Skip to content

v1.9 backports 2022-02-22#18892

Merged
joestringer merged 2 commits intocilium:v1.9from
jrajahalme:pr/v1.9-backport-2022-02-22
Feb 23, 2022
Merged

v1.9 backports 2022-02-22#18892
joestringer merged 2 commits intocilium:v1.9from
jrajahalme:pr/v1.9-backport-2022-02-22

Conversation

@jrajahalme
Copy link
Copy Markdown
Member

@jrajahalme jrajahalme commented Feb 22, 2022
edited
Loading

Once this PR is merged, you can update the PR labels via:

$ for pr in 18748 18899; do contrib/backporting/set-labels.py $pr done 1.9; done

@jrajahalme
envoy: Update to release 1.21.0
265c50f 
[ upstream commit 28f0dae ]

[ Backporter's notes: Dropped all Envoy API changes,
  adapted BPF TPROXY compatibility to the older API. ]

Envoy Go API is updated to contain the generated validation code.

Envoy image is updated to support the new EndpointId option for the
bpf_metadata listener filter. NPDS field 'Policy' is renamed as
'EndpointID'. 'Policy' field was not used for anything, so might as
well recycle it while this API is not yet public.

Envoy retries may fail on "address already in use" when the original
source address and port are used on upstream connections. Cilium
typically does this in the egress proxy listeners. Fix this by using a
Cilium Envoy build that always sets SO_REUSEADDR when original source
address and port is used.

Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>

Revert "envoy: Update to release 1.21.0"

This reverts commit 377dec2d4eca3f239ff6c72f85b3e9fb9c466d21.
Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
@jrajahalme jrajahalme added kind/backports This PR provides functionality previously merged into master. backport/1.9 labels Feb 22, 2022
@jrajahalme jrajahalme requested a review from a team as a code owner February 22, 2022 20:42
@jrajahalme
Copy link
Copy Markdown
Member Author

jrajahalme commented Feb 22, 2022

/test-backport-1.9

@jrajahalme
envoy: Update to 1.21.1
d5fea80 
[ upstream commit 571a484 ]

Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
@jrajahalme jrajahalme force-pushed the pr/v1.9-backport-2022-02-22 branch from 48a335c to d5fea80 Compare February 23, 2022 02:21
@jrajahalme
Copy link
Copy Markdown
Member Author

jrajahalme commented Feb 23, 2022
edited by maintainer-s-little-helper bot
Loading

/test-backport-1.9

Job 'Cilium-PR-K8s-1.12-net-next' failed:

Click to show.

Test Name

K8sServicesTest Checks service across nodes Tests NodePort BPF Tests with direct routing With host policy Tests NodePort

Failure Output

FAIL: Can not connect to service "http://192.168.36.11:30270" from outside cluster

If it is a flake and a GitHub issue doesn't already exist to track it, comment /mlh new-flake Cilium-PR-K8s-1.12-net-next so I can create one.

@joestringer
Copy link
Copy Markdown
Member

joestringer commented Feb 23, 2022

runtime-kernel-4.9 timed out while starting up Cilium. Might be a real issue? I'll re-kick it.
k8s-upstream timed out while pulling VM images.
k8s-1.12-kernel-netnext hit #13853.

@joestringer
Copy link
Copy Markdown
Member

joestringer commented Feb 23, 2022

/test-runtime-4.9

@joestringer
Copy link
Copy Markdown
Member

joestringer commented Feb 23, 2022

On second look at the failed runtime run, it failed suspiciously at 20 minutes so I'm suspecting timeouts again. I don't know the underlying cause of the timeouts issue though.

@joestringer
Copy link
Copy Markdown
Member

joestringer commented Feb 23, 2022

I don't know why, but in the runtime CI it seems to report issues running Envoy:

https://jenkins.cilium.io/job/Cilium-PR-Runtime-4.9/5693/execution/node/92/log/

11:35:16      runtime: Feb 23 19:35:14 runtime cilium-agent[21324]: level=info msg="Cilium 1.9.12 cc7220091f 2022-02-23T02:21:27+00:00 go version go1.16.5 linux/amd64" subsys=daemon
11:35:16      runtime: Feb 23 19:35:14 runtime cilium-agent[21324]: level=fatal msg="Envoy: Binary \"cilium-envoy\" cannot be executed" error="exit status 1" subsys=envoy-manager

@joestringer
Copy link
Copy Markdown
Member

joestringer commented Feb 23, 2022

^^ I'm assuming that the above runtime issue is something weird about the runtime test deployment approach, as this doesn't affect any of the other runs which use a more typical k8s deployment model. In order to unblock the security release, I'll merge this as-is but this likely needs followup to fix the runtime job on this v1.9 branch @jrajahalme . Maybe something to do with how Envoy gets run in that environment.

@joestringer joestringer merged commit 4274343 into cilium:v1.9 Feb 23, 2022
This was referenced Feb 23, 2022
Closed
Merged
@jrajahalme
Copy link
Copy Markdown
Member Author

jrajahalme commented Feb 23, 2022

/test-runtime-4.9

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

kind/backports This PR provides functionality previously merged into master.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jrajahalme @joestringer