v1.13 Backports 2024-05-24 #32696
Merged
v1.13 Backports 2024-05-24 #32696
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mhofstetter
approved these changes
May 24, 2024
lmb
approved these changes
May 24, 2024
2610ee3 to
12a8b5c
Compare
pchaigno
requested changes
May 24, 2024
rolinh
reviewed
May 24, 2024
jibi
approved these changes
May 24, 2024
joestringer
approved these changes
May 24, 2024
michi-covalent
approved these changes
May 24, 2024
12a8b5c to
78f449e
Compare
[ upstream commit d15410d ] [ backporter's note: .github/workflows/tests-e2e-upgrade.yaml doesn't exist on v1.13. Removed it. ] it's fine to ignore the "No egress gateway found" drop reason as this may be caused by the kind=echo pods sending traffic while the egressgw policy map is still being populated. The actual connectivity test will ensure that the map is in sync with the policy and that egressgw traffic always go through the correct gateway Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit 9392745 ] Sometimes, the L4LB tests timeout waiting for the docker (in docker) instance to be ready. ``` +[06:55:18] docker run --privileged --name lb-node -d --network cilium-l4lb -v /lib/modules:/lib/modules docker:dind ca31f2a72a098bf612d569fee976e7e17779a1546337748dc62b63c99da13271 +[06:55:18] docker exec -t lb-node mount bpffs /sys/fs/bpf -t bpf +[06:55:18] docker run --name nginx -d --network cilium-l4lb nginx 544abbd0503584c582da50480d5f96eae5ecadb426d48d6fee078558b45451b2 +[06:55:18] docker exec -t lb-node docker ps +[06:55:18] sleep 1 +[06:55:19] docker exec -t lb-node docker ps +[06:55:19] sleep 1 +[06:55:20] docker exec -t lb-node docker ps Error response from daemon: Container ca31f2a72a098bf612d569fee976e7e17779a1546337748dc62b63c99da13271 is not running +[06:55:20] sleep 1 +[06:55:21] docker exec -t lb-node docker ps Error response from daemon: Container ca31f2a72a098bf612d569fee976e7e17779a1546337748dc62b63c99da13271 is not running +[06:55:21] sleep 1 +[06:55:22] docker exec -t lb-node docker ps Error response from daemon: Container ca31f2a72a098bf612d569fee976e7e17779a1546337748dc62b63c99da13271 is not running +[06:55:22] sleep 1 +[06:55:23] docker exec -t lb-node docker ps Error response from daemon: Container ca31f2a72a098bf612d569fee976e7e17779a1546337748dc62b63c99da13271 is not running +[06:55:20] docker exec -t lb-node docker ps Error response from daemon: Container ca31f2a72a098bf612d569fee976e7e17779a1546337748dc62b63c99da13271 is not running ``` Unfortunately, fetching the LB logs after the failed test doesn't help either, as this fails with the same error. ``` Run docker exec -t lb-node docker logs cilium-lb docker exec -t lb-node docker logs cilium-lb ... Error response from daemon: Container ca31f2a72a098bf612d569fee976e7e17779a1546337748dc62b63c99da13271 is not running ``` Therefore, this commit adds an additional job step that fetches the status and logs of the docker instance itself. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com> Signed-off-by: Yutaro Hayakawa <yutaro.hayakawa@isovalent.com>
[ upstream commit a9a5ca7 ] [ backporter's note: Fixed minor conflict coming from the code structure difference. Remove unnecessary code coming from upstream and only pick retart flag. ] Docker in Docker container used within L4LB tests occasionally fails to start due to a `sed: write error`. log output: ``` Certificate request self-signature ok /certs/server/cert.pem: OK subject=CN = docker:dind server Certificate request self-signature ok subject=CN = docker:dind client cat: can't open '/proc/net/arp_tables_names': No such file or directory sed: write error /certs/client/cert.pem: OK iptables v1.8.10 (nf_tables) ``` To prevent this error from causing the entire test to fail, this commit tries to fix this by restarting the container in case of a failure up to 10 times. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
[ upstream commit 3f995c4 ] This commit enhances the "fetch dind information" GH action step from the L4LB test to output all containers (including stopped ones) and details about the lb-node container. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com> Signed-off-by: Yutaro Hayakawa <yutaro.hayakawa@isovalent.com>
[ upstream commit dd947b3 ] Whenever GKE stopped supporting a particular version of GKE, we had to manually remove it from all stable branches. Now instead of that, we will dynamically check if it's supported and only then run the test. Signed-off-by: Marcel Zieba <marcel.zieba@isovalent.com> Signed-off-by: Yutaro Hayakawa <yutaro.hayakawa@isovalent.com>
[ upstream commit ae31ee9 ] [ backporter's note: .github/workflows/scale-test-100-gce.yaml and .github/workflows/scale-test-node-throughput-gce.yaml don't exist on v1.13. Remove them. ] Signed-off-by: Marcel Zieba <marcel.zieba@isovalent.com>
[ upstream commit 87119e9 ] Signed-off-by: Marcel Zieba <marcel.zieba@isovalent.com> Signed-off-by: Yutaro Hayakawa <yutaro.hayakawa@isovalent.com>
[ upstream commit f8afceb ] The result of running ``` images/scripts/update-cni-version.sh 1.5.0 ``` Signed-off-by: Anton Ippolitov <anton.ippolitov@datadoghq.com> Signed-off-by: Yutaro Hayakawa <yutaro.hayakawa@isovalent.com>
[ upstream commit 62117e7 ] [ backporter's comment: Resolve image hash conflict and execute make update-runtime-image and update-builder-image. ] Signed-off-by: Anton Ippolitov <anton.ippolitov@datadoghq.com> Signed-off-by: Yutaro Hayakawa <yutaro.hayakawa@isovalent.com>
f5783d3 to
6cbf76f
Compare
|
Rebasing to pull-in bfbb9be. |
|
/test-backport-1.13 Job 'Cilium-PR-K8s-1.25-kernel-4.19' failed: Click to show.Test NameFailure OutputJenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.25-kernel-4.19/1226/ If it is a flake and a GitHub issue doesn't already exist to track it, comment Then please upload the Jenkins artifacts to that issue. Job 'Cilium-PR-K8s-1.17-kernel-4.19' failed: Click to show.Test NameFailure OutputJenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.17-kernel-4.19/513/ If it is a flake and a GitHub issue doesn't already exist to track it, comment Then please upload the Jenkins artifacts to that issue. Job 'Cilium-PR-K8s-1.17-kernel-4.19' failed: Click to show.Test NameFailure OutputJenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.17-kernel-4.19/514/ If it is a flake and a GitHub issue doesn't already exist to track it, comment Then please upload the Jenkins artifacts to that issue. |
marseel
approved these changes
May 27, 2024
squeed
approved these changes
May 27, 2024
|
Cilium IPsec upgrade: 1.1.1.1 rate limit |
|
/test-1.17-4.19 |
|
/test-1.19-4.19 |
|
/test-1.25-4.19 |
rolinh
approved these changes
May 27, 2024
|
k8s-1.17-kernel-4.19: #13071 |
|
/test-1.17-4.19 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PRs skipped due to conflicts:
Once this PR is merged, a GitHub action will update the labels of these PRs: