Skip to content

v1.11 backports 2022-10-19 #21810

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 2, 2022
Merged

v1.11 backports 2022-10-19 #21810

merged 3 commits into from
Nov 2, 2022

Conversation

qmonnet
Copy link
Member

@qmonnet qmonnet commented Oct 19, 2022
edited by joestringer
Loading

PRs skipped due conflicts:

Once this PR is merged, you can update the PR labels via:

$ for pr in 21394 21670 21771; do contrib/backporting/set-labels.py $pr done 1.11; done

or with

$ make add-label BRANCH=v1.11 ISSUES=21394,21670,21771

@qmonnet qmonnet requested a review from a team as a code owner October 19, 2022 16:24
@qmonnet qmonnet requested review from joestringer and squeed October 19, 2022 16:24
@maintainer-s-little-helper maintainer-s-little-helper bot added backport/1.11 kind/backports This PR provides functionality previously merged into master. labels Oct 19, 2022
zuzzas and others added 3 commits October 19, 2022 17:24
@zuzzas @qmonnet
Fixed CCNP garbage collection
3d8d870 
[ upstream commit 694892c ]

CCNPs are converted internally into CNPs, but metadata.name has been forgotten

Fixes #21393

[ Backport note: File operator/cilium_node.go has been renamed into
    operator/cmd/cilium_node.go in master branch. ]

Signed-off-by: Andrey Klimentyev <andrey.klimentyev@flant.com>
Signed-off-by: Quentin Monnet <quentin@isovalent.com>
@joestringer @qmonnet
docs: Update k8s NetworkPolicy descriptions
4e40e5d 
[ upstream commit 6fbbbb9 ]

Add some additional notes to highlight how Cilium's k8s NetworkPolicy
support works, including:

- Egress policies have not been beta for several years.
- Port Ranges.

[ Backport note: File Documentation/network/kubernetes/policy.rst has
    been renamed into Documentation/concepts/kubernetes/policy.rst on
    master branch. ]

Signed-off-by: Joe Stringer <joe@cilium.io>
Signed-off-by: Quentin Monnet <quentin@isovalent.com>
@squeed @qmonnet
EndpointManager: fix deadlock when releasing an endpoint
9219f14 
[ upstream commit 061e55f ]

In high-churn clusters, there can be a three-party deadlock between the
EndpointManager, the PolicyRepository, and a given Endpoint. One of the
"links in the chain" is merely trying to get the container ID and
namespace+name of an Endpoint for logging. Which we already have.

So, rather than trying to lock an Endpoint to get it's identifiers
again, just use the copy we already have.

Fixes: dae07b5 (endpointmanager: Remove goroutine for ID release)
Signed-off-by: Casey Callendrello <cdc@isovalent.com>
Signed-off-by: Quentin Monnet <quentin@isovalent.com>
@qmonnet qmonnet force-pushed the pr/v1.11-backport-2022-10-19 branch from be31bfc to 9219f14 Compare October 19, 2022 16:26
@qmonnet
Copy link
Member Author

qmonnet commented Oct 19, 2022
edited by maintainer-s-little-helper bot
Loading

/test-backport-1.11

Job 'Cilium-PR-K8s-1.19-kernel-4.9' failed:

Click to show.

Test Name

K8sUpdates Tests upgrade and downgrade from a Cilium stable image to master

Failure Output

FAIL: Unable to download helm chart v1.10 from GitHub

If it is a flake and a GitHub issue doesn't already exist to track it, comment /mlh new-flake Cilium-PR-K8s-1.19-kernel-4.9 so I can create one.

Job 'Cilium-PR-K8s-GKE' failed:

Click to show.

Test Name

K8sDatapathConfig IPv4Only Check connectivity with IPv6 disabled

Failure Output

FAIL: Timed out after 240.000s.

If it is a flake and a GitHub issue doesn't already exist to track it, comment /mlh new-flake Cilium-PR-K8s-GKE so I can create one.

Job 'Cilium-PR-K8s-GKE' failed:

Click to show.

Test Name

K8sDatapathConfig Host firewall With native routing and endpoint routes

Failure Output

FAIL: Timed out after 247.107s.

If it is a flake and a GitHub issue doesn't already exist to track it, comment /mlh new-flake Cilium-PR-K8s-GKE so I can create one.

@qmonnet
Copy link
Member Author

qmonnet commented Oct 20, 2022

/test-1.19-4.9

@nathanjsweet
Copy link
Member

/test-gke

@nathanjsweet
Copy link
Member

/ci-aks-1.11

@nathanjsweet
Copy link
Member

/ci-gke-1.11

@nathanjsweet
Copy link
Member

/test-gke

@nathanjsweet
Copy link
Member

/ci-gke-1.11

@nathanjsweet
Copy link
Member

/ci-aks-1.11

@nbusseneau
Copy link
Member

nbusseneau commented Oct 28, 2022
edited
Loading

This issue I don't like: https://jenkins.cilium.io/job/Cilium-PR-K8s-GKE/9168/testReport/junit/Suite-k8s-1/22/K8sDatapathConfig_IPv4Only_Check_connectivity_with_IPv6_disabled/

18:06:29  • Failure [829.326 seconds]
18:06:29  K8sDatapathConfig
18:06:29  /home/jenkins/workspace/Cilium-PR-K8s-GKE@2/src/github.com/cilium/cilium/test/ginkgo-ext/scopes.go:473
18:06:29    IPv4Only
18:06:29    /home/jenkins/workspace/Cilium-PR-K8s-GKE@2/src/github.com/cilium/cilium/test/ginkgo-ext/scopes.go:473
18:06:29      Check connectivity with IPv6 disabled [It]
18:06:29      /home/jenkins/workspace/Cilium-PR-K8s-GKE@2/src/github.com/cilium/cilium/test/ginkgo-ext/scopes.go:527
18:06:29  
18:06:29      Timed out after 240.000s.
[2022-10-26T16:06:29.840Z]     Timeout while waiting for Cilium to become ready
[2022-10-26T16:06:29.840Z]     Expected
[2022-10-26T16:06:29.840Z]         <*errors.errorString | 0xc0014f8750>: {
[2022-10-26T16:06:29.840Z]             s: "unable to retrieve daemonset kube-system/cilium: Exitcode: -1 \nErr: signal: killed\nStdout:\n \t \nStderr:\n \t \n",
[2022-10-26T16:06:29.840Z]         }
[2022-10-26T16:06:29.840Z]     to be nil

Seems like it was it hit before hand as well? Is it consistent? I'll re-run to check. In any case the GKE pipeline is very flaky and disabled on master.

@nbusseneau
Copy link
Member

/test-gke

@qmonnet
Copy link
Member Author

qmonnet commented Oct 28, 2022

Looks like it happened again

16:13:14  K8sDatapathConfig Host firewall 
16:13:14    With native routing and endpoint routes
16:13:14    /home/jenkins/workspace/Cilium-PR-K8s-GKE/src/github.com/cilium/cilium/test/ginkgo-ext/scopes.go:527
16:13:14  15:13:13 STEP: Installing Cilium
16:13:21  15:13:21 STEP: Waiting for Cilium to become ready
16:17:34  FAIL: Timed out after 247.107s.
16:17:34  Timeout while waiting for Cilium to become ready
16:17:34  Expected
16:17:34      <*errors.errorString | 0xc001548620>: {
16:17:34          s: "unable to retrieve daemonset kube-system/cilium: Exitcode: -1 \nErr: signal: killed\nStdout:\n \t \nStderr:\n \t \n",
16:17:34      }
16:17:34  to be nil
16:17:34  === Test Finished at 2022-10-28T15:17:28Z====
16:17:34  15:17:28 STEP: Running JustAfterEach block for EntireTestsuite K8sDatapathConfig
16:18:33  ===================== TEST FAILED =====================
16:18:33  15:18:28 STEP: Running AfterFailed block for EntireTestsuite K8sDatapathConfig
16:19:33  cmd: kubectl get pods -o wide --all-namespaces
16:19:33  Exitcode: -1 
16:19:33  Err: signal: killed

Although on a different test

@qmonnet
Copy link
Member Author

qmonnet commented Oct 28, 2022

/test-gke

@nathanjsweet
Copy link
Member

/ci-aks-1.11

@nathanjsweet
Copy link
Member

/test-gke

@qmonnet qmonnet mentioned this pull request Nov 2, 2022
Closed
@qmonnet
Copy link
Member Author

qmonnet commented Nov 2, 2022

I filed a flake for the error we observed earlier on GKE. Last run seems to have failed very early, likely on infra issue.

GKE pipeline being very unstable and not required, and AKS being unstable too, I believe this PR is good to go?

@nathanjsweet nathanjsweet merged commit 6af996e into v1.11 Nov 2, 2022
@nathanjsweet nathanjsweet deleted the pr/v1.11-backport-2022-10-19 branch November 2, 2022 16:02
@michi-covalent michi-covalent mentioned this pull request Nov 15, 2022
Closed
@michi-covalent michi-covalent mentioned this pull request Nov 16, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@squeed squeed squeed approved these changes

@joestringer joestringer joestringer approved these changes

Assignees
No one assigned
Labels
kind/backports This PR provides functionality previously merged into master.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@qmonnet @nathanjsweet @nbusseneau @squeed @joestringer @zuzzas