-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v1.13 Backports 2023-07-17 #26861
v1.13 Backports 2023-07-17 #26861
Conversation
…EKS ENI mode [ upstream commit ff59a03 ] Signed-off-by: Deepesha Burse <deepesha.3007@gmail.com> Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
[ upstream commit d242b88 ] This issue was resolved and the fix shipped in v1.13.3. Signed-off-by: Casey Callendrello <cdc@isovalent.com> Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
[ upstream commit bbdad5d ] This commit is to make sure that users can have option to disable node port allocation for LB service used by Ingress. https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation Signed-off-by: Tam Mach <tam.mach@cilium.io> Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
…cation [ upstream commit b9ec2aa ] Go 1.20.6 added a security fix [1] which leads to stricter sanitization of the HTTP host header in the net/http client. Cilium's pkg/client currently sets the Host header to the UDS path (e.g. /var/run/cilium/cilium.sock), however the slashes in that Host header now lead net/http to reject it. RFC 7230, Section 5.4 states [2]: > If the authority component is missing or undefined for the target URI, > then a client MUST send a Host header field with an empty field-value. The authority component is undefined for the unix:// scheme. Thus, the correct value to use would be the empty string. However, this does not work due to OpenAPI runtime using the same value for the URL's host and the http client's host header. Thus, use a dummy value "localhost". [1] https://go.dev/issue/60374 [2] https://datatracker.ietf.org/doc/html/rfc7230#section-5.4 Signed-off-by: Tobias Klauser <tobias@cilium.io> Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
[ upstream commit ce9d4b9 ] jobs.<job>.env.job_name should be the same as the job name. Thus, adding the field 'name' to the job will make sure that connectivity tests junit test results are stored in bigquery for lookerstudio visualization. Fixes: 12d7643 ("ci/workflows: add junit reports upload") Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
[ upstream commit 39a9def ] The limitation on the number of nodes in the cluster when using IPsec applies to clustermeshes as well and is the total number of nodes. This limitation arises from the use of the node IDs, which are encoded on 16-bits. Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com> Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My PR looks good. Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My change looks good, thanks Sebastian.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks a lot and lgtm 🥇
/test-backport-1.13 Job 'Cilium-PR-K8s-1.24-kernel-4.19' failed: Click to show.Test Name
Failure Output
Jenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.24-kernel-4.19/85/ If it is a flake and a GitHub issue doesn't already exist to track it, comment Then please upload the Jenkins artifacts to that issue. |
Travis timed out. Restarting. https://app.travis-ci.com/github/cilium/cilium/jobs/606163249 |
Travis hit #26873 Edit: This requires an additional upstream commit to be pulled in to fix. |
/test-1.24-4.19 |
All required tests besides Travis have passed. Travis will not become green on this branch, as it needs follow-up fixes. Only missing review is for a 3 line docs change form Casey who is out today. Marking ready to merge. |
PRs skipped due to conflicts:
Once this PR is merged, you can update the PR labels via:
or with