v1.7 backports 2020-04-22 #11109
Merged
v1.7 backports 2020-04-22 #11109
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
test-me-please |
d634254 to
cc07443
Compare
|
test-me-please |
cc07443 to
32ae305
Compare
|
test-me-please |
32ae305 to
4975d64
Compare
|
test-me-please |
4975d64 to
10a2286
Compare
|
test-me-please |
10a2286 to
b7a86c7
Compare
|
test-me-please |
|
Seems like one of the patches is relying on a code refactor: If it helps, we can try to trim down the backports to just the release-blocker PRs right now as we would like to get a release out with the minimal set of changes that are immediately affecting users. |
b7a86c7 to
c774079
Compare
|
test-me-please |
|
@joestringer fixed up that specific error lets see if we get anymore. |
|
Looks like unit tests failed: https://travis-ci.com/github/cilium/cilium/builds/161515964 |
c774079 to
f2057b6
Compare
|
test-me-please |
f2057b6 to
e724f95
Compare
|
test-me-please |
|
e724f95 to
0a7c567
Compare
|
test-me-please |
1 similar comment
|
test-me-please |
|
direct routing + encryption failed. Lets retry and see if its repeatable. https://jenkins.cilium.io/job/Cilium-PR-Ginkgo-Tests-Validated/19080/ |
|
test-me-please |
|
Known CI flake #9902 |
|
test-me-please |
|
test-missed-k8s |
|
Issued #11213 for a likely test flake |
|
Hit #10256 |
|
Istio tests fail on older k8s releases until #11072 is also backported. |
[ upstream commit 1958a4c ] Add the missing file suffix (.sh) to print-node-ip calls in Jenkinsfile. This prevents unnecessary Cilium compilation and helps speed up test runs. Add OSX support to 'test/print-node-ip.sh'. Use simpler 'cut' instead of 'awk' for Linux. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
[ upstream commit 29f0b34 ] Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
[ upstream commit 5cdde10 ] kubectl is guaranteed to be compatible with limited number of earlier releases: > kubectl is supported within one minor version (older or newer) of > kube-apiserver. So far we have been using the latest kubectl in the host (now 1.18) to control clusters from K8s 1.11 to 1.18. This did not work any more with 'istioctl', which complained about "kubectl not being found in $PATH". When pairing istioctl with the same version of kubectl as the cluster this started working again. Downgrading kubectl in the test hosts may not be practical, but the CI infra also supports running kubectl in the cluster's master node (k8s1). This is triggered via the value of the Ginkgo 'cilium.kubeconfig' option. When 'cilium.kubeconfig' is non-empty, it is assumed to be a path to a valid kubeconfig for connecting kubectl in the host to the test cluster. When 'cilium.kubeconfig' is empty, CI Ginkgo helpers assume that kubectl should be run on "k8s1". 'test/vagrant-ci-start.sh' expects KUBECONFIG environment variable to be set to the path to the file into which the kubeconfig fetched from the test cluster should be stored. Modify 'test/vagrant-ci-start.sh' to accept undefined KUBECONFIG to signify the need to run kubectl in the test cluster's master node (k8s1). Finally, remove setting of both the KUBECONFIG environment variable before calling 'vagrant-ci-start.sh' and the Ginkgo option 'cilium.kubeconfig' in 'ginkgo-kubernetes-all.Jenkinsfile' which is used to run the CI K8s test suite on k8s versions from 1.11 to 1.17. This way we always use the kubectl installed as part of the testing cluster itself, in the master node. This solves the compatibility problem with istioctl and should help guard that we have not introduced any kubectl syntax that would not be compatible with the target k8s version. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
|
test-me-please |
|
test-missed-k8s |
|
test-upstream-k8s |
|
Added backport of #11072 |
|
Upstream test stalled downloading vagrant box: |
|
test-upstream-k8s |
|
Out of the four checks that are marked failing:
k8s issues hit:K8sUpdates Tests upgrade and downgrade from a Cilium stable image to master:Potentially related to the recently backported changes? This failed for both k8s runs. EDIT: Seems similar to #10374 K8sFQDNTest Restart Cilium validate that FQDN is still workingDid the latest changes modify the timeouts? |
|
@joestringer Need to backport #10378 as well to install Helm 3 instead of 2.x.y. I'll do it. |
[ upstream commit 207a63f ] Helm 3 is required so install it rather than Helm 2. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
[ upstream commit 19c3f5a ] Running preflight daemonset can fail due to image pull error, if trying to pull the "cilium" image: $ kubectl get pods --all-namespaces kube-system cilium-pre-flight-check-8d4qw 0/1 Init:ErrImagePull 0 56s kube-system cilium-pre-flight-check-p9945 0/1 Init:ErrImagePull 0 56s $ kubectl describe ds cilium-pre-flight-check -n kube-system Name: cilium-pre-flight-check Pod Template: Init Containers: clean-cilium-state: Image: k8s1:5000/cilium/cilium:latest Dev builds of the latest cilium images are named "cilium-dev": $ docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE k8s1:5000/cilium/cilium-dev latest b8fc4648be0f 32 minutes ago 658MB Fix this by using "cilium-dev" also for 'preflight.image' by default. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
|
Timeout for |
|
test-me-please |
|
test-missed-k8s |
|
test-upstream-k8s |
|
test-docs-please |
|
Only failures are known flakes #11204 , #11126. Neither are required to merge backports. Merging. 🎉 Thanks @jrfastab @jrajahalme ! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport notes: numerous conflicts mostly in docs, testing and bpf (skb->ctx) datapath.
Pushed bpf.sha changes into commits to allow for bisecting.
Popped, * #10926 -- bpf: Preserve source identity for hairpin via stack (@tgraf) while we debug.
PR 10928 split into follow up series do not close until #11239 is also merged.
#10928 -- datapath/iptables: Masquerade hairpin traffic that traversed the stack