Skip to content

v1.9 backports 2022-05-31 #20016

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
May 31, 2022
Merged

v1.9 backports 2022-05-31 #20016

merged 5 commits into from
May 31, 2022

Conversation

jibi
Copy link
Member

@jibi jibi commented May 31, 2022

Once this PR is merged, you can update the PR labels via:

$ for pr in 16647 19885 19927 19893 19930; do contrib/backporting/set-labels.py $pr done 1.9; done

or with

$ make add-label BRANCH=v1.9 ISSUES=16647,19885,19927,19893,19930

pchaigno and others added 5 commits May 31, 2022 10:31
@pchaigno @jibi
ipsec: Fix off-by-one error on max SPI
d335ac0 
[ upstream commit c88244c ]

We encoded the SPI (aka keyID) on 4 bits [1] in the xfrm and packet
marks. The maximum value is therefore 15 and not 16. This commit fixes
the check on the maximum keyID value.

Note the documentation for IPsec key rotation already has the correct
value [2] so there shouldn't be any users with an incorrect keyID.

1 - https://github.com/cilium/cilium/blob/v1.10.1/pkg/datapath/linux/ipsec/ipsec_linux.go#L147-L150
2 - https://docs.cilium.io/en/v1.10/gettingstarted/encryption-ipsec/#key-rotation
Fixes: b698972 ("cilium: ipsec, support rolling updates")
Signed-off-by: Paul Chaignon <paul@cilium.io>
Signed-off-by: Gilberto Bertin <jibi@cilium.io>
@qmonnet @jibi
docs: Add docs-builder build as dependency to live preview
da541f4 
[ upstream commit 70676ec ]

With "make render-docs-live-preview", we use the cilium/docs-builder
image to build a preview of the documentation, to serve it locally, and
to watch the source files for changes to update automatically the
preview.

When the Docker image is present locally, the command uses it. When this
is not the case, it pulls it from Docker, in its ":latest" version by
default. This can be an issue due to commit 0da7224 ("ci: pin down
image for documentation workflow"), where we pinned down the
docs-builder image to use in the CI. Since this commit, the reference
image is not longer ":latest", but the tag in use in the CI files. As a
consequence, the live preview may attempt to use an outdated version of
the image. This is currently the case: running the command with no local
image raises an error about a missing "myst_parser" extension, which is
not present on the version tagged with ":latest".

To fix this, we mark builder-image as a dependency for the
render-docs-live-preview target, so that the image gets built locally.

Reported-by: Yoyo Wu <yoyo19980720@163.com>
Signed-off-by: Quentin Monnet <quentin@isovalent.com>
Signed-off-by: Gilberto Bertin <jibi@cilium.io>
@tklauser @jibi
api: change "group not found" log to debug
a5ee757 
[ upstream commit 80092ce ]

Since commit 67f74ff ("images/cilium: remove cilium group from
Dockerfile") the cilium group is no longer created in the image running
the agent, resulting in the following log message on cilium-agent start:

level=info msg="Group not found" error="group: unknown group cilium" file-path=/var/run/cilium/cilium.sock group=cilium subsys=api

Change the log message to debug level to avoid confusion.

Suggested-by: André Martins <andre@cilium.io>
Signed-off-by: Tobias Klauser <tobias@cilium.io>
Signed-off-by: Gilberto Bertin <jibi@cilium.io>
@pchaigno @jibi
docs: Fix max SPI value for IPsec key rotations
e54e2a1 
[ upstream commit 54d708e ]

The SPI value is expected to take 4 bits at most so it's maximum value
should be 15 not 16. Let's fix that in the key rotation documentation.

The agent also rejects value 0, so allowed values are [1;15].

Reported-by: Odin Ugedal via Slack
Signed-off-by: Paul Chaignon <paul@cilium.io>
Signed-off-by: Gilberto Bertin <jibi@cilium.io>
@pchaigno @jibi
docs: Fix incorrect FQDN flag
b7ffb8c 
[ upstream commit 9c6e424 ]

Fixes: f6ce522 ("FQDN: Added garbage collector functions.")
Signed-off-by: Paul Chaignon <paul@cilium.io>
Signed-off-by: Gilberto Bertin <jibi@cilium.io>
@jibi jibi requested a review from a team as a code owner May 31, 2022 08:37
@jibi jibi requested review from pchaigno, qmonnet and tklauser May 31, 2022 08:37
@maintainer-s-little-helper maintainer-s-little-helper bot added backport/1.9 kind/backports This PR provides functionality previously merged into master. labels May 31, 2022
pchaigno
pchaigno approved these changes May 31, 2022
View reviewed changes
Copy link
Member

@pchaigno pchaigno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My PRs look good. Thanks!

tklauser
tklauser approved these changes May 31, 2022
View reviewed changes
Copy link
Member

@tklauser tklauser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Backport of my PR looks good, thanks!

@jibi
Copy link
Member Author

jibi commented May 31, 2022
edited by maintainer-s-little-helper bot
Loading

/test-backport-1.9

Job 'Cilium-PR-K8s-1.14-kernel-4.9' hit: #19291 (92.61% similarity)

@maintainer-s-little-helper maintainer-s-little-helper bot mentioned this pull request May 31, 2022
Closed
@jibi
Copy link
Member Author

jibi commented May 31, 2022

/test-1.14-4.9

@jibi
Copy link
Member Author

jibi commented May 31, 2022

/test-1.15-4.9

@jibi jibi added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label May 31, 2022
@jibi jibi merged commit 5a9e405 into v1.9 May 31, 2022
@jibi jibi deleted the pr/v1.9-backport-2022-05-31 branch May 31, 2022 14:32
@joestringer joestringer mentioned this pull request Jun 10, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tklauser tklauser tklauser approved these changes

@pchaigno pchaigno pchaigno approved these changes

@qmonnet qmonnet qmonnet approved these changes

Assignees
No one assigned
Labels
kind/backports This PR provides functionality previously merged into master. ready-to-merge This PR has passed all tests and received consensus from code owners to merge.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jibi @tklauser @pchaigno @qmonnet