v1.15 Backports 2024-02-08 #30681
Merged
v1.15 Backports 2024-02-08 #30681
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ upstream commit c861392 ] This commit updates upload-artifact github action version from v3.1.3 hash a8a3f3ad30e3422c9c7b888a15615d19a852ae32 to v4.3.0 hash 26f96dfa697d77e81fd5907df203aa23a56210a8 Signed-off-by: Birol Bilgin <birol@cilium.io> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
nbusseneau
added
kind/backports
nbusseneau
requested review from
brlbil,
julianwiedmann,
giorio94,
christarazi,
chaunceyjiang,
pippolo84,
hemanthmalla and
tklauser
[ upstream commit f017062 ] This commit migrates upload-artifact github action from v3 to v4 With version 4 artifacts are immutable so consequent uploads with the same artifact name fail. The artifact's names changes to be unique. Also, to combine all artifacts merge-upload job is added. This job downloads, merges, and uploads the merged artifact. All temporary artifacts are deleted. Signed-off-by: Birol Bilgin <birol@cilium.io> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit deecf2e ] github.event.pull_request.labels contains an array of objects that describe various attributes of each label attached to the PR. An example is the following from the GitHub docs: "labels": [ { "id": 208045946, "node_id": "MDU6TGFiZWwyMDgwNDU5NDY=", "url": "https://api.github.com/repos/octocat/Hello-World/labels/bug", "name": "bug", "description": "Something isn't working", "color": "f29513", "default": true } ] (see https://docs.github.com/en/rest/pulls/pulls?apiVersion=2022-11-28#get-a-pull-request) Being a JSON object, we cannot collect all the names of the labels in a list with a '*' wildcard. Instead, the commit fixes the workflow first copying the labels JSON array in an env variable and then using jq to get all the labels names. Fixes: 7fc78e9 ("ci: Add a call to the update label backport action") Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit ed26b07 ] AWS SDK now returns a dedicated error code to indicate the scenario where a subnet is out of capacity for /28 prefixes. This commit updates the fallback logic. The existing fallback logic does not work anymore since the code changed from InvalidParameterValue to InsufficientCidrBlocks Reported-by: Benjamin Pineau <benjamin.pineau@datadoghq.com> Signed-off-by: Hemanth Malla <hemanth.malla@datadoghq.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit bde37df ] Like in other GitHub actions workflows triggered by Ariane, mention the trigger phrase in the workflow name. Signed-off-by: Tobias Klauser <tobias@cilium.io> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 2823114 ] ci-verifier uses the lvh complexity-test image, not the kind image. Adjust the dependency accordingly. Signed-off-by: Julian Wiedmann <jwi@isovalent.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit bd67597 ] b20038e ("gha: explicilty specify beefier runner type for clustermesh workflows") explicitly configured beefier runners for clustermesh workflows, as they require more power to host two multi-node kind clusters. However, this change turned out to have unexpected billing consequences, even though GitHub recently upgraded [1] the default runners for OSS projects to 4 vCPU and 16GiB of RAM (the same specs of the runner which had been configured). Hence, let's revert this change, and instead make the runner type configurable through an environment variable. This will also make it easier to change the runner type in the future, if needed. [1]: https://github.blog/2024-01-17-github-hosted-runners-double-the-power-for-open-source/ Fixes: b20038e ("gha: explicilty specify beefier runner type for clustermesh workflows") Suggested-by: André Martins <andre@cilium.io> Signed-off-by: Marco Iorio <marco.iorio@isovalent.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 2c29d8f ] Currently, cloud regions for schedule tests are all over the world. The observation is tests in or close to us regions takes significatly less time than other regions. This causes some of tests being canceled due to timeouts. This commit changes regions to only US or closest regions. Signed-off-by: Birol Bilgin <birol@cilium.io> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit bbe1a0a ] The logic for Insert() was duplicated inside addDependentOnEntry(), so call Insert() instead of repeating the logic for insertion. Signed-off-by: Chris Tarazi <chris@isovalent.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 3f523d3 ] This commit refactors the mapstate insertion code such that it ensures the underlying map is initialized before inserting. The idea is to prevent the following error message: ``` panic: assignment to entry in nil map ``` which was exposed by the FuzzDenyPreferredInsert fuzz test.[1] Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63091 [1]: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63091 Signed-off-by: Chris Tarazi <chris@isovalent.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 92c2641 ] Signed-off-by: chaunceyjiang <chaunceyjiang@gmail.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit a1089a7 ] Currently, BPF masquerade was always disabled in the clustermesh E2E tests due to unintended interactions with Docker iptables rules breaking DNS resolution [1]. Instead, let's explicitly configure external upstream DNS servers for coredns, so that we can also enable this feature when KPR is enabled. While being there, let's also make the KPR setting explicit, instead of relying on the Cilium CLI configuration (which is based on whether the kube-proxy daemonset is present or not). [1]: #23283 Signed-off-by: Marco Iorio <marco.iorio@isovalent.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit a84ff21 ] On kernels without HAVE_FIB_IFINDEX, we need to consider that a FIB lookup with BPF_FIB_LKUP_RET_NO_NEIGH doesn't return a valid fib_params.l.ifindex (see d1c362e1dd68 ("bpf: Always return target ifindex in bpf_fib_lookup")). Instead: - for the redirect in to-netdev, we exit on the current interface. - for the redirect in from-overlay, we route via the stack. Signed-off-by: Julian Wiedmann <jwi@isovalent.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 840cc57 ] When the FIB lookup in to-netdev returns the same ifindex as the current interface, we want to skip the redirect. But that doesn't apply for the lookup in from-overlay - here we *always* need to redirect to the selected interface. As we previously handled the !is_defined(HAVE_FIB_IFINDEX) case, we can pass oif = 0 and trust that fib_do_redirect() will always use the ifindex from the fib_params. Signed-off-by: Julian Wiedmann <jwi@isovalent.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 51b3076 ] Signed-off-by: gailsuccess <157372272+gailsuccess@users.noreply.github.com>
nbusseneau
force-pushed
the
pr/v1.15-backport-2024-02-08
branch
from
52e558a
to
9c69a7b
Compare
|
/test-backport-1.15 |
|
The expected All testing has passed, awaiting for reviews now. |
tklauser
approved these changes
Feb 8, 2024
julianwiedmann
approved these changes
Feb 8, 2024
brlbil
approved these changes
Feb 8, 2024
|
This should be ready to merge as soon as reviews are in. |
hemanthmalla
approved these changes
Feb 8, 2024
sayboras
added
the
ready-to-merge
|
Most of the reviews are in, marking this ready to merge. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
FuzzDenyPreferredInserttest #30368 (@christarazi)Once this PR is merged, a GitHub action will update the labels of these PRs: