[ upstream commit 70676ec ]

With "make render-docs-live-preview", we use the cilium/docs-builder
image to build a preview of the documentation, to serve it locally, and
to watch the source files for changes to update automatically the
preview.

When the Docker image is present locally, the command uses it. When this
is not the case, it pulls it from Docker, in its ":latest" version by
default. This can be an issue due to commit 0da7224 ("ci: pin down
image for documentation workflow"), where we pinned down the
docs-builder image to use in the CI. Since this commit, the reference
image is not longer ":latest", but the tag in use in the CI files. As a
consequence, the live preview may attempt to use an outdated version of
the image. This is currently the case: running the command with no local
image raises an error about a missing "myst_parser" extension, which is
not present on the version tagged with ":latest".

To fix this, we mark builder-image as a dependency for the
render-docs-live-preview target, so that the image gets built locally.

Reported-by: Yoyo Wu <yoyo19980720@163.com>
Signed-off-by: Quentin Monnet <quentin@isovalent.com>
Signed-off-by: Gilberto Bertin <jibi@cilium.io>

[ upstream commit 0b58178 ]

Configure the peerService to access hubble on the
hubble.peerService.targetPort rather than determining the port from
hubble.listenAddress which may be empty when using a sidecar to proxy to hubble.

Signed-off-by: Chance Zibolski <chance.zibolski@gmail.com>
Signed-off-by: Gilberto Bertin <jibi@cilium.io>

[ upstream commit b13dc89 ]

The tc command prints out information not shown by bpftool.
As well, it is possible that we may need information about
tc entities that are not managed by Cilium when debugging
Cilium issues.

This adds extra bugtool commands to be run with cilium-bugtool.
Including listing tc qdisc and getting filter/class/chain info
for all network interfaces.

Fixes: #17468

Signed-off-by: Tom Hadlaw <tom.hadlaw@isovalent.com>
Signed-off-by: Gilberto Bertin <jibi@cilium.io>

[ upstream commit 80092ce ]

Since commit 67f74ff ("images/cilium: remove cilium group from
Dockerfile") the cilium group is no longer created in the image running
the agent, resulting in the following log message on cilium-agent start:

level=info msg="Group not found" error="group: unknown group cilium" file-path=/var/run/cilium/cilium.sock group=cilium subsys=api

Change the log message to debug level to avoid confusion.

Suggested-by: André Martins <andre@cilium.io>
Signed-off-by: Tobias Klauser <tobias@cilium.io>
Signed-off-by: Gilberto Bertin <jibi@cilium.io>

[ upstream commit 2926892 ]

Signed-off-by: Vlad Ungureanu <ungureanuvladvictor@gmil.com>
Signed-off-by: Gilberto Bertin <jibi@cilium.io>

[ upstream commit 54d708e ]

The SPI value is expected to take 4 bits at most so it's maximum value
should be 15 not 16. Let's fix that in the key rotation documentation.

The agent also rejects value 0, so allowed values are [1;15].

Reported-by: Odin Ugedal via Slack
Signed-off-by: Paul Chaignon <paul@cilium.io>
Signed-off-by: Gilberto Bertin <jibi@cilium.io>

[ upstream commit 9c6e424 ]

Fixes: f6ce522 ("FQDN: Added garbage collector functions.")
Signed-off-by: Paul Chaignon <paul@cilium.io>
Signed-off-by: Gilberto Bertin <jibi@cilium.io>

[ upstream commit 070ded0 ]

The previous PR #18478 wraps existing viper GetStringMapString function
to get around upstream bugs, however, it's unintentionally restricted a
few formats, which supported before in cilium, such as:

- --aws-instance-limit-mapping=c6a.2xlarge=4,15,15,m4.xlarge=1,5,10
- --api-rate-limit=endpoint-create=rate-limit:10/s,rate-burst:10,parallel-requests:10,auto-adjust:true

For complicated attribute, we are allowing comma character in value part
of key value pair. As golang didn't support look-ahead functionalities in
built-in regex library, this commit is to replace string.Split function
by custom implementation to handle such scenario.

Relates: #18478
Fixes: #18973
Signed-off-by: Tam Mach <tam.mach@cilium.io>
Signed-off-by: Gilberto Bertin <jibi@cilium.io>