v1.11 Backports 2023-06-08 #26007
v1.11 Backports 2023-06-08 #26007
Conversation
c47939e to
c3b6d78
Compare
|
This is blocked by v1.11 complexity issue. |
|
/test-backport-1.11 |
c3b6d78 to
7cc992a
Compare
7cc992a to
d8fa43b
Compare
|
I've rebased on top of v1.11 so that broken parts of conformance-kind and smoke-test are disabled. |
|
/test-backport-1.11 Job 'Cilium-PR-K8s-1.21-kernel-5.4' failed: Click to show.Test NameFailure OutputJenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.21-kernel-5.4/20/ If it is a flake and a GitHub issue doesn't already exist to track it, comment Then please upload the Jenkins artifacts to that issue. Job 'Cilium-PR-K8s-1.19-kernel-4.9' failed: Click to show.Test NameFailure OutputJenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.19-kernel-4.9/38/ If it is a flake and a GitHub issue doesn't already exist to track it, comment Then please upload the Jenkins artifacts to that issue. Job 'Cilium-PR-K8s-1.23-kernel-4.9' has 1 failure but they might be new flake since it also hit 1 known flake: #24697 (85.37% similarity) |
|
The same bad news: ci-multicluster-1.11 fails due to complexity |
|
/test-1.19-4.9 |
|
/test-1.23-4.9 |
|
/test-1.21-5.4 |
|
/test-upstream-k8s |
However, can be ignored for now as it should be fixed by #25993 and is not marked as |
d8fa43b to
cdcf65f
Compare
[ upstream commit f64e073 ] [ backporter's note: Removed variables in the Helm templates that don't exist on this branch. Also, kubeProxyReplacement=probe is still valid in this branch, so I added it to the error condition. ] Fail helm if kube-proxy-replacement is set or defaults to an invalid value. kube-proxy-replacement can be defaulted to a deprecated (and since removed) "probe" value. User can also set it into an incorrect value explicitly. It is better to fail on helm than cilium agent failing to start. Signed-off-by: Jarno Rajahalme <jarno@isovalent.com> Signed-off-by: Yutaro Hayakawa <yutaro.hayakawa@isovalent.com>
[ upstream commit a579e9b ] [ backporter's note: IPSec key duration option doesn't exist on this branch, so I removed them. Also, this PR contains the commit to add Helm option for ipsec key rotation duration. I talked with an original author and dropped that commit since it is accidentally introduced. ] The IPsec key watcher is used to automatically detect and apply changes in the key (typically during key rotations). Having this watcher avoids having to restart the agents to apply the key change. It can however be desired to only apply the key change when the agent is restarted. It gives control to the user on when exactly the change happens. It may also be used as a way to switch from one IPsec implementation to another (XFRM configs specifically): the user rotates the key just before the upgrade; on upgrade, the SPI is implicitly used to distinguish between the old and new implementations as well as the old and new keys. Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com> Signed-off-by: Yutaro Hayakawa <yutaro.hayakawa@isovalent.com>
[ upstream commit 3ee2fb7 ] [ backporter's note: Fixed minor conflict in the Helm template ] This commit adds a Helm value for the enable-ipsec-key-watcher agent flag introduced in the previous commit. Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com> Signed-off-by: Yutaro Hayakawa <yutaro.hayakawa@isovalent.com>
cdcf65f to
cdb82a8
Compare
|
Fixed the backport error in 0fdb27d. TL;DR: |
|
/test-backport-1.11 |
|
k8s-1.21-kernel-4.9: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.21-kernel-4.9/45/console
|
|
/test-1.21-4.9 |
|
/test-1.21-5.4 |
|
For k8s-1.21-kernel-5.4, the same error with exactly the same test case was reported by Tobias last December (#17010 (comment)). Looks like the issue was closed as it did not happen for a while. I'll reopen the issue. |
|
all the required tests passed. merging ✅ |
kubeProxyReplacement=probeis still valid in this branch. So, I added it to the error condition.Dropped #25936 (@joamaki) since the task is taken over by #26021.
Once this PR is merged, you can update the PR labels via:
or with