v1.13 Backports 2023-04-05 #24758
Merged
v1.13 Backports 2023-04-05 #24758
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ upstream commit 9629343 ] This commit is to make sure that if there is any changes in namespace mentioned in gateway.spec.listener[*].allowRoutes, the reconciliation loop should kick off for Gateway resource. For example, the namespace label can be added to be included or excluded from what mentioned in gateway.spec.listener[*].allowRoutes. Signed-off-by: Tam Mach <tam.mach@cilium.io> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit 4aa6911 ] If we can read "procfs" the user will not the reason for it. We should log the error as well. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit 60bb0ea ] BPFSocketLBHostnsOnly is outputted in the Kube Proxy Replacement section in cilium status --verbose: $ cilium status --verbose [...] KubeProxyReplacement Details: [...] Socket LB Coverage: Hostns-only [...] Fixes: #24160 Signed-off-by: Roman Ptitcyn <romanspb@yahoo.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit 2f9850c ] The upgradeCompatability should always be set to the first version that the user installed in order to assume the Helm defaults that were in place during that release. Tracking each version here initially would provide confirmation for users in order to pick a valid version. Except that we forgot to keep it up to date with each release. Drop the examples to reduce user confusion. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
jibi
added
the
kind/backports
jibi
added
the
backport/1.13
sayboras
approved these changes
Apr 5, 2023
squeed
approved these changes
Apr 5, 2023
aanm
approved these changes
Apr 5, 2023
[ upstream commit 89a1936 ] The restore code attempts to reconcile datapath state with the userspace state post agent restart. Bailing out early on failures prevents any remediation from happening, so log any errors. Follow-up commits will try to handle leaked backends in the cluster if any. Signed-off-by: Aditi Ghag <aditi@cilium.io> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit ebe2b55 ] The restore logic attempts to reconcile datapath state with the userspace post agent restart. Previously, it first restored backends from the `lb4_backends` map before restoring service entries from the `lb4_services` map. If there were error scenarios prior to agent restart (for example, backend map full because of leaked backends), the logic would fail to restore backends currently referenced in the services map (and as a result, selected for load-balancing traffic). This commit prioritizes restoring service entries followed by backend entries. Follow-up commit handles error cases such as leaked backends by keeping track of backends retrieved from restoration of service entries, and then using that to subsequently restore backends. Signed-off-by: Aditi Ghag <aditi@cilium.io> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit 5311f81 ] In certain error scenarios, backends can be leaked, where they were deleted from the userspace state, but left in the datapath backends map. To reconcile datapath and userspace, identify such backends that were created with different IDs but same L3n4Addr hash. This commit builds up on previous commits that don't bail out on such error conditions (e.g., backend IDs mismatch during restore), and tracks backends that are currently referenced in service entries restored from the lb4_services map to restore backend entries. Furthermore, it uses the tracked state to delete any duplicate backends that were previously leaked. Fixes: b79a4a5 (pkg/service: Gracefully terminate service backends) Signed-off-by: Aditi Ghag <aditi@cilium.io> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
|
Looks good for my changes. Thanks a lot! |
|
/test-backport-1.13 Job 'Cilium-PR-K8s-1.24-kernel-5.4' failed: Click to show.Test NameFailure OutputJenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.24-kernel-5.4/1624/ If it is a flake and a GitHub issue doesn't already exist to track it, comment Job 'Cilium-PR-K8s-1.26-kernel-net-next' failed: Click to show.Test NameFailure OutputJenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.26-kernel-net-next/1678/ If it is a flake and a GitHub issue doesn't already exist to track it, comment |
nathanjsweet
approved these changes
Apr 5, 2023
|
/test-1.24-5.4 |
|
/test-1.26-net-next |
jibi
added
the
ready-to-merge
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Once this PR is merged, you can update the PR labels via:
or with