Conversation
|
/test-backport-1.10 |
|
/test-backport-1.10 |
|
/ci-aks-1.10 |
|
/test-1.17-4.9 |
|
/test-1.18-4.9 |
|
/test-1.19-4.9 |
|
ConformanceEKS run failed during initialization (waiting for services to become ready) after reinstalling with encryption. I'll kick each of these, hopefully there isn't breakage introduced into the v1.10 tree. |
|
/ci-eks-1.10 |
|
/test-1.17-4.9 |
|
/test-1.19-4.9 |
|
Seems like there's something that needs investigation here in regards to the ConformanceEKS action. The other flaky tests are also making me nervous. Not planning to merge this before the upcoming release. @cilium/tophat , please investigate. |
[ upstream commit 76e3aac ] error message: panic: descriptor Desc{fqName: "cilium_operator_alibaba-cloud_api_duration_seconds", help: "Duration of interactions with API", constLabels: {}, variableLabels: [operation response_code]} is invalid: "cilium_operator_alibaba-cloud_api_duration_seconds" is not a valid metric name Signed-off-by: Jaff Cheng <jaff.cheng.sh@gmail.com> Signed-off-by: Maciej Kwiek <maciej@isovalent.com>
[ upstream commit 842f6c8 ] Currently, cilium-agent using alibaba ipam mode doesn't respect pre-allocate configuration from CNI config file when creating ciliumnode resource, and the value of pre-allocate is always the default value 8. This patch makes this option configurable via CNI config. Signed-off-by: Jaff Cheng <jaff.cheng.sh@gmail.com> Signed-off-by: Maciej Kwiek <maciej@isovalent.com>
To prevent situations in which the GKE node is forcibly stopped and re-created from causing unmanaged pods, and building on the observation that the node comes back with the same name and pods are already scheduled there, we change the recommended taint effect from NoSchedule to NoExecute, to cause any previously scheduled pods to be evicted, preventing them from getting IPs assigned by the default CNI. This should not impact other environments due to the nature of 'NoExecute', so we recommend it everywhere. [ upstream commit b049574 ] Signed-off-by: Bruno Miguel Custódio <brunomcustodio@gmail.com> Co-authored-by: Tam Mach <sayboras@yahoo.com>
The changes that we have been doing to /etc/defaults/kubelet are reset on node reboots, as is apparently the whole /etc directory --- which also means that /etc/cni/net.d/05-cilium.conf is removed. This would not be a problem if the assumption we made that the node taint we recommend placing on the nodes would come back upon reboots held true, but in practice it doesn't. Besides this, it seems that containerd will re-instante its CNI configuration file, and it will do so way before Cilium has had the chance to re-run on the node and re-create its CNI configuration, causing pods to be assigned IPs by the default CNI rather than by Cilium in the meantime. This commit attempts at preventing that from happening by observing that /home/kubernetes/bin/kubelet (i.e. the actual kubelet binary) is kept between reboots and executed concurrently with containerd by systemd. We leverage on this empirical observation to replace this file kubelet with a wrapper script that, under the required conditions, disables containerd, patches its configuration, removes undesired CNI configuration files, re-enables containerd and becomes the kubelet. [ upstream commit 36585e4 ] Signed-off-by: Bruno Miguel Custódio <brunomcustodio@gmail.com> Co-authored-by: Alexandre Perrin <alex@kaworu.ch> Co-authored-by: Chris Tarazi <chris@isovalent.com>
d741308 to
0be8727
Compare
|
Taking over. |
|
/test-backport-1.10 |
|
Previous run hit a timeout: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.18-kernel-4.9/1927/. |
|
Previous run hit a timeout: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.20-kernel-4.19/1723/. |
Given the changes in this PR affect Alibaba IPAM and GKE, it's unlikely any of these CI jobs would be affected anyway. Reviews are in. Marking ready to merge. |
Once this PR is merged, you can update the PR labels via:
or with