Skip to content

v1.7 backports 2020-05-08 #11441

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 22 commits into from
May 13, 2020
Merged

v1.7 backports 2020-05-08 #11441

merged 22 commits into from
May 13, 2020

Conversation

christarazi
Copy link
Member

@christarazi christarazi commented May 8, 2020
edited by aanm
Loading

Skipping due to non-trivial conflicts:

Causing build failures:

/home/jenkins/workspace/Cilium-PR-Ginkgo-Tests-K8s/1.12-gopath/src/github.com/cilium/cilium/test/ginkgo-ext/scopes.go:384
Cilium cannot be installed
Expected
    <*helpers.cmdError | 0xc00042b0a0>: Unable to generate YAML (%!s(<nil>)) output: cmd: helm template /home/vagrant/go/src/github.com/cilium/cilium/install/kubernetes/cilium --namespace=kube-system  --set global.debug.enabled=true  --set preflight.image=cilium-dev  --set global.pprof.enabled=true  --set agent.image=cilium-dev  --set operator.image=operator  --set global.ipv6.enabled=true  --set managed-etcd.registry=docker.io/cilium  --set global.logSystemLoad=true  --set global.k8s.requireIPv4PodCIDR=true  --set global.bpf.preallocateMaps=true  --set global.registry=147.75.199.49/cilium  --set global.etcd.leaseTTL=30s  --set global.ipv4.enabled=true  --set global.tag=latest  > cilium-160d36c2f8212ef6.yaml
Exitcode: 1 
Stdout:
 	 
Stderr:
 	 Error: error unpacking hubble-ui in cilium: validation: chart.metadata is required
	 

to be nil
/home/jenkins/workspace/Cilium-PR-Ginkgo-Tests-K8s/1.12-gopath/src/github.com/cilium/cilium/test/k8sT/assertionHelpers.go:98

https://jenkins.cilium.io/job/Cilium-PR-Ginkgo-Tests-K8s/3083/testReport/junit/Suite-k8s-1/12/K8sChaosTest_Connectivity_demo_application_Endpoint_can_still_connect_while_Cilium_is_not_running/

Once this PR is merged, you can update the PR labels via:

$ for pr in 10175 10461 10581 10854 11208 11068 11163 11271 11343 11349 11203 11410 11157 10163 11328; do contrib/backporting/set-labels.py $pr done 1.7; done

tklauser and others added 6 commits May 8, 2020 16:27
@tklauser @christarazi
docs: de-duplicate AWS cluster scale up instructions
18dd5e9 
[ upstream commit 942b8bd ]

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Chris Tarazi <chris@isovalent.com>
@errordeveloper @christarazi
doc: Update EKS documentation to delete aws-node
43dd13d 
[ upstream commit d288b07 ]

It has been confirmed that VPC CNI can be delete and EKS will not
try to restore it.

Fixes #10420

Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
Signed-off-by: Chris Tarazi <chris@isovalent.com>
@danwent @christarazi
set explicit livenessProbe and readinessProbe timeout for connectivit…
6d74e69 
…y checks that expect an L3 deny

[ upstream commit 0bbb6c2 ]

Signed-off-by: Dan Wendlandt <dan@covalent.io>
Signed-off-by: Chris Tarazi <chris@isovalent.com>
@danwent @christarazi
docs: Change titles of star wars network policy tutorial
ed96491 
[ upstream commit 3fe0838 ]

Signed-off-by: Dan Wendlandt <dan@covalent.io>
Signed-off-by: Chris Tarazi <chris@isovalent.com>
@danwent @christarazi
Docs: Update EKS GSG to clarify deployment in ENI vs. overlay mode
e8c2485 
[ upstream commit 6bcbf2d ]

Signed-off-by: Dan Wendlandt <dan@covalent.io>
Signed-off-by: Chris Tarazi <chris@isovalent.com>
@soumynathan @christarazi
doc: Fix the kubectl create option in upgrade.rst
2b7b50e 
[ upstream commit 4b865d5 ]

This PR fixes the kubectl create option that was missing at
some places in the update.rst file.

Signed-off-by: Swaminathan Vasudevan <svasudevan@suse.com>
Signed-off-by: Chris Tarazi <chris@isovalent.com>
@christarazi christarazi requested a review from a team as a code owner May 8, 2020 23:51
@christarazi christarazi added backport/1.7 kind/backports This PR provides functionality previously merged into master. labels May 8, 2020
@christarazi christarazi marked this pull request as draft May 8, 2020 23:54
@christarazi
Copy link
Member Author

never-tell-me-the-odds

@christarazi
Copy link
Member Author

@aanm Could you please take a look at the PRs of yours that had non-trivial conflicts?

@christarazi
Copy link
Member Author

@qmonnet Could you please take a look at the PR of yours that did not apply cleanly?

Sergey Generalov and others added 10 commits May 9, 2020 12:59
@christarazi
docs: clarify recommendation around managing multiple policy types
1c47792 
[ upstream commit 90712d1 ]

Users are getting confused by this language, trying to figure out
if there is a technical reason behind this statement.

This PR tries to clarify that there is no technical reason.

Signed-off-by: Sergey Generalov <sergey@isovalent.com>
Signed-off-by: Chris Tarazi <chris@isovalent.com>
@jrajahalme @christarazi
envoy: Reduce logging verbosity.
79aba1f 
[ upstream commit 9019f8a ]

Reduce logging verbosity by not printing the whole 'Node' in the log messages.

Do not initialize deprecated build version field in the 'Node' in
bootstrap.

Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
Signed-off-by: Chris Tarazi <chris@isovalent.com>
@seanmwinn @christarazi
Fix scoping of agent variable
2bfaeb0 
[ upstream commit 6d364cd ]

Signed-off-by: Sean Winn <sean@isovalent.com>
Signed-off-by: Chris Tarazi <chris@isovalent.com>
@christarazi
Implement ability to list IP routing rules
0459421 
[ upstream commit 048a528 ]

Currently, this facility doesn't exist in the upstream netlink library
(https://github.com/vishvananda/netlink). This commit adds it here so
that we don't have to wait to utilize it when it's merged. Once it's
merged, then we can replace this.

Signed-off-by: Chris Tarazi <chris@isovalent.com>
@christarazi
Implement Rule.String for string repr of Rule
2409962 
[ upstream commit 06c00c1 ]

This makes log messages containing the rule much easier to read when
debugging.

Signed-off-by: Chris Tarazi <chris@isovalent.com>
@christarazi
Clean up stale ENI rules upon endpoint deletion
7aebbbc 
[ upstream commit ac50a4b ]

Previously, ENI rules were created, but never cleaned up. This can
result in an increasing number of stale rules over the lifetime of a
node.

This commit adds the ability to delete these rules (ingress and egress).
Note that routes are deliberately not deleted as they can be reused for
future endpoints on the same node. This is due to the routes being
created with the ENI device "ifindex" as the table ID.

Fixes #11041

Signed-off-by: Chris Tarazi <chris@isovalent.com>
@christarazi
Move rule priority constants to linux_defaults
c97c631 
[ upstream commit 83fc45a ]

Signed-off-by: Chris Tarazi <chris@isovalent.com>
@christarazi
Return error when deleting ENI rules fails
002b7c3 
[ upstream commit 820d852 ]

Previously, we relied on a log message to indicate whether a deletion of
a rule failed. Relying on the log message can be potentially misleading
as endpoint deletion is best-effort and errors are ignored in the end.
The user may see log message indicating a rule was deleted, but later in
the endpoint deletion it would show as an error.

This commit changes the function which deletes rules to surface the
error. This change removes the misleading log messages and allows us to
assert against this in tests.

Signed-off-by: Chris Tarazi <chris@isovalent.com>
@christarazi
Refactor enirouting pkg to use interfaces
7cd15a1 
[ upstream commit b58dd14 ]

This commit structures the code in such a way that allows the previously
duplicated parsing/validation logic to be consolidated into one place. It also
reduces the interdependencies between packages and allows for a dummy
implementation to be used for testing purposes.

Signed-off-by: Chris Tarazi <chris@isovalent.com>
@christarazi
Add unit-tests for enirouting package
05bdca3 
[ upstream commit a83d538 ]

Signed-off-by: Chris Tarazi <chris@isovalent.com>
@qmonnet @christarazi
bpf: nat46: fix accidental fall-through in switch statement
aa4b746 
[ upstream commit 410385a ]

There are missing "break" keywords in the switch statement to process
the different ICMPv6 message types. Let's add them.

Indirectly reported by cppcheck which would complain that icmp4.code
would be overwritten before being read (which happens indeed if we fall
through).

Fixes: f7396ba ("Add support for nat46 icmp translation.")
Signed-off-by: Quentin Monnet <quentin@isovalent.com>
Signed-off-by: Chris Tarazi <chris@isovalent.com>
@christarazi christarazi force-pushed the pr/v1.7-backport-2020-05-08 branch from 414b71f to aa4b746 Compare May 11, 2020 15:36
qmonnet
qmonnet approved these changes May 11, 2020
View reviewed changes
Copy link
Member

@qmonnet qmonnet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good for the commit I did in #11410 and discussed above, thank you 👍

tklauser and others added 4 commits May 11, 2020 10:26
@tklauser @christarazi
Documentation: read Go version from GO_VERSION file for development s…
b4fdb82 
…etup

[ upstream commit 1dfe49f ]

This avoids having to bump the Go version in the docs manually and also
allows to get rid of the Go version check in Documentation/Makefile.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Chris Tarazi <chris@isovalent.com>
@tklauser @christarazi
Makefile: add target to update Go version in test scripts
c21773f 
[ upstream commit c95f93b ]

Read the Go version from the GO_VERSION file and use it to replace the
hard-coded versions in the test scripts.

Together with the preceding commits, this allows to bump the Go version
in a single place: the GO_VERSION file.

Updating to a new Go version (1.13.8 in this example) is now as easy as:

  echo 1.13.8 > GO_VERSION && make update-golang

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Chris Tarazi <chris@isovalent.com>
@dctrwatson @christarazi
Cilium multi-node (and mesh) Kind Guide
4fb9fb1 
[ upstream commit 78739a1 ]

Signed-off-by: John Watson <johnw@planetscale.com>
Signed-off-by: Chris Tarazi <chris@isovalent.com>
@soumynathan @christarazi
Validate when Cilium is in ENI mode that IPv4 is enabled
29d3a19 
[ upstream commit 7ae916a ]

The patch checks the Cilium ENI mode and IPv4 when ENI functions
are called.

Fixes: #11272
Signed-off-by: Swaminathan Vasudevan <svasudevan@suse.com>
Signed-off-by: Chris Tarazi <chris@isovalent.com>
@christarazi
Copy link
Member Author

never-tell-me-the-odds

@christarazi christarazi marked this pull request as ready for review May 11, 2020 17:37
@christarazi christarazi requested a review from tklauser May 11, 2020 17:39
@christarazi
Copy link
Member Author

@tklauser Please have another look, as I needed to backport another one of your PRs (#10163). Please see the top post for any additional context.

@christarazi
Copy link
Member Author

restart-ginkgo

gandro
gandro approved these changes May 12, 2020
View reviewed changes
Copy link
Member

@gandro gandro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me!

With regard to the failed backport of #11269, I left a comment about it here: #11269 (comment)

But let's do that in the next batch of backports, this PR is already large enough as is.

@tklauser
Copy link
Member

tklauser commented May 12, 2020
edited
Loading

#10163 -- Use GO_VERSION as single source for the used Go version (@tklauser)

* Note: Dropped [771aa8a](https://github.com/cilium/cilium/commit/771aa8ac6d27d013948bf77d216957566e940482) as it wasn't needed for backporting; no functionality or behavior is lost

Dropping this commit will lead to inconsistencies when bumping Go version on the v1.7 branch using make update-golang. We need to bump it in GO_VERSION and still manually bump it in test/kubernetes-test.sh because the curl/tar commands still use the hardcoded version.

I noted that GO_VERSION currently has 1.13.10, while test/kubernetes-test.sh has 1.3.9 in the curl/tar commands, so it's inconsistent already.

If there is no strong reason against it, I'd propose to pick up 771aa8a in this PR a future backport PR (in order not to delay this backport PR further).

tklauser
tklauser approved these changes May 12, 2020
View reviewed changes
Copy link
Member

@tklauser tklauser left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving despite one minor issue wrt. Go version update due to the dropped commit as pointed out in #11441 (comment) Hopefully we can address this in a future backport PR.

tklauser
tklauser requested changes May 12, 2020
View reviewed changes
Copy link
Member

@tklauser tklauser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reverting my approval after discussion with @gandro. It's likely we forget to backport the single commit 771aa8a out of #10163, so better to include it as well in this PR.

@tgraf
Copy link
Member

tgraf commented May 12, 2020

Reviewed ENI related backports

@tklauser @christarazi
test: define variable for Go version
8519ffb 
[ upstream commit 7dd2b36 ]

This will allow to easily bump the version via a Makefile target
introduced in a successive commit.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Chris Tarazi <chris@isovalent.com>
@christarazi christarazi requested a review from tklauser May 12, 2020 17:12
@christarazi
Copy link
Member Author

@tklauser Thanks for clearing that up! I've re-added the commit and ran the make update-golang and added those changes. Let me know if I've missed anything.

@christarazi
Copy link
Member Author

christarazi commented May 12, 2020
edited
Loading

never-tell-me-the-odds

Edit: provisioning failure

tklauser
tklauser approved these changes May 12, 2020
View reviewed changes
Copy link
Member

@tklauser tklauser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks.

@christarazi
Copy link
Member Author

christarazi commented May 12, 2020
edited
Loading

test-upstream-k8s

Edit: hit #10442

@christarazi
Copy link
Member Author

test-missed-k8s

@christarazi christarazi mentioned this pull request May 13, 2020
Closed
@gandro
Copy link
Member

gandro commented May 13, 2020

test-missed-k8s

1 similar comment
@gandro
Copy link
Member

gandro commented May 13, 2020

test-missed-k8s

@gandro gandro merged commit a3d8c9f into v1.7 May 13, 2020
@gandro gandro deleted the pr/v1.7-backport-2020-05-08 branch May 13, 2020 16:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gandro gandro gandro approved these changes

@tklauser tklauser tklauser approved these changes

@tgraf tgraf tgraf approved these changes

@qmonnet qmonnet qmonnet approved these changes

@danwent danwent Awaiting requested review from danwent

@errordeveloper errordeveloper Awaiting requested review from errordeveloper

@genbit genbit Awaiting requested review from genbit

@jrajahalme jrajahalme Awaiting requested review from jrajahalme

@seanmwinn seanmwinn Awaiting requested review from seanmwinn

Assignees
No one assigned
Labels
kind/backports This PR provides functionality previously merged into master.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.