10000 v1.13 backports 2023-01-24 by sayboras · Pull Request #23284 · cilium/cilium · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

v1.13 backports 2023-01-24 #23284

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Jan 24, 2023
Merged

v1.13 backports 2023-01-24 #23284

merged 9 commits into from
Jan 24, 2023

Conversation

sayboras
Copy link
Member
@sayboras sayboras commented Jan 24, 2023
edited
Loading

Once this PR is merged, you can update the PR labels via:

$ for pr in 22864 23058 23171 23178 23167 23057 22921 22662 22974; do contrib/backporting/set-labels.py $pr done 1.13; done

lambdanis and others added 9 commits January 24, 2023 22:11
@lambdanis @sayboras
hubble: Rate limit "hubble events queue is full" logs
b4ed4a6 
[ upstream commit 58449da ]

These messages are reported to be very noisy in some environments, where hubble
can't keep up with the load (e.g. frequent traffic bursts). There are also
equally noisy "hubble events queue is processing messages again" messages. We
consider the queue "back to normal" after only one event is received, but then
it's full again and another line is logged.

This patch mitigates the issue by:
* simply rate limiting the "queue is full" logs
* reducing the level of "N messages were lost" logs from warning to info

Fixes cilium#19202

Signed-off-by: Anna Kapuscinska <anna@isovalent.com>
Signed-off-by: Tam Mach <tam.mach@cilium.io>
@sayboras
contrib: Update PR template for backport
32e2147 
[ upstream commit 21efbd2 ]

This is just to use check box so that individual reviewer can just tick
after review. IMO, this is helpful for a few cases:

- Backport with long list of commits, e.g. cilium#23001. Tophat can quickly
  check which one is pending.
- Backport with commits from external contributor. Tophat can easily and
  quickly focus on these commits and review again if required.

Signed-off-by: Tam Mach <tam.mach@cilium.io>
@brb @sayboras
gh/workflows: Disable BPF masq in ci-datapath
436d7d8 
[ upstream commit 4f57c6a ]

It seems to be broken in the direct routing mode. Disable for now in all
configurations.

Signed-off-by: Martynas Pumputis <m@lambda.lt>
Signed-off-by: Tam Mach <tam.mach@cilium.io>
@sayboras
helm: Document debug.verbose option
253ee01 
[ upstream commit 0960097 ]

This is just to avoid looking up in the code to find available options.

Signed-off-by: Tam Mach <tam.mach@cilium.io>
@lizrice @qmonnet
@pchaigno @sayboras
docs: add egress troubleshooting
41a4331 
[ upstream commit 6bb1173 ]

Signed-off-by: Liz Rice <liz@lizrice.com>
Co-authored-by: Quentin Monnet <quentin@isovalent.com>
Co-authored-by: Paul Chaignon <paul@cilium.io>
Signed-off-by: Tam Mach <tam.mach@cilium.io>
@brb @sayboras
metrics: Remove unused ARP ping metrics
4b0ed70 
[ upstream commit 5106342 ]

794ce34 ("neigh: Rework ARP handling to let the kernel do the
resolution") removed the manual arpings which made the metrics obsolete.

Signed-off-by: Martynas Pumputis <m@lambda.lt>
Signed-off-by: Tam Mach <tam.mach@cilium.io>
@Shunpoco @sayboras
Modify helm chart: delete validations for certManagerIssuerRef
bbdc32b 
[ upstream commit bc2ed14 ]

Because the helm chart generates cert manager issuers and attaches them
to certificates, we have to remove validations which fail if we don't
specify certManagerIssuerRef.

Fixes: cilium#22784

Signed-off-by: Shunsuke Tokunaga <tkngsnsk313320@gmail.com>
Signed-off-by: Tam Mach <tam.mach@cilium.io>
@24601 @sayboras
fix(docs): fix websocket annotation value
a9afe62 
[ upstream commit b5f4fd7 ]

While the actual code uses `0` and `1` as scalars for internal implementation of enabled or disabled flags for WebSockets, these values are only used internally, and the documentation is misleading in directing the user to use these values as the value of the annotation, when they must be the actual strings `enabled` or `disabled` that are mapped by the actual code at runtime.

Exposing this internal implementation detail not only is vulnerable to internal implementation changes by a developer assuming no user will see this, but also is very misleading to users. We struggled for hours to enable Websockets because the documentation noted '0' as the value for disabled, only until we went to the actual source code to see the code path taken did we see the `enable|disable` strings.

Signed-off-by: Basit Mustafa <basit.mustafa@gmail.com>
Signed-off-by: Tam Mach <tam.mach@cilium.io>
@sayboras
ingress: Support NodePort for dedicated Ingress
7322669 
[ upstream commit dc70484 ]

This commit is to support NodePort service in dedicated mode. Shared
service NodePort can be configured via helm as per cilium#22583.

Relates: cilium#22583
Signed-off-by: Tam Mach <tam.mach@cilium.io>
@sayboras sayboras requested review from a team as code owners January 24, 2023 11:13
@sayboras sayboras requested a review from nbusseneau January 24, 2023 11:13
@sayboras sayboras added backport/1.13 kind/backports This PR provides functionality previously merged into master. labels Jan 24, 2023
@sayboras sayboras requested review from brb, lambdanis and lizrice January 24, 2023 11:13
@sayboras
Copy link
Member Author
sayboras commented Jan 24, 2023
edited by maintainer-s-little-helper bot
Loading

/test-backport-1.13

Job 'Cilium-PR-K8s-1.22-kernel-4.9' has 1 failure but they might be new flake since it also hit 1 known flake: #20723 (87.02)

Job 'Cilium-PR-K8s-1.19-kernel-4.9' failed:

Click to show.

Test Name

K8sDatapathServicesTest Checks E/W loadbalancing (ClusterIP, NodePort from inside cluster, etc) Checks service on same node

Failure Output

FAIL: Unable to restart unmanaged pods with 'kubectl -n kube-system delete pods coredns-7c74c644b-spckg': Exitcode: 1

If it is a flake and a GitHub issue doesn't already exist to track it, comment /mlh new-flake Cilium-PR-K8s-1.19-kernel-4.9 so I can create one.

Job 'Cilium-PR-K8s-1.19-kernel-4.9' failed:

Click to show.

Test Name

K8sAgentIstioTest Istio Bookinfo Demo Tests bookinfo inter-service connectivity

Failure Output

FAIL: Found 1 io.cilium/app=operator logs matching list of errors that must be investigated:

If it is a flake and a GitHub issue doesn't already exist to track it, comment /mlh new-flake Cilium-PR-K8s-1.19-kernel-4.9 so I can create one.

@maintainer-s-little-helper maintainer-s-little-helper bot mentioned this pull request Jan 24, 2023
Closed
@sayboras
Copy link
Member Author

/test-1.19-4.9

@sayboras
Copy link
Member Author

/test-1.22-4.9

@dylandreimerink dylandreimerink mentioned this pull request Jan 24, 2023
Merged
@sayboras
Copy link
Member Author

https://jenkins.cilium.io/job/Cilium-PR-K8s-1.19-kernel-4.9/2533/ failure is related to #23174

@aanm aanm merged commit 7ce7c22 into cilium:v1.13 Jan 24, 2023
@sayboras sayboras deleted the pr/v1.13-backport-2023-01-24 branch January 24, 2023 22:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lambdanis lambdanis lambdanis approved these changes

@nbusseneau nbusseneau nbusseneau approved these changes

@brb brb Awaiting requested review from brb

@lizrice lizrice Awaiting requested review from lizrice

Assignees
No one assigned
Labels
kind/backports This PR provides functionality previously merged into master.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@sayboras @lambdanis @nbusseneau @aanm @brb @lizrice @Shunpoco @24601
0