Skip to main content

Browse the archive

https://github.com/cilium/cilium
09 April 2024, 21:14:05 UTC
sort by:
Revision Author Date Message Commit Date
85eaf5a André Martins 21 February 2018, 02:28:01 UTC k8s: add enforce and revision fields to CNP status Add controllers for each cilium network policy that allows to update the revision number and its enforcement on the endpoints running on each node. Output example from different sources (K8S - 172 is not running with this changes): $ cilium status --all-controllers ... Name Last success Last error Count Message ... sync-cnp-policy-status (v2 default/guestbook-web) 4s ago never 0 no error ... $ kubectl describe cnp Name: guestbook-web Namespace: default API Version: cilium.io/v2 .... Status: Nodes: K 8 S - 171: Enforcing: true Last Updated: 2018-02-21T02:49:53.063373958Z Local Policy Revision: 7 Ok: true K 8 S - 172: Last Updated: 2018-02-20T14:53:51.928648228Z Ok: true $ cilium policy get | tail -n 1 Revision: 7 Backports: 02a186f70b5a65d4c803b411725e7efc6bf175f7 28 February 2018, 20:51:25 UTC
b7beec7 André Martins 21 February 2018, 02:30:58 UTC pkg/endpointmanager: add WaitForEndpointsAtPolicyRev By using the WaitForPolicyRevision function implemented in the endpoint we can leverage to know when all the endpoints have reached a given policy revision. Backports: acd6ebac183b02ae2681457f68e0e98a828d3a89 Signed-off-by: André Martins <andre@cilium.io> 28 February 2018, 20:50:02 UTC
39dbe6b André Martins 20 February 2018, 21:09:04 UTC pkg/endpoint: add signals for policy revision Add a signal mechanism to detect if a policy revision of a particular endpoint was changed. This is done throught golang channels instead of polling the policy revision. Backports: d2e928118ec1f293ef02cb44d5bec0279e5908e1 Signed-off-by: André Martins <andre@cilium.io> 28 February 2018, 20:49:34 UTC
d68fd94 André Martins 20 February 2018, 16:14:11 UTC pkg/endpoint: add policyRevision Setter Backports: 7a3586fdd5eb44e59547921b636c4cb22281d827 Signed-off-by: André Martins <andre@cilium.io> 28 February 2018, 20:49:03 UTC
c54ebc5 Jarno Rajahalme 28 February 2018, 19:10:14 UTC envoy: Use downstream HTTP protocol for upstream connections. gRPC connectivity fail if transported over HTTP/1 connections. The way this feature is configured changed when upstreaming to Envoy, and the refactored code inadvertently used the enum for using the configured rather than downstream protocol for upstream connections. Backports: fcdfbcb83ff33aec1033f1b171b37ed877b95349 Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Reported-by: Ian Vernon <ian@cilium.io> 28 February 2018, 20:47:35 UTC
8f1f166 Thomas Graf 26 February 2018, 23:59:59 UTC monitor: Hide message construction in BuildMessage() Signed-off-by: Thomas Graf <thomas@cilium.io> 27 February 2018, 14:21:45 UTC
591633c Thomas Graf 26 February 2018, 15:58:10 UTC monitor: Introduce buffer to queue per listener notifications This decouples multiple readers and avoids blocking other readers if one of the readers can't keep it up. Signed-off-by: Thomas Graf <thomas@cilium.io> 27 February 2018, 14:21:45 UTC
1d4efc5 Thomas Graf 26 February 2018, 15:58:10 UTC monitor: Concat byte buffers before writing Signed-off-by: Thomas Graf <thomas@cilium.io> 27 February 2018, 14:21:45 UTC
0cfd8be Thomas Graf 26 February 2018, 15:58:10 UTC monitor: Introduce channel to buffer notifications * Makes SendEvent() lockless and non-blocking. Notifications are enqueued to a channel and in case the channel is full, the notification is dropped. * Lost notifications are accounted for and reported * The writing to the pipe is made via a single Write() call to maximise the chances that either none of the message buffer or all of it is written to the pipe. Signed-off-by: Thomas Graf <thomas@cilium.io> 27 February 2018, 14:21:45 UTC
1fde5a3 Thomas Graf 26 February 2018, 15:58:10 UTC monitor: Move sendEvent() to NodeMonitor struct No functional change of code Signed-off-by: Thomas Graf <thomas@cilium.io> 27 February 2018, 14:21:45 UTC
e19c15f Thomas Graf 27 February 2018, 00:43:42 UTC Documentation: Add section to retrieve overall health Signed-off-by: Thomas Graf <thomas@cilium.io> 27 February 2018, 14:21:01 UTC
0cc4330 Thomas Graf 27 February 2018, 00:38:14 UTC Documentation: Fix render-docs on OSX * Do not use $(MAKE) as it will expand to a path that is not avaiable inside the container. * Do not attempt to overwrite uid:gid as it will not allow to bind to port 80 Signed-off-by: Thomas Graf <thomas@cilium.io> 27 February 2018, 14:21:01 UTC
3dd2e9c Thomas Graf 26 February 2018, 23:43:25 UTC contrib: Make k8s-monitor.sh more generic Allow executing any command inside all cilium pods Signed-off-by: Thomas Graf <thomas@cilium.io> 27 February 2018, 14:21:01 UTC
9e4ecfa Joe Stringer 26 February 2018, 21:24:08 UTC bpf: Fail early if any clang/llc command fails Previously, these steps were not guaranteed to exit as soon as they failed. Add `|| exit 2` to ensure they fail when there's a compilation error in one of the define combinations. Signed-off-by: Joe Stringer <joe@covalent.io> 27 February 2018, 02:30:42 UTC
336f9ef Joe Stringer 26 February 2018, 18:38:39 UTC bpf: Expand compilation testing of CIDR policy Add a few more build cases for testing compilation of CIDR map code. Signed-off-by: Joe Stringer <joe@covalent.io> 27 February 2018, 02:30:42 UTC
c0a3db7 Joe Stringer 26 February 2018, 18:36:50 UTC bpf: Fix compilation of lpm4 trie lookup Signed-off-by: Joe Stringer <joe@covalent.io> 27 February 2018, 02:30:42 UTC
ebaa401 Joe Stringer 26 February 2018, 18:35:42 UTC bpf: Rebuild depending on any bpf headers Extend the header dependencies to include all headers in bpf/ directory. Signed-off-by: Joe Stringer <joe@covalent.io> 27 February 2018, 02:30:42 UTC
32df92d Joe Stringer 22 February 2018, 21:00:00 UTC bpf: Improve build coverage of bpf objects A few sections of the code were not being compile-tested when running 'make'. Fix this by defining some extra preprocessor variables in the default netdev and node configs. Signed-off-by: Joe Stringer <joe@covalent.io> 27 February 2018, 02:30:42 UTC
33bf26f Joe Stringer 23 February 2018, 17:56:50 UTC bpf: Fix build caching for objects with options Previously, the build targets for the bpf_*.o files which need testing with multiple options were not creating the actual object file, so every time someone builds the bpf/ directory, it must recompile each of the files inside even if nothing in the code changed. Fix this issue by actually generating the file with no options while making these targets. Signed-off-by: Joe Stringer <joe@covalent.io> 27 February 2018, 02:30:42 UTC
6faabb6 Thomas Graf 26 February 2018, 19:02:44 UTC k8s: Do not attempt to sync headless services to datapath Fixes: #2935 Signed-off-by: Thomas Graf <thomas@cilium.io> 26 February 2018, 20:58:32 UTC
c5afb29 Ian Vernon 26 February 2018, 20:38:35 UTC test/runtime: fix indentation in test Signed-off by: Ian Vernon <ian@cilium.io> 26 February 2018, 20:38:53 UTC
9482156 Ian Vernon 22 February 2018, 22:31:28 UTC tests: deprecate 16-cidr-ingress-policy Signed-off by: Ian Vernon <ian@cilium.io> 26 February 2018, 20:38:53 UTC
fbbd454 Ian Vernon 22 February 2018, 07:26:13 UTC test/runtime: migrate 16-cidr-ingress-policy to Ginkgo Signed-off by: Ian Vernon <ian@cilium.io> 26 February 2018, 20:38:53 UTC
04c966a Ian Vernon 22 February 2018, 21:57:10 UTC test/helpers: add easy-to-find lines delineating when report generation finishes Signed-off by: Ian Vernon <ian@cilium.io> 26 February 2018, 20:38:53 UTC
05d9bd9 Ian Vernon 22 February 2018, 21:56:32 UTC test/helpers: add optional args to ContainerExec This allows for adding options to "docker exec" if desired. Signed-off by: Ian Vernon <ian@cilium.io> 26 February 2018, 20:38:53 UTC
0d784ae Ian Vernon 22 February 2018, 07:25:43 UTC test/helpers: add IPv6Gateway Property to ContainerInspectNet Signed-off by: Ian Vernon <ian@cilium.io> 26 February 2018, 20:38:53 UTC
1c18d1d Thomas Graf 23 February 2018, 19:15:31 UTC cache: Support looking up reserved identities * Support resolving and listing reserved identities * Simplify bpf/init.sh by hardcoding the reserved identities which are static. * Convert `cilium identity list` and `cilium identity get` to use `text/tabwriter` and add uniformal `-o json` support. * Always list reserved identities for `cilium identity list` Example: ``` $ cilium identity list ID LABELS 4 [reserved:health] 3 [reserved:cluster] 1 [reserved:host] 2 [reserved:world] 58770 [reserved:health] 12536 [container:id.bar] 2558 [container:id.foo] ``` Fixes: #2857 Signed-off-by: Thomas Graf <thomas@cilium.io> 26 February 2018, 20:35:54 UTC
f011e0d Eloy Coto 26 February 2018, 15:23:50 UTC Ginkgo: Add more cases NodePort test At the moment only the service in the local Port is tested, not the Nodeport. With this change the NodePort is tested on both hosts. Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 26 February 2018, 20:26:12 UTC
79fc052 Jarno Rajahalme 26 February 2018, 18:34:03 UTC envoy: Pass BAZEL_BUILD_OPTS to bazel test as well. Otherwise `make tests` invalidates the bazel cache, also for a subsequest `make`. Reported-by: Ray Bejjani <ray@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> 26 February 2018, 19:57:53 UTC
b60265a Eloy Coto 22 February 2018, 14:46:25 UTC Ginkgo: Add support to kubernetes Beta and Alpha versions - Added support in `test/Vagrantfile` to alpha and Beta versions. - Added another step on test-kubernetes jenkinsfile - Fix some tables issues in docs Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 26 February 2018, 19:25:42 UTC
2588fae Thomas Graf 25 February 2018, 16:18:25 UTC bpf: Warn if another service is using a VXLAN device Fixes: #2925 Signed-off-by: Thomas Graf <thomas@cilium.io> 26 February 2018, 18:14:53 UTC
1fa7953 Ray Bejjani 26 February 2018, 13:25:24 UTC k8s: Better logging & errors around CRD creation/update We confusingly always claimed to have updated and installed the CRD even when the correlated check would return false and no action is attempted. The logs now better reflect the actual actions the agent is attempting at the time. Signed-off-by: Ray Bejjani <ray@covalent.io> 26 February 2018, 15:45:18 UTC
9386700 Manali Bhutiyani 24 February 2018, 01:51:26 UTC Kafka multinode K8s GSG CI tests Improve the WaitCiliumEndpointReady function passes arguments. Refactor Policy.go and kafkaPolicy.go Fixes Issue: #2911 Signed-off-by: Manali Bhutiyani <manali@covalent.io> 24 February 2018, 06:08:07 UTC
dbdcd25 Manali Bhutiyani 23 February 2018, 23:05:23 UTC Make Kafka K8s GSG CI tests work on multinode setup This change makes the Kafka K8s GSG CI tests in Ginkgo work on a multinode setup. The setup looks like this: Kafka multinode setup: Ginkgo K8s1: 1. empire-backup 2. empire-hq 3. kafka-broker : ingress policy only Gingko K8s2: 1. zook 2. empire-outpost-8888 3. empire-outpost-9999 Fixes Issue: #2911 Signed-off-by: Manali Bhutiyani <manali@covalent.io> 24 February 2018, 06:08:07 UTC
6109818 Joe Stringer 23 February 2018, 17:27:43 UTC docs: Simplify pip requirements check While we're at it, add 'sphinx' to the list of requirements. Signed-off-by: Joe Stringer <joe@covalent.io> 24 February 2018, 04:57:20 UTC
dc971e8 Eloy Coto 22 February 2018, 14:46:25 UTC docs: Fix some tables issues [Joe: Split docs changes from k8s changes] Signed-off-by: Eloy Coto <eloy.coto@gmail.com> Signed-off-by: Joe Stringer <joe@covalent.io> 24 February 2018, 04:57:20 UTC
9829de2 Joe Stringer 23 February 2018, 07:12:33 UTC Makefile: Build docs via dummy target in postcheck This is intended to encourage developers to keep the docs up to date and clean, rather than hiding documentation bugs behind a CI system somewhere. This target uses the sphinx "dummy" builder which only parses the docs and checks for consistency, but avoids actually creating output. There's one limitation with this dummy builder: It doesn't support the tabs assets which we use for YAML/JSON selection of policies. Typically this causes the following warning to be printed, which we use grep to avoid: WARNING: Not copying tabs assets! Not compatible with dummy builder Signed-off-by: Joe Stringer <joe@covalent.io> 24 February 2018, 04:57:20 UTC
75eecf6 Joe Stringer 23 February 2018, 06:20:55 UTC docs: Build docs in container as current user Previously, docs were being built as root inside the container, which lead to root-owned files in Documentation/_build which required super user privileges to clean up. Pass the current UID/GID to the render-docs container so that build occurs as this user so the file permissions in the build directory are kept sane, and the current user can `make -C Documentation clean`. Signed-off-by: Joe Stringer <joe@covalent.io> 24 February 2018, 04:57:20 UTC
abdbaf1 Joe Stringer 23 February 2018, 05:32:05 UTC docs: Fix various sphinx warnings & typos Signed-off-by: Joe Stringer <joe@covalent.io> 24 February 2018, 04:57:20 UTC
eae1bf8 Ian Vernon 21 February 2018, 02:40:29 UTC tests: deprecate 12-policy-import.sh Signed-off by: Ian Vernon <ian@cilium.io> 24 February 2018, 04:45:24 UTC
2197686 Ian Vernon 21 February 2018, 02:39:35 UTC test/runtime: migrate 12-policy-import to Ginkgo Signed-off by: Ian Vernon <ian@cilium.io> 24 February 2018, 04:45:24 UTC
599d0c6 Ian Vernon 23 February 2018, 01:51:50 UTC tests: deprecate 10-proxy.sh Signed-off by: Ian Vernon <ian@cilium.io> 24 February 2018, 04:42:06 UTC
b62ccb8 Ian Vernon 23 February 2018, 01:28:29 UTC test/helpers: add CurlWithHTTPCode helper function Add function which gets HTTP return code from curl. Signed-off by: Ian Vernon <ian@cilium.io> 24 February 2018, 04:42:06 UTC
74f60f3 Ian Vernon 23 February 2018, 01:27:55 UTC test/runtime: fix improper quotation-mark placement Signed-off by: Ian Vernon <ian@cilium.io> 24 February 2018, 04:42:06 UTC
3332746 Ray Bejjani 23 February 2018, 13:01:06 UTC controller: Allow controllers to exit In some circumstances a controller needs to encode complex logic on when to terminate or otherwise stop. This can be mimiced by blocking, or via more involved mechanisms utilising other goroutines. This change adds a return type that can be handled by the controller wrapper and signals the desire to exit. The reason given is recorded in the controller's status. Signed-off-by: Ray Bejjani <ray@covalent.io> 24 February 2018, 04:41:07 UTC
12a05ed Jarno Rajahalme 24 February 2018, 00:25:08 UTC envoy: Fix access log path config. Access log path and listener ID were swapped between the callers and the constructor. Fix by swapping them in the constructor. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> 24 February 2018, 02:36:52 UTC
f68ee2b Romain Lenglet 22 February 2018, 22:12:24 UTC daemon: Remove network policies from xDS for unused identities Signed-off-by: Romain Lenglet <romain@covalent.io> 24 February 2018, 00:41:38 UTC
295d598 Romain Lenglet 22 February 2018, 04:19:28 UTC daemon: Publish consumable policy updates to proxies through xDS Use FromRequires clauses to refine the set of allowed remote identities for each proxy rule. Signed-off-by: Romain Lenglet <romain@covalent.io> 24 February 2018, 00:41:38 UTC
a008dc7 Romain Lenglet 23 February 2018, 01:34:31 UTC endpoint: Bypass adding/removing redirects when daemon is in dry run mode Signed-off-by: Romain Lenglet <romain@covalent.io> 24 February 2018, 00:41:38 UTC
f128c83 Romain Lenglet 22 February 2018, 05:55:36 UTC xds: Define ResourceMutator.Clear to delete all resources of a type Signed-off-by: Romain Lenglet <romain@covalent.io> 24 February 2018, 00:41:38 UTC
a2db380 Romain Lenglet 21 February 2018, 19:14:54 UTC proxy: Extend Proxy to allow updating/removing xDS network policies Convert L4 policies into NetworkPolicy resources and publish them to L7 proxies using the NPDS protocol. The conversion enforces a canonical representation of network policies (all lists are sorted, etc.) to allow identifying when a policy hasn't changed and minimize the volume of xDS gRPC messages exchanged with L7 proxies. Signed-off-by: Romain Lenglet <romain@covalent.io> 24 February 2018, 00:41:38 UTC
53f2522 Romain Lenglet 21 February 2018, 17:28:08 UTC envoy: Remove the filter name from NetworkPolicy resource Signed-off-by: Romain Lenglet <romain@covalent.io> 24 February 2018, 00:41:38 UTC
0da6e54 André Martins 23 February 2018, 19:47:47 UTC Remove make GIT_VERSION workaround Signed-off-by: André Martins <andre@cilium.io> 24 February 2018, 00:38:29 UTC
4b92b43 André Martins 15 February 2018, 13:14:32 UTC envoy: add bazel remote caching In order to build bazel in CI without getting cache misses, the flag experimental_strict_action_env was added as a bazel flag. Signed-off-by: André Martins <andre@cilium.io> 24 February 2018, 00:38:29 UTC
4e6ff7f André Martins 12 February 2018, 15:00:03 UTC test: removed unnecessary sudo for docker invocations Signed-off-by: André Martins <andre@cilium.io> 24 February 2018, 00:38:29 UTC
b15589a André Martins 12 February 2018, 14:45:59 UTC test: adapt Vagrantfile for new cilium/ubuntu image Signed-off-by: André Martins <andre@cilium.io> 24 February 2018, 00:38:29 UTC
30563a8 André Martins 18 February 2018, 22:36:42 UTC Vagrantfile: adapt dev Vagrantfile to new cilium/ubuntu image Signed-off-by: André Martins <andre@cilium.io> 24 February 2018, 00:38:29 UTC
583d87a Thomas Graf 23 February 2018, 16:18:06 UTC cilium: Add identity and lifetime to cilium bpf proxy list Signed-off-by: Thomas Graf <thomas@cilium.io> 23 February 2018, 17:46:14 UTC
e7f4f57 Thomas Graf 23 February 2018, 16:18:06 UTC bpf: Always update the lifetime of proxymap entries The proxymap insertion logic depends on the NEEDS_UPDATE define to decide whether the lifetime fields should be filled. NEEDS_UPDATE is defined if the kernel does not support LRU maps. Unfortunately, the proxymaps are not converted to LRU maps even if available which caused the lifetime not to be updated on kernels which support LRU maps. Signed-off-by: Thomas Graf <thomas@cilium.io> 23 February 2018, 17:46:14 UTC
23a6156 Thomas Graf 23 February 2018, 16:18:06 UTC kafka: Report error message when writing access log to debug log Signed-off-by: Thomas Graf <thomas@cilium.io> 23 February 2018, 17:46:14 UTC
2dac62c Thomas Graf 23 February 2018, 16:18:06 UTC proxy: Cleanup BPF proxy map on removal of redirect Entries will still expire but this accelerates the removal which is required in combination with the extended lifetime. Signed-off-by: Thomas Graf <thomas@cilium.io> 23 February 2018, 17:46:14 UTC
a805b25 Thomas Graf 23 February 2018, 16:18:06 UTC bpf: Keep connection tracking entries around for at least 12h Signed-off-by: Thomas Graf <thomas@cilium.io> 23 February 2018, 17:46:14 UTC
72c4d20 Thomas Graf 23 February 2018, 16:18:06 UTC bpf: Increase proxymap entry expire time to 1d Signed-off-by: Thomas Graf <thomas@cilium.io> 23 February 2018, 17:46:14 UTC
f8e147b Michal Rostecki 21 February 2018, 16:36:36 UTC test: Increase line count for bpf tunnel list command After introducing TablePrinter for all bpf-related commands, `bpf tunnel list` command has a header, which increases the line count by 1. Signed-off-by: Michal Rostecki <mrostecki@suse.com> 23 February 2018, 09:17:44 UTC
9340ff2 Michal Rostecki 16 February 2018, 16:51:16 UTC cilium/cmd: Use Dump method from maps and TableWriter In order to minimize the amount of code doing the same things on BPF map printing, this change introduces usage of Dump method from BPF map objects (which dumps the whole map into the given Go map) and usage of TableWriter (which prints any data contained in map[string][]string). Signed-off-by: Michal Rostecki <mrostecki@suse.com> 23 February 2018, 09:17:44 UTC
9bd16da Michal Rostecki 16 February 2018, 16:49:22 UTC cilium/cmd: Add TablePrinter helper To avoid using tabwriter in the same way several times in different commands, this utility is able to print any table with two columns, using data represented as map[string][]string. Signed-off-by: Michal Rostecki <mrostecki@suse.com> 23 February 2018, 09:17:44 UTC
f22a811 Michal Rostecki 19 February 2018, 07:58:59 UTC daemon: Call DeleteAll on LXCMap directly After recent changes in BPF map structures and interfaces, we access map objects directly and call their methods. Signed-off-by: Michal Rostecki <mrostecki@suse.com> 23 February 2018, 09:17:44 UTC
3071bf9 Michal Rostecki 16 February 2018, 15:55:20 UTC daemon: Use the new DumpWithCallback method After recent changes in pkg/bpf and pkg/maps, Dump method returns a Go map and custom dump functionality moved to DumpWithCallback. Signed-off-by: Michal Rostecki <mrostecki@suse.com> 23 February 2018, 09:17:44 UTC
f20fda7 Michal Rostecki 16 February 2018, 15:54:27 UTC pkg/proxy: Use the new pkg/maps/proxymap package Signed-off-by: Michal Rostecki <mrostecki@suse.com> 23 February 2018, 09:17:44 UTC
a0469a4 Michal Rostecki 16 February 2018, 15:40:53 UTC pkg/maps/proxymap: Move out ProxyMap from pkg/proxy All map definitions should belong to the pkg/maps package. Also, the new ProxyMap packages uses the new pkg/bpf interfaces. Signed-off-by: Michal Rostecki <mrostecki@suse.com> 23 February 2018, 09:17:44 UTC
7bde61a Michal Rostecki 16 February 2018, 15:52:26 UTC pkg/maps: Export all map objects and adjust them to new interfaces Since Dump method is a part of Map struct, we need to export all maps to make them accessible for dumping by the other modules. Also, all maps needed to be adjusted to new definitions of interfaces in pkg/bpf. Signed-off-by: Michal Rostecki <mrostecki@suse.com> 23 February 2018, 09:17:44 UTC
9820c82 Michal Rostecki 16 February 2018, 15:43:36 UTC pkg/bpf: Unify dumping for all maps Before this change, every module in cilium/cmd which lists the content of maps, implemented its own callback function for dumping BPF maps as Go maps. That resulted in many copied&pasted code. After introducing the Dump method for all maps, and moving the functionality of dumping with custom callback function to DumpWithCallback, we can get rid of repetetive code in CLI. Signed-off-by: Michal Rostecki <mrostecki@suse.com> 23 February 2018, 09:17:44 UTC
b0f98ed Thomas Graf 22 February 2018, 20:32:04 UTC agent: Fix --debug-verbose flag The version of Viper vendored seems broken when in use with StringSlice. It is expecting whitespaces instead of coma separated strings. Move to using a slice variable instead of relying on viper. Signed-off-by: Thomas Graf <thomas@cilium.io> 23 February 2018, 02:16:52 UTC
c3ec9c0 Joe Stringer 23 February 2018, 00:30:22 UTC docs: Describe precedence of services and L4 policy Signed-off-by: Joe Stringer <joe@covalent.io> 23 February 2018, 02:16:05 UTC
d2b28b1 Joe Stringer 23 February 2018, 00:30:13 UTC docs: Fix typo in l4 examples Signed-off-by: Joe Stringer <joe@covalent.io> 23 February 2018, 02:16:05 UTC
89a3ed7 Joe Stringer 23 February 2018, 00:28:09 UTC docs: Describe caveats of policy trace Signed-off-by: Joe Stringer <joe@covalent.io> 23 February 2018, 02:16:05 UTC
6db26d1 Joe Stringer 22 February 2018, 22:56:24 UTC bpf: Make L4 egress policy aware of services When services are configured, it's expected that L4 egress policy takes this into account. For example, when an endpoint is sending to port 80, then a service converts this port 80 => 8080, the egress L4 policy should be written to match port 8080. This is already the case for IPv6, make IPv4 consistent with IPv6. Signed-off-by: Joe Stringer <joe@covalent.io> 23 February 2018, 02:15:34 UTC
03ac14f Joe Stringer 22 February 2018, 23:36:16 UTC runtime/lb: Test egress policy with services on L4 Signed-off-by: Joe Stringer <joe@covalent.io> 23 February 2018, 02:15:34 UTC
3525490 Joe Stringer 22 February 2018, 22:54:32 UTC test/runtime: Refactor client request port This will make the next test easier to introduce. This commit should have no functional impact. Signed-off-by: Joe Stringer <joe@covalent.io> 23 February 2018, 02:15:34 UTC
cb48934 Manali Bhutiyani 21 February 2018, 22:33:34 UTC Add support for K1.6 ginkgo tests. Fixes Issue: #2602 Signed-Off-By: Manali Bhutiyani <manali@covalent.io> 22 February 2018, 23:41:21 UTC
72a0c11 Manali Bhutiyani 20 February 2018, 05:06:17 UTC Ginkgo : Move Kafka specific helpers in KafkaPolicies.go Fixes Issue: #2602 Signed-Off-By: Manali Bhutiyani <manali@covalent.io> 22 February 2018, 23:41:21 UTC
4d66f2b Manali Bhutiyani 19 February 2018, 22:52:14 UTC Ginkgo : Refactoring: K8s CI Coverage for Kafka GSG This change refactors all the common utility functions between HTTP tests in Policy.go, Nightly.go and KafkaPolicy.go Fixes Issue: #2602 Signed-Off-By: Manali Bhutiyani <manali@covalent.io> 22 February 2018, 23:41:21 UTC
8600de6 Manali Bhutiyani 13 February 2018, 19:18:46 UTC Ginkgo : Support multinode K8s CI Coverage for Kafka GSG These changes add support for testing Kafka GSG on a multinode K8s environment in Ginkgo. They follow the same steps as GSG and in addition a couple of other tests like policy trace, to test validity of Kafka L7 policy enforcement on K8s multinode environment. Fixes Issue: #2602 Signed-Off-By: Manali Bhutiyani <manali@covalent.io> 22 February 2018, 23:41:21 UTC
80e7094 Eloy Coto 16 February 2018, 17:16:15 UTC Nightly: Fix some fails on Nightly testcases - Fixed issues with index on Manifest Generator - Change restart endpoints from Nighlty to Chaos. Move the function to master runs, it's important to know the state. - On restart endpoints made a refactoring to send traffic always in background. To be sure that the loop never finished. - Change the Endpoints time, added more endpoints and small refactoring. (The Jenkins error message was not clear with the xargs) Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 22 February 2018, 18:33:02 UTC
5d65d77 Thomas Graf 20 February 2018, 21:28:40 UTC proxy: Provide proxy status via cilium status $ cilium status [...] Proxy Status: OK, ip 10.11.28.238, 1 redirects, port-range 10000-20000 $ cilium status --all-redirects [...] Proxy Status: OK, ip 10.11.28.238, 1 redirects, port-range 10000-20000 Redirect http, endpoint 38939 [container:id.bar], ingress 80->13949 (created 44m26s ago, last-updated 44m26s ago) - from {}: [{"path":"/public","method":"GET"}] -> 36 received, 20 forwarded, 16 denied, 0 error <- 20 received, 20 forwarded, 0 denied, 0 error Signed-off-by: Thomas Graf <thomas@cilium.io> 22 February 2018, 14:14:46 UTC
403de45 Thomas Graf 20 February 2018, 21:37:12 UTC api: Regenerate API code for proxy status fields Signed-off-by: Thomas Graf <thomas@cilium.io> 22 February 2018, 14:14:46 UTC
0b1bb83 Thomas Graf 20 February 2018, 15:25:25 UTC api: Proxy status fields Signed-off-by: Thomas Graf <thomas@cilium.io> 22 February 2018, 14:14:46 UTC
6cc61ca Eloy Coto 15 February 2018, 18:22:47 UTC Ginkgo: Add a jenkinsfile to trigger kubernetes 1.7 and 1.9 Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 22 February 2018, 00:01:54 UTC
a43cbfb Joe Stringer 19 February 2018, 22:57:36 UTC endpoint: Keep failed bpf load objects around If BPF endpoint generation fails, move the relevant objects to /var/run/cilium/state/$(EPID)_next_fail for later debugging. Fixes: #2859 Signed-off-by: Joe Stringer <joe@covalent.io> 21 February 2018, 21:39:55 UTC
34b3e11 Joe Stringer 21 February 2018, 18:25:13 UTC test/runtime: Remove unnecessary sprintf Signed-off-by: Joe Stringer <joe@covalent.io> 21 February 2018, 21:39:55 UTC
0de6157 Joe Stringer 19 February 2018, 20:00:53 UTC test: Add `make clean` target This will clean up the various manifests and other things left over by running the testsuite. Signed-off-by: Joe Stringer <joe@covalent.io> 21 February 2018, 21:39:55 UTC
89a4f47 Ian Vernon 21 February 2018, 00:37:11 UTC misc: fix import order and add copyright headers Signed-off by: Ian Vernon <ian@cilium.io> 21 February 2018, 21:21:50 UTC
a77ba96 Ian Vernon 13 February 2018, 00:42:18 UTC create identity package Factor out code from policy package related to identity allocation, types, etc. into a separate package. This was motivated by cyclic import issues faced in PR #2875. Update code to use this package accordingly. No change in functionality should occur as part of this commit. Signed-off by: Ian Vernon <ian@cilium.io> 21 February 2018, 21:21:50 UTC
aabb2a2 Ian Vernon 21 February 2018, 18:14:29 UTC test/runtime: fix typo in error message Signed-off by: Ian Vernon <ian@cilium.io> 21 February 2018, 21:12:33 UTC
c666ffe Romain Lenglet 21 February 2018, 17:12:11 UTC envoy: Add logging into envoy_test.go Signed-off-by: Romain Lenglet <romain@covalent.io> 21 February 2018, 21:07:01 UTC
8802da6 Romain Lenglet 20 February 2018, 00:27:14 UTC envoy: Create and configure the caches for NPDS and NPHDS Signed-off-by: Romain Lenglet <romain@covalent.io> 21 February 2018, 21:07:01 UTC
600833f Eloy Coto 20 February 2018, 14:24:15 UTC Ginkgo: Fix cilium state on RuntimeValidatedConntrackTest On Build 688 on recovery the policy was in place, so it fails after restart. The main issue was the leftover policy on the test that run just before. This ensure that the status are the same after finished the test https://jenkins.cilium.io/job/Cilium-PR-Ginkgo-Tests-Validated/688 ``` /home/jenkins/workspace/Cilium-PR-Ginkgo-Tests-Validated/src/github.com/cilium/cilium/test/runtime/chaos.go:66 Expected <string>: "... Disabl..." to equal | <string>: "... Enable..." /home/jenkins/workspace/Cilium-PR-Ginkgo-Tests-Validated/src/github.com/cilium/cilium/test/runtime/chaos.go:88 level=info msg="Cilium status is true" testName=RuntimeValidatedChaos STEP: original: ENDPOINT POLICY (ingress) POLICY (egress) IDENTITY LABELS (source:key[=value]) IPv6 IPv4 STATUS ENFORCEMENT ENFORCEMENT 15009 Enabled Disabled 3749 container:id.server f00d::a0f:0:0:3aa1 10.15.222.0 ready 63264 Disabled Disabled 6263 container:id.client f00d::a0f:0:0:f720 10.15.154.57 ready STEP: new: ENDPOINT POLICY (ingress) POLICY (egress) IDENTITY LABELS (source:key[=value]) IPv6 IPv4 STATUS ENFORCEMENT ENFORCEMENT 15009 Disabled Disabled 3749 container:id.server f00d::a0f:0:0:3aa1 10.15.222.0 ready 63264 Disabled Disabled 6263 container:id.client f00d::a0f:0:0:f720 10.15.154.57 ready ``` Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 21 February 2018, 18:11:52 UTC
9a04c3c Joe Stringer 20 February 2018, 22:32:18 UTC test/runtime: Clarify the services+policies tests Do some minor refactoring and clarifying the style of the By() statements to make it more clear exactly what kind of tests each portion of the function are making. Signed-off-by: Joe Stringer <joe@covalent.io> 21 February 2018, 17:59:38 UTC
f499586 Joe Stringer 20 February 2018, 22:31:24 UTC test/runtime: Test ingress deny with app3 The LB tests were previously testing ingress deny with app2, which actually has an egress policy applied. Use app3 instead, which has no policy (therefore it should only hit the ingress policy of the service) Signed-off-by: Joe Stringer <joe@covalent.io> 21 February 2018, 17:59:38 UTC
45da844 Joe Stringer 20 February 2018, 22:05:51 UTC test/runtime: Clean up after LB test The LB device wasn't being cleaned up properly after each test. This commit introduces some basic cleanup for that device. Signed-off-by: Joe Stringer <joe@covalent.io> 21 February 2018, 17:59:38 UTC
back to top