https://github.com/cilium/cilium
- HEAD
- refs/heads/1.2.7-hotfix1-fqdn-regen
- refs/heads/EndpointPolicyEnformcement
- refs/heads/all-scalability-improvements
- refs/heads/beta/service-mesh
- refs/heads/bpf-metrics
- refs/heads/brb/brb-patch-2
- refs/heads/cilium-envoy-crd-pre-beta
- refs/heads/cilium-no-gopath
- refs/heads/cli-upgrade-v1.12-ci-test
- refs/heads/clustermesh511-upgrade-test
- refs/heads/committers-codeowners
- refs/heads/debug
- refs/heads/dev/joe/v1.8-with-hostfw-fixes
- refs/heads/enable_cnp_latency
- refs/heads/encrypt-node-fixes
- refs/heads/ensure-macos-build-succeeds
- refs/heads/envoy-policy-precedence
- refs/heads/envoy-warnings-cleanup
- refs/heads/extension-mysql
- refs/heads/feature/cep-scalability
- refs/heads/feature/devices-and-addresses
- refs/heads/feature/devices-reconciliation-v1.16
- refs/heads/feature/main/svc-icmp-response
- refs/heads/feature/service-refactor
- refs/heads/feature/service-refactor-fresh
- refs/heads/feature/v1.11/beta-test
- refs/heads/feature/v1.11/k8s-ingress
- refs/heads/fix-iphealth
- refs/heads/fqdn-fixl3-wildcard
- refs/heads/fristonio/iptables-manager-fix
- refs/heads/ft/main/chancez/push-dev-charts
- refs/heads/ft/main/push_chart_stable_branches_fix
- refs/heads/ft/main/test_push_chart_updates
- refs/heads/gce-example
- refs/heads/gh-readonly-queue/main/pr-27509-78a5f177693fb443cd946441f45826bf7fa2437a
- refs/heads/ginkgo-better-timeout
- refs/heads/graduation
- refs/heads/hf/main/ipam-pools-build-230605
- refs/heads/hf/master/v1.12-rc2-health-dbg-v1
- refs/heads/hf/master/wg-fix-ipam-k8s-v2
- refs/heads/hf/v1.10/cls-prio2
- refs/heads/hf/v1.10/debug-taint-removal
- refs/heads/hf/v1.10/v1.10.10-with-19452
- refs/heads/hf/v1.10/v1.10.2-fix-ipsec-ep-routes
- refs/heads/hf/v1.10/v1.10.5-with-identity-leak-fix
- refs/heads/hf/v1.10/v1.10.7-additional-logs
- refs/heads/hf/v1.10/v1.10.7-exclude-local
- refs/heads/hf/v1.10/v1.10.7-exclude-loopback
- refs/heads/hf/v1.10/v1.10.7-extra-logs
- refs/heads/hf/v1.10/v1.10.7-more-logs
- refs/heads/hf/v1.10/v1.10.8-deadlock-and-complexity-fix
- refs/heads/hf/v1.10/v1.10.8-deadlock-fix
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v3
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v4
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v5
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v6
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v7
- refs/heads/hf/v1.11/1.11.4-custom-taint
- refs/heads/hf/v1.11/19247-custom-taint-key
- refs/heads/hf/v1.11/dbg-svc-restore
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak-eni-attach-and-logging
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak-eni-attachment
- refs/heads/hf/v1.11/v1.11.3-with-19259
- refs/heads/hf/v1.11/v1.11.4-custom-taint
- refs/heads/hf/v1.11/v1.11.5-and-19247-eed5544
- refs/heads/hf/v1.11/xdp-multidev-v1
- refs/heads/hf/v1.11/xdp-multidev-v2-ipcache-fix
- refs/heads/hf/v1.12/next-net-v1
- refs/heads/hf/v1.12/v1.12.18-994
- refs/heads/hf/v1.12/v1.12.3-debug-k8s-heartbeat
- refs/heads/hf/v1.12/v1.12.3-debug-k8s-heartbeat-v2
- refs/heads/hf/v1.13/bpf-sock-l7-fix
- refs/heads/hf/v1.13/v1.13.12-without-deny-precedence
- refs/heads/hf/v1.13/v1.13.14-without-deny-precedence
- refs/heads/hf/v1.13/v1.13.14-without-deny-precedence-debug
- refs/heads/hf/v1.13/v1.13.14-without-deny-precedence-with-xfrm-fix
- refs/heads/hf/v1.13/v1.13.2-with-24875
- refs/heads/hf/v1.13/v1.13.3-with-26242
- refs/heads/hf/v1.14/cidr-identity-refcnt-fix
- refs/heads/hf/v1.14/v1.14-with-27327
- refs/heads/hf/v1.7/v1.7.15-with-neighbor-fix
- refs/heads/hf/v1.7/v1.7.15-with-neighbor-fix-2
- refs/heads/hf/v1.8/v1.8.13-with-19452
- refs/heads/hf/v1.8/v1.8.6-eni-cidr-fix-1
- refs/heads/hf/v1.8/v1.8.6-eni-cidr-fix-15303
- refs/heads/hf/v1.8/v1.8.7-with-fqdn-underscore-fix
- refs/heads/hf/v1.8/v1.8.8-eni-cidr-fix-1
- refs/heads/hf/v1.8/v1.8.8-with-encrypt-fixes
- refs/heads/hf/v1.9/v1.9.8-azure-ipam-fix
- refs/heads/hf/v1.9/v1.9.9-azure-pod-egress-fix
- refs/heads/images/runtime/20210830
- refs/heads/ipc-demo
- refs/heads/ktls-tx-only
- refs/heads/ktls-tx-only-v2
- refs/heads/ktls-tx-rx
- refs/heads/ktls-tx-rx-v2
- refs/heads/ktls-tx-rx-v3
- refs/heads/ktls-tx-rx-v4
- refs/heads/ktls-tx-rx-v5
- refs/heads/ldelossa/feat/bgp-control-plane
- refs/heads/ldelossa/segment-makefiles
- refs/heads/ldelossa/segment-makefiles-v2
- refs/heads/ldelossa/srv6-encap-fib
- refs/heads/lizrice/pr/cli-confusion
- refs/heads/main
- refs/heads/multi-stack-dev-vm
- refs/heads/pr/1-9-ci-test
- refs/heads/pr/aanm-update-k8s-conformance
- refs/heads/pr/aanm/bisect
- refs/heads/pr/aanm/test-31027
- refs/heads/pr/add-controller-identity
- refs/heads/pr/aditighag/lrp-skip-lb
- refs/heads/pr/asauber/link-local-as-host
- refs/heads/pr/asauber/max-ifindex-metric
- refs/heads/pr/avoid-ct-for-dsr
- refs/heads/pr/backend-state
- refs/heads/pr/bbb-cpy
- refs/heads/pr/bimmlerd/modularize-bandwidth-manager
- refs/heads/pr/bimmlerd/v1.12-backport-quay-org-from-env
- refs/heads/pr/bounded-loops
- refs/heads/pr/bpf-based-masquerading
- refs/heads/pr/bpf-edt-proxy
- refs/heads/pr/brb/arping-nexthop
- refs/heads/pr/brb/arping-via-gw
- refs/heads/pr/brb/auto-multi-dev-v2
- refs/heads/pr/brb/backport-1.8.5-nat-gc
- refs/heads/pr/brb/bpf-host-routing-wg
- refs/heads/pr/brb/bpf-lxc-no-redirect
- refs/heads/pr/brb/bpf-masq-no-socket-lb
- refs/heads/pr/brb/bpf-masq-veth
- refs/heads/pr/brb/bpf-multihoming
- refs/heads/pr/brb/cgroup-v2-test
- refs/heads/pr/brb/check-errors-in-logs
- refs/heads/pr/brb/check-wg
- refs/heads/pr/brb/ci
- refs/heads/pr/brb/ci-1111
- refs/heads/pr/brb/ci-2
- refs/heads/pr/brb/ci-4.19
- refs/heads/pr/brb/ci-arping-flake
- refs/heads/pr/brb/ci-bigtcp
- refs/heads/pr/brb/ci-bpf-netdev-without-egress
- refs/heads/pr/brb/ci-cleanup-svc
- refs/heads/pr/brb/ci-dbg-conformance-kind
- refs/heads/pr/brb/ci-dbg-external
- refs/heads/pr/brb/ci-dbg-flake-from-outside
- refs/heads/pr/brb/ci-demo
- refs/heads/pr/brb/ci-disable-ces-for-egress-gw
- refs/heads/pr/brb/ci-dp-disable-bpf-host-routing
- refs/heads/pr/brb/ci-dp-hubble-flows
- refs/heads/pr/brb/ci-dp-more-diversity
- refs/heads/pr/brb/ci-dp-v1.13
- refs/heads/pr/brb/ci-dp-v6
- refs/heads/pr/brb/ci-dp-verifier
- refs/heads/pr/brb/ci-e2e-enable-debug-ipsec
- refs/heads/pr/brb/ci-e2e-geneve-dsr
- refs/heads/pr/brb/ci-e2e-helm-mode-v1.13
- refs/heads/pr/brb/ci-e2e-lvh-retry
- refs/heads/pr/brb/ci-e2e-more-nodes
- refs/heads/pr/brb/ci-e2e-new-cli
- refs/heads/pr/brb/ci-e2e-nft
- refs/heads/pr/brb/ci-e2e-unsafe
- refs/heads/pr/brb/ci-e2e-unsafe-v2
- refs/heads/pr/brb/ci-e2e-upgrade-tests
- refs/heads/pr/brb/ci-e2e-upgrade-tests-ipsec
- refs/heads/pr/brb/ci-early-terminate-conn-disrupt
- refs/heads/pr/brb/ci-eks-ipsec-upgrade
- refs/heads/pr/brb/ci-encrypt-l7
- refs/heads/pr/brb/ci-fix-ip-masq-dry-run
- refs/heads/pr/brb/ci-ipsec-upgrade-fix
- refs/heads/pr/brb/ci-ipsec-upgrade-missed-tail-calls
- refs/heads/pr/brb/ci-ipsec-upgrade-v1.13
- refs/heads/pr/brb/ci-ipsec-upgrade-vol2
- refs/heads/pr/brb/ci-keep-missed-tail-calls
- refs/heads/pr/brb/ci-l7-nodeport
- refs/heads/pr/brb/ci-lvh-4.19
- refs/heads/pr/brb/ci-lvh-5.4
- refs/heads/pr/brb/ci-lvh-5.4-v2
- refs/heads/pr/brb/ci-lvh-bpf-next
- refs/heads/pr/brb/ci-no-self-hosted
- refs/heads/pr/brb/ci-pass-kernel-env
- refs/heads/pr/brb/ci-prepull-l4lb
- refs/heads/pr/brb/ci-refactor-svc-suite
- refs/heads/pr/brb/ci-rm-smoke-tests
- refs/heads/pr/brb/ci-sanity
- refs/heads/pr/brb/ci-test
- refs/heads/pr/brb/ci-test-2
- refs/heads/pr/brb/ci-test-k8s-vsn-swap
- refs/heads/pr/brb/ci-test-large-runners
- refs/heads/pr/brb/ci-uffff
- refs/heads/pr/brb/ci-upgrade-vol-2
- refs/heads/pr/brb/ci-upgrade-vol-3
- refs/heads/pr/brb/ci-wg-mtu
- refs/heads/pr/brb/ci-wg-mtu-vol2
- refs/heads/pr/brb/cilium-host-v6-from-ipam
- refs/heads/pr/brb/cli-bump-test
- refs/heads/pr/brb/datapath-loop-dbg
- refs/heads/pr/brb/dbg-ci
- refs/heads/pr/brb/dbg-conformance-gke
- refs/heads/pr/brb/dbg-master-np-vxlan-ipcache-ci
- refs/heads/pr/brb/debug-nodeport-bpf-flake
- refs/heads/pr/brb/do-not-derive-pod-cidrs-from-dev
- refs/heads/pr/brb/do-not-query-dev-for-arping
- refs/heads/pr/brb/docs-clarify-egress-gw-ip-addr-dp
- refs/heads/pr/brb/drop-notify
- refs/heads/pr/brb/dsr
- refs/heads/pr/brb/dsr-v2
- refs/heads/pr/brb/dualstack-ci
- refs/heads/pr/brb/enable-ipv6-per-endpoint-routes
- refs/heads/pr/brb/enable-route-mtu-cni
- refs/heads/pr/brb/fib-lookup-src
- refs/heads/pr/brb/fix-backend-id-u32
- refs/heads/pr/brb/fix-ci-dp-deprecation-warn
- refs/heads/pr/brb/fix-clang-vsn-regexp
- refs/heads/pr/brb/fix-egress-ip-16147
- refs/heads/pr/brb/fix-external-ip-dp
- refs/heads/pr/brb/fix-maglev-del
- refs/heads/pr/brb/fix-nodeport-hostnetns
- refs/heads/pr/brb/fix-stale-dsr
- refs/heads/pr/brb/fix-svc-backend-selection
- refs/heads/pr/brb/fix-third-host
- refs/heads/pr/brb/gh-action-cgr
- refs/heads/pr/brb/gh-action-lvh
- refs/heads/pr/brb/gh-install-cli-backup
- refs/heads/pr/brb/ginkgo-kpr-strict
- refs/heads/pr/brb/ginkgo-rm-update-tests
- refs/heads/pr/brb/go-crazy
- refs/heads/pr/brb/hubble-tcp-ack-seq-no
- refs/heads/pr/brb/improve-svc-restore
- refs/heads/pr/brb/istio-getsockopt
- refs/heads/pr/brb/it-cannot-be-truth
- refs/heads/pr/brb/kpr-svc-mesh
- refs/heads/pr/brb/kubeproxy-free-ci
- refs/heads/pr/brb/l7-np-bpf
- refs/heads/pr/brb/l7-rerevert
- refs/heads/pr/brb/lets-be-friends-with-ipsec
- refs/heads/pr/brb/lvh-kind-127
- refs/heads/pr/brb/lvh-kind-ipsec-upgrade
- refs/heads/pr/brb/meyskens/auth-ep-gc-locks
- refs/heads/pr/brb/multi-network
- refs/heads/pr/brb/no-cache-snat
- refs/heads/pr/brb/no-rev-nat-bpf-lxc-ingress
- refs/heads/pr/brb/node-id-per-fam
- refs/heads/pr/brb/nodeport-xlr-flag
- refs/heads/pr/brb/perf-wg
- refs/heads/pr/brb/pin-lvh
- refs/heads/pr/brb/push-ci-charts
- refs/heads/pr/brb/pwru
- refs/heads/pr/brb/rm-arping-l2-addr-check
- refs/heads/pr/brb/rm-no-redirect
- refs/heads/pr/brb/rm-np-deadcode
- refs/heads/pr/brb/rm-partial-host-svc
- refs/heads/pr/brb/rm-test-gke
- refs/heads/pr/brb/test-bpf-masq
- refs/heads/pr/brb/test-ci-e2e
- refs/heads/pr/brb/test-ci-e2e-v1.13
- refs/heads/pr/brb/test-kind
- refs/heads/pr/brb/third-host-more-pain
- refs/heads/pr/brb/timing-l4lb-gh-action
- refs/heads/pr/brb/triage-flake-v2
- refs/heads/pr/brb/triage-lb-flake
- refs/heads/pr/brb/unquarantine-svc
- refs/heads/pr/brb/v1.10-istio-snat
- refs/heads/pr/brb/v1.12-ci-e2e
- refs/heads/pr/brb/v1.12-ci-ipsec-upgrade
- refs/heads/pr/brb/v1.12-test-ipsec-upgrade
- refs/heads/pr/brb/v1.13-ci-e2e
- refs/heads/pr/brb/v1.13-remote-np
- refs/heads/pr/brb/v1.13-upgrade-fixes
- refs/heads/pr/brb/v1.14-ci-e2e-upgrade
- refs/heads/pr/brb/v1.14-drop-notify
- refs/heads/pr/brb/v1.15-enable-route-mtu-cni
- refs/heads/pr/brb/v1.6.9-iptables-W
- refs/heads/pr/brb/v1.8-fix-icmp-port-check
- refs/heads/pr/brb/wg-duplicate-node-ip
- refs/heads/pr/brb/wg-encrypt-node-test
- refs/heads/pr/brb/wg-hack
- refs/heads/pr/brb/wg-ipam-fix
- refs/heads/pr/brb/wg-kpr
- refs/heads/pr/brb/wg-test
- refs/heads/pr/brb/wip
- refs/heads/pr/brb/wip-ci
- refs/heads/pr/brb/wip-sync-policy-map
- refs/heads/pr/brb/xdp-egress-gw
- refs/heads/pr/brb/xdp-multidev-with-bpf-multihoming
- refs/heads/pr/brb/xdp-multidev-with-bpf-multihoming-v2
- refs/heads/pr/bruno/sleepy-pawn
- refs/heads/pr/bugtool-systemd
- refs/heads/pr/bwm-base2
- refs/heads/pr/bwm-fq
- refs/heads/pr/bwm-priority
- refs/heads/pr/chancez/add_hubble_l7_dashboard_prometheus_example
- refs/heads/pr/chancez/fix_websocket_l7_policies
- refs/heads/pr/chancez/flow_filter_namespace
- refs/heads/pr/chancez/hubble_metrics_tls_docs
- refs/heads/pr/chancez/hubble_plus_plus
- refs/heads/pr/chancez/static_peers_hubble_relay
- refs/heads/pr/christarazi/controlplane-fqdn
- refs/heads/pr/christarazi/ipcache-async-cep-pods-namedports
- refs/heads/pr/christarazi/prep-from-cidr-tests
- refs/heads/pr/ci-k8s-1.30
- refs/heads/pr/datapath-opt
- refs/heads/pr/dbkm/nodeport-lb
- refs/heads/pr/debug-dns-timeout
- refs/heads/pr/eproutes-redir
- refs/heads/pr/example/neigh-state-manager
- refs/heads/pr/fastdp
- refs/heads/pr/fastdp2
- refs/heads/pr/feroz/allow-sbom-read
- refs/heads/pr/feroz/set-container-scan-failure-flag
- refs/heads/pr/fib-consolidation
- refs/heads/pr/fix-aks-workflow
- refs/heads/pr/fix-k8s-all-sha1
- refs/heads/pr/fix-net-next-1.16
- refs/heads/pr/fix-pod-pacing
- refs/heads/pr/fix-tail-call-replace
- refs/heads/pr/fristonio/feat-19038
- refs/heads/pr/fristonio/fix-istio-k8sT
- refs/heads/pr/fristonio/ipv6-masquerading
- refs/heads/pr/fristonio/test-dual-stack
- refs/heads/pr/fristonio/test-ipv6-dualstack
- refs/heads/pr/gandro+brb/fix-monitor-aggregation-np-v2
- refs/heads/pr/gandro+brb/mv-trace-point-to-rev-nodeport
- refs/heads/pr/gandro+brb/wg-host-encryption-v3
- refs/heads/pr/gandro+brb/wg-host2host
- refs/heads/pr/gandro+brb/wg-host2host-kind
- refs/heads/pr/gandro/bump-hubble-2020-03-25
- refs/heads/pr/gandro/ci-conformance-multicluster-fix-log-gathering
- refs/heads/pr/gandro/ci-delete-crds-in-cleanupcomponents
- refs/heads/pr/gandro/ci-fix-status-if-workflows-are-skipped
- refs/heads/pr/gandro/ci-wait-for-all-relevant-images-do-not-merge-test
- refs/heads/pr/gandro/enable-hubble-by-default
- refs/heads/pr/gandro/portmap-refcount
- refs/heads/pr/gandro/re-enable-wireguard-in-multicluster-ci
- refs/heads/pr/gandro/svc-healthchecknodeport
- refs/heads/pr/gc-on-svc-update
- refs/heads/pr/getname-hooks
- refs/heads/pr/giorio94/1.14/test-cilium-cli-2184
- refs/heads/pr/giorio94/main/cluster-name-validation-strict
- refs/heads/pr/giorio94/main/clustermesh-deprecated-cleanup
- refs/heads/pr/giorio94/main/gha-cl2-agents-pprof
- refs/heads/pr/giorio94/main/gha-cl2-compress-agent-pprofs
- refs/heads/pr/giorio94/main/gha-cluster-name
- refs/heads/pr/giorio94/main/gha-conformance-clustermesh-lb
- refs/heads/pr/giorio94/main/test-cilium-cli-2184
- refs/heads/pr/giorio94/main/tests-clustermesh-upgrade-interrupted
- refs/heads/pr/gray/30837-with-pwru
- refs/heads/pr/gray/main/connectivity-wg-proxy-nodeport
- refs/heads/pr/gray/main/decouple-ipsec-gh-actions
- refs/heads/pr/gray/main/egress-proxy-ipsec-fix2
- refs/heads/pr/gray/main/fix-leak-detection-race
- refs/heads/pr/gray/main/xfrm-delete-flake
- refs/heads/pr/gray/main/xfrm-delete-flake2
- refs/heads/pr/gray/pwru-action
- refs/heads/pr/gray/v1.15/decouple-ipsec-gh-actions
- refs/heads/pr/health
- refs/heads/pr/health-data-path
- refs/heads/pr/hubble-tls-cert-gen-via-k8s-job
- refs/heads/pr/ianvernon/kvstore-client-type
- refs/heads/pr/ianvernon/kvstore-context
- refs/heads/pr/ianvernon/more-endpoint-cleanup
- refs/heads/pr/ianvernon/resolve-cidr-policy-perf-improvement
- refs/heads/pr/increase-verifier-test-build-timeout
- refs/heads/pr/ipip
- refs/heads/pr/ipip-encap
- refs/heads/pr/ipip-encap2
- refs/heads/pr/ipip2
- refs/heads/pr/ipip4
- refs/heads/pr/ipip6
- refs/heads/pr/jibi/differentiate-udp-tcp-svcs-take-4
- refs/heads/pr/jibi/fix-differentiate-udp-tcp-svc-upgrade
- refs/heads/pr/jibi/ip-list-contains-addr
- refs/heads/pr/joamaki/gather-network-info
- refs/heads/pr/joamaki/idless-service-restapi
- refs/heads/pr/joe/ariane-scheduled-cilium-only
- refs/heads/pr/joe/backport-28007-1.11
- refs/heads/pr/joe/bump-ginkgo-seed
- refs/heads/pr/joe/docker-build-log-tracing
- refs/heads/pr/joe/ipcache-cidr-policy
- refs/heads/pr/joe/lost-identity
- refs/heads/pr/joe/policymap-format-test
- refs/heads/pr/joe/ready-to-merge
- refs/heads/pr/joe/release-codeowners
- refs/heads/pr/joe/sw-quay
- refs/heads/pr/joe/test-labeler
- refs/heads/pr/joe/test-lvh-fix
- refs/heads/pr/joe/v1.13-stability-check
- refs/heads/pr/joe/v1.7-dev-env
- refs/heads/pr/jrajahalme/gh-filter-test-files
- refs/heads/pr/jrfastab/backport-ooo-ipsec-fixes
- refs/heads/pr/jrfastab/backport-v111-loopback
- refs/heads/pr/jrfastab/backport-v115
- refs/heads/pr/jrfastab/dbgNodeId
- refs/heads/pr/jrfastab/dbgNodeId111
- refs/heads/pr/jrfastab/dbgNodeId111v2
- refs/heads/pr/jrfastab/dbgv114
- refs/heads/pr/jrfastab/eks-encrypt-ipamupdate
- refs/heads/pr/jrfastab/fix-encrypt-subnets
- refs/heads/pr/jrfastab/fix-ixsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/fixes-ipsec-init
- refs/heads/pr/jrfastab/v1.8-fix-ipsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/v1.9-fix-ipsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/v111-debug-ooo
- refs/heads/pr/jrfastab/v111-debug-ooo-v2
- refs/heads/pr/jwi/main/ipsec-rhel8
- refs/heads/pr/jwi/v1.14/ci-ipsec
- refs/heads/pr/jwi/v1.15/bpf-complexity
- refs/heads/pr/jwi/v1.15/ci-ipsec
- refs/heads/pr/k8s-nat46x64
- refs/heads/pr/k8s-nat46x64-2
- refs/heads/pr/kaworu/helm-hubble-cli.yaml
- refs/heads/pr/kkourt/azure-ipam-test-race
- refs/heads/pr/kkourt/bpftool-update
- refs/heads/pr/kkourt/ct-rst-timeout-wip
- refs/heads/pr/kkourt/v1.11-backport-2022-01-26
- refs/heads/pr/kkourt/v1.9-lxc-complexity
- refs/heads/pr/l4lb-improvements-tmp
- refs/heads/pr/learnitall/ginkgo-race-workflow
- refs/heads/pr/learnitall/test-startup-script-changes
- refs/heads/pr/lmb/1.14-cni
- refs/heads/pr/lmb/1.15-cni
- refs/heads/pr/lmb/update-cni-plugin
- refs/heads/pr/marga/v1.11-without-deny-precedence
- refs/heads/pr/marseel/scale_test_1_15
- refs/heads/pr/max/upgrade-llvm-18-1-6
- refs/heads/pr/mhofstetter/guestbook-registry
- refs/heads/pr/mhofstetter/junit-fetch-nullglob
- refs/heads/pr/mhofstetter/ssh-store-consolelog
- refs/heads/pr/mhofstetter/test-ingress
- refs/heads/pr/michi/circular-struggle
- refs/heads/pr/michi/clustermesh
- refs/heads/pr/michi/crdregister
- refs/heads/pr/michi/debug
- refs/heads/pr/michi/description
- refs/heads/pr/michi/dns-refactor12
- refs/heads/pr/michi/ipsec-workflows
- refs/heads/pr/michi/l7drop
- refs/heads/pr/michi/majestic-ketchup
- refs/heads/pr/michi/mega-ketchup
- refs/heads/pr/michi/peerapi
- refs/heads/pr/michi/rest
- refs/heads/pr/michi/scaletest
- refs/heads/pr/michi/sleep-on-it
- refs/heads/pr/michi/test
- refs/heads/pr/michi/weekly-bot
- refs/heads/pr/monitor-wait-ci
- refs/heads/pr/move-image-to-one-repo
- refs/heads/pr/nat-gw-tests
- refs/heads/pr/nathanjsweet/add-complex-allow-test-to-policy-map-tests
- refs/heads/pr/nathanjsweet/add-lockdown-mode-for-policy-map-overflows
- refs/heads/pr/nathanjsweet/differentiate-protocol-in-services
- refs/heads/pr/nathanjsweet/node-port-addresses
- refs/heads/pr/nathanjsweet/refactor-mapstate
- refs/heads/pr/nathanjsweet/update-k8s-control-plane-tests-to-1-27
- refs/heads/pr/nebril/add-dns-concurrency-limit
- refs/heads/pr/nebril/fix-precheck
- refs/heads/pr/nebril/fqdn-proxy-ha
- refs/heads/pr/nebril/fqdn-proxy-interface
- refs/heads/pr/nebril/gke-workflow-migrate-from-cli
- refs/heads/pr/nebril/quarantine-1.14-nodeport
- refs/heads/pr/nebril/test-bottlerocket
- refs/heads/pr/nebril/test-helm-gke-fix
- refs/heads/pr/nebril/test-our-ghaction-shenanigans
- refs/heads/pr/nebril/test-rebase-helm
- refs/heads/pr/nebril/trololo
- refs/heads/pr/nebril/update-cli-9.1-test
- refs/heads/pr/netkit
- refs/heads/pr/netkit3
- refs/heads/pr/netns-switch
- refs/heads/pr/netns-switch-no-peer
- refs/heads/pr/nodeport-fix
- refs/heads/pr/nodeport-improvements2
- refs/heads/pr/nodeport-nat-improvements
- refs/heads/pr/nodeport-nat-improvements2
- refs/heads/pr/nodeport-retry-sport
- refs/heads/pr/pchaigno/deprecate-bpf_network-f
- refs/heads/pr/pchaigno/fix-4.19-bpf-program-size
- refs/heads/pr/pchaigno/hotfix1-ipsec-fix
- refs/heads/pr/pchaigno/hotfix1-ipsec-fix-brb-v0
- refs/heads/pr/pchaigno/optim-complexity-ipcache-lookup
- refs/heads/pr/pchaigno/rework-config-probes
- refs/heads/pr/pchaigno/tmp-base-branch
- refs/heads/pr/pin-1.10-workflows-k8s-version
- refs/heads/pr/pin-1.11-workflows-k8s-version
- refs/heads/pr/pin-1.12-workflows-k8s-version
- refs/heads/pr/pin-1.13-workflows-k8s-version
- refs/heads/pr/pin-cloud-provider-master-workflows
- refs/heads/pr/pr/fix-ipam-node-manager-semaphore-error-handling
- refs/heads/pr/publish-test-images
- refs/heads/pr/qmonnet/docs-20230224
- refs/heads/pr/qmonnet/docs-bump
- refs/heads/pr/qmonnet/ipsec/no-missed-tail-call-1.13
- refs/heads/pr/qmonnet/standalone-lb-docs
- refs/heads/pr/qmonnet/sync-joblists
- refs/heads/pr/rastislavs/bgp-e2e-test
- refs/heads/pr/ray/late-dns-proxy
- refs/heads/pr/rgo3/1.12-run-no-unexpected-drops-for-patch
- refs/heads/pr/rgo3/fix-k8s-vm-provisioning-1.13
- refs/heads/pr/rgo3/fix-missing-health-endpoint
- refs/heads/pr/rolinh/better-policy-verdict
- refs/heads/pr/rolinh/hubble-dump-all
- refs/heads/pr/rolinh/hubble-fix-maxflows-rounding
- refs/heads/pr/route-test
- refs/heads/pr/run-tests-in-parallel
- refs/heads/pr/scalability-crd-only
- refs/heads/pr/squeed/make-ccache
- refs/heads/pr/squeed/per-node-config
- refs/heads/pr/squeed/remote-cluster-leak
- refs/heads/pr/stacy/docs-update
- refs/heads/pr/tammach/accesslog-envoy
- refs/heads/pr/tammach/ci-cm
- refs/heads/pr/tammach/cleanup-helm-1.16
- refs/heads/pr/tammach/envoy-1.30
- refs/heads/pr/tammach/headless-service-flake
- refs/heads/pr/tammach/ingress-controller-e2e-config6
- refs/heads/pr/tammach/more-ingress-tests
- refs/heads/pr/tammach/rennovate-statedb
- refs/heads/pr/tammach/revert/fib-lookup
- refs/heads/pr/tammach/ubuntu-24.04
- refs/heads/pr/tammach/ubuntu-24.04-no-llvm
- refs/heads/pr/tc-np-test
- refs/heads/pr/tcx
- refs/heads/pr/tcx-helm
- refs/heads/pr/tcx-misc
- refs/heads/pr/test-419-ci
- refs/heads/pr/test-increase-update-delete-timeout
- refs/heads/pr/test-k8s-all-tests
- refs/heads/pr/test-lb-super-netperf
- refs/heads/pr/test-nightly
- refs/heads/pr/test-upstream-timeout
- refs/heads/pr/tgraf/chaos-testing
- refs/heads/pr/tgraf/clustermesh-stale-state
- refs/heads/pr/tgraf/eni-ipam
- refs/heads/pr/tgraf/new-endpoint-state
- refs/heads/pr/tgraf/new-policy
- refs/heads/pr/tgraf/remove-tunnel-map
- refs/heads/pr/tgraf/scoped-ipam
- refs/heads/pr/tgraf/sctp
- refs/heads/pr/tgraf/split-lxc-prog
- refs/heads/pr/thorn3r/cesBlanketTest
- refs/heads/pr/thorn3r/clustermesh511
- refs/heads/pr/tklauser/build-push-images-env-var
- refs/heads/pr/tommyp1ckles/debugging-aks-conformance
- refs/heads/pr/tp/add-logging-for-wait-for-pods-term-condition
- refs/heads/pr/tp/backport-31380
- refs/heads/pr/tp/bump-cilium-cli
- refs/heads/pr/tp/cleanup-ipam-ips-metric-docs
- refs/heads/pr/tp/complexity-issue-verifier-case-main
- refs/heads/pr/tp/dont-terminate-on-node-config-changee
- refs/heads/pr/tp/eps-modular-health
- refs/heads/pr/tp/fix-stuck-ginko-pod-v2
- refs/heads/pr/tp/forward-hubble-for-e2e
- refs/heads/pr/tp/forward-hubble-for-e2e-v2
- refs/heads/pr/tp/switch-1.24-eks-region
- refs/heads/pr/tp/switch-1.24-eks-region-v1.13
- refs/heads/pr/tp/use-helm-default-vars-for-clustermesh-downgrade-c1
- refs/heads/pr/tweak-github-action-ref
- refs/heads/pr/twpayne/hubble-recent-events-buffer
- refs/heads/pr/twpayne/hubble-ring-buffer-benchmarks
- refs/heads/pr/update-azure
- refs/heads/pr/update-readme-for-releases
- refs/heads/pr/update-tm-network
- refs/heads/pr/v1.10-backport-2022-06-13
- refs/heads/pr/v1.10-backport-2022-10-03
- refs/heads/pr/v1.10-eni-stability-improvements-v1
- refs/heads/pr/v1.10-neigh-clean
- refs/heads/pr/v1.11-backport-2022-10-03
- refs/heads/pr/v1.11-test/issue-692
- refs/heads/pr/v1.12-backport-2023-10-10
- refs/heads/pr/v1.12-test/issue-692
- refs/heads/pr/v1.13-backport-2023-10-31
- refs/heads/pr/v1.13-backport-2024-04-22-03-42
- refs/heads/pr/v1.13-test/issue-692
- refs/heads/pr/v1.14-backport-2024-06-18-02-46
- refs/heads/pr/v1.14.1
- refs/heads/pr/v1.7-stability-test
- refs/heads/pr/v1.7.9-hf-13205
- refs/heads/pr/v3-cpu
- refs/heads/pr/v6-host-addr2
- refs/heads/pr/vk/bpf/tests/csum
- refs/heads/pr/vk/ci/test/concurrent/run
- refs/heads/pr/vk/doc/ipsec
- refs/heads/pr/vk/ipsec/key/rotate
- refs/heads/pr/vk/test/ipsec/tests/concurrent/run
- refs/heads/pr/wip/bijective-nodemap
- refs/heads/regex_improved
- refs/heads/renovate/v1.13-all-dependencies
- refs/heads/renovate/v1.14-all-dependencies
- refs/heads/renovate/v1.15-aanm-test
- refs/heads/renovate/v1.15-all-dependencies
- refs/heads/renovate/v1.16-cilium-cli
- refs/heads/renovate/v1.16-go
- refs/heads/revert-29086-2023-11-09-backport-1.14
- refs/heads/revert-33302-policy-catch-invalid-port-wildcard
- refs/heads/rib
- refs/heads/run-ci-wihout-building-cilium
- refs/heads/sh-dep-test-l4lb
- refs/heads/sidecar-http-proxy
- refs/heads/sockmap-v5
- refs/heads/sockops-build-fix
- refs/heads/tam/integration-tests
- refs/heads/tam/more-ingress-tests
- refs/heads/tb/bpf-remove-bear
- refs/heads/test-branch
- refs/heads/test-ipsec
- refs/heads/test-sig-bgp-notifs
- refs/heads/test/brlbil/upload
- refs/heads/test/skip-workflows
- refs/heads/tgraf/process-policy
- refs/heads/thorn3r/cesScaleTest
- refs/heads/thorn3rCES
- refs/heads/tinker/learnitall/scale-test-1
- refs/heads/tinker/learnitall/scale-test-2
- refs/heads/tklauser+brb/wip/multi-homing
- refs/heads/unit-test-ipsec
- refs/heads/v0.10
- refs/heads/v0.11
- refs/heads/v0.12
- refs/heads/v0.13
- refs/heads/v0.8
- refs/heads/v0.9
- refs/heads/v1.0
- refs/heads/v1.0.0-rc2
- refs/heads/v1.0.0-rc3
- refs/heads/v1.1
- refs/heads/v1.10
- refs/heads/v1.11
- refs/heads/v1.12
- refs/heads/v1.12.11-base
- refs/heads/v1.13
- refs/heads/v1.14
- refs/heads/v1.15
- refs/heads/v1.16
- refs/heads/v1.2
- refs/heads/v1.3
- refs/heads/v1.3.1
- refs/heads/v1.3.1-release
- refs/heads/v1.3.7-release
- refs/heads/v1.4
- refs/heads/v1.4.5-release
- refs/heads/v1.5
- refs/heads/v1.5.2-rc1-with-clusterip-fix
- refs/heads/v1.5.4-release
- refs/heads/v1.6
- refs/heads/v1.7
- refs/heads/v1.7.9-1
- refs/heads/v1.7.9.1
- refs/heads/v1.8
- refs/heads/v1.9
- refs/heads/verify-external-workload-dns-setup-redux
- refs/heads/vladu/identity-type-metrics
- refs/heads/weavescope
- refs/heads/wip-ktls-tx-rx
- refs/heads/wip-sockmap
- refs/heads/wip-sockmap-v2
- refs/heads/wip-sockmap-v3
- refs/heads/wip-sockmap-v4
- refs/heads/xfrm-subnet-test
- refs/heads/yutaro/bgp-cplane-etp-local/doc
- refs/heads/yutaro/oss/eni-overlapping-mark
- refs/remotes/bruno/hf/v1.10/v1.10.3-bpf-snat-and-masq-fixes
- refs/remotes/joe/submit/quarantine-etcd
- refs/remotes/origin/1.2-backports-18-09-12
- refs/remotes/origin/ipvlan3
- refs/remotes/origin/pr/add-reserved-health
- refs/remotes/origin/pr/brb/nodeport-lb
- refs/remotes/origin/pr/ianvernon/5859
- refs/remotes/origin/pr/ianvernon/dynamic-ep-cfg
- refs/remotes/origin/pr/tgraf/kube-dns-fixed-identity
- refs/semaphoreci/6384f501b324813e55cfbe818c04a40f2a923765
- refs/semaphoreci/7f69b285bac8a1be414e8769799962ae1408d9e1
- refs/semaphoreci/b5eb6622da121ad36b8f375a084392f7feeec64a
- refs/semaphoreci/d9e7e28f39d34a7050a9c1cad2a26d84f5f4eff1
- refs/semaphoreci/f55ec535d85f387ef981265967fabb3c1b5f1ec6
- refs/tags/0.10.1
- refs/tags/1.1.1
- refs/tags/1.9.0-rc0
- refs/tags/v0.11
- refs/tags/v0.12.0
- refs/tags/v0.13.1
- refs/tags/v0.8.0
- refs/tags/v0.8.1
- refs/tags/v0.8.2
- refs/tags/v0.9.0
- refs/tags/v0.9.0-rc1
- refs/tags/v1.0.0-rc2
- Branches list truncated to 687 entries, 4 were omitted.
- v1.0.0-rc14
- v1.0.0-rc13
- v1.0.0-rc11
- v1.0.0-rc10
- v1.0.0-rc1
- v1.0.0
- v0.13.9
- v0.13.8
- v0.13.7
- v0.13.6
- v0.13.5
- v0.13.4
- v0.13.3
- v0.13.28
- v0.13.25
- v0.13.24
- v0.13.23
- v0.13.22
- v0.13.21
- v0.13.20
- v0.13.2
- v0.13.19
- v0.13.18
- v0.13.17
- v0.13.16
- v0.13.15
- v0.13.14
- v0.13.13
- v0.13.12
- v0.13.11
- v0.13.10
- v0.10.0
- 1.9.9
- 1.9.8
- 1.9.7
- 1.9.6
- 1.9.5
- 1.9.4
- 1.9.3
- 1.9.2
- 1.9.18
- 1.9.17
- 1.9.16
- 1.9.15
- 1.9.14
- 1.9.13
- 1.9.12
- 1.9.11
- 1.9.10
- 1.9.1
- 1.9.0-rc3
- 1.9.0-rc2
- 1.9.0-rc1
- 1.9.0
- 1.8.9
- 1.8.8
- 1.8.7
- 1.8.6
- 1.8.5
- 1.8.4
- 1.8.3
- 1.8.2
- 1.8.13
- 1.8.12
- 1.8.11
- 1.8.10
- 1.8.1
- 1.8.0-rc4
- 1.8.0-rc3
- 1.8.0-rc2
- 1.8.0-rc1
- 1.8.0
- 1.7.9
- 1.7.8
- 1.7.7
- 1.7.6
- 1.7.5
- 1.7.4
- 1.7.3
- 1.7.2
- 1.7.16
- 1.7.15
- 1.7.14
- 1.7.13
- 1.7.12
- 1.7.11
- 1.7.10
- 1.7.1
- 1.7.0-rc4
- 1.7.0-rc3
- 1.7.0
- 1.6.9
- 1.6.8
- 1.6.7
- 1.6.6
- 1.6.5
- 1.6.4
- 1.6.3
- 1.6.2
- 1.6.12
- 1.6.11
- 1.6.10
- 1.6.1
- 1.6.0
- 1.5.9
- 1.5.8
- 1.5.7
- 1.5.6
- 1.5.5
- 1.5.4
- 1.5.3
- 1.5.2
- 1.5.13
- 1.5.12
- 1.5.11
- 1.5.10
- 1.5.1
- 1.5.0-rc6
- 1.5.0-rc5
- 1.5.0-rc4
- 1.5.0-rc3
- 1.5.0-rc2
- 1.5.0
- 1.4.9
- 1.4.8
- 1.4.7
- 1.4.6
- 1.4.5
- 1.4.4
- 1.4.3
- 1.4.2
- 1.4.10
- 1.4.1
- 1.4.0-rc9
- 1.4.0-rc8
- 1.4.0-rc7
- 1.4.0-rc6
- 1.4.0-rc5
- 1.4.0-rc2
- 1.4.0
- 1.3.8
- 1.3.7
- 1.3.6
- 1.3.5
- 1.3.4
- 1.3.3
- 1.3.2
- 1.3.1
- 1.3.0-rc5
- 1.3.0-rc4
- 1.3.0
- 1.2.8
- 1.2.7
- 1.2.6
- 1.2.5
- 1.2.4
- 1.2.3
- 1.2.2
- 1.2.1
- 1.2.0-rc3
- 1.2.0-rc2
- 1.2.0-rc1
- 1.2.0
- 1.16.0-rc.1
- 1.16.0-rc.0
- 1.16.0-pre.3
- 1.16.0-pre.2
- 1.16.0-pre.1
- 1.16.0-pre.0
- 1.15.7
- 1.15.6
- 1.15.5
- 1.15.4
- 1.15.3
- 1.15.2
- 1.15.1
- 1.15.0-rc.1
- 1.15.0-rc.0
- 1.15.0-pre.3
- 1.15.0-pre.2
- 1.15.0-pre.1
- 1.15.0-pre.0
- 1.15.0
- 1.14.9
- 1.14.8
- 1.14.7
- 1.14.6
- 1.14.5
- 1.14.4
- 1.14.3
- 1.14.2
- 1.14.13
- 1.14.12
- 1.14.11
- 1.14.10
- 1.14.1
- 1.14.0-snapshot.4
- 1.14.0-snapshot.3
- 1.14.0-snapshot.2
- 1.14.0-snapshot.1
- 1.14.0-snapshot.0
- 1.14.0-rc.1
- 1.14.0-rc.0
- 1.14.0-pre.2
- 1.14.0
- 1.13.9
- 1.13.8
- 1.13.7
- 1.13.6
- 1.13.5
- 1.13.4
- 1.13.3
- 1.13.2
- 1.13.18
- 1.13.17
- 1.13.16
- 1.13.15
- 1.13.14
- 1.13.13
- 1.13.12
- 1.13.11
- 1.13.10
- 1.13.1
- 1.13.0-rc5
- 1.13.0-rc4
- 1.13.0-rc3
- 1.13.0-rc2
- 1.13.0-rc1
- 1.13.0-rc0
- 1.13.0
- 1.12.9
- 1.12.8
- 1.12.7
- 1.12.6
- 1.12.5
- 1.12.4
- 1.12.3
- 1.12.2
- 1.12.19
- 1.12.18
- 1.12.17
- 1.12.16
- 1.12.15
- 1.12.14
- 1.12.13
- 1.12.12
- 1.12.11
- 1.12.10
- 1.12.1
- 1.12.0-rc3
- 1.12.0-rc2
- 1.12.0-rc1
- 1.12.0-rc0
- 1.12.0
- 1.11.9
- 1.11.8
- 1.11.7
- 1.11.6
- 1.11.5
- 1.11.4
- 1.11.3
- 1.11.20
- 1.11.2
- 1.11.19
- 1.11.18
- 1.11.17
- 1.11.16
- 1.11.15
- 1.11.14
- 1.11.13
- 1.11.12
- 1.11.11
- 1.11.10
- 1.11.1
- 1.11.0-rc3
- 1.11.0-rc2
- 1.11.0-rc1
- 1.11.0-rc0
- 1.11.0
- 1.10.9
- 1.10.8
- 1.10.7
- 1.10.6
- 1.10.5
- 1.10.4
- 1.10.3
- 1.10.20
- 1.10.2
- 1.10.19
- 1.10.18
- 1.10.17
- 1.10.16
- 1.10.15
- 1.10.14
- 1.10.13
- 1.10.12
- 1.10.11
- 1.10.10
- 1.10.1
- 1.10.0-rc2
- 1.10.0-rc1
- 1.10.0-rc0
- 1.10.0
- 1.1.6
- 1.1.5
- 1.1.4
- 1.1.3
- 1.1.2
- 1.1.0
- 1.0.7
- 1.0.6
- 1.0.5
- 1.0.4
- Releases list truncated to 313 entries, 325 were omitted.
Take a new snapshot of a software origin
If the archived software origin currently browsed is not synchronized with its upstream version (for instance when new commits have been issued), you can explicitly request Software Heritage to take a new snapshot of it.
Use the form below to proceed. Once a request has been submitted and accepted, it will be processed as soon as possible. You can then check its processing state by visiting this dedicated page.![swh spinner](/static/img/swh-spinner.gif)
Processing "take a new snapshot" request ...
Permalinks
To reference or cite the objects present in the Software Heritage archive, permalinks based on SoftWare Hash IDentifiers (SWHIDs) must be used.
Select below a type of object currently browsed in order to display its associated SWHID and permalink.
Revision | Author | Date | Message | Commit Date |
---|---|---|---|---|
0392ea9 | Thomas Graf | 15 February 2018, 01:36:12 UTC | kafka: Use policy identity cache to lookup identity for L3 dependant rules Fixes Issue: #2824 [ upstream commit 4566a558d62cd0329be45a74896cc0cbccef8f70 ] Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Manali Bhutiyani <manali@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 15 February 2018, 14:31:22 UTC |
6875004 | Romain Lenglet | 13 February 2018, 02:15:03 UTC | endpoint: Move deletion of obsolete proxy redirects until after BPF regeneration [ upstream commit afd1d5b9cddb074f1412bb226cbf8a82a74b0e08 ] To avoid traffic loss, wait for the new policy to be computed and compiled into BPF before deleting obsolete redirects, to make sure no packets are redirected to those ports. Replace the tracking of redirects to delete with a tracking of the redirects that have been realized, to simplify the logic. Fixes: #2796 Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 15 February 2018, 14:31:22 UTC |
5ab2870 | Romain Lenglet | 12 February 2018, 23:18:27 UTC | endpoint: Limit proxy completion timeout to proxy updates [ upstream commit 6a8b48951470e765e9ad84081f5eb0ba448f39d1 ] Wait for proxy redirect completion before generating policies that redirect traffic to proxy redirect ports, to prevent traffic loss. Reduce the proxy completion timeout to 10 seconds again, since policy regeneration is now excluded from the timeout. Fixes: #2788 Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 15 February 2018, 14:31:22 UTC |
7e9cb17 | Ray Bejjani | 14 February 2018, 15:25:04 UTC | k8s: k8s 1.9 compatible version parsing [ upstream commit 4f6acaab4e7ab68ee7157f2b523da005328e0f81 ] On minikube 0.25.0, at least, cilium-agent cannot parse the k8s version because ServerVersion.major and .minor are not populated. gitVersion is and we fall back to parsing that instead. Signed-off-by: Ray Bejjani <ray@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 15 February 2018, 14:31:22 UTC |
576dabc | Thomas Graf | 15 February 2018, 01:01:06 UTC | allocator/proxy: Avoid concurrent access of rand.Rand [ upstream commit b46592ad8c7bab8bcf73367167a4f1281a4b0147 ] Fixes: #2808 Signed-off-by: Thomas Graf <thomas@cilium.io> | 15 February 2018, 14:31:22 UTC |
798293d | Jarno Rajahalme | 13 February 2018, 19:40:28 UTC | envoy: Set source identity correctly in access log. Since 22cfad197 the source identity is in the upper 16 bits of the mark. Fixes: 22cfad197 ("bpf: Use upper 16 bits for identity") Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 13 February 2018, 21:40:00 UTC |
64b3f53 | André Martins | 08 February 2018, 21:20:57 UTC | examples/polices: fixed default-deny examples Signed-off-by: André Martins <andre@cilium.io> | 13 February 2018, 20:56:19 UTC |
ea78a26 | André Martins | 08 February 2018, 18:50:35 UTC | k8s: implemented kubernetes network policy default deny Signed-off-by: André Martins <andre@cilium.io> | 13 February 2018, 20:56:19 UTC |
15138cf | André Martins | 13 February 2018, 12:05:15 UTC | pkg/endpoint: return WaitForProxyCompletion errors Signed-off-by: André Martins <andre@cilium.io> | 13 February 2018, 19:26:10 UTC |
b5f3183 | Nirmoy Das | 13 February 2018, 09:20:49 UTC | Makefile: enable backslash escapes for echo Signed-off-by: Nirmoy Das <ndas@suse.de> | 13 February 2018, 15:37:09 UTC |
6a6ced4 | André Martins | 11 February 2018, 16:53:00 UTC | common/plugins: replaced sysctl invocation with echo redirect Signed-off-by: André Martins <andre@cilium.io> | 13 February 2018, 11:47:11 UTC |
2da54a4 | Romain Lenglet | 12 February 2018, 18:39:36 UTC | endpoint: Increase the proxy completion timeout to 1 minute Fixes: #2788 Signed-off-by: Romain Lenglet <romain@covalent.io> | 12 February 2018, 21:19:14 UTC |
3523143 | Michal Rostecki | 30 January 2018, 16:03:18 UTC | pkg/envoy: Move all operations on the cmd to StartEnvoy The Envoy struct contains the attribute for managing the Envoy process. Different operations (like starting, waiting and killing) shouldn't happen at the same time, so we need to ensure that only one method is doing them. That's why supervising of the Envoy process is moved to a goroutine inside StartEnvoy method. And StopEnvoy method only closes the "stop channel" and gets an error, through the another channel. Fixes: #2631 Signed-off-by: Michal Rostecki <mrostecki@suse.com> | 12 February 2018, 18:17:32 UTC |
2a07843 | Eloy Coto | 08 February 2018, 15:11:32 UTC | Jenkins: Adjust timeouts With the new behaviour of Jenkins some builds died over timeout. The global timeout counts from start of the build (Including time in the queue) with this patch the timeouts are set in the stage part. Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 12 February 2018, 16:07:36 UTC |
97fedbb | Ian Vernon | 11 February 2018, 18:50:29 UTC | test/runtime: address misc. review comments * Fix indentation * Make test name in log field consistent with actual test name * Add message to Ginkgo assertion in case of failure Signed-off by: Ian Vernon <ian@cilium.io> | 12 February 2018, 16:02:17 UTC |
3a24b69 | Ian Vernon | 11 February 2018, 18:48:22 UTC | test/helpers: add missing single quotation mark in log message Signed-off by: Ian Vernon <ian@cilium.io> | 12 February 2018, 16:02:17 UTC |
8b92531 | Ian Vernon | 11 February 2018, 04:39:43 UTC | tests: deprecate 20-cidr-limit.sh Signed-off by: Ian Vernon <ian@cilium.io> | 12 February 2018, 16:02:17 UTC |
22215b7 | Ian Vernon | 11 February 2018, 04:38:11 UTC | test/runtime: migrate 20-cidr-limit test to Ginkgo Signed-off by: Ian Vernon <ian@cilium.io> | 12 February 2018, 16:02:17 UTC |
452bf7b | Ian Vernon | 11 February 2018, 04:34:23 UTC | test/helpers: add log to ContainerRm function Add log which says that container is being deleted. Signed-off by: Ian Vernon <ian@cilium.io> | 12 February 2018, 16:02:17 UTC |
4f55c02 | Ian Vernon | 11 February 2018, 04:33:56 UTC | test/helpers: misc. enhancements * Rename PolicyImport function to PolicyImportAndWait, as it waits until the policy revision number is incremented before returning. * Add PolicyImport function, which does not wait after a policy is imported. Signed-off by: Ian Vernon <ian@cilium.io> | 12 February 2018, 16:02:17 UTC |
4c8abbe | Ian Vernon | 11 February 2018, 00:10:52 UTC | test/runtime: factor out policy import tests into separate Describe Factor out these tests into a separate Describe, as no containers are needed to be launched in these tests. Signed-off by: Ian Vernon <ian@cilium.io> | 12 February 2018, 16:02:17 UTC |
53840fc | Ian Vernon | 10 February 2018, 20:11:54 UTC | test/runtime: change variable names to reflect types of invalid policy Signed-off by: Ian Vernon <ian@cilium.io> | 12 February 2018, 16:02:17 UTC |
035605f | André Martins | 11 February 2018, 22:12:18 UTC | tests: deprecating 18-kvstore.sh test Signed-off-by: André Martins <andre@cilium.io> | 12 February 2018, 01:43:16 UTC |
46c08b7 | Ian Vernon | 10 February 2018, 07:12:08 UTC | tests: deprecate 17-cilium_policy-id-remove.sh Signed-off by: Ian Vernon <ian@cilium.io> | 11 February 2018, 18:43:09 UTC |
7b072e5 | Ian Vernon | 10 February 2018, 07:11:00 UTC | test/runtime: migrate 17-cilium_policy-id-remove.sh test Migrate bash test to Ginkgo framework Signed-off by: Ian Vernon <ian@cilium.io> | 11 February 2018, 18:43:09 UTC |
040fc5c | Ian Vernon | 10 February 2018, 07:10:28 UTC | test/helpers: add WaitEndpointsDeleted function This waits until all endpoints except for cilium-health are deleted. Signed-off by: Ian Vernon <ian@cilium.io> | 11 February 2018, 18:43:09 UTC |
4ec32af | Daniel Borkmann | 11 February 2018, 00:27:36 UTC | bpf, init: don't use sysctl, just write setting directly Martin reported that sysctl binary is not available in CoreOS hyperkube image and thus Cilium fails in init. Lets just not use the binary and write the setting directly instead. Reported-by: Martin Mailand <martin@tuxadero.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 11 February 2018, 08:25:14 UTC |
6bf5e4e | Daniel Borkmann | 09 February 2018, 21:35:43 UTC | bpf: fix complexity issues around recent CT changes on 4.9 kernels The single heavy hitter in complexity in our BPF progs right now is the slave selection based on weights in the LB. Reason is that in the verifier pruning, a couple of assumptions cannot be made once the kernel sees that there's one or multiple usages with dynamic map access and thus we bump from ~30k to ~90k closely hitting limits and for older 4.9 kernels that don't have the 98k complexity limit we easily overrun the 68k. Now with this change the heavy hitter in section '2/10' (IPv6 handling) reduces down to ~30k and loads fine on my side. It also allows us to remove the relax_verifier() pseudo helper again. Thus for the LB fall back to just use hash-based which afaik is the default anyway in our case. We can enable this for more recent kernels that have a smarter verifier if we want to. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 11 February 2018, 08:25:14 UTC |
78aa0aa | Ian Vernon | 11 February 2018, 00:13:02 UTC | ginkgo.Jenkinsfile: bump timeout to 90 minutes 60 minute limit kept getting hit, which caused Jenkins to forcibly abort PRs. Signed-off by: Ian Vernon <ian@cilium.io> | 11 February 2018, 01:34:07 UTC |
e5f4443 | Ian Vernon | 09 February 2018, 23:52:10 UTC | tests: deprecate 14-policy-enforcement-docker.sh Corresponding Ginkgo test has been marked as validated already. Signed-off by: Ian Vernon <ian@cilium.io> | 10 February 2018, 10:32:02 UTC |
08fee04 | Ian Vernon | 09 February 2018, 21:48:00 UTC | test/runtime: validate connectivity.go Signed-off by: Ian Vernon <ian@cilium.io> | 10 February 2018, 10:31:37 UTC |
db49090 | Ian Vernon | 09 February 2018, 21:57:04 UTC | tests: deprecate 03-docker.sh Signed-off by: Ian Vernon <ian@cilium.io> | 10 February 2018, 10:31:37 UTC |
b2c724e | Ian Vernon | 09 February 2018, 21:53:19 UTC | tests: deprecate 08-nat46.sh Signed-off by: Ian Vernon <ian@cilium.io> | 10 February 2018, 10:31:37 UTC |
8bc9a6d | Ian Vernon | 09 February 2018, 21:47:29 UTC | tests: deprecate 01-ct.sh Signed-off by: Ian Vernon <ian@cilium.io> | 10 February 2018, 10:31:37 UTC |
484bdc5 | Ian Vernon | 09 February 2018, 23:36:08 UTC | test/runtime: mark lb.go as Validated Signed-off by: Ian Vernon <ian@cilium.io> | 10 February 2018, 10:30:54 UTC |
dc45449 | Ian Vernon | 09 February 2018, 23:35:46 UTC | tests: deprecate 06-lb.sh Signed-off by: Ian Vernon <ian@cilium.io> | 10 February 2018, 10:30:54 UTC |
56e2625 | Ian Vernon | 10 February 2018, 00:00:31 UTC | tests: deprecate 13-fd-open.sh Corresponding Ginkgo test has already been marked as validated. Signed-off by: Ian Vernon <ian@cilium.io> | 10 February 2018, 10:30:18 UTC |
18857b4 | Ian Vernon | 10 February 2018, 00:11:31 UTC | test/runtime: mark Kafka test as validated Signed-off by: Ian Vernon <ian@cilium.io> | 10 February 2018, 10:29:42 UTC |
04a6939 | Ian Vernon | 10 February 2018, 00:10:20 UTC | tests: deprecate 07-kafka.sh Signed-off by: Ian Vernon <ian@cilium.io> | 10 February 2018, 10:29:42 UTC |
ffbc64a | Ian Vernon | 10 February 2018, 00:23:24 UTC | tests: deprecate Bash monitor tests Signed-off by: Ian Vernon <ian@cilium.io> | 10 February 2018, 10:29:09 UTC |
ac87f11 | Ian Vernon | 10 February 2018, 02:00:55 UTC | test/runtime: mark RuntimePolicies as validated Signed-off by: Ian Vernon <ian@cilium.io> | 10 February 2018, 10:28:33 UTC |
0411dac | Ian Vernon | 10 February 2018, 02:00:30 UTC | tests: deprecate 11-getting-started.sh Signed-off by: Ian Vernon <ian@cilium.io> | 10 February 2018, 10:28:33 UTC |
deb2de2 | Romain Lenglet | 06 February 2018, 21:51:38 UTC | completion: Refactor proxy completion logic in a new package Move the completion into its own package: github.com/cilium/cilium/pkg/completion. Rename CompletionContainer into WaitGroup to reflect the similarity with sync.WaitGroup. Refactor Completion and WaitGroup to take a Context and handle context cancellation. Rename Completion.Completed into Complete to make it a verb. Added Completion.Completed method to return a channel, to make it easier to use in unit tests. Revert the (de)serialization of the ProxyCompletions field to/from JSON within the Endpoint struct, and rename ProxyCompletions into ProxyWaitGroup. Signed-off-by: Romain Lenglet <romain@covalent.io> | 10 February 2018, 01:00:39 UTC |
81e68c1 | Joe Stringer | 31 January 2018, 22:26:01 UTC | docs: Add endpoint to glossary Signed-off-by: Joe Stringer <joe@covalent.io> | 09 February 2018, 20:43:52 UTC |
4e562c7 | Joe Stringer | 31 January 2018, 22:25:41 UTC | docs: Sort glossary Signed-off-by: Joe Stringer <joe@covalent.io> | 09 February 2018, 20:43:52 UTC |
ac40ff4 | André Martins | 09 February 2018, 17:17:53 UTC | Revert "bpf: Relax the verifier in CT slow paths" This reverts commit e96c42ce4c733ecd665a7831d676d58dbd817f26. | 09 February 2018, 18:04:07 UTC |
e96c42c | Thomas Graf | 09 February 2018, 10:52:16 UTC | bpf: Relax the verifier in CT slow paths Signed-off-by: Thomas Graf <thomas@cilium.io> | 09 February 2018, 15:06:56 UTC |
4903142 | Eloy Coto | 09 February 2018, 08:42:14 UTC | Ginkgo: Fix issues with DNS Stopped and deleted the systemctl-resolved to avoid issues with kubedns Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 09 February 2018, 14:05:51 UTC |
4802cf4 | Ray Bejjani | 26 January 2018, 13:56:21 UTC | containerd: Remove synchronous syncWithRuntime init We synchronously ran syncWithRuntime before spawning the containerd listener and periodic sync. This could, at times, block waiting for docker and so block agent initialisation. This happens before the API socket is openened and resulted in the API not being served. This change removes the init call, relying on the timestamp passed to docker and the periodic sync running as soon as the goroutine is scheduled. Signed-off-by: Ray Bejjani <ray@covalent.io> | 09 February 2018, 08:22:32 UTC |
fafca54 | Ray Bejjani | 26 January 2018, 13:13:49 UTC | containerd: Add timeout to containerd syncToRuntime This call would sometimes block indefinitely. We now allow 10s to complete the ContainerList call, allowing the periodic sync to try again later. Signed-off-by: Ray Bejjani <ray@covalent.io> | 09 February 2018, 08:22:32 UTC |
78c7cd0 | Ian Vernon | 09 February 2018, 05:12:35 UTC | Jenkinsfile / tests: remove bash K8s stage All Bash-script based K8s tests have been migrated / validated to have equivalent coverage in the Ginkgo framework. Thus, there is no need to provision the Kubernetes VMs for the bash-script based build anymore. Signed-off by: Ian Vernon <ian@cilium.io> | 09 February 2018, 08:18:11 UTC |
cdd5e9e | Ian Vernon | 09 February 2018, 05:07:23 UTC | test: validate runtime policy tests Better now than never. Signed-off by: Ian Vernon <ian@cilium.io> | 09 February 2018, 08:18:11 UTC |
d369b8c | Ian Vernon | 09 February 2018, 05:05:08 UTC | tests: deprecate 04-bad-cnp-import.sh Signed-off by: Ian Vernon <ian@cilium.io> | 09 February 2018, 08:18:11 UTC |
bf255e7 | Ian Vernon | 09 February 2018, 05:01:37 UTC | tests: deprecate 99-restore-state.sh Ginkgo test/runtime/chaos.go covers restore functionality. Signed-off by: Ian Vernon <ian@cilium.io> | 09 February 2018, 08:18:11 UTC |
bc9df7b | Ian Vernon | 09 February 2018, 04:58:27 UTC | tests/k8s: deprecate 04-toservices-test.sh This was migrated by #2380, so we can deprecate it now. Signed-off by: Ian Vernon <ian@cilium.io> | 09 February 2018, 08:18:11 UTC |
a93aa77 | Jarno Rajahalme | 09 February 2018, 00:44:33 UTC | endpoint: Take read lock while accessing Consumable Parallel policy recomputations can update Consumable, so the reader has to protect against that. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 09 February 2018, 08:16:30 UTC |
658e01a | Jarno Rajahalme | 09 February 2018, 00:46:43 UTC | envoy: Lock stream server while adding remove completion. Internal slice manipulations must be protected, and one of the calls to addCompletions() missed this. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 09 February 2018, 04:46:27 UTC |
ca6e1cb | Thomas Graf | 08 February 2018, 19:44:18 UTC | bpf: Relax verifier in conntrack code Signed-off-by: Thomas Graf <thomas@cilium.io> | 08 February 2018, 21:43:46 UTC |
4dee158 | Thomas Graf | 08 February 2018, 13:49:17 UTC | bpf: Reduce the number of supported IPv6 extension headers This greatly reduces the complexity of the program Signed-off-by: Thomas Graf <thomas@cilium.io> | 08 February 2018, 21:43:46 UTC |
444aa65 | Thomas Graf | 07 February 2018, 23:18:17 UTC | bpf: Split IPv6 handling into separate tail call Signed-off-by: Thomas Graf <thomas@cilium.io> | 08 February 2018, 21:43:46 UTC |
79ae248 | Thomas Graf | 07 February 2018, 19:45:45 UTC | policy: Document what connections FromCIDR and ToCIDR and apply to Signed-off-by: Thomas Graf <thomas@cilium.io> | 08 February 2018, 21:43:46 UTC |
e778731 | Thomas Graf | 05 February 2018, 13:19:43 UTC | bpf: Enforce to-world access via CIDR map Remove ALLOW_TO_WORLD define from the program and enforce all access to external services via the CIDR map. This simplifies the code and makes policy updates more atomic. Signed-off-by: Thomas Graf <thomas@cilium.io> | 08 February 2018, 21:43:46 UTC |
e4c58da | Thomas Graf | 02 February 2018, 00:47:10 UTC | bpf: Simplify connection tracking logic Connection tracking entries get created for non-SYN packets. This allows a persistent connection to be temporarily be removed and then get re-added. RST no longer triggers immediate deletion of the entry. Instead, directional closure is triggered. This will result in the entry getting evicted if the other direction confirms the RST/FIN or the entry gets reset on the next non RST packet in the direction of the initial RST. Presence of the connection tracking entry is only used for REPLY and RELATED, otherwise the policy table is always considered for policy purposes. This will guarantee that connections get dropped as soon as policy no longer allows the connection. Fixes: #2697 Signed-off-by: Thomas Graf <thomas@cilium.io> | 08 February 2018, 21:43:46 UTC |
676f395 | Thomas Graf | 08 February 2018, 19:22:59 UTC | Documentation: Add diagram to explain Kubernetes iptables rules integration Signed-off-by: Thomas Graf <thomas@cilium.io> | 08 February 2018, 21:05:41 UTC |
2f76eb2 | Ray Bejjani | 05 February 2018, 13:05:14 UTC | controller: Add StopFunc on controller exit When a controller exits it might need to cleanup or indicate that it exited. StopFunc is called as the controller shuts down. Signed-off-by: Ray Bejjani <ray@covalent.io> | 08 February 2018, 18:57:22 UTC |
b6d894a | Ray Bejjani | 08 February 2018, 15:33:25 UTC | controller: Do not reuse controller struct & stats When updating a controller we reusued the existing struct. The docs state that we reset the statistics but this usage does not. It also allows for a race where the running controller will lookup c.params but this has now changed as part of the update. Signed-off-by: Ray Bejjani <ray@covalent.io> | 08 February 2018, 18:57:22 UTC |
2570f3d | Ray Bejjani | 05 February 2018, 12:06:41 UTC | controller: Simplify DoFunc init handling Signed-off-by: Ray Bejjani <ray@covalent.io> | 08 February 2018, 18:57:22 UTC |
222b83f | Ray Bejjani | 06 February 2018, 18:22:34 UTC | k8s: extract reusable CRD registration logic The current code is specific to the only CRD we register, CiliumNetworkPolicy. We will need to register more CRDs in the future but ensure that they are all managed the same way. Signed-off-by: Ray Bejjani <ray@covalent.io> | 08 February 2018, 18:56:57 UTC |
075b06d | Ray Bejjani | 06 February 2018, 18:16:01 UTC | k8s: Stop setting CRD validation gratuitously on startup The order of operations we used while setting up the CiliumNetworkPolicy CRD meant that we always saw the cluster CRD lacking validation. This fetches a correct copy when we fail to create the CRD on startup. Signed-off-by: Ray Bejjani <ray@covalent.io> | 08 February 2018, 18:56:57 UTC |
5343e86 | Thomas Graf | 08 February 2018, 15:31:01 UTC | tests: Wait for Cilium to start up in CIDR limit test The 20-cidr-limit.sh test will start Cilium again in the cleanup function but does not wait for it to come up properly so when the next test is being run, Cilium is not ready yet which will result in test failures. Fixes: #2744 Signed-off-by: Thomas Graf <thomas@cilium.io> | 08 February 2018, 16:35:47 UTC |
bf75a81 | Eloy Coto | 08 February 2018, 14:36:48 UTC | Ginkgo: Added a new helper to ensure pods are terminated. Added a `WaitCleanAllTerminatingPods` to be sure that all pods are deleted and not in Terminating state when other test start. This commit fixes some issues in the latest Jenkins builds: https://jenkins.cilium.io/job/Ginkgo-CI-Tests-Pipeline/1291/ Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 08 February 2018, 16:35:27 UTC |
a324e6e | André Martins | 07 February 2018, 15:30:58 UTC | replace jteeuwen/go-bindata with cilium/go-bindata Signed-off-by: André Martins <andre@cilium.io> | 08 February 2018, 15:58:22 UTC |
1fd8e48 | Thomas Graf | 08 February 2018, 14:40:14 UTC | agent: Relax FORWARD accept rule from/to cluster The -i cilium_host restriction on the FORWARD rule was not working properly, relax the restriction on the rule and allow forwarding all traffic from the known cluster prefix. Signed-off-by: Thomas Graf <thomas@cilium.io> | 08 February 2018, 15:56:28 UTC |
119ffc3 | Thomas Graf | 08 February 2018, 12:15:14 UTC | agent: Move iptables rules to clear KUBE-MARK-MASQ to mangle table Kubernetes 1.9 has introduced new iptables rules a part of the FORWARD chain in the filter table: -m mark --mark 0x4000/0x4000 -j ACCEPT -s 10.233.64.0/18 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -d 10.233.64.0/18 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT Because it is impossible to guarantee the order of iptables rules with multiple writers, the following rule required by Cilium did no longer take any effect -o cilium_host -j MARK --set-xmark 0x0/0x4000 The rule is required to ensure that Cilium can choose the source IP to masquerade to. By moving the above Cilium rule to the mangle table in POSTROUTING, it is guaranteed to run before the kube-proxy rules residing in the filter table. This also makes NodePort services available from local processes. Fixes: #2505 Fixes: #2495 Signed-off-by: Thomas Graf <thomas@cilium.io> | 08 February 2018, 15:56:28 UTC |
05d53f2 | Ray Bejjani | 08 February 2018, 11:26:51 UTC | proxy: Refactor goto in CreateOrUpdateRedirect We introduce a loop constructed with a goto. This is an uncommon go construct and, in this case, isn't necessary for the function to work. The loop is now clearly a loop and it's continue/exit decision point is more explicit. Signed-off-by: Ray Bejjani <ray@covalent.io> | 08 February 2018, 15:09:47 UTC |
411e5c5 | Romain Lenglet | 08 February 2018, 00:18:26 UTC | api: Remove PortRule.RedirectPort field The redirectPort field in the policy API's PortRule was not tested, not officially documented, and doesn't work in some cases, notably whenever any L7 rule applies to the same port. Moreover, K8s's NetworkPolicy doesn't have any such field. Such port redirection can be implemented by K8s services, so it's redundant. Fixes #2743 Signed-off-by: Romain Lenglet <romain@covalent.io> | 08 February 2018, 04:50:24 UTC |
953f7c6 | Thomas Graf | 07 February 2018, 22:30:15 UTC | proxy: Retry redirect creation a couple of times Combined with the random port allocation, this can work around ports within the proxy range which cannot be used. Signed-off-by: Thomas Graf <thomas@cilium.io> | 07 February 2018, 23:37:11 UTC |
cefa4a6 | Thomas Graf | 07 February 2018, 22:05:15 UTC | proxy: Use random port number allocation Signed-off-by: Thomas Graf <thomas@cilium.io> | 07 February 2018, 23:37:11 UTC |
ba2d8bf | Thomas Graf | 07 February 2018, 21:56:58 UTC | proxy: Delay release of redirect ports after use Immediate reuse can lead to errors on the listen() system call. Delay the release of the port from the map of used ports so the port can be properly released in the kernel and is ready for re-consumption. Signed-off-by: Thomas Graf <thomas@cilium.io> | 07 February 2018, 23:37:11 UTC |
60fadda | Thomas Graf | 07 February 2018, 21:45:38 UTC | proxy: Use kvstore backed identity cache for label resolution The policy package maintains a cache of all identities synchronized via kvstore events. Use this cache to translate security identities to labels. Signed-off-by: Thomas Graf <thomas@cilium.io> | 07 February 2018, 23:16:25 UTC |
05eb2d1 | Eloy Coto | 07 February 2018, 18:53:04 UTC | Ginkgo: Added --all-controllers on ReportDump Added the full output of `cilium status` with the option --all-controllers Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 07 February 2018, 20:45:39 UTC |
24f254a | André Martins | 06 February 2018, 23:31:37 UTC | pkg/k8s: mirror parseNetworkPolicy for kubernetes NP v1beta1 Signed-off-by: André Martins <andre@cilium.io> | 07 February 2018, 17:02:15 UTC |
86fd7c4 | André Martins | 06 February 2018, 23:22:12 UTC | k8s: set up informers / controllers based on api-server version Since kubernetes automatically adds a v1 network policy to both v1 and v1beta1 resources and a v1beta1 network policy also to both v1 and v1beta1 resources, it will be useless to watch for both resource types at the same time. For that reason it was added a kube-apiserver version detection to set up the necessary informers / controllers based on the kube-apiserver version detected. For example, if kube-apiserver is running with version 1.6. only the Cilium TPR (v1) and the kubernetes network policy v1beta1 controllers will be started. If kube-apiserver is running with version 1.8 only the Cilium CRD (v2) and the kubernetes network policy v1 controllers will be started. Signed-off-by: André Martins <andre@cilium.io> | 07 February 2018, 17:02:15 UTC |
ed527e7 | Thomas Graf | 06 February 2018, 16:18:57 UTC | tests: Fix up identity-list tests * The test was assuming that the kvstore still knew about an identity from a previous test * Do not depend on the exact formatting of the CLI Signed-off-by: Thomas Graf <thomas@cilium.io> | 07 February 2018, 16:41:18 UTC |
d9a7403 | Thomas Graf | 05 February 2018, 22:09:42 UTC | ginkgo: Double time for monitor to pick up relevant messages Signed-off-by: Thomas Graf <thomas@cilium.io> | 07 February 2018, 16:41:18 UTC |
dc2780b | Thomas Graf | 31 January 2018, 23:51:22 UTC | cli: Add "cilium kvstore (get|set|delete)" tooling Signed-off-by: Thomas Graf <thomas@cilium.io> | 07 February 2018, 16:41:18 UTC |
7ccf877 | Thomas Graf | 31 January 2018, 23:51:22 UTC | kvstore: New kvstore abstraction API - Basic lockless operations: - Get, GetPrefix, ListPrefix, Set, Delete, DeletePrefix, CreateOnly - ListAndWatch, CreateLease, KeepAlive - Advanced operations (etcd: lockless, consul: locking required) - CreateIfExists - Unit tests automatically test etcd and consul backends in single run, no need for special make targets anymore - Abstracted encoding of keys to allow for binary keys - New generic allocator: - Maps keys to identifiers using lockless operations in the fast path - Uses TTLs to protect reference counting keys in case the node disappears - Utilizes garbage collector which uses distribtued locks to release unused identities - Local cache of all identities and keys for fast allocation and retrieval - Local reference counting if key->id mapping is used multiple times from a single node - Prepared to support lockless operations with etcd 3.3 Fixes: #915 Fixes: #916 Fixes: #2629 Signed-off-by: Thomas Graf <thomas@cilium.io> | 07 February 2018, 16:41:18 UTC |
e9e57cc | Romain Lenglet | 30 January 2018, 06:42:55 UTC | envoy: Implement an Envoy xDS protocol server Signed-off-by: Romain Lenglet <romain@covalent.io> | 07 February 2018, 15:36:03 UTC |
0a244ba | Eloy Coto | 07 February 2018, 10:28:16 UTC | Ginkgo: Updated Kube-dns version Fixes #2732 Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 07 February 2018, 13:25:09 UTC |
ce77645 | Joe Stringer | 07 February 2018, 11:29:34 UTC | Miscellaneous makefile fixes (#2736) * test: Fix 'go vet' issues Fix unreachable code and improper usage of logging functions identified by running 'go vet' against test/. Signed-off-by: Joe Stringer <joe@covalent.io> * Makefile: build tags for test/ test/ was previously excluded from GOFILES to avoid running go test inside that directory. However, it's useful to have tags files for symbols used in ginkgo tests. Add the test/ directory to GOFILES, then add a new variable that contains all of the packages we intend to test (and use those in the various testing targets). Signed-off-by: Joe Stringer <joe@covalent.io> * Makefile: Fix GIT_VERSION build and clean GIT_VERSION was relying on '.git', which is not guaranteed to change when git commands are executed. This allowed it to retain an outdated SHA in the file. The 'clean' target previously wouldn't clean this file, so as a result when building docker images, all of the cilium binaries would include the wrong git SHA in their version information. Ultimately when deploying such a docker image, cilium would crash on startup with the following message: level=info msg="Cilium w.x.y-z <outdated-sha> ... level=info msg="cilium-envoy version: <correct-sha> ..." level=fatal msg="Envoy version mismatch, aborting." Modify the 'clean' target to clear out this file to ensure that docker builds get the correct git commit SHA. Signed-off-by: Joe Stringer <joe@covalent.io> | 07 February 2018, 11:29:34 UTC |
19cbd1c | Thomas Graf | 06 February 2018, 15:42:55 UTC | cilium-health: Reduce verbosity under normal operation * Avoid empty warning message in log * Remove useless namespace deletion message * Degrade command being invoked to debug level * Remove info message that permission was modified on unix domain socket Signed-off-by: Thomas Graf <thomas@cilium.io> | 06 February 2018, 18:44:11 UTC |
eea076d | Thomas Graf | 06 February 2018, 15:38:08 UTC | agent: Reword logging message for endpoint restoration Signed-off-by: Thomas Graf <thomas@cilium.io> | 06 February 2018, 18:44:11 UTC |
58d936f | Thomas Graf | 06 February 2018, 15:29:34 UTC | workloads: Reword log message when not managing container Signed-off-by: Thomas Graf <thomas@cilium.io> | 06 February 2018, 18:44:11 UTC |
a87538f | Thomas Graf | 06 February 2018, 14:45:21 UTC | agent: Reword message when removing obsolete BPF maps Signed-off-by: Thomas Graf <thomas@cilium.io> | 06 February 2018, 18:44:11 UTC |
c7b68a7 | Thomas Graf | 06 February 2018, 14:27:40 UTC | policymap: Provide debugging while validating maps msg="Unified diff:" subsys=policy-map msg="--- b" subsys=policy-map msg="+++ a" subsys=policy-map msg="@@ -1,9 +1,9 @@" subsys=policy-map msg=" &bpf.Map{" subsys=policy-map msg=" MapInfo: bpf.MapInfo{MapType:1, KeySize:0x8, ValueSize:0x18, MaxEntries:0x400, Flags:0x0, OwnerProgType:0}," subsys=policy-map msg="- fd: 0," subsys=policy-map msg="+ fd: 14," subsys=policy-map msg=" name: \"cilium_policy_reserved_4\"," subsys=policy-map msg=" path: \"/sys/fs/bpf/tc/globals/cilium_policy_reserved_4\"," subsys=policy-map msg=" once: sync.Once{}," subsys=policy-map msg=" lock: lock.RWMutex{}," subsys=policy-map msg=" NonPersistent: false," subsys=policy-map msg=" }" subsys=policy-map Signed-off-by: Thomas Graf <thomas@cilium.io> | 06 February 2018, 18:44:11 UTC |
ca48bb7 | Thomas Graf | 06 February 2018, 13:43:17 UTC | node: Reword allocation prefix generation log mesage Signed-off-by: Thomas Graf <thomas@cilium.io> | 06 February 2018, 18:44:11 UTC |
72036e3 | Thomas Graf | 06 February 2018, 13:42:19 UTC | agent: Indent bootstrap addressing information: msg="Addressing information:" msg=" Local node-name: cilium-master" msg=" Node-IPv6: fdff::ff" msg=" External-Node IPv4: 10.0.2.15" msg=" Internal-Node IPv4: 10.11.28.238" msg=" Cluster IPv6 prefix: f00d::/64" msg=" Cluster IPv4 prefix: 10.0.0.0/8" msg=" IPv6 node prefix: f00d::a0f:0:0:0/96" msg=" IPv6 allocation prefix: f00d::a0f:0:0:0/112" msg=" IPv4 allocation prefix: 10.11.0.0/16" msg=" IPv6 router address: f00d::a0f:0:0:8ad6" Signed-off-by: Thomas Graf <thomas@cilium.io> | 06 February 2018, 18:44:11 UTC |
e02faa3 | Thomas Graf | 06 February 2018, 11:04:04 UTC | endpoint: Improve policy calculation logs * Shorten containerID strings * Degrade "Forced rebuild" message from info to debug * Reword language Signed-off-by: Thomas Graf <thomas@cilium.io> | 06 February 2018, 18:44:11 UTC |
190a39c | Thomas Graf | 06 February 2018, 13:34:37 UTC | policy: Print policy revision in log on policy import "Policy imported via API, recalculating..." policyRevision=2 Signed-off-by: Thomas Graf <thomas@cilium.io> | 06 February 2018, 18:44:11 UTC |
bec6842 | Thomas Graf | 06 February 2018, 10:47:03 UTC | k8s: Improve logging on CRD/TPR installation * Degrade "CRD validation is different, updating it..." to debug * Degrade "Creating CiliumNetworkPolicy/v1 ThirdPartyResource" to debug * Consistent "Installed CustomResourceDefinition CiliumNetworkPolicy/v2" for CRD and TPR Signed-off-by: Thomas Graf <thomas@cilium.io> | 06 February 2018, 18:44:11 UTC |