Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v1.13 backports 2023-04-20 #24999

Merged
merged 1 commit into from
Apr 21, 2023
Merged

v1.13 backports 2023-04-20 #24999

merged 1 commit into from
Apr 21, 2023

Conversation

MrFreezeex
Copy link
Member

@MrFreezeex MrFreezeex commented Apr 20, 2023
edited

Once this PR is merged, you can update the PR labels via:

$ for pr in 24835; do contrib/backporting/set-labels.py $pr done 1.13; done

@MrFreezeex
egressgw: drop traffic if no gateway is found
e8f1124 
[ upstream commit a292a75 ]

Switch to dropping traffic when no gateway are found for an egressgw
instead of the previous behavior consisting of allowing traffic without
the snat.

It also adds a new drop reason (DROP_NO_EGRESS_GATEWAY) for this specific case.

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
@MrFreezeex MrFreezeex requested review from a team as code owners April 20, 2023 10:54
@maintainer-s-little-helper maintainer-s-little-helper bot added backport/1.13 This PR represents a backport for Cilium 1.13.x of a PR that was merged to main. kind/backports This PR provides functionality previously merged into master. labels Apr 20, 2023
@github-actions github-actions bot added the kind/community-contribution This was a contribution made by a community member. label Apr 20, 2023
@MrFreezeex
Copy link
Member Author

Hi @jibi, I made the backport for the egressgw change. Hopefully it's correct 🙈 :D.

@jibi jibi self-requested a review April 20, 2023 11:24
jibi
jibi reviewed Apr 20, 2023
View reviewed changes
Copy link
Member

@jibi jibi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

whoa, thanks for taking care of this! 💯 🚀

api/v1/flow/flow.proto
@@ -353,6 +353,7 @@ enum DropReason {
NAT46 = 187;
NAT64 = 188;
AUTH_REQUIRED = 189;
NO_EGRESS_GATEWAY = 194;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we keep it sequential here?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cc @rolinh, not really sure what's better for backports

Copy link
Member

@kaworu kaworu Apr 20, 2023
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we keep it sequential here?

No we shouldn't, we need the same value as in #24835. Otherwise API consumers (e.g. Hubble CLI) could be confused as DropReason 190 would be ambiguous depending on the Cilium version, i.e. CT_NO_MAP_FOUND (Cilium v1.14+) vs NO_EGRESS_GATEWAY (Cilium v1.13).

Documentation/operations/upgrade.rst
@@ -304,6 +304,12 @@ Annotations:

.. _1.13_upgrade_notes:

1.13.3+ Upgrade Notes
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👌

kaworu
kaworu approved these changes Apr 20, 2023
View reviewed changes
Copy link
Member

@kaworu kaworu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @MrFreezeex, Hubble changes LGTM.

api/v1/flow/flow.proto
@@ -353,6 +353,7 @@ enum DropReason {
NAT46 = 187;
NAT64 = 188;
AUTH_REQUIRED = 189;
NO_EGRESS_GATEWAY = 194;
Copy link
Member

@kaworu kaworu Apr 20, 2023
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we keep it sequential here?

No we shouldn't, we need the same value as in #24835. Otherwise API consumers (e.g. Hubble CLI) could be confused as DropReason 190 would be ambiguous depending on the Cilium version, i.e. CT_NO_MAP_FOUND (Cilium v1.14+) vs NO_EGRESS_GATEWAY (Cilium v1.13).

@jibi
Copy link
Member

jibi commented Apr 20, 2023
edited by maintainer-s-little-helper bot

/test-backport-1.13

Job 'Cilium-PR-K8s-1.20-kernel-4.19' failed:

Click to show.

Test Name

K8sDatapathConfig Host firewall With VXLAN

Failure Output

FAIL: Failed to reach 192.168.56.11:80 from testclient-n8555

Jenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.20-kernel-4.19/1897/

If it is a flake and a GitHub issue doesn't already exist to track it, comment /mlh new-flake Cilium-PR-K8s-1.20-kernel-4.19 so I can create one.

Job 'Cilium-PR-K8s-1.20-kernel-4.19' failed:

Click to show.

Test Name

K8sDatapathConfig Host firewall With VXLAN

Failure Output

FAIL: Error deleting resource /home/jenkins/workspace/Cilium-PR-K8s-1.20-kernel-4.19/src/github.com/cilium/cilium/test/k8s/manifests/host-policies.yaml: Cannot retrieve cilium pod cilium-r5xqv policy revision: cannot get the revision

Jenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.20-kernel-4.19/1898/

If it is a flake and a GitHub issue doesn't already exist to track it, comment /mlh new-flake Cilium-PR-K8s-1.20-kernel-4.19 so I can create one.

@jibi
Copy link
Member

jibi commented Apr 20, 2023
edited by maintainer-s-little-helper bot

/mlh new-flake Cilium-PR-K8s-1.20-kernel-4.19

👍 created #25014

@jibi
Copy link
Member

jibi commented Apr 21, 2023

/test-1.20-4.19

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Apr 21, 2023
@aanm aanm merged commit 568dd81 into cilium:v1.13 Apr 21, 2023
60 of 61 checks passed
@thorn3r thorn3r mentioned this pull request May 17, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jibi jibi jibi approved these changes

@kaworu kaworu kaworu approved these changes

@nathanjsweet nathanjsweet nathanjsweet approved these changes

@rolinh rolinh rolinh approved these changes

@ldelossa ldelossa ldelossa approved these changes

Assignees
No one assigned
Labels
backport/1.13 This PR represents a backport for Cilium 1.13.x of a PR that was merged to main. kind/backports This PR provides functionality previously merged into master. kind/community-contribution This was a contribution made by a community member. ready-to-merge This PR has passed all tests and received consensus from code owners to merge.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@MrFreezeex @jibi @kaworu @nathanjsweet @rolinh @ldelossa @aanm