https://github.com/cilium/cilium
- HEAD
- refs/heads/1.2.7-hotfix1-fqdn-regen
- refs/heads/EndpointPolicyEnformcement
- refs/heads/add_metrics_to_scale_test
- refs/heads/all-scalability-improvements
- refs/heads/beta/service-mesh
- refs/heads/bpf-metrics
- refs/heads/brb/brb-patch-2
- refs/heads/cilium-envoy-crd-pre-beta
- refs/heads/cilium-no-gopath
- refs/heads/cli-upgrade-v1.12-ci-test
- refs/heads/clustermesh511-upgrade-test
- refs/heads/committers-codeowners
- refs/heads/dev/joe/v1.8-with-hostfw-fixes
- refs/heads/encrypt-node-fixes
- refs/heads/encrypted-overlay-xfrm-policies
- refs/heads/ensure-macos-build-succeeds
- refs/heads/envoy-policy-precedence
- refs/heads/envoy-warnings-cleanup
- refs/heads/extension-mysql
- refs/heads/feature/cep-scalability
- refs/heads/feature/devices-and-addresses
- refs/heads/feature/devices-reconciliation-v1.16
- refs/heads/feature/main/svc-icmp-response
- refs/heads/feature/service-refactor
- refs/heads/feature/service-refactor-fresh
- refs/heads/feature/v1.11/beta-test
- refs/heads/feature/v1.11/k8s-ingress
- refs/heads/fix-error-wrapping-1.13
- refs/heads/fix-error-wrapping-1.14
- refs/heads/fix-error-wrapping-1.15
- refs/heads/fix-iphealth
- refs/heads/fqdn-fixl3-wildcard
- refs/heads/fristonio/iptables-manager-fix
- refs/heads/ft/main/chancez/push-dev-charts
- refs/heads/ft/main/push_chart_stable_branches_fix
- refs/heads/ft/main/test_push_chart_updates
- refs/heads/gce-example
- refs/heads/gh-readonly-queue/main/pr-27509-78a5f177693fb443cd946441f45826bf7fa2437a
- refs/heads/ginkgo-better-timeout
- refs/heads/graduation
- refs/heads/hf/main/ipam-pools-build-230605
- refs/heads/hf/master/v1.12-rc2-health-dbg-v1
- refs/heads/hf/master/wg-fix-ipam-k8s-v2
- refs/heads/hf/v1.10/cls-prio2
- refs/heads/hf/v1.10/debug-taint-removal
- refs/heads/hf/v1.10/v1.10.10-with-19452
- refs/heads/hf/v1.10/v1.10.2-fix-ipsec-ep-routes
- refs/heads/hf/v1.10/v1.10.5-with-identity-leak-fix
- refs/heads/hf/v1.10/v1.10.7-additional-logs
- refs/heads/hf/v1.10/v1.10.7-exclude-local
- refs/heads/hf/v1.10/v1.10.7-exclude-loopback
- refs/heads/hf/v1.10/v1.10.7-extra-logs
- refs/heads/hf/v1.10/v1.10.7-more-logs
- refs/heads/hf/v1.10/v1.10.8-deadlock-and-complexity-fix
- refs/heads/hf/v1.10/v1.10.8-deadlock-fix
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v3
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v4
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v5
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v6
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v7
- refs/heads/hf/v1.11/1.11.4-custom-taint
- refs/heads/hf/v1.11/19247-custom-taint-key
- refs/heads/hf/v1.11/dbg-svc-restore
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak-eni-attach-and-logging
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak-eni-attachment
- refs/heads/hf/v1.11/v1.11.3-with-19259
- refs/heads/hf/v1.11/v1.11.4-custom-taint
- refs/heads/hf/v1.11/v1.11.5-and-19247-eed5544
- refs/heads/hf/v1.11/xdp-multidev-v1
- refs/heads/hf/v1.11/xdp-multidev-v2-ipcache-fix
- refs/heads/hf/v1.12/next-net-v1
- refs/heads/hf/v1.12/v1.12.18-994
- refs/heads/hf/v1.12/v1.12.3-debug-k8s-heartbeat
- refs/heads/hf/v1.12/v1.12.3-debug-k8s-heartbeat-v2
- refs/heads/hf/v1.13/bpf-sock-l7-fix
- refs/heads/hf/v1.13/v1.13.2-with-24875
- refs/heads/hf/v1.13/v1.13.3-with-26242
- refs/heads/hf/v1.14/cidr-identity-refcnt-fix
- refs/heads/hf/v1.14/v1.14-with-27327
- refs/heads/hf/v1.7/v1.7.15-with-neighbor-fix
- refs/heads/hf/v1.7/v1.7.15-with-neighbor-fix-2
- refs/heads/hf/v1.8/v1.8.13-with-19452
- refs/heads/hf/v1.8/v1.8.6-eni-cidr-fix-1
- refs/heads/hf/v1.8/v1.8.6-eni-cidr-fix-15303
- refs/heads/hf/v1.8/v1.8.7-with-fqdn-underscore-fix
- refs/heads/hf/v1.8/v1.8.8-eni-cidr-fix-1
- refs/heads/hf/v1.8/v1.8.8-with-encrypt-fixes
- refs/heads/hf/v1.9/v1.9.8-azure-ipam-fix
- refs/heads/hf/v1.9/v1.9.9-azure-pod-egress-fix
- refs/heads/images/runtime/20210830
- refs/heads/ipc-demo
- refs/heads/ktls-tx-only
- refs/heads/ktls-tx-only-v2
- refs/heads/ktls-tx-rx
- refs/heads/ktls-tx-rx-v2
- refs/heads/ktls-tx-rx-v3
- refs/heads/ktls-tx-rx-v4
- refs/heads/ktls-tx-rx-v5
- refs/heads/ldelossa/feat/bgp-control-plane
- refs/heads/ldelossa/segment-makefiles
- refs/heads/ldelossa/segment-makefiles-v2
- refs/heads/ldelossa/srv6-encap-fib
- refs/heads/lizrice/pr/cli-confusion
- refs/heads/main
- refs/heads/marseel-modularize_scale_test
- refs/heads/marseel_scale_test_100_nodes
- refs/heads/multi-stack-dev-vm
- refs/heads/pr/1-9-ci-test
- refs/heads/pr/aanm-update-k8s-conformance
- refs/heads/pr/aanm/bisect
- refs/heads/pr/aanm/test-31027
- refs/heads/pr/add-controller-identity
- refs/heads/pr/aditighag/lrp-skip-lb
- refs/heads/pr/asauber/link-local-as-host
- refs/heads/pr/asauber/max-ifindex-metric
- refs/heads/pr/avoid-ct-for-dsr
- refs/heads/pr/backend-state
- refs/heads/pr/bbb-cpy
- refs/heads/pr/bimmlerd/modularize-bandwidth-manager
- refs/heads/pr/bimmlerd/v1.12-backport-quay-org-from-env
- refs/heads/pr/bounded-loops
- refs/heads/pr/bpf-based-masquerading
- refs/heads/pr/bpf-edt-proxy
- refs/heads/pr/brb/arping-nexthop
- refs/heads/pr/brb/arping-via-gw
- refs/heads/pr/brb/auto-multi-dev-v2
- refs/heads/pr/brb/backport-1.8.5-nat-gc
- refs/heads/pr/brb/bpf-host-routing-wg
- refs/heads/pr/brb/bpf-lxc-no-redirect
- refs/heads/pr/brb/bpf-masq-veth
- refs/heads/pr/brb/bpf-multihoming
- refs/heads/pr/brb/cgroup-v2-test
- refs/heads/pr/brb/check-errors-in-logs
- refs/heads/pr/brb/ci
- refs/heads/pr/brb/ci-1111
- refs/heads/pr/brb/ci-2
- refs/heads/pr/brb/ci-4.19
- refs/heads/pr/brb/ci-arping-flake
- refs/heads/pr/brb/ci-bigtcp
- refs/heads/pr/brb/ci-bpf-netdev-without-egress
- refs/heads/pr/brb/ci-cleanup-svc
- refs/heads/pr/brb/ci-dbg-conformance-kind
- refs/heads/pr/brb/ci-dbg-external
- refs/heads/pr/brb/ci-dbg-flake-from-outside
- refs/heads/pr/brb/ci-demo
- refs/heads/pr/brb/ci-disable-ces-for-egress-gw
- refs/heads/pr/brb/ci-dp-disable-bpf-host-routing
- refs/heads/pr/brb/ci-dp-hubble-flows
- refs/heads/pr/brb/ci-dp-more-diversity
- refs/heads/pr/brb/ci-dp-v1.13
- refs/heads/pr/brb/ci-dp-v6
- refs/heads/pr/brb/ci-dp-verifier
- refs/heads/pr/brb/ci-e2e-enable-debug-ipsec
- refs/heads/pr/brb/ci-e2e-helm-mode-v1.13
- refs/heads/pr/brb/ci-e2e-lvh-retry
- refs/heads/pr/brb/ci-e2e-more-nodes
- refs/heads/pr/brb/ci-e2e-new-cli
- refs/heads/pr/brb/ci-e2e-nft
- refs/heads/pr/brb/ci-e2e-unsafe
- refs/heads/pr/brb/ci-e2e-unsafe-v2
- refs/heads/pr/brb/ci-e2e-upgrade-tests
- refs/heads/pr/brb/ci-e2e-upgrade-tests-ipsec
- refs/heads/pr/brb/ci-eks-ipsec-upgrade
- refs/heads/pr/brb/ci-fix-ip-masq-dry-run
- refs/heads/pr/brb/ci-ipsec-upgrade-fix
- refs/heads/pr/brb/ci-ipsec-upgrade-missed-tail-calls
- refs/heads/pr/brb/ci-ipsec-upgrade-v1.13
- refs/heads/pr/brb/ci-ipsec-upgrade-vol2
- refs/heads/pr/brb/ci-keep-missed-tail-calls
- refs/heads/pr/brb/ci-l7-nodeport
- refs/heads/pr/brb/ci-lvh-4.19
- refs/heads/pr/brb/ci-lvh-5.4
- refs/heads/pr/brb/ci-lvh-5.4-v2
- refs/heads/pr/brb/ci-lvh-bpf-next
- refs/heads/pr/brb/ci-no-self-hosted
- refs/heads/pr/brb/ci-pass-kernel-env
- refs/heads/pr/brb/ci-prepull-l4lb
- refs/heads/pr/brb/ci-refactor-svc-suite
- refs/heads/pr/brb/ci-rm-smoke-tests
- refs/heads/pr/brb/ci-sanity
- refs/heads/pr/brb/ci-test
- refs/heads/pr/brb/ci-test-2
- refs/heads/pr/brb/ci-test-k8s-vsn-swap
- refs/heads/pr/brb/ci-test-large-runners
- refs/heads/pr/brb/ci-uffff
- refs/heads/pr/brb/ci-upgrade-vol-2
- refs/heads/pr/brb/ci-upgrade-vol-3
- refs/heads/pr/brb/cilium-host-v6-from-ipam
- refs/heads/pr/brb/cli-bump-test
- refs/heads/pr/brb/datapath-loop-dbg
- refs/heads/pr/brb/dbg-ci
- refs/heads/pr/brb/dbg-conformance-gke
- refs/heads/pr/brb/dbg-master-np-vxlan-ipcache-ci
- refs/heads/pr/brb/debug-nodeport-bpf-flake
- refs/heads/pr/brb/do-not-derive-pod-cidrs-from-dev
- refs/heads/pr/brb/do-not-query-dev-for-arping
- refs/heads/pr/brb/docs--wg-what-encrypted
- refs/heads/pr/brb/docs-clarify-egress-gw-ip-addr-dp
- refs/heads/pr/brb/drop-notify
- refs/heads/pr/brb/dsr
- refs/heads/pr/brb/dsr-v2
- refs/heads/pr/brb/dualstack-ci
- refs/heads/pr/brb/enable-ipv6-per-endpoint-routes
- refs/heads/pr/brb/fib-lookup-src
- refs/heads/pr/brb/fix-backend-id-u32
- refs/heads/pr/brb/fix-ci-dp-deprecation-warn
- refs/heads/pr/brb/fix-clang-vsn-regexp
- refs/heads/pr/brb/fix-egress-ip-16147
- refs/heads/pr/brb/fix-external-ip-dp
- refs/heads/pr/brb/fix-maglev-del
- refs/heads/pr/brb/fix-nodeport-hostnetns
- refs/heads/pr/brb/fix-np-redir-l3-to-tunnel
- refs/heads/pr/brb/fix-stale-dsr
- refs/heads/pr/brb/fix-svc-backend-selection
- refs/heads/pr/brb/fix-third-host
- refs/heads/pr/brb/gh-action-cgr
- refs/heads/pr/brb/gh-action-lvh
- refs/heads/pr/brb/gh-install-cli-backup
- refs/heads/pr/brb/ginkgo-kpr-strict
- refs/heads/pr/brb/ginkgo-rm-update-tests
- refs/heads/pr/brb/go-crazy
- refs/heads/pr/brb/hubble-tcp-ack-seq-no
- refs/heads/pr/brb/improve-svc-restore
- refs/heads/pr/brb/istio-getsockopt
- refs/heads/pr/brb/it-cannot-be-truth
- refs/heads/pr/brb/kpr-svc-mesh
- refs/heads/pr/brb/kubeproxy-free-ci
- refs/heads/pr/brb/l7-np-bpf
- refs/heads/pr/brb/l7-rerevert
- refs/heads/pr/brb/lets-be-friends-with-ipsec
- refs/heads/pr/brb/lvh-kind-127
- refs/heads/pr/brb/lvh-kind-ipsec-upgrade
- refs/heads/pr/brb/meyskens/auth-ep-gc-locks
- refs/heads/pr/brb/multi-network
- refs/heads/pr/brb/no-cache-snat
- refs/heads/pr/brb/no-rev-nat-bpf-lxc-ingress
- refs/heads/pr/brb/node-id-per-fam
- refs/heads/pr/brb/nodeport-xlr-flag
- refs/heads/pr/brb/perf-wg
- refs/heads/pr/brb/pin-lvh
- refs/heads/pr/brb/push-ci-charts
- refs/heads/pr/brb/pwru
- refs/heads/pr/brb/rm-arping-l2-addr-check
- refs/heads/pr/brb/rm-no-redirect
- refs/heads/pr/brb/rm-np-deadcode
- refs/heads/pr/brb/rm-partial-host-svc
- refs/heads/pr/brb/rm-test-gke
- refs/heads/pr/brb/test-bpf-masq
- refs/heads/pr/brb/test-ci-e2e
- refs/heads/pr/brb/test-ci-e2e-v1.13
- refs/heads/pr/brb/test-kind
- refs/heads/pr/brb/third-host-more-pain
- refs/heads/pr/brb/timing-l4lb-gh-action
- refs/heads/pr/brb/triage-flake-v2
- refs/heads/pr/brb/triage-lb-flake
- refs/heads/pr/brb/unquarantine-svc
- refs/heads/pr/brb/v1.10-istio-snat
- refs/heads/pr/brb/v1.12-ci-e2e
- refs/heads/pr/brb/v1.12-ci-ipsec-upgrade
- refs/heads/pr/brb/v1.12-test-ipsec-upgrade
- refs/heads/pr/brb/v1.13-ci-e2e
- refs/heads/pr/brb/v1.13-remote-np
- refs/heads/pr/brb/v1.13-upgrade-fixes
- refs/heads/pr/brb/v1.14-ci-e2e-upgrade
- refs/heads/pr/brb/v1.14-drop-notify
- refs/heads/pr/brb/v1.6.9-iptables-W
- refs/heads/pr/brb/v1.8-fix-icmp-port-check
- refs/heads/pr/brb/wg-encrypt-node-test
- refs/heads/pr/brb/wg-hack
- refs/heads/pr/brb/wg-ipam-fix
- refs/heads/pr/brb/wg-kpr
- refs/heads/pr/brb/wg-test
- refs/heads/pr/brb/wip
- refs/heads/pr/brb/wip-ci
- refs/heads/pr/brb/wip-sync-policy-map
- refs/heads/pr/brb/xdp-egress-gw
- refs/heads/pr/brb/xdp-multidev-with-bpf-multihoming
- refs/heads/pr/brb/xdp-multidev-with-bpf-multihoming-v2
- refs/heads/pr/brlbil/ci-remove-unsupported-k8s-version-1.13
- refs/heads/pr/bruno/sleepy-pawn
- refs/heads/pr/bugtool-systemd
- refs/heads/pr/bwm-base2
- refs/heads/pr/bwm-priority
- refs/heads/pr/chancez/add_hubble_l7_dashboard_prometheus_example
- refs/heads/pr/chancez/fix_websocket_l7_policies
- refs/heads/pr/chancez/flow_filter_namespace
- refs/heads/pr/chancez/hubble_cel
- refs/heads/pr/chancez/hubble_plus_plus
- refs/heads/pr/chancez/static_peers_hubble_relay
- refs/heads/pr/christarazi/controlplane-fqdn
- refs/heads/pr/christarazi/ipcache-async-cep-pods-namedports
- refs/heads/pr/christarazi/k8s-1.30
- refs/heads/pr/christarazi/prep-from-cidr-tests
- refs/heads/pr/datapath-opt
- refs/heads/pr/dbkm/nodeport-lb
- refs/heads/pr/debug-dns-timeout
- refs/heads/pr/eproutes-redir
- refs/heads/pr/example/neigh-state-manager
- refs/heads/pr/fastdp
- refs/heads/pr/fastdp2
- refs/heads/pr/fib-consolidation
- refs/heads/pr/fix-aks-workflow
- refs/heads/pr/fix-k8s-all-sha1
- refs/heads/pr/fix-pod-pacing
- refs/heads/pr/fix-tail-call-replace
- refs/heads/pr/fristonio/feat-19038
- refs/heads/pr/fristonio/fix-istio-k8sT
- refs/heads/pr/fristonio/ipv6-masquerading
- refs/heads/pr/fristonio/test-dual-stack
- refs/heads/pr/fristonio/test-ipv6-dualstack
- refs/heads/pr/gandro+brb/fix-monitor-aggregation-np-v2
- refs/heads/pr/gandro+brb/mv-trace-point-to-rev-nodeport
- refs/heads/pr/gandro+brb/wg-host-encryption-v3
- refs/heads/pr/gandro+brb/wg-host2host
- refs/heads/pr/gandro+brb/wg-host2host-kind
- refs/heads/pr/gandro/bump-hubble-2020-03-25
- refs/heads/pr/gandro/ci-conformance-multicluster-fix-log-gathering
- refs/heads/pr/gandro/ci-delete-crds-in-cleanupcomponents
- refs/heads/pr/gandro/ci-fix-status-if-workflows-are-skipped
- refs/heads/pr/gandro/ci-wait-for-all-relevant-images-do-not-merge-test
- refs/heads/pr/gandro/enable-hubble-by-default
- refs/heads/pr/gandro/portmap-refcount
- refs/heads/pr/gandro/re-enable-wireguard-in-multicluster-ci
- refs/heads/pr/gandro/svc-healthchecknodeport
- refs/heads/pr/gc-on-svc-update
- refs/heads/pr/getname-hooks
- refs/heads/pr/giorio94/1.14/test-cilium-cli-2184
- refs/heads/pr/giorio94/main/gha-cluster-name
- refs/heads/pr/giorio94/main/gha-clustermesh-endpointslice-sync
- refs/heads/pr/giorio94/main/gha-fully-qualified-dns
- refs/heads/pr/giorio94/main/test-cilium-cli-2184
- refs/heads/pr/giorio94/main/tests-clustermesh-upgrade-interrupted
- refs/heads/pr/gray/30837-with-pwru
- refs/heads/pr/gray/pwru-action
- refs/heads/pr/health-data-path
- refs/heads/pr/hubble-tls-cert-gen-via-k8s-job
- refs/heads/pr/ianvernon/kvstore-client-type
- refs/heads/pr/ianvernon/kvstore-context
- refs/heads/pr/ianvernon/more-endpoint-cleanup
- refs/heads/pr/ianvernon/resolve-cidr-policy-perf-improvement
- refs/heads/pr/increase-verifier-test-build-timeout
- refs/heads/pr/ipip
- refs/heads/pr/ipip-encap
- refs/heads/pr/ipip-encap2
- refs/heads/pr/ipip2
- refs/heads/pr/ipip4
- refs/heads/pr/ipip6
- refs/heads/pr/jibi/fix-differentiate-udp-tcp-svc-upgrade
- refs/heads/pr/jibi/ip-list-contains-addr
- refs/heads/pr/joamaki/gather-network-info
- refs/heads/pr/joamaki/idless-service-restapi
- refs/heads/pr/joe/ariane-scheduled-cilium-only
- refs/heads/pr/joe/backport-28007-1.11
- refs/heads/pr/joe/bump-ginkgo-seed
- refs/heads/pr/joe/docker-build-log-tracing
- refs/heads/pr/joe/ipcache-cidr-policy
- refs/heads/pr/joe/lost-identity
- refs/heads/pr/joe/sw-quay
- refs/heads/pr/joe/test-lvh-fix
- refs/heads/pr/joe/v1.13-stability-check
- refs/heads/pr/joe/v1.7-dev-env
- refs/heads/pr/jrajahalme/gh-filter-test-files
- refs/heads/pr/jrfastab/backport-ooo-ipsec-fixes
- refs/heads/pr/jrfastab/backport-v111-loopback
- refs/heads/pr/jrfastab/backport-v115
- refs/heads/pr/jrfastab/dbgNodeId
- refs/heads/pr/jrfastab/dbgNodeId111
- refs/heads/pr/jrfastab/dbgNodeId111v2
- refs/heads/pr/jrfastab/dbgv114
- refs/heads/pr/jrfastab/eks-encrypt-ipamupdate
- refs/heads/pr/jrfastab/fix-encrypt-subnets
- refs/heads/pr/jrfastab/fix-ixsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/fixes-ipsec-init
- refs/heads/pr/jrfastab/v1.8-fix-ipsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/v1.9-fix-ipsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/v111-debug-ooo
- refs/heads/pr/jrfastab/v111-debug-ooo-v2
- refs/heads/pr/jwi/main/ipsec-rhel8
- refs/heads/pr/jwi/main/test
- refs/heads/pr/jwi/v1.13/test
- refs/heads/pr/jwi/v1.14/test
- refs/heads/pr/jwi/v1.15/bpf-complexity
- refs/heads/pr/jwi/v1.15/test
- refs/heads/pr/k8s-nat46x64
- refs/heads/pr/k8s-nat46x64-2
- refs/heads/pr/kaworu/helm-hubble-cli.yaml
- refs/heads/pr/kkourt/azure-ipam-test-race
- refs/heads/pr/kkourt/bpftool-update
- refs/heads/pr/kkourt/ct-rst-timeout-wip
- refs/heads/pr/kkourt/v1.11-backport-2022-01-26
- refs/heads/pr/kkourt/v1.9-lxc-complexity
- refs/heads/pr/learnitall/add-pprofs-scale-tests
- refs/heads/pr/learnitall/ginkgo-race-workflow
- refs/heads/pr/marga/v1.11-without-deny-precedence
- refs/heads/pr/max/ci-clang-builder
- refs/heads/pr/max/llvm17-fixes-2
- refs/heads/pr/max/llvm17-fixes-3
- refs/heads/pr/max/upgrade-llvm-17-2
- refs/heads/pr/max/upgrade-llvm-17-3
- refs/heads/pr/max/upgrade-llvm-17-3-test
- refs/heads/pr/max/upgrade-llvm-17-3-test-alt
- refs/heads/pr/meyskens/renovate-gha
- refs/heads/pr/mhofstetter/guestbook-registry
- refs/heads/pr/mhofstetter/junit-fetch-nullglob
- refs/heads/pr/mhofstetter/ssh-store-consolelog
- refs/heads/pr/mhofstetter/test-ingress
- refs/heads/pr/michi/circular-struggle
- refs/heads/pr/michi/crdregister
- refs/heads/pr/michi/debug
- refs/heads/pr/michi/description
- refs/heads/pr/michi/dns-refactor12
- refs/heads/pr/michi/l7drop
- refs/heads/pr/michi/majestic-ketchup
- refs/heads/pr/michi/mega-ketchup
- refs/heads/pr/michi/peerapi
- refs/heads/pr/michi/sleep-on-it
- refs/heads/pr/michi/test
- refs/heads/pr/michi/weekly-bot
- refs/heads/pr/monitor-wait-ci
- refs/heads/pr/move-image-to-one-repo
- refs/heads/pr/nat-gw-tests
- refs/heads/pr/nathanjsweet/add-complex-allow-test-to-policy-map-tests
- refs/heads/pr/nathanjsweet/add-lockdown-mode-for-policy-map-overflows
- refs/heads/pr/nathanjsweet/add-packet-size-to-flow-structure
- refs/heads/pr/nathanjsweet/add-policy-port-range-mapping
- refs/heads/pr/nathanjsweet/backport-fix-fqdn-proxy-restore-check-to-1-13
- refs/heads/pr/nathanjsweet/backport-fix-fqdn-proxy-restore-check-to-1-14
- refs/heads/pr/nathanjsweet/backport-fix-fqdn-proxy-restore-check-to-1-15
- refs/heads/pr/nathanjsweet/differentiate-protocol-in-services
- refs/heads/pr/nathanjsweet/document-test-and-fix-descendants-bug
- refs/heads/pr/nathanjsweet/node-port-addresses
- refs/heads/pr/nathanjsweet/refactor-mapstate
- refs/heads/pr/nathanjsweet/update-k8s-control-plane-tests-to-1-27
- refs/heads/pr/nebril/add-dns-concurrency-limit
- refs/heads/pr/nebril/fix-precheck
- refs/heads/pr/nebril/fqdn-proxy-ha
- refs/heads/pr/nebril/fqdn-proxy-interface
- refs/heads/pr/nebril/gke-workflow-migrate-from-cli
- refs/heads/pr/nebril/quarantine-1.14-nodeport
- refs/heads/pr/nebril/test-bottlerocket
- refs/heads/pr/nebril/test-helm-gke-fix
- refs/heads/pr/nebril/test-our-ghaction-shenanigans
- refs/heads/pr/nebril/test-rebase-helm
- refs/heads/pr/nebril/trololo
- refs/heads/pr/nebril/update-cli-9.1-test
- refs/heads/pr/netkit
- refs/heads/pr/netns-switch
- refs/heads/pr/netns-switch-no-peer
- refs/heads/pr/nodeport-fix
- refs/heads/pr/nodeport-improvements2
- refs/heads/pr/nodeport-nat-improvements
- refs/heads/pr/nodeport-nat-improvements2
- refs/heads/pr/nodeport-retry-sport
- refs/heads/pr/pchaigno/deprecate-bpf_network-f
- refs/heads/pr/pchaigno/fix-4.19-bpf-program-size
- refs/heads/pr/pchaigno/hotfix1-ipsec-fix
- refs/heads/pr/pchaigno/hotfix1-ipsec-fix-brb-v0
- refs/heads/pr/pchaigno/ipsec-kpr
- refs/heads/pr/pchaigno/optim-complexity-ipcache-lookup
- refs/heads/pr/pchaigno/rework-config-probes
- refs/heads/pr/pchaigno/tmp-base-branch
- refs/heads/pr/pin-1.10-workflows-k8s-version
- refs/heads/pr/pin-1.11-workflows-k8s-version
- refs/heads/pr/pin-1.12-workflows-k8s-version
- refs/heads/pr/pin-1.13-workflows-k8s-version
- refs/heads/pr/pin-cloud-provider-master-workflows
- refs/heads/pr/pr/fix-ipam-node-manager-semaphore-error-handling
- refs/heads/pr/publish-test-images
- refs/heads/pr/qmonnet/docs-20230224
- refs/heads/pr/qmonnet/docs-bump
- refs/heads/pr/qmonnet/ipsec/no-missed-tail-call-1.13
- refs/heads/pr/qmonnet/ipsec/test-1.13
- refs/heads/pr/qmonnet/ipsec/test-1.14
- refs/heads/pr/qmonnet/ipsec/test-1.15
- refs/heads/pr/qmonnet/ipsec/test-main
- refs/heads/pr/qmonnet/standalone-lb-docs
- refs/heads/pr/qmonnet/sync-joblists
- refs/heads/pr/ray/late-dns-proxy
- refs/heads/pr/rgo3/1.12-run-no-unexpected-drops-for-patch
- refs/heads/pr/rgo3/fix-k8s-vm-provisioning-1.13
- refs/heads/pr/rolinh/better-policy-verdict
- refs/heads/pr/rolinh/hubble-dump-all
- refs/heads/pr/rolinh/hubble-fix-maxflows-rounding
- refs/heads/pr/rolinh/mitchellh
- refs/heads/pr/route-test
- refs/heads/pr/run-tests-in-parallel
- refs/heads/pr/scalability-crd-only
- refs/heads/pr/squeed/make-ccache
- refs/heads/pr/squeed/per-node-config
- refs/heads/pr/squeed/remote-cluster-leak
- refs/heads/pr/stacy/docs-update
- refs/heads/pr/tammach/ci-tunnel
- refs/heads/pr/tammach/cni-logging-improvement
- refs/heads/pr/tammach/envoy-1.28.2
- refs/heads/pr/tammach/fun-with-flake-xds
- refs/heads/pr/tammach/sync-up-gwapi
- refs/heads/pr/tc-np-test
- refs/heads/pr/test-419-ci
- refs/heads/pr/test-increase-update-delete-timeout
- refs/heads/pr/test-k8s-all-tests
- refs/heads/pr/test-lb-super-netperf
- refs/heads/pr/test-nightly
- refs/heads/pr/test-upstream-timeout
- refs/heads/pr/tgraf/chaos-testing
- refs/heads/pr/tgraf/clustermesh-stale-state
- refs/heads/pr/tgraf/eni-ipam
- refs/heads/pr/tgraf/new-endpoint-state
- refs/heads/pr/tgraf/new-policy
- refs/heads/pr/tgraf/remove-tunnel-map
- refs/heads/pr/tgraf/scoped-ipam
- refs/heads/pr/tgraf/sctp
- refs/heads/pr/tgraf/split-lxc-prog
- refs/heads/pr/thorn3r/clustermesh511
- refs/heads/pr/tklauser/labelsfilter-silence-logs
- refs/heads/pr/tklauser/rm-contexthelper
- refs/heads/pr/tklauser/rm-safe-rand
- refs/heads/pr/tommyp1ckles/debugging-aks-conformance
- refs/heads/pr/tp/add-logging-for-wait-for-pods-term-condition
- refs/heads/pr/tp/backport-31380
- refs/heads/pr/tp/bump-cilium-cli
- refs/heads/pr/tp/complexity-issue-verifier-case-main
- refs/heads/pr/tp/eps-modular-health
- refs/heads/pr/tp/fix-stuck-ginko-pod-v2
- refs/heads/pr/tp/forward-hubble-for-e2e
- refs/heads/pr/tp/forward-hubble-for-e2e-v2
- refs/heads/pr/tp/switch-1.24-eks-region
- refs/heads/pr/tp/switch-1.24-eks-region-v1.13
- refs/heads/pr/tp/use-helm-default-vars-for-clustermesh-downgrade-c1
- refs/heads/pr/tweak-github-action-ref
- refs/heads/pr/twpayne/hubble-recent-events-buffer
- refs/heads/pr/twpayne/hubble-ring-buffer-benchmarks
- refs/heads/pr/update-tm-network
- refs/heads/pr/v1.10-backport-2022-06-13
- refs/heads/pr/v1.10-backport-2022-10-03
- refs/heads/pr/v1.10-eni-stability-improvements-v1
- refs/heads/pr/v1.10-neigh-clean
- refs/heads/pr/v1.11-backport-2022-10-03
- refs/heads/pr/v1.11-test/issue-692
- refs/heads/pr/v1.12-backport-2023-10-10
- refs/heads/pr/v1.12-test/issue-692
- refs/heads/pr/v1.13-backport-2023-10-31
- refs/heads/pr/v1.13-test/issue-692
- refs/heads/pr/v1.14.1
- refs/heads/pr/v1.7-stability-test
- refs/heads/pr/v1.7.9-hf-13205
- refs/heads/pr/v3-cpu
- refs/heads/pr/v6-host-addr2
- refs/heads/pr/vk/azure/oidc
- refs/heads/pr/vk/doc/ipsec
- refs/heads/pr/vk/ipsec/key/rotate
- refs/heads/regex_improved
- refs/heads/renovate/main-all-dependencies
- refs/heads/renovate/main-all-go-deps-main
- refs/heads/renovate/main-patch-all-lvh-images-main
- refs/heads/renovate/main-patch-go
- refs/heads/renovate/v1.13-all-github-action
- refs/heads/renovate/v1.13-patch-stable-lvh-images
- refs/heads/renovate/v1.14-patch-stable-lvh-images
- refs/heads/renovate/v1.15-patch-stable-lvh-images
- refs/heads/revert-29086-2023-11-09-backport-1.14
- refs/heads/rib
- refs/heads/run-ci-wihout-building-cilium
- refs/heads/sh-dep-test-l4lb
- refs/heads/sidecar-http-proxy
- refs/heads/sockmap-v5
- refs/heads/sockops-build-fix
- refs/heads/tam/integration-tests
- refs/heads/tam/more-ingress-tests
- refs/heads/tam/proxy-tunnel
- refs/heads/tb/bpf-remove-bear
- refs/heads/test-branch
- refs/heads/test-ipsec
- refs/heads/test-sig-bgp-notifs
- refs/heads/test/brlbil/upload
- refs/heads/test/skip-workflows
- refs/heads/test_scale
- refs/heads/testing_envoy_default
- refs/heads/tgraf/process-policy
- refs/heads/tklauser+brb/wip/multi-homing
- refs/heads/unit-test-ipsec
- refs/heads/v0.10
- refs/heads/v0.11
- refs/heads/v0.12
- refs/heads/v0.13
- refs/heads/v0.8
- refs/heads/v0.9
- refs/heads/v1.0
- refs/heads/v1.0.0-rc2
- refs/heads/v1.0.0-rc3
- refs/heads/v1.1
- refs/heads/v1.10
- refs/heads/v1.11
- refs/heads/v1.12
- refs/heads/v1.12.11-base
- refs/heads/v1.13
- refs/heads/v1.14
- refs/heads/v1.15
- refs/heads/v1.2
- refs/heads/v1.3
- refs/heads/v1.3.1
- refs/heads/v1.3.1-release
- refs/heads/v1.3.7-release
- refs/heads/v1.4
- refs/heads/v1.4.5-release
- refs/heads/v1.5
- refs/heads/v1.5.2-rc1-with-clusterip-fix
- refs/heads/v1.5.4-release
- refs/heads/v1.6
- refs/heads/v1.7
- refs/heads/v1.7.9-1
- refs/heads/v1.7.9.1
- refs/heads/v1.8
- refs/heads/v1.9
- refs/heads/verify-external-workload-dns-setup-redux
- refs/heads/vladu/identity-type-metrics
- refs/heads/weavescope
- refs/heads/wip-ktls-tx-rx
- refs/heads/wip-sockmap
- refs/heads/wip-sockmap-v2
- refs/heads/wip-sockmap-v3
- refs/heads/wip-sockmap-v4
- refs/heads/xfrm-subnet-test
- refs/heads/yutaro/bgp-cplane-etp-local/doc
- refs/heads/yutaro/oss/eni-overlapping-mark
- refs/remotes/bruno/hf/v1.10/v1.10.3-bpf-snat-and-masq-fixes
- refs/remotes/joe/submit/quarantine-etcd
- refs/remotes/origin/1.2-backports-18-09-12
- refs/remotes/origin/ipvlan3
- refs/remotes/origin/pr/add-reserved-health
- refs/remotes/origin/pr/brb/nodeport-lb
- refs/remotes/origin/pr/ianvernon/5859
- refs/remotes/origin/pr/ianvernon/dynamic-ep-cfg
- refs/remotes/origin/pr/tgraf/kube-dns-fixed-identity
- refs/semaphoreci/6384f501b324813e55cfbe818c04a40f2a923765
- refs/semaphoreci/7f69b285bac8a1be414e8769799962ae1408d9e1
- refs/semaphoreci/b5eb6622da121ad36b8f375a084392f7feeec64a
- refs/semaphoreci/d9e7e28f39d34a7050a9c1cad2a26d84f5f4eff1
- refs/semaphoreci/f55ec535d85f387ef981265967fabb3c1b5f1ec6
- refs/tags/0.10.1
- refs/tags/1.1.1
- refs/tags/1.9.0-rc0
- refs/tags/v0.11
- refs/tags/v0.12.0
- refs/tags/v0.13.1
- refs/tags/v0.8.0
- refs/tags/v0.8.1
- refs/tags/v0.8.2
- refs/tags/v0.9.0
- refs/tags/v0.9.0-rc1
- refs/tags/v1.0.0-rc2
- Branches list truncated to 652 entries, 4 were omitted.
- v1.11.0-rc0
- v1.11.0
- v1.10.9
- v1.10.8
- v1.10.7
- v1.10.6
- v1.10.5
- v1.10.4
- v1.10.3
- v1.10.20
- v1.10.2
- v1.10.19
- v1.10.18
- v1.10.17
- v1.10.16
- v1.10.15
- v1.10.14
- v1.10.13
- v1.10.12
- v1.10.11
- v1.10.10
- v1.10.1
- v1.10.0-rc2
- v1.10.0-rc1
- v1.10.0-rc0
- v1.10.0
- v1.1.6
- v1.1.5
- v1.1.4
- v1.1.3
- v1.1.2
- v1.1.1
- v1.1.0-rc4
- v1.1.0-rc3
- v1.1.0-rc2
- v1.1.0-rc1
- v1.1.0-rc0
- v1.1.0
- v1.0.7
- v1.0.6
- v1.0.5
- v1.0.4
- v1.0.3
- v1.0.2
- v1.0.1
- v1.0.0-rc9
- v1.0.0-rc8
- v1.0.0-rc7
- v1.0.0-rc6
- v1.0.0-rc5
- v1.0.0-rc4
- v1.0.0-rc14
- v1.0.0-rc13
- v1.0.0-rc11
- v1.0.0-rc10
- v1.0.0-rc1
- v1.0.0
- v0.13.9
- v0.13.8
- v0.13.7
- v0.13.6
- v0.13.5
- v0.13.4
- v0.13.3
- v0.13.28
- v0.13.25
- v0.13.24
- v0.13.23
- v0.13.22
- v0.13.21
- v0.13.20
- v0.13.2
- v0.13.19
- v0.13.18
- v0.13.17
- v0.13.16
- v0.13.15
- v0.13.14
- v0.13.13
- v0.13.12
- v0.13.11
- v0.13.10
- v0.10.0
- 1.9.9
- 1.9.8
- 1.9.7
- 1.9.6
- 1.9.5
- 1.9.4
- 1.9.3
- 1.9.2
- 1.9.18
- 1.9.17
- 1.9.16
- 1.9.15
- 1.9.14
- 1.9.13
- 1.9.12
- 1.9.11
- 1.9.10
- 1.9.1
- 1.9.0-rc3
- 1.9.0-rc2
- 1.9.0-rc1
- 1.9.0
- 1.8.9
- 1.8.8
- 1.8.7
- 1.8.6
- 1.8.5
- 1.8.4
- 1.8.3
- 1.8.2
- 1.8.13
- 1.8.12
- 1.8.11
- 1.8.10
- 1.8.1
- 1.8.0-rc4
- 1.8.0-rc3
- 1.8.0-rc2
- 1.8.0-rc1
- 1.8.0
- 1.7.9
- 1.7.8
- 1.7.7
- 1.7.6
- 1.7.5
- 1.7.4
- 1.7.3
- 1.7.2
- 1.7.16
- 1.7.15
- 1.7.14
- 1.7.13
- 1.7.12
- 1.7.11
- 1.7.10
- 1.7.1
- 1.7.0-rc4
- 1.7.0-rc3
- 1.7.0
- 1.6.9
- 1.6.8
- 1.6.7
- 1.6.6
- 1.6.5
- 1.6.4
- 1.6.3
- 1.6.2
- 1.6.12
- 1.6.11
- 1.6.10
- 1.6.1
- 1.6.0
- 1.5.9
- 1.5.8
- 1.5.7
- 1.5.6
- 1.5.5
- 1.5.4
- 1.5.3
- 1.5.2
- 1.5.13
- 1.5.12
- 1.5.11
- 1.5.10
- 1.5.1
- 1.5.0-rc6
- 1.5.0-rc5
- 1.5.0-rc4
- 1.5.0-rc3
- 1.5.0-rc2
- 1.5.0
- 1.4.9
- 1.4.8
- 1.4.7
- 1.4.6
- 1.4.5
- 1.4.4
- 1.4.3
- 1.4.2
- 1.4.10
- 1.4.1
- 1.4.0-rc9
- 1.4.0-rc8
- 1.4.0-rc7
- 1.4.0-rc6
- 1.4.0-rc5
- 1.4.0-rc2
- 1.4.0
- 1.3.8
- 1.3.7
- 1.3.6
- 1.3.5
- 1.3.4
- 1.3.3
- 1.3.2
- 1.3.1
- 1.3.0-rc5
- 1.3.0-rc4
- 1.3.0
- 1.2.8
- 1.2.7
- 1.2.6
- 1.2.5
- 1.2.4
- 1.2.3
- 1.2.2
- 1.2.1
- 1.2.0-rc3
- 1.2.0-rc2
- 1.2.0-rc1
- 1.2.0
- 1.16.0-pre.1
- 1.16.0-pre.0
- 1.15.3
- 1.15.2
- 1.15.1
- 1.15.0-rc.1
- 1.15.0-rc.0
- 1.15.0-pre.3
- 1.15.0-pre.2
- 1.15.0-pre.1
- 1.15.0-pre.0
- 1.15.0
- 1.14.9
- 1.14.8
- 1.14.7
- 1.14.6
- 1.14.5
- 1.14.4
- 1.14.3
- 1.14.2
- 1.14.1
- 1.14.0-snapshot.4
- 1.14.0-snapshot.3
- 1.14.0-snapshot.2
- 1.14.0-snapshot.1
- 1.14.0-snapshot.0
- 1.14.0-rc.1
- 1.14.0-rc.0
- 1.14.0-pre.2
- 1.14.0
- 1.13.9
- 1.13.8
- 1.13.7
- 1.13.6
- 1.13.5
- 1.13.4
- 1.13.3
- 1.13.2
- 1.13.14
- 1.13.13
- 1.13.12
- 1.13.11
- 1.13.10
- 1.13.1
- 1.13.0-rc5
- 1.13.0-rc4
- 1.13.0-rc3
- 1.13.0-rc2
- 1.13.0-rc1
- 1.13.0-rc0
- 1.13.0
- 1.12.9
- 1.12.8
- 1.12.7
- 1.12.6
- 1.12.5
- 1.12.4
- 1.12.3
- 1.12.2
- 1.12.19
- 1.12.18
- 1.12.17
- 1.12.16
- 1.12.15
- 1.12.14
- 1.12.13
- 1.12.12
- 1.12.11
- 1.12.10
- 1.12.1
- 1.12.0-rc3
- 1.12.0-rc2
- 1.12.0-rc1
- 1.12.0-rc0
- 1.12.0
- 1.11.9
- 1.11.8
- 1.11.7
- 1.11.6
- 1.11.5
- 1.11.4
- 1.11.3
- 1.11.20
- 1.11.2
- 1.11.19
- 1.11.18
- 1.11.17
- 1.11.16
- 1.11.15
- 1.11.14
- 1.11.13
- 1.11.12
- 1.11.11
- 1.11.10
- 1.11.1
- 1.11.0-rc3
- 1.11.0-rc2
- 1.11.0-rc1
- 1.11.0-rc0
- 1.11.0
- 1.10.9
- 1.10.8
- 1.10.7
- 1.10.6
- 1.10.5
- 1.10.4
- 1.10.3
- 1.10.20
- 1.10.2
- 1.10.19
- 1.10.18
- 1.10.17
- 1.10.16
- 1.10.15
- 1.10.14
- 1.10.13
- 1.10.12
- 1.10.11
- 1.10.10
- 1.10.1
- 1.10.0-rc2
- 1.10.0-rc1
- 1.10.0-rc0
- 1.10.0
- 1.1.6
- 1.1.5
- 1.1.4
- 1.1.3
- 1.1.2
- 1.1.0
- 1.0.7
- 1.0.6
- 1.0.5
- 1.0.4
- Releases list truncated to 348 entries, 258 were omitted.
Take a new snapshot of a software origin
If the archived software origin currently browsed is not synchronized with its upstream version (for instance when new commits have been issued), you can explicitly request Software Heritage to take a new snapshot of it.
Use the form below to proceed. Once a request has been submitted and accepted, it will be processed as soon as possible. You can then check its processing state by visiting this dedicated page.Processing "take a new snapshot" request ...
Permalinks
To reference or cite the objects present in the Software Heritage archive, permalinks based on SoftWare Hash IDentifiers (SWHIDs) must be used.
Select below a type of object currently browsed in order to display its associated SWHID and permalink.
Revision | Author | Date | Message | Commit Date |
---|---|---|---|---|
cdfb40c | Ray Bejjani | 30 March 2018, 18:56:14 UTC | api: Refactor /endpoint API for 1.0 https://github.com/cilium/cilium/issues/3280 We want the API to be more declarative and to reflect the difference between the desired configuration and the one in effect. Signed-off-by: Ray Bejjani <ray@covalent.io> | 03 April 2018, 23:42:57 UTC |
4394529 | Ray Bejjani | 30 March 2018, 22:15:05 UTC | k8s: CEP controller more resilient to invalid objects When we change the CEP schema between versions the new agent may see existing CEPs as invalid. Deleting them is the simplest way to guarantee compatibility. Signed-off-by: Ray Bejjani <ray@covalent.io> | 03 April 2018, 23:42:57 UTC |
85fecbb | Joe Stringer | 03 April 2018, 21:50:17 UTC | policymap: Avoid using golang arrays in entry Split the array into separate fields in case it has any effect on #3491. Signed-off-by: Joe Stringer <joe@covalent.io> | 03 April 2018, 23:18:14 UTC |
a3a1545 | Thomas Graf | 03 April 2018, 18:01:17 UTC | etcd: Run etcd version check in the background When an etcd endpoint is unavailable, the version check retrieves the version of each etcd endpoint. If one etcd endpoint is not available, the version check will time out eventually. This is currently a blocking operation which delays the renewal of etcd sessions. Run the version check in the background instead to not delay renewal of etcd sessions. Never return errors on version checks except when the version check clearly fails. Fixes: #3496 Signed-off-by: Thomas Graf <thomas@cilium.io> | 03 April 2018, 23:17:20 UTC |
f7c2adf | Ian Vernon | 03 April 2018, 17:58:57 UTC | bugtool: run `cilium-health status` Signed-off by: Ian Vernon <ian@cilium.io> | 03 April 2018, 22:49:35 UTC |
2c71bec | Ian Vernon | 03 April 2018, 17:57:06 UTC | bugtool: run `ip rule` Signed-off by: Ian Vernon <ian@cilium.io> | 03 April 2018, 22:49:35 UTC |
2d7f8af | Joe Stringer | 03 April 2018, 16:39:16 UTC | bpf: Reduce IP comparisons These IP comparisons are performed earlier in the egress path and are cached, reuse the cached value. Signed-off-by: Joe Stringer <joe@covalent.io> | 03 April 2018, 21:12:44 UTC |
97836cc | Joe Stringer | 03 April 2018, 16:45:29 UTC | bpf: Remove embedded L4 policy map L4 policies applying to traffic outside the cluster IP range can only be applied to all such traffic via either no L3 match, or an L3 match on the world entity. We already push such policies down into the POLICY_MAP and look them up in policy_can_egress*(), so we can reuse this rather than using the embedded L4 policy array. This allows us to get rid of the embedded L4 policy for such cases, which simplifies the datapath and expands the scalability of L4 policies. Signed-off-by: Joe Stringer <joe@covalent.io> | 03 April 2018, 21:12:44 UTC |
f345241 | Joe Stringer | 03 April 2018, 16:35:33 UTC | bpf: Perform external policy lookup via POLICY_MAP By default, use CLUSTER_ID / WORLD_ID for the egress policy lookup, depending on the destination of the packet. If the destination identity is not known, these will look up the policy for the entity which allows L4 policy to be applied as well. Signed-off-by: Joe Stringer <joe@covalent.io> | 03 April 2018, 21:12:44 UTC |
f48021c | Joe Stringer | 03 April 2018, 01:03:12 UTC | bpf: Block ICMP at L4 when policy is enabled Signed-off-by: Joe Stringer <joe@covalent.io> | 03 April 2018, 21:12:44 UTC |
bdbb622 | Joe Stringer | 03 April 2018, 00:39:33 UTC | bpf: Apply CIDR egress policy earlier Adjust the application of L4 / CIDR egress policy to allow traffic that matches either the L4 policy or the CIDR policy, as part of the same check. Previously, if L4-only policy allowed traffic, it would be denied by CIDR; and if CIDR-only policy allowed traffic, it would be denied by L4. These cases should now work as expected. Fixes: #3371 Fixes: #3427 Signed-off-by: Joe Stringer <joe@covalent.io> | 03 April 2018, 21:12:44 UTC |
79b58bf | Ray Bejjani | 02 April 2018, 21:28:46 UTC | api: Refactor /policy/trace API for 1.0 https://github.com/cilium/cilium/issues/3280 We want the API to be more declarative and to reflect the difference between the desired configuration and the one in effect. Signed-off-by: Ray Bejjani <ray@covalent.io> | 03 April 2018, 20:56:30 UTC |
c0c3c21 | Ray Bejjani | 02 April 2018, 20:34:53 UTC | api: Refactor /prefilter API for 1.0 https://github.com/cilium/cilium/issues/3280 We want the API to be more declarative and to reflect the difference between the desired configuration and the one in effect. Signed-off-by: Ray Bejjani <ray@covalent.io> | 03 April 2018, 20:56:30 UTC |
79fed6b | Ray Bejjani | 02 April 2018, 15:00:54 UTC | api: Refactor /service API for 1.0 https://github.com/cilium/cilium/issues/3280 We want the API to be more declarative and to reflect the difference between the desired configuration and the one in effect. Signed-off-by: Ray Bejjani <ray@covalent.io> | 03 April 2018, 20:56:30 UTC |
dee6674 | Ray Bejjani | 03 April 2018, 15:32:05 UTC | cli: cilium service list -o json returns raw json We previously return the processed, printable, service data. This was inconsistent with other "-o json" output and "cilium service get <id> -o json". | 03 April 2018, 20:56:30 UTC |
56e82b7 | Ray Bejjani | 03 April 2018, 15:27:05 UTC | test: ServiceGetIds jsonpath is splittable We accidentally concatenated all the IDs into one unsplittable number.We introduce the \n needed to split the list. | 03 April 2018, 20:56:30 UTC |
9211d38 | Joe Stringer | 02 April 2018, 22:07:00 UTC | test: Fix call to SetPolicyEnforcement() SetPolicyEnforcement() doesn't attempts to wait for policy to be enforced, and returns a result. This test wasn't checking the result for success, and wasn't waiting for endpoints to be ready afterwards. Check the error and also check the wait for endpoints to be ready. Signed-off-by: Joe Stringer <joe@covalent.io> | 03 April 2018, 16:22:27 UTC |
f5801c2 | Joe Stringer | 02 April 2018, 22:04:04 UTC | test: Don't silently allow pod unreadiness `cilium policy wait ...` could fail here, and the failure would be ignored, then the test would continue and potentially fail on some subsequent check, which could mislead people trying to triage the error. Fail out if policy wait fails. Signed-off-by: Joe Stringer <joe@covalent.io> | 03 April 2018, 16:22:27 UTC |
dd717c3 | Eloy Coto | 03 April 2018, 07:23:07 UTC | Test: Fix bugtool on kubernetes 1.7 On kubernetes 1.7 the cp need to have a specific destination, and the `kubectl cp` command was failing: ``` vagrant@k8s1:~$ kubectl cp kube-system/cilium-jk0kn:/tmp/cilium-bugtool-20180403-065927.547+0000-UTC-039557248.tar /tmp/ tar: Removing leading `/' from member names error: open /tmp: is a directory ``` I added a new param to the command and now works as expected ``` vagrant@k8s1:~$ kubectl cp kube-system/cilium-jk0kn:/tmp/cilium-bugtool-20180403-065927.547+0000-UTC-039557248.tar /tmp/cilium-bugtool-20180403-065927.547+0000-UTC-039557248.tar tar: Removing leading `/' from member names vagrant@k8s1:~$ ``` Related to #3475 Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 03 April 2018, 09:37:11 UTC |
0545b62 | Romain Lenglet | 03 April 2018, 00:28:16 UTC | test: Re-enable Kafka tests Fixes: #3472 Signed-off-by: Romain Lenglet <romain@covalent.io> | 03 April 2018, 08:37:26 UTC |
b605c63 | Romain Lenglet | 03 April 2018, 00:26:08 UTC | maps: Fix proxymap error messages Signed-off-by: Romain Lenglet <romain@covalent.io> | 03 April 2018, 08:37:26 UTC |
9d16543 | Romain Lenglet | 03 April 2018, 00:25:30 UTC | proxy: Use the same proxy map size as in BPF Fixes: #3472 Signed-off-by: Romain Lenglet <romain@covalent.io> | 03 April 2018, 08:37:26 UTC |
0bf5b6d | Romain Lenglet | 03 April 2018, 00:23:00 UTC | bpf: Add bpf/cilium-map-migrate to .gitignore Signed-off-by: Romain Lenglet <romain@covalent.io> | 03 April 2018, 08:37:26 UTC |
f56cdf1 | Thomas Graf | 02 April 2018, 21:36:00 UTC | bpf: Do not route packets from egress proxy back into cilium_host Signed-off-by: Thomas Graf <thomas@cilium.io> | 03 April 2018, 02:44:53 UTC |
02cd138 | Ray Bejjani | 30 March 2018, 14:53:56 UTC | api: Refactor /endpoint policies API for 1.0 https://github.com/cilium/cilium/issues/3280 We want the API to be more declarative and to reflect the difference between the desired configuration and the one in effect. Signed-off-by: Ray Bejjani <ray@covalent.io> | 03 April 2018, 02:38:07 UTC |
9833794 | Ian Vernon | 02 April 2018, 17:26:44 UTC | gitignore: add generated JUnit XML files Signed-off by: Ian Vernon <ian@cilium.io> | 03 April 2018, 02:09:34 UTC |
c4b4251 | Ian Vernon | 02 April 2018, 21:56:16 UTC | test/runtime: wait for endpoints to be ready after setting NAT46 config Now that `EndpointSetConfig` does not wait for endpoints to be ready after setting their configuration values, we need to wait for endpoints to regenerate separately. Otherwise, tests might try to test the datapath before it is configured for a specific endpoint in accordance with policy that has been imported. Signed-off by: Ian Vernon <ian@cilium.io> | 03 April 2018, 00:57:25 UTC |
2fa9068 | Manali Bhutiyani | 31 March 2018, 19:18:52 UTC | policy: Allow only if all topics in a request are allowed Currently, If a request (e.g. a produce) has multiple topics, and one topic is allowed by policy, the whole request is allowed. This is a security hole and should be changed to only allow a request if all the topics are allowed. Fixes: #3397 Signed-Off-by: Manali Bhutiyani <manali@covalent.io> | 03 April 2018, 00:09:10 UTC |
4d38393 | Manali Bhutiyani | 31 March 2018, 19:21:04 UTC | Tests: Extend tests to test multi-topic requests Fixes: #3397 Signed-Off-by: Manali Bhutiyani <manali@covalent.io> | 03 April 2018, 00:09:10 UTC |
12d7acb | Jarno Rajahalme | 02 April 2018, 22:00:13 UTC | test: Use current cilium-builder also for Ginkgo tests. The cilium-builder image has been updated for the main Dockerfile, but the docker-compose.yml reference was left intact. Update it too. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 02 April 2018, 23:54:01 UTC |
f9000c8 | André Martins | 02 April 2018, 16:46:18 UTC | daemon: update CNP with timestamps in case of failure Signed-off-by: André Martins <andre@cilium.io> | 02 April 2018, 20:08:17 UTC |
482e20b | Joe Stringer | 30 March 2018, 17:59:02 UTC | test: Add test for L3DL7 + L3CIDR Add a test that introduces an L3-dependent L7 in-cluster egress rule which denies all traffic, plus a separate L3 CIDR egress rule. External access should not occur via the proxy. This detects issue #3414. Signed-off-by: Joe Stringer <joe@covalent.io> | 02 April 2018, 20:07:34 UTC |
ec0b424 | Joe Stringer | 30 March 2018, 21:49:53 UTC | test: Add TCP request to egress world test Signed-off-by: Joe Stringer <joe@covalent.io> | 02 April 2018, 20:07:34 UTC |
6961a5d | Joe Stringer | 30 March 2018, 17:46:24 UTC | test: Refactor CIDR egress to world check This will be reused in an upcoming commit. Signed-off-by: Joe Stringer <joe@covalent.io> | 02 April 2018, 20:07:34 UTC |
47b3a84 | Joe Stringer | 30 March 2018, 17:29:10 UTC | test: Improve failed policy import message When policy import fails, print the poolicy as well. Signed-off-by: Joe Stringer <joe@covalent.io> | 02 April 2018, 20:07:34 UTC |
884be34 | Joe Stringer | 30 March 2018, 23:00:32 UTC | bpf: Lookup L3-dependent L4 proxyport separately L3-dependent L4 proxyport should only ever be found via the lookup in the label-based policy enforcement, and never be found via the CIDR-dependent L4 policy lookup. Split it out. Fixes: #3414 Signed-off-by: Joe Stringer <joe@covalent.io> | 02 April 2018, 20:07:34 UTC |
e2ca182 | Joe Stringer | 30 March 2018, 22:45:19 UTC | endpoint: Refactor CFG_L4_*GRESS accumulation Refactor the way that we generate CFG_L4_INGRESS and CFG_L4_EGRESS. An upcoming commit will split this into two, to differentiate l3-dependent L4 vs. L3-independent L4. Signed-off-by: Joe Stringer <joe@covalent.io> | 02 April 2018, 20:07:34 UTC |
3a1fa4f | Ray Bejjani | 29 March 2018, 19:45:47 UTC | api: Refactor /config API for 1.0 https://github.com/cilium/cilium/issues/3280 We want the API to be more declarative and to reflect the difference between the desired configuration and the one in effect. Signed-off-by: Ray Bejjani <ray@covalent.io> | 02 April 2018, 16:10:06 UTC |
9060351 | Ray Bejjani | 02 April 2018, 13:42:12 UTC | policy: Add missing EntitySlice autogen code | 02 April 2018, 15:53:09 UTC |
882e062 | Thomas Graf | 02 April 2018, 05:33:44 UTC | Prepare for 1.0.0-rc9 release Signed-off-by: Thomas Graf <thomas@cilium.io> | 02 April 2018, 05:34:53 UTC |
f1d4144 | Thomas Graf | 01 April 2018, 05:34:32 UTC | policy: Do not populate reserved policy maps anymore The datapath no longer uses them, remove all code to keep them up to date Signed-off-by: Thomas Graf <thomas@cilium.io> | 02 April 2018, 04:11:31 UTC |
6103362 | Thomas Graf | 31 March 2018, 18:19:07 UTC | bpf: Remove ALLOW_TO_HOST It is no longer required now that egress support has been merged. Signed-off-by: Thomas Graf <thomas@cilium.io> | 02 April 2018, 04:11:31 UTC |
464089b | Thomas Graf | 01 April 2018, 05:01:41 UTC | policy: Do not check source labels for each ToPorts entry Existing code was checking the required source labels for each entry in the ToPorts slice. This is unnecessary and obstructs the code. Signed-off-by: Thomas Graf <thomas@cilium.io> | 02 April 2018, 04:11:31 UTC |
c389010 | Thomas Graf | 01 April 2018, 04:27:18 UTC | policy: Support entity based L4 - Combines Entity and Endpoint labels into a single EndpointSelectors slice - Removes dead code in mergeL4Egress() as ctx.To is *never* set Fixes: #3421 Signed-off-by: Thomas Graf <thomas@cilium.io> | 02 April 2018, 04:11:31 UTC |
ce44320 | Thomas Graf | 01 April 2018, 04:13:47 UTC | policy: Split API into individual files Signed-off-by: Thomas Graf <thomas@cilium.io> | 02 April 2018, 04:11:31 UTC |
2b249d2 | Thomas Graf | 01 April 2018, 04:04:57 UTC | policy: Add ability to represent entities as endpoint selectors Signed-off-by: Thomas Graf <thomas@cilium.io> | 02 April 2018, 04:11:31 UTC |
0252ef2 | Thomas Graf | 01 April 2018, 03:54:29 UTC | policy: Move WildcardEndpointSelector to api package Signed-off-by: Thomas Graf <thomas@cilium.io> | 02 April 2018, 04:11:31 UTC |
705cadd | Thomas Graf | 01 April 2018, 23:58:12 UTC | option: Only validate options if change is requested This allows to send the entire set of options including immutable options as long as their value is unchanged. This is useful as it allows to ensure that the set of all options is x, where x is a combination of mutable and immutable options. Signed-off-by: Thomas Graf <thomas@cilium.io> | 02 April 2018, 04:11:12 UTC |
e4cfece | Thomas Graf | 01 April 2018, 17:37:16 UTC | test: Fix connectivity policy and test for conntrack disabled case Signed-off-by: Thomas Graf <thomas@cilium.io> | 02 April 2018, 04:11:12 UTC |
16fb3a8 | Ray Bejjani | 01 April 2018, 03:35:42 UTC | api: Deprecate PATCH /endpoint for 1.0 We need to continue to support plugins that create endpoints with PATCH but we will transition to a scheme where we only PATCH /endpoint/config | 02 April 2018, 04:11:12 UTC |
4a88925 | Ray Bejjani | 01 April 2018, 03:35:42 UTC | api: Refactor /endpoint/config API for 1.0 https://github.com/cilium/cilium/issues/3280 We want the API to be more declarative and to reflect the difference between the desired configuration and the one in effect. Signed-off-by: Ray Bejjani <ray@covalent.io> | 02 April 2018, 04:11:12 UTC |
a2571a2 | Thomas Graf | 31 March 2018, 19:25:20 UTC | cli: Fix cilium bpf policy get Print numeric when label resolution does not work Fixes: #3318 Signed-off-by: Thomas Graf <thomas@cilium.io> | 01 April 2018, 02:19:22 UTC |
c60623a | Ray Bejjani | 28 March 2018, 13:35:29 UTC | api: Refactor /endpoint/labels API for 1.0 https://github.com/cilium/cilium/issues/3280 We want the API to be more declarative and to reflect the difference between the desired configuration and the one in effect. Signed-off-by: Ray Bejjani <ray@covalent.io> | 01 April 2018, 01:46:05 UTC |
ead59b2 | Thomas Graf | 30 March 2018, 16:32:32 UTC | bpf: Define size of policy prog map via node_config.h The policy prog map needs a much lower limit as it is constrained only by the number of endpoints per node. Signed-off-by: Thomas Graf <thomas@cilium.io> | 31 March 2018, 19:08:42 UTC |
4cf8d0f | Thomas Graf | 29 March 2018, 17:48:53 UTC | bpf: Rename lxcmap MaxKeys to MaxEntries to be consistent Signed-off-by: Thomas Graf <thomas@cilium.io> | 31 March 2018, 19:08:42 UTC |
5963e8c | Thomas Graf | 29 March 2018, 17:38:49 UTC | bpf: Define size of ipcache map via node_config.h The size of the map is unchanged Signed-off-by: Thomas Graf <thomas@cilium.io> | 31 March 2018, 19:08:42 UTC |
2ff0aa9 | Thomas Graf | 29 March 2018, 17:31:40 UTC | bpf: Increase policymap size to 16K Signed-off-by: Thomas Graf <thomas@cilium.io> | 31 March 2018, 19:08:42 UTC |
8536733 | Thomas Graf | 29 March 2018, 17:27:28 UTC | bpf: Increase CIDR map size to 16K Signed-off-by: Thomas Graf <thomas@cilium.io> | 31 March 2018, 19:08:42 UTC |
9935adb | Thomas Graf | 29 March 2018, 17:16:22 UTC | bpf: Increase proxymap size to 524288 Signed-off-by: Thomas Graf <thomas@cilium.io> | 31 March 2018, 19:08:42 UTC |
5f4db9a | Thomas Graf | 29 March 2018, 14:58:29 UTC | bpf: Define size of loadbalancing maps via node_config.h Signed-off-by: Thomas Graf <thomas@cilium.io> | 31 March 2018, 19:08:42 UTC |
3abffe1 | Thomas Graf | 31 March 2018, 19:06:44 UTC | test: Disable unstable Kafka runtime test Signed-off-by: Thomas Graf <thomas@cilium.io> | 31 March 2018, 19:08:01 UTC |
c1ee315 | Thomas Graf | 31 March 2018, 17:33:40 UTC | test: Disable unstable test K8sValidatedUpdates Signed-off-by: Thomas Graf <thomas@cilium.io> | 31 March 2018, 17:34:23 UTC |
312c99f | Jarno Rajahalme | 30 March 2018, 21:53:33 UTC | envoy: Make 403 message configurable. Accept a new '--403-msg' command line option to specify the message returned in 403 responses. Defaults to "Access denied". Note that the message is returned in HTML body and needs to be HTML encoded. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 31 March 2018, 15:18:53 UTC |
affad13 | Ian Vernon | 30 March 2018, 22:21:13 UTC | pkg/endpoint: misc. comments and log message cleanup Clearly specify that localhost egress access is a special case in the datapath when utilizing Endpoint.checkEgressAccess(). Clean up log messages. Signed-off by: Ian Vernon <ian@cilium.io> | 31 March 2018, 08:00:29 UTC |
c46fcbc | Ian Vernon | 30 March 2018, 22:10:39 UTC | daemon: add host IPs to IPCache Egress to host did not work with policy containing toEndpoints "reserved:host" label because previously, only endpoint IPs were added to the local IPCache in each cilium-agent. To allow for label-based selecting of the host, we need to add the host IPs to the IPCache so lookup in the datapath succeeds when mapping the IP of the host to its identity. Signed-off by: Ian Vernon <ian@cilium.io> | 31 March 2018, 08:00:29 UTC |
3238677 | Ian Vernon | 30 March 2018, 22:02:40 UTC | daemon: log when OnIPIdentityCacheChange gets called Signed-off-by: Ian Vernon <ian@cilium.io> | 31 March 2018, 08:00:29 UTC |
28f6240 | Ian Vernon | 30 March 2018, 22:01:50 UTC | pkg/ipcache: export Upsert functionality for use in daemon initialization Also use new logfield "Modification" for logging cacheModification in log message. Signed-off-by: Ian Vernon <ian@cilium.io> | 31 March 2018, 08:00:29 UTC |
3a52997 | Ian Vernon | 30 March 2018, 22:00:10 UTC | pkg/logging/logfields: add Modification logfield Signed-off-by: Ian Vernon <ian@cilium.io> | 31 March 2018, 08:00:29 UTC |
f602e9d | Ian Vernon | 30 March 2018, 21:11:22 UTC | pkg/maps/ipcache: remove marking ipcache BPF map as non-persistent Since garbage collection is now performed in this map, we do not have to mark the map as non-persistent. If it is marked as non-persistent, this means that ongoing connections on endpoints with egress policy enabled will be terminated due to the clearing of the ipcache map upon start of the Cilium agent. Signed-off-by: Ian Vernon <ian@cilium.io> | 31 March 2018, 08:00:29 UTC |
ec53bab | Ian Vernon | 29 March 2018, 22:42:42 UTC | bugtool: add output of `cilium bpf ipcache list` Signed-off by: Ian Vernon <ian@cilium.io> | 31 March 2018, 06:24:46 UTC |
e6a559a | Thomas Graf | 31 March 2018, 06:10:01 UTC | test: Disable unstable K8sValidatedKafkaPolicyTest KafkaPolicies test Signed-off-by: Thomas Graf <thomas@cilium.io> | 31 March 2018, 06:10:56 UTC |
25d4dc0 | Thomas Graf | 31 March 2018, 04:03:33 UTC | test: Temporarily disable default deny egress test Signed-off-by: Thomas Graf <thomas@cilium.io> | 31 March 2018, 04:52:06 UTC |
82fbce1 | Eloy Coto | 29 March 2018, 11:05:43 UTC | Test: Complete Egress default-deny test In Egress default-deny tested that the endpoint has policy enabled but connectivity was not tested. This changes make sure that the changes are updated correctly. Also, some refactoring in the test to use BeforeAll,AfterAll and make things a bit faster. Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 30 March 2018, 14:07:36 UTC |
f8c58b0 | Jarno Rajahalme | 30 March 2018, 02:25:22 UTC | .gitignore: Ignore 'envoy/external' which is needed for gdb Running Envoy tests under gdb requires the sources to be available via 'external'. It should be created as a symlink to 'bazel-envoy/external' once bazel has fetched the dependencies. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 30 March 2018, 14:06:56 UTC |
b41f1b4 | Jarno Rajahalme | 30 March 2018, 02:25:22 UTC | envoy: Treat empty NPDS correctly. No resources means we should delete all cached policies, rather than return without doing anything. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 30 March 2018, 14:06:56 UTC |
309443e | Jarno Rajahalme | 30 March 2018, 02:25:21 UTC | envoy: Add nphds gRPC client. Refactor gRPC subscription code to share it for host IP - security ID mapping. We never supported using more than one "xdsCluster", hard code it so that we don't need to keep configuring it from all filter instances. Change "bpf_root" default to an empty string, and do not use bfp if "bpf_root" is not configured. Do not try to remove proxymap entries if we don't know the proxy_port (zero proxy_port implies no bpf). Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 30 March 2018, 14:06:56 UTC |
93053ea | Ian Vernon | 29 March 2018, 21:35:39 UTC | test/bpf: update unit test to account for allow-all CIDR Signed-off by: Ian Vernon <ian@cilium.io> | 30 March 2018, 14:05:49 UTC |
cc5809f | Ian Vernon | 29 March 2018, 21:32:14 UTC | bpf: fix GET_PREFIX to account for zero length This allows CIDRs with mask 0 to function correctly in the datapath. This fixes the issue where egress traffic is not allowed to world (0.0.0.0/0) when it should be. Signed-off by: Ian Vernon <ian@cilium.io> | 30 March 2018, 14:05:49 UTC |
3cc32c0 | Ian Vernon | 29 March 2018, 15:52:17 UTC | test/runtime: add egress to world entity test Add a simple datapath test to ensure that adding egress policy allowing traffic to entity 'world' is plumbed appropriately and is enforced in the datapath. Signed-off by: Ian Vernon <ian@cilium.io> | 30 March 2018, 14:05:49 UTC |
fc87d6f | Eloy Coto | 30 March 2018, 11:47:45 UTC | Test: Fix issue with cilium bugtool When test has `:` in the name, cilium bugtool didn't work correctly. Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 30 March 2018, 14:03:12 UTC |
d010855 | Ian Vernon | 29 March 2018, 23:05:35 UTC | pkg/ipcache: update previous identity -> IP mapping in ipcache upon identity update for IP If the identity is updated for an endpoint, the XDS cache not only needs to have the new identity to list of IPs mapping updated, it needs to have the old identity to IP mapping updated as well to account that the IP for which a key-value store Create or Modify event no longer maps to its old identity. Delete the identity from the XDS cache if it no longer maps to any IPs in the IPIdentityCache, or update it with the list of IPs that it still maps to. Signed-off by: Ian Vernon <ian@cilium.io> | 30 March 2018, 14:02:22 UTC |
fc4c025 | Joe Stringer | 30 March 2018, 00:32:54 UTC | bpf: Fix ingress CIDR lookup This check was previously using the wrong address, so CIDRs would never match. Signed-off-by: Joe Stringer <joe@covalent.io> | 30 March 2018, 14:01:58 UTC |
95ebe3a | Joe Stringer | 30 March 2018, 00:18:54 UTC | cidrmap: Log when inserting/removing entries Related: #3304 Signed-off-by: Joe Stringer <joe@covalent.io> | 30 March 2018, 14:01:58 UTC |
fb47bf3 | Eloy Coto | 29 March 2018, 14:50:53 UTC | Test: Fix logger testName Fix #3367 Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 30 March 2018, 06:57:31 UTC |
18d1ed4 | Romain Lenglet | 30 March 2018, 00:20:53 UTC | xds: Handle NACKs of initial versions of resources Signed-off-by: Romain Lenglet <romain@covalent.io> | 30 March 2018, 02:05:23 UTC |
41fa2d3 | Ian Vernon | 29 March 2018, 19:38:46 UTC | test/runtime: reduce redundant arguments in policy formatting Use string formatting index references to populate policies within test. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
8864c72 | Ian Vernon | 29 March 2018, 19:16:42 UTC | test/runtime: send output of cilium-agent to logger The kvstore test stops the cilium service, and starts the process directly. Thus, no logs are sent to syslog; edit the command which runs the cilium-agent to send output to syslog for debugging. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
a137867 | Ian Vernon | 29 March 2018, 18:54:19 UTC | cmd: add documentation and TODO for updatePolicyKey Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
da43a12 | Ian Vernon | 29 March 2018, 18:47:03 UTC | pkg/k8s: remove remove duplicate port check for egress rules Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
d40ca2b | Ian Vernon | 29 March 2018, 18:45:02 UTC | pkg/endpoint: cleanup formatting of log message Move fields in log message to be on each line for easier readability. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
cd9318e | Ian Vernon | 29 March 2018, 18:43:37 UTC | cilium/cmd: refactor parseTrafficString Use a switch statement instead of if-else chain. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
461b151 | Ian Vernon | 29 March 2018, 18:41:28 UTC | pkg/policy: remove outdated TODO message Unit tests are added for ResolveL4EgressPolicy, so remove TODO message to add unit tests. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
3bff09e | Ian Vernon | 29 March 2018, 18:40:55 UTC | pkg/endpoint: add GitHub issue number for egress ConnTrack work Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
22e402d | Ian Vernon | 29 March 2018, 18:40:28 UTC | daemon: add TODO for GH-3394 Add TODO message for egress policy tracing. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
d1d42a4 | Joe Stringer | 29 March 2018, 17:23:50 UTC | bpf: Fix non-CT egress policy address lookup When conntrack is disabled, the destination address in the ct_tuple is not flipped, so egress IP->ID lookup was using the wrong address to lookup the destination identity. Fix it up. Signed-off-by: Joe Stringer <joe@covalent.io> | 29 March 2018, 23:54:02 UTC |
c1584a1 | Ian Vernon | 29 March 2018, 04:10:22 UTC | pkg/endpoint: populate AllowedEgressIdentities in GetPolicyModel Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
2c5d299 | Ian Vernon | 29 March 2018, 04:09:50 UTC | api: add allowed-egress-identities to EndpointPolicy Add list of allowed identities for egress communication. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
cb2f6b8 | Ian Vernon | 29 March 2018, 03:43:53 UTC | test/runtime/manifests: update conntrack test policies to account for label-based egress Now that we do label-based lookups for egress in datapath, need to explicitly add label-based egress policies because the agent's policy enforcement mode is set to 'always' (default deny for egress) for these tests. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
883125c | Ian Vernon | 28 March 2018, 20:32:41 UTC | test/runtime: add L3-dependent L7 policy and commented-out tests Tests are commented out because egress L3-dependent-L7 still needs to be added to Cilium. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |
3a9d56a | Ian Vernon | 28 March 2018, 06:08:11 UTC | test/runtime: add egress L4 with L3 label wildcard test Misc. comment fixes as well. Signed-off by: Ian Vernon <ian@cilium.io> | 29 March 2018, 23:54:02 UTC |