Revision - 0a83ad2 - pkg/endpoint: set namedPortsGetter interface on ParseEndpoint - origin: https://github.com/cilium/cilium

visit type:

https://github.com/cilium/cilium

09 April 2024, 21:14:05 UTC

Revision 0a83ad24a0d4e2af4ef86fe3631f561bd4b68f5e authored by André Martins on 15 August 2022, 22:04:12 UTC, committed by Aditi Ghag on 24 August 2022, 00:48:32 UTC

pkg/endpoint: set namedPortsGetter interface on ParseEndpoint

[ upstream commit 7eb68cb0270443e8dc682ef83487ace126f3cbeb ]

When restoring endpoints from the state directory we need to also
initialize their internal "getters" as they will not be initialized on
restore.

This prevents Cilium from crashing upon initialization when a CNP with a
named port is available on the cluster.

```
goroutine 827 [running]:
github.com/cilium/cilium/pkg/endpoint.(*Endpoint).GetNamedPortLocked(0xc00024a000, 0x50?, {0xc000ba1cd0, 0x9}, 0xc0?)
 /go/src/github.com/cilium/cilium/pkg/endpoint/policy.go:68 +0x4f
github.com/cilium/cilium/pkg/policy.(*L4Filter).ToMapState(0xc001080000, {0x3434870, 0xc00024a000}, 0x1)
 /go/src/github.com/cilium/cilium/pkg/policy/l4.go:345 +0x2c3
github.com/cilium/cilium/pkg/policy.(*EndpointPolicy).computeDirectionL4PolicyMapEntries(0xc0019e8540, 0xc0019e8540?, 0xc0019e80d8?, 0x40?)
 /go/src/github.com/cilium/cilium/pkg/policy/resolve.go:171 +0xba
github.com/cilium/cilium/pkg/policy.(*EndpointPolicy).computeDesiredL4PolicyMapEntries(0xc0019e8540)
 /go/src/github.com/cilium/cilium/pkg/policy/resolve.go:164 +0x56
github.com/cilium/cilium/pkg/policy.(*selectorPolicy).DistillPolicy(0xc000d180c0, {0x3434870?, 0xc00024a000}, 0x0)
 /go/src/github.com/cilium/cilium/pkg/policy/resolve.go:141 +0x105
github.com/cilium/cilium/pkg/policy.(*cachedSelectorPolicy).Consume(0xc000123770?, {0x3434870?, 0xc00024a000?})
 /go/src/github.com/cilium/cilium/pkg/policy/distillery.go:202 +0x35
github.com/cilium/cilium/pkg/endpoint.(*Endpoint).regeneratePolicy(0xc00024a000)
 /go/src/github.com/cilium/cilium/pkg/endpoint/policy.go:234 +0x3f7
github.com/cilium/cilium/pkg/endpoint.(*Endpoint).runPreCompilationSteps(0xc00024a000, 0xc000399400)
 /go/src/github.com/cilium/cilium/pkg/endpoint/bpf.go:814 +0x2c5
github.com/cilium/cilium/pkg/endpoint.(*Endpoint).regenerateBPF(0xc00024a000, 0xc000399400)
 /go/src/github.com/cilium/cilium/pkg/endpoint/bpf.go:584 +0x189
github.com/cilium/cilium/pkg/endpoint.(*Endpoint).regenerate(0xc00024a000, 0xc000399400)
 /go/src/github.com/cilium/cilium/pkg/endpoint/policy.go:398 +0x7a5
github.com/cilium/cilium/pkg/endpoint.(*EndpointRegenerationEvent).Handle(0xc0014a2b70, 0x29fef80?)
 /go/src/github.com/cilium/cilium/pkg/endpoint/events.go:53 +0x325
```

Example of such CNP:
```
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
  namespace: cilium-test
  name: client-egress-to-echo-deny-named-port
spec:
  endpointSelector:
    matchLabels:
      kind: client
  egressDeny:
  - toPorts:
    - ports:
      - port: "http-8080"
        protocol: TCP
    toEndpoints:
    - matchLabels:
        io.kubernetes.pod.namespace: cilium-test
        kind: echo
```

Fixes: 6e7e9468be4b ("endpoint: Remove references to global ipcache")

Reported-by: Tam Mach <tam.mach@isovalent.com>
Signed-off-by: André Martins <andre@cilium.io>
Signed-off-by: Aditi Ghag <aditi@cilium.io>

1 parent 481d6cc

Files
Changes

Permalinks

Tip revision: 0a83ad24a0d4e2af4ef86fe3631f561bd4b68f5e authored by André Martins on 15 August 2022, 22:04:12 UTC
pkg/endpoint: set namedPortsGetter interface on ParseEndpoint

Tip revision: 0a83ad2

.gitignore

# Compiled Object files, Static and Dynamic libs (Shared Objects)
*.o
*.a
*.so
*.so.*

# LLVM IR files
*.ll
*.ll-*

# Folders
_obj
_test
_build/

# Architecture specific extensions/prefixes
*.cgo1.go
*.cgo2.c
_cgo_defun.c
_cgo_gotypes.go
_cgo_export.*

_testmain.go

*.exe
*.test
*.prof

*.swn
*.swp
.vagrant
vagrant.kubeconfig
coverage.out
coverage-all.out
coverage-all.html
coverage-all-tmp.out

.DS_Store
.idea/
.vscode/
*.plist

*_bash_completion
*.swo
outgoing

*cscope.files
*cscope.out
*cscope.in.out
*cscope.po.out
*tags
.gdb_history

man/

test/envoy/cilium-files
test/test_results*
test/.vagrant
test/tmp.yaml
test/*_manifest.yaml
test/*.xml
test/*.json
test/*.log
test/bpf/_results
test/cilium-[0-9a-f]*.yaml
test/*tmp
test/cilium-istioctl

# generated test files
test/k8s/manifests/cnp-second-namespaces.yaml
test/cilium.conf.ginkgo
external-workload-ca.crt
external-workload-tls.crt
external-workload-tls.key

# GKE temporary files
test/gke/cluster-name
test/gke/cluster-uri
test/gke/cluster-version
test/gke/gke-kubeconfig
test/gke/resize-kubeconfig
test/gke/registry-adder.yaml

# Emacs backup files
*~

# generated from make targets
*.ok
*.build_all
LICENSE.all

# Temporary files that allow build containers/VMs work without git
# Not to be ignored by docker.
GIT_VERSION

# The following files get created during image builds
.buildx
.buildx_builder

# Local developer config to be executed in the dev VM and CI VMs started locally
.devvmrc

# Generated dockerignore files
images/*/Dockerfile.dockerignore

# Local Emacs files
.dir-locals.el

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...