Skip to content

fix: ignore encrypt interface field #37184

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 23, 2025
Merged

fix: ignore encrypt interface field #37184

merged 1 commit into from
Jan 23, 2025

Conversation

Artyop
Copy link
Contributor

@Artyop Artyop commented Jan 22, 2025

This commit ignores the field EncryptInterface when verifying if there's any mutation of option.Config after its initialization.
With this commit, triggering reinitializeIPSec path causing mutation when using it without kube-proxy replacement on EKS clusters won't fail Cilium startup.
This is a temporary fix, once bpf_network will be removed for IPsec, EncryptInterface won't be used anymore.

Fixes: #34794

Ignore encrypt interface field when validating option.Config after initialization

@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Jan 22, 2025
@Artyop
Copy link
Contributor Author

Artyop commented Jan 22, 2025

/ci-eks

@Artyop Artyop changed the title refac: ignore encrypt interface field fix: ignore encrypt interface field Jan 22, 2025
@Artyop
Copy link
Contributor Author

Artyop commented Jan 22, 2025

/ci-eks

@Artyop Artyop mentioned this pull request Jan 22, 2025
Closed
@Artyop
Copy link
Contributor Author

Artyop commented Jan 22, 2025

/ci-eks

2 similar comments
@Artyop
Copy link
Contributor Author

Artyop commented Jan 22, 2025

/ci-eks

@Artyop
Copy link
Contributor Author

Artyop commented Jan 22, 2025

/ci-eks

@Artyop
refac: ignore encrypt interface field
d83fb6e 
This commit ignores the field EncryptInterface when verifying if there's any mutation of option.Config after its initialization.
With this commit, triggering reinitializeIPSec path causing mutation when using it without kube-proxy replacement on EKS clusters won't fail Cilium startup.
This is a temporary fix, once bpf_network will be removed for IPsec, EncryptInterface won't be used anymore.

Signed-off-by: Antony Reynaud <antony.reynaud@isovalent.com>
@Artyop Artyop force-pushed the pr/artyop/encrypt-interface-validation-ignore branch from 5445904 to d83fb6e Compare January 22, 2025 20:46
@Artyop
Copy link
Contributor Author

Artyop commented Jan 22, 2025

/ci-eks

1 similar comment
@Artyop
Copy link
Contributor Author

Artyop commented Jan 22, 2025

/ci-eks

@sayboras sayboras added the release-note/ci This PR makes changes to the CI. label Jan 22, 2025
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Jan 22, 2025
@sayboras sayboras added the release-note/minor This PR changes functionality that users may find relevant to operating Cilium. label Jan 22, 2025
@Artyop
Copy link
Contributor Author

Artyop commented Jan 22, 2025

/ci-eks

1 similar comment
@Artyop
Copy link
Contributor Author

Artyop commented Jan 23, 2025

/ci-eks

@sayboras
Copy link
Member

/test

joamaki
joamaki approved these changes Jan 23, 2025
View reviewed changes
Copy link
Contributor

@joamaki joamaki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@joamaki joamaki marked this pull request as ready for review January 23, 2025 08:01
@joamaki joamaki requested review from a team as code owners January 23, 2025 08:01
@joamaki joamaki requested review from thorn3r and derailed January 23, 2025 08:01
@joamaki joamaki removed the release-note/minor This PR changes functionality that users may find relevant to operating Cilium. label Jan 23, 2025
@aanm aanm enabled auto-merge January 23, 2025 08:19
sayboras
sayboras approved these changes Jan 23, 2025
View reviewed changes
Copy link
Member

@sayboras sayboras left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks and lgtm 👍

@aanm aanm added this pull request to the merge queue Jan 23, 2025
Merged via the queue into cilium:main with commit 2ed2150 Jan 23, 2025
72 checks passed
@sayboras sayboras mentioned this pull request Jan 23, 2025
Merged
@sayboras sayboras added the needs-backport/1.17 This PR / issue needs backporting to the v1.17 branch label Mar 12, 2025
@Artyop Artyop added backport/1.17 This PR represents a backport for Cilium 1.17.x of a PR that was merged to main. needs-backport/1.17 This PR / issue needs backporting to the v1.17 branch and removed needs-backport/1.17 This PR / issue needs backporting to the v1.17 branch backport/1.17 This PR represents a backport for Cilium 1.17.x of a PR that was merged to main. labels Mar 12, 2025
@sayboras
Copy link
Member

It happens for 1.17, so adding the needs-backport/1.17

https://github.com/cilium/cilium/actions/runs/13810557501/job/38631004469

@YutaroHayakawa YutaroHayakawa mentioned this pull request Mar 18, 2025
Merged
13 tasks
@YutaroHayakawa YutaroHayakawa added backport-pending/1.17 The backport for Cilium 1.17.x for this PR is in progress. and removed needs-backport/1.17 This PR / issue needs backporting to the v1.17 branch labels Mar 18, 2025
@julianwiedmann julianwiedmann added the feature/ipsec Relates to Cilium's IPsec feature label Mar 19, 2025
@github-actions github-actions bot added backport-done/1.17 The backport for Cilium 1.17.x for this PR is done. and removed backport-pending/1.17 The backport for Cilium 1.17.x for this PR is in progress. labels Mar 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joamaki joamaki joamaki approved these changes

@aanm aanm aanm approved these changes

@sayboras sayboras sayboras approved these changes

@thorn3r thorn3r Awaiting requested review from thorn3r thorn3r is a code owner automatically assigned from cilium/sig-agent

@derailed derailed Awaiting requested review from derailed derailed is a code owner automatically assigned from cilium/cli

Assignees
No one assigned
Labels
backport-done/1.17 The backport for Cilium 1.17.x for this PR is done. feature/ipsec Relates to Cilium's IPsec feature release-note/ci This PR makes changes to the CI.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CI: Conformance EKS - controller daemon-validate-config is failing - Config differs
6 participants
@Artyop @sayboras @joamaki @aanm @YutaroHayakawa @julianwiedmann