https://github.com/cilium/cilium
- HEAD
- refs/heads/1.2.7-hotfix1-fqdn-regen
- refs/heads/EndpointPolicyEnformcement
- refs/heads/address
- refs/heads/all-scalability-improvements
- refs/heads/beta/service-mesh
- refs/heads/bpf-metrics
- refs/heads/brb/brb-patch-2
- refs/heads/cilium-envoy-crd-pre-beta
- refs/heads/cilium-no-gopath
- refs/heads/cli-upgrade-v1.12-ci-test
- refs/heads/clustermesh511-upgrade-test
- refs/heads/committers-codeowners
- refs/heads/debug
- refs/heads/dev/joe/v1.8-with-hostfw-fixes
- refs/heads/enable_cnp_latency
- refs/heads/encrypt-node-fixes
- refs/heads/ensure-macos-build-succeeds
- refs/heads/envoy-policy-precedence
- refs/heads/envoy-warnings-cleanup
- refs/heads/extension-mysql
- refs/heads/feature/cep-scalability
- refs/heads/feature/devices-and-addresses
- refs/heads/feature/devices-reconciliation-v1.16
- refs/heads/feature/main/svc-icmp-response
- refs/heads/feature/service-refactor
- refs/heads/feature/service-refactor-fresh
- refs/heads/feature/v1.11/beta-test
- refs/heads/feature/v1.11/k8s-ingress
- refs/heads/fix-iphealth
- refs/heads/fqdn-fixl3-wildcard
- refs/heads/fristonio/iptables-manager-fix
- refs/heads/ft/main/chancez/push-dev-charts
- refs/heads/ft/main/push_chart_stable_branches_fix
- refs/heads/ft/main/test_push_chart_updates
- refs/heads/gce-example
- refs/heads/gh-readonly-queue/main/pr-27509-78a5f177693fb443cd946441f45826bf7fa2437a
- refs/heads/ginkgo-better-timeout
- refs/heads/graduation
- refs/heads/hf/main/ipam-pools-build-230605
- refs/heads/hf/master/v1.12-rc2-health-dbg-v1
- refs/heads/hf/master/wg-fix-ipam-k8s-v2
- refs/heads/hf/v1.10/cls-prio2
- refs/heads/hf/v1.10/debug-taint-removal
- refs/heads/hf/v1.10/v1.10.10-with-19452
- refs/heads/hf/v1.10/v1.10.2-fix-ipsec-ep-routes
- refs/heads/hf/v1.10/v1.10.5-with-identity-leak-fix
- refs/heads/hf/v1.10/v1.10.7-additional-logs
- refs/heads/hf/v1.10/v1.10.7-exclude-local
- refs/heads/hf/v1.10/v1.10.7-exclude-loopback
- refs/heads/hf/v1.10/v1.10.7-extra-logs
- refs/heads/hf/v1.10/v1.10.7-more-logs
- refs/heads/hf/v1.10/v1.10.8-deadlock-and-complexity-fix
- refs/heads/hf/v1.10/v1.10.8-deadlock-fix
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v3
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v4
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v5
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v6
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v7
- refs/heads/hf/v1.11/1.11.4-custom-taint
- refs/heads/hf/v1.11/19247-custom-taint-key
- refs/heads/hf/v1.11/dbg-svc-restore
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak-eni-attach-and-logging
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak-eni-attachment
- refs/heads/hf/v1.11/v1.11.3-with-19259
- refs/heads/hf/v1.11/v1.11.4-custom-taint
- refs/heads/hf/v1.11/v1.11.5-and-19247-eed5544
- refs/heads/hf/v1.11/xdp-multidev-v1
- refs/heads/hf/v1.11/xdp-multidev-v2-ipcache-fix
- refs/heads/hf/v1.12/next-net-v1
- refs/heads/hf/v1.12/v1.12.18-994
- refs/heads/hf/v1.12/v1.12.3-debug-k8s-heartbeat
- refs/heads/hf/v1.12/v1.12.3-debug-k8s-heartbeat-v2
- refs/heads/hf/v1.13/bpf-sock-l7-fix
- refs/heads/hf/v1.13/v1.13.12-without-deny-precedence
- refs/heads/hf/v1.13/v1.13.14-without-deny-precedence
- refs/heads/hf/v1.13/v1.13.14-without-deny-precedence-debug
- refs/heads/hf/v1.13/v1.13.14-without-deny-precedence-with-xfrm-fix
- refs/heads/hf/v1.13/v1.13.2-with-24875
- refs/heads/hf/v1.13/v1.13.3-with-26242
- refs/heads/hf/v1.14/cidr-identity-refcnt-fix
- refs/heads/hf/v1.14/v1.14-with-27327
- refs/heads/hf/v1.7/v1.7.15-with-neighbor-fix
- refs/heads/hf/v1.7/v1.7.15-with-neighbor-fix-2
- refs/heads/hf/v1.8/v1.8.13-with-19452
- refs/heads/hf/v1.8/v1.8.6-eni-cidr-fix-1
- refs/heads/hf/v1.8/v1.8.6-eni-cidr-fix-15303
- refs/heads/hf/v1.8/v1.8.7-with-fqdn-underscore-fix
- refs/heads/hf/v1.8/v1.8.8-eni-cidr-fix-1
- refs/heads/hf/v1.8/v1.8.8-with-encrypt-fixes
- refs/heads/hf/v1.9/v1.9.8-azure-ipam-fix
- refs/heads/hf/v1.9/v1.9.9-azure-pod-egress-fix
- refs/heads/hpabla/bgpv2/deprecate-localport
- refs/heads/images/runtime/20210830
- refs/heads/ipc-demo
- refs/heads/ktls-tx-only
- refs/heads/ktls-tx-only-v2
- refs/heads/ktls-tx-rx
- refs/heads/ktls-tx-rx-v2
- refs/heads/ktls-tx-rx-v3
- refs/heads/ktls-tx-rx-v4
- refs/heads/ktls-tx-rx-v5
- refs/heads/ldelossa/feat/bgp-control-plane
- refs/heads/ldelossa/keep-mark-definitions-consistent
- refs/heads/ldelossa/segment-makefiles
- refs/heads/ldelossa/segment-makefiles-v2
- refs/heads/ldelossa/srv6-encap-fib
- refs/heads/lizrice/pr/cli-confusion
- refs/heads/main
- refs/heads/mio/wireguard-restore-allowed-ips
- refs/heads/multi-stack-dev-vm
- refs/heads/pr/1-9-ci-test
- refs/heads/pr/aanm-update-k8s-conformance
- refs/heads/pr/aanm/bisect
- refs/heads/pr/add-controller-identity
- refs/heads/pr/aditighag/lrp-skip-lb
- refs/heads/pr/asauber/link-local-as-host
- refs/heads/pr/asauber/max-ifindex-metric
- refs/heads/pr/avoid-ct-for-dsr
- refs/heads/pr/backend-state
- refs/heads/pr/bbb-cpy
- refs/heads/pr/bimmlerd/modularize-bandwidth-manager
- refs/heads/pr/bimmlerd/v1.12-backport-quay-org-from-env
- refs/heads/pr/bounded-loops
- refs/heads/pr/bpf-based-masquerading
- refs/heads/pr/bpf-edt-proxy
- refs/heads/pr/brb/arping-nexthop
- refs/heads/pr/brb/arping-via-gw
- refs/heads/pr/brb/auto-multi-dev-v2
- refs/heads/pr/brb/backport-1.8.5-nat-gc
- refs/heads/pr/brb/bpf-host-routing-wg
- refs/heads/pr/brb/bpf-lxc-no-redirect
- refs/heads/pr/brb/bpf-masq-veth
- refs/heads/pr/brb/bpf-multihoming
- refs/heads/pr/brb/cgroup-v2-test
- refs/heads/pr/brb/check-errors-in-logs
- refs/heads/pr/brb/check-wg
- refs/heads/pr/brb/ci
- refs/heads/pr/brb/ci-1111
- refs/heads/pr/brb/ci-2
- refs/heads/pr/brb/ci-4.19
- refs/heads/pr/brb/ci-arping-flake
- refs/heads/pr/brb/ci-bigtcp
- refs/heads/pr/brb/ci-bpf-netdev-without-egress
- refs/heads/pr/brb/ci-cleanup-svc
- refs/heads/pr/brb/ci-dbg-conformance-kind
- refs/heads/pr/brb/ci-dbg-external
- refs/heads/pr/brb/ci-dbg-flake-from-outside
- refs/heads/pr/brb/ci-demo
- refs/heads/pr/brb/ci-disable-ces-for-egress-gw
- refs/heads/pr/brb/ci-dp-disable-bpf-host-routing
- refs/heads/pr/brb/ci-dp-hubble-flows
- refs/heads/pr/brb/ci-dp-more-diversity
- refs/heads/pr/brb/ci-dp-v1.13
- refs/heads/pr/brb/ci-dp-v6
- refs/heads/pr/brb/ci-dp-verifier
- refs/heads/pr/brb/ci-e2e-enable-debug-ipsec
- refs/heads/pr/brb/ci-e2e-geneve-dsr
- refs/heads/pr/brb/ci-e2e-helm-mode-v1.13
- refs/heads/pr/brb/ci-e2e-lvh-retry
- refs/heads/pr/brb/ci-e2e-more-nodes
- refs/heads/pr/brb/ci-e2e-new-cli
- refs/heads/pr/brb/ci-e2e-nft
- refs/heads/pr/brb/ci-e2e-unsafe
- refs/heads/pr/brb/ci-e2e-unsafe-v2
- refs/heads/pr/brb/ci-e2e-upgrade-tests
- refs/heads/pr/brb/ci-e2e-upgrade-tests-ipsec
- refs/heads/pr/brb/ci-early-terminate-conn-disrupt
- refs/heads/pr/brb/ci-eks-ipsec-upgrade
- refs/heads/pr/brb/ci-encrypt-l7
- refs/heads/pr/brb/ci-fix-ip-masq-dry-run
- refs/heads/pr/brb/ci-ipsec-upgrade-fix
- refs/heads/pr/brb/ci-ipsec-upgrade-missed-tail-calls
- refs/heads/pr/brb/ci-ipsec-upgrade-v1.13
- refs/heads/pr/brb/ci-ipsec-upgrade-vol2
- refs/heads/pr/brb/ci-keep-missed-tail-calls
- refs/heads/pr/brb/ci-l7-nodeport
- refs/heads/pr/brb/ci-lvh-4.19
- refs/heads/pr/brb/ci-lvh-5.4
- refs/heads/pr/brb/ci-lvh-5.4-v2
- refs/heads/pr/brb/ci-lvh-bpf-next
- refs/heads/pr/brb/ci-no-self-hosted
- refs/heads/pr/brb/ci-pass-kernel-env
- refs/heads/pr/brb/ci-prepull-l4lb
- refs/heads/pr/brb/ci-refactor-svc-suite
- refs/heads/pr/brb/ci-rm-smoke-tests
- refs/heads/pr/brb/ci-sanity
- refs/heads/pr/brb/ci-test
- refs/heads/pr/brb/ci-test-2
- refs/heads/pr/brb/ci-test-k8s-vsn-swap
- refs/heads/pr/brb/ci-test-large-runners
- refs/heads/pr/brb/ci-uffff
- refs/heads/pr/brb/ci-upgrade-vol-2
- refs/heads/pr/brb/ci-upgrade-vol-3
- refs/heads/pr/brb/ci-wg-mtu
- refs/heads/pr/brb/ci-wg-mtu-vol2
- refs/heads/pr/brb/cilium-host-v6-from-ipam
- refs/heads/pr/brb/cli-bump-test
- refs/heads/pr/brb/datapath-loop-dbg
- refs/heads/pr/brb/dbg-ci
- refs/heads/pr/brb/dbg-conformance-gke
- refs/heads/pr/brb/dbg-master-np-vxlan-ipcache-ci
- refs/heads/pr/brb/debug-nodeport-bpf-flake
- refs/heads/pr/brb/do-not-derive-pod-cidrs-from-dev
- refs/heads/pr/brb/do-not-query-dev-for-arping
- refs/heads/pr/brb/docs-clarify-egress-gw-ip-addr-dp
- refs/heads/pr/brb/drop-notify
- refs/heads/pr/brb/dsr
- refs/heads/pr/brb/dsr-v2
- refs/heads/pr/brb/dualstack-ci
- refs/heads/pr/brb/enable-ipv6-per-endpoint-routes
- refs/heads/pr/brb/enable-route-mtu-cni
- refs/heads/pr/brb/fib-lookup-src
- refs/heads/pr/brb/fix-backend-id-u32
- refs/heads/pr/brb/fix-ci-dp-deprecation-warn
- refs/heads/pr/brb/fix-clang-vsn-regexp
- refs/heads/pr/brb/fix-egress-ip-16147
- refs/heads/pr/brb/fix-external-ip-dp
- refs/heads/pr/brb/fix-maglev-del
- refs/heads/pr/brb/fix-nodeport-hostnetns
- refs/heads/pr/brb/fix-stale-dsr
- refs/heads/pr/brb/fix-svc-backend-selection
- refs/heads/pr/brb/fix-third-host
- refs/heads/pr/brb/gh-action-cgr
- refs/heads/pr/brb/gh-action-lvh
- refs/heads/pr/brb/gh-install-cli-backup
- refs/heads/pr/brb/ginkgo-kpr-strict
- refs/heads/pr/brb/ginkgo-rm-update-tests
- refs/heads/pr/brb/go-crazy
- refs/heads/pr/brb/hubble-tcp-ack-seq-no
- refs/heads/pr/brb/improve-svc-restore
- refs/heads/pr/brb/istio-getsockopt
- refs/heads/pr/brb/it-cannot-be-truth
- refs/heads/pr/brb/kpr-svc-mesh
- refs/heads/pr/brb/kubeproxy-free-ci
- refs/heads/pr/brb/l7-np-bpf
- refs/heads/pr/brb/l7-rerevert
- refs/heads/pr/brb/lets-be-friends-with-ipsec
- refs/heads/pr/brb/lvh-kind-127
- refs/heads/pr/brb/lvh-kind-ipsec-upgrade
- refs/heads/pr/brb/meyskens/auth-ep-gc-locks
- refs/heads/pr/brb/multi-network
- refs/heads/pr/brb/no-cache-snat
- refs/heads/pr/brb/no-rev-nat-bpf-lxc-ingress
- refs/heads/pr/brb/node-id-per-fam
- refs/heads/pr/brb/nodeport-xlr-flag
- refs/heads/pr/brb/perf-wg
- refs/heads/pr/brb/pin-lvh
- refs/heads/pr/brb/push-ci-charts
- refs/heads/pr/brb/pwru
- refs/heads/pr/brb/rm-arping-l2-addr-check
- refs/heads/pr/brb/rm-no-redirect
- refs/heads/pr/brb/rm-np-deadcode
- refs/heads/pr/brb/rm-partial-host-svc
- refs/heads/pr/brb/rm-test-gke
- refs/heads/pr/brb/test-bpf-masq
- refs/heads/pr/brb/test-ci-e2e
- refs/heads/pr/brb/test-ci-e2e-v1.13
- refs/heads/pr/brb/test-kind
- refs/heads/pr/brb/third-host-more-pain
- refs/heads/pr/brb/timing-l4lb-gh-action
- refs/heads/pr/brb/triage-flake-v2
- refs/heads/pr/brb/triage-lb-flake
- refs/heads/pr/brb/unquarantine-svc
- refs/heads/pr/brb/v1.10-istio-snat
- refs/heads/pr/brb/v1.12-ci-e2e
- refs/heads/pr/brb/v1.12-ci-ipsec-upgrade
- refs/heads/pr/brb/v1.12-test-ipsec-upgrade
- refs/heads/pr/brb/v1.13-ci-e2e
- refs/heads/pr/brb/v1.13-remote-np
- refs/heads/pr/brb/v1.13-upgrade-fixes
- refs/heads/pr/brb/v1.14-ci-e2e-upgrade
- refs/heads/pr/brb/v1.14-drop-notify
- refs/heads/pr/brb/v1.15-enable-route-mtu-cni
- refs/heads/pr/brb/v1.6.9-iptables-W
- refs/heads/pr/brb/v1.8-fix-icmp-port-check
- refs/heads/pr/brb/wg-duplicate-node-ip
- refs/heads/pr/brb/wg-encrypt-node-test
- refs/heads/pr/brb/wg-hack
- refs/heads/pr/brb/wg-ipam-fix
- refs/heads/pr/brb/wg-kpr
- refs/heads/pr/brb/wg-test
- refs/heads/pr/brb/wip
- refs/heads/pr/brb/wip-ci
- refs/heads/pr/brb/wip-sync-policy-map
- refs/heads/pr/brb/xdp-egress-gw
- refs/heads/pr/brb/xdp-multidev-with-bpf-multihoming
- refs/heads/pr/brb/xdp-multidev-with-bpf-multihoming-v2
- refs/heads/pr/bruno/sleepy-pawn
- refs/heads/pr/bugtool-systemd
- refs/heads/pr/bwm-base2
- refs/heads/pr/bwm-fq
- refs/heads/pr/bwm-priority
- refs/heads/pr/chancez/add_hubble_l7_dashboard_prometheus_example
- refs/heads/pr/chancez/fix_websocket_l7_policies
- refs/heads/pr/chancez/flow_filter_namespace
- refs/heads/pr/chancez/hubble_plus_plus
- refs/heads/pr/chancez/hubble_tls_validation_troubleshooting
- refs/heads/pr/chancez/static_peers_hubble_relay
- refs/heads/pr/christarazi/controlplane-fqdn
- refs/heads/pr/christarazi/ipcache-async-cep-pods-namedports
- refs/heads/pr/christarazi/prep-from-cidr-tests
- refs/heads/pr/ci-k8s-1.30
- refs/heads/pr/datapath-opt
- refs/heads/pr/dbkm/nodeport-lb
- refs/heads/pr/debug-dns-timeout
- refs/heads/pr/eproutes-redir
- refs/heads/pr/example/neigh-state-manager
- refs/heads/pr/fastdp
- refs/heads/pr/fastdp2
- refs/heads/pr/feroz/allow-sbom-read
- refs/heads/pr/feroz/set-container-scan-failure-flag
- refs/heads/pr/feroz/test-cosign-attest
- refs/heads/pr/fib-consolidation
- refs/heads/pr/fix-aks-workflow
- refs/heads/pr/fix-data-race
- refs/heads/pr/fix-k8s-all-sha1
- refs/heads/pr/fix-pod-pacing
- refs/heads/pr/fix-tail-call-replace
- refs/heads/pr/fristonio/feat-19038
- refs/heads/pr/fristonio/fix-istio-k8sT
- refs/heads/pr/fristonio/ipv6-masquerading
- refs/heads/pr/fristonio/test-dual-stack
- refs/heads/pr/fristonio/test-ipv6-dualstack
- refs/heads/pr/gandro+brb/fix-monitor-aggregation-np-v2
- refs/heads/pr/gandro+brb/mv-trace-point-to-rev-nodeport
- refs/heads/pr/gandro+brb/wg-host-encryption-v3
- refs/heads/pr/gandro+brb/wg-host2host
- refs/heads/pr/gandro+brb/wg-host2host-kind
- refs/heads/pr/gandro/bump-hubble-2020-03-25
- refs/heads/pr/gandro/ci-conformance-multicluster-fix-log-gathering
- refs/heads/pr/gandro/ci-delete-crds-in-cleanupcomponents
- refs/heads/pr/gandro/ci-fix-status-if-workflows-are-skipped
- refs/heads/pr/gandro/ci-wait-for-all-relevant-images-do-not-merge-test
- refs/heads/pr/gandro/enable-hubble-by-default
- refs/heads/pr/gandro/portmap-refcount
- refs/heads/pr/gandro/re-enable-wireguard-in-multicluster-ci
- refs/heads/pr/gandro/svc-healthchecknodeport
- refs/heads/pr/gc-on-svc-update
- refs/heads/pr/getname-hooks
- refs/heads/pr/giorio94/1.14/test-cilium-cli-2184
- refs/heads/pr/giorio94/main/cluster-name-validation-strict
- refs/heads/pr/giorio94/main/gha-cluster-name
- refs/heads/pr/giorio94/main/gha-conformance-clustermesh-lb
- refs/heads/pr/giorio94/main/test-cilium-cli-2184
- refs/heads/pr/giorio94/main/tests-clustermesh-upgrade-interrupted
- refs/heads/pr/giorio94/v1.13/bump-gke-version
- refs/heads/pr/gray/30837-with-pwru
- refs/heads/pr/gray/ipsec-proxy-kpr-revdnat-test
- refs/heads/pr/gray/main/connectivity-wg-proxy-nodeport
- refs/heads/pr/gray/main/decouple-ipsec-gh-actions
- refs/heads/pr/gray/main/egress-proxy-ipsec-fix2
- refs/heads/pr/gray/main/fix-leak-detection-race
- refs/heads/pr/gray/main/xfrm-delete-flake
- refs/heads/pr/gray/main/xfrm-delete-flake2
- refs/heads/pr/gray/new-cli-test-pr-2759
- refs/heads/pr/gray/pwru-action
- refs/heads/pr/gray/v1.15/decouple-ipsec-gh-actions
- refs/heads/pr/health-data-path
- refs/heads/pr/hubble-tls-cert-gen-via-k8s-job
- refs/heads/pr/ianvernon/kvstore-client-type
- refs/heads/pr/ianvernon/kvstore-context
- refs/heads/pr/ianvernon/more-endpoint-cleanup
- refs/heads/pr/ianvernon/resolve-cidr-policy-perf-improvement
- refs/heads/pr/increase-verifier-test-build-timeout
- refs/heads/pr/ipip
- refs/heads/pr/ipip-encap
- refs/heads/pr/ipip-encap2
- refs/heads/pr/ipip2
- refs/heads/pr/ipip4
- refs/heads/pr/ipip6
- refs/heads/pr/jibi/differentiate-udp-tcp-svcs-take-4
- refs/heads/pr/jibi/fix-differentiate-udp-tcp-svc-upgrade
- refs/heads/pr/jibi/ip-list-contains-addr
- refs/heads/pr/jibi/wip
- refs/heads/pr/joamaki/gather-network-info
- refs/heads/pr/joamaki/idless-service-restapi
- refs/heads/pr/joe/ariane-scheduled-cilium-only
- refs/heads/pr/joe/backport-28007-1.11
- refs/heads/pr/joe/bump-ginkgo-seed
- refs/heads/pr/joe/docker-build-log-tracing
- refs/heads/pr/joe/docs-builder-latex
- refs/heads/pr/joe/docs-workflow-repo+test
- refs/heads/pr/joe/initialize-helm-flags
- refs/heads/pr/joe/ipcache-cidr-policy
- refs/heads/pr/joe/lost-identity
- refs/heads/pr/joe/release-codeowners
- refs/heads/pr/joe/sw-quay
- refs/heads/pr/joe/test-labeler
- refs/heads/pr/joe/test-lvh-fix
- refs/heads/pr/joe/v1.13-stability-check
- refs/heads/pr/joe/v1.7-dev-env
- refs/heads/pr/jrajahalme/gh-filter-test-files
- refs/heads/pr/jrfastab/backport-ooo-ipsec-fixes
- refs/heads/pr/jrfastab/backport-v115
- refs/heads/pr/jrfastab/dbgNodeId
- refs/heads/pr/jrfastab/dbgNodeId111
- refs/heads/pr/jrfastab/dbgNodeId111v2
- refs/heads/pr/jrfastab/dbgv114
- refs/heads/pr/jrfastab/eks-encrypt-ipamupdate
- refs/heads/pr/jrfastab/fix-encrypt-subnets
- refs/heads/pr/jrfastab/fix-ixsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/fixes-ipsec-init
- refs/heads/pr/jrfastab/v1.8-fix-ipsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/v1.9-fix-ipsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/v111-debug-ooo
- refs/heads/pr/jrfastab/v111-debug-ooo-v2
- refs/heads/pr/jwi/main/bpf-dsr-geneve
- refs/heads/pr/jwi/main/ci-e2e-upgrade
- refs/heads/pr/jwi/main/ci-geneve-dsr
- refs/heads/pr/jwi/main/ipsec-rhel8
- refs/heads/pr/jwi/main/ipv6-ci
- refs/heads/pr/jwi/v1.14/foo
- refs/heads/pr/jwi/v1.15/bpf-complexity
- refs/heads/pr/jwi/v1.16/tophat
- refs/heads/pr/k8s-nat46x64
- refs/heads/pr/k8s-nat46x64-2
- refs/heads/pr/kaworu/helm-hubble-cli.yaml
- refs/heads/pr/kkourt/azure-ipam-test-race
- refs/heads/pr/kkourt/bpftool-update
- refs/heads/pr/kkourt/ct-rst-timeout-wip
- refs/heads/pr/kkourt/v1.11-backport-2022-01-26
- refs/heads/pr/kkourt/v1.9-lxc-complexity
- refs/heads/pr/l4lb-improvements-tmp
- refs/heads/pr/learnitall/ginkgo-race-workflow
- refs/heads/pr/learnitall/init-egw-scale-test
- refs/heads/pr/learnitall/test-startup-script-changes
- refs/heads/pr/lmb/1.14-cni
- refs/heads/pr/lmb/1.15-cni
- refs/heads/pr/lmb/update-cni-plugin
- refs/heads/pr/marga/v1.11-without-deny-precedence
- refs/heads/pr/marseel/improve_net_perf
- refs/heads/pr/marseel/scale_test_1_15
- refs/heads/pr/max/upgrade-llvm-18-1-6
- refs/heads/pr/mhofstetter/guestbook-registry
- refs/heads/pr/mhofstetter/junit-fetch-nullglob
- refs/heads/pr/mhofstetter/ssh-store-consolelog
- refs/heads/pr/mhofstetter/test-ingress
- refs/heads/pr/michi/circular-struggle
- refs/heads/pr/michi/crdregister
- refs/heads/pr/michi/debug
- refs/heads/pr/michi/description
- refs/heads/pr/michi/dns-refactor12
- refs/heads/pr/michi/faster
- refs/heads/pr/michi/l7drop
- refs/heads/pr/michi/majestic-ketchup
- refs/heads/pr/michi/mega-ketchup
- refs/heads/pr/michi/peerapi
- refs/heads/pr/michi/sleep-on-it
- refs/heads/pr/michi/test
- refs/heads/pr/michi/weekly-bot
- refs/heads/pr/monitor-wait-ci
- refs/heads/pr/move-image-to-one-repo
- refs/heads/pr/nat-gw-tests
- refs/heads/pr/nathanjsweet/add-complex-allow-test-to-policy-map-tests
- refs/heads/pr/nathanjsweet/add-lockdown-mode-for-policy-map-overflows
- refs/heads/pr/nathanjsweet/differentiate-protocol-in-services
- refs/heads/pr/nathanjsweet/node-port-addresses
- refs/heads/pr/nathanjsweet/refactor-has-same-owners
- refs/heads/pr/nathanjsweet/refactor-mapstate
- refs/heads/pr/nathanjsweet/update-k8s-control-plane-tests-to-1-27
- refs/heads/pr/nebril/add-dns-concurrency-limit
- refs/heads/pr/nebril/fix-precheck
- refs/heads/pr/nebril/fqdn-proxy-ha
- refs/heads/pr/nebril/fqdn-proxy-interface
- refs/heads/pr/nebril/gke-workflow-migrate-from-cli
- refs/heads/pr/nebril/quarantine-1.14-nodeport
- refs/heads/pr/nebril/test-bottlerocket
- refs/heads/pr/nebril/test-helm-gke-fix
- refs/heads/pr/nebril/test-our-ghaction-shenanigans
- refs/heads/pr/nebril/test-rebase-helm
- refs/heads/pr/nebril/trololo
- refs/heads/pr/nebril/update-cli-9.1-test
- refs/heads/pr/netkit
- refs/heads/pr/netkit3
- refs/heads/pr/netns-switch
- refs/heads/pr/netns-switch-no-peer
- refs/heads/pr/nodeport-fix
- refs/heads/pr/nodeport-improvements2
- refs/heads/pr/nodeport-nat-improvements
- refs/heads/pr/nodeport-nat-improvements2
- refs/heads/pr/nodeport-retry-sport
- refs/heads/pr/pchaigno/deprecate-bpf_network-f
- refs/heads/pr/pchaigno/fix-4.19-bpf-program-size
- refs/heads/pr/pchaigno/hotfix1-ipsec-fix
- refs/heads/pr/pchaigno/hotfix1-ipsec-fix-brb-v0
- refs/heads/pr/pchaigno/optim-complexity-ipcache-lookup
- refs/heads/pr/pchaigno/rework-config-probes
- refs/heads/pr/pchaigno/tmp-base-branch
- refs/heads/pr/pin-1.10-workflows-k8s-version
- refs/heads/pr/pin-1.11-workflows-k8s-version
- refs/heads/pr/pin-1.12-workflows-k8s-version
- refs/heads/pr/pin-1.13-workflows-k8s-version
- refs/heads/pr/pin-cloud-provider-master-workflows
- refs/heads/pr/pr/fix-ipam-node-manager-semaphore-error-handling
- refs/heads/pr/publish-test-images
- refs/heads/pr/qmonnet/docs-20230224
- refs/heads/pr/qmonnet/docs-bump
- refs/heads/pr/qmonnet/standalone-lb-docs
- refs/heads/pr/ray/late-dns-proxy
- refs/heads/pr/remove-1.13-references
- refs/heads/pr/rgo3/1.12-run-no-unexpected-drops-for-patch
- refs/heads/pr/rgo3/fix-k8s-vm-provisioning-1.13
- refs/heads/pr/rgo3/fix-missing-health-endpoint
- refs/heads/pr/rolinh/better-policy-verdict
- refs/heads/pr/rolinh/hubble-dump-all
- refs/heads/pr/rolinh/hubble-fix-maxflows-rounding
- refs/heads/pr/route-test
- refs/heads/pr/run-tests-in-parallel
- refs/heads/pr/scalability-crd-only
- refs/heads/pr/squeed/make-ccache
- refs/heads/pr/squeed/per-node-config
- refs/heads/pr/squeed/remote-cluster-leak
- refs/heads/pr/stacy/docs-update
- refs/heads/pr/tammach/accesslog-envoy
- refs/heads/pr/tammach/ci-cm
- refs/heads/pr/tammach/cleanup-helm-1.16
- refs/heads/pr/tammach/headless-service-flake
- refs/heads/pr/tammach/ingress-controller-e2e-config6
- refs/heads/pr/tammach/kind-host-dns-again
- refs/heads/pr/tammach/more-ingress-tests
- refs/heads/pr/tammach/rennovate-statedb
- refs/heads/pr/tammach/revert/fib-lookup
- refs/heads/pr/tammach/upgrade-test-ingress
- refs/heads/pr/tc-np-test
- refs/heads/pr/tcx
- refs/heads/pr/tcx-helm
- refs/heads/pr/tcx-misc
- refs/heads/pr/test-419-ci
- refs/heads/pr/test-increase-update-delete-timeout
- refs/heads/pr/test-k8s-all-tests
- refs/heads/pr/test-lb-super-netperf
- refs/heads/pr/test-nightly
- refs/heads/pr/test-upstream-timeout
- refs/heads/pr/tgraf/chaos-testing
- refs/heads/pr/tgraf/clustermesh-stale-state
- refs/heads/pr/tgraf/eni-ipam
- refs/heads/pr/tgraf/new-endpoint-state
- refs/heads/pr/tgraf/new-policy
- refs/heads/pr/tgraf/remove-tunnel-map
- refs/heads/pr/tgraf/scoped-ipam
- refs/heads/pr/tgraf/sctp
- refs/heads/pr/tgraf/split-lxc-prog
- refs/heads/pr/thorn3r/cesBlanketTest
- refs/heads/pr/thorn3r/clustermesh511
- refs/heads/pr/thorn3r/scaleTest5k
- refs/heads/pr/tklauser/build-push-images-env-var
- refs/heads/pr/tklauser/netipx-switch
- refs/heads/pr/tklauser/replace-k8s-strings-slices
- refs/heads/pr/tommyp1ckles/debugging-aks-conformance
- refs/heads/pr/tp/add-logging-for-integration-etcd
- refs/heads/pr/tp/add-logging-for-wait-for-pods-term-condition
- refs/heads/pr/tp/backport-31380
- refs/heads/pr/tp/bump-cilium-cli
- refs/heads/pr/tp/cleanup-ipam-ips-metric-docs
- refs/heads/pr/tp/complexity-issue-verifier-case-main
- refs/heads/pr/tp/dont-terminate-on-node-config-changee
- refs/heads/pr/tp/eps-modular-health
- refs/heads/pr/tp/fix-stuck-ginko-pod-v2
- refs/heads/pr/tp/forward-hubble-for-e2e
- refs/heads/pr/tp/forward-hubble-for-e2e-v2
- refs/heads/pr/tp/make-nat-purge-async
- refs/heads/pr/tp/preload-test-kind-images
- refs/heads/pr/tp/switch-1.24-eks-region
- refs/heads/pr/tp/switch-1.24-eks-region-v1.13
- refs/heads/pr/tp/use-helm-default-vars-for-clustermesh-downgrade-c1
- refs/heads/pr/tweak-github-action-ref
- refs/heads/pr/twpayne/hubble-recent-events-buffer
- refs/heads/pr/twpayne/hubble-ring-buffer-benchmarks
- refs/heads/pr/update-azure
- refs/heads/pr/update-readme-for-releases
- refs/heads/pr/update-tm-network
- refs/heads/pr/v1.10-backport-2022-06-13
- refs/heads/pr/v1.10-backport-2022-10-03
- refs/heads/pr/v1.10-eni-stability-improvements-v1
- refs/heads/pr/v1.10-neigh-clean
- refs/heads/pr/v1.11-backport-2022-10-03
- refs/heads/pr/v1.11-test/issue-692
- refs/heads/pr/v1.12-backport-2023-10-10
- refs/heads/pr/v1.12-test/issue-692
- refs/heads/pr/v1.13-backport-2023-10-31
- refs/heads/pr/v1.13-backport-2024-04-22-03-42
- refs/heads/pr/v1.13-test/issue-692
- refs/heads/pr/v1.14-backport-2024-06-18-02-46
- refs/heads/pr/v1.14.1
- refs/heads/pr/v1.7-stability-test
- refs/heads/pr/v1.7.9-hf-13205
- refs/heads/pr/v3-cpu
- refs/heads/pr/v6-host-addr2
- refs/heads/pr/vk/bpf/csum
- refs/heads/pr/vk/bpf/test/l4/csum
- refs/heads/pr/vk/bpf/tests/csum
- refs/heads/pr/vk/conn/test/hooks
- refs/heads/pr/vk/doc/ipsec
- refs/heads/pr/vk/eks/tests/concurrent/run
- refs/heads/pr/vk/ipsec/key/rotate
- refs/heads/pr/vk/ipsec/tests/concurrency
- refs/heads/pr/wip/bijective-nodemap
- refs/heads/regex_improved
- refs/heads/renovate/main-all-go-deps-main
- refs/heads/renovate/main-go
- refs/heads/renovate/main-golangci-lint
- refs/heads/renovate/main-patch-all-lvh-images-main
- refs/heads/renovate/v1.13-go
- refs/heads/renovate/v1.14-patch-stable-lvh-images
- refs/heads/renovate/v1.15-aanm-test
- refs/heads/renovate/v1.15-patch-stable-lvh-images
- refs/heads/renovate/v1.16-cilium-cli
- refs/heads/renovate/v1.16-go
- refs/heads/renovate/v1.16-patch-stable-lvh-images
- refs/heads/revert-29086-2023-11-09-backport-1.14
- refs/heads/revert-33302-policy-catch-invalid-port-wildcard
- refs/heads/rib
- refs/heads/run-ci-wihout-building-cilium
- refs/heads/service-over-srv6-main3
- refs/heads/sh-dep-test-l4lb
- refs/heads/sidecar-http-proxy
- refs/heads/sockmap-v5
- refs/heads/sockops-build-fix
- refs/heads/tam/integration-tests
- refs/heads/tam/more-ingress-tests
- refs/heads/tb/bpf-remove-bear
- refs/heads/test-branch
- refs/heads/test-ipsec
- refs/heads/test-sig-bgp-notifs
- refs/heads/test/brlbil/upload
- refs/heads/test/skip-workflows
- refs/heads/tgraf/process-policy
- refs/heads/thorn3r/cesScaleTest
- refs/heads/thorn3rCES
- refs/heads/tinker/learnitall/scale-test-1
- refs/heads/tinker/learnitall/scale-test-2
- refs/heads/tklauser+brb/wip/multi-homing
- refs/heads/unit-test-ipsec
- refs/heads/v0.10
- refs/heads/v0.11
- refs/heads/v0.12
- refs/heads/v0.13
- refs/heads/v0.8
- refs/heads/v0.9
- refs/heads/v1.0
- refs/heads/v1.0.0-rc2
- refs/heads/v1.0.0-rc3
- refs/heads/v1.1
- refs/heads/v1.10
- refs/heads/v1.11
- refs/heads/v1.12
- refs/heads/v1.12.11-base
- refs/heads/v1.13
- refs/heads/v1.14
- refs/heads/v1.15
- refs/heads/v1.16
- refs/heads/v1.2
- refs/heads/v1.3
- refs/heads/v1.3.1
- refs/heads/v1.3.1-release
- refs/heads/v1.3.7-release
- refs/heads/v1.4
- refs/heads/v1.4.5-release
- refs/heads/v1.5
- refs/heads/v1.5.2-rc1-with-clusterip-fix
- refs/heads/v1.5.4-release
- refs/heads/v1.6
- refs/heads/v1.7
- refs/heads/v1.7.9-1
- refs/heads/v1.7.9.1
- refs/heads/v1.8
- refs/heads/v1.9
- refs/heads/verify-external-workload-dns-setup-redux
- refs/heads/vladu/identity-type-metrics
- refs/heads/weavescope
- refs/heads/wip-debug-link-not-found
- refs/heads/wip-debug-link-not-found-v2
- refs/heads/wip-ktls-tx-rx
- refs/heads/wip-sockmap
- refs/heads/wip-sockmap-v2
- refs/heads/wip-sockmap-v3
- refs/heads/wip-sockmap-v4
- refs/heads/xfrm-subnet-test
- refs/heads/yutaro/bgp-cplane-etp-local/doc
- refs/heads/yutaro/oss/eni-overlapping-mark
- refs/remotes/bruno/hf/v1.10/v1.10.3-bpf-snat-and-masq-fixes
- refs/remotes/joe/submit/quarantine-etcd
- refs/remotes/origin/1.2-backports-18-09-12
- refs/remotes/origin/ipvlan3
- refs/remotes/origin/pr/add-reserved-health
- refs/remotes/origin/pr/brb/nodeport-lb
- refs/remotes/origin/pr/ianvernon/5859
- refs/remotes/origin/pr/ianvernon/dynamic-ep-cfg
- refs/remotes/origin/pr/tgraf/kube-dns-fixed-identity
- refs/semaphoreci/6384f501b324813e55cfbe818c04a40f2a923765
- refs/semaphoreci/7f69b285bac8a1be414e8769799962ae1408d9e1
- refs/semaphoreci/b5eb6622da121ad36b8f375a084392f7feeec64a
- refs/semaphoreci/d9e7e28f39d34a7050a9c1cad2a26d84f5f4eff1
- refs/semaphoreci/f55ec535d85f387ef981265967fabb3c1b5f1ec6
- refs/tags/0.10.1
- refs/tags/1.1.1
- refs/tags/1.9.0-rc0
- refs/tags/v0.11
- refs/tags/v0.12.0
- refs/tags/v0.13.1
- Branches list truncated to 702 entries, 10 were omitted.
- v0.13.2
- v0.13.19
- v0.13.18
- v0.13.17
- v0.13.16
- v0.13.15
- v0.13.14
- v0.13.13
- v0.13.12
- v0.13.11
- v0.13.10
- v0.10.0
- 1.9.9
- 1.9.8
- 1.9.7
- 1.9.6
- 1.9.5
- 1.9.4
- 1.9.3
- 1.9.2
- 1.9.18
- 1.9.17
- 1.9.16
- 1.9.15
- 1.9.14
- 1.9.13
- 1.9.12
- 1.9.11
- 1.9.10
- 1.9.1
- 1.9.0-rc3
- 1.9.0-rc2
- 1.9.0-rc1
- 1.9.0
- 1.8.9
- 1.8.8
- 1.8.7
- 1.8.6
- 1.8.5
- 1.8.4
- 1.8.3
- 1.8.2
- 1.8.13
- 1.8.12
- 1.8.11
- 1.8.10
- 1.8.1
- 1.8.0-rc4
- 1.8.0-rc3
- 1.8.0-rc2
- 1.8.0-rc1
- 1.8.0
- 1.7.9
- 1.7.8
- 1.7.7
- 1.7.6
- 1.7.5
- 1.7.4
- 1.7.3
- 1.7.2
- 1.7.16
- 1.7.15
- 1.7.14
- 1.7.13
- 1.7.12
- 1.7.11
- 1.7.10
- 1.7.1
- 1.7.0-rc4
- 1.7.0-rc3
- 1.7.0
- 1.6.9
- 1.6.8
- 1.6.7
- 1.6.6
- 1.6.5
- 1.6.4
- 1.6.3
- 1.6.2
- 1.6.12
- 1.6.11
- 1.6.10
- 1.6.1
- 1.6.0
- 1.5.9
- 1.5.8
- 1.5.7
- 1.5.6
- 1.5.5
- 1.5.4
- 1.5.3
- 1.5.2
- 1.5.13
- 1.5.12
- 1.5.11
- 1.5.10
- 1.5.1
- 1.5.0-rc6
- 1.5.0-rc5
- 1.5.0-rc4
- 1.5.0-rc3
- 1.5.0-rc2
- 1.5.0
- 1.4.9
- 1.4.8
- 1.4.7
- 1.4.6
- 1.4.5
- 1.4.4
- 1.4.3
- 1.4.2
- 1.4.10
- 1.4.1
- 1.4.0-rc9
- 1.4.0-rc8
- 1.4.0-rc7
- 1.4.0-rc6
- 1.4.0-rc5
- 1.4.0-rc2
- 1.4.0
- 1.3.8
- 1.3.7
- 1.3.6
- 1.3.5
- 1.3.4
- 1.3.3
- 1.3.2
- 1.3.1
- 1.3.0-rc5
- 1.3.0-rc4
- 1.3.0
- 1.2.8
- 1.2.7
- 1.2.6
- 1.2.5
- 1.2.4
- 1.2.3
- 1.2.2
- 1.2.1
- 1.2.0-rc3
- 1.2.0-rc2
- 1.2.0-rc1
- 1.2.0
- 1.16.1
- 1.16.0-rc.2
- 1.16.0-rc.1
- 1.16.0-rc.0
- 1.16.0-pre.3
- 1.16.0-pre.2
- 1.16.0-pre.1
- 1.16.0-pre.0
- 1.16.0
- 1.15.8
- 1.15.7
- 1.15.6
- 1.15.5
- 1.15.4
- 1.15.3
- 1.15.2
- 1.15.1
- 1.15.0-rc.1
- 1.15.0-rc.0
- 1.15.0-pre.3
- 1.15.0-pre.2
- 1.15.0-pre.1
- 1.15.0-pre.0
- 1.15.0
- 1.14.9
- 1.14.8
- 1.14.7
- 1.14.6
- 1.14.5
- 1.14.4
- 1.14.3
- 1.14.2
- 1.14.14
- 1.14.13
- 1.14.12
- 1.14.11
- 1.14.10
- 1.14.1
- 1.14.0-snapshot.4
- 1.14.0-snapshot.3
- 1.14.0-snapshot.2
- 1.14.0-snapshot.1
- 1.14.0-snapshot.0
- 1.14.0-rc.1
- 1.14.0-rc.0
- 1.14.0-pre.2
- 1.14.0
- 1.13.9
- 1.13.8
- 1.13.7
- 1.13.6
- 1.13.5
- 1.13.4
- 1.13.3
- 1.13.2
- 1.13.18
- 1.13.17
- 1.13.16
- 1.13.15
- 1.13.14
- 1.13.13
- 1.13.12
- 1.13.11
- 1.13.10
- 1.13.1
- 1.13.0-rc5
- 1.13.0-rc4
- 1.13.0-rc3
- 1.13.0-rc2
- 1.13.0-rc1
- 1.13.0-rc0
- 1.13.0
- 1.12.9
- 1.12.8
- 1.12.7
- 1.12.6
- 1.12.5
- 1.12.4
- 1.12.3
- 1.12.2
- 1.12.19
- 1.12.18
- 1.12.17
- 1.12.16
- 1.12.15
- 1.12.14
- 1.12.13
- 1.12.12
- 1.12.11
- 1.12.10
- 1.12.1
- 1.12.0-rc3
- 1.12.0-rc2
- 1.12.0-rc1
- 1.12.0-rc0
- 1.12.0
- 1.11.9
- 1.11.8
- 1.11.7
- 1.11.6
- 1.11.5
- 1.11.4
- 1.11.3
- 1.11.20
- 1.11.2
- 1.11.19
- 1.11.18
- 1.11.17
- 1.11.16
- 1.11.15
- 1.11.14
- 1.11.13
- 1.11.12
- 1.11.11
- 1.11.10
- 1.11.1
- 1.11.0-rc3
- 1.11.0-rc2
- 1.11.0-rc1
- 1.11.0-rc0
- 1.11.0
- 1.10.9
- 1.10.8
- 1.10.7
- 1.10.6
- 1.10.5
- 1.10.4
- 1.10.3
- 1.10.20
- 1.10.2
- 1.10.19
- 1.10.18
- 1.10.17
- 1.10.16
- 1.10.15
- 1.10.14
- 1.10.13
- 1.10.12
- 1.10.11
- 1.10.10
- 1.10.1
- 1.10.0-rc2
- 1.10.0-rc1
- 1.10.0-rc0
- 1.10.0
- 1.1.6
- 1.1.5
- 1.1.4
- 1.1.3
- 1.1.2
- 1.1.0
- 1.0.7
- 1.0.6
- 1.0.5
- 1.0.4
- v1.0.2
- Releases list truncated to 299 entries, 349 were omitted.
Take a new snapshot of a software origin
If the archived software origin currently browsed is not synchronized with its upstream version (for instance when new commits have been issued), you can explicitly request Software Heritage to take a new snapshot of it.
Use the form below to proceed. Once a request has been submitted and accepted, it will be processed as soon as possible. You can then check its processing state by visiting this dedicated page.
Processing "take a new snapshot" request ...
Permalinks
To reference or cite the objects present in the Software Heritage archive, permalinks based on SoftWare Hash IDentifiers (SWHIDs) must be used.
Select below a type of object currently browsed in order to display its associated SWHID and permalink.
| Revision | Author | Date | Message | Commit Date |
|---|---|---|---|---|
| f094b86 | Thomas Graf | 11 May 2018, 15:51:30 UTC | Prepare for 1.0.2 release Signed-off-by: Thomas Graf <thomas@cilium.io> | 11 May 2018, 15:53:12 UTC |
| 475d20b | Joe Stringer | 11 May 2018, 00:04:33 UTC | k8s: CIDR: Format IPv6 CIDR regex [ upstream commit f335a3a678975b752a46c4e4eaadf7bbc11ed91c ] The precheck script complains if you don't consistently indent things, appease it even if it makes the regex harder to read. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 11 May 2018, 15:18:53 UTC |
| 72c4125 | Joe Stringer | 11 May 2018, 00:01:42 UTC | k8s: CIDR: Disallow IPv4-mapped IPv6 addresses [ upstream commit 4c8a3944de8d7a229e2d1b2a782d69673d0151d3 ] Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 11 May 2018, 15:18:53 UTC |
| 888231e | Joe Stringer | 10 May 2018, 23:35:36 UTC | k8s: CIDR: Expand v6 regex to make it more readable [ upstream commit 06eeec16fae354a0da65503207dcb02b141d2223 ] No functional changes. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 11 May 2018, 15:18:53 UTC |
| 8367aeb | Joe Stringer | 10 May 2018, 18:06:09 UTC | docs: Describe downgrade impact of IPv6 CRD validation [ upstream commit dad044f7f62035e4284e6c9dc6e2b53ac5e07a94 ] Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 11 May 2018, 15:18:53 UTC |
| 11c8eec | Joe Stringer | 04 May 2018, 00:53:15 UTC | k8s: Add CRD IP address validation unit tests [ upstream commit 2eeb203021a005fbf5b68fd460c3776f304a4212 ] Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 11 May 2018, 15:18:53 UTC |
| e56d0d3 | Joe Stringer | 03 May 2018, 23:14:24 UTC | k8s: Support IPv6 addresses in CIDR policy [ upstream commit 54b8658b252aca94216c5df53f18d352c1739a8d ] Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 11 May 2018, 15:18:53 UTC |
| f1d0311 | Ray Bejjani | 02 May 2018, 16:13:02 UTC | monitor: refactor globals into an object [ upstream commit d1e423e50f85e05b935d15b29354d1c0578deb47 ] We previously treated the package as the execution context. This made it difficult to enforce isolation between subcomponents. This changes restructures the code into an explicit Monitor class with a singleton instance. We also clean up how listeners are cleaned up, avoiding giving the listener handler goroutine direct access to the internals of Monitor. Signed-off-by: Ray Bejjani <ray@covalent.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 11 May 2018, 15:18:53 UTC |
| 104327c | Ray Bejjani | 02 May 2018, 13:29:17 UTC | monitor: only read perf buffer on listener connect [ upstream commit e8bb880cf69a69fe1081a08b2981e4a906f7474a ] Reading the perf ring buffer seems to be a CPU intensive operation. We would read this data, then discard it, when no listeners were connected. node-monitor now only reads the perf buffer when ther is somewhere to send the data to. Signed-off-by: Ray Bejjani <ray@covalent.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 11 May 2018, 15:18:53 UTC |
| 5770caf | Ray Bejjani | 02 May 2018, 17:13:25 UTC | monitor: pass payload objects by reference [ upstream commit 6f8e9339db143236f643e1dfa959a5258caaee51 ] The payload object was mostly used to move around a slice and some numbers. While harmless, it might be passed by value and that might cause slightly more garbage to be generated. Signed-off-by: Ray Bejjani <ray@covalent.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 11 May 2018, 15:18:53 UTC |
| c3eb843 | Maciej Kwiek | 20 April 2018, 10:06:39 UTC | Log monitor client disconnect nicely [ upstream commit 5298a98390e2d3febc7c6e8a51bb5366101b2b10 ] Logs indicated a problem every time `cilium monitor` cmd was terminated. Error is checked for being a broken pipe, if that's the case, only info log message is emitted. Signed-off-by: Maciej Kwiek <maciej@covalent.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 11 May 2018, 15:18:53 UTC |
| dcc4b36 | Ray Bejjani | 03 May 2018, 20:17:41 UTC | monitor: Don't spinloop on node-monitor crashes [ upstream commit 7c6923d7f0269eee1a06c3e15f58353cbfe8989c ] cilium-agent supervises node-monitor and normally blocks on reading its status output. This can go awry when node-monitor crashes on startup. This change ensures cilium-agent attempts to restart node-monitor after a 1 second delay. Signed-off-by: Ray Bejjani <ray@covalent.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 11 May 2018, 15:18:53 UTC |
| 930c82b | Joe Stringer | 10 May 2018, 19:47:01 UTC | manifests: Pin bookinfo container image versions [ upstream commit c66a3c0ec50b8111c4e01f2ab292f545a7580c55 ] We rely on specific contents of images in the 'bookinfo' tests, in particular that the images contain the 'wget' binary. Pin the container image versions in the manifests file to ensure that the tests don't break because of upstream changes to the images. Signed-off-by: Joe Stringer <joe@covalent.io> | 11 May 2018, 08:14:39 UTC |
| 4d63321 | Jarno Rajahalme | 09 May 2018, 22:29:45 UTC | proxy: Test if port is available before allocating it for a proxy. [ upstream commit c027245cf9dc08c59c75f440898516b68677c193 ] Try to listen on a port before handing it for a proxy to listen on, as the current code structure does not allow for re-allocation after a redirect has been created. This fixes problem of starting proxy listeners on ports that are already in use by some other processes (such as kube-proxy on port 10256). There still exists a small race window between checking the port and creating the new redirect on the port where some other process may bind the port. This can be onloy fixed by detecting the error case when it happens and reallocating a new port for the redirect. However, this fix will solve the problem in the typical case where the other processes listening on ports in the proxy-port range are already running when cilium starts. Fixes: #3991 Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Joe Stringer <joe@covalent.io> | 11 May 2018, 08:14:39 UTC |
| a45faae | Ian Vernon | 09 May 2018, 22:05:18 UTC | vagrant: configure journald to allow for large amounts of logs [ upstream commit a978b9752c2233aa7bd1a91449b15115242a3dc0 ] We have observed large gaps in time in Cilium logs in runtime tests. Configure journald rate limit interval and rate limit burst to allow for more logs so that if we hit an issue in Cilium, logs are not lost. Signed-off by: Ian Vernon <ian@cilium.io. Signed-off-by: Joe Stringer <joe@covalent.io> | 11 May 2018, 08:14:39 UTC |
| 8325e81 | Joe Stringer | 08 May 2018, 23:52:10 UTC | k8sT/Services: Remove fetch http://details:9080/ [ upstream commit a202d639c857979ca3e512adbe3b04998c016a32 ] The details app doesn't provide a handler for "/", so remove the accesses of this URL. The test doesn't validate access for it anyway, so we can safely remove it without changing what the test validates. Signed-off-by: Joe Stringer <joe@covalent.io> | 11 May 2018, 08:14:39 UTC |
| 5944ab7 | Joe Stringer | 08 May 2018, 23:49:36 UTC | k8sT/Services: Fix URL for bookinfo tests [ upstream commit 4447b9c5b2ca228159f5d1b5841edff88377ebf3 ] The ratings service never seemed to serve anything other than a 404 on the "/" path. Fix it so that we are attempting to reach paths that serve a real page. Fixes: #4042 Signed-off-by: Joe Stringer <joe@covalent.io> | 11 May 2018, 08:14:39 UTC |
| 511d846 | Ian Vernon | 08 May 2018, 03:45:29 UTC | test/k8sT: do not set Debug=False during tests [ upstream commit 1fdee71eefe21a67dbefb5334eee1224a0f8ba84 ] We want debug logs in the K8s CI, so do not set Debug=False. This also relates to GH-4014, as it will alleviate the issue there, but does not actually fix the issue, which can be dealt with separately. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Joe Stringer <joe@covalent.io> | 11 May 2018, 08:14:39 UTC |
| ade5f50 | Shantanu Deshpande | 07 May 2018, 06:54:18 UTC | Fix weird indentation for rules [ upstream commit b58fb30e2af13fad526ab6f5454798e82ffb49a9 ] Fixing weird indentation rules in cilium endpoint get command Signed-off-by: Shantanu Deshpande <shantanud106@gmail.com> Signed-off-by: Joe Stringer <joe@covalent.io> | 11 May 2018, 08:14:39 UTC |
| 88fd939 | Eloy Coto | 04 May 2018, 07:37:37 UTC | Test/K8s: Added debug logs in cilium DS [ upstream commit a16d702aec005098b49883c35059755f59cb9a5a ] Added ciliumDS in cilium daemonsets Fix #4001 Signed-off-by: Eloy Coto <eloy.coto@gmail.com> Signed-off-by: Joe Stringer <joe@covalent.io> | 11 May 2018, 08:14:39 UTC |
| 3a451bc | Ray Bejjani | 30 April 2018, 14:36:22 UTC | test: Star Wars demo checks HTTP status in stdout [ upstream commit 005cb21e40cf260c4da03f31f833a52db3915f4f ] The test previously used CombineOutput to check for the HTTP code. This allows the HTTP response body to also satisfy the contains constraint. Thsi was undesirable and we now use just the stdout output. Signed-off-by: Ray Bejjani <ray@covalent.io> | 05 May 2018, 12:09:25 UTC |
| 0d09d25 | Ray Bejjani | 01 May 2018, 09:03:22 UTC | test: Switch Kafka runtime test to use CombineOutput [ upstream commit 643d4f3a091ec5e4fc581d1fab2d32a37048f565 ] We corrected a bug when using CmdRes.Output and this kafka test needs the combined output now. Signed-off-by: Ray Bejjani <ray@covalent.io> | 05 May 2018, 12:09:25 UTC |
| 8e092db | Ray Bejjani | 30 April 2018, 14:34:52 UTC | test: CmdRes.CombineOutput does not clobber stdout [ upstream commit 88f467fa0971d77eade0e7a42c2bc904cdee90eb ] CombineOutput accidentally reused stdout as the output buffer. This meant that stderr would, depending on call order, show up in the stdout output returned by getStdOut calls. Signed-off-by: Ray Bejjani <ray@covalent.io> | 05 May 2018, 12:09:25 UTC |
| df91628 | Eloy Coto | 03 May 2018, 08:10:29 UTC | Bugtool: Fix gops commands [ upstream commit 51e865530ab2c7c7bd0a202cf358e8a363fefbbd ] Due the changes made in `4fa2bcad0d1c92e12dffdf89513fb59aff915003` bugtool cannot retrieve gops stacks correctly. The main issue is that bugtool use `os.exec` and never pass that information to bash, so the output of gops stack was not correct. More info in #3981 With this change all commands run on bash, so parameters can be retrieved without issues. Fix #3981 Signed-off-by: Eloy Coto <eloy.coto@gmail.com> Signed-off-by: Ray Bejjani <ray@covalent.io> | 05 May 2018, 12:09:25 UTC |
| f98dd09 | Joe Stringer | 27 April 2018, 21:17:05 UTC | daemon: Check if device exists on endpoint restore [ upstream commit baefa4b9bc500224466895ac5aad597539d8b830 ] During endpoint restore, check whether the relevant device exists before attempting to restore, and skip it if the device isn't found. There's no point attempting to restore an endpoint if the corresponding device isn't there. Fixes: #3935 Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 05 May 2018, 12:09:25 UTC |
| 73a30b3 | Ray Bejjani | 01 May 2018, 16:49:49 UTC | docs: Correct RBAC urls in upgrade guide [ upstream commit 346d33b98be338c84a6c4ecc3178fa03b9acd1da ] These were renamed to have the cilium- prefixes but the link was not updated, apparently. Signed-off-by: Ray Bejjani <ray@covalent.io> | 02 May 2018, 17:19:37 UTC |
| 4f41dcd | Manali Bhutiyani | 30 April 2018, 20:18:52 UTC | endpoint: Remove endpoint state directories left behind after build failure Failed regeneration files `XXXXX_next_fail` may stick around after regeneration. We are correctly deleting these files on regeneration, but not on deletion of endpoint. This commit deletes the endpoint XXX_next_fail files on endpoint deletion. [ upstream commit 79f48d8b6e2d5c4703c91dc0980b0ea5454445a0 ] Fixes: #3494 Fixes: #3175 Signed-Off-By: Manali Bhutiyani <manali@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 02 May 2018, 17:19:37 UTC |
| 7407909 | Jarno Rajahalme | 30 April 2018, 17:52:50 UTC | ctmap: Make GC bpf map dumps more robust. [ upstream commit c9bff58f6716b82ae89edb10a69639c375bcf97d ] Continue bpf CT map GC iteration from last known found element if the current element cannot be found. Start again from the beginning otherwise, but limit overall lookups to maximum number of elements in the map. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 02 May 2018, 17:19:37 UTC |
| 1e399ef | Jarno Rajahalme | 27 April 2018, 17:44:28 UTC | docs: Fix ginkgo command line. [ upstream commit 82c462e4840572ed874c190b7c5e3c6d9b5d7e70 ] Ginkgo needs the '-v' option to actually show the test names in the dry run mode. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 02 May 2018, 17:19:37 UTC |
| 61e157b | Thomas Graf | 28 April 2018, 10:29:45 UTC | Prepare for 1.0.1 release Signed-off-by: Thomas Graf <thomas@cilium.io> | 30 April 2018, 21:55:54 UTC |
| ea038a9 | Amey Bhide | 12 April 2018, 00:50:42 UTC | Adds flag to clean up cilium state before startup [ upstream commit 38ba456dff36f041d586c0dc9f03f7a1362f84f8 ] Signed-off-by: Amey Bhide <amey@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 30 April 2018, 21:22:29 UTC |
| 36c895a | Jarno Rajahalme | 27 April 2018, 17:46:26 UTC | policy: Do not enable DROP_ALL mode if not needed. [ upstream commit fb333388579c20a4ca9a6e286520b81f7701647c ] Do not enable DROP_ALL mode if it is known that the current policy enforcement mode and policy passes all traffic. This is true when: - Policy enforcement mode is "never" - Policy enforcement mode is "default" and no policy is loaded. This commit adds the exception for the second case. Fixes: #3933 Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 30 April 2018, 21:22:29 UTC |
| 62eb1b0 | Thomas Graf | 27 April 2018, 17:27:55 UTC | endpoint: Improve logging of endpoint lifecycle events [ upstream commit 12b6876da414a50308ecafa1932c0b9c2fbd7843 ] This commit introduces several info level log messages: New endpoint event: ``` msg="New endpoint" containerID=cilium-loc endpointID=29898 ipv4=10.11.242.54 ipv6="f00d::a0f:0:0:74ca" k8sPodName= policyRevision=0 ``` Removed endpoint event: ``` msg="Removed endpoint" containerID=03ed013784 endpointID=56326 ipv4=10.11.129.91 ipv6="f00d::a0f:0:0:dc06" k8sPodName= policyRevision=2 ``` BPF program generation: ``` msg="Regenerating BPF program" containerID=cilium-loc endpointID=29898 ipv4=10.11.242.54 ipv6="f00d::a0f:0:0:74ca" k8sPodName= policyRevision=0 msg="Regeneration of BPF program has completed" buildTime=2.32680802s containerID=cilium-loc endpointID=29898 ipv4=10.11.242.54 ipv6="f00d::a0f:0:0:74ca" k8sPodName= policyRevision=0 ``` Endpoint identity changes: ``` msg="Identity of endpoint has changed" containerID=cilium-loc endpointID=29898 identity=1261 identityLabels="reserved:health" ipv4=10.11.242.54 ipv6="f00d::a0f:0:0:74ca" k8sPodName= policyRevision=0 ``` Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 30 April 2018, 21:22:29 UTC |
| d133b17 | Jarno Rajahalme | 26 April 2018, 22:26:46 UTC | maps: Use pointer receivers for MapValue types. [ upstream commit c19e930db4fd9c32ff11909c00f45ccb8f11c3d6 ] bpf.MapValue interface function GetValuePtr() returns a pointer to a new temporary if the function receiver is a value rather than a pointer. endpoint, lxcmap, ipcache, and lbmap were also using value receivers for their implementations of MapValue interface. The problem with this is that any lookups would fail to return the actual value, as the bpf.LookupElement would write the value into a temporary unaccessible to the caller. No such lookups were performed, so this did not cause any problems in practice. Fix the implementations to prevent future problems. This fix is otherwise low risk, but it has happened earlier in development that GetValuePtr() implmentations were not fixed properly and a pointer to the pointer receiver was returned. This is not noticed by the compiler, and would result in garbage data being written to/read from the bpf maps. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Maciej Kwiek <maciej.iai@gmail.com> | 27 April 2018, 09:59:22 UTC |
| 0d21846 | Jarno Rajahalme | 26 April 2018, 23:16:08 UTC | daemon: Sync local IPs to lxcmap periodically. [ upstream commit 7fe082dfbd834aeb15add1e8d90707b4d3e832d8 ] LXCMap should not get out of sync, but there is some evidence that sometimes it does. Add a new controller to refresh the host entries in the lxcmap every 5 seconds, but only if they are not already there. No garbage collection of potentially stale host entries in the lxcmap is done. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Maciej Kwiek <maciej.iai@gmail.com> | 27 April 2018, 09:59:22 UTC |
| 921bcae | Joe Stringer | 26 April 2018, 02:53:57 UTC | monitor: Fix IPv6 string formatting in CT messages [ upstream commit 7ccfaf9563f9c02d717339e005dff44b7eda8170 ] Previously: Conntrack lookup 1/2: src=[::303a366463]:0 dst=[::303a31623938]:32768 Now: Conntrack lookup 1/2: src=[::0:dc06]:0 dst=[::0:981b]:32768 Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Maciej Kwiek <maciej.iai@gmail.com> | 26 April 2018, 16:15:31 UTC |
| e47fb9b | Ray Bejjani | 23 April 2018, 15:58:31 UTC | doc: Add a section about CiliumEndpoint CRDs [ upstream commit 2ab1b52a8b03da2d6dcd535e2be78d2555fbc862 ] Signed-off-by: Ray Bejjani <ray@covalent.io> Signed-off-by: Maciej Kwiek <maciej.iai@gmail.com> | 26 April 2018, 16:15:31 UTC |
| 54227ac | Ian Vernon | 18 April 2018, 20:50:20 UTC | Documentation: remove bash-test framework references [ upstream commit c14be592c54459848c334960c8bc657e53ccd031 ] Also do some minor fixups of grammatical errors, and some rewording to make sentences more clear. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Maciej Kwiek <maciej.iai@gmail.com> | 26 April 2018, 16:15:31 UTC |
| 0cd257b | Thomas Graf | 24 April 2018, 04:10:05 UTC | Prepare 1.0.0 release Signed-off-by: Thomas Graf <thomas@cilium.io> | 24 April 2018, 05:42:39 UTC |
| 5d23ebd | Romain Lenglet | 23 April 2018, 21:15:34 UTC | ipcache: Fix ipcache deletion of old identities on update [ upstream commit 50f0f7082f7059df1e395bf12a907c279672e04e ] Fix the scope of the cachedIdentity variable in ipIdentityWatcher. Make the agent crash in case an invalid IP-ID mapping is deleted. Fixes: https://github.com/cilium/cilium/issues/3825 Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 24 April 2018, 04:03:32 UTC |
| 86a2112 | André Martins | 11 April 2018, 12:45:21 UTC | test: update k8s tests for 1.8, 1.9, 1.10 and 1.11 [ upstream commit d59189fdd9e3aac40e067a9d8afcd11b59a5ee88 ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> | 24 April 2018, 04:03:32 UTC |
| 0bbe9b6 | Eloy Coto | 20 April 2018, 07:06:48 UTC | Test: Fix issues with Updates and Kube-dns [ upstream commit c01603b2450536d5f5c8215aebed9d00957b096a ] On `k8sT/Update.go` the system install a new cilium v1.0 image, but it does not wait for Kubedns to be ready, so time to time the kubedns was not ready at all. With this commit we make sure that the DNS is ready before applied any policy. Signed-off-by: Eloy Coto <eloy.coto@gmail.com> Signed-off-by: Ray Bejjani <ray@covalent.io> | 24 April 2018, 00:05:41 UTC |
| 8e0825a | Romain Lenglet | 19 April 2018, 22:58:31 UTC | etcd: Clear the etcd status error when connectivity is OK [ upstream commit 5fb78adb81052b449834de960704ff017fbb950a ] Fixes: 9f9086e5c68aea7556dbec3b98a249ca7520863a Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 24 April 2018, 00:05:41 UTC |
| f43b949 | Joe Stringer | 06 April 2018, 00:46:17 UTC | bpf: Fix default build config [ upstream commit c7b00124fb1ed598dc2607f950c995075a3beaa5 ] The policy prog array is indexed by LXC index, so it needs to be as big as the ENDPOINTS_MAP_SIZE. Fix it up in the node_config. This only affects developers that build the bpf/ directory then attempt to load BPF programs from it directly into the kernel without using the rest of Cilium to orchestrate. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 24 April 2018, 00:05:41 UTC |
| 82b5b75 | Joe Stringer | 19 April 2018, 05:17:34 UTC | bpf: Fix tracing message for egress policy [ upstream commit adc46707494ba108aef26d9e85dd56ee8290afee ] Previously, this would print the source and destination in the wrong order. Fix it up. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 24 April 2018, 00:05:41 UTC |
| e6befe1 | Thomas Graf | 22 April 2018, 17:23:54 UTC | Prepare for 1.0.0-rc14 release Signed-off-by: Thomas Graf <thomas@cilium.io> | 22 April 2018, 17:59:58 UTC |
| b4cb0ca | Jarno Rajahalme | 20 April 2018, 23:07:28 UTC | envoy: Use distinct Stats stores for each instance of a xDS client. [ upstream commit 2110a64e4b51d1baef6efa21557621b11968cf21 ] Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 22 April 2018, 04:45:20 UTC |
| 2270bfe | Jarno Rajahalme | 20 April 2018, 23:07:28 UTC | envoy: Minor cleanup. [ upstream commit 181fada8bbe3de78c40ce160b81c61c67cc47d92 ] Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 22 April 2018, 04:45:20 UTC |
| 2662716 | Jarno Rajahalme | 20 April 2018, 23:07:27 UTC | envoy: Initialize thread local host map with an empty map. [ upstream commit 94be14c72260cde45d1b7a981bb3629e7d54d3f5 ] Initialize with an empty map instead of a nullptr to make it less likely that a null pointer is found when resolving. Due to worker threads possibly initializing later than the main thread it is still possible (at least in theory) that a worker thread resolves before initializing so we still check the value of the thread local pointer. Perform the null pointer check before dereferencing it, as libc++ assertions fail otherwise. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 22 April 2018, 04:45:20 UTC |
| 6b3f8cb | Romain Lenglet | 20 April 2018, 21:44:01 UTC | npds: Don't wait for ACK from sidecar proxy with no L7 rules [ upstream commit 0118ac2c39df0070743107f89dc4e1f2e78678f5 ] Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 22 April 2018, 04:45:20 UTC |
| 21742ba | Romain Lenglet | 20 April 2018, 20:32:46 UTC | npds: Don't update NetworkPolicy if none has been calculated [ upstream commit 553ba7163c96e4af595e21af7119c7866168f473 ] Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 22 April 2018, 04:45:20 UTC |
| 7d571e7 | Joe Stringer | 20 April 2018, 17:57:13 UTC | xds: Validate NPHDS updates before upserting [ upstream commit c2adbfe63c7058ffad74dfb8e4ff6006a4fd6386 ] This should catch recent errors such as the one reported in #3825. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 22 April 2018, 04:45:20 UTC |
| cf8c68e | Ian Vernon | 20 April 2018, 17:05:32 UTC | ginkgo-kubernetes-all.Jenkinsfile: increase timeouts [ upstream commit 803bd5437ad4d2a991b472035686f0f46ae32c86 ] Use a more generous timeout to allow for variability in build times. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 22 April 2018, 04:45:20 UTC |
| 2172cd1 | Thomas Graf | 20 April 2018, 15:29:05 UTC | workloads: Silence noisy harmless warning [ upstream commit 53065cc51a7ac148571e7bafa160c354d99d3fa7 ] The following warning is repeated up to 20 times when a container create event is being handled but the container has already exited again: level=warning msg="Unable to inspect container, retrying..." containerID=ad5fd3ea00 error="unable to inspect container 'ad5fd3ea0031e00f5d0dbaac16b69bfb6c3b9d2894cbcf326be86ae2dd67df5f': Error: No such container: ad5fd3ea0031e00f5d0dbaac16b69bfb6c3b9d2894cbcf326be86ae2dd67df5f" maxRetry=20 retry=8 subsys=containerd-watcher The warning is absolutely harmless, move it to a debug message. Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 22 April 2018, 04:45:20 UTC |
| 92faf3d | André Martins | 20 April 2018, 15:05:00 UTC | k8s: only watch for ingress changes if LB is enabled [ upstream commit 94f9a2cd4c2d24acc5f1159c507a2dc04a36c37f ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 22 April 2018, 04:45:20 UTC |
| b746224 | Joe Stringer | 19 April 2018, 19:00:58 UTC | ipcache: Avoid issuing delete for identity=0 [ upstream commit 3a7ceb132e0b3db1ec4bc7e367dbfdc09087ba70 ] Fixes: b6c5cb0f1bf5 ("ipcache: Shift NPHDS logic to envoy") Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 22 April 2018, 04:45:20 UTC |
| f0dfa85 | André Martins | 19 April 2018, 00:00:19 UTC | start.sh: add routes based on VM name [ upstream commit 4923337104969f95825013f1b162ee935dc0d969 ] Add routes without hardcoded VM prefix name Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 22 April 2018, 04:45:20 UTC |
| ce6b79e | André Martins | 18 April 2018, 23:59:33 UTC | Vagrantfile: re-add workaround for kube-proxy in node-2 [ upstream commit d5795a3405b44cbf2610e1096d397f79f64325c2 ] Since kube-proxy doesn't redirect traffic to the proper interface when translating from service IP to backend IP we need to re-add this workaround. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 22 April 2018, 04:45:20 UTC |
| 8183260 | Jarno Rajahalme | 19 April 2018, 01:27:06 UTC | envoy: Manage life-cycles of singleton maps properly. [ upstream commit 3179a2c326762d5c3b3e90a992a75a09b2183940 ] Both policy and host maps are managed as singletons, which are initialized when first required, and destructed when the last listener referring to them via Cilium filter instances is removed. Internally, the maps "post" configuration changes to Envoy worker threads via thread dispatch queues. These changes are packaged as C++ lambda closures. The problem with this is that while the "posts" are queued, it is possible for all the listeners to be removed, and thus the associated singleton maps being freed. If the posted closure refers to the (now stale) map, bad things can happen. Fix this by capturing either a weak or shared pointer to the lambda closure. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 22 April 2018, 04:45:20 UTC |
| e63acd9 | Eloy Coto | 19 April 2018, 16:33:15 UTC | Backport: Don't failfast on branch V1.0 Signed-off-by: Eloy Coto <eloy.coto@gmail.com> | 20 April 2018, 18:39:16 UTC |
| 7f322b0 | André Martins | 19 April 2018, 21:56:50 UTC | k8s/specs: update image tag to v1.0.0-rc13 Signed-off-by: André Martins <andre@cilium.io> | 20 April 2018, 16:57:27 UTC |
| a8a85ed | André Martins | 19 April 2018, 21:54:59 UTC | k8s/specs: change imagePullPolicy to IfNotPresent Since we never change the image of docker image releases we can change the imagePullPolicy to IfNotPresent to avoid wasting resources. Signed-off-by: André Martins <andre@cilium.io> | 20 April 2018, 16:57:27 UTC |
| 0361f2b | André Martins | 18 April 2018, 15:23:53 UTC | k8s: add some fixes to the kubernetes spec file This fixes the previous commit which had the RestartAlways set in the wrong place. Restart always will guarantee that kubelet will restart cilium in case of failure. Fixes: (e200aaffc1) k8s: add some fixes to the kubernetes spec file Signed-off-by: André Martins <andre@cilium.io> | 20 April 2018, 16:57:27 UTC |
| d873a25 | Manali Bhutiyani | 18 April 2018, 19:48:26 UTC | Kafka : remove noise from logging EOF messages in Kafka parser We keep seeing a lot of these on normal client (produce/consume) connection close. We should not be logging valid EOF as errors. [ upstream commit d9143000325e61a9ed63817b453f7cffbf76de89 ] level=error msg="Unable to parse Kafka request; closing Kafka request connection" error=EOF id="rx:10.15.161.35:57590->10.15.28.238:10551<->tx:closed" Fixes: #3792 Signed-Off-By: Manali Bhutiyani <manali@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 19 April 2018, 18:43:27 UTC |
| cf50c76 | Romain Lenglet | 14 April 2018, 09:26:01 UTC | doc: Fix spelling [ upstream commit e89d35c2a21319b3f5ec2e19405aa6646652b1c4 ] Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 19 April 2018, 18:43:27 UTC |
| c745392 | Romain Lenglet | 12 April 2018, 19:05:14 UTC | doc: Replace cilium-sidecar.yaml with a config map setting [ upstream commit 95d04e633f2e97244c5bc78c4fa0c6052466971d ] Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> | 19 April 2018, 18:43:27 UTC |
| e200aaf | André Martins | 18 April 2018, 15:23:53 UTC | k8s: add some fixes to the kubernetes spec file Restart always will guarantee that kubelet will restart cilium in case of failure. Signed-off-by: André Martins <andre@cilium.io> | 19 April 2018, 04:15:01 UTC |
| 87aa854 | Jarno Rajahalme | 16 April 2018, 23:06:15 UTC | docs: Refine backporting instructions. [ upstream commit 9f25a9058963800edf3b368aa9d617856f121f1c ] Refine backporting instructions by explicitly specifying how to use GitHub labels. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 19 April 2018, 03:41:11 UTC |
| 64c03f0 | Joe Stringer | 17 April 2018, 22:13:47 UTC | policy: Support reserved:cluster entity [ upstream commit 45038629e6e7a881bf6f8a3f91ed34f8a6e61828 ] The support for this entity was already plumbed through most of Cilium, it just wasn't exposed in the API. Expose it there. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 19 April 2018, 03:41:11 UTC |
| 8a9a6a5 | Joe Stringer | 17 April 2018, 16:55:39 UTC | monitor: Fix CT entry dst port printing [ upstream commit 1355c81a101fc489eaa083b9946874d0d186b2e2 ] Ports were not being printed correctly for ports in CT entry monitoring output. Fix it. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 19 April 2018, 03:41:11 UTC |
| aadca0d | Joe Stringer | 17 April 2018, 06:51:57 UTC | xds: Add tests for cache.Lookup [ upstream commit c6612a9c6a69bc5e3cffe91d74afd5f4c53267f1 ] Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 19 April 2018, 03:41:11 UTC |
| 7ae3ba6 | Joe Stringer | 13 April 2018, 18:34:32 UTC | daemon: Push reserved IP->Identity mappings to XDS [ upstream commit 11c8f3923fb538a583a3e45c9cf1530e9f6312b1 ] Previously we were only handling the BPF case and missing these IPs in XDS, so presumably we would not apply L3/L4 policies correctly for the XDS (eg Envoy sidecar) case. CC: Ian Vernon <ian@cilium.io> Fixes: 7448e41aa047 ("endpoint: sync endpoint IP-SecID map to kvstore") Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 19 April 2018, 03:41:11 UTC |
| 9ea1c96 | Joe Stringer | 16 April 2018, 21:35:20 UTC | envoy: Handle IP->ID deletes inside cache [ upstream commit e24b30d6dc2dce7cd5866f7cdb78958f4fe94296 ] Don't reach back up to the ipcache to handle deletes like this, rather look through the cache and update the entries in place. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 19 April 2018, 03:41:11 UTC |
| 36bbfe5 | Joe Stringer | 13 April 2018, 07:26:37 UTC | ipcache: Shift NPHDS logic to envoy [ upstream commit b6c5cb0f1bf5b8496c89c89ffaff4c2740fe3ba5 ] There was a bunch of Network Policy Hosts Discovery Service logic littering the ipcache logic, shift it into envoy. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 19 April 2018, 03:41:11 UTC |
| 7a4b94e | Ian Vernon | 17 April 2018, 19:55:04 UTC | pkg/envoy: always use dport in proxy statistics [ upstream commit a1e7a25405a8a65285af4a1dd00b8c93d478ec17 ] Even on egress, rules are always defined with 'ToPorts'; thus, in proxy statistics, only use the port to which traffic is flowing (destination port). Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 19 April 2018, 03:41:11 UTC |
| 860c19f | Joe Stringer | 16 April 2018, 22:42:17 UTC | bpf: Fix log message about not supporting CIDR [ upstream commit f3ca26e764ce25d9c8f946ec8088cd295e4d0815 ] Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 19 April 2018, 03:41:11 UTC |
| 8989880 | Ian Vernon | 05 April 2018, 21:12:51 UTC | bpf/lib: unconditionally create ipcache bpf map in datapath [ upstream commit b2e94027ec0f901a189380f1b22740a960cd760c ] In case the opening and creating of the map in userspace fails, it now will be unconditionally created in the datapath. This will not affect the datapath because the lookup into the map is only performed when egress policy is enabled in the datapath for a specific endpoint. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 19 April 2018, 03:41:11 UTC |
| 4155c14 | Ian Vernon | 04 April 2018, 20:37:05 UTC | pkg/bpf: add additional logging and error handling [ upstream commit 5df8397ee957021550e21997e4c1e3f8ac4a06a7 ] * Add logs for when we append to list of maps to open after bpffs is mounted. * Log errors that occur when opening / creating maps which are stored in list of maps to open after bpffs is mounted. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 19 April 2018, 03:41:11 UTC |
| f612888 | Ian Vernon | 06 April 2018, 07:58:01 UTC | pkg/logging/logfields: add log field for BPF map name [ upstream commit 09f1936d39f21704036385286e5d72a90c3eb393 ] Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 19 April 2018, 03:41:11 UTC |
| 030f253 | Ian Vernon | 04 April 2018, 19:20:33 UTC | pkg/maps/ipcache: log if map unable to be opened [ upstream commit 11091ed6611867a8274d55e798f1973777b6d79f ] Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> | 19 April 2018, 03:41:11 UTC |
| cf4887c | Thomas Graf | 18 April 2018, 21:25:45 UTC | Disable code owners reviews in 1.0 branch Signed-off-by: Thomas Graf <thomas@cilium.io> | 18 April 2018, 22:22:03 UTC |
| 02bea38 | Ray Bejjani | 17 April 2018, 12:08:21 UTC | scripts: contrib/backports/check_stable prints PR link [ upstream commit 63b39052f349da7c87c5f4a8d1a7c02e823fe5e2 ] Signed-off-by: Ray Bejjani <ray@covalent.io> | 17 April 2018, 18:49:49 UTC |
| ecdc2d2 | Ray Bejjani | 17 April 2018, 12:05:26 UTC | scripts: contrib/backports/check_stable handles backports-done label [ upstream commit 29cab3a38109a5349fc37e0dfa55b64ae291fd9f ] We sometimes leave the "stable/backport-done" label on PRs. Instead of confusing ourselves, we now filter these out. Signed-off-by: Ray Bejjani <ray@covalent.io> | 17 April 2018, 18:49:49 UTC |
| ff19397 | Eloy Coto | 16 April 2018, 14:13:14 UTC | Test: Increase logs for Kube-dns issues [ upstream commit 25c80eb7b366977f6d2696d0bc19bd110d1e0647 ] - Added kubedns logs in reportFailed. - Added a new fallback option in `WaitForKubeDNSEntry` to know in case of fail if the issue is that the DNS entry does not exits, or cannot connect to kube-dns service. - Use service IP instead of the kube-dns pod IP. Signed-off-by: Eloy Coto <eloy.coto@gmail.com> Signed-off-by: Ray Bejjani <ray@covalent.io> | 17 April 2018, 18:49:49 UTC |
| 62c48d7 | Thomas Graf | 15 April 2018, 16:50:03 UTC | Prepare for 1.0.0-rc13 Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:29:04 UTC |
| 2e0c7fa | Thomas Graf | 15 April 2018, 02:02:09 UTC | policy: Add TestWildcardL4RulesIngress and TestWildcardL4RulesEgress [ upstream commit 82950581c84eec44bfbc3209db0f8de80344a8aa ] Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| 5f4e908 | Ian Vernon | 13 April 2018, 04:08:19 UTC | pkg/policy: change parser type logic for merging L4Filter [ upstream commit 3ebcca016553f7e9bd80b512f9e9471f5df9d0c6 ] If any L4Filters being merged together have rules on L7, even if one of the rules allows all on L7, allow all on L7, but set the parser type of the be the L7Parser type of the L4Filter which contains L7-related rules. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| 4d664df | Ian Vernon | 12 April 2018, 17:37:54 UTC | pkg/policy: do not use length checks on L4Filter.Endpoints [ upstream commit 030fea128ec7636fcc374f608842b5e25803287a ] Length of this slice is not a reliable indicator of what information is encoded in the slice anymore because we now use the WildcardEndpointSelector within this slice to represent that the L4Filter selects all endpoints. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| 7ca251e | Ian Vernon | 12 April 2018, 17:24:10 UTC | pkg/policy: remove redundant length check in AllowsAllAtL3 [ upstream commit 62db3530301bd6f93e803a5a20da19ecfbb0fb7d ] This length check is performed within EndpointSelectorSlice.SelectsAllEndpoints, so just remove it from AllowsAllAtL3. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| 9474fd5 | Romain Lenglet | 14 April 2018, 11:26:25 UTC | test: Force using IPv4 for egress connections to google.com [ upstream commit 232274b5a25fc847644a8aefed88b85a6b4ec91f ] Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| 7e8491d | Romain Lenglet | 14 April 2018, 08:18:40 UTC | test: Always execute "cilium endpoint get" with -o json [ upstream commit 5dc1865b7527e324d8cc142446441742c447ff8a ] Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| 0b2517e | Romain Lenglet | 14 April 2018, 07:12:55 UTC | policy: Replace adding L3-only rules into L4PolicyMap with extra loop [ upstream commit 6b0115c81e38f06feac767f4a1f656c2518742d7 ] Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| e5938c4 | Romain Lenglet | 13 April 2018, 22:37:56 UTC | policy: Synthesize wildcard L7 rules for L3-only rules [ upstream commit 8c0ba61abf47844e27252b64f3a912fbc1fc23c8 ] Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| aef393c | Romain Lenglet | 12 April 2018, 18:44:27 UTC | test: Fix Star Wars demo test [ upstream commit 9da6d710df4a286dc35c2aee61264b85ebceb3fc ] Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| 10724e7 | André Martins | 14 April 2018, 00:04:33 UTC | test: fix star wars demo [ upstream commit 645afa10741355d6fcd09c316ac01def0024a928 ] Once a new endpoint is created, it can trigger regeneration for all the remaining endpoints. By not checking if all of them were in ready state before testing the connection all the traffic could potentially be dropped until the security labels are assigned to that particular endpoint. Since the communication was always denied, before the endpoint had its security ID assigned, the tests would always fail as it was expecting the connection to be successfull. For this reason we should wait for all endpoints to be in ready state before testing out any connection tests. As an example for endpoint 36125 the monitor would show the following: ``` <- endpoint 36125 flow 0xfd750d60 identity 0->0 state new ifindex 0: 9a:1a:e4:12:33:29 -> ff:ff:ff:ff:ff:ff ARP -> lxc8d11b: ca:f4:2e:75:46:11 -> 9a:1a:e4:12:33:29 ARP <- endpoint 36125 flow 0xae0d91ac identity 0->0 state new ifindex 0: 10.1.139.2:45668 -> 172.20.0.10:53 udp xx drop (Policy denied (L3)) flow 0xae0d91ac to endpoint 0, identity 0->0: 10.1.139.2:45668 -> 172.20.0.10:53 udp <- endpoint 36125 flow 0xae0d91ac identity 0->0 state new ifindex 0: 10.1.139.2:45668 -> 172.20.0.10:53 udp xx drop (Policy denied (L3)) flow 0xae0d91ac to endpoint 0, identity 0->0: 10.1.139.2:45668 -> 172.20.0.10:53 udp <- endpoint 36125 flow 0xae0d91ac identity 0->0 state new ifindex 0: 10.1.139.2:45668 -> 172.20.0.10:53 udp xx drop (Policy denied (L3)) flow 0xae0d91ac to endpoint 0, identity 0->0: 10.1.139.2:45668 -> 172.20.0.10:53 udp <- endpoint 36125 flow 0xae0d91ac identity 0->0 state new ifindex 0: 10.1.139.2:45668 -> 172.20.0.10:53 udp xx drop (Policy denied (L3)) flow 0xae0d91ac to endpoint 0, identity 0->0: 10.1.139.2:45668 -> 172.20.0.10:53 udp >> Endpoint regenerated: 36125 (k8s:class=spaceship,k8s:org=alliance,k8s:io.kubernetes.pod.namespace=default) <- endpoint 56687 flow 0xb1f87f1 identity 21577->0 state new ifindex 0: fe80::c41d:a6ff:fef1:7998 -> ff02::2 RouterSolicitation ``` Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| 34846e9 | Jarno Rajahalme | 13 April 2018, 23:30:38 UTC | bpf: Make all funtions in lib/policy.h conditional on DROP_ALL [ upstream commit 786376ee9c1489505f722f20e5b20e35f7b7e9ad ] Make all policy decision functions conditional on DROP_ALL to avoid regressions in future. Suggested-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| a068821 | Jarno Rajahalme | 13 April 2018, 23:02:04 UTC | bpf: Honor DROP_ALL also in ingress to a container. [ upstream commit ce741afa31adcc7fb39939112f64fc2e3c757d0d ] Even if DROP_ALL is defined, the bpf program can be compiled so that the actual ingress policy check returns OK (e.g., POLICY_INGRESS not defined). Check for DROP_ALL in higher level code that is not conditional to any other compile time definitions. Fixes: https://github.com/cilium/cilium/issues/3731 Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| 6a127e9 | Jarno Rajahalme | 13 April 2018, 20:13:56 UTC | envoy: Remove assert, reduce logging. [ upstream commit 1e1fbbd899c625f809ab12d794e8c5c2b32f46e7 ] Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| 9ea7a10 | Thomas Graf | 13 April 2018, 06:44:46 UTC | policy: Do not wildcard CIDR 0/0 for world and all entity [ upstream commit 118ad8232628214938e3955cb14bf43cce55b482 ] With the introduction of label based egress including the world and all identity, it is no longer required to whitelist CIDR 0/0 for the world and all entity as it is covered by the identity based policy map which also supports L4. This allows to define rules such as: [{ "endpointSelector": {"matchLabels": {}}, "egress": [{ "toEntities": ["world"], "toPorts": [ {"ports":[ {"port": "80", "protocol": "TCP"}, {"port": "53", "protocol": "UDP"} ]} ] }] }] Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
| e1a49d9 | Jarno Rajahalme | 12 April 2018, 22:32:21 UTC | daemon: Regenerate endpoint in PATCH handler also when endpoint is in waiting-for-identity state. [ upstream commit 3ba379a817e50a1b79192ff5cae48a647a832545 ] commit 41c08396ce ("daemon: Only regenerate in PATCH from valid state") intended to limit endpoint regeneration calls from the API PATCH endpoint handler to valid endpoint states, but inadvertently limited the allowed states only to waiting-to-regenerate, while the endpoint should also be built while in the waiting-for-identity state. The symptom was that endpoints created via docker never built the initial drop-all bpf program while waiting for identity. This commit allows endpoint regeneration via the PATCH endpoint API also when the endpoint is in wairing-for-identity state. Fixes: 41c08396ce ("daemon: Only regenerate in PATCH from valid state") Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> | 16 April 2018, 03:13:58 UTC |
