https://github.com/cilium/cilium
- HEAD
- refs/heads/1.2.7-hotfix1-fqdn-regen
- refs/heads/EndpointPolicyEnformcement
- refs/heads/add_metrics_to_scale_test
- refs/heads/all-scalability-improvements
- refs/heads/beta/service-mesh
- refs/heads/bpf-metrics
- refs/heads/brb/brb-patch-2
- refs/heads/cilium-envoy-crd-pre-beta
- refs/heads/cilium-no-gopath
- refs/heads/cli-upgrade-v1.12-ci-test
- refs/heads/clustermesh511-upgrade-test
- refs/heads/committers-codeowners
- refs/heads/dev/joe/v1.8-with-hostfw-fixes
- refs/heads/encrypt-node-fixes
- refs/heads/encrypted-overlay-xfrm-policies
- refs/heads/ensure-macos-build-succeeds
- refs/heads/envoy-policy-precedence
- refs/heads/envoy-warnings-cleanup
- refs/heads/extension-mysql
- refs/heads/feature/cep-scalability
- refs/heads/feature/devices-and-addresses
- refs/heads/feature/devices-reconciliation-v1.16
- refs/heads/feature/main/svc-icmp-response
- refs/heads/feature/service-refactor
- refs/heads/feature/service-refactor-fresh
- refs/heads/feature/v1.11/beta-test
- refs/heads/feature/v1.11/k8s-ingress
- refs/heads/fix-error-wrapping-1.13
- refs/heads/fix-error-wrapping-1.14
- refs/heads/fix-error-wrapping-1.15
- refs/heads/fix-iphealth
- refs/heads/fqdn-fixl3-wildcard
- refs/heads/fristonio/iptables-manager-fix
- refs/heads/ft/main/chancez/push-dev-charts
- refs/heads/ft/main/push_chart_stable_branches_fix
- refs/heads/ft/main/test_push_chart_updates
- refs/heads/gce-example
- refs/heads/gh-readonly-queue/main/pr-27509-78a5f177693fb443cd946441f45826bf7fa2437a
- refs/heads/ginkgo-better-timeout
- refs/heads/graduation
- refs/heads/hf/main/ipam-pools-build-230605
- refs/heads/hf/master/v1.12-rc2-health-dbg-v1
- refs/heads/hf/master/wg-fix-ipam-k8s-v2
- refs/heads/hf/v1.10/cls-prio2
- refs/heads/hf/v1.10/debug-taint-removal
- refs/heads/hf/v1.10/v1.10.10-with-19452
- refs/heads/hf/v1.10/v1.10.2-fix-ipsec-ep-routes
- refs/heads/hf/v1.10/v1.10.5-with-identity-leak-fix
- refs/heads/hf/v1.10/v1.10.7-additional-logs
- refs/heads/hf/v1.10/v1.10.7-exclude-local
- refs/heads/hf/v1.10/v1.10.7-exclude-loopback
- refs/heads/hf/v1.10/v1.10.7-extra-logs
- refs/heads/hf/v1.10/v1.10.7-more-logs
- refs/heads/hf/v1.10/v1.10.8-deadlock-and-complexity-fix
- refs/heads/hf/v1.10/v1.10.8-deadlock-fix
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v3
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v4
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v5
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v6
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v7
- refs/heads/hf/v1.11/1.11.4-custom-taint
- refs/heads/hf/v1.11/19247-custom-taint-key
- refs/heads/hf/v1.11/dbg-svc-restore
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak-eni-attach-and-logging
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak-eni-attachment
- refs/heads/hf/v1.11/v1.11.3-with-19259
- refs/heads/hf/v1.11/v1.11.4-custom-taint
- refs/heads/hf/v1.11/v1.11.5-and-19247-eed5544
- refs/heads/hf/v1.11/xdp-multidev-v1
- refs/heads/hf/v1.11/xdp-multidev-v2-ipcache-fix
- refs/heads/hf/v1.12/next-net-v1
- refs/heads/hf/v1.12/v1.12.18-994
- refs/heads/hf/v1.12/v1.12.3-debug-k8s-heartbeat
- refs/heads/hf/v1.12/v1.12.3-debug-k8s-heartbeat-v2
- refs/heads/hf/v1.13/bpf-sock-l7-fix
- refs/heads/hf/v1.13/v1.13.2-with-24875
- refs/heads/hf/v1.13/v1.13.3-with-26242
- refs/heads/hf/v1.14/cidr-identity-refcnt-fix
- refs/heads/hf/v1.14/v1.14-with-27327
- refs/heads/hf/v1.7/v1.7.15-with-neighbor-fix
- refs/heads/hf/v1.7/v1.7.15-with-neighbor-fix-2
- refs/heads/hf/v1.8/v1.8.13-with-19452
- refs/heads/hf/v1.8/v1.8.6-eni-cidr-fix-1
- refs/heads/hf/v1.8/v1.8.6-eni-cidr-fix-15303
- refs/heads/hf/v1.8/v1.8.7-with-fqdn-underscore-fix
- refs/heads/hf/v1.8/v1.8.8-eni-cidr-fix-1
- refs/heads/hf/v1.8/v1.8.8-with-encrypt-fixes
- refs/heads/hf/v1.9/v1.9.8-azure-ipam-fix
- refs/heads/hf/v1.9/v1.9.9-azure-pod-egress-fix
- refs/heads/images/runtime/20210830
- refs/heads/ipc-demo
- refs/heads/ktls-tx-only
- refs/heads/ktls-tx-only-v2
- refs/heads/ktls-tx-rx
- refs/heads/ktls-tx-rx-v2
- refs/heads/ktls-tx-rx-v3
- refs/heads/ktls-tx-rx-v4
- refs/heads/ktls-tx-rx-v5
- refs/heads/ldelossa/feat/bgp-control-plane
- refs/heads/ldelossa/segment-makefiles
- refs/heads/ldelossa/segment-makefiles-v2
- refs/heads/ldelossa/srv6-encap-fib
- refs/heads/lizrice/pr/cli-confusion
- refs/heads/main
- refs/heads/marseel-modularize_scale_test
- refs/heads/marseel_scale_test_100_nodes
- refs/heads/multi-stack-dev-vm
- refs/heads/pr/1-9-ci-test
- refs/heads/pr/aanm-update-k8s-conformance
- refs/heads/pr/aanm/bisect
- refs/heads/pr/aanm/test-31027
- refs/heads/pr/add-controller-identity
- refs/heads/pr/aditighag/lrp-skip-lb
- refs/heads/pr/asauber/link-local-as-host
- refs/heads/pr/asauber/max-ifindex-metric
- refs/heads/pr/avoid-ct-for-dsr
- refs/heads/pr/backend-state
- refs/heads/pr/bbb-cpy
- refs/heads/pr/bimmlerd/modularize-bandwidth-manager
- refs/heads/pr/bimmlerd/v1.12-backport-quay-org-from-env
- refs/heads/pr/bounded-loops
- refs/heads/pr/bpf-based-masquerading
- refs/heads/pr/bpf-edt-proxy
- refs/heads/pr/brb/arping-nexthop
- refs/heads/pr/brb/arping-via-gw
- refs/heads/pr/brb/auto-multi-dev-v2
- refs/heads/pr/brb/backport-1.8.5-nat-gc
- refs/heads/pr/brb/bpf-host-routing-wg
- refs/heads/pr/brb/bpf-lxc-no-redirect
- refs/heads/pr/brb/bpf-masq-veth
- refs/heads/pr/brb/bpf-multihoming
- refs/heads/pr/brb/cgroup-v2-test
- refs/heads/pr/brb/check-errors-in-logs
- refs/heads/pr/brb/ci
- refs/heads/pr/brb/ci-1111
- refs/heads/pr/brb/ci-2
- refs/heads/pr/brb/ci-4.19
- refs/heads/pr/brb/ci-arping-flake
- refs/heads/pr/brb/ci-bigtcp
- refs/heads/pr/brb/ci-bpf-netdev-without-egress
- refs/heads/pr/brb/ci-cleanup-svc
- refs/heads/pr/brb/ci-dbg-conformance-kind
- refs/heads/pr/brb/ci-dbg-external
- refs/heads/pr/brb/ci-dbg-flake-from-outside
- refs/heads/pr/brb/ci-demo
- refs/heads/pr/brb/ci-disable-ces-for-egress-gw
- refs/heads/pr/brb/ci-dp-disable-bpf-host-routing
- refs/heads/pr/brb/ci-dp-hubble-flows
- refs/heads/pr/brb/ci-dp-more-diversity
- refs/heads/pr/brb/ci-dp-v1.13
- refs/heads/pr/brb/ci-dp-v6
- refs/heads/pr/brb/ci-dp-verifier
- refs/heads/pr/brb/ci-e2e-enable-debug-ipsec
- refs/heads/pr/brb/ci-e2e-helm-mode-v1.13
- refs/heads/pr/brb/ci-e2e-lvh-retry
- refs/heads/pr/brb/ci-e2e-more-nodes
- refs/heads/pr/brb/ci-e2e-new-cli
- refs/heads/pr/brb/ci-e2e-nft
- refs/heads/pr/brb/ci-e2e-unsafe
- refs/heads/pr/brb/ci-e2e-unsafe-v2
- refs/heads/pr/brb/ci-e2e-upgrade-tests
- refs/heads/pr/brb/ci-e2e-upgrade-tests-ipsec
- refs/heads/pr/brb/ci-eks-ipsec-upgrade
- refs/heads/pr/brb/ci-fix-ip-masq-dry-run
- refs/heads/pr/brb/ci-ipsec-upgrade-fix
- refs/heads/pr/brb/ci-ipsec-upgrade-missed-tail-calls
- refs/heads/pr/brb/ci-ipsec-upgrade-v1.13
- refs/heads/pr/brb/ci-ipsec-upgrade-vol2
- refs/heads/pr/brb/ci-keep-missed-tail-calls
- refs/heads/pr/brb/ci-l7-nodeport
- refs/heads/pr/brb/ci-lvh-4.19
- refs/heads/pr/brb/ci-lvh-5.4
- refs/heads/pr/brb/ci-lvh-5.4-v2
- refs/heads/pr/brb/ci-lvh-bpf-next
- refs/heads/pr/brb/ci-no-self-hosted
- refs/heads/pr/brb/ci-pass-kernel-env
- refs/heads/pr/brb/ci-prepull-l4lb
- refs/heads/pr/brb/ci-refactor-svc-suite
- refs/heads/pr/brb/ci-rm-smoke-tests
- refs/heads/pr/brb/ci-sanity
- refs/heads/pr/brb/ci-test
- refs/heads/pr/brb/ci-test-2
- refs/heads/pr/brb/ci-test-k8s-vsn-swap
- refs/heads/pr/brb/ci-test-large-runners
- refs/heads/pr/brb/ci-uffff
- refs/heads/pr/brb/ci-upgrade-vol-2
- refs/heads/pr/brb/ci-upgrade-vol-3
- refs/heads/pr/brb/cilium-host-v6-from-ipam
- refs/heads/pr/brb/cli-bump-test
- refs/heads/pr/brb/datapath-loop-dbg
- refs/heads/pr/brb/dbg-ci
- refs/heads/pr/brb/dbg-conformance-gke
- refs/heads/pr/brb/dbg-master-np-vxlan-ipcache-ci
- refs/heads/pr/brb/debug-nodeport-bpf-flake
- refs/heads/pr/brb/do-not-derive-pod-cidrs-from-dev
- refs/heads/pr/brb/do-not-query-dev-for-arping
- refs/heads/pr/brb/docs--wg-what-encrypted
- refs/heads/pr/brb/docs-clarify-egress-gw-ip-addr-dp
- refs/heads/pr/brb/drop-notify
- refs/heads/pr/brb/dsr
- refs/heads/pr/brb/dsr-v2
- refs/heads/pr/brb/dualstack-ci
- refs/heads/pr/brb/enable-ipv6-per-endpoint-routes
- refs/heads/pr/brb/fib-lookup-src
- refs/heads/pr/brb/fix-backend-id-u32
- refs/heads/pr/brb/fix-ci-dp-deprecation-warn
- refs/heads/pr/brb/fix-clang-vsn-regexp
- refs/heads/pr/brb/fix-egress-ip-16147
- refs/heads/pr/brb/fix-external-ip-dp
- refs/heads/pr/brb/fix-maglev-del
- refs/heads/pr/brb/fix-nodeport-hostnetns
- refs/heads/pr/brb/fix-np-redir-l3-to-tunnel
- refs/heads/pr/brb/fix-stale-dsr
- refs/heads/pr/brb/fix-svc-backend-selection
- refs/heads/pr/brb/fix-third-host
- refs/heads/pr/brb/gh-action-cgr
- refs/heads/pr/brb/gh-action-lvh
- refs/heads/pr/brb/gh-install-cli-backup
- refs/heads/pr/brb/ginkgo-kpr-strict
- refs/heads/pr/brb/ginkgo-rm-update-tests
- refs/heads/pr/brb/go-crazy
- refs/heads/pr/brb/hubble-tcp-ack-seq-no
- refs/heads/pr/brb/improve-svc-restore
- refs/heads/pr/brb/istio-getsockopt
- refs/heads/pr/brb/it-cannot-be-truth
- refs/heads/pr/brb/kpr-svc-mesh
- refs/heads/pr/brb/kubeproxy-free-ci
- refs/heads/pr/brb/l7-np-bpf
- refs/heads/pr/brb/l7-rerevert
- refs/heads/pr/brb/lets-be-friends-with-ipsec
- refs/heads/pr/brb/lvh-kind-127
- refs/heads/pr/brb/lvh-kind-ipsec-upgrade
- refs/heads/pr/brb/meyskens/auth-ep-gc-locks
- refs/heads/pr/brb/multi-network
- refs/heads/pr/brb/no-cache-snat
- refs/heads/pr/brb/no-rev-nat-bpf-lxc-ingress
- refs/heads/pr/brb/node-id-per-fam
- refs/heads/pr/brb/nodeport-xlr-flag
- refs/heads/pr/brb/perf-wg
- refs/heads/pr/brb/pin-lvh
- refs/heads/pr/brb/push-ci-charts
- refs/heads/pr/brb/pwru
- refs/heads/pr/brb/rm-arping-l2-addr-check
- refs/heads/pr/brb/rm-no-redirect
- refs/heads/pr/brb/rm-np-deadcode
- refs/heads/pr/brb/rm-partial-host-svc
- refs/heads/pr/brb/rm-test-gke
- refs/heads/pr/brb/test-bpf-masq
- refs/heads/pr/brb/test-ci-e2e
- refs/heads/pr/brb/test-ci-e2e-v1.13
- refs/heads/pr/brb/test-kind
- refs/heads/pr/brb/third-host-more-pain
- refs/heads/pr/brb/timing-l4lb-gh-action
- refs/heads/pr/brb/triage-flake-v2
- refs/heads/pr/brb/triage-lb-flake
- refs/heads/pr/brb/unquarantine-svc
- refs/heads/pr/brb/v1.10-istio-snat
- refs/heads/pr/brb/v1.12-ci-e2e
- refs/heads/pr/brb/v1.12-ci-ipsec-upgrade
- refs/heads/pr/brb/v1.12-test-ipsec-upgrade
- refs/heads/pr/brb/v1.13-ci-e2e
- refs/heads/pr/brb/v1.13-remote-np
- refs/heads/pr/brb/v1.13-upgrade-fixes
- refs/heads/pr/brb/v1.14-ci-e2e-upgrade
- refs/heads/pr/brb/v1.14-drop-notify
- refs/heads/pr/brb/v1.6.9-iptables-W
- refs/heads/pr/brb/v1.8-fix-icmp-port-check
- refs/heads/pr/brb/wg-encrypt-node-test
- refs/heads/pr/brb/wg-hack
- refs/heads/pr/brb/wg-ipam-fix
- refs/heads/pr/brb/wg-kpr
- refs/heads/pr/brb/wg-test
- refs/heads/pr/brb/wip
- refs/heads/pr/brb/wip-ci
- refs/heads/pr/brb/wip-sync-policy-map
- refs/heads/pr/brb/xdp-egress-gw
- refs/heads/pr/brb/xdp-multidev-with-bpf-multihoming
- refs/heads/pr/brb/xdp-multidev-with-bpf-multihoming-v2
- refs/heads/pr/brlbil/ci-remove-unsupported-k8s-version-1.13
- refs/heads/pr/bruno/sleepy-pawn
- refs/heads/pr/bugtool-systemd
- refs/heads/pr/bwm-base2
- refs/heads/pr/bwm-priority
- refs/heads/pr/chancez/add_hubble_l7_dashboard_prometheus_example
- refs/heads/pr/chancez/fix_websocket_l7_policies
- refs/heads/pr/chancez/flow_filter_namespace
- refs/heads/pr/chancez/hubble_cel
- refs/heads/pr/chancez/hubble_plus_plus
- refs/heads/pr/chancez/static_peers_hubble_relay
- refs/heads/pr/christarazi/controlplane-fqdn
- refs/heads/pr/christarazi/ipcache-async-cep-pods-namedports
- refs/heads/pr/christarazi/k8s-1.30
- refs/heads/pr/christarazi/prep-from-cidr-tests
- refs/heads/pr/datapath-opt
- refs/heads/pr/dbkm/nodeport-lb
- refs/heads/pr/debug-dns-timeout
- refs/heads/pr/eproutes-redir
- refs/heads/pr/example/neigh-state-manager
- refs/heads/pr/fastdp
- refs/heads/pr/fastdp2
- refs/heads/pr/fib-consolidation
- refs/heads/pr/fix-aks-workflow
- refs/heads/pr/fix-k8s-all-sha1
- refs/heads/pr/fix-pod-pacing
- refs/heads/pr/fix-tail-call-replace
- refs/heads/pr/fristonio/feat-19038
- refs/heads/pr/fristonio/fix-istio-k8sT
- refs/heads/pr/fristonio/ipv6-masquerading
- refs/heads/pr/fristonio/test-dual-stack
- refs/heads/pr/fristonio/test-ipv6-dualstack
- refs/heads/pr/gandro+brb/fix-monitor-aggregation-np-v2
- refs/heads/pr/gandro+brb/mv-trace-point-to-rev-nodeport
- refs/heads/pr/gandro+brb/wg-host-encryption-v3
- refs/heads/pr/gandro+brb/wg-host2host
- refs/heads/pr/gandro+brb/wg-host2host-kind
- refs/heads/pr/gandro/bump-hubble-2020-03-25
- refs/heads/pr/gandro/ci-conformance-multicluster-fix-log-gathering
- refs/heads/pr/gandro/ci-delete-crds-in-cleanupcomponents
- refs/heads/pr/gandro/ci-fix-status-if-workflows-are-skipped
- refs/heads/pr/gandro/ci-wait-for-all-relevant-images-do-not-merge-test
- refs/heads/pr/gandro/enable-hubble-by-default
- refs/heads/pr/gandro/portmap-refcount
- refs/heads/pr/gandro/re-enable-wireguard-in-multicluster-ci
- refs/heads/pr/gandro/svc-healthchecknodeport
- refs/heads/pr/gc-on-svc-update
- refs/heads/pr/getname-hooks
- refs/heads/pr/giorio94/1.14/test-cilium-cli-2184
- refs/heads/pr/giorio94/main/gha-cluster-name
- refs/heads/pr/giorio94/main/gha-clustermesh-endpointslice-sync
- refs/heads/pr/giorio94/main/gha-fully-qualified-dns
- refs/heads/pr/giorio94/main/test-cilium-cli-2184
- refs/heads/pr/giorio94/main/tests-clustermesh-upgrade-interrupted
- refs/heads/pr/gray/30837-with-pwru
- refs/heads/pr/gray/pwru-action
- refs/heads/pr/health-data-path
- refs/heads/pr/hubble-tls-cert-gen-via-k8s-job
- refs/heads/pr/ianvernon/kvstore-client-type
- refs/heads/pr/ianvernon/kvstore-context
- refs/heads/pr/ianvernon/more-endpoint-cleanup
- refs/heads/pr/ianvernon/resolve-cidr-policy-perf-improvement
- refs/heads/pr/increase-verifier-test-build-timeout
- refs/heads/pr/ipip
- refs/heads/pr/ipip-encap
- refs/heads/pr/ipip-encap2
- refs/heads/pr/ipip2
- refs/heads/pr/ipip4
- refs/heads/pr/ipip6
- refs/heads/pr/jibi/fix-differentiate-udp-tcp-svc-upgrade
- refs/heads/pr/jibi/ip-list-contains-addr
- refs/heads/pr/joamaki/gather-network-info
- refs/heads/pr/joamaki/idless-service-restapi
- refs/heads/pr/joe/ariane-scheduled-cilium-only
- refs/heads/pr/joe/backport-28007-1.11
- refs/heads/pr/joe/bump-ginkgo-seed
- refs/heads/pr/joe/docker-build-log-tracing
- refs/heads/pr/joe/ipcache-cidr-policy
- refs/heads/pr/joe/lost-identity
- refs/heads/pr/joe/sw-quay
- refs/heads/pr/joe/test-lvh-fix
- refs/heads/pr/joe/v1.13-stability-check
- refs/heads/pr/joe/v1.7-dev-env
- refs/heads/pr/jrajahalme/gh-filter-test-files
- refs/heads/pr/jrfastab/backport-ooo-ipsec-fixes
- refs/heads/pr/jrfastab/backport-v111-loopback
- refs/heads/pr/jrfastab/backport-v115
- refs/heads/pr/jrfastab/dbgNodeId
- refs/heads/pr/jrfastab/dbgNodeId111
- refs/heads/pr/jrfastab/dbgNodeId111v2
- refs/heads/pr/jrfastab/dbgv114
- refs/heads/pr/jrfastab/eks-encrypt-ipamupdate
- refs/heads/pr/jrfastab/fix-encrypt-subnets
- refs/heads/pr/jrfastab/fix-ixsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/fixes-ipsec-init
- refs/heads/pr/jrfastab/v1.8-fix-ipsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/v1.9-fix-ipsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/v111-debug-ooo
- refs/heads/pr/jrfastab/v111-debug-ooo-v2
- refs/heads/pr/jwi/main/ipsec-rhel8
- refs/heads/pr/jwi/main/test
- refs/heads/pr/jwi/v1.13/test
- refs/heads/pr/jwi/v1.14/test
- refs/heads/pr/jwi/v1.15/bpf-complexity
- refs/heads/pr/jwi/v1.15/test
- refs/heads/pr/k8s-nat46x64
- refs/heads/pr/k8s-nat46x64-2
- refs/heads/pr/kaworu/helm-hubble-cli.yaml
- refs/heads/pr/kkourt/azure-ipam-test-race
- refs/heads/pr/kkourt/bpftool-update
- refs/heads/pr/kkourt/ct-rst-timeout-wip
- refs/heads/pr/kkourt/v1.11-backport-2022-01-26
- refs/heads/pr/kkourt/v1.9-lxc-complexity
- refs/heads/pr/learnitall/add-pprofs-scale-tests
- refs/heads/pr/learnitall/ginkgo-race-workflow
- refs/heads/pr/marga/v1.11-without-deny-precedence
- refs/heads/pr/max/ci-clang-builder
- refs/heads/pr/max/llvm17-fixes-2
- refs/heads/pr/max/llvm17-fixes-3
- refs/heads/pr/max/upgrade-llvm-17-2
- refs/heads/pr/max/upgrade-llvm-17-3
- refs/heads/pr/max/upgrade-llvm-17-3-test
- refs/heads/pr/max/upgrade-llvm-17-3-test-alt
- refs/heads/pr/meyskens/renovate-gha
- refs/heads/pr/mhofstetter/guestbook-registry
- refs/heads/pr/mhofstetter/junit-fetch-nullglob
- refs/heads/pr/mhofstetter/ssh-store-consolelog
- refs/heads/pr/mhofstetter/test-ingress
- refs/heads/pr/michi/circular-struggle
- refs/heads/pr/michi/crdregister
- refs/heads/pr/michi/debug
- refs/heads/pr/michi/description
- refs/heads/pr/michi/dns-refactor12
- refs/heads/pr/michi/l7drop
- refs/heads/pr/michi/majestic-ketchup
- refs/heads/pr/michi/mega-ketchup
- refs/heads/pr/michi/peerapi
- refs/heads/pr/michi/sleep-on-it
- refs/heads/pr/michi/test
- refs/heads/pr/michi/weekly-bot
- refs/heads/pr/monitor-wait-ci
- refs/heads/pr/move-image-to-one-repo
- refs/heads/pr/nat-gw-tests
- refs/heads/pr/nathanjsweet/add-complex-allow-test-to-policy-map-tests
- refs/heads/pr/nathanjsweet/add-lockdown-mode-for-policy-map-overflows
- refs/heads/pr/nathanjsweet/add-packet-size-to-flow-structure
- refs/heads/pr/nathanjsweet/add-policy-port-range-mapping
- refs/heads/pr/nathanjsweet/backport-fix-fqdn-proxy-restore-check-to-1-13
- refs/heads/pr/nathanjsweet/backport-fix-fqdn-proxy-restore-check-to-1-14
- refs/heads/pr/nathanjsweet/backport-fix-fqdn-proxy-restore-check-to-1-15
- refs/heads/pr/nathanjsweet/differentiate-protocol-in-services
- refs/heads/pr/nathanjsweet/document-test-and-fix-descendants-bug
- refs/heads/pr/nathanjsweet/node-port-addresses
- refs/heads/pr/nathanjsweet/refactor-mapstate
- refs/heads/pr/nathanjsweet/update-k8s-control-plane-tests-to-1-27
- refs/heads/pr/nebril/add-dns-concurrency-limit
- refs/heads/pr/nebril/fix-precheck
- refs/heads/pr/nebril/fqdn-proxy-ha
- refs/heads/pr/nebril/fqdn-proxy-interface
- refs/heads/pr/nebril/gke-workflow-migrate-from-cli
- refs/heads/pr/nebril/quarantine-1.14-nodeport
- refs/heads/pr/nebril/test-bottlerocket
- refs/heads/pr/nebril/test-helm-gke-fix
- refs/heads/pr/nebril/test-our-ghaction-shenanigans
- refs/heads/pr/nebril/test-rebase-helm
- refs/heads/pr/nebril/trololo
- refs/heads/pr/nebril/update-cli-9.1-test
- refs/heads/pr/netkit
- refs/heads/pr/netns-switch
- refs/heads/pr/netns-switch-no-peer
- refs/heads/pr/nodeport-fix
- refs/heads/pr/nodeport-improvements2
- refs/heads/pr/nodeport-nat-improvements
- refs/heads/pr/nodeport-nat-improvements2
- refs/heads/pr/nodeport-retry-sport
- refs/heads/pr/pchaigno/deprecate-bpf_network-f
- refs/heads/pr/pchaigno/fix-4.19-bpf-program-size
- refs/heads/pr/pchaigno/hotfix1-ipsec-fix
- refs/heads/pr/pchaigno/hotfix1-ipsec-fix-brb-v0
- refs/heads/pr/pchaigno/ipsec-kpr
- refs/heads/pr/pchaigno/optim-complexity-ipcache-lookup
- refs/heads/pr/pchaigno/rework-config-probes
- refs/heads/pr/pchaigno/tmp-base-branch
- refs/heads/pr/pin-1.10-workflows-k8s-version
- refs/heads/pr/pin-1.11-workflows-k8s-version
- refs/heads/pr/pin-1.12-workflows-k8s-version
- refs/heads/pr/pin-1.13-workflows-k8s-version
- refs/heads/pr/pin-cloud-provider-master-workflows
- refs/heads/pr/pr/fix-ipam-node-manager-semaphore-error-handling
- refs/heads/pr/publish-test-images
- refs/heads/pr/qmonnet/docs-20230224
- refs/heads/pr/qmonnet/docs-bump
- refs/heads/pr/qmonnet/ipsec/no-missed-tail-call-1.13
- refs/heads/pr/qmonnet/ipsec/test-1.13
- refs/heads/pr/qmonnet/ipsec/test-1.14
- refs/heads/pr/qmonnet/ipsec/test-1.15
- refs/heads/pr/qmonnet/ipsec/test-main
- refs/heads/pr/qmonnet/standalone-lb-docs
- refs/heads/pr/qmonnet/sync-joblists
- refs/heads/pr/ray/late-dns-proxy
- refs/heads/pr/rgo3/1.12-run-no-unexpected-drops-for-patch
- refs/heads/pr/rgo3/fix-k8s-vm-provisioning-1.13
- refs/heads/pr/rolinh/better-policy-verdict
- refs/heads/pr/rolinh/hubble-dump-all
- refs/heads/pr/rolinh/hubble-fix-maxflows-rounding
- refs/heads/pr/rolinh/mitchellh
- refs/heads/pr/route-test
- refs/heads/pr/run-tests-in-parallel
- refs/heads/pr/scalability-crd-only
- refs/heads/pr/squeed/make-ccache
- refs/heads/pr/squeed/per-node-config
- refs/heads/pr/squeed/remote-cluster-leak
- refs/heads/pr/stacy/docs-update
- refs/heads/pr/tammach/ci-tunnel
- refs/heads/pr/tammach/cni-logging-improvement
- refs/heads/pr/tammach/envoy-1.28.2
- refs/heads/pr/tammach/fun-with-flake-xds
- refs/heads/pr/tammach/sync-up-gwapi
- refs/heads/pr/tc-np-test
- refs/heads/pr/test-419-ci
- refs/heads/pr/test-increase-update-delete-timeout
- refs/heads/pr/test-k8s-all-tests
- refs/heads/pr/test-lb-super-netperf
- refs/heads/pr/test-nightly
- refs/heads/pr/test-upstream-timeout
- refs/heads/pr/tgraf/chaos-testing
- refs/heads/pr/tgraf/clustermesh-stale-state
- refs/heads/pr/tgraf/eni-ipam
- refs/heads/pr/tgraf/new-endpoint-state
- refs/heads/pr/tgraf/new-policy
- refs/heads/pr/tgraf/remove-tunnel-map
- refs/heads/pr/tgraf/scoped-ipam
- refs/heads/pr/tgraf/sctp
- refs/heads/pr/tgraf/split-lxc-prog
- refs/heads/pr/thorn3r/clustermesh511
- refs/heads/pr/tklauser/labelsfilter-silence-logs
- refs/heads/pr/tklauser/rm-contexthelper
- refs/heads/pr/tklauser/rm-safe-rand
- refs/heads/pr/tommyp1ckles/debugging-aks-conformance
- refs/heads/pr/tp/add-logging-for-wait-for-pods-term-condition
- refs/heads/pr/tp/backport-31380
- refs/heads/pr/tp/bump-cilium-cli
- refs/heads/pr/tp/complexity-issue-verifier-case-main
- refs/heads/pr/tp/eps-modular-health
- refs/heads/pr/tp/fix-stuck-ginko-pod-v2
- refs/heads/pr/tp/forward-hubble-for-e2e
- refs/heads/pr/tp/forward-hubble-for-e2e-v2
- refs/heads/pr/tp/switch-1.24-eks-region
- refs/heads/pr/tp/switch-1.24-eks-region-v1.13
- refs/heads/pr/tp/use-helm-default-vars-for-clustermesh-downgrade-c1
- refs/heads/pr/tweak-github-action-ref
- refs/heads/pr/twpayne/hubble-recent-events-buffer
- refs/heads/pr/twpayne/hubble-ring-buffer-benchmarks
- refs/heads/pr/update-tm-network
- refs/heads/pr/v1.10-backport-2022-06-13
- refs/heads/pr/v1.10-backport-2022-10-03
- refs/heads/pr/v1.10-eni-stability-improvements-v1
- refs/heads/pr/v1.10-neigh-clean
- refs/heads/pr/v1.11-backport-2022-10-03
- refs/heads/pr/v1.11-test/issue-692
- refs/heads/pr/v1.12-backport-2023-10-10
- refs/heads/pr/v1.12-test/issue-692
- refs/heads/pr/v1.13-backport-2023-10-31
- refs/heads/pr/v1.13-test/issue-692
- refs/heads/pr/v1.14.1
- refs/heads/pr/v1.7-stability-test
- refs/heads/pr/v1.7.9-hf-13205
- refs/heads/pr/v3-cpu
- refs/heads/pr/v6-host-addr2
- refs/heads/pr/vk/azure/oidc
- refs/heads/pr/vk/doc/ipsec
- refs/heads/pr/vk/ipsec/key/rotate
- refs/heads/regex_improved
- refs/heads/renovate/main-all-dependencies
- refs/heads/renovate/main-all-go-deps-main
- refs/heads/renovate/main-patch-all-lvh-images-main
- refs/heads/renovate/main-patch-go
- refs/heads/renovate/v1.13-all-github-action
- refs/heads/renovate/v1.13-patch-stable-lvh-images
- refs/heads/renovate/v1.14-patch-stable-lvh-images
- refs/heads/renovate/v1.15-patch-stable-lvh-images
- refs/heads/revert-29086-2023-11-09-backport-1.14
- refs/heads/rib
- refs/heads/run-ci-wihout-building-cilium
- refs/heads/sh-dep-test-l4lb
- refs/heads/sidecar-http-proxy
- refs/heads/sockmap-v5
- refs/heads/sockops-build-fix
- refs/heads/tam/integration-tests
- refs/heads/tam/more-ingress-tests
- refs/heads/tam/proxy-tunnel
- refs/heads/tb/bpf-remove-bear
- refs/heads/test-branch
- refs/heads/test-ipsec
- refs/heads/test-sig-bgp-notifs
- refs/heads/test/brlbil/upload
- refs/heads/test/skip-workflows
- refs/heads/test_scale
- refs/heads/testing_envoy_default
- refs/heads/tgraf/process-policy
- refs/heads/tklauser+brb/wip/multi-homing
- refs/heads/unit-test-ipsec
- refs/heads/v0.10
- refs/heads/v0.11
- refs/heads/v0.12
- refs/heads/v0.13
- refs/heads/v0.8
- refs/heads/v0.9
- refs/heads/v1.0
- refs/heads/v1.0.0-rc2
- refs/heads/v1.0.0-rc3
- refs/heads/v1.1
- refs/heads/v1.10
- refs/heads/v1.11
- refs/heads/v1.12
- refs/heads/v1.12.11-base
- refs/heads/v1.13
- refs/heads/v1.14
- refs/heads/v1.15
- refs/heads/v1.2
- refs/heads/v1.3
- refs/heads/v1.3.1
- refs/heads/v1.3.1-release
- refs/heads/v1.3.7-release
- refs/heads/v1.4
- refs/heads/v1.4.5-release
- refs/heads/v1.5
- refs/heads/v1.5.2-rc1-with-clusterip-fix
- refs/heads/v1.5.4-release
- refs/heads/v1.6
- refs/heads/v1.7
- refs/heads/v1.7.9-1
- refs/heads/v1.7.9.1
- refs/heads/v1.8
- refs/heads/v1.9
- refs/heads/verify-external-workload-dns-setup-redux
- refs/heads/vladu/identity-type-metrics
- refs/heads/weavescope
- refs/heads/wip-ktls-tx-rx
- refs/heads/wip-sockmap
- refs/heads/wip-sockmap-v2
- refs/heads/wip-sockmap-v3
- refs/heads/wip-sockmap-v4
- refs/heads/xfrm-subnet-test
- refs/heads/yutaro/bgp-cplane-etp-local/doc
- refs/heads/yutaro/oss/eni-overlapping-mark
- refs/remotes/bruno/hf/v1.10/v1.10.3-bpf-snat-and-masq-fixes
- refs/remotes/joe/submit/quarantine-etcd
- refs/remotes/origin/1.2-backports-18-09-12
- refs/remotes/origin/ipvlan3
- refs/remotes/origin/pr/add-reserved-health
- refs/remotes/origin/pr/brb/nodeport-lb
- refs/remotes/origin/pr/ianvernon/5859
- refs/remotes/origin/pr/ianvernon/dynamic-ep-cfg
- refs/remotes/origin/pr/tgraf/kube-dns-fixed-identity
- refs/semaphoreci/6384f501b324813e55cfbe818c04a40f2a923765
- refs/semaphoreci/7f69b285bac8a1be414e8769799962ae1408d9e1
- refs/semaphoreci/b5eb6622da121ad36b8f375a084392f7feeec64a
- refs/semaphoreci/d9e7e28f39d34a7050a9c1cad2a26d84f5f4eff1
- refs/semaphoreci/f55ec535d85f387ef981265967fabb3c1b5f1ec6
- refs/tags/0.10.1
- refs/tags/1.1.1
- refs/tags/1.9.0-rc0
- refs/tags/v0.11
- refs/tags/v0.12.0
- refs/tags/v0.13.1
- refs/tags/v0.8.0
- refs/tags/v0.8.1
- refs/tags/v0.8.2
- refs/tags/v0.9.0
- refs/tags/v0.9.0-rc1
- refs/tags/v1.0.0-rc2
- Branches list truncated to 652 entries, 4 were omitted.
- v1.11.0-rc0
- v1.11.0
- v1.10.9
- v1.10.8
- v1.10.7
- v1.10.6
- v1.10.5
- v1.10.4
- v1.10.3
- v1.10.20
- v1.10.2
- v1.10.19
- v1.10.18
- v1.10.17
- v1.10.16
- v1.10.15
- v1.10.14
- v1.10.13
- v1.10.12
- v1.10.11
- v1.10.10
- v1.10.1
- v1.10.0-rc2
- v1.10.0-rc1
- v1.10.0-rc0
- v1.10.0
- v1.1.6
- v1.1.5
- v1.1.4
- v1.1.3
- v1.1.2
- v1.1.1
- v1.1.0-rc4
- v1.1.0-rc3
- v1.1.0-rc2
- v1.1.0-rc1
- v1.1.0-rc0
- v1.1.0
- v1.0.7
- v1.0.6
- v1.0.5
- v1.0.4
- v1.0.3
- v1.0.2
- v1.0.1
- v1.0.0-rc9
- v1.0.0-rc8
- v1.0.0-rc7
- v1.0.0-rc6
- v1.0.0-rc5
- v1.0.0-rc4
- v1.0.0-rc14
- v1.0.0-rc13
- v1.0.0-rc11
- v1.0.0-rc10
- v1.0.0-rc1
- v1.0.0
- v0.13.9
- v0.13.8
- v0.13.7
- v0.13.6
- v0.13.5
- v0.13.4
- v0.13.3
- v0.13.28
- v0.13.25
- v0.13.24
- v0.13.23
- v0.13.22
- v0.13.21
- v0.13.20
- v0.13.2
- v0.13.19
- v0.13.18
- v0.13.17
- v0.13.16
- v0.13.15
- v0.13.14
- v0.13.13
- v0.13.12
- v0.13.11
- v0.13.10
- v0.10.0
- 1.9.9
- 1.9.8
- 1.9.7
- 1.9.6
- 1.9.5
- 1.9.4
- 1.9.3
- 1.9.2
- 1.9.18
- 1.9.17
- 1.9.16
- 1.9.15
- 1.9.14
- 1.9.13
- 1.9.12
- 1.9.11
- 1.9.10
- 1.9.1
- 1.9.0-rc3
- 1.9.0-rc2
- 1.9.0-rc1
- 1.9.0
- 1.8.9
- 1.8.8
- 1.8.7
- 1.8.6
- 1.8.5
- 1.8.4
- 1.8.3
- 1.8.2
- 1.8.13
- 1.8.12
- 1.8.11
- 1.8.10
- 1.8.1
- 1.8.0-rc4
- 1.8.0-rc3
- 1.8.0-rc2
- 1.8.0-rc1
- 1.8.0
- 1.7.9
- 1.7.8
- 1.7.7
- 1.7.6
- 1.7.5
- 1.7.4
- 1.7.3
- 1.7.2
- 1.7.16
- 1.7.15
- 1.7.14
- 1.7.13
- 1.7.12
- 1.7.11
- 1.7.10
- 1.7.1
- 1.7.0-rc4
- 1.7.0-rc3
- 1.7.0
- 1.6.9
- 1.6.8
- 1.6.7
- 1.6.6
- 1.6.5
- 1.6.4
- 1.6.3
- 1.6.2
- 1.6.12
- 1.6.11
- 1.6.10
- 1.6.1
- 1.6.0
- 1.5.9
- 1.5.8
- 1.5.7
- 1.5.6
- 1.5.5
- 1.5.4
- 1.5.3
- 1.5.2
- 1.5.13
- 1.5.12
- 1.5.11
- 1.5.10
- 1.5.1
- 1.5.0-rc6
- 1.5.0-rc5
- 1.5.0-rc4
- 1.5.0-rc3
- 1.5.0-rc2
- 1.5.0
- 1.4.9
- 1.4.8
- 1.4.7
- 1.4.6
- 1.4.5
- 1.4.4
- 1.4.3
- 1.4.2
- 1.4.10
- 1.4.1
- 1.4.0-rc9
- 1.4.0-rc8
- 1.4.0-rc7
- 1.4.0-rc6
- 1.4.0-rc5
- 1.4.0-rc2
- 1.4.0
- 1.3.8
- 1.3.7
- 1.3.6
- 1.3.5
- 1.3.4
- 1.3.3
- 1.3.2
- 1.3.1
- 1.3.0-rc5
- 1.3.0-rc4
- 1.3.0
- 1.2.8
- 1.2.7
- 1.2.6
- 1.2.5
- 1.2.4
- 1.2.3
- 1.2.2
- 1.2.1
- 1.2.0-rc3
- 1.2.0-rc2
- 1.2.0-rc1
- 1.2.0
- 1.16.0-pre.1
- 1.16.0-pre.0
- 1.15.3
- 1.15.2
- 1.15.1
- 1.15.0-rc.1
- 1.15.0-rc.0
- 1.15.0-pre.3
- 1.15.0-pre.2
- 1.15.0-pre.1
- 1.15.0-pre.0
- 1.15.0
- 1.14.9
- 1.14.8
- 1.14.7
- 1.14.6
- 1.14.5
- 1.14.4
- 1.14.3
- 1.14.2
- 1.14.1
- 1.14.0-snapshot.4
- 1.14.0-snapshot.3
- 1.14.0-snapshot.2
- 1.14.0-snapshot.1
- 1.14.0-snapshot.0
- 1.14.0-rc.1
- 1.14.0-rc.0
- 1.14.0-pre.2
- 1.14.0
- 1.13.9
- 1.13.8
- 1.13.7
- 1.13.6
- 1.13.5
- 1.13.4
- 1.13.3
- 1.13.2
- 1.13.14
- 1.13.13
- 1.13.12
- 1.13.11
- 1.13.10
- 1.13.1
- 1.13.0-rc5
- 1.13.0-rc4
- 1.13.0-rc3
- 1.13.0-rc2
- 1.13.0-rc1
- 1.13.0-rc0
- 1.13.0
- 1.12.9
- 1.12.8
- 1.12.7
- 1.12.6
- 1.12.5
- 1.12.4
- 1.12.3
- 1.12.2
- 1.12.19
- 1.12.18
- 1.12.17
- 1.12.16
- 1.12.15
- 1.12.14
- 1.12.13
- 1.12.12
- 1.12.11
- 1.12.10
- 1.12.1
- 1.12.0-rc3
- 1.12.0-rc2
- 1.12.0-rc1
- 1.12.0-rc0
- 1.12.0
- 1.11.9
- 1.11.8
- 1.11.7
- 1.11.6
- 1.11.5
- 1.11.4
- 1.11.3
- 1.11.20
- 1.11.2
- 1.11.19
- 1.11.18
- 1.11.17
- 1.11.16
- 1.11.15
- 1.11.14
- 1.11.13
- 1.11.12
- 1.11.11
- 1.11.10
- 1.11.1
- 1.11.0-rc3
- 1.11.0-rc2
- 1.11.0-rc1
- 1.11.0-rc0
- 1.11.0
- 1.10.9
- 1.10.8
- 1.10.7
- 1.10.6
- 1.10.5
- 1.10.4
- 1.10.3
- 1.10.20
- 1.10.2
- 1.10.19
- 1.10.18
- 1.10.17
- 1.10.16
- 1.10.15
- 1.10.14
- 1.10.13
- 1.10.12
- 1.10.11
- 1.10.10
- 1.10.1
- 1.10.0-rc2
- 1.10.0-rc1
- 1.10.0-rc0
- 1.10.0
- 1.1.6
- 1.1.5
- 1.1.4
- 1.1.3
- 1.1.2
- 1.1.0
- 1.0.7
- 1.0.6
- 1.0.5
- 1.0.4
- Releases list truncated to 348 entries, 258 were omitted.
Take a new snapshot of a software origin
If the archived software origin currently browsed is not synchronized with its upstream version (for instance when new commits have been issued), you can explicitly request Software Heritage to take a new snapshot of it.
Use the form below to proceed. Once a request has been submitted and accepted, it will be processed as soon as possible. You can then check its processing state by visiting this dedicated page.Processing "take a new snapshot" request ...
Permalinks
To reference or cite the objects present in the Software Heritage archive, permalinks based on SoftWare Hash IDentifiers (SWHIDs) must be used.
Select below a type of object currently browsed in order to display its associated SWHID and permalink.
Revision | Author | Date | Message | Commit Date |
---|---|---|---|---|
85eaf5a | André Martins | 21 February 2018, 02:28:01 UTC | k8s: add enforce and revision fields to CNP status Add controllers for each cilium network policy that allows to update the revision number and its enforcement on the endpoints running on each node. Output example from different sources (K8S - 172 is not running with this changes): $ cilium status --all-controllers ... Name Last success Last error Count Message ... sync-cnp-policy-status (v2 default/guestbook-web) 4s ago never 0 no error ... $ kubectl describe cnp Name: guestbook-web Namespace: default API Version: cilium.io/v2 .... Status: Nodes: K 8 S - 171: Enforcing: true Last Updated: 2018-02-21T02:49:53.063373958Z Local Policy Revision: 7 Ok: true K 8 S - 172: Last Updated: 2018-02-20T14:53:51.928648228Z Ok: true $ cilium policy get | tail -n 1 Revision: 7 Backports: 02a186f70b5a65d4c803b411725e7efc6bf175f7 | 28 February 2018, 20:51:25 UTC |
b7beec7 | André Martins | 21 February 2018, 02:30:58 UTC | pkg/endpointmanager: add WaitForEndpointsAtPolicyRev By using the WaitForPolicyRevision function implemented in the endpoint we can leverage to know when all the endpoints have reached a given policy revision. Backports: acd6ebac183b02ae2681457f68e0e98a828d3a89 Signed-off-by: André Martins <andre@cilium.io> | 28 February 2018, 20:50:02 UTC |
39dbe6b | André Martins | 20 February 2018, 21:09:04 UTC | pkg/endpoint: add signals for policy revision Add a signal mechanism to detect if a policy revision of a particular endpoint was changed. This is done throught golang channels instead of polling the policy revision. Backports: d2e928118ec1f293ef02cb44d5bec0279e5908e1 Signed-off-by: André Martins <andre@cilium.io> | 28 February 2018, 20:49:34 UTC |
d68fd94 | André Martins | 20 February 2018, 16:14:11 UTC | pkg/endpoint: add policyRevision Setter Backports: 7a3586fdd5eb44e59547921b636c4cb22281d827 Signed-off-by: André Martins <andre@cilium.io> | 28 February 2018, 20:49:03 UTC |
c54ebc5 | Jarno Rajahalme | 28 February 2018, 19:10:14 UTC | envoy: Use downstream HTTP protocol for upstream connections. gRPC connectivity fail if transported over HTTP/1 connections. The way this feature is configured changed when upstreaming to Envoy, and the refactored code inadvertently used the enum for using the configured rather than downstream protocol for upstream connections. Backports: fcdfbcb83ff33aec1033f1b171b37ed877b95349 Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Reported-by: Ian Vernon <ian@cilium.io> | 28 February 2018, 20:47:35 UTC |
8f1f166 | Thomas Graf | 26 February 2018, 23:59:59 UTC | monitor: Hide message construction in BuildMessage() Signed-off-by: Thomas Graf <thomas@cilium.io> | 27 February 2018, 14:21:45 UTC |
591633c | Thomas Graf | 26 February 2018, 15:58:10 UTC | monitor: Introduce buffer to queue per listener notifications This decouples multiple readers and avoids blocking other readers if one of the readers can't keep it up. Signed-off-by: Thomas Graf <thomas@cilium.io> | 27 February 2018, 14:21:45 UTC |
1d4efc5 | Thomas Graf | 26 February 2018, 15:58:10 UTC | monitor: Concat byte buffers before writing Signed-off-by: Thomas Graf <thomas@cilium.io> | 27 February 2018, 14:21:45 UTC |
0cfd8be | Thomas Graf | 26 February 2018, 15:58:10 UTC | monitor: Introduce channel to buffer notifications * Makes SendEvent() lockless and non-blocking. Notifications are enqueued to a channel and in case the channel is full, the notification is dropped. * Lost notifications are accounted for and reported * The writing to the pipe is made via a single Write() call to maximise the chances that either none of the message buffer or all of it is written to the pipe. Signed-off-by: Thomas Graf <thomas@cilium.io> | 27 February 2018, 14:21:45 UTC |
1fde5a3 | Thomas Graf | 26 February 2018, 15:58:10 UTC | monitor: Move sendEvent() to NodeMonitor struct No functional change of code Signed-off-by: Thomas Graf <thomas@cilium.io> | 27 February 2018, 14:21:45 UTC |
e19c15f | Thomas Graf | 27 February 2018, 00:43:42 UTC | Documentation: Add section to retrieve overall health Signed-off-by: Thomas Graf <thomas@cilium.io> | 27 February 2018, 14:21:01 UTC |
0cc4330 | Thomas Graf | 27 February 2018, 00:38:14 UTC | Documentation: Fix render-docs on OSX * Do not use $(MAKE) as it will expand to a path that is not avaiable inside the container. * Do not attempt to overwrite uid:gid as it will not allow to bind to port 80 Signed-off-by: Thomas Graf <thomas@cilium.io> | 27 February 2018, 14:21:01 UTC |
3dd2e9c | Thomas Graf | 26 February 2018, 23:43:25 UTC | contrib: Make k8s-monitor.sh more generic Allow executing any command inside all cilium pods Signed-off-by: Thomas Graf <thomas@cilium.io> | 27 February 2018, 14:21:01 UTC |
9e4ecfa | Joe Stringer | 26 February 2018, 21:24:08 UTC | bpf: Fail early if any clang/llc command fails Previously, these steps were not guaranteed to exit as soon as they failed. Add `|| exit 2` to ensure they fail when there's a compilation error in one of the define combinations. Signed-off-by: Joe Stringer <joe@covalent.io> | 27 February 2018, 02:30:42 UTC |
336f9ef | Joe Stringer | 26 February 2018, 18:38:39 UTC | bpf: Expand compilation testing of CIDR policy Add a few more build cases for testing compilation of CIDR map code. Signed-off-by: Joe Stringer <joe@covalent.io> | 27 February 2018, 02:30:42 UTC |
c0a3db7 | Joe Stringer | 26 February 2018, 18:36:50 UTC | bpf: Fix compilation of lpm4 trie lookup Signed-off-by: Joe Stringer <joe@covalent.io> | 27 February 2018, 02:30:42 UTC |
ebaa401 | Joe Stringer | 26 February 2018, 18:35:42 UTC | bpf: Rebuild depending on any bpf headers Extend the header dependencies to include all headers in bpf/ directory. Signed-off-by: Joe Stringer <joe@covalent.io> | 27 February 2018, 02:30:42 UTC |
32df92d | Joe Stringer | 22 February 2018, 21:00:00 UTC | bpf: Improve build coverage of bpf objects A few sections of the code were not being compile-tested when running 'make'. Fix this by defining some extra preprocessor variables in the default netdev and node configs. Signed-off-by: Joe Stringer <joe@covalent.io> | 27 February 2018, 02:30:42 UTC |
33bf26f | Joe Stringer | 23 February 2018, 17:56:50 UTC | bpf: Fix build caching for objects with options Previously, the build targets for the bpf_*.o files which need testing with multiple options were not creating the actual object file, so every time someone builds the bpf/ directory, it must recompile each of the files inside even if nothing in the code changed. Fix this issue by actually generating the file with no options while making these targets. Signed-off-by: Joe Stringer <joe@covalent.io> | 27 February 2018, 02:30:42 UTC |
6faabb6 | Thomas Graf | 26 February 2018, 19:02:44 UTC | k8s: Do not attempt to sync headless services to datapath Fixes: #2935 Signed-off-by: Thomas Graf <thomas@cilium.io> | 26 February 2018, 20:58:32 UTC |
c5afb29 | Ian Vernon | 26 February 2018, 20:38:35 UTC | test/runtime: fix indentation in test Signed-off by: Ian Vernon <ian@cilium.io> | 26 February 2018, 20:38:53 UTC |
9482156 | Ian Vernon | 22 February 2018, 22:31:28 UTC | tests: deprecate 16-cidr-ingress-policy Signed-off by: Ian Vernon <ian@cilium.io> | 26 February 2018, 20:38:53 UTC |
fbbd454 | Ian Vernon | 22 February 2018, 07:26:13 UTC | test/runtime: migrate 16-cidr-ingress-policy to Ginkgo Signed-off by: Ian Vernon <ian@cilium.io> | 26 February 2018, 20:38:53 UTC |
04c966a | Ian Vernon | 22 February 2018, 21:57:10 UTC | test/helpers: add easy-to-find lines delineating when report generation finishes Signed-off by: Ian Vernon <ian@cilium.io> | 26 February 2018, 20:38:53 UTC |
05d9bd9 | Ian Vernon | 22 February 2018, 21:56:32 UTC | test/helpers: add optional args to ContainerExec This allows for adding options to "docker exec" if desired. Signed-off by: Ian Vernon <ian@cilium.io> | 26 February 2018, 20:38:53 UTC |
0d784ae | Ian Vernon | 22 February 2018, 07:25:43 UTC | test/helpers: add IPv6Gateway Property to ContainerInspectNet Signed-off by: Ian Vernon <ian@cilium.io> | 26 February 2018, 20:38:53 UTC |
1c18d1d | Thomas Graf | 23 February 2018, 19:15:31 UTC | cache: Support looking up reserved identities * Support resolving and listing reserved identities * Simplify bpf/init.sh by hardcoding the reserved identities which are static. * Convert `cilium identity list` and `cilium identity get` to use `text/tabwriter` and add uniformal `-o json` support. * Always list reserved identities for `cilium identity list` Example: ``` $ cilium identity list ID LABELS 4 [reserved:health] 3 [reserved:cluster] 1 [reserved:host] 2 [reserved:world] 58770 [reserved:health] 12536 [container:id.bar] 2558 [container:id.foo] ``` Fixes: #2857 Signed-off-by: Thomas Graf <thomas@cilium.io> | 26 February 2018, 20:35:54 UTC |
f011e0d | Eloy Coto | 26 February 2018, 15:23:50 UTC | Ginkgo: Add more cases NodePort test At the moment only the service in the local Port is tested, not the Nodeport. With this change the NodePort is tested on both hosts. Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 26 February 2018, 20:26:12 UTC |
79fc052 | Jarno Rajahalme | 26 February 2018, 18:34:03 UTC | envoy: Pass BAZEL_BUILD_OPTS to bazel test as well. Otherwise `make tests` invalidates the bazel cache, also for a subsequest `make`. Reported-by: Ray Bejjani <ray@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 26 February 2018, 19:57:53 UTC |
b60265a | Eloy Coto | 22 February 2018, 14:46:25 UTC | Ginkgo: Add support to kubernetes Beta and Alpha versions - Added support in `test/Vagrantfile` to alpha and Beta versions. - Added another step on test-kubernetes jenkinsfile - Fix some tables issues in docs Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 26 February 2018, 19:25:42 UTC |
2588fae | Thomas Graf | 25 February 2018, 16:18:25 UTC | bpf: Warn if another service is using a VXLAN device Fixes: #2925 Signed-off-by: Thomas Graf <thomas@cilium.io> | 26 February 2018, 18:14:53 UTC |
1fa7953 | Ray Bejjani | 26 February 2018, 13:25:24 UTC | k8s: Better logging & errors around CRD creation/update We confusingly always claimed to have updated and installed the CRD even when the correlated check would return false and no action is attempted. The logs now better reflect the actual actions the agent is attempting at the time. Signed-off-by: Ray Bejjani <ray@covalent.io> | 26 February 2018, 15:45:18 UTC |
9386700 | Manali Bhutiyani | 24 February 2018, 01:51:26 UTC | Kafka multinode K8s GSG CI tests Improve the WaitCiliumEndpointReady function passes arguments. Refactor Policy.go and kafkaPolicy.go Fixes Issue: #2911 Signed-off-by: Manali Bhutiyani <manali@covalent.io> | 24 February 2018, 06:08:07 UTC |
dbdcd25 | Manali Bhutiyani | 23 February 2018, 23:05:23 UTC | Make Kafka K8s GSG CI tests work on multinode setup This change makes the Kafka K8s GSG CI tests in Ginkgo work on a multinode setup. The setup looks like this: Kafka multinode setup: Ginkgo K8s1: 1. empire-backup 2. empire-hq 3. kafka-broker : ingress policy only Gingko K8s2: 1. zook 2. empire-outpost-8888 3. empire-outpost-9999 Fixes Issue: #2911 Signed-off-by: Manali Bhutiyani <manali@covalent.io> | 24 February 2018, 06:08:07 UTC |
6109818 | Joe Stringer | 23 February 2018, 17:27:43 UTC | docs: Simplify pip requirements check While we're at it, add 'sphinx' to the list of requirements. Signed-off-by: Joe Stringer <joe@covalent.io> | 24 February 2018, 04:57:20 UTC |
dc971e8 | Eloy Coto | 22 February 2018, 14:46:25 UTC | docs: Fix some tables issues [Joe: Split docs changes from k8s changes] Signed-off-by: Eloy Coto <eloy.coto@gmail.com> Signed-off-by: Joe Stringer <joe@covalent.io> | 24 February 2018, 04:57:20 UTC |
9829de2 | Joe Stringer | 23 February 2018, 07:12:33 UTC | Makefile: Build docs via dummy target in postcheck This is intended to encourage developers to keep the docs up to date and clean, rather than hiding documentation bugs behind a CI system somewhere. This target uses the sphinx "dummy" builder which only parses the docs and checks for consistency, but avoids actually creating output. There's one limitation with this dummy builder: It doesn't support the tabs assets which we use for YAML/JSON selection of policies. Typically this causes the following warning to be printed, which we use grep to avoid: WARNING: Not copying tabs assets! Not compatible with dummy builder Signed-off-by: Joe Stringer <joe@covalent.io> | 24 February 2018, 04:57:20 UTC |
75eecf6 | Joe Stringer | 23 February 2018, 06:20:55 UTC | docs: Build docs in container as current user Previously, docs were being built as root inside the container, which lead to root-owned files in Documentation/_build which required super user privileges to clean up. Pass the current UID/GID to the render-docs container so that build occurs as this user so the file permissions in the build directory are kept sane, and the current user can `make -C Documentation clean`. Signed-off-by: Joe Stringer <joe@covalent.io> | 24 February 2018, 04:57:20 UTC |
abdbaf1 | Joe Stringer | 23 February 2018, 05:32:05 UTC | docs: Fix various sphinx warnings & typos Signed-off-by: Joe Stringer <joe@covalent.io> | 24 February 2018, 04:57:20 UTC |
eae1bf8 | Ian Vernon | 21 February 2018, 02:40:29 UTC | tests: deprecate 12-policy-import.sh Signed-off by: Ian Vernon <ian@cilium.io> | 24 February 2018, 04:45:24 UTC |
2197686 | Ian Vernon | 21 February 2018, 02:39:35 UTC | test/runtime: migrate 12-policy-import to Ginkgo Signed-off by: Ian Vernon <ian@cilium.io> | 24 February 2018, 04:45:24 UTC |
599d0c6 | Ian Vernon | 23 February 2018, 01:51:50 UTC | tests: deprecate 10-proxy.sh Signed-off by: Ian Vernon <ian@cilium.io> | 24 February 2018, 04:42:06 UTC |
b62ccb8 | Ian Vernon | 23 February 2018, 01:28:29 UTC | test/helpers: add CurlWithHTTPCode helper function Add function which gets HTTP return code from curl. Signed-off by: Ian Vernon <ian@cilium.io> | 24 February 2018, 04:42:06 UTC |
74f60f3 | Ian Vernon | 23 February 2018, 01:27:55 UTC | test/runtime: fix improper quotation-mark placement Signed-off by: Ian Vernon <ian@cilium.io> | 24 February 2018, 04:42:06 UTC |
3332746 | Ray Bejjani | 23 February 2018, 13:01:06 UTC | controller: Allow controllers to exit In some circumstances a controller needs to encode complex logic on when to terminate or otherwise stop. This can be mimiced by blocking, or via more involved mechanisms utilising other goroutines. This change adds a return type that can be handled by the controller wrapper and signals the desire to exit. The reason given is recorded in the controller's status. Signed-off-by: Ray Bejjani <ray@covalent.io> | 24 February 2018, 04:41:07 UTC |
12a05ed | Jarno Rajahalme | 24 February 2018, 00:25:08 UTC | envoy: Fix access log path config. Access log path and listener ID were swapped between the callers and the constructor. Fix by swapping them in the constructor. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 24 February 2018, 02:36:52 UTC |
f68ee2b | Romain Lenglet | 22 February 2018, 22:12:24 UTC | daemon: Remove network policies from xDS for unused identities Signed-off-by: Romain Lenglet <romain@covalent.io> | 24 February 2018, 00:41:38 UTC |
295d598 | Romain Lenglet | 22 February 2018, 04:19:28 UTC | daemon: Publish consumable policy updates to proxies through xDS Use FromRequires clauses to refine the set of allowed remote identities for each proxy rule. Signed-off-by: Romain Lenglet <romain@covalent.io> | 24 February 2018, 00:41:38 UTC |
a008dc7 | Romain Lenglet | 23 February 2018, 01:34:31 UTC | endpoint: Bypass adding/removing redirects when daemon is in dry run mode Signed-off-by: Romain Lenglet <romain@covalent.io> | 24 February 2018, 00:41:38 UTC |
f128c83 | Romain Lenglet | 22 February 2018, 05:55:36 UTC | xds: Define ResourceMutator.Clear to delete all resources of a type Signed-off-by: Romain Lenglet <romain@covalent.io> | 24 February 2018, 00:41:38 UTC |
a2db380 | Romain Lenglet | 21 February 2018, 19:14:54 UTC | proxy: Extend Proxy to allow updating/removing xDS network policies Convert L4 policies into NetworkPolicy resources and publish them to L7 proxies using the NPDS protocol. The conversion enforces a canonical representation of network policies (all lists are sorted, etc.) to allow identifying when a policy hasn't changed and minimize the volume of xDS gRPC messages exchanged with L7 proxies. Signed-off-by: Romain Lenglet <romain@covalent.io> | 24 February 2018, 00:41:38 UTC |
53f2522 | Romain Lenglet | 21 February 2018, 17:28:08 UTC | envoy: Remove the filter name from NetworkPolicy resource Signed-off-by: Romain Lenglet <romain@covalent.io> | 24 February 2018, 00:41:38 UTC |
0da6e54 | André Martins | 23 February 2018, 19:47:47 UTC | Remove make GIT_VERSION workaround Signed-off-by: André Martins <andre@cilium.io> | 24 February 2018, 00:38:29 UTC |
4b92b43 | André Martins | 15 February 2018, 13:14:32 UTC | envoy: add bazel remote caching In order to build bazel in CI without getting cache misses, the flag experimental_strict_action_env was added as a bazel flag. Signed-off-by: André Martins <andre@cilium.io> | 24 February 2018, 00:38:29 UTC |
4e6ff7f | André Martins | 12 February 2018, 15:00:03 UTC | test: removed unnecessary sudo for docker invocations Signed-off-by: André Martins <andre@cilium.io> | 24 February 2018, 00:38:29 UTC |
b15589a | André Martins | 12 February 2018, 14:45:59 UTC | test: adapt Vagrantfile for new cilium/ubuntu image Signed-off-by: André Martins <andre@cilium.io> | 24 February 2018, 00:38:29 UTC |
30563a8 | André Martins | 18 February 2018, 22:36:42 UTC | Vagrantfile: adapt dev Vagrantfile to new cilium/ubuntu image Signed-off-by: André Martins <andre@cilium.io> | 24 February 2018, 00:38:29 UTC |
583d87a | Thomas Graf | 23 February 2018, 16:18:06 UTC | cilium: Add identity and lifetime to cilium bpf proxy list Signed-off-by: Thomas Graf <thomas@cilium.io> | 23 February 2018, 17:46:14 UTC |
e7f4f57 | Thomas Graf | 23 February 2018, 16:18:06 UTC | bpf: Always update the lifetime of proxymap entries The proxymap insertion logic depends on the NEEDS_UPDATE define to decide whether the lifetime fields should be filled. NEEDS_UPDATE is defined if the kernel does not support LRU maps. Unfortunately, the proxymaps are not converted to LRU maps even if available which caused the lifetime not to be updated on kernels which support LRU maps. Signed-off-by: Thomas Graf <thomas@cilium.io> | 23 February 2018, 17:46:14 UTC |
23a6156 | Thomas Graf | 23 February 2018, 16:18:06 UTC | kafka: Report error message when writing access log to debug log Signed-off-by: Thomas Graf <thomas@cilium.io> | 23 February 2018, 17:46:14 UTC |
2dac62c | Thomas Graf | 23 February 2018, 16:18:06 UTC | proxy: Cleanup BPF proxy map on removal of redirect Entries will still expire but this accelerates the removal which is required in combination with the extended lifetime. Signed-off-by: Thomas Graf <thomas@cilium.io> | 23 February 2018, 17:46:14 UTC |
a805b25 | Thomas Graf | 23 February 2018, 16:18:06 UTC | bpf: Keep connection tracking entries around for at least 12h Signed-off-by: Thomas Graf <thomas@cilium.io> | 23 February 2018, 17:46:14 UTC |
72c4d20 | Thomas Graf | 23 February 2018, 16:18:06 UTC | bpf: Increase proxymap entry expire time to 1d Signed-off-by: Thomas Graf <thomas@cilium.io> | 23 February 2018, 17:46:14 UTC |
f8e147b | Michal Rostecki | 21 February 2018, 16:36:36 UTC | test: Increase line count for bpf tunnel list command After introducing TablePrinter for all bpf-related commands, `bpf tunnel list` command has a header, which increases the line count by 1. Signed-off-by: Michal Rostecki <mrostecki@suse.com> | 23 February 2018, 09:17:44 UTC |
9340ff2 | Michal Rostecki | 16 February 2018, 16:51:16 UTC | cilium/cmd: Use Dump method from maps and TableWriter In order to minimize the amount of code doing the same things on BPF map printing, this change introduces usage of Dump method from BPF map objects (which dumps the whole map into the given Go map) and usage of TableWriter (which prints any data contained in map[string][]string). Signed-off-by: Michal Rostecki <mrostecki@suse.com> | 23 February 2018, 09:17:44 UTC |
9bd16da | Michal Rostecki | 16 February 2018, 16:49:22 UTC | cilium/cmd: Add TablePrinter helper To avoid using tabwriter in the same way several times in different commands, this utility is able to print any table with two columns, using data represented as map[string][]string. Signed-off-by: Michal Rostecki <mrostecki@suse.com> | 23 February 2018, 09:17:44 UTC |
f22a811 | Michal Rostecki | 19 February 2018, 07:58:59 UTC | daemon: Call DeleteAll on LXCMap directly After recent changes in BPF map structures and interfaces, we access map objects directly and call their methods. Signed-off-by: Michal Rostecki <mrostecki@suse.com> | 23 February 2018, 09:17:44 UTC |
3071bf9 | Michal Rostecki | 16 February 2018, 15:55:20 UTC | daemon: Use the new DumpWithCallback method After recent changes in pkg/bpf and pkg/maps, Dump method returns a Go map and custom dump functionality moved to DumpWithCallback. Signed-off-by: Michal Rostecki <mrostecki@suse.com> | 23 February 2018, 09:17:44 UTC |
f20fda7 | Michal Rostecki | 16 February 2018, 15:54:27 UTC | pkg/proxy: Use the new pkg/maps/proxymap package Signed-off-by: Michal Rostecki <mrostecki@suse.com> | 23 February 2018, 09:17:44 UTC |
a0469a4 | Michal Rostecki | 16 February 2018, 15:40:53 UTC | pkg/maps/proxymap: Move out ProxyMap from pkg/proxy All map definitions should belong to the pkg/maps package. Also, the new ProxyMap packages uses the new pkg/bpf interfaces. Signed-off-by: Michal Rostecki <mrostecki@suse.com> | 23 February 2018, 09:17:44 UTC |
7bde61a | Michal Rostecki | 16 February 2018, 15:52:26 UTC | pkg/maps: Export all map objects and adjust them to new interfaces Since Dump method is a part of Map struct, we need to export all maps to make them accessible for dumping by the other modules. Also, all maps needed to be adjusted to new definitions of interfaces in pkg/bpf. Signed-off-by: Michal Rostecki <mrostecki@suse.com> | 23 February 2018, 09:17:44 UTC |
9820c82 | Michal Rostecki | 16 February 2018, 15:43:36 UTC | pkg/bpf: Unify dumping for all maps Before this change, every module in cilium/cmd which lists the content of maps, implemented its own callback function for dumping BPF maps as Go maps. That resulted in many copied&pasted code. After introducing the Dump method for all maps, and moving the functionality of dumping with custom callback function to DumpWithCallback, we can get rid of repetetive code in CLI. Signed-off-by: Michal Rostecki <mrostecki@suse.com> | 23 February 2018, 09:17:44 UTC |
b0f98ed | Thomas Graf | 22 February 2018, 20:32:04 UTC | agent: Fix --debug-verbose flag The version of Viper vendored seems broken when in use with StringSlice. It is expecting whitespaces instead of coma separated strings. Move to using a slice variable instead of relying on viper. Signed-off-by: Thomas Graf <thomas@cilium.io> | 23 February 2018, 02:16:52 UTC |
c3ec9c0 | Joe Stringer | 23 February 2018, 00:30:22 UTC | docs: Describe precedence of services and L4 policy Signed-off-by: Joe Stringer <joe@covalent.io> | 23 February 2018, 02:16:05 UTC |
d2b28b1 | Joe Stringer | 23 February 2018, 00:30:13 UTC | docs: Fix typo in l4 examples Signed-off-by: Joe Stringer <joe@covalent.io> | 23 February 2018, 02:16:05 UTC |
89a3ed7 | Joe Stringer | 23 February 2018, 00:28:09 UTC | docs: Describe caveats of policy trace Signed-off-by: Joe Stringer <joe@covalent.io> | 23 February 2018, 02:16:05 UTC |
6db26d1 | Joe Stringer | 22 February 2018, 22:56:24 UTC | bpf: Make L4 egress policy aware of services When services are configured, it's expected that L4 egress policy takes this into account. For example, when an endpoint is sending to port 80, then a service converts this port 80 => 8080, the egress L4 policy should be written to match port 8080. This is already the case for IPv6, make IPv4 consistent with IPv6. Signed-off-by: Joe Stringer <joe@covalent.io> | 23 February 2018, 02:15:34 UTC |
03ac14f | Joe Stringer | 22 February 2018, 23:36:16 UTC | runtime/lb: Test egress policy with services on L4 Signed-off-by: Joe Stringer <joe@covalent.io> | 23 February 2018, 02:15:34 UTC |
3525490 | Joe Stringer | 22 February 2018, 22:54:32 UTC | test/runtime: Refactor client request port This will make the next test easier to introduce. This commit should have no functional impact. Signed-off-by: Joe Stringer <joe@covalent.io> | 23 February 2018, 02:15:34 UTC |
cb48934 | Manali Bhutiyani | 21 February 2018, 22:33:34 UTC | Add support for K1.6 ginkgo tests. Fixes Issue: #2602 Signed-Off-By: Manali Bhutiyani <manali@covalent.io> | 22 February 2018, 23:41:21 UTC |
72a0c11 | Manali Bhutiyani | 20 February 2018, 05:06:17 UTC | Ginkgo : Move Kafka specific helpers in KafkaPolicies.go Fixes Issue: #2602 Signed-Off-By: Manali Bhutiyani <manali@covalent.io> | 22 February 2018, 23:41:21 UTC |
4d66f2b | Manali Bhutiyani | 19 February 2018, 22:52:14 UTC | Ginkgo : Refactoring: K8s CI Coverage for Kafka GSG This change refactors all the common utility functions between HTTP tests in Policy.go, Nightly.go and KafkaPolicy.go Fixes Issue: #2602 Signed-Off-By: Manali Bhutiyani <manali@covalent.io> | 22 February 2018, 23:41:21 UTC |
8600de6 | Manali Bhutiyani | 13 February 2018, 19:18:46 UTC | Ginkgo : Support multinode K8s CI Coverage for Kafka GSG These changes add support for testing Kafka GSG on a multinode K8s environment in Ginkgo. They follow the same steps as GSG and in addition a couple of other tests like policy trace, to test validity of Kafka L7 policy enforcement on K8s multinode environment. Fixes Issue: #2602 Signed-Off-By: Manali Bhutiyani <manali@covalent.io> | 22 February 2018, 23:41:21 UTC |
80e7094 | Eloy Coto | 16 February 2018, 17:16:15 UTC | Nightly: Fix some fails on Nightly testcases - Fixed issues with index on Manifest Generator - Change restart endpoints from Nighlty to Chaos. Move the function to master runs, it's important to know the state. - On restart endpoints made a refactoring to send traffic always in background. To be sure that the loop never finished. - Change the Endpoints time, added more endpoints and small refactoring. (The Jenkins error message was not clear with the xargs) Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 22 February 2018, 18:33:02 UTC |
5d65d77 | Thomas Graf | 20 February 2018, 21:28:40 UTC | proxy: Provide proxy status via cilium status $ cilium status [...] Proxy Status: OK, ip 10.11.28.238, 1 redirects, port-range 10000-20000 $ cilium status --all-redirects [...] Proxy Status: OK, ip 10.11.28.238, 1 redirects, port-range 10000-20000 Redirect http, endpoint 38939 [container:id.bar], ingress 80->13949 (created 44m26s ago, last-updated 44m26s ago) - from {}: [{"path":"/public","method":"GET"}] -> 36 received, 20 forwarded, 16 denied, 0 error <- 20 received, 20 forwarded, 0 denied, 0 error Signed-off-by: Thomas Graf <thomas@cilium.io> | 22 February 2018, 14:14:46 UTC |
403de45 | Thomas Graf | 20 February 2018, 21:37:12 UTC | api: Regenerate API code for proxy status fields Signed-off-by: Thomas Graf <thomas@cilium.io> | 22 February 2018, 14:14:46 UTC |
0b1bb83 | Thomas Graf | 20 February 2018, 15:25:25 UTC | api: Proxy status fields Signed-off-by: Thomas Graf <thomas@cilium.io> | 22 February 2018, 14:14:46 UTC |
6cc61ca | Eloy Coto | 15 February 2018, 18:22:47 UTC | Ginkgo: Add a jenkinsfile to trigger kubernetes 1.7 and 1.9 Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 22 February 2018, 00:01:54 UTC |
a43cbfb | Joe Stringer | 19 February 2018, 22:57:36 UTC | endpoint: Keep failed bpf load objects around If BPF endpoint generation fails, move the relevant objects to /var/run/cilium/state/$(EPID)_next_fail for later debugging. Fixes: #2859 Signed-off-by: Joe Stringer <joe@covalent.io> | 21 February 2018, 21:39:55 UTC |
34b3e11 | Joe Stringer | 21 February 2018, 18:25:13 UTC | test/runtime: Remove unnecessary sprintf Signed-off-by: Joe Stringer <joe@covalent.io> | 21 February 2018, 21:39:55 UTC |
0de6157 | Joe Stringer | 19 February 2018, 20:00:53 UTC | test: Add `make clean` target This will clean up the various manifests and other things left over by running the testsuite. Signed-off-by: Joe Stringer <joe@covalent.io> | 21 February 2018, 21:39:55 UTC |
89a4f47 | Ian Vernon | 21 February 2018, 00:37:11 UTC | misc: fix import order and add copyright headers Signed-off by: Ian Vernon <ian@cilium.io> | 21 February 2018, 21:21:50 UTC |
a77ba96 | Ian Vernon | 13 February 2018, 00:42:18 UTC | create identity package Factor out code from policy package related to identity allocation, types, etc. into a separate package. This was motivated by cyclic import issues faced in PR #2875. Update code to use this package accordingly. No change in functionality should occur as part of this commit. Signed-off by: Ian Vernon <ian@cilium.io> | 21 February 2018, 21:21:50 UTC |
aabb2a2 | Ian Vernon | 21 February 2018, 18:14:29 UTC | test/runtime: fix typo in error message Signed-off by: Ian Vernon <ian@cilium.io> | 21 February 2018, 21:12:33 UTC |
c666ffe | Romain Lenglet | 21 February 2018, 17:12:11 UTC | envoy: Add logging into envoy_test.go Signed-off-by: Romain Lenglet <romain@covalent.io> | 21 February 2018, 21:07:01 UTC |
8802da6 | Romain Lenglet | 20 February 2018, 00:27:14 UTC | envoy: Create and configure the caches for NPDS and NPHDS Signed-off-by: Romain Lenglet <romain@covalent.io> | 21 February 2018, 21:07:01 UTC |
600833f | Eloy Coto | 20 February 2018, 14:24:15 UTC | Ginkgo: Fix cilium state on RuntimeValidatedConntrackTest On Build 688 on recovery the policy was in place, so it fails after restart. The main issue was the leftover policy on the test that run just before. This ensure that the status are the same after finished the test https://jenkins.cilium.io/job/Cilium-PR-Ginkgo-Tests-Validated/688 ``` /home/jenkins/workspace/Cilium-PR-Ginkgo-Tests-Validated/src/github.com/cilium/cilium/test/runtime/chaos.go:66 Expected <string>: "... Disabl..." to equal | <string>: "... Enable..." /home/jenkins/workspace/Cilium-PR-Ginkgo-Tests-Validated/src/github.com/cilium/cilium/test/runtime/chaos.go:88 level=info msg="Cilium status is true" testName=RuntimeValidatedChaos STEP: original: ENDPOINT POLICY (ingress) POLICY (egress) IDENTITY LABELS (source:key[=value]) IPv6 IPv4 STATUS ENFORCEMENT ENFORCEMENT 15009 Enabled Disabled 3749 container:id.server f00d::a0f:0:0:3aa1 10.15.222.0 ready 63264 Disabled Disabled 6263 container:id.client f00d::a0f:0:0:f720 10.15.154.57 ready STEP: new: ENDPOINT POLICY (ingress) POLICY (egress) IDENTITY LABELS (source:key[=value]) IPv6 IPv4 STATUS ENFORCEMENT ENFORCEMENT 15009 Disabled Disabled 3749 container:id.server f00d::a0f:0:0:3aa1 10.15.222.0 ready 63264 Disabled Disabled 6263 container:id.client f00d::a0f:0:0:f720 10.15.154.57 ready ``` Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 21 February 2018, 18:11:52 UTC |
9a04c3c | Joe Stringer | 20 February 2018, 22:32:18 UTC | test/runtime: Clarify the services+policies tests Do some minor refactoring and clarifying the style of the By() statements to make it more clear exactly what kind of tests each portion of the function are making. Signed-off-by: Joe Stringer <joe@covalent.io> | 21 February 2018, 17:59:38 UTC |
f499586 | Joe Stringer | 20 February 2018, 22:31:24 UTC | test/runtime: Test ingress deny with app3 The LB tests were previously testing ingress deny with app2, which actually has an egress policy applied. Use app3 instead, which has no policy (therefore it should only hit the ingress policy of the service) Signed-off-by: Joe Stringer <joe@covalent.io> | 21 February 2018, 17:59:38 UTC |
45da844 | Joe Stringer | 20 February 2018, 22:05:51 UTC | test/runtime: Clean up after LB test The LB device wasn't being cleaned up properly after each test. This commit introduces some basic cleanup for that device. Signed-off-by: Joe Stringer <joe@covalent.io> | 21 February 2018, 17:59:38 UTC |