-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v1.13 backports 2023-06-02 #25855
v1.13 backports 2023-06-02 #25855
Conversation
d11258e
to
e5a79d9
Compare
/test-backport-1.13 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My PRs look good. Thanks Tam!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
c0e721b lgtm
/test-runtime |
[ upstream commit e93fdd8 ] Once we have a sysdump in the test artifacts a lot of files we collect will become duplicates. This commit however doesn't remove all those duplicate files from the test artifacts. Let's wait a bit and confirm the sysdump collection always work before cleaning things up. The sysdump collection was tested by making a test fail on purpose. Signed-off-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Tam Mach <tam.mach@cilium.io>
[ upstream commit 37ae7d9 ] This really should be a semicolon ... Signed-off-by: Julian Wiedmann <jwi@isovalent.com> Signed-off-by: Tam Mach <tam.mach@cilium.io>
[ upstream commit 8531c5a ] The Cilium agent has been throwing the 'Auto-disabling "enable-bpf-clock-probe" feature since kernel doesn't expose /proc/timer_list' warning for a while now. Since /proc/timer_list is not available under the default k8s SecurityContext and Docker also masks the file by default, read it from /proc/schedstat instead. Reuse the existing parsing code from probes.KernelHZ to obtain the value. Signed-off-by: Timo Beckers <timo@isovalent.com> Signed-off-by: Tam Mach <tam.mach@cilium.io>
[ upstream commit 5c9b66c ] Upgrading this image is not automated yet. Ref: cilium#25773 Ref: cilium/image-tools#218 Ref: https://quay.io/repository/cilium/startup-script?tab=tags Signed-off-by: Michi Mutsuzaki <michi@isovalent.com> Signed-off-by: Tam Mach <tam.mach@cilium.io>
[ upstream commit c05e6a4 ] Change introduced 0e20d30 in order to provide workaround fix for flake can panic depending on the order which tests are run if the deploymentManager is not setup with a kubectl object. k8s/services already deploys Cilium with the hostfirewall enabled, so this moves installing Cilium out of the host-few preparation step and defers that to the caller (such as in datapath_configuration). As well, this was causing failures with hostfw K8sServices test because the deploymentManager Cilium install procedure is more strict regarding the ensure the liveness of Agents health endpoints. Signed-off-by: Tom Hadlaw <tom.hadlaw@isovalent.com> Signed-off-by: Tam Mach <tam.mach@cilium.io>
[ upstream commit 6c81859 ] It's currently possible to enable BPF Host Routing with KPR=partial if masquerading is disabled. If masquerading is enabled, then we will require it to be BPF masquerading, which itself requires KPR. But if masquerading is disabled, then we currently don't have a check that prevents KPR=partial from being enabled at the same time as BPF Host Routing. Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com> Signed-off-by: Tam Mach <tam.mach@cilium.io>
e5a79d9
to
2154233
Compare
/test-backport-1.13 |
The conflict is very minimal #25795, most of the reviews are in, CIs are green as well ✔️. Marking this ready to merge. |
Skipped due to major conflicts:
Slim down Node handler interface #25450 -- Slim down Node handler interface (@bimmlerd)wireguard, linuxnodehandler: untangle WireGuard agent from the linux node handler #25419 -- wireguard, linuxnodehandler: untangle WireGuard agent from the linux node handler (@bimmlerd)Once this PR is merged, you can update the PR labels via: