Skip to main content

Browse the archive

https://github.com/cilium/cilium
17 August 2024, 22:12:05 UTC
sort by:
Revision Author Date Message Commit Date
ff97b30 Ian Vernon 03 August 2018, 21:41:30 UTC Prepare for release v1.1.2 c5226b6d41bbdee661663e8b716d502e256ba6d6 prepared for release v1.1.2, but the Cilium team decided to backport a few more fixes and fold them into this release; since v1.1.2 was not officially released via GitHub nor on Slack, we can do this. Signed-off by: Ian Vernon <ian@cilium.io> 04 August 2018, 00:53:26 UTC
71cb75d Jarno Rajahalme 03 August 2018, 00:21:10 UTC envoy: Sanitize HTTP headers [ upstream commit 9bb35ec59bf4809b3336fab61ea5f515ec5786d5 ] Remove HTTP headers that might interfere with the original destination processing. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> 03 August 2018, 20:50:15 UTC
ceb5902 Thomas Graf 02 August 2018, 11:37:32 UTC bpffs: Cache mountinfo result [ upstream commit dd43f1e36b8418793922426633bf390aa3b95f6c ] Scanning /proc/self/mountinfo whenever a map is opening is expensive as the string scanning is CPU intesive. Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Joe Stringer <joe@wand.net.nz> 03 August 2018, 20:00:02 UTC
6bc29f4 Thomas Graf 02 August 2018, 10:15:22 UTC monitor: Fix spin loop when reading stdout from monitor fails [ upstream commit 45aea8b9963bafc759a7ba16825c81c5f35a1c86 ] The following pprof cpu trace was observed: ``` flat flat% sum% cum cum% 6670ms 32.97% 32.97% 7650ms 37.82% syscall.Syscall 2270ms 11.22% 44.19% 3290ms 16.26% runtime.scanobject 1690ms 8.35% 52.55% 4300ms 21.26% runtime.mallocgc 910ms 4.50% 57.04% 910ms 4.50% runtime.heapBitsForObject 680ms 3.36% 60.41% 680ms 3.36% runtime.greyobject 560ms 2.77% 63.17% 560ms 2.77% runtime.memclrNoHeapPointers 460ms 2.27% 65.45% 460ms 2.27% runtime.heapBitsSetType 430ms 2.13% 67.57% 490ms 2.42% runtime.ifaceeq 300ms 1.48% 69.06% 10450ms 51.66% bufio.(*Reader).ReadSlice 300ms 1.48% 70.54% 300ms 1.48% runtime.casgstatus ``` The cause seems lack of error handling of `ReadBytes()` so an EOF on the pipe will result in the for loop spinning forever. Also fix up invalid calls to Fatalf() and instead restart the monitor when creation of the pipe fails. The last fix is to have launcher.Run() return an error if the command cannot be started so we can restart the monitor properly if we can't execute it at first. Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Joe Stringer <joe@wand.net.nz> 03 August 2018, 20:00:02 UTC
1a9c488 Ian Vernon 11 June 2018, 22:03:48 UTC daemon: refactor updating of CNP Node Status [ upstream commit ab76b79b4c384cab48beb4954d3cd213f64b5ba3 ] * update annotations if CNP rule spec has not changed: previously, if a user updated the annotations for a rule, but did not update the \`spec\` or \`specs\` fields, the logic in the daemon would short circuit updating the rule in the local repository within Cilium to avoid unneeded and costly policy recalculation. This meant that the annotations would not be updated. Add logic to update the annotations if they have changed even if the rule's \`spec\` or \`specs\` have not changed. Also ensure that we create a deep copy of the annotations when adding a rule into the Cilium repository. * factor out updating of the CiliumNetworkPolicyNodeStatus into a function: the creation of CNP NodeStatus objects was being performed in multiple places, and then sent to the K8s client in multiple places; factor this into a function. * add extensive comments which detail the meaning of various error cases: these cases are quite subtle. * update documentation of Error and OK in CiliumNetworkPolicyNodeStatus * always set Enforcing flag in CiliumNetworkPolicyNodeStatus: this means that the field will never be empty. --- Backporter's notes: Applied a partial revert of commit 8d15cc962c44 ("k8s: Use UpdateStatus for kubernetes server version >=1.11") to resolve backport conflict: diff --git a/daemon/k8s_watcher.go b/daemon/k8s_watcher.go index c8715f14287c..5583fb40f57a 100644 --- a/daemon/k8s_watcher.go +++ b/daemon/k8s_watcher.go @@ -1442,12 +1442,7 @@ func updateCNPNodeStatus(cnp *cilium_v2.CiliumNetworkPolicy, enforcing, ok bool, cnp.SetPolicyStatus(nodeName, cnpns) ns := k8sUtils.ExtractNamespace(&cnp.ObjectMeta) - switch { - case ciliumUpdateStatusVerConstr.Check(k8sServerVer): - _, err2 = ciliumNPClient.CiliumV2().CiliumNetworkPolicies(ns).UpdateStatus(cnp) - default: - _, err2 = ciliumNPClient.CiliumV2().CiliumNetworkPolicies(ns).Update(cnp) - } + _, err2 = ciliumNPClient.CiliumV2().CiliumNetworkPolicies(ns).Update(cnp) return err2 } Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Joe Stringer <joe@wand.net.nz> 03 August 2018, 20:00:02 UTC
c5226b6 Ian Vernon 31 July 2018, 23:38:26 UTC Prepare for release v1.1.2 Signed-off-by: Ian Vernon <ian@cilium.io> 01 August 2018, 01:55:09 UTC
239fb36 André Martins 27 July 2018, 18:32:39 UTC kubernetes: set maxUnavailable to pods to 2 on upgrade [ upstream commit 6ac133c503223e0cd5186da07bf355530f3a5620 ] This will prevent Cilium from stopping all pods when doing an version upgrade. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Joe Stringer <joe@wand.net.nz> 30 July 2018, 15:25:21 UTC
02b0549 André Martins 27 July 2018, 15:43:56 UTC daemon: always re-add CNP when receiving an update from Kubernetes [ upstream commit ca3b2c254d24b3c271697f26b519399c0f6ceb0f ] Fixes: 1fd4f57c1ab3 ("adding CRD cilium network policy policy status") Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Joe Stringer <joe@wand.net.nz> 30 July 2018, 15:25:21 UTC
23de365 Maciej Kwiek 27 July 2018, 00:41:52 UTC Add label script docs to backporting process [ upstream commit 0b5f00a6e40e54fb4365040bcb92a05d48e8b3b4 ] Signed-off-by: Maciej Kwiek <maciej@covalent.io> Signed-off-by: Joe Stringer <joe@wand.net.nz> 30 July 2018, 15:25:21 UTC
48f6fed Maciej Kwiek 27 July 2018, 00:34:30 UTC Add label script for backporting [ upstream commit 8ae80d14be1b166f122c4f960001794ba1919842 ] contrib/backporting/set-labels.py can be used to change backported PR label status accordingly. Signed-off-by: Maciej Kwiek <maciej@covalent.io> Signed-off-by: Joe Stringer <joe@wand.net.nz> 30 July 2018, 15:25:21 UTC
f5c9d2e André Martins 26 July 2018, 23:15:39 UTC pkg/endpoint: annotate pod with numeric identity [ upstream commit a735c86d3dc6f352950f3ce254601d03654b9e3e ] As the pod annotation value is expected to be numeric, Cilium should always set that value with a numeric one instead of the string representation. Example of the expected output: $ kubectl get pods -n kube-system kube-dns-7dcc557ddd-vl9s2 -o yaml apiVersion: v1 kind: Pod metadata: annotations: cilium.io/identity: "129" scheduler.alpha.kubernetes.io/critical-pod: "" Fixes: e2d08b5ba510 ("endpoint: Use controller pattern to sync identity to k8s pod") Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Joe Stringer <joe@wand.net.nz> 30 July 2018, 15:25:21 UTC
6d3d96f Maciej Kwiek 27 July 2018, 19:54:25 UTC Add client timeout for Cilium API [ upstream commit 66e36c4160e3671372de5fe79a8678a5d60b2f96 ] [ Backporter's notes: Imported 'apisocket' as 'api' ] Signed-off-by: Maciej Kwiek <maciej@covalent.io> Signed-off-by: Joe Stringer <joe@wand.net.nz> 30 July 2018, 15:25:21 UTC
5322e2e Maciej Kwiek 25 July 2018, 21:58:25 UTC Increase timeout on endpoint generations [ upstream commit 50d7b947847aca94c24ff59a1f761384a1e3668b ] API server timeouts are also increased Signed-off-by: Maciej Kwiek <maciej@covalent.io> Signed-off-by: Joe Stringer <joe@wand.net.nz> 30 July 2018, 15:25:21 UTC
cda822b Thomas Graf 23 July 2018, 20:43:50 UTC kvstore: Wait for kvstore watcher to exit [ upstream commit 534e30cb938b3f1a285ca6a367820403e73c8225 ] Also protect Stop() with a sync.Once to never close the channel twice. Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Joe Stringer <joe@wand.net.nz> 30 July 2018, 15:25:21 UTC
5762e52 Thomas Graf 27 July 2018, 04:33:26 UTC consul: Add timeout to List() in Watch() to detect watcher stop [ upstream commit 09a660939b1a70ec4594176c6e541d1acb3c974c ] Due to the default timeout value in the blocking List(), a Consul watcher was taking a long time to detect that the watcher must be stopped. Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Joe Stringer <joe@wand.net.nz> 30 July 2018, 15:25:21 UTC
6e8d59a Thomas Graf 02 July 2018, 14:11:33 UTC store: Make kvstore backend configurable [ upstream commit 131be74477bcfbf93f02b2dc1eb03804d82a1265 ] This is required for #4727 Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Joe Stringer <joe@wand.net.nz> 30 July 2018, 15:25:21 UTC
35c3d3b Thomas Graf 05 July 2018, 21:40:57 UTC ipcache: Allow providing kvstore client to watcher [ upstream commit f36767cd93f6a07f9177e3b1f16aef61c91e008b ] This is required for #4727 Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Joe Stringer <joe@wand.net.nz> 30 July 2018, 15:25:21 UTC
3fefea5 André Martins 26 July 2018, 10:35:20 UTC docs: explicitly set kube-system namespace when applying new ConfigMap [ upstream commit a3686255addaa795edb3ed08bab31ca5eae76500 ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Maciej Kwiek <maciej.iai@gmail.com> 27 July 2018, 01:11:14 UTC
7aec4c7 Romain Lenglet 25 July 2018, 05:13:11 UTC doc: Disable unused Istio services in Istio GSG [ upstream commit 45129b7341dda99ce02df9cc85f0d0e85d780428 ] Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Maciej Kwiek <maciej.iai@gmail.com> 27 July 2018, 01:11:14 UTC
7b302be Romain Lenglet 25 July 2018, 05:12:38 UTC doc: Support BSD sed in Istio GSG [ upstream commit 85885f930dae2d885e42182ff8fc2c25787ecae8 ] Fixes: https://github.com/cilium/cilium/issues/4564 Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Maciej Kwiek <maciej.iai@gmail.com> 27 July 2018, 01:11:14 UTC
4176f22 Thomas Graf 24 July 2018, 06:08:29 UTC etcd: Fix and relax during recreate watcher loop [ upstream commit 734745ec7c801e54758ebbad61dc5f2d24dbef2c ] The revision to watch should not be incremented when Watch() returns an already closed channel. Also fix a cosmetic problem where lastRev in the for loop was shadowing the variable declared outside of the loop. We have observed occasions where etcd returns a closed channel on calling Watch(). The problem typically resolves itself quickly but we should sleep for a while to relax the CPU. Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Maciej Kwiek <maciej.iai@gmail.com> 27 July 2018, 01:11:14 UTC
49aef00 André Martins 23 July 2018, 19:48:38 UTC pkg/endpoint: fix endpoint.logger race condition [ upstream commit b2967eb3b62b5d4aaa79ec023e71502db4380473 ] As getLogger specifies the endpoint.Mutex needs to be held, endpoint.getLogger() after a mutex.Lock() Fixes: 6a8b48951470 ("endpoint: Limit proxy completion timeout to proxy updates") Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Maciej Kwiek <maciej.iai@gmail.com> 27 July 2018, 01:11:14 UTC
be3fb23 Ian Vernon 29 June 2018, 03:50:18 UTC daemon: fix minimum number of work threads unit test [ upstream commit 3b33059187f7f89e2b3571d43cf24c38900536e0 ] The test failed with the following output when ran locally: ``` ---------------------------------------------------------------------- FAIL: <autogenerated>:1: DaemonConsulSuite.TestMinimumWorkerThreadsIsSet daemon_test.go:181: c.Assert(numWorkerThreads() >= 4, Equals, true) ... obtained bool = false ... expected bool = true ``` Fixes: 25f898609888 ("daemon: change minimal worker thread to 2") Signed-off-by: Ian Vernon <ian@cilium.io> Signed-off-by: Maciej Kwiek <maciej.iai@gmail.com> 27 July 2018, 01:11:14 UTC
9115d05 Ray Bejjani 23 July 2018, 21:03:44 UTC codeowners: Remove CODEOWNERS from v1.1 23 July 2018, 21:14:52 UTC
badb065 Eloy Coto 17 July 2018, 22:00:46 UTC Test: K8s/Tunnels wait until all pods terminate [ upstream commit bfd17015b74f32c2bb2f769d75235bb2e97209ec ] Have seen in a PR that the pods are deleted on the `AfterEach` but never wait until it was terminated, the next test started installing the pods and it was still present. With this change test waits until all pods are being termintated correctly. Signed-off-by: Eloy Coto <eloy.coto@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> 21 July 2018, 14:53:18 UTC
b7e4213 Eloy Coto 19 July 2018, 00:17:14 UTC Test: Upgrade test wait until pods are terminated. [ upstream commit e76b84da91faf1bde23e4e9f7205416ea6fffab9 ] I saw in the build [0] that pods are not ready after the timeout, but the test itself didn't wait until cilium is uninstalled, so the system fails because no pods at all. With this change make sure that all terminated containers are deleted. [0] https://jenkins.cilium.io/job/Ginkgo-CI-Tests-Pipeline/3343/testReport/junit/k8s-1/7/K8sValidatedUpdates_Updating_Cilium_stable_to_master/ Signed-off-by: Eloy Coto <eloy.coto@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> 21 July 2018, 14:53:18 UTC
0aae09b André Martins 18 July 2018, 20:23:52 UTC pkg/kvstore: fix high-cpu usage when Cilium loses Consul connectivity [ upstream commit a4f7f1e15ae5c2fe4564502cd4952aca2b907095 ] Fixes: 85469b099dac ("kvstore: New kvstore abstraction API") Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> 21 July 2018, 14:53:18 UTC
6094010 Ian Vernon 18 July 2018, 17:57:16 UTC Prepare for v1.1.1 release Signed-off-by: Ian Vernon <ian@cilium.io> 18 July 2018, 20:53:32 UTC
392980c Ian Vernon 13 July 2018, 21:54:32 UTC pkg/policy/api: handle multiple CIDRs in CIDRSlice when adding reserved:world EndpointSelector [ upstream commit 5ce1514496fa95aa0431855f6900140b57ee8e7d ] If multiple CIDRs are provided in a CIDR rule, CIDRs corresponding to the world (0.0.0.0/0 and ::/0) are not correctly converted to the reserved:world EndpointSelector. The net effect of this is that policy does not allow traffic to the world when rules are provided that select multiple CIDRs, if any of the CIDRs within the CIDRSlice in the rule correspond to reserved:world. This commit fixes that bug, and adds additional unit tests. Signed-off-by: Ian Vernon <ian@cilium.io> 18 July 2018, 00:38:59 UTC
06de593 André Martins 13 July 2018, 12:46:54 UTC pkg/endpoint: set state ready if endpoint labels are the same [ upstream commit 04c810122df1a53232799edb488de4de6b5dc29b ] Fixes: 7ccf87701fc ("kvstore: New kvstore abstraction API") Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> 18 July 2018, 00:38:59 UTC
a8f503d Joe Stringer 12 July 2018, 01:37:45 UTC daemon: Mark all traffic from host with magic bits [ upstream commit 44dfd3e92dee8d642af6133260e3b20ec2da71f4 ] Originally we set this mark only for traffic destined to the cilium_host device, to ensure that any traffic directly reaching to a Cilium-managed IP could be classified as from the host. However, there's another case where a local process attempts to reach a service IP which is backed by a Cilium-managed pod. The service implementation is outside of Cilium's control, for example, handled by kube-proxy. We can tag even this traffic with a magic mark, then when the service implementation proxies it back into Cilium the BPF will see this mark and understand that the packet originated from the host. Fixes: #4715 Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Ian Vernon <ian@cilium.io> 18 July 2018, 00:38:59 UTC
d3b0a7f André Martins 11 July 2018, 08:30:09 UTC pkg/workloads: check if Client() is nil to avoid nil pointer dereference [ upstream commit 27cda71dfc34aca0ad3898f18cf0d3d469d67619 ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ian Vernon <ian@cilium.io> 17 July 2018, 22:56:24 UTC
85fad7f Joe Stringer 11 July 2018, 03:28:11 UTC docs: Map stable RTD version to VERSION [ upstream commit 239cb9e7b8e2ec7abeed7e214a3cbd9ea0dfface ] When readthedocs requests to build the "stable" build, configure the links into GitHub to search for the release version specified in the root of the repository. This fixes the links for examples in the Cilium github repository for the stable version of the docs, such as those used in the kubernetes getting started guide. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Ian Vernon <ian@cilium.io> 17 July 2018, 22:56:24 UTC
c7339ab Romain Lenglet 05 July 2018, 22:45:28 UTC daemon: Add sidecar-istio-proxy-image flag [ upstream commit 204943ca621975eef3941d6750233a0ca31c4c40 ] Fixes: https://github.com/cilium/cilium/issues/4760 Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Ian Vernon <ian@cilium.io> 17 July 2018, 22:56:24 UTC
78d1cc7 Romain Lenglet 05 July 2018, 23:43:13 UTC examples/kubernetes: Add sidecar-istio-proxy-image config map setting [ upstream commit bdb0af7f78da4f867f40f2c6249ef94d9b30d1d9 ] Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Ian Vernon <ian@cilium.io> 17 July 2018, 22:56:24 UTC
420568b Ian Vernon 16 July 2018, 22:54:54 UTC Revert "Test: MicroscopeStart return callback if error." This reverts commit 7e0975c3051190eb5d21d10342182b5c382df991. Reverting this commit because there are multiple fixes needed (e.g., #4452) to ensure microscope is terminated properly in the CI. To avoid blocking backports further, reverting this commit is the simplest fix at this time. Signed-off-by: Ian Vernon <ian@cilium.io> 17 July 2018, 20:31:28 UTC
dc02761 André Martins 09 July 2018, 14:28:29 UTC pkg/kvstore: set hard timeout for etcd lock path to 1 minute [ upstream commit c25a8493f8b3088443ea971747d2499bdee93d85 ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 11 July 2018, 17:18:05 UTC
b2cc90d Ian Vernon 06 July 2018, 17:12:45 UTC pkg/endpoint: use logStatusLocked in writeHeaderfile [ upstream commit ad989530eaa12be78b51e9c2afcbaeb584e5e00b ] writeHeaderfile is called with the endpoint Mutex is held. LogStatus tries to acquire the endpoint Mutex, and is called within writeHeaderfile. This is a deadlock scenario. Fix by calling logStatusLocked instead, which assumes the endpoint Mutex is held. Fixes: #4772 Signed-off-by: Ian Vernon <ian@cilium.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 11 July 2018, 17:18:05 UTC
73ab99b Ian Vernon 06 July 2018, 17:09:45 UTC pkg/endpoint: lock endpoint Status indexMU in logStatusLocked [ upstream commit 548b68f9fefaf08fe77e6e6507ec7247d0732877 ] Some functions within pkg/endpoint called this function without the aforementioned mutex being locked, which should be done as we are updating the object which it protects. Move the locking logic into logStatusLocked, which is called when the endpoint Mutex is held. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 11 July 2018, 17:18:05 UTC
9bc5c8a Thomas Graf 06 July 2018, 16:22:02 UTC bpf: Fix ipcache lookup for kernels with HAVE_LPM_MAP_TYPE [ upstream commit ce2278e7bf04819a5ce515452c5665dd3aeee137 ] Fix definitions of V4_CACHE_KEY_LEN and V6_CACHE_KEY_LEN to no longer account for IPCACHE_PREFIX_LEN() as ipcache_lookup4() and ipcache_lookup6() account for it themselves. Fixes: deb11d99016 ("bpf: Support LPM for ipcache on newer kernels") Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 11 July 2018, 17:18:05 UTC
18c815a André Martins 05 July 2018, 16:28:19 UTC examples/kubernetes: fix default crio mounting path [ upstream commit 8937b90094b3c926ff514c93fddb05f92b4d8603 ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 11 July 2018, 17:18:05 UTC
8db9c4b Ian Vernon 04 July 2018, 05:00:38 UTC envoy: use local_resources parameter during bazel build [ upstream commit a2de55038c949c654a0a4b1a0724579217f25421 ] This sets the resources for memory, CPU, and I/O for the bazel build. This avoids errors like the following when building Envoy: ``` 23:27:39 virtualbox-iso: ERROR: /home/vagrant/.cache/bazel/_bazel_vagrant/502ef5068e38073dd9828a920a71f484/external/envoy/source/server/http/BUILD:11:1: C++ compilation of rule '@envoy//source/server/http:admin_lib' failed (Exit 4) 23:27:39 virtualbox-iso: gcc: internal compiler error: Killed (program cc1plus) 23:27:39 virtualbox-iso: Please submit a full bug report, 23:27:39 virtualbox-iso: with preprocessed source if appropriate. 23:27:39 virtualbox-iso: See <file:///usr/share/doc/gcc-7/README.Bugs> for instructions. 23:27:39 virtualbox-iso: Target //:envoy failed to build 23:27:39 virtualbox-iso: Use --verbose_failures to see the command lines of failed build steps. 23:27:39 virtualbox-iso: INFO: Elapsed time: 444.469s, Critical Path: 74.62s 23:27:39 virtualbox-iso: INFO: 1544 processes, local. 23:27:39 virtualbox-iso: FAILED: Build did NOT complete successfully 23:27:39 virtualbox-iso: FAILED: Build did NOT complete successfully 23:27:40 virtualbox-iso: make: *** [envoy-release] Error 1 23:27:40 virtualbox-iso: Makefile:68: recipe for target 'envoy-release' failed 23:27:41 ==> virtualbox-iso: Deregistering and deleting VM... 23:27:41 ==> virtualbox-iso: Deleting output directory... 23:27:41 Build 'virtualbox-iso' errored: Script exited with non-zero exit status: 2 ``` Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 11 July 2018, 17:18:05 UTC
f4837b5 André Martins 04 July 2018, 19:33:44 UTC pkg/endpoint: check endpoint's state before modifying identity labels [ upstream commit 9d7026b8c0fe97daca9c4412c5769e0226b87207 ] ModifyIdentityLabels() can potentially be invoked on an endpoint that is already disconnecting and the state transition can incorrectly revive it. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 11 July 2018, 17:18:05 UTC
cee7d07 Cynthia Thomas 03 July 2018, 22:24:22 UTC kops guide edits [ upstream commit 181a8143df5d63277fb8f17f654bb4c1a75ef198 ] Signed-off-by: Cynthia Thomas <cynthia@covalent.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 11 July 2018, 17:18:05 UTC
ea9ebe1 Nirmoy Das 03 July 2018, 09:50:29 UTC cilium-docker: fix gatewayIPv4 assignment [ upstream commit 9a43b10c07ccfbb0e5c2784f1c7dc1d5d29eec10 ] Signed-off-by: Nirmoy Das <ndas@suse.de> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 11 July 2018, 17:18:05 UTC
75529dc André Martins 02 July 2018, 14:44:44 UTC test: remove policy enforcement in k8s tests [ upstream commit 94557d4c8a69ae51e10830818f96bef26e8098ff ] As we are testing the policy enforcement in runtime tests there's no point on testing this test in kubernetes as it causes network disruption in the DNS pod. This network disruption might be causing test failures in the following tests. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 11 July 2018, 17:18:05 UTC
60a7a5e André Martins 29 June 2018, 12:55:02 UTC examples/kubernetes: add "system-node-critical" priorityClass [ upstream commit f385a2c37d0161e6a8d52fea8810a1b61d52483d ] More info: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical-when-priorites-are-enabled Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 11 July 2018, 17:18:05 UTC
bba863f Ian Vernon 28 June 2018, 19:52:44 UTC pkg/policy: take into account To / FromRequires when computing L4 policy [ upstream commit 123901fadb9ae0b93f6759bb294899350a599755 ] Previously, requirements (i.e., ToRequires and FromRequires) were not taken into account when computing L4Policy. The net effect of this was that traffic from more identities than should have been allowed, was allowed for L4-policy. To do so, augment the current L4 policy resolution framework to aggregate the endpoint selectors corresponding to all requirements which select the labels for which policy is being evaluated as Kubernetes MatchExpressions, and then for each rule, append these MatchExpressions to either FromEndpoints or ToEndpoints as the rule is being evaluated against the provided set of labels. Signed-off by: Ian Vernon <ian@cilium.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 11 July 2018, 17:18:05 UTC
fb1360e Thomas Graf 28 June 2018, 13:49:49 UTC endpoint: Fix restored endpoints not showing up in ipcache [ upstream commit 048aecd0f7a609e8ea561b0f44f493d9ab5d7b53 ] Due to leaving the SetIdentity() functione early, the controller to sync the identity to the ipcache and to the k8s pod as annotation was never started until the identity has changed again. Fixes: 7448e41aa047 ("endpoint: sync endpoint IP-SecID map to kvstore") Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 11 July 2018, 17:18:05 UTC
b2e1d28 André Martins 28 June 2018, 12:29:15 UTC pkg/k8s: stop logging conflicting errors as errors on update [ upstream commit 1c3072d9e1ae390c9aee1d721522a732e5377bde ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 11 July 2018, 17:18:05 UTC
f8ede31 Eloy Coto 05 July 2018, 14:44:03 UTC TEST: Update kube-dns manifest for 1.11 and bigger versions. [ upstream commit ea2f1be5de378b42651ab6fc6c2a3ea0ddbb742a ] - Use coredns deployment file, with logs. - Use coredns/kubedns in different version on deployment - Move helper DNS deployment variable based on DNS engine Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 11 July 2018, 17:18:05 UTC
5ef22f0 Eloy Coto 03 July 2018, 12:58:07 UTC Test: Update cilium stable image to v1.0.4 [ upstream commit 667304499ed46c7afc6c3e68a2fd77bcfaa91e45 ] Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 11 July 2018, 17:18:05 UTC
5dd0adf Eloy Coto 28 June 2018, 12:20:11 UTC Test: Upgrade test, delete kube-dns pods before install. [ upstream commit e9c6dc4dfd93f462b1d41fabdc48086e5d1fdf86 ] Delete Kube-dns pods before cilium 1.0 is installed. This is because if not cilium 1.0 try to restore pods from 1.1 and maybe it fails. Related #4329 Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 11 July 2018, 17:18:05 UTC
d739d5e André Martins 28 June 2018, 08:31:10 UTC daemon: change minimal worker thread to 2 [ upstream commit 25f898609888dc1b0adf5b22e64a24f6f3f3b22d ] As all of your CI was running with 2 CPUs, it was creating some scalibility issues in cilium-agent while building the BPF programs. For this reason we should decrease the minimal worker threads to 2 so we can make sure Cilium won't take too much time to regenerate BPF programs in nodes that only have 2 CPUs. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 11 July 2018, 17:18:05 UTC
06629aa Ray Bejjani 27 June 2018, 10:59:14 UTC backport: Only check merged PRs [ upstream commit ff108fb09ac07eccffb31f73dc693856fde421a1 ] The script would surface closed PRs with the needs/backport label. Instead of cleaning those up, clean up the script. Signed-off-by: Ray Bejjani <ray@covalent.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 11 July 2018, 17:18:05 UTC
25a87d0 Ray Bejjani 27 June 2018, 11:15:43 UTC backport: use the same url for all searches [ upstream commit 7dfffe42f51a0b5cfb8f2d2b085e7cc2da889f0d ] We had two, they were almost the same. Now we have one and no one will editg the incorrect one again. Signed-off-by: Ray Bejjani <ray@covalent.io> Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 11 July 2018, 17:18:05 UTC
7e0975c Eloy Coto 26 June 2018, 13:41:55 UTC Test: MicroscopeStart return callback if error. [ upstream commit 548be0cf2755c65a42d33d0420f5e03f7430da53 ] If the Microscope pod is not ready in the given timeout, it returned `nil` callback that will fail when it is called on JustAfterEach, so no logs were gathered correctly. Related to #4644 Signed-off-by: Eloy Coto <eloy.coto@gmail.com> 11 July 2018, 17:18:05 UTC
afa2457 André Martins 05 July 2018, 19:45:02 UTC examples/kubernetes: fix k8s 1.12 cilium image tag Signed-off-by: André Martins <andre@cilium.io> 10 July 2018, 09:21:57 UTC
d74247a André Martins 28 May 2018, 14:06:11 UTC examples/kubernetes: add k8s 1.12 deployment files [ upstream commit a93ee3d8fde7f67589615a4130477dbac4f478a2 ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 02 July 2018, 09:30:26 UTC
d223dfc André Martins 28 May 2018, 11:52:53 UTC test: add k8s 1.12 test framework [ upstream commit 878ad4d06426f3ec1294fea80fddd36d06b5e3c0 ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 02 July 2018, 09:30:26 UTC
3b9797c Jarno Rajahalme 19 June 2018, 00:21:33 UTC envoy: Rebase to to build backports The original commit is 6477c13882a6f36684a68fc4ef2af0861054a130 and it's commit mesages was: envoy: Rebase to get gRPC timeout support. Rebase to the upstream Envoy commit that adds support for 'max_grpc_timeout'. Pass the zero value for it, allowing infinite gRPC timeouts. The actual timeout is derived from the 'grpc-timeout' header, but if missing, it defaults to infinity. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 02 July 2018, 09:30:26 UTC
843800e André Martins 21 June 2018, 17:34:36 UTC Dockerfile: update base build images to version 2018-06-21 [ upstream commit 43d19e330d22ff685bc6d616f49d196c51abbc8b ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 02 July 2018, 09:30:26 UTC
da3cb61 André Martins 21 June 2018, 17:28:29 UTC Dockerfile: update go to 1.10.3 [ upstream commit b5728f1b91516c435eae1fcce617fd6b62fda019 ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 02 July 2018, 09:30:26 UTC
a2c3d97 André Martins 25 June 2018, 16:23:00 UTC pkg/endpoint: set policy revision if there is no datapath changes [ upstream commit 0e35b735c3c788dc47aa94b3e6e5dc49dfdbd25d ] As cilium calls regeneratePolicy inside regenerateBPF, it could end up setting up the policy revision before enforcing the changes in the datapath. This bug could be triggered by TriggerPolicyUpdates where the trace call could be the following: 1 - endpoint.TriggerPolicyUpdates 2 - endpoint.TriggerPolicyUpdatesLocked 3 - endpoint.regeneratePolicy returns (true, nil) returns (true, nil) 4 - endpoint.Regenerate 5 - endpoint.regeneratePolicy 6 - endpoint.setPolicyRevision(y) # -> WRONG! 7 - endpoint.regenerateBPF 8 - endpoint.setPolicyRevision(y) # -> 'y' was already wrongly set in step 6 Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 02 July 2018, 09:30:26 UTC
ed2a659 Thomas Graf 26 June 2018, 11:09:27 UTC Doc: Fix service account policy example [ upstream commit 99e1158b827156a39cb8cb6721931b513394584c ] Fixes: 90e1d364dcd ("doc: Add documentation and example for service account matching") Reported-by: Cynthia Thomas <cynthia@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 02 July 2018, 09:30:26 UTC
9e590d4 Thomas Graf 26 June 2018, 13:09:05 UTC kvstore: Fix unintentional info message [ upstream commit 5e36192012304c590b10961fef38db331224a8bd ] Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 02 July 2018, 09:30:26 UTC
b5bc936 André Martins 26 June 2018, 15:20:31 UTC tests: Update cilium-builder in unit tests to 2018-06-21 [ upstream commit 04aa3a38f149055914c26dfb8592b4c46ee7cd29 ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 02 July 2018, 09:30:26 UTC
03a65f5 Eloy Coto 26 June 2018, 15:19:03 UTC CI: Delete bugtool files correctly [ upstream commit c0935ef055ad1793467f601a00e4e40cd204197c ] On fail, the `kubectl.DumpCiliumCommandOutput` command creates some bugtool outputs and are saved on the test_result folder,but it was not deleted correctly from the pod, and it was in there if any other test fails it'll be in there and we dump old information. Signed-off-by: Eloy Coto <eloy.coto@gmail.com> Signed-off-by: Ray Bejjani <ray@covalent.io> 02 July 2018, 09:30:26 UTC
d6aa1c2 André Martins 26 June 2018, 15:23:36 UTC test: Use latest stable etcd and consul images [ upstream commit 678e983ddc07f05019e3b0b6b04146502444b383 ] Change the real etcd and consul docker image tags that are used in the unit tests run in the CI. Fixes: ab999f126278 ("test: Use latest stable etcd and consul images") Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 02 July 2018, 09:30:26 UTC
d0ef14a Maciej Kwiek 25 June 2018, 14:25:48 UTC Adjust installation from source guide [ upstream commit 8556f669da026d5cde57dc3806076892a33e7614 ] Signed-off-by: Maciej Kwiek <maciej@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 02 July 2018, 09:30:26 UTC
59bc60e Maciej Kwiek 25 June 2018, 14:25:17 UTC Fix `go vet` issue [ upstream commit 463ef6860808a6731318af520840c2b1bab81bcd ] Signed-off-by: Maciej Kwiek <maciej@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 02 July 2018, 09:30:26 UTC
fe206ce André Martins 25 June 2018, 14:19:17 UTC Revert "k8s: Updated LastUpdated after waiting for endpoint status" [ upstream commit aaa616bfb730968f8e7a26aeb5f0399098210044 ] This reverts commit 8f0383c5d893f81d011291406406de3024620eb0. Fixes: 8f0383c5d893 ("k8s: Updated LastUpdated after waiting for endpoint status") Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 02 July 2018, 09:30:26 UTC
d23c39f Joe Stringer 22 June 2018, 04:56:51 UTC daemon: Refactor ipcache CIDR allocations to ipcache [ upstream commit 9a3037232fed19fc165985410e37fadf544c8586 ] Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 26 June 2018, 09:43:56 UTC
d9a6af8 Joe Stringer 22 June 2018, 04:55:46 UTC daemon: Release identities in failure condition [ upstream commit ba398fab0ce4f712a4b4dac79e71bc763f0e36a1 ] If some of the identities cannot be located in the kvstore, then none of the identities or ipcache entries would be deleted when removing a policy. Fix this up to instead attempt to locate as many of the entries as possible, then free as many as can be located. Fixes: 4692732 ("daemon: Allocate identities for CIDRs") Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 26 June 2018, 09:43:56 UTC
2fbbdc8 Joe Stringer 22 June 2018, 04:52:10 UTC daemon: Release ipcache entries on policy add failure [ upstream commit e62b3149072f1702372abcddaad07ed07df7a2ae ] If adding a policy failed, then we previously would release the identities that were allocated, but leave the ipcache mappings in the kvstore for those CIDR->ID pairs. Release the ipcache mappings as well. Fixes: 4692732 ("daemon: Allocate identities for CIDRs") Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 26 June 2018, 09:43:56 UTC
b945508 Thomas Graf 25 June 2018, 07:38:24 UTC Documentation: Re-work the contributor guide [ upstream commit 85a714521f0ed78ba96f02390bd47d9b44270f04 ] This is a heavy restructing and rework of the contributor guide: * Better high level structure * Updated release cadence and LTS explanation * Release process documentation * PR review process documentation * Merging of CONTRIBUTING.md into the contributor guide * CI failure triage process Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Ray Bejjani <ray@covalent.io> 26 June 2018, 09:43:56 UTC
56cb7ee Shantanu Deshpande 25 June 2018, 07:08:39 UTC Fix nesting for Upgrade notes for 1.1 [ upstream commit 70b019f0ac72ca329256f7a84c395db7a51d110a ] Signed-off-by: Shantanu Deshpande <shantanud106@gmail.com> Signed-off-by: Ray Bejjani <ray@covalent.io> 26 June 2018, 09:43:56 UTC
8af7446 Joe Stringer 23 June 2018, 22:00:50 UTC metricsmap: Fix index out of range error [ upstream commit 63f3676dfbce11a4d80d209246c0dcfe30906ad7 ] This function was declaring an array of length `possibleCPUsFileLength` then reading indexes of up to `possibleCpus` out of the array. When the number of possible CPUs is large, this would cause the following error: panic: runtime error: index out of range goroutine 236 [running]: github.com/cilium/cilium/pkg/maps/metricsmap.SyncMetricsMap(0x0, 0x0) /go/src/github.com/cilium/cilium/pkg/maps/metricsmap/metricsmap.go:194 +0x33b created by github.com/cilium/cilium/pkg/controller.(*Manager).UpdateController /go/src/github.com/cilium/cilium/pkg/controller/manager.go:82 +0x30c To fix this, declare a slice and use the pointer to the first element to pass to the kernel. This should point to a contiguous memory location of the appropriate length for the kernel to write the results into, according to the following documentation: https://blog.golang.org/go-slices-usage-and-internals Fixes: #4622 Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> 24 June 2018, 15:20:15 UTC
7d0c247 Thomas Graf 23 June 2018, 08:48:14 UTC NEWS: Update after latest backports Signed-off-by: Thomas Graf <thomas@cilium.io> 23 June 2018, 09:00:28 UTC
3567943 Joe Stringer 22 June 2018, 18:09:27 UTC treewide: Avoid go build `-i` [ upstream commit e542412662b85a1b32bb80043d115e03c9b3b83f ] Using `-i` in the "go build" arguments with Golang 1.10 on Ubuntu using a snap package results in this error: $ make -C daemon CHECK contrib/scripts/bindata.sh GO daemon/cilium-agent go build runtime/cgo: open /snap/go/2130/pkg/linux_amd64/runtime/cgo.a: read-only file system According to the upstream issue, this is because it's attempting to rebuild the core Golang packages on the system, and snap is preventing this via a read-only file system to ensure consistency for the base Golang version. The workaround suggested in the following issue is to remove `-i`. https://github.com/golang/go/issues/24674 Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> 23 June 2018, 09:00:28 UTC
cfd88fb Joe Stringer 22 June 2018, 17:39:11 UTC ipcache: Improve comments for reference counter [ upstream commit f91762fc65150aba8a942066515fdd4b209a2775 ] Clean up some minor typos in the comments. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> 23 June 2018, 09:00:28 UTC
6a9c213 Joe Stringer 20 June 2018, 18:30:46 UTC k8s: Allocate ipcache mappings for service backends [ upstream commit 03a3fd791d8eb9ae884742f248939a412822bf1e ] When generating CIDR rules in k8s translation, allocate identities for the new CIDRs (for service backends) and create CIDR->Identity mappings in the IPCache. Fixes: #4570 Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> 23 June 2018, 09:00:28 UTC
5b6cc42 Thomas Graf 22 June 2018, 22:21:24 UTC k8s: Simplify EndpointSelector creation in tests [ upstream commit 90d125a4200563948f5edbd60a34c863d8c961b4 ] [ NOTE: partial backport of only NewESFromMatchRequirements] Previously, these tests declared EndpointSelectors directly, assuming that they have indepth knowledge of the internal structure of the EndpointSelector. However, future changes may modify the internals of EndpointSelector. To simplify these future changes and reduce the tight coupling of these two packages, make use of constructors to create the endpoint selectors. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> 23 June 2018, 09:00:28 UTC
69079ab Joe Stringer 21 June 2018, 01:33:13 UTC policy: Refactor getting CIDR prefixes from CIDR strings [ upstream commit 5e712a312c8b3f6715b769fbe8e38d738e545741 ] Put this code into the ip package so that an upcoming commit can reuse from common/. Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> 23 June 2018, 09:00:28 UTC
0ac2142 Joe Stringer 22 June 2018, 04:56:51 UTC daemon: Refactor ipcache CIDR allocations to ipcache [ upstream commit 9a3037232fed19fc165985410e37fadf544c8586 ] Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> 23 June 2018, 09:00:28 UTC
cda88b8 Joe Stringer 22 June 2018, 04:55:46 UTC daemon: Release identities in failure condition [ upstream commit ba398fab0ce4f712a4b4dac79e71bc763f0e36a1 ] If some of the identities cannot be located in the kvstore, then none of the identities or ipcache entries would be deleted when removing a policy. Fix this up to instead attempt to locate as many of the entries as possible, then free as many as can be located. Fixes: 4692732 ("daemon: Allocate identities for CIDRs") Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> 23 June 2018, 09:00:28 UTC
ec51b68 Joe Stringer 22 June 2018, 04:52:10 UTC daemon: Release ipcache entries on policy add failure [ upstream commit e62b3149072f1702372abcddaad07ed07df7a2ae ] If adding a policy failed, then we previously would release the identities that were allocated, but leave the ipcache mappings in the kvstore for those CIDR->ID pairs. Release the ipcache mappings as well. Fixes: 4692732 ("daemon: Allocate identities for CIDRs") Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> 23 June 2018, 09:00:28 UTC
d2d9081 Thomas Graf 21 June 2018, 14:24:49 UTC identity: Move CIDR identity code into pkg/identity/cidr [ upstream commit bdd61af2287373ff9d86e2fd9ff00a4c29b8a897 ] This removes the following dependency tree from pkg/identity: ``` - ├ github.com/cilium/cilium/pkg/labels/cidr - ├ fmt - ├ net - ├ github.com/cilium/cilium/pkg/labels - └ github.com/cilium/cilium/pkg/node - ├ bufio - ├ bytes - ├ fmt - ├ net - ├ os - ├ os/exec - ├ strconv - ├ strings - ├ github.com/cilium/cilium/api/v1/models - ├ github.com/cilium/cilium/common - ├ github.com/cilium/cilium/pkg/byteorder - ├ encoding/binary - ├ fmt - ├ reflect - └ unsafe - ├ github.com/cilium/cilium/pkg/lock - ├ github.com/cilium/cilium/pkg/logging - ├ github.com/cilium/cilium/pkg/logging/logfields - ├ github.com/cilium/cilium/pkg/maps/tunnel - ├ net - ├ os - ├ path/filepath - ├ unsafe - ├ github.com/cilium/cilium/pkg/bpf - ├ bufio - ├ bytes - ├ encoding/binary - ├ fmt - ├ math - ├ net - ├ os - ├ path - ├ path/filepath - ├ runtime - ├ sync - ├ syscall - ├ unsafe - ├ C - ├ github.com/cilium/cilium/common/types - ├ github.com/cilium/cilium/pkg/byteorder - ├ github.com/cilium/cilium/pkg/comparator - ├ reflect - ├ github.com/cilium/cilium/vendor/github.com/kr/pretty - ├ fmt - ├ io - ├ log - ├ reflect - ├ strconv - ├ text/tabwriter - └ github.com/cilium/cilium/vendor/github.com/kr/text - ├ bytes - ├ io - └ math - ├ github.com/cilium/cilium/vendor/github.com/pmezard/go-difflib/difflib - ├ bufio - ├ bytes - ├ fmt - ├ io - └ strings - └ github.com/cilium/cilium/vendor/gopkg.in/check.v1 - ├ bufio - ├ bytes - ├ errors - ├ flag - ├ fmt - ├ go/ast - ├ go/parser - ├ go/printer - ├ go/token - ├ io - ├ math/rand - ├ os - ├ path - ├ path/filepath - ├ reflect - ├ regexp - ├ runtime - ├ strconv - ├ strings - ├ sync - ├ sync/atomic - ├ testing - └ time - ├ github.com/cilium/cilium/pkg/components - ├ os - └ strings - ├ github.com/cilium/cilium/pkg/defaults - ├ github.com/cilium/cilium/pkg/lock - ├ github.com/cilium/cilium/pkg/logging - ├ github.com/cilium/cilium/pkg/logging/logfields - ├ github.com/cilium/cilium/pkg/mountinfo - ├ bufio - ├ fmt - ├ os - ├ strconv - └ strings - ├ github.com/cilium/cilium/vendor/github.com/sirupsen/logrus - └ github.com/cilium/cilium/vendor/golang.org/x/sys/unix - ├ github.com/cilium/cilium/pkg/defaults - ├ github.com/cilium/cilium/pkg/logging - ├ github.com/cilium/cilium/pkg/logging/logfields - └ github.com/cilium/cilium/vendor/github.com/sirupsen/logrus - ├ github.com/cilium/cilium/pkg/mtu - ├ github.com/cilium/cilium/pkg/option - ├ github.com/cilium/cilium/vendor/github.com/sirupsen/logrus - ├ github.com/cilium/cilium/vendor/github.com/vishvananda/netlink - ├ encoding/binary - ├ errors - ├ fmt - ├ math - ├ net - ├ strings - ├ time - ├ github.com/cilium/cilium/vendor/github.com/vishvananda/netlink/nl - └ encoding/binary - ├ github.com/cilium/cilium/vendor/github.com/vishvananda/netns - ├ errors - ├ fmt - └ syscall - └ github.com/cilium/cilium/vendor/golang.org/x/sys/unix - ├ github.com/cilium/cilium/vendor/golang.org/x/sys/unix - └ github.com/cilium/cilium/vendor/k8s.io/api/core/v1 ``` Signed-off-by: Thomas Graf <thomas@cilium.io> 23 June 2018, 09:00:28 UTC
75f116a Joe Stringer 21 June 2018, 23:25:33 UTC ipcache: Count references to ipcache mappings [ upstream commit 6f9ab9a9808ad6661db997c88cd86d89a3443da7 ] Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> 23 June 2018, 09:00:28 UTC
6875601 Joe Stringer 21 June 2018, 21:39:12 UTC ipcache: Set logging subsys to 'ipcache' [ upstream commit 74f08cda698e264675dc5db843087c1d40303d53 ] This should help in identifying or filtering log messages relevant to this subsystem. Related: #4607 Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> 23 June 2018, 09:00:28 UTC
cc65fd7 Joe Stringer 21 June 2018, 21:31:08 UTC ipcache: Split into multiple files [ upstream commit 1afe998b1657d7afe275739e5d5ab9d7390833ee ] Signed-off-by: Joe Stringer <joe@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> 23 June 2018, 09:00:28 UTC
f057e38 Arvind Soni 21 June 2018, 20:38:13 UTC Fixed a reference that was to localhost Changed the clustername to include a username to avoid stepping on multiple clusters [ upstream commit 012378bf7f3e444744086711be398baa9f517028 ] Signed-off-by: Arvind Soni <arvindsoni@gmail.com> Signed-off-by: Thomas Graf <thomas@cilium.io> 23 June 2018, 09:00:28 UTC
601aefc Arvind Soni 08 June 2018, 20:04:00 UTC expanded install guide for kops with complete steps from scratch [ upstream commit baabea2db6fb354202f30630a99501cb54bb8616 ] also fixed a typo labelled --> labeled in metrics.rst Signed-off-by: Arvind Soni <arvindsoni@gmail.com> Signed-off-by: Thomas Graf <thomas@cilium.io> 23 June 2018, 09:00:28 UTC
cc22c76 Eloy Coto 22 June 2018, 08:41:36 UTC Test: Wait until all pods are ready [ upstream commit 7e1130407de36e0467d7bb43ca616d0aebce6f0d ] Fix #4612 Signed-off-by: Eloy Coto <eloy.coto@gmail.com> Signed-off-by: Thomas Graf <thomas@cilium.io> 23 June 2018, 09:00:28 UTC
67947c5 Romain Lenglet 21 June 2018, 17:04:51 UTC docs: Remove sidecar-http-proxy config from upgrade instructions [ upstream commit 8023f74b76d2339af3b5eace448616a01b73d246 ] Fixes: https://github.com/cilium/cilium/commit/4ccf124629942f7ab1c461485fe7b8f3ed3caf94 Fixes: https://github.com/cilium/cilium/pull/4531 Signed-off-by: Romain Lenglet <romain@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> 23 June 2018, 09:00:28 UTC
6464509 Thomas Graf 21 June 2018, 15:31:28 UTC agent: Require go 1.10 for safe namespace operations [ upstream commit 4390a693c3a2e98f3e79bac1096706aaa5733064 ] Ensure that we build Cilium container images with Go 1.10 to ensure safe namespace interactions. Document this properly as a requirement in the vagrant box and remove the FIXME in the CNI plugin which is no longer an issue. Signed-off-by: Thomas Graf <thomas@cilium.io> 23 June 2018, 09:00:28 UTC
f55d1e6 Mark deVilliers 20 June 2018, 20:17:02 UTC Check for nil before accessing Status [ upstream commit 85dc7669c2c13bd23de400ec3fd74834624bc397 ] Fixes: #4256 Signed-off-by: Mark deVilliers <markdevilliers@gmail.com> Signed-off-by: Thomas Graf <thomas@cilium.io> 23 June 2018, 09:00:28 UTC
5ad84eb Thomas Graf 20 June 2018, 10:29:55 UTC cni: Change default configuration filename to 00-cilium.conf [ upstream commit 2727a6124fdef1f272c25bb54ae22e0f2f5483e5 ] Various other plugins do not remove the configuration upon uninstallation which then causes conflicts as kubelet picks the first CNI based on alphabetical order. Change the default configuration filename to a prefix that should come first. This is safe as Cilium properly removes the configure when the pod exits. Signed-off-by: Thomas Graf <thomas@cilium.io> 23 June 2018, 09:00:28 UTC
918e4b3 Thomas Graf 20 June 2018, 23:46:10 UTC allocator: Re-use randomly generated ID sequence between allocations [ upstream commit 2f5a8ed2c70b016ea9e1a50fb439190ef0ef3a57 ] While benchmarking the remaining cost of allocations, math/rand usage is the clear bottleneck: 1560ms 12.80% 25.92% 4830ms 39.62% math/rand.(*Rand).Perm /usr/local/go/src/math/rand/rand.go 1440ms 11.81% 37.74% 2510ms 20.59% math/rand.(*Rand).Int31n /usr/local/go/src/math/rand/rand.go 1140ms 9.35% 47.09% 1590ms 13.04% runtime.scanobject /usr/local/go/src/runtime/mgcmark.go 540ms 4.43% 51.52% 540ms 4.43% math/rand.(*rngSource).Int63 /usr/local/go/src/math/rand/rng.go 510ms 4.18% 55.70% 510ms 4.18% runtime.futex /usr/local/go/src/runtime/sys_linux_amd64.s 460ms 3.77% 59.47% 2970ms 24.36% math/rand.(*Rand).Intn /usr/local/go/src/math/rand/rand.go 280ms 2.30% 61.77% 1070ms 8.78% math/rand.(*Rand).Int31 /usr/local/go/src/math/rand/rand.go Signed-off-by: Thomas Graf <thomas@cilium.io> 23 June 2018, 09:00:28 UTC
6cd1371 Jarno Rajahalme 21 June 2018, 18:29:59 UTC Docs: Remove CoreOS Installation Guide [ upstream commit a21f0f5c484509de75db69203528aceba5f99f2a ] CoreOS links we use are now redirected to Tectonic installation guides. As such this document would require extensive revision and validation work. This has been broken for a while now and there has been no apparent interest in this guide, so better remove it. Besides, users can use Kops instead, as it also installs CoreOS images. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Thomas Graf <thomas@cilium.io> 23 June 2018, 09:00:28 UTC
back to top