| f351c47 | Quentin Monnet | 16 November 2022, 02:00:31 UTC | docs: Document Cilium's standalone L4 load-balancer Add a new guide for Cilium's standalone L4LB. The tutorial and tests are taken from the test script at test/l4lb/test.sh. This first version of the document is to be completed with the description of more advanced features. Signed-off-by: Quentin Monnet <quentin@isovalent.com> | 16 November 2022, 02:09:06 UTC |
| 4aa559a | renovate[bot] | 15 November 2022, 21:22:53 UTC | chore(deps): update docker.io/library/golang:1.19.3 docker digest to 4198e0e Signed-off-by: Renovate Bot <bot@renovateapp.com> | 15 November 2022, 22:40:26 UTC |
| 4e7209f | André Martins | 14 November 2022, 09:04:35 UTC | pkg/datapath: return specific error message By not returning a specific error message in case of an error, it makes it difficult to find out on which location the Cilium agent has failed to start. Fixes: 8941e963986e ("datapath: Fix race with a deleted device after detection") Signed-off-by: André Martins <andre@cilium.io> | 15 November 2022, 21:35:06 UTC |
| dcddb1b | André Martins | 14 November 2022, 08:45:34 UTC | updates.go: bump stable version to 1.12 Test upgrade and downgrade from the last stable version which is 1.12 Signed-off-by: André Martins <andre@cilium.io> | 15 November 2022, 21:34:39 UTC |
| 18205c9 | dependabot[bot] | 14 November 2022, 08:53:13 UTC | build(deps): bump cilium/little-vm-helper Bumps [cilium/little-vm-helper](https://github.com/cilium/little-vm-helper) from 4f44430a3c7573023ec58959cd0f88e1d2c00e13 to 9bb7d6016e00968adff49dae192a0be87d9c3aef. - [Release notes](https://github.com/cilium/little-vm-helper/releases) - [Commits](https://github.com/cilium/little-vm-helper/compare/4f44430a3c7573023ec58959cd0f88e1d2c00e13...9bb7d6016e00968adff49dae192a0be87d9c3aef) --- updated-dependencies: - dependency-name: cilium/little-vm-helper dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> | 15 November 2022, 20:08:17 UTC |
| 40fc090 | Anton Protopopov | 30 September 2022, 16:03:31 UTC | Allow hostports with localhost hostIPs We need to enable localhost addresses for hostIP, because this is one of the reasons why the following conformance test fails: sonobuoy run --e2e-focus 'validates that there is no conflict between pods with same hostPort but different hostIP and protocol' And we need all conformance tests to pass. (This is not the only reason, the other one is that we don't distinguish between TCP and UDP services, yet.) In order to implement this, we allow localhost hostports and convert them into wildcard entries with an additional flag set: SVC_FLAG_LOOPBACK. Then, in bpp_sock.c we check that connections to such wildcard entries are only resolved for host namespace sockets, and only to a loopback address. To do this we need the get_netns_cookie helper to be defined, so this feature is only enabled for recent (5.7+) kernels. The loopback hostports have only wildcard entries. They will be marked with the 'loopback' flag in the output of 'cilium bpf lb list', e.g.: # cilium bpf lb list SERVICE ADDRESS BACKEND ADDRESS (REVNAT_ID) (SLOT) 0.0.0.0:12345 0.0.0.0:0 (5) (0) [HostPort, non-routable, loopback] 10.244.1.84:1234 (5) (1) 10.96.0.1:443 0.0.0.0:0 (1) (0) [ClusterIP, non-routable] 172.18.0.2:6443 (1) (1) 10.96.0.10:53 10.244.0.129:53 (2) (2) 10.244.0.30:53 (2) (1) 0.0.0.0:0 (2) (0) [ClusterIP, non-routable] ... This commit also adds a new bpf unit-test bpf/tests/wildcard_lookup.c which tests the sock{4,6}_wildcard_lookup{,_full} functions. Signed-off-by: Anton Protopopov <aspsk@isovalent.com> | 15 November 2022, 13:04:13 UTC |
| 941ca61 | Anton Protopopov | 11 October 2022, 12:58:26 UTC | bpf: tests: rename a variable to prevent build failure Build of a test will fail if a 'key' variable is defined, like this: wildcard_lookup.c:123:2: error: declaration shadows a local variable [-Werror,-Wshadow] test_init(); ^ ./common.h:198:9: note: expanded from macro 'test_init' __u32 key = 0; \ ^ wildcard_lookup.c:113:17: note: previous declaration is here struct lb4_key key = { ^ wildcard_lookup.c:348:2: error: declaration shadows a local variable [-Werror,-Wshadow] test_init(); ^ ./common.h:198:9: note: expanded from macro 'test_init' __u32 key = 0; \ ^ wildcard_lookup.c:328:17: note: previous declaration is here struct lb6_key key = { ^ Fix this by renaming a variable used in test setup macros. Signed-off-by: Anton Protopopov <aspsk@isovalent.com> | 15 November 2022, 13:04:13 UTC |
| 74ebcca | Paul Chaignon | 14 November 2022, 12:02:14 UTC | Revert "Test commit" This reverts commit 7b6bec30eebb586c5f34a0041d577d083f332ab5. Signed-off-by: Paul Chaignon <paul@cilium.io> | 14 November 2022, 13:50:17 UTC |
| 3adeadb | Tam Mach | 28 October 2022, 12:00:47 UTC | docs: Add getting started guide for Gateway API Similar to Ingress, a user guide is required for Gateway API. Basic examples for HTTP and HTTPS are added. For detailed use cases, user can still refer to upstream documentation. Also, update installation step for cert-manager with Gateway API support as per https://cert-manager.io/docs/usage/gateway/. Signed-off-by: Tam Mach <tam.mach@cilium.io> | 14 November 2022, 11:11:25 UTC |
| 9d0213f | Tam Mach | 28 October 2022, 11:59:11 UTC | docs: Refactor Ingress docs This is to move demo app and tls cert creation to separate files for re-use later. Signed-off-by: Tam Mach <tam.mach@cilium.io> | 14 November 2022, 11:11:25 UTC |
| ca6ed42 | Paul Chaignon | 26 October 2022, 19:36:48 UTC | bpf: Remove unused ENABLE_L7_PROXY macro This macro isn't used anywhere in the BPF codebase so it's safe to remove. Reverts: 4189d1c74 ("vtep: add ENABLE_L7_PROXY to check in datapath") Signed-off-by: Paul Chaignon <paul@cilium.io> | 14 November 2022, 11:09:36 UTC |
| dac4c06 | youhonglian | 13 October 2022, 08:45:15 UTC | pkg/labels:Optimize generateLabelString() Use strings.Builder instead of fmt.Sprintf() and preallocate the size of the string so that Go doesn't need to over-allocate if the string ends up longer than what the buffer growth algorithm predicts. Results: new: BenchmarkGenerateLabelString-8 36379892 39.96 ns/op 0 B/op 0 allocs/op old: BenchmarkGenerateLabelString-8 5249149 211.8 ns/op 64 B/op 4 allocs/op Fixes: #19571 Signed-off-by: youhonglian <honglian.you@daocloud.io> | 14 November 2022, 11:00:38 UTC |
| 4f7cee5 | renovate[bot] | 12 November 2022, 14:45:06 UTC | chore(deps): update docker.io/library/alpine docker tag to v3.16.3 Signed-off-by: Renovate Bot <bot@renovateapp.com> | 14 November 2022, 08:52:30 UTC |
| ab9ecef | dependabot[bot] | 11 November 2022, 14:04:55 UTC | build(deps): bump golangci/golangci-lint-action from 3.3.0 to 3.3.1 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.3.0 to 3.3.1. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/07db5389c99593f11ad7b44463c2d4233066a9b1...0ad9a0988b3973e851ab0a07adf248ec2e100376) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> | 14 November 2022, 08:50:56 UTC |
| 4a72661 | renovate[bot] | 12 November 2022, 00:07:30 UTC | chore(deps): update docker.io/library/ubuntu docker tag to v22 Signed-off-by: Renovate Bot <bot@renovateapp.com> | 12 November 2022, 00:27:34 UTC |
| 200788d | renovate[bot] | 12 November 2022, 00:07:23 UTC | chore(deps): update docker.io/library/alpine docker tag to v3.16.2 Signed-off-by: Renovate Bot <bot@renovateapp.com> | 12 November 2022, 00:09:22 UTC |
| 642d7a2 | renovate[bot] | 11 November 2022, 10:14:59 UTC | chore(deps): update module go to 1.19 Signed-off-by: Renovate Bot <bot@renovateapp.com> | 12 November 2022, 00:04:07 UTC |
| 9605d79 | renovate[bot] | 11 November 2022, 10:14:27 UTC | chore(deps): update docker.io/library/ubuntu:20.04 docker digest to 450e066 Signed-off-by: Renovate Bot <bot@renovateapp.com> | 12 November 2022, 00:03:20 UTC |
| 4243a96 | renovate[bot] | 11 November 2022, 12:29:25 UTC | chore(deps): update docker.io/library/golang:1.19.3 docker digest to bf4b15c Signed-off-by: Renovate Bot <bot@renovateapp.com> | 12 November 2022, 00:02:53 UTC |
| cf5486a | renovate[bot] | 11 November 2022, 10:14:12 UTC | chore(deps): update docker.io/library/alpine:3.16.2 docker digest to 65a2763 Signed-off-by: Renovate Bot <bot@renovateapp.com> | 12 November 2022, 00:01:54 UTC |
| 7078c82 | John Gardiner Myers | 19 October 2022, 02:41:44 UTC | cli: Update regex for key value validation The previous pattern did not allow spaces in values. Fixes: #19793 Fixes: 070ded019ad (cmd: Allow more complicated patterns in map string type.) Signed-off-by: John Gardiner Myers <jgmyers@proofpoint.com> | 12 November 2022, 00:01:19 UTC |
| b7d3fd0 | Paul Chaignon | 10 November 2022, 17:13:44 UTC | vagrant: Bump net-next VM image version This new image includes a few additional kernel configs that are (1) useful for debugging and (2) required for kube-proxy. Signed-off-by: Paul Chaignon <paul@cilium.io> | 12 November 2022, 00:00:10 UTC |
| 4ff5648 | dependabot[bot] | 11 November 2022, 14:04:30 UTC | build(deps): bump actions/setup-go from 3.3.0 to 3.3.1 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.3.0 to 3.3.1. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v3.3.0...c4a742cab115ed795e34d4513e2cf7d472deb55f) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> | 11 November 2022, 19:21:05 UTC |
| eabab90 | André Martins | 11 November 2022, 14:37:28 UTC | .github/dependabot.yaml: remove image updates Since renovate bot will update the base images automatically, we can remove this configuration form dependabot and rely on renovate. Signed-off-by: André Martins <andre@cilium.io> | 11 November 2022, 15:50:55 UTC |
| 255af83 | pxp928 | 09 November 2022, 20:17:58 UTC | add frsca to users.md Signed-off-by: pxp928 <parth.psu@gmail.com> | 11 November 2022, 12:47:44 UTC |
| 2f24ed7 | André Martins | 10 November 2022, 22:49:46 UTC | add more configuration to .github/renovate.json - Add package rules for the base images since those are always updated together. - Pin ubuntu's and golang's versions depending on the branch. - Prune renovate's stale branches from the repository. Signed-off-by: André Martins <andre@cilium.io> | 11 November 2022, 12:26:40 UTC |
| 9dbd3e1 | André Martins | 10 November 2022, 21:57:17 UTC | add commit Sign-Off for renovate commits As we request all commits to be signed we need this option in renovate's commit message. Signed-off-by: André Martins <andre@cilium.io> | 11 November 2022, 10:07:10 UTC |
| a77a05e | André Martins | 10 November 2022, 09:01:28 UTC | add renovate Renovate is a bot utility that allows to update dependencies in the repository. It's similar to dependabot but unfortunately dependabot lacks the ability to update docker images from ARG in Dockerfiles (https://github.com/dependabot/dependabot-core/issues/2057). Thus, we will be adding renovate to update Dockerfile base images while dependabot's GH issue is not fixed. For future reference the documentation is available in: - https://github.com/renovatebot/tutorial - https://docs.renovatebot.com/configuration-options Signed-off-by: André Martins <andre@cilium.io> | 10 November 2022, 21:17:29 UTC |
| f6d0b70 | Paul Chaignon | 24 October 2022, 15:15:23 UTC | bpf: Check for SRH type on SRv6 decapsulation In SRv6 SRH mode, we currently only support SRv6 encapsulated packets that have a single IPv6 extension header, the Routing SRH one. We should drop the packets with a notification if we receive anything that has other extension headers. Reported-by: Louis DeLosSantos <louis.delos@isovalent.com> Signed-off-by: Paul Chaignon <paul@cilium.io> | 10 November 2022, 20:54:43 UTC |
| edd2abf | Tobias Klauser | 10 November 2022, 19:39:03 UTC | .github/workflows: disable coverage in BPF tests This needs to be fixed in coverbee first, see https://github.com/cilium/cilium/pull/22043#issuecomment-1307887505 For #22078 For #22088 Suggested-by: Timo Beckers <timo@isovalent.com> Signed-off-by: Tobias Klauser <tobias@cilium.io> | 10 November 2022, 19:53:55 UTC |
| 5942aaf | Tobias Klauser | 10 November 2022, 13:47:28 UTC | Revert "Revert "bpf_test: Skip instead of Fatal TestBPF when ..."" This reverts commit 8d35158ba276 ("Revert "bpf_test: Skip instead of Fatal TestBPF when ...""). Reason for revert: This breaks TestBPF in DatapathPrivilegedUnitTests. A follow-up patch will fix the error the original revert commit was trying to solve: bpf_test.go:149: new coll: program test_ct4_rst1_check: load program: invalid argument: nonzero insn_off 25 for the first func info recordprocessed 0 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0 For #22078 Signed-off-by: Tobias Klauser <tobias@cilium.io> | 10 November 2022, 19:53:55 UTC |
| 8d23dc3 | Shunpoco | 07 November 2022, 02:09:33 UTC | Return an error DSR + tunneling on KubeProxyReplacement Because we don't support using node port DSR or Hybrid mode with tunneling, we return an error instead of changing the configuration. Fixes: #22003 Signed-off-by: Shunsuke Tokunaga <tkngsnsk313320@gmail.com> | 10 November 2022, 19:31:22 UTC |
| e91b2ca | Paul Chaignon | 10 November 2022, 17:41:40 UTC | workflows: Bump timeout of master GKE workflow The timeout was bumped to 75min already for the v1.12 version of the GKE workflow, but not for the master version (cf. b6a5b5b26 ("conformance-gke-v1.12: Miscellaneous fixes")). The workflow is currently often failing with a timeout on the last of the four connectivity test runs. Each connectivity test takes between 13 and 14min on GKE. Adding 15min to the workflow should therefore be enough to finish. Signed-off-by: Paul Chaignon <paul@cilium.io> | 10 November 2022, 19:20:34 UTC |
| c147bbd | Tobias Klauser | 09 November 2022, 14:02:53 UTC | Use informer.NewInformer where appropriate Instead of manually creating a store using cache.NewStore and passing it to informer.NewInformerWithStore, use informer.NewInformer which does that internally. Signed-off-by: Tobias Klauser <tobias@cilium.io> | 10 November 2022, 13:08:32 UTC |
| 7975d25 | Tobias Klauser | 09 November 2022, 08:03:28 UTC | Update Go to 1.19.3 Signed-off-by: Tobias Klauser <tobias@cilium.io> | 10 November 2022, 13:07:27 UTC |
| db9a6ea | Sebastian Wicki | 09 November 2022, 17:10:05 UTC | ci: Do not connect to Hubble for tests where flow-validation is disabled The Cilium CLI will try to connect to Hubble even if flow validation is disabled. Because the connection to Hubble is unstable (c.f. cilium/cilium-cli#1204), this can cause the test to abort, even though the test itself would have passed. This commit sets `--hubble=false` to all connectivity tests which also have `--flow-validation=disabled`. Signed-off-by: Sebastian Wicki <sebastian@isovalent.com> | 10 November 2022, 13:00:34 UTC |
| 699adbe | dependabot[bot] | 09 November 2022, 11:28:07 UTC | build(deps): bump google-github-actions/auth from 0.8.3 to 1.0.0 Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 0.8.3 to 1.0.0. - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](https://github.com/google-github-actions/auth/compare/c4799db9111fba4461e9f9da8732e5057b394f72...ef5d53e30bbcd8d0836f4288f5e50ff3e086997d) --- updated-dependencies: - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> | 10 November 2022, 12:57:27 UTC |
| bcfce3d | Paul Chaignon | 09 November 2022, 21:51:08 UTC | workflows: Bump timeout of ConformanceKind workflow With the connectivity tests now taking almost 10min, the 30min timeout of the ConformanceKind workflow doesn't leave a lot of time for Cilium installation, image waiting time, etc. The workflow is thus often timing out. This commit bumps the timeout to 45min. Signed-off-by: Paul Chaignon <paul@cilium.io> | 10 November 2022, 12:54:55 UTC |
| 2fa0eeb | Paul Chaignon | 09 November 2022, 11:04:33 UTC | Test Signed-off-by: Paul Chaignon <paul@cilium.io> | 09 November 2022, 11:04:33 UTC |
| 46938a4 | dependabot[bot] | 09 November 2022, 10:17:21 UTC | build(deps): bump google-github-actions/setup-gcloud from 0.6.2 to 1.0.0 Bumps [google-github-actions/setup-gcloud](https://github.com/google-github-actions/setup-gcloud) from 0.6.2 to 1.0.0. - [Release notes](https://github.com/google-github-actions/setup-gcloud/releases) - [Changelog](https://github.com/google-github-actions/setup-gcloud/blob/main/CHANGELOG.md) - [Commits](https://github.com/google-github-actions/setup-gcloud/compare/ee9693ff89cdf73862b8a13988f6a71070e8fc58...75fd574e9690e7c4a4681d1255d1c341cf0d9a8c) --- updated-dependencies: - dependency-name: google-github-actions/setup-gcloud dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> | 09 November 2022, 11:02:21 UTC |
| 7b6bec3 | Paul Chaignon | 09 November 2022, 10:48:58 UTC | Test commit Test commit to check if pushing is allowed for tophat without going through a pull request. Signed-off-by: Paul Chaignon <paul@cilium.io> | 09 November 2022, 10:48:58 UTC |
| e4ea0fa | Dorde Lapcevic | 08 November 2022, 10:53:04 UTC | Fix CEP batching FCFS mode to group CEPs per namespace. Fix CEP (CiliumEndpoint) batching FCFS (First Come First Served) mode to group CEPs per namespace. Initial change was introduced to always add new CEPs to the largest CES (CiliumEndpointSlice), but didn’t take into account splitting them by namespaces, which is a bug. https://github.com/cilium/cilium/pull/20969 Signed-off-by: Dorde Lapcevic <dordel@google.com> | 09 November 2022, 10:40:23 UTC |
| c7126cf | André Martins | 09 November 2022, 09:43:28 UTC | .github: add kind/community-report to newly open issues The majority of the bug reports are opened by community members. Thus, it will be easier to have this added by default and removing it when unnecessary, which is when Cilium contributors open a new GH issue where then can immediately remove labels. Signed-off-by: André Martins <andre@cilium.io> | 09 November 2022, 10:39:30 UTC |
| a8859c9 | Tobias Klauser | 08 November 2022, 17:19:31 UTC | go.mod, vendor: pin golang.org/x/* packages to tagged versions The Go project recently started tagging releases on the golang.org/x/* packages, see [1] for more information. Use these versions where appropriate which will allow these dependencies to be updated by dependabot going forward. [1] https://groups.google.com/g/golang-dev/c/5TazuUXQyHY Signed-off-by: Tobias Klauser <tobias@cilium.io> | 09 November 2022, 10:34:22 UTC |
| e0699f9 | Martynas Pumputis | 09 November 2022, 10:19:14 UTC | Revert "WIP: 4.9 CI DP conformance" This reverts commit 0844ab0eb03cfe8ecd06005e5e0696af92b7c603. Signed-off-by: Martynas Pumputis <m@lambda.lt> | 09 November 2022, 10:24:14 UTC |
| 0844ab0 | Martynas Pumputis | 09 November 2022, 10:15:59 UTC | WIP: 4.9 CI DP conformance Signed-off-by: Martynas Pumputis <m@lambda.lt> | 09 November 2022, 10:15:59 UTC |
| 8aa2b6a | Martynas Pumputis | 07 November 2022, 10:42:23 UTC | gh/workflows: Add 4.19 kernel to CI DP conformance suite Also, switch the lvh action location to cilium/little-vm-helper (cilium/little-vm-helper-action is no longer used). Signed-off-by: Martynas Pumputis <m@lambda.lt> | 08 November 2022, 17:22:23 UTC |
| 8d35158 | Sahid Orentino Ferdjaoui | 08 November 2022, 10:55:12 UTC | Revert "bpf_test: Skip instead of Fatal TestBPF when ..." This reverts commit 4b0d3d6c78698463d33b556cb7406ea7a1170f90. It makes failing CI with error: bpf_test.go:149: new coll: program test_ct4_rst1_check: load program: invalid argument: nonzero insn_off 25 for the first func info recordprocessed 0 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0 Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@industrialdiscipline.com> | 08 November 2022, 13:13:46 UTC |
| 181b030 | yanggang | 06 November 2022, 10:02:27 UTC | clean package "io/ioutil" because "io" and "os" package can replaced it totally. according to the url : https://go.dev/doc/go1.16#ioutil Signed-off-by: yanggang <gang.yang@daocloud.io> | 08 November 2022, 10:57:52 UTC |
| b70711d | Paul Chaignon | 08 November 2022, 10:42:24 UTC | CODEOWNERS: Assign pkg/nodediscovery to the agent team Just noticed as a tophat that the nodediscovery package wasn't assigned to anyone explicitly. This commit affects it to the agent team as that's the closest match. Suggested-by: André Martins <andre@cilium.io> Suggested-by: Sebastian Wicki <sebastian@isovalent.com> Signed-off-by: Paul Chaignon <paul@cilium.io> | 08 November 2022, 10:47:35 UTC |
| 2e4df97 | Thomas Balthazar | 07 November 2022, 15:19:10 UTC | Update 'update-go-version' target in Makefile `contrib/backporting/Dockerfile` now installs the Go version currently used by the project. This updates the `update-go-version` target to take that file into account. Signed-off-by: Thomas Balthazar <thomas@balthazar.info> | 07 November 2022, 18:42:32 UTC |
| 842318e | Thomas Balthazar | 07 November 2022, 14:34:20 UTC | Update Go version in backporting Dockerfile Trying to run the `dev-doctor` script from the backporting image fails: ``` $ docker run -e GITHUB_TOKEN -v $(pwd):/cilium -v "$HOME/.ssh":/home/user/.ssh -it cilium-backport /bin/bash user@9c66b4f87c78:/$ cd cilium/ user@9c66b4f87c78:/cilium$ go run ./tools/dev-doctor --backporting build github.com/cilium/cilium/tools/dev-doctor: cannot load io/fs: malformed module path "io/fs": missing dot in first path element ``` The `golang` package on Ubuntu 20.04 installs Go 1.13. The `io/fs` package was added in Go 1.16: https://tip.golang.org/doc/go1.16#fs This installs the latest Go version. Fixes: #21121 Signed-off-by: Thomas Balthazar <thomas@balthazar.info> | 07 November 2022, 18:42:32 UTC |
| cd36d8b | David Bimmler | 02 November 2022, 15:12:29 UTC | eni/tests: provide test defaults for AZ and VPC Since none of the tests ever set anything other than AZ us-west-1 and VPC vpc-1, provide these values as withTestDefaults for brevity. Signed-off-by: David Bimmler <david.bimmler@isovalent.com> | 07 November 2022, 18:41:21 UTC |
| 5262bcc | David Bimmler | 02 November 2022, 15:05:22 UTC | eni/tests: deduplicate long string instance names To prevent typos from causing annoyance in debugging test failures, extract instance names into consts and reuse them. Signed-off-by: David Bimmler <david.bimmler@isovalent.com> | 07 November 2022, 18:41:21 UTC |
| 0733768 | David Bimmler | 02 November 2022, 14:57:13 UTC | eni/tests: remove unused setup code These tests don't need the network interfaces, let's not create them in the first place. Signed-off-by: David Bimmler <david.bimmler@isovalent.com> | 07 November 2022, 18:41:21 UTC |
| abeb9e6 | David Bimmler | 02 November 2022, 14:44:08 UTC | eni/tests: move helper functions under tests The tests are what we care about, move the helper stuff to the bottom instead of having it in the middle somewhere. Signed-off-by: David Bimmler <david.bimmler@isovalent.com> | 07 November 2022, 18:41:21 UTC |
| d7e5bed | David Bimmler | 02 November 2022, 12:18:44 UTC | eni/tests: refactor newCiliumNode test helper The current way to construct a CiliumNode for tests takes more arguments than I care to count. Replace it with a helper based on the functional options pattern. The main benefit is that changing fields in the CiliumNode struct now no longer requires changing every call-site or duplicating the constructor. In addition, we can leave out details irrelevant to specific tests and remove newCiliumNodeWithSGTags. Signed-off-by: David Bimmler <david.bimmler@isovalent.com> | 07 November 2022, 18:41:21 UTC |
| 1c86b6d | Dylan Reimerink | 04 November 2022, 11:56:01 UTC | CI: Fixed TestPodCIDRAllocatorOverlap Changed the test to keep polling the mock API server until both nodes have been updated and then perform the actual assertion logic, otherwise block 2 minutes. Fixed: #21956 Signed-off-by: Dylan Reimerink <dylan.reimerink@isovalent.com> | 07 November 2022, 10:46:57 UTC |
| 791d00f | Jarno Rajahalme | 03 November 2022, 19:27:07 UTC | docs: Hubble codeowners fix Signed-off-by: Jarno Rajahalme <jarno@isovalent.com> | 07 November 2022, 10:45:12 UTC |
| fe64c7f | Paul Chaignon | 04 November 2022, 18:16:16 UTC | Revert "install: move cni config management to the agent" This reverts commit 0d6346dbe5bada046eb72ab2f797fa4c0f86d07e. This commit is causing issues on AKS where newly-created pods are not getting managed by Cilium for some reason. Reverting to unblock AKS testing. Signed-off-by: Paul Chaignon <paul@cilium.io> | 07 November 2022, 10:29:06 UTC |
| e4af2f9 | Timo Beckers | 01 August 2022, 16:06:21 UTC | bpf: collection: retry prog load and grow log buffer up to 5 times Since Cilium has eBPF programs of varying sizes and complexities, finding a one-size-fits-all verifier buffer size is not really possible. We've recently seen a verifier log of 4,6MB for bpf_host on kernel 4.9. This patch implements a simple retry system that checks if the verifier log was truncated and retries loading for up to 4 times in case it was. On each try, the buffer is quadrupled, with a default 4 MiB starting point. This should result in tries with 4, 16, 64, 256 and 1024 MiB of log space, with a truncated log being returned if that proves insufficient. The goal is to optimize for fewer tries over optimal buffer size. Signed-off-by: Timo Beckers <timo@isovalent.com> | 04 November 2022, 14:07:51 UTC |
| 07702f9 | Timo Beckers | 02 November 2022, 11:35:59 UTC | vendor: upgrade cilium/ebpf to unreleased 0.9.4 Signed-off-by: Timo Beckers <timo@isovalent.com> | 04 November 2022, 14:07:51 UTC |
| ce153b0 | Jarno Rajahalme | 06 October 2022, 07:13:48 UTC | docker: Allow an explicit --output option Allow explicit --output docker option to used, e.g.: $ DOCKER_FLAGS=--output=type=oci,dest=/tmp/cilium.docker make docker-cilium-image This file can be then loaded to Kind, for example: $ kind load image-archive /tmp/cilium.docker Signed-off-by: Jarno Rajahalme <jarno@isovalent.com> | 04 November 2022, 14:07:32 UTC |
| 3fd3691 | Jarno Rajahalme | 22 June 2022, 14:46:09 UTC | build: Makefile support for DOCKER_IMAGE_SUFFIX, CI_BUILD, and KIND_LOAD DOCKER_IMAGE_SUFFIX, if defined, will be added to the end of th docker image name, before the tag. For example: $ DOCKER_IMAGE_SUFFIX=-ci make docker-cilium-image will build `quay.io/cilium/cilium-ci:latest` CI_BUILD, if defined, will define DOCKER_IMAGE_SUFFIX as "-ci", and DOCKER_IMAGE_TAG as the git HEAD SHA, which will then replace the default "latest" tag in the example above. This helps build local images with the same image reference that real CI builds would use. KIND_LOAD, if defined, will load the build image with "kind load" one second after the build completes. The one second delay was required as without it "kind load" sometimes reported that it can't find the image that was just built. Signed-off-by: Jarno Rajahalme <jarno@isovalent.com> | 04 November 2022, 14:07:32 UTC |
| 7fbf0a0 | Jarno Rajahalme | 25 July 2022, 09:42:49 UTC | envoy: Allow use of architecture-specific Envoy images for testing Detect hyphen `-` as the end of the commit/version SHA in Envoy image tags. This allows the use of architecture-specific tags, such as "1234567890abcdef-arm64". This is only useful for testing on a specific architecture, as this drops support for the excluded architecture. Signed-off-by: Jarno Rajahalme <jarno@isovalent.com> | 04 November 2022, 14:06:34 UTC |
| d4b41c1 | Michi Mutsuzaki | 25 October 2022, 17:07:14 UTC | monitor: Always print ObservationSource for DNS events Printing "Query" doesn't add much information since we already know that these events correspond to DNS requests/responses. This commit modifies the monitor output for DNS events to always print DNS.ObservationSource instead. Signed-off-by: Michi Mutsuzaki <michi@isovalent.com> | 03 November 2022, 22:04:27 UTC |
| 4b78c1e | Timo Beckers | 21 October 2022, 15:06:05 UTC | bpf: remove cilium-probe-kernel-hz.c and build instructions Signed-off-by: Timo Beckers <timo@isovalent.com> | 03 November 2022, 15:21:26 UTC |
| ad36f5c | Timo Beckers | 21 October 2022, 12:45:49 UTC | daemon,datapath: implement Go-based kernel HZ (jiffy) measurement In order to reduce dependency of the agent on external binaries, implement CONFIG_HZ discovery entirely in Go. The discovery mechanism used by the Go implementation differs from the existing cilium-probe-kernel-hz.c in a few key ways: - It reads /proc/schedstat instead of /proc/timer_list, which does not require elevated privileges. Additionally, the former is shorter and easier to parse. - It does not require manipulating the scheduling priority of its own thread, nor does it try/need to pin itself to cpu 0, which might or might not be the noisiest CPU in the system. - It does not rely on the system timer or the Linux scheduler to accurately perform the estimation. This dependency proved particularly problematic on some virtualized environments like VirtualBox, where nanosleep() sometimes puts the thread to sleep for more than an order of magnitude longer than the requested interval. Since the new method does not require privileges, it can be exercised alongside all other Cilium tests on a wide variety of platforms and environments. Essentially, instead of relying on OS timer accuracy to wake up the measuring thread on time, it calls time.Now() close to each read of /proc/schedstat and interpolates/smears the ktime measurements to a per-second (HZ) value. The result is matched against a predefined list of valid CONFIG_HZ values, where the closest candidate is picked and returned to the caller. Signed-off-by: Timo Beckers <timo@isovalent.com> | 03 November 2022, 15:21:26 UTC |
| cb36f91 | AdamKorcz | 02 November 2022, 13:40:38 UTC | pkg/monitor/format: add fuzzer Signed-off-by: AdamKorcz <adam@adalogics.com> | 03 November 2022, 14:46:42 UTC |
| a3813ce | Jaff Cheng | 03 November 2022, 11:38:03 UTC | test/alibabacloud: Fix flake in TestPrepareIPAllocation The node ipam pool is maintained asynchronously after mngr.Update(), checking EmptyInterfaceSlots without synchronization causes the flake. Check EmptyInterfaceSlots + InterfaceCandidates instead which reverts the logic to the previous version. The seperate checks for these two fields are already covered by TestCandidateAndEmtpyInterfaces. Fixes: #21964 Fixes: 42fadfd24c0b ("ipam/crd: Fix ENI leak due to miscounting of empty interface slots") Signed-off-by: Jaff Cheng <jaff.cheng.sh@gmail.com> | 03 November 2022, 13:53:52 UTC |
| d0ceed5 | dependabot[bot] | 02 November 2022, 13:27:55 UTC | build(deps): bump github/codeql-action from 2.1.29 to 2.1.30 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.29 to 2.1.30. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6...18fe527fa8b29f134bb91f32f1a5dc5abb15ed7f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> | 03 November 2022, 13:47:45 UTC |
| 9b97cc8 | Timo Beckers | 21 October 2022, 10:22:38 UTC | datapath: probes - convert test suite to testing.T Signed-off-by: Timo Beckers <timo@isovalent.com> | 03 November 2022, 08:03:57 UTC |
| f2db56f | Robin Gögge | 23 September 2022, 10:57:36 UTC | probes: remove feature macro header file Signed-off-by: Robin Gögge <r.goegge@isovalent.com> | 03 November 2022, 08:03:57 UTC |
| 17a652b | Robin Gögge | 28 September 2022, 10:30:59 UTC | probes: remove 'BPF_' prefix from features macros Signed-off-by: Robin Gögge <r.goegge@isovalent.com> | 03 November 2022, 08:03:57 UTC |
| dec8866 | Robin Gögge | 16 September 2022, 10:32:32 UTC | probes: remove bpftool feature macros generation With this commit we remove shelling out to bpftool in the agent to generate bpf feature macros and instead generate them in the agent directly with the cilium/ebpf features API. Signed-off-by: Robin Gögge <r.goegge@isovalent.com> | 03 November 2022, 08:03:57 UTC |
| f132c2a | Nicolas Busseneau | 02 November 2022, 16:53:44 UTC | Revert PR #21539 This reverts commits from PR #21539: - 5b8a06e8312c54a636c72d2b23c3ba04fc5b42f4 - 1a6596883b8825504a37519f609f8989e07b80a7 - 433a2f8feba24e4864f9e9625c0ded407468db86 Rationale: the PR introduced a complexity issue on kernel 4.19 resulting in consistent failures on `K8sDatapathConfig Host firewall` tests. Full details in issue: #21979. Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com> | 02 November 2022, 22:52:19 UTC |
| 87a916c | Julian Wiedmann | 24 October 2022, 08:08:34 UTC | test: net_policies: Add custom IP routes without 'replace' This most likely just papers over bugs in other tests that fail to tear down their custom routes. Signed-off-by: Julian Wiedmann <jwi@isovalent.com> | 02 November 2022, 20:52:35 UTC |
| 6554eff | Julian Wiedmann | 24 October 2022, 08:06:47 UTC | test: net_policies: delete custom IP routes Don't leave dangling IP routes behind, they can impact subsequent tests. Signed-off-by: Julian Wiedmann <jwi@isovalent.com> | 02 November 2022, 20:52:35 UTC |
| 81942c0 | Julian Wiedmann | 26 September 2022, 09:42:22 UTC | test: fine-tune WaitForServiceBackend() Use the "--backends" option when searching for a backend IP. Signed-off-by: Julian Wiedmann <jwi@isovalent.com> | 02 November 2022, 20:52:12 UTC |
| 2870419 | Julian Wiedmann | 03 October 2022, 08:49:10 UTC | test: have testExternalIPs() wait for SVC to expose Frontend IP After patching the SVC manifest with the nodeIP, wait until Cilium has processed the change & updated the BPF map. Signed-off-by: Julian Wiedmann <jwi@isovalent.com> | 02 November 2022, 20:52:12 UTC |
| 0bbc6f1 | Robin Hahling | 01 November 2022, 11:28:39 UTC | CODEOWNERS: add ownership for SIG Hubble API team The new @cilium/sig-hubble-api team is responsible to review all Hubble API related changes. The Hubble API covers gRPC and metrics endpoints. The team ensures that API changes are backward compatible or that a new API version is created for backward incompatible changes. Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net> | 02 November 2022, 20:51:55 UTC |
| 60bfb55 | dependabot[bot] | 28 October 2022, 14:04:05 UTC | build(deps): bump azure/setup-helm from 3.3 to 3.4 Bumps [azure/setup-helm](https://github.com/azure/setup-helm) from 3.3 to 3.4. - [Release notes](https://github.com/azure/setup-helm/releases) - [Commits](https://github.com/azure/setup-helm/compare/b5b231a831f96336bbfeccc1329990f0005c5bb1...f382f75448129b3be48f8121b9857be18d815a82) --- updated-dependencies: - dependency-name: azure/setup-helm dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> | 02 November 2022, 18:14:11 UTC |
| e25885f | Martynas Pumputis | 28 September 2022, 04:55:47 UTC | github/workflows: Run DP conformance on multiple kernels Currently, the 4.19 is excluded for now, as it doesn't use kvm-clock as a time source which is causing some stability issues. Signed-off-by: Martynas Pumputis <m@lambda.lt> | 02 November 2022, 13:27:07 UTC |
| 9f37627 | Shunpoco | 31 October 2022, 13:18:48 UTC | Remove `RUNTIME=docker` in dev_setup document We can't use `RUNTIME=docker` option any longer because since v1.24.0, kubernetes doesn't support docker as a container runtime and herlpers.bash was already modified to use containerd or cri-o in #19545. Fixes: #21935 Signed-off-by: Shunsuke Tokunaga <tkngsnsk313320@gmail.com> | 02 November 2022, 10:36:56 UTC |
| d2cb4c0 | dependabot[bot] | 01 November 2022, 14:11:15 UTC | build(deps): bump github.com/shirou/gopsutil/v3 from 3.22.9 to 3.22.10 Bumps [github.com/shirou/gopsutil/v3](https://github.com/shirou/gopsutil) from 3.22.9 to 3.22.10. - [Release notes](https://github.com/shirou/gopsutil/releases) - [Commits](https://github.com/shirou/gopsutil/compare/v3.22.9...v3.22.10) --- updated-dependencies: - dependency-name: github.com/shirou/gopsutil/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> | 02 November 2022, 10:36:25 UTC |
| 6063812 | dependabot[bot] | 01 November 2022, 14:11:22 UTC | build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.0 to 1.8.1. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.0...v1.8.1) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> | 02 November 2022, 10:35:29 UTC |
| 2f2bc2a | Timo Beckers | 31 October 2022, 09:30:26 UTC | bpf: preserve Instruction Metadata in inlineGlobalData This commit copies an Instruction's Metadata field when replacing it. Add a test that exercises the global data inlining happy path. With ebpf-go adding the instruction metadata concept, func_info and line_info marshaling started being driven by an Instruction's Metadata. Accidentally stripping a func_info from the first Instruction in a program will result in the following verifier error: `invalid argument: missing bpf_line_info for func#0` The verifier rejects line_infos for subprogs that don't start with a func_info. Signed-off-by: Timo Beckers <timo@isovalent.com> | 02 November 2022, 09:35:14 UTC |
| a933c6f | André Martins | 01 November 2022, 12:42:25 UTC | Revert "Prepare for release v1.13.0-rc2" This reverts commit 81b6254a4959be985b744f7392fbed0c5943347b. Signed-off-by: André Martins <andre@cilium.io> | 01 November 2022, 12:57:18 UTC |
| 769efda | André Martins | 01 November 2022, 10:35:17 UTC | Prepare for release v1.13.0-rc2 Signed-off-by: André Martins <andre@cilium.io> | 01 November 2022, 12:57:18 UTC |
| 8aec7c6 | André Martins | 01 November 2022, 10:35:00 UTC | update AUTHORS and Documentation Signed-off-by: André Martins <andre@cilium.io> | 01 November 2022, 12:57:18 UTC |
| c84c03f | kerthcet | 29 October 2022, 11:15:24 UTC | Fix: prevent goroutine leakage Use the ctx passed to startSynchronizingCiliumNodes instead of wait.NeverStop. Signed-off-by: kerthcet <kerthcet@gmail.com> | 01 November 2022, 10:05:49 UTC |
| b8e8ca4 | Jussi Maki | 28 October 2022, 14:35:45 UTC | hive: Add title to Module() and enforce format To support short module identifiers for use in logs the module name is now an identifier with forced format (lower-case, 30 chars). This however hampers readability when visualizing the hive, so for this purpose we add a title to the module. This is also forced to only contain alpha-numeric characters and be at most 80 characters in length to mostly keep the module line in "PrintObjects" short enough to fit on one line. Signed-off-by: Jussi Maki <jussi@isovalent.com> | 01 November 2022, 10:00:35 UTC |
| e946cbb | Thomas Balthazar | 28 October 2022, 12:25:41 UTC | Remove log message exception from tests Signed-off-by: Thomas Balthazar <thomas@balthazar.info> | 01 November 2022, 10:00:23 UTC |
| 3d79d98 | Thomas Balthazar | 26 October 2022, 20:16:30 UTC | Use the new error type to decide on the log level We want a log level of "debug" instead of "error" when this error occurs: "local-redirect service exists for frontend, skip update for svc lrp-demo-service" Fixes: #16400 Signed-off-by: Thomas Balthazar <thomas@balthazar.info> | 01 November 2022, 10:00:23 UTC |
| 60f3bc0 | Thomas Balthazar | 26 October 2022, 20:03:32 UTC | Test the new error type This add unit tests to the new error and function added in the previous commit. Signed-off-by: Thomas Balthazar <thomas@balthazar.info> | 01 November 2022, 10:00:23 UTC |
| d5feb78 | Thomas Balthazar | 26 October 2022, 20:02:46 UTC | Add a new ErrLocalRedirectServiceExists error type As explained in #16400, we want to be able to choose the log level depending on this error type. Signed-off-by: Thomas Balthazar <thomas@balthazar.info> | 01 November 2022, 10:00:23 UTC |
| 4f464bc | dependabot[bot] | 28 October 2022, 14:16:47 UTC | build(deps): bump github.com/hashicorp/consul/api from 1.15.2 to 1.15.3 Bumps [github.com/hashicorp/consul/api](https://github.com/hashicorp/consul) from 1.15.2 to 1.15.3. - [Release notes](https://github.com/hashicorp/consul/releases) - [Changelog](https://github.com/hashicorp/consul/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/consul/compare/api/v1.15.2...api/v1.15.3) --- updated-dependencies: - dependency-name: github.com/hashicorp/consul/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> | 01 November 2022, 09:59:51 UTC |
| 228f495 | Jaff Cheng | 21 October 2022, 05:49:26 UTC | alibabacloud: Fix create ENI failure due to invalid parameter SecondaryPrivateIpAddressCount is optional but must not be zero. If it's given zero, omit it. Signed-off-by: Jaff Cheng <jaff.cheng.sh@gmail.com> | 01 November 2022, 09:59:17 UTC |
| 5a6b713 | xin.li | 25 October 2022, 14:46:09 UTC | Remove chart fields planned for removal in 1.12 Signed-off-by: xin.li <xin.li@daocloud.io> | 01 November 2022, 01:52:06 UTC |
| ab62c64 | Dmitry Savintsev | 26 October 2022, 09:30:14 UTC | correct the stale documentation link Signed-off-by: Dmitry Savintsev <dmitris@users.noreply.github.com> | 01 November 2022, 01:50:20 UTC |
