v1.13-stability-check
- refs/heads/pr/joe/v1.7-dev-env
- refs/heads/pr/jrajahalme/gh-filter-test-files
- refs/heads/pr/jrfastab/backport-ooo-ipsec-fixes
- refs/heads/pr/jrfastab/backport-v111-loopback
- refs/heads/pr/jrfastab/backport-v115
- refs/heads/pr/jrfastab/dbgNodeId
- refs/heads/pr/jrfastab/dbgNodeId111
- refs/heads/pr/jrfastab/dbgNodeId111v2
- refs/heads/pr/jrfastab/dbgv114
- refs/heads/pr/jrfastab/eks-encrypt-ipamupdate
- refs/heads/pr/jrfastab/fix-encrypt-subnets
- refs/heads/pr/jrfastab/fix-ixsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/fixes-ipsec-init
- refs/heads/pr/jrfastab/v1.8-fix-ipsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/v1.9-fix-ipsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/v111-debug-ooo
- refs/heads/pr/jrfastab/v111-debug-ooo-v2
- refs/heads/pr/jwi/main/ipsec-rhel8
- refs/heads/pr/jwi/v1.14/ci-ipsec
- refs/heads/pr/jwi/v1.15/bpf-complexity
- refs/heads/pr/jwi/v1.15/ci-ipsec
- refs/heads/pr/k8s-nat46x64
- refs/heads/pr/k8s-nat46x64-2
- refs/heads/pr/kaworu/helm-hubble-cli.yaml
- refs/heads/pr/kkourt/azure-ipam-test-race
- refs/heads/pr/kkourt/bpftool-update
- refs/heads/pr/kkourt/ct-rst-timeout-wip
- refs/heads/pr/kkourt/v1.11-backport-2022-01-26
- refs/heads/pr/kkourt/v1.9-lxc-complexity
- refs/heads/pr/l4lb-improvements-tmp
- refs/heads/pr/learnitall/ginkgo-race-workflow
- refs/heads/pr/learnitall/test-startup-script-changes
- refs/heads/pr/lmb/1.14-cni
- refs/heads/pr/lmb/1.15-cni
- refs/heads/pr/lmb/update-cni-plugin
- refs/heads/pr/marga/v1.11-without-deny-precedence
- refs/heads/pr/marseel/scale_test_1_15
- refs/heads/pr/max/upgrade-llvm-18-1-6
- refs/heads/pr/mhofstetter/guestbook-registry
- refs/heads/pr/mhofstetter/junit-fetch-nullglob
- refs/heads/pr/mhofstetter/ssh-store-consolelog
- refs/heads/pr/mhofstetter/test-ingress
- refs/heads/pr/michi/circular-struggle
- refs/heads/pr/michi/clustermesh
- refs/heads/pr/michi/crdregister
- refs/heads/pr/michi/debug
- refs/heads/pr/michi/description
- refs/heads/pr/michi/dns-refactor12
- refs/heads/pr/michi/ipsec-workflows
- refs/heads/pr/michi/l7drop
- refs/heads/pr/michi/majestic-ketchup
- refs/heads/pr/michi/mega-ketchup
- refs/heads/pr/michi/peerapi
- refs/heads/pr/michi/rest
- refs/heads/pr/michi/scaletest
- refs/heads/pr/michi/sleep-on-it
- refs/heads/pr/michi/test
- refs/heads/pr/michi/weekly-bot
- refs/heads/pr/monitor-wait-ci
- refs/heads/pr/move-image-to-one-repo
- refs/heads/pr/nat-gw-tests
- refs/heads/pr/nathanjsweet/add-complex-allow-test-to-policy-map-tests
- refs/heads/pr/nathanjsweet/add-lockdown-mode-for-policy-map-overflows
- refs/heads/pr/nathanjsweet/differentiate-protocol-in-services
- refs/heads/pr/nathanjsweet/node-port-addresses
- refs/heads/pr/nathanjsweet/refactor-mapstate
- refs/heads/pr/nathanjsweet/update-k8s-control-plane-tests-to-1-27
- refs/heads/pr/nebril/add-dns-concurrency-limit
- refs/heads/pr/nebril/fix-precheck
- refs/heads/pr/nebril/fqdn-proxy-ha
- refs/heads/pr/nebril/fqdn-proxy-interface
- refs/heads/pr/nebril/gke-workflow-migrate-from-cli
- refs/heads/pr/nebril/quarantine-1.14-nodeport
- refs/heads/pr/nebril/test-bottlerocket
- refs/heads/pr/nebril/test-helm-gke-fix
- refs/heads/pr/nebril/test-our-ghaction-shenanigans
- refs/heads/pr/nebril/test-rebase-helm
- refs/heads/pr/nebril/trololo
- refs/heads/pr/nebril/update-cli-9.1-test
- refs/heads/pr/netkit
- refs/heads/pr/netkit3
- refs/heads/pr/netns-switch
- refs/heads/pr/netns-switch-no-peer
- refs/heads/pr/nodeport-fix
- refs/heads/pr/nodeport-improvements2
- refs/heads/pr/nodeport-nat-improvements
- refs/heads/pr/nodeport-nat-improvements2
- refs/heads/pr/nodeport-retry-sport
- refs/heads/pr/pchaigno/deprecate-bpf_network-f
- refs/heads/pr/pchaigno/fix-4.19-bpf-program-size
- refs/heads/pr/pchaigno/hotfix1-ipsec-fix
- refs/heads/pr/pchaigno/hotfix1-ipsec-fix-brb-v0
- refs/heads/pr/pchaigno/optim-complexity-ipcache-lookup
- refs/heads/pr/pchaigno/rework-config-probes
- refs/heads/pr/pchaigno/tmp-base-branch
- refs/heads/pr/pin-1.10-workflows-k8s-version
- refs/heads/pr/pin-1.11-workflows-k8s-version
- refs/heads/pr/pin-1.12-workflows-k8s-version
- refs/heads/pr/pin-1.13-workflows-k8s-version
- refs/heads/pr/pin-cloud-provider-master-workflows
- refs/heads/pr/pr/fix-ipam-node-manager-semaphore-error-handling
- refs/heads/pr/publish-test-images
- refs/heads/pr/qmonnet/docs-20230224
- refs/heads/pr/qmonnet/docs-bump
- refs/heads/pr/qmonnet/ipsec/no-missed-tail-call-1.13
- refs/heads/pr/qmonnet/standalone-lb-docs
- refs/heads/pr/qmonnet/sync-joblists
- refs/heads/pr/rastislavs/bgp-e2e-test
- refs/heads/pr/ray/late-dns-proxy
- refs/heads/pr/rgo3/1.12-run-no-unexpected-drops-for-patch
- refs/heads/pr/rgo3/fix-k8s-vm-provisioning-1.13
- refs/heads/pr/rgo3/fix-missing-health-endpoint
- refs/heads/pr/rolinh/better-policy-verdict
- refs/heads/pr/rolinh/hubble-dump-all
- refs/heads/pr/rolinh/hubble-fix-maxflows-rounding
- refs/heads/pr/route-test
- refs/heads/pr/run-tests-in-parallel
- refs/heads/pr/scalability-crd-only
- refs/heads/pr/squeed/make-ccache
- refs/heads/pr/squeed/per-node-config
- refs/heads/pr/squeed/remote-cluster-leak
- refs/heads/pr/stacy/docs-update
- refs/heads/pr/tammach/accesslog-envoy
- refs/heads/pr/tammach/ci-cm
- refs/heads/pr/tammach/cleanup-helm-1.16
- refs/heads/pr/tammach/envoy-1.30
- refs/heads/pr/tammach/headless-service-flake
- refs/heads/pr/tammach/ingress-controller-e2e-config6
- refs/heads/pr/tammach/more-ingress-tests
- refs/heads/pr/tammach/rennovate-statedb
- refs/heads/pr/tammach/revert/fib-lookup
- refs/heads/pr/tammach/ubuntu-24.04
- refs/heads/pr/tammach/ubuntu-24.04-no-llvm
- refs/heads/pr/tc-np-test
- refs/heads/pr/tcx
- refs/heads/pr/tcx-helm
- refs/heads/pr/tcx-misc
- refs/heads/pr/test-419-ci
- refs/heads/pr/test-increase-update-delete-timeout
- refs/heads/pr/test-k8s-all-tests
- refs/heads/pr/test-lb-super-netperf
- refs/heads/pr/test-nightly
- refs/heads/pr/test-upstream-timeout
- refs/heads/pr/tgraf/chaos-testing
- refs/heads/pr/tgraf/clustermesh-stale-state
- refs/heads/pr/tgraf/eni-ipam
- refs/heads/pr/tgraf/new-endpoint-state
- refs/heads/pr/tgraf/new-policy
- refs/heads/pr/tgraf/remove-tunnel-map
- refs/heads/pr/tgraf/scoped-ipam
- refs/heads/pr/tgraf/sctp
- refs/heads/pr/tgraf/split-lxc-prog
- refs/heads/pr/thorn3r/cesBlanketTest
- refs/heads/pr/thorn3r/clustermesh511
- refs/heads/pr/tklauser/build-push-images-env-var
- refs/heads/pr/tommyp1ckles/debugging-aks-conformance
- refs/heads/pr/tp/add-logging-for-wait-for-pods-term-condition
- refs/heads/pr/tp/backport-31380
- refs/heads/pr/tp/bump-cilium-cli
- refs/heads/pr/tp/cleanup-ipam-ips-metric-docs
- refs/heads/pr/tp/complexity-issue-verifier-case-main
- refs/heads/pr/tp/dont-terminate-on-node-config-changee
- refs/heads/pr/tp/eps-modular-health
- refs/heads/pr/tp/fix-stuck-ginko-pod-v2
- refs/heads/pr/tp/forward-hubble-for-e2e
- refs/heads/pr/tp/forward-hubble-for-e2e-v2
- refs/heads/pr/tp/switch-1.24-eks-region
- refs/heads/pr/tp/switch-1.24-eks-region-v1.13
- refs/heads/pr/tp/use-helm-default-vars-for-clustermesh-downgrade-c1
- refs/heads/pr/tweak-github-action-ref
- refs/heads/pr/twpayne/hubble-recent-events-buffer
- refs/heads/pr/twpayne/hubble-ring-buffer-benchmarks
- refs/heads/pr/update-azure
- refs/heads/pr/update-readme-for-releases
- refs/heads/pr/update-tm-network
- refs/heads/pr/v1.10-backport-2022-06-13
- refs/heads/pr/v1.10-backport-2022-10-03
- refs/heads/pr/v1.10-eni-stability-improvements-v1
- refs/heads/pr/v1.10-neigh-clean
- refs/heads/pr/v1.11-backport-2022-10-03
- refs/heads/pr/v1.11-test/issue-692
- refs/heads/pr/v1.12-backport-2023-10-10
- refs/heads/pr/v1.12-test/issue-692
- refs/heads/pr/v1.13-backport-2023-10-31
- refs/heads/pr/v1.13-backport-2024-04-22-03-42
- refs/heads/pr/v1.13-test/issue-692
- refs/heads/pr/v1.14-backport-2024-06-18-02-46
- refs/heads/pr/v1.14.1
- refs/heads/pr/v1.7-stability-test
- refs/heads/pr/v1.7.9-hf-13205
- refs/heads/pr/v3-cpu
- refs/heads/pr/v6-host-addr2
- refs/heads/pr/vk/bpf/tests/csum
- refs/heads/pr/vk/ci/test/concurrent/run
- refs/heads/pr/vk/doc/ipsec
- refs/heads/pr/vk/ipsec/key/rotate
- refs/heads/pr/vk/test/ipsec/tests/concurrent/run
- refs/heads/pr/wip/bijective-nodemap
- refs/heads/regex_improved
- refs/heads/renovate/v1.13-all-dependencies
- refs/heads/renovate/v1.14-all-dependencies
- refs/heads/renovate/v1.15-aanm-test
- refs/heads/renovate/v1.15-all-dependencies
- refs/heads/renovate/v1.16-cilium-cli
- refs/heads/renovate/v1.16-go
- refs/heads/revert-29086-2023-11-09-backport-1.14
- refs/heads/revert-33302-policy-catch-invalid-port-wildcard
- refs/heads/rib
- refs/heads/run-ci-wihout-building-cilium
- refs/heads/sh-dep-test-l4lb
- refs/heads/sidecar-http-proxy
- refs/heads/sockmap-v5
- refs/heads/sockops-build-fix
- refs/heads/tam/integration-tests
- refs/heads/tam/more-ingress-tests
- refs/heads/tb/bpf-remove-bear
- refs/heads/test-branch
- refs/heads/test-ipsec
- refs/heads/test-sig-bgp-notifs
- refs/heads/test/brlbil/upload
- refs/heads/test/skip-workflows
- refs/heads/tgraf/process-policy
- refs/heads/thorn3r/cesScaleTest
- refs/heads/thorn3rCES
- refs/heads/tinker/learnitall/scale-test-1
- refs/heads/tinker/learnitall/scale-test-2
- refs/heads/tklauser+brb/wip/multi-homing
- refs/heads/unit-test-ipsec
- refs/heads/v0.10
- refs/heads/v0.11
- refs/heads/v0.12
- refs/heads/v0.13
- refs/heads/v0.8
- refs/heads/v0.9
- refs/heads/v1.0
- refs/heads/v1.0.0-rc2
- refs/heads/v1.0.0-rc3
- refs/heads/v1.1
- refs/heads/v1.10
- refs/heads/v1.11
- refs/heads/v1.12
- refs/heads/v1.12.11-base
- refs/heads/v1.13
- refs/heads/v1.14
- refs/heads/v1.15
- refs/heads/v1.16
- refs/heads/v1.2
- refs/heads/v1.3
- refs/heads/v1.3.1
- refs/heads/v1.3.1-release
- refs/heads/v1.3.7-release
- refs/heads/v1.4
- refs/heads/v1.4.5-release
- refs/heads/v1.5
- refs/heads/v1.5.2-rc1-with-clusterip-fix
- refs/heads/v1.5.4-release
- refs/heads/v1.6
- refs/heads/v1.7
- refs/heads/v1.7.9-1
- refs/heads/v1.7.9.1
- refs/heads/v1.8
- refs/heads/v1.9
- refs/heads/verify-external-workload-dns-setup-redux
- refs/heads/vladu/identity-type-metrics
- refs/heads/weavescope
- refs/heads/wip-ktls-tx-rx
- refs/heads/wip-sockmap
- refs/heads/wip-sockmap-v2
- refs/heads/wip-sockmap-v3
- refs/heads/wip-sockmap-v4
- refs/heads/xfrm-subnet-test
- refs/heads/yutaro/bgp-cplane-etp-local/doc
- refs/heads/yutaro/oss/eni-overlapping-mark
- refs/remotes/bruno/hf/v1.10/v1.10.3-bpf-snat-and-masq-fixes
- refs/remotes/joe/submit/quarantine-etcd
- refs/remotes/origin/1.2-backports-18-09-12
- refs/remotes/origin/ipvlan3
- refs/remotes/origin/pr/add-reserved-health
- refs/remotes/origin/pr/brb/nodeport-lb
- refs/remotes/origin/pr/ianvernon/5859
- refs/remotes/origin/pr/ianvernon/dynamic-ep-cfg
- refs/remotes/origin/pr/tgraf/kube-dns-fixed-identity
- refs/semaphoreci/6384f501b324813e55cfbe818c04a40f2a923765
- refs/semaphoreci/7f69b285bac8a1be414e8769799962ae1408d9e1
- refs/semaphoreci/b5eb6622da121ad36b8f375a084392f7feeec64a
- refs/semaphoreci/d9e7e28f39d34a7050a9c1cad2a26d84f5f4eff1
- refs/semaphoreci/f55ec535d85f387ef981265967fabb3c1b5f1ec6
- refs/tags/0.10.1
- refs/tags/1.1.1
- refs/tags/1.9.0-rc0
- refs/tags/v0.11
- refs/tags/v0.12.0
- refs/tags/v0.13.1
- refs/tags/v0.8.0
- refs/tags/v0.8.1
- refs/tags/v0.8.2
- refs/tags/v0.9.0
- refs/tags/v0.9.0-rc1
- refs/tags/v1.0.0-rc2
- Branches list truncated to 687 entries, 4 were omitted.
- v1.0.0-rc14
- v1.0.0-rc13
- v1.0.0-rc11
- v1.0.0-rc10
- v1.0.0-rc1
- v1.0.0
- v0.13.9
- v0.13.8
- v0.13.7
- v0.13.6
- v0.13.5
- v0.13.4
- v0.13.3
- v0.13.28
- v0.13.25
- v0.13.24
- v0.13.23
- v0.13.22
- v0.13.21
- v0.13.20
- v0.13.2
- v0.13.19
- v0.13.18
- v0.13.17
- v0.13.16
- v0.13.15
- v0.13.14
- v0.13.13
- v0.13.12
- v0.13.11
- v0.13.10
- v0.10.0
- 1.9.9
- 1.9.8
- 1.9.7
- 1.9.6
- 1.9.5
- 1.9.4
- 1.9.3
- 1.9.2
- 1.9.18
- 1.9.17
- 1.9.16
- 1.9.15
- 1.9.14
- 1.9.13
- 1.9.12
- 1.9.11
- 1.9.10
- 1.9.1
- 1.9.0-rc3
- 1.9.0-rc2
- 1.9.0-rc1
- 1.9.0
- 1.8.9
- 1.8.8
- 1.8.7
- 1.8.6
- 1.8.5
- 1.8.4
- 1.8.3
- 1.8.2
- 1.8.13
- 1.8.12
- 1.8.11
- 1.8.10
- 1.8.1
- 1.8.0-rc4
- 1.8.0-rc3
- 1.8.0-rc2
- 1.8.0-rc1
- 1.8.0
- 1.7.9
- 1.7.8
- 1.7.7
- 1.7.6
- 1.7.5
- 1.7.4
- 1.7.3
- 1.7.2
- 1.7.16
- 1.7.15
- 1.7.14
- 1.7.13
- 1.7.12
- 1.7.11
- 1.7.10
- 1.7.1
- 1.7.0-rc4
- 1.7.0-rc3
- 1.7.0
- 1.6.9
- 1.6.8
- 1.6.7
- 1.6.6
- 1.6.5
- 1.6.4
- 1.6.3
- 1.6.2
- 1.6.12
- 1.6.11
- 1.6.10
- 1.6.1
- 1.6.0
- 1.5.9
- 1.5.8
- 1.5.7
- 1.5.6
- 1.5.5
- 1.5.4
- 1.5.3
- 1.5.2
- 1.5.13
- 1.5.12
- 1.5.11
- 1.5.10
- 1.5.1
- 1.5.0-rc6
- 1.5.0-rc5
- 1.5.0-rc4
- 1.5.0-rc3
- 1.5.0-rc2
- 1.5.0
- 1.4.9
- 1.4.8
- 1.4.7
- 1.4.6
- 1.4.5
- 1.4.4
- 1.4.3
- 1.4.2
- 1.4.10
- 1.4.1
- 1.4.0-rc9
- 1.4.0-rc8
- 1.4.0-rc7
- 1.4.0-rc6
- 1.4.0-rc5
- 1.4.0-rc2
- 1.4.0
- 1.3.8
- 1.3.7
- 1.3.6
- 1.3.5
- 1.3.4
- 1.3.3
- 1.3.2
- 1.3.1
- 1.3.0-rc5
- 1.3.0-rc4
- 1.3.0
- 1.2.8
- 1.2.7
- 1.2.6
- 1.2.5
- 1.2.4
- 1.2.3
- 1.2.2
- 1.2.1
- 1.2.0-rc3
- 1.2.0-rc2
- 1.2.0-rc1
- 1.2.0
- 1.16.0-rc.1
- 1.16.0-rc.0
- 1.16.0-pre.3
- 1.16.0-pre.2
- 1.16.0-pre.1
- 1.16.0-pre.0
- 1.15.7
- 1.15.6
- 1.15.5
- 1.15.4
- 1.15.3
- 1.15.2
- 1.15.1
- 1.15.0-rc.1
- 1.15.0-rc.0
- 1.15.0-pre.3
- 1.15.0-pre.2
- 1.15.0-pre.1
- 1.15.0-pre.0
- 1.15.0
- 1.14.9
- 1.14.8
- 1.14.7
- 1.14.6
- 1.14.5
- 1.14.4
- 1.14.3
- 1.14.2
- 1.14.13
- 1.14.12
- 1.14.11
- 1.14.10
- 1.14.1
- 1.14.0-snapshot.4
- 1.14.0-snapshot.3
- 1.14.0-snapshot.2
- 1.14.0-snapshot.1
- 1.14.0-snapshot.0
- 1.14.0-rc.1
- 1.14.0-rc.0
- 1.14.0-pre.2
- 1.14.0
- 1.13.9
- 1.13.8
- 1.13.7
- 1.13.6
- 1.13.5
- 1.13.4
- 1.13.3
- 1.13.2
- 1.13.18
- 1.13.17
- 1.13.16
- 1.13.15
- 1.13.14
- 1.13.13
- 1.13.12
- 1.13.11
- 1.13.10
- 1.13.1
- 1.13.0-rc5
- 1.13.0-rc4
- 1.13.0-rc3
- 1.13.0-rc2
- 1.13.0-rc1
- 1.13.0-rc0
- 1.13.0
- 1.12.9
- 1.12.8
- 1.12.7
- 1.12.6
- 1.12.5
- 1.12.4
- 1.12.3
- 1.12.2
- 1.12.19
- 1.12.18
- 1.12.17
- 1.12.16
- 1.12.15
- 1.12.14
- 1.12.13
- 1.12.12
- 1.12.11
- 1.12.10
- 1.12.1
- 1.12.0-rc3
- 1.12.0-rc2
- 1.12.0-rc1
- 1.12.0-rc0
- 1.12.0
- 1.11.9
- 1.11.8
- 1.11.7
- 1.11.6
- 1.11.5
- 1.11.4
- 1.11.3
- 1.11.20
- 1.11.2
- 1.11.19
- 1.11.18
- 1.11.17
- 1.11.16
- 1.11.15
- 1.11.14
- 1.11.13
- 1.11.12
- 1.11.11
- 1.11.10
- 1.11.1
- 1.11.0-rc3
- 1.11.0-rc2
- 1.11.0-rc1
- 1.11.0-rc0
- 1.11.0
- 1.10.9
- 1.10.8
- 1.10.7
- 1.10.6
- 1.10.5
- 1.10.4
- 1.10.3
- 1.10.20
- 1.10.2
- 1.10.19
- 1.10.18
- 1.10.17
- 1.10.16
- 1.10.15
- 1.10.14
- 1.10.13
- 1.10.12
- 1.10.11
- 1.10.10
- 1.10.1
- 1.10.0-rc2
- 1.10.0-rc1
- 1.10.0-rc0
- 1.10.0
- 1.1.6
- 1.1.5
- 1.1.4
- 1.1.3
- 1.1.2
- 1.1.0
- 1.0.7
- 1.0.6
- 1.0.5
- 1.0.4
- Releases list truncated to 313 entries, 325 were omitted.
Take a new snapshot of a software origin
If the archived software origin currently browsed is not synchronized with its upstream version (for instance when new commits have been issued), you can explicitly request Software Heritage to take a new snapshot of it.
Use the form below to proceed. Once a request has been submitted and accepted, it will be processed as soon as possible. You can then check its processing state by visiting this dedicated page.Processing "take a new snapshot" request ...
Permalinks
To reference or cite the objects present in the Software Heritage archive, permalinks based on SoftWare Hash IDentifiers (SWHIDs) must be used.
Select below a type of object currently browsed in order to display its associated SWHID and permalink.
Revision | Author | Date | Message | Commit Date |
---|---|---|---|---|
41fa2d3 | Ian Vernon | 29 March 2018, 19:38:46 UTC | test/runtime: reduce redundant arguments in policy formatting Use string formatting index references to populate policies within test. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
8864c72 | Ian Vernon | 29 March 2018, 19:16:42 UTC | test/runtime: send output of cilium-agent to logger The kvstore test stops the cilium service, and starts the process directly. Thus, no logs are sent to syslog; edit the command which runs the cilium-agent to send output to syslog for debugging. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
a137867 | Ian Vernon | 29 March 2018, 18:54:19 UTC | cmd: add documentation and TODO for updatePolicyKey Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
da43a12 | Ian Vernon | 29 March 2018, 18:47:03 UTC | pkg/k8s: remove remove duplicate port check for egress rules Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
d40ca2b | Ian Vernon | 29 March 2018, 18:45:02 UTC | pkg/endpoint: cleanup formatting of log message Move fields in log message to be on each line for easier readability. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
cd9318e | Ian Vernon | 29 March 2018, 18:43:37 UTC | cilium/cmd: refactor parseTrafficString Use a switch statement instead of if-else chain. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
461b151 | Ian Vernon | 29 March 2018, 18:41:28 UTC | pkg/policy: remove outdated TODO message Unit tests are added for ResolveL4EgressPolicy, so remove TODO message to add unit tests. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
3bff09e | Ian Vernon | 29 March 2018, 18:40:55 UTC | pkg/endpoint: add GitHub issue number for egress ConnTrack work Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
22e402d | Ian Vernon | 29 March 2018, 18:40:28 UTC | daemon: add TODO for GH-3394 Add TODO message for egress policy tracing. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
d1d42a4 | Joe Stringer | 29 March 2018, 17:23:50 UTC | bpf: Fix non-CT egress policy address lookup When conntrack is disabled, the destination address in the ct_tuple is not flipped, so egress IP->ID lookup was using the wrong address to lookup the destination identity. Fix it up. Signed-off-by: Joe Stringer <joe@covalent.io> | 29 March 2018, 23:54:02 UTC |
c1584a1 | Ian Vernon | 29 March 2018, 04:10:22 UTC | pkg/endpoint: populate AllowedEgressIdentities in GetPolicyModel Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
2c5d299 | Ian Vernon | 29 March 2018, 04:09:50 UTC | api: add allowed-egress-identities to EndpointPolicy Add list of allowed identities for egress communication. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
cb2f6b8 | Ian Vernon | 29 March 2018, 03:43:53 UTC | test/runtime/manifests: update conntrack test policies to account for label-based egress Now that we do label-based lookups for egress in datapath, need to explicitly add label-based egress policies because the agent's policy enforcement mode is set to 'always' (default deny for egress) for these tests. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
883125c | Ian Vernon | 28 March 2018, 20:32:41 UTC | test/runtime: add L3-dependent L7 policy and commented-out tests Tests are commented out because egress L3-dependent-L7 still needs to be added to Cilium. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
3a9d56a | Ian Vernon | 28 March 2018, 06:08:11 UTC | test/runtime: add egress L4 with L3 label wildcard test Misc. comment fixes as well. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
f4b1f47 | Ian Vernon | 28 March 2018, 04:56:00 UTC | test/runtime: add egress L3-only test Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
a871244 | Ian Vernon | 28 March 2018, 03:19:39 UTC | test/runtime: remove useless CIDR tests CIDR policy does not apply to IPs within the cluster, which this test was trying to test. So, these tests were not truly testing CIDR policy. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
79b3f5f | Ian Vernon | 28 March 2018, 03:13:44 UTC | test/runtime: enable test which was disabled due to lack of L3-dependent L4 egress enforcement Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
f5088ff | Ian Vernon | 28 March 2018, 04:29:55 UTC | test/runtime/manifests: change policy to be L3-dependent-L4 for egress Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
f86c1ec | Ian Vernon | 29 March 2018, 00:01:17 UTC | test/runtime: fix up CIDR tests to reflect datapath changes Need to add egress rules because we go into "always" PolicyEnforcement mode in the CIDR tests. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
ad6e500 | Joe Stringer | 28 March 2018, 22:14:20 UTC | bpf: Fix proxy_port lookup on egress Signed-off-by: Joe Stringer <joe@covalent.io> | 29 March 2018, 23:54:02 UTC |
0598ff5 | Joe Stringer | 28 March 2018, 22:10:44 UTC | bpf: Apply L4 rules to external IPs Previously, this check was erroneously applied to all traffic, which, in the case that there were no L4 policies, would result in allowing all traffic. Only apply this (and drop) in the case where the traffic is egressing outside the cluster. If L4 would drop the traffic, drop it; otherwise, defer to the CIDR check later in the function. Signed-off-by: Joe Stringer <joe@covalent.io> | 29 March 2018, 23:54:02 UTC |
e92575b | Joe Stringer | 28 March 2018, 21:57:35 UTC | bpf: Force inlining of handle_ipv6 Fixes an issue where clang 3.8 was generating "call 0" instructions. Signed-off-by: Joe Stringer <joe@covalent.io> | 29 March 2018, 23:54:02 UTC |
3df1264 | Joe Stringer | 28 March 2018, 21:56:38 UTC | bpf: Reduce IPv6 CIDR egress prefixes in build The number being used before was way too big, and was causing common build environments to exceed the verifier limits. Signed-off-by: Joe Stringer <joe@covalent.io> | 29 March 2018, 23:54:02 UTC |
268c35c | Ian Vernon | 28 March 2018, 02:45:12 UTC | pkg/endpoint: use correct label access call in checkEgressAccess Should be AllowsEgressLabelAccess, not AllowsIngressLabelAccess. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
3f7356d | Ian Vernon | 27 March 2018, 18:54:19 UTC | cmd: move updatePolicyKey to helpers.go This function is used both by `cilium bpf policy add` and `cilium bpf policy delete`,so move it to the file where helpers that are common to more than one command are located. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
18fbfad | Ian Vernon | 27 March 2018, 04:48:50 UTC | cmd: add directionality to `cilium bpf policy <add,delete>` Add capability to specify whether policy should apply to ingress or egress to the given BPF PolicyMap for an endpoint. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
1c640d8 | Ian Vernon | 27 March 2018, 17:54:31 UTC | cmd: add parseTrafficString helper Add a helper which converts a given string to policymap.TrafficDirection. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
93d0b8c | Ian Vernon | 27 March 2018, 17:51:42 UTC | pkg/maps/policymap: add Invalid TrafficDirection Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
ab4c7fb | Ian Vernon | 27 March 2018, 22:24:02 UTC | pkg/k8s: enable TestParseNetworkPolicyEgressL4AllowAll Enable this unit test now that L3-dependent-L4 for egress is added. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
4e242f1 | Ian Vernon | 14 March 2018, 20:11:20 UTC | pkg/policy: add label-dependent L4 for egress Rename existing functions in terms of ingress and factor out egress-related parts in now-ingress-only functions to their corresponding egress-related counterparts. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
0394dfe | Ian Vernon | 15 March 2018, 03:09:22 UTC | pkg/policy: remove unit test which disallows label-dependent l4 Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
3135a2f | André Martins | 29 March 2018, 17:02:27 UTC | Dockerfile: update cilium-builder to 2018-03-29 Signed-off-by: André Martins <andre@cilium.io> | 29 March 2018, 18:15:03 UTC |
7240a5c | Maciej Kwiek | 28 March 2018, 10:22:46 UTC | Check if localStatus is populated in health server If the status wasn't populated it caused panics. Node name is set to empty if localStatus is nil. Signed-off-by: Maciej Kwiek <maciej@covalent.io> | 29 March 2018, 17:35:37 UTC |
5c9efe0 | Eloy Coto | 29 March 2018, 14:00:03 UTC | Vagrant: Bump version to 46 Fix dependencies cache made by 996e41adf593f8d7fdbf8d34bd2a57cc635f8c64 Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 29 March 2018, 16:07:27 UTC |
b2a62c4 | Joe Stringer | 23 March 2018, 21:34:51 UTC | daemon: Clarify cases in which PATCH /endpoint waits Commit 41c08396ce4b ("daemon: Only regenerate in PATCH from valid state") removed the endpointWait from "PATCH /endpoint" in the case where the identity is not yet resolved, but introduced an unlocked access to the endpoint's state field. Fix it so that it will instead wait if the API call is forcing regeneration. Signed-off-by: Joe Stringer <joe@covalent.io> | 29 March 2018, 14:12:38 UTC |
8d87773 | Eloy Coto | 29 March 2018, 07:38:09 UTC | Ginkgo: Add NFS support on Vagrantfile Add NFS Supoort in Vagrantfile Fix #3365 Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 29 March 2018, 14:10:25 UTC |
35145e6 | Ian Vernon | 28 March 2018, 23:03:44 UTC | pkg/policy: remove fromEntities and toEntities from rule type Due to a regression introduced with the calling of rule sanitization functions, rule.sanitize() (different than Rule.sanitize) was never called at runtime, only during unit tests. As a result, any rule with toEntities or fromEntities was not properly populated during runtime. This was because the type pkg/policy:rule only populated these fields during rule.sanitize(), which as mentioned before, was not called outside of unit tests. Remove the toEntities and fromEntities fields, and just use the ToEntities and FromEntities within Rule.Ingress and Rule.Egress accordingly. While this involves a map lookup to map entities to their corresponding EndpointSelector, this means that we now only have one code path for validating rules; having multiple ones, as shown by the regression, is error-prone. Update the policy resolution functions to account for this change, as well as unit tests. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 14:09:42 UTC |
df40e26 | Tony Lambiris | 29 March 2018, 11:17:31 UTC | Update rpm packaging files | 29 March 2018, 14:08:28 UTC |
adeacc1 | Jarno Rajahalme | 28 March 2018, 19:54:47 UTC | daemon: Merge Envoy logs with cilium logs by default. Use a file logger for Envoy only if non-empty '--envoy-log' command line parameter is given. Otherwise merge Envoy logs with Cilium logs with 'subsys=envoy-<part>', where '<part>' is Envoy's logger name (e.g., "filter", "upstream", "router", etc.). When merging Envoy logs to Cilium logs all Envoy log messages will be logged at "Debug" level. This causes Envoy logs only appear when Cilium is in debug mode. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 29 March 2018, 05:00:41 UTC |
996e41a | Jarno Rajahalme | 28 March 2018, 17:30:31 UTC | envoy: Rebase to Envoy master. Need support for `--log-format` command line option. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 29 March 2018, 05:00:41 UTC |
18f8a83 | Eloy Coto | 29 March 2018, 04:49:32 UTC | Test: Fix RuntimeValidatedConntrackTest test flake (#3333) * Test: Fix RuntimeValidatedConntrackTest test flake - TestConnectivity started without waiting for all endpoints to be in ready state. - Fix some assert messages Fix #3330 Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 29 March 2018, 04:49:32 UTC |
1d7f869 | Joe Stringer | 25 March 2018, 23:25:06 UTC | test/bpf: Add unit tests for CIDR lookups Signed-off-by: Joe Stringer <joe@covalent.io> | 29 March 2018, 04:25:20 UTC |
ac45144 | Joe Stringer | 28 March 2018, 18:15:14 UTC | bpf: Rearrange CIDR map declarations Previously, in certain combinations of #defines, the lpmx_xxgress_lookup functions were being double-defined. Prevent this by arranging the declarations in a more sensible manner: * If either ingress/egress policy is defined, define the common fns -> Handle availability / non-availability of LPM * If ingress policy is defined, define map lookups on ingress -> LPM-based lookup or hash-based using common fns * If egress policy is defined, define map lookups on egress -> LPM-based lookup or hash-based using common fns Signed-off-by: Joe Stringer <joe@covalent.io> | 29 March 2018, 04:25:20 UTC |
53339a8 | Joe Stringer | 28 March 2018, 18:15:14 UTC | bpf: Fix IPv4 CIDR prefix matches on older kernels The IPv6 path already had this GET_PREFIX() macro which does the right thing, reuse it. Fixes: #3352 Signed-off-by: Joe Stringer <joe@covalent.io> | 29 March 2018, 04:25:20 UTC |
99171fc | Joe Stringer | 28 March 2018, 17:11:12 UTC | bpf: Fix default build The target for cilium-map-migrate was the first target in the file, which meant it would be the only target compiled in the bpf/ directory. Move it later in the file so that all files are built. Signed-off-by: Joe Stringer <joe@covalent.io> | 29 March 2018, 04:25:20 UTC |
bc85290 | Joe Stringer | 28 March 2018, 17:10:20 UTC | bpf: Quieten Makefile comment Signed-off-by: Joe Stringer <joe@covalent.io> | 29 March 2018, 04:25:20 UTC |
5a19754 | Maciej Kwiek | 28 March 2018, 14:55:38 UTC | Fix ingress allow all example Signed-off-by: Maciej Kwiek <maciej@covalent.io> | 28 March 2018, 16:48:32 UTC |
a2782f9 | Eloy Coto | 28 March 2018, 06:46:17 UTC | Doc: Address PR comments Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 28 March 2018, 15:13:43 UTC |
598d846 | Eloy Coto | 26 March 2018, 09:10:39 UTC | Documentation: Add Packer-ci-build project and Ginkgo Helpers Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 28 March 2018, 15:13:43 UTC |
93016a4 | André Martins | 26 March 2018, 09:08:23 UTC | Jenkinsfile: update kubernetes version to test Change default kubernetes version to be tested against kubernetes 1.7 and 1.10-rc1. Add all other kubernetes versions to be tested. Signed-off-by: André Martins <andre@cilium.io> | 28 March 2018, 15:12:39 UTC |
9acf84c | André Martins | 26 March 2018, 08:58:04 UTC | test: update kubernetes to 1.10.0 Specified a kubernetes version for each major.minor k8s version. Signed-off-by: André Martins <andre@cilium.io> | 28 March 2018, 15:12:39 UTC |
6d3aa1e | Thomas Graf | 28 March 2018, 05:34:36 UTC | test: Verify L4 rule with L3 wildcard correctnes Fixes: #3231 Signed-off-by: Thomas Graf <thomas@cilium.io> | 28 March 2018, 14:16:02 UTC |
f28edb0 | Ian Vernon | 28 March 2018, 06:51:31 UTC | test/runtime/manifests: fix typo in policy Change id.http2 --> id.httpd2. This rule wasn't actually selecting any endpoints. Signed-off by: Ian Vernon <ian@cilium.io> | 28 March 2018, 09:06:45 UTC |
d1798b3 | Eloy Coto | 27 March 2018, 09:06:23 UTC | Test: Add variadic argument on Node.Exec functions Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 28 March 2018, 08:50:23 UTC |
5d77fd6 | Eloy Coto | 26 March 2018, 15:25:41 UTC | Test: Added JustAfterEach and AfterFailed in Nightly test Adapt Nightly test to the ginkgo-ext helpers functions Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 28 March 2018, 08:50:23 UTC |
b75e569 | Eloy Coto | 26 March 2018, 15:25:24 UTC | Ginkgo: Add Measure in Ginkgo-ext Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 28 March 2018, 08:50:23 UTC |
f8b64a5 | Eloy Coto | 26 March 2018, 15:14:49 UTC | Test: Added JustAfterEach and AfterFailed in k8st test Added JustAfterEach and AfterFailed in all kubernetes test Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 28 March 2018, 08:50:23 UTC |
b60eaa3 | Eloy Coto | 26 March 2018, 15:02:11 UTC | Ginkgo: Refactor kubectl.CiliumReport Avoid the use of CiliumPod in the CiliumReport and use all cilium pods Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 28 March 2018, 08:50:23 UTC |
9cbc269 | Eloy Coto | 26 March 2018, 14:31:50 UTC | Test: Refactor runtime test to use AfterEach and AfterFail functions Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 28 March 2018, 08:50:23 UTC |
4b787f5 | Eloy Coto | 26 March 2018, 13:31:18 UTC | Ginkgo: Add JustAfterEach and AfterFailed helper functions Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 28 March 2018, 08:50:23 UTC |
b09fe2f | Eloy Coto | 26 March 2018, 12:54:18 UTC | Test: add a option to not output log to GinkgoWriter Add a option to not duplicated the information across test_results Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 28 March 2018, 08:50:23 UTC |
63682d6 | Thomas Graf | 28 March 2018, 02:47:36 UTC | bpf: Fix return value of lpm{46}_ingress_lookup When policy enforcement is disabled, these lookup calls should always return a positive value to indicate a match. This bug had no effect so far as calls to these functions are currently protected by defines only defined when policy enforcement is enabled. Signed-off-by: Thomas Graf <thomas@cilium.io> | 28 March 2018, 05:54:03 UTC |
b9bd015 | Thomas Graf | 28 March 2018, 00:40:41 UTC | bpf: Fix egress CIDR policy enforcement The existing egress CIDR enforcement lookup was performed correctly but relied on a later policy check enforcing a drop and thus only marked the packet to skip the policy check instead of dropping it directly. The latter policy check was removed and since broke the egress CIDR policy enforcement. The CI test is in-effective and thus did not catch this regression. This commit fixes the bug, the CI test will be fixed in a separate commit. Fixes: #3345 Fixes: #3340 Signed-off-by: Thomas Graf <thomas@cilium.io> | 28 March 2018, 05:54:03 UTC |
41e9af3 | Manali Bhutiyani | 28 March 2018, 03:29:44 UTC | docs: Fix the Kafka policy to use the new role in the GSG Fixes: #3349 Signed-Off-By: Manali Bhutiyani <manali@covalent.io> | 28 March 2018, 04:46:45 UTC |
1237ec3 | Joe Stringer | 27 March 2018, 22:08:16 UTC | monitor: Fix egress identity mapping output Signed-off-by: Joe Stringer <joe@covalent.io> | 28 March 2018, 03:45:10 UTC |
f53a362 | Joe Stringer | 25 March 2018, 02:25:16 UTC | monitor: Fix ct entry port byteorder in output Signed-off-by: Joe Stringer <joe@covalent.io> | 28 March 2018, 03:45:10 UTC |
3d82a4b | Daniel Borkmann | 21 March 2018, 11:02:32 UTC | maps: allow for migration when map properties change Currently, when changing simple map properties such as type, key/value size, maximum number of elements or flags, then the loader rightfully bails out when it sees an already pinned map node comparing it to the one specified in the object file. The issue is that this makes it hard to upgrade certain maps, e.g. tail call maps when they get extended with new call entries or other generic maps when bumping their maximum elements or changing key/value size. For tail call maps, we temporarily move the map to a different location in the bpf fs and once the prog got installed successfully then we can unlink it such that the old map gets released eventually, or in case of failure, we can move it back. This patch generalizes such migration of the data path such that updates on any maps would work. It consists of two parts, i) object based tool that checks directly all maps in the generated object file agains the pinned ones, and ii) daemon based checks on daemon-triggered map creation. The former also allows to get rid of remove_non_persistent_map() in the init.sh before each bpf_load(), and the cilium_calls_${EPID} specific workaround in the join_ep.sh. The cilium-map-migrate tool will report into the journal once map migration needed to be done. On the daemon side, we move the existing migrate() logic out of the Map's OpenOrCreate() handler into the lower-level OpenOrCreateMap() function, since the latter is used also from other locations where we otherwise would need to duplicate the logic. It also makes sense to actually check what we've received from ObjGet() call and whether it matches with the request instead of blindly passing the fd onwards. The original migrate() logic is extended to remove the map with exception to tail call maps due to eviction of prog entries upon inode removal. Limitations: what cannot be detected as of today is struct changes in the key/value for the case where the size doesn't change. There will be kernel side support with BPF type format soon for allowing this at least on newer kernels. Also, there will be data loss for the time being when such conflict in map properties is detected on live update. In future, BPF type format we could make this more graceful by automating such upgrades with a mapping scheme between the two maps. Fixes: #3182 Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 28 March 2018, 00:20:45 UTC |
089e625 | Daniel Borkmann | 21 March 2018, 11:02:32 UTC | bpf: import elf headers to avoid extra dep Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 28 March 2018, 00:20:45 UTC |
edb8896 | Romain Lenglet | 27 March 2018, 06:25:07 UTC | ctmap: Move doFiltering debug logs under flowdebug Fixes: #3295 Signed-off-by: Romain Lenglet <romain@covalent.io> | 28 March 2018, 00:10:13 UTC |
edda929 | Romain Lenglet | 27 March 2018, 06:11:14 UTC | envoy: Fix xDS server start log message Fixes: #3273 Signed-off-by: Romain Lenglet <romain@covalent.io> | 28 March 2018, 00:10:13 UTC |
87c62e3 | Ian Vernon | 27 March 2018, 21:07:23 UTC | pkg/endpoint: pass denied egress identities to UpdateNetworkPolicy Signed-off by: Ian Vernon <ian@cilium.io> | 27 March 2018, 23:30:54 UTC |
1b03f6d | Romain Lenglet | 27 March 2018, 21:44:54 UTC | envoy: Don't try to set the endpoint's policy revision if policy is nil Signed-off-by: Romain Lenglet <romain@covalent.io> | 27 March 2018, 23:06:06 UTC |
59ef1e3 | Romain Lenglet | 27 March 2018, 20:39:29 UTC | envoy: Use mutex to protect field accesses in Cilium xDS server Fixes: #3329 Signed-off-by: Romain Lenglet <romain@covalent.io> | 27 March 2018, 23:06:06 UTC |
cecd5f1 | Ian Vernon | 23 March 2018, 00:46:54 UTC | test/helpers: do not wait for endpoint to regenerate in EndpointSetConfig The command to set configuration should take care of this; clients should not have to implement logic to set configuration on endpoints based off of endpoint state. Signed-off by: Ian Vernon <ian@cilium.io> | 27 March 2018, 22:25:58 UTC |
28b6b78 | Ian Vernon | 22 March 2018, 21:13:17 UTC | pkg/endpoint: update variable from changed --> needToRegenerateBPF Make variable more evocative of what it means. Signed-off by: Ian Vernon <ian@cilium.io> | 27 March 2018, 22:25:58 UTC |
5b62f57 | Ian Vernon | 22 March 2018, 16:40:25 UTC | pkg/endpoint: check endpoint state before trying to regenerate * check if endpoint state is able to be changed to waiting-to-regenerate before trying configuration update * return error if after a hardcoded timeout, regeneration is unable to occur if endpoint state not able to be changed to waiting-to-regenerate. Signed-off by: Ian Vernon <ian@cilium.io> | 27 March 2018, 22:25:58 UTC |
9ea330a | Ian Vernon | 27 March 2018, 18:20:48 UTC | F | 27 March 2018, 22:25:00 UTC |
61f903d | Ian Vernon | 23 March 2018, 22:26:52 UTC | pkg/ipcache: only unmarshal value of key-value store event for create events The value is only populated for create events; for delete events, it is not populated. Thus, added a new function which extracts the IP from the key; this is similar to what is done for `pkg/kvstore/allocator`. Add unit tests for this conversion as well. Also do the following: * Update code-comment for EventTypeListDone to be more accurate. * Add event type to log message were we cannot unmarshal data from the key-value store. Signed-off by: Ian Vernon <ian@cilium.io> | 27 March 2018, 22:25:00 UTC |
e2fe78d | Ian Vernon | 24 March 2018, 00:10:49 UTC | daemon: only use value for Upsert CacheModification The value field is not used in Delete CacheModification, so only set the value in Upsert CacheModification. Signed-off by: Ian Vernon <ian@cilium.io> | 27 March 2018, 22:25:00 UTC |
ce762dd | Romain Lenglet | 27 March 2018, 05:27:03 UTC | npds: Send allow-all policy when enforcement is disabled for endpoint Signed-off-by: Romain Lenglet <romain@covalent.io> | 27 March 2018, 20:20:07 UTC |
992733d | Romain Lenglet | 27 March 2018, 04:31:43 UTC | npds: Convert nil L4Policy into deny-all policy Any endpoint with a nil L4Policy was causing a panic. Instead, generate a policy that denies all traffic at both ingress and egress. Signed-off-by: Romain Lenglet <romain@covalent.io> | 27 March 2018, 20:20:07 UTC |
0c6d916 | Eloy Coto | 26 March 2018, 09:45:36 UTC | Test: Fix assert message on kafka tests Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 27 March 2018, 19:43:14 UTC |
6046566 | Ray Bejjani | 27 March 2018, 11:02:26 UTC | endpoint: Print endpoint logs to agent logs We record information for retrieval with 'cilium endpoint log' but we never log it as part of the agent logs. This change includes an equivalent debug print of these changes. Signed-off-by: Ray Bejjani <ray@covalent.io> | 27 March 2018, 18:29:28 UTC |
9e6265f | Ray Bejjani | 27 March 2018, 11:39:12 UTC | k8s: Fix formatted annotation log | 27 March 2018, 18:29:28 UTC |
0c1fd16 | André Martins | 27 March 2018, 12:43:49 UTC | Dockerfile: increment image builder to 2018-03-27 Signed-off-by: André Martins <aanm90@gmail.com> | 27 March 2018, 14:00:32 UTC |
f75755f | André Martins | 27 March 2018, 12:34:35 UTC | packaging/docker: add libelf-dev to builder image Signed-off-by: André Martins <aanm90@gmail.com> | 27 March 2018, 14:00:32 UTC |
6b37ad6 | Romain Lenglet | 26 March 2018, 18:05:42 UTC | api: Remove redirects from proxy status Remove the redirects field from proxy status in "cilium status". Move allocated-proxy-port field into proxy-statistics in "cilium endpoint get". Sort the elements of proxy-statistics. Signed-off-by: Romain Lenglet <romain@covalent.io> | 27 March 2018, 05:35:10 UTC |
7ad82c8 | Romain Lenglet | 23 March 2018, 22:05:37 UTC | proxy: Update endpoint stats from Kafka proxy Rename NetworkPolicyEndpoint interface into EndpointUpdater. Move EndpointUpdater from pkg/envoy into pkg/proxy/logger to make usable from the Kafka proxy. Update stats from Kafka proxy after logging into access log. Fix access logging to only log and account once when a request is denied and a response can't be created. Add endpoint identities, IP addresses, and ports in Kafka response access logs. This is also required to be able to derive endpoint stats. Look up original destination address and port of a Kafka request connection only once after accepting the connection, instead of for every request. Simplify the implementation of handleRequests as it was always passed a nil log record. Signed-off-by: Romain Lenglet <romain@covalent.io> | 27 March 2018, 05:35:10 UTC |
ddcbdcc | Romain Lenglet | 23 March 2018, 06:57:41 UTC | api: Move redirect statistics from proxy status to endpoint Remove statistics from ProxyRedirectStatus. Add security identity and labels SHA256 to ProxyRedirectStatus. Move ProxyRedirectStatistics into Endpoint (cilium endpoint get) and redefine it as a subset of ProxyRedirectStatus plus statistics. The output of cilium endpoint get now contains stats like: "proxy-statistics": [ { "location": "ingress", "port": 80, "protocol": "http", "statistics": { "requests": { "denied": 12, "forwarded": 15, "received": 27 }, "responses": { "forwarded": 15, "received": 15 } } } ], Signed-off-by: Romain Lenglet <romain@covalent.io> | 27 March 2018, 05:35:10 UTC |
8f3f573 | Romain Lenglet | 22 March 2018, 22:23:44 UTC | envoy: Extract network policy name and obs point from log records Associate access log producers to network policies. Remove all logging logic from Redirect. Add the observation point (ingress / egress) in every Envoy log record, and use that to create an access log record. Remove all stats logic from Redirect, to decouple stats from redirects to local proxies. Split the LogRecordProducer interface into the existing LogRecordNotifier interface and a new EndpointInfoRegistry interface. Group identity lookup by ID and by IP under the same EndpointInfoRegistry interface. Split files for readability: logger.go: move enpoint info interface into epinfo.go proxy.go: move Redirect into redirect.go, getMagicMark into mark.go Signed-off-by: Romain Lenglet <romain@covalent.io> | 27 March 2018, 05:35:10 UTC |
837c044 | Romain Lenglet | 22 March 2018, 21:24:55 UTC | envoy: Use policy name instead of listener ID in access logs Remove duplicate accesslog.pb.go. Move files related to access log protobufs into the right package: pkg/envoy/cilium. Remove listener_id from filter configuration. Use network policy resource name instead. Signed-off-by: Romain Lenglet <romain@covalent.io> | 27 March 2018, 05:35:10 UTC |
49fcc49 | Joe Stringer | 26 March 2018, 20:59:09 UTC | endpoint: Sweep old identities in applyNewFilter Each time we apply a new filter, sweep through the policymap entries and clear out any identities that don't exist in the new labelsMap. Fixes: #3314 Signed-off-by: Joe Stringer <joe@covalent.io> | 27 March 2018, 02:44:00 UTC |
74a92f3 | Joe Stringer | 26 March 2018, 20:20:15 UTC | endpoint: Delete old policies based on old labelsMap Related: #3314 Signed-off-by: Joe Stringer <joe@covalent.io> | 27 March 2018, 02:44:00 UTC |
45276cb | Manali Bhutiyani | 26 March 2018, 20:10:28 UTC | CI/tests: Make Kafka service headless Fixes: #3319 Signed-Off-By: Manali Bhutiyani <manali@covalent.io> | 27 March 2018, 00:03:47 UTC |
ee379a5 | Manali Bhutiyani | 26 March 2018, 20:03:18 UTC | docs: Make Kafka service headless Fixes: #3319 Signed-Off-By: Manali Bhutiyani <manali@covalent.io> | 27 March 2018, 00:03:47 UTC |
e1143c5 | Joe Stringer | 24 March 2018, 23:51:44 UTC | health: Fix succinct/verbose modes. Commit 11f420b59d9d ("health: Format localhost first in status output") inadventently swapped the order of the 'succinct' and 'verbose' parameters, leading to weird results with respect to verbosity on the commandline. Put them back in the right order. Signed-off-by: Joe Stringer <joe@covalent.io> | 26 March 2018, 20:12:44 UTC |
e91065b | Eloy Coto | 26 March 2018, 16:02:06 UTC | Vagrant: Bump minimal version to 2.0 Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 26 March 2018, 18:45:52 UTC |
28c8871 | Eloy Coto | 24 March 2018, 19:47:43 UTC | Vagrant: Update base box version Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 26 March 2018, 18:12:08 UTC |
f43c706 | Shantanu Deshpande | 24 March 2018, 15:35:32 UTC | Use alpine as base image for Docs container 1. Modify Docs Dockerfile to use alpine. 2. Modify Makefile to use newer docker cli commands. Signed-off-by: Shantanu Deshpande <shantanud106@gmail.com> | 26 March 2018, 07:37:53 UTC |