Skip to content

v1.17 Backports 2025-05-28 #39765

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 28, 2025
Merged

v1.17 Backports 2025-05-28 #39765

merged 2 commits into from
May 28, 2025

Conversation

viktor-kurchenko
Copy link
Contributor

@viktor-kurchenko viktor-kurchenko commented May 28, 2025
edited by tklauser
Loading

dylandreimerink and others added 2 commits May 28, 2025 12:27
@dylandreimerink @viktor-kurchenko
pkg/endpoint: Store and restore parentIfIndex
b16c042 
[ upstream commit 0b6adf6 ]

In #35298 endpoints got the parentIfIndex field to store the parent
interface index, which is used to ensure endpoint traffic is routed
out of the parent interface when set.

This interface index is given to the agent by the CNI plugin and stored
in the endpoint object. However, when the agent is restarted, it has
to restore endpoint state from disk. The parentIfIndex field was not
being stored or restored, so after a restart the parentIfIndex would be
set to 0, which would cause the agent to not route traffic out of the
parent interface.

This commit adds the parentIfIndex field to the endpoint state
serialization and deserialization process, so that it is stored and
restored correctly.

Signed-off-by: Dylan Reimerink <dylan.reimerink@isovalent.com>
Signed-off-by: viktor-kurchenko <viktor.kurchenko@isovalent.com>
@squeed @viktor-kurchenko
policy/api: fix CIDRRule expansion of 0.0.0.0/0 to reserved:world
094e3a6 
[ upstream commit 9f73dd2 ]

When converting a CIDR match to labels, we expand the zero-prefix
(0.0.0.0/0) match to both the cidr and the `reserved:world` label. (This
is because the world identities don't have CIDR labels.) However, a
refactor broke this for CIDRRule entries, which should otherwise work
the same.

Fixes: 481ed87
Fixes: #39656

Signed-off-by: Casey Callendrello <cdc@isovalent.com>
Signed-off-by: viktor-kurchenko <viktor.kurchenko@isovalent.com>
@viktor-kurchenko viktor-kurchenko added kind/backports This PR provides functionality previously merged into master. backport/1.17 This PR represents a backport for Cilium 1.17.x of a PR that was merged to main. labels May 28, 2025
@viktor-kurchenko viktor-kurchenko marked this pull request as ready for review May 28, 2025 10:46
@viktor-kurchenko viktor-kurchenko requested a review from a team as a code owner May 28, 2025 10:46
@viktor-kurchenko
Copy link
Contributor Author

/test

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label May 28, 2025
@tklauser tklauser added this pull request to the merge queue May 28, 2025
Merged via the queue into v1.17 with commit 563e3d4 May 28, 2025
288 checks passed
@tklauser tklauser deleted the pr/v1.17-backport-2025-05-28-12-27 branch May 28, 2025 13:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@squeed squeed squeed approved these changes

@dylandreimerink dylandreimerink dylandreimerink approved these changes

Assignees
No one assigned
Labels
backport/1.17 This PR represents a backport for Cilium 1.17.x of a PR that was merged to main. kind/backports This PR provides functionality previously merged into master. ready-to-merge This PR has passed all tests and received consensus from code owners to merge.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@viktor-kurchenko @squeed @dylandreimerink @tklauser