Skip to content

v1.16 Backports 2024-10-22 #35468

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
Oct 22, 2024
Merged

v1.16 Backports 2024-10-22 #35468

merged 13 commits into from
Oct 22, 2024

Conversation

tklauser
Copy link
Member

@tklauser tklauser commented Oct 22, 2024
edited by aanm
Loading

PRs skipped due to conflicts:

Once this PR is merged, a GitHub action will update the labels of these PRs:

 35179 35337 35165 35400 35399 35408 35381 35333 35422 35457

Will Daly and others added 11 commits October 22, 2024 11:14
@tklauser
pkg/node: fix repeated error reporting in neighbor-link-updater
61442dd 
[ upstream commit 0a9d63f ]

Previously, neighbor-link-updater set the health status error
for each neighboring node to a concatenation of all errors from
all nodes processed so far.

Fix it by storing only the error from refreshing the particular node.

Signed-off-by: Will Daly <widaly@microsoft.com>
Signed-off-by: Tobias Klauser <tobias@cilium.io>
@julianwiedmann @tklauser
docs: kpr: update error message regarding SocketLB tracing
dcf7ce3 
[ upstream commit ea9d3c6 ]

#32799 changed the error message,
adjust the documentation.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
Signed-off-by: Tobias Klauser <tobias@cilium.io>
@jibi @tklauser
bpf: fib: extract add_l2_hdr from maybe_add_l2_hdr
175b709 
[ upstream commit ed34095 ]

Signed-off-by: Gilberto Bertin <jibi@cilium.io>
Signed-off-by: Tobias Klauser <tobias@cilium.io>
@julianwiedmann @tklauser
bpf: nodeport: add L2 header before redirecting to overlay interface
b0fae36 
[ upstream commit abdaddc ]

When redirecting from a L3 device to the overlay interface, we need to
manually add a L2 header to the (inner) packet.

#33421 fixed this for the case of
Nodeport NAT traffic from the LB node to a backend. Generalize it so
that it helps all users of the nodeport_add_tunnel_encap() helper - for
example DSR-Geneve or EgressGW reply traffic.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
Signed-off-by: Tobias Klauser <tobias@cilium.io>
@julianwiedmann @tklauser
bpf: tests: add N/S DSR-GENEVE test for L3 -> remote backend
0d8aaf5 
[ upstream commit 677bcc1 ]

Validate that the from-netdev program adds a L2 header to the packet,
before redirecting it to the overlay interface.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
Signed-off-by: Tobias Klauser <tobias@cilium.io>
@sayboras @tklauser
gha: Update chmod command
f5c2c77 
[ upstream commit a26427b ]

This is to avoid the below failure while chmod-ing symlink.

```
chmod: cannot operate on dangling symlink '/usr/local/bin/now'
```

Sample run: https://github.com/cilium/cilium/actions/runs/11343796440/job/31547213730?pr=35397

Signed-off-by: Tam Mach <tam.mach@cilium.io>
Signed-off-by: Tobias Klauser <tobias@cilium.io>
@aanm @tklauser
.github/conformance-ginkgo: replace deprecated jq flag
8cebd71 
[ upstream commit e08929b ]

The jq flag 'argfile' has been removed. The solution is
to use slurpfile instead.

Signed-off-by: André Martins <andre@cilium.io>
Signed-off-by: Tobias Klauser <tobias@cilium.io>
@aanm @tklauser
.github: remove libncurses5 from integration tests
0b7a897 
[ upstream commit 63cd391 ]

This package was added in 7a301a4 ("introduce ARM github workflows")
and it's no longer being used so we can remove it as it's not available
in ubuntu-latest (24.04).

Signed-off-by: André Martins <andre@cilium.io>
Signed-off-by: Tobias Klauser <tobias@cilium.io>
@jrajahalme @tklauser
policy: Fix proxy listener and priority with auth rules
3293d83 
[ upstream commit 8549f07 ]

Properly inherit listener name and priority from the L3-wildcard rule to
L3 rule when auth types are different between them.

Fixes: #26331

Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
Signed-off-by: Tobias Klauser <tobias@cilium.io>
@rastislavs @tklauser
bgpv1: fix reconciliation of services with shared VIPs
4dd28e9 
[ upstream commit 2c40eb1 ]

As multiple services can share the same VIP (e.g. using
lbipam.cilium.io/sharing-key), the service reconciliation logic
needs to be adapted to not withdraw a route to VIP that is
still in use by some other service.
To address that, this change introduces resource reference
counting by reconciling service advertisements.
This fix is specific to BGPv1 service reconciliation only.

Signed-off-by: Rastislav Szabo <rastislav.szabo@isovalent.com>
Signed-off-by: Tobias Klauser <tobias@cilium.io>
@rastislavs @tklauser
bgpv1: Add shared VIP tests to bgpv1 advertisement tests
94723cc 
[ upstream commit b3a3108 ]

Updates the BGPv1 advertisement tests to test a case where
multiple services share the same LoadBalancer VIP.

Signed-off-by: Rastislav Szabo <rastislav.szabo@isovalent.com>
Signed-off-by: Tobias Klauser <tobias@cilium.io>
@tklauser tklauser added kind/backports This PR provides functionality previously merged into master. backport/1.16 This PR represents a backport for Cilium 1.16.x of a PR that was merged to main. labels Oct 22, 2024
sayboras
sayboras approved these changes Oct 22, 2024
View reviewed changes
Copy link
Member

@sayboras sayboras left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks and looks good for my commit.

@tklauser tklauser force-pushed the pr/v1.16-backport-2024-10-22-11-14 branch from c3a2c49 to 5bab655 Compare October 22, 2024 09:29
@tklauser tklauser marked this pull request as ready for review October 22, 2024 09:29
@tklauser tklauser requested review from a team as code owners October 22, 2024 09:29
@tklauser tklauser requested a review from nebril October 22, 2024 09:29
@tklauser
Copy link
Member Author

/test-backport-1.16

@tklauser tklauser mentioned this pull request Oct 22, 2024
Merged
@tklauser tklauser enabled auto-merge October 22, 2024 09:35
rastislavs
rastislavs approved these changes Oct 22, 2024
View reviewed changes
Copy link
Contributor

@rastislavs rastislavs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

marseel
marseel approved these changes Oct 22, 2024
View reviewed changes
Copy link
Contributor

@marseel marseel left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, nonblocking: if you happen to update commits for whatever reason, now my commit points to incorrect commit, while PR description points to correct one: 1918908

@tklauser
Copy link
Member Author

lgtm, nonblocking: if you happen to update commits for whatever reason, now my commit points to incorrect commit, while PR description points to correct one: 1918908

Oops, sorry. I updated it locally but forgot to force-push apparently.

marseel and others added 2 commits October 22, 2024 13:28
@marseel @tklauser
docs: update default identity label filters
297ce19 
[ upstream commit d3dc7e8 ]

[ backporter's note: added `any:` prefix as with other labels because
  commit 1918908 ("Improve identity-relevant-labels.rst page")
  which removed these prefixes across all docs wasn't backported to
  v1.16. ]

PR #31178 added "io.cilium.k8s.policy.cluster" label to default ones
that are propagated even when strict filters are applied.

Fixes: #31178

Signed-off-by: Marcel Zieba <marcel.zieba@isovalent.com>
@aanm @tklauser
.github: remove retention days for image digests
6be3749 
[ upstream commit f269eee ]

It is useful to keep the image digests as long as possible, thus this
commit removes the retention period of 10 days.

Signed-off-by: André Martins <andre@cilium.io>
Signed-off-by: Tobias Klauser <tobias@cilium.io>
@tklauser tklauser force-pushed the pr/v1.16-backport-2024-10-22-11-14 branch from 5bab655 to 6be3749 Compare October 22, 2024 11:29
@tklauser
Copy link
Member Author

/test-backport-1.16

@tklauser tklauser added this pull request to the merge queue Oct 22, 2024
Merged via the queue into v1.16 with commit 8ed2fc1 Oct 22, 2024
281 checks passed
@tklauser tklauser deleted the pr/v1.16-backport-2024-10-22-11-14 branch October 22, 2024 16:03
@cilium-release-bot cilium-release-bot bot mentioned this pull request Nov 13, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marseel marseel marseel approved these changes

@aanm aanm aanm approved these changes

@sayboras sayboras sayboras approved these changes

@rastislavs rastislavs rastislavs approved these changes

@julianwiedmann julianwiedmann julianwiedmann approved these changes

@jrajahalme jrajahalme Awaiting requested review from jrajahalme

@wedaly wedaly Awaiting requested review from wedaly

@nebril nebril Awaiting requested review from nebril nebril is a code owner automatically assigned from cilium/ci-structure

Assignees
No one assigned
Labels
backport/1.16 This PR represents a backport for Cilium 1.16.x of a PR that was merged to main. kind/backports This PR provides functionality previously merged into master.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@tklauser @marseel @aanm @sayboras @rastislavs @julianwiedmann @jibi @jrajahalme