v1.8 backports 2021-03-31 #15530
Merged
v1.8 backports 2021-03-31 #15530
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ upstream commit b6dc814 ] The NETNEXT environment variable, set to "1" or to "true", has traditionally instructed the CI to use the net-next kernel for the Vagrant virtual machines. For some time, the KERNEL variable has also been assuming this role, if its value is set to "net-next" (see test/Vagrantfile). But the relevant helper in the CI is not aware of that, and when passing KERNEL="net-next" instead of NETNEXT="true", ginkgo will skip tests that should run on the net-next kernel. Let's update the relevant helper to fix this issue. Fixes: cilium#11061 Signed-off-by: Quentin Monnet <quentin@isovalent.com> Signed-off-by: André Martins <andre@cilium.io>
[ upstream commit aabc7bf ] The commands to perform key rotations don't work because of YAML's indentations. The key keys can be indented: $ ks get secrets cilium-ipsec-keys -o yaml | grep -C1 keys: data: keys: MSByZmM0MTA2KGdjbShhZXMpKSA0NDQzNDI0MTM0MzMzMjMxMjQyMzIyMjExNDEzMTIxMWY0ZjNmMmYxIDEyOA== kind: Secret This commit fixes the regular expression. Fixes: 458c623 ("Documentation: fix key rotation command in encryption guide") Signed-off-by: Paul Chaignon <paul@cilium.io> Signed-off-by: André Martins <andre@cilium.io>
[ upstream commit ceb1e07 ] Make the version handling more flexible by taking in a version number in either the "vX.Y.Z" or "X.Y.Z" formats, stripping the leading v and setting the URL up correctly to pull the manifests from the target URL. Fixes the following error: $ contrib/release/pull-docker-manifests.sh joestringer 1.7.15 https://github.com/cilium/cilium/actions/runs/637686978 curl: (3) URL using bad/illegal format or missing URL Signal ERR caught! Traceback (line function script): 71 main contrib/release/pull-docker-manifests.sh 85 main contrib/release/pull-docker-manifests.sh Exiting... Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: André Martins <andre@cilium.io>
[ upstream commit ef6c8a6 ] This extra step should be carried out to ensure the digests are correct in the helm charts in the tree following a release. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: André Martins <andre@cilium.io>
[ upstream commit 6feafc2 ] These changes allow running the master version of the script from another directory and only outputting the changed files into the current directory (for instance, if you have a dedicated copy of Cilium per branch). Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: André Martins <andre@cilium.io>
[ upstream commit 648fbf0 ] Commits 14a9087 ("contrib/release: do not require images to be download locally") and 1a6d10a (".github: Improve digest formatting in workflow") both attempted to add the title for the digests into the output format, but this lead to the title being added twice. We only need one, so remove the other one. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: André Martins <andre@cilium.io>
[ upstream commit daeaa9c ] When we prepare the tag commit for an upcoming Cilium release, we want that commit to point towards images like "cilium/cilium:vX.Y.Z". Then, once we have pushed & generated images for that tag, we will have an image digest that points to this tag. At that point, we will update the digests again to point to a fully qualified image something like "cilium/cilium:vX.Y.Z@sha256:abcdef...", which will be injected into the Helm charts corresponding to this release. This commit clears the previous image shas (corresponding to a prior release) when starting a new release. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: André Martins <andre@cilium.io>
[ upstream commit b117dae ] This script previously assumed that you first checkout the branch where you will make the release, then run the script. By first pulling & creating the branch in the script, we can detect the "old_version" correctly with fewer dependencies on the release manager's environment. Reported-by: Chris Tarazi <chris@isovalent.com> Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: André Martins <andre@cilium.io>
[ upstream commit 2dc2805 ] Rearrange the parameters and make version / github username optional parameters with some sane autodetection. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: André Martins <andre@cilium.io>
[ upstream commit 9ac4d95 ] Bumps [pygments](https://github.com/pygments/pygments) from 2.4.2 to 2.7.4. - [Release notes](https://github.com/pygments/pygments/releases) - [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES) - [Commits](pygments/pygments@2.4.2...2.7.4) Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: André Martins <andre@cilium.io>
[ upstream commit e79e66f ] Add visibility to the garbage collection of DNS name/IP mappings by logging the FQDNs of name entries being deleted. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: André Martins <andre@cilium.io>
[ upstream commit beb0c40 ] Fix comments and rename parameters to make this a bit more understandable. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: André Martins <andre@cilium.io>
[ upstream commit 3f4e686 ] Add command line option --tofqdns-idle-connection-grace-period (default 0s) that allows expired DNS entries that previously had active connections remain alive for an additional period of time during which the idle connections may resume or new connections to the same IP may still be started. Format is the string representation of Go time.Duration. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: André Martins <andre@cilium.io>
[ upstream commit 4daefa7 ] Different DNS queries may have different expiry times. Keep that latest/furthest expiry time instead of blindly overwriting the old time with a new one when updating an existing entry. This makes the combined expiry time of the zombie entry not depend on the order in which the queries were processed. Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: André Martins <andre@cilium.io>
[ upstream commit 9cc1be2 ] Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: André Martins <andre@cilium.io>
pchaigno
approved these changes
Mar 31, 2021
|
test-backport-1.8 |
joestringer
approved these changes
Apr 1, 2021
jrajahalme
approved these changes
Apr 1, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Once this PR is merged, you can update the PR labels via:
@brb the PR 15431 -- node-neigh: Query once netlink for neigh discovery device (@brb) was not backported due conflicts.