Skip to content

Fix endpoints for static pods stuck in init identity#45016

Merged
julianwiedmann merged 1 commit intocilium:mainfrom
aaroniscode:static_pod_fix
Apr 1, 2026
Merged

Fix endpoints for static pods stuck in init identity#45016
julianwiedmann merged 1 commit intocilium:mainfrom
aaroniscode:static_pod_fix

Conversation

@aaroniscode
Copy link
Copy Markdown
Contributor

@aaroniscode aaroniscode commented Mar 27, 2026
edited
Loading

Static pods are represented in the API as mirror pods. The pod UID passed to CNI (K8S_POD_UID) can differ from the UID of the mirror pod in the local API-backed pod store, so the strict UID check caused FetchK8sMetadataForEndpoint to return ErrPodStoreOutdated repeatedly and left endpoints on reserved:init.

Skip the outdated-store error when the pod has the mirror pod annotation (kubernetes.io/config.mirror / corev1.MirrorPodAnnotationKey).

Please ensure your pull request adheres to the following guidelines:

  • For first time contributors, read Submitting a pull request
  • All code is covered by unit and/or runtime tests where feasible.
  • All commits contain a well written commit description including a title,
    description and a Fixes: #XXX line if the commit addresses a particular
    GitHub issue.
  • If your commit description contains a Fixes: <commit-id> tag, then
    please add the commit author[s] as reviewer[s] to this issue.
  • All commits are signed off. See the section Developer’s Certificate of Origin
  • Provide a title or release-note blurb suitable for the release notes.
  • Are you a user of Cilium? Please add yourself to the Users doc
  • Thanks for contributing!

Fixes: #34197

Fix endpoints for static pods stuck in init identity

@aaroniscode aaroniscode requested a review from a team as a code owner March 27, 2026 04:30
@aaroniscode aaroniscode requested a review from fristonio March 27, 2026 04:30
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Mar 27, 2026
@github-actions github-actions bot added the kind/community-contribution This was a contribution made by a community member. label Mar 27, 2026
@aaroniscode aaroniscode changed the title endpoint: treat mirror pod UID mismatch as valid Fix endpoints for static pods stuck in init identity Mar 27, 2026
@fristonio fristonio added release-note/misc This PR makes changes that have no direct user impact. area/agent Cilium agent related. needs-backport/1.17 This PR / issue needs backporting to the v1.17 branch needs-backport/1.18 This PR / issue needs backporting to the v1.18 branch needs-backport/1.19 This PR / issue needs backporting to the v1.19 branch labels Mar 29, 2026
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Mar 29, 2026
@fristonio
Copy link
Copy Markdown
Member

fristonio commented Mar 29, 2026

/test

@christarazi christarazi enabled auto-merge March 31, 2026 09:31
@aaroniscode
Copy link
Copy Markdown
Contributor Author

aaroniscode commented Mar 31, 2026

For the failed test, it looks unrelated to the changes in my PR. The logs report in test:

  • Check prometheus feature metrics documentation
    • "Feature metrics documentation out-of-sync".

@christarazi @fristonio what do you recommend here?

@fristonio
Copy link
Copy Markdown
Member

fristonio commented Mar 31, 2026

@aaroniscode can you rebase the PR against latest main, I think that should fix the feature metrics documentation.

@aaroniscode
endpoint: treat mirror pod UID mismatch as valid
7bd268f 
Static pods are represented in the API as mirror pods. The pod UID passed
to CNI (K8S_POD_UID) can differ from the UID of the mirror pod in the
local API-backed pod store, so the strict UID check caused
FetchK8sMetadataForEndpoint to return ErrPodStoreOutdated repeatedly and
left endpoints on reserved:init.

Skip the outdated-store error when the pod has the mirror pod annotation
(kubernetes.io/config.mirror / corev1.MirrorPodAnnotationKey).

Fixes: cilium#34197

Signed-off-by: Aaron Miller <aaron@nebius.com>
auto-merge was automatically disabled March 31, 2026 16:11

Head branch was pushed to by a user without write access

@aaroniscode
Copy link
Copy Markdown
Contributor Author

aaroniscode commented Mar 31, 2026

@fristonio I rebased on the latest main. I think it’s waiting for a maintainer to approve tests. Thanks for the rebase advice.

@fristonio
Copy link
Copy Markdown
Member

fristonio commented Mar 31, 2026

/test

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Apr 1, 2026
@julianwiedmann julianwiedmann added release-note/bug This PR fixes an issue in a previous release of Cilium. and removed release-note/misc This PR makes changes that have no direct user impact. labels Apr 1, 2026
@julianwiedmann julianwiedmann added this pull request to the merge queue Apr 1, 2026
Merged via the queue into cilium:main with commit 1f7dd16 Apr 1, 2026
80 of 83 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@christarazi christarazi christarazi approved these changes

@fristonio fristonio fristonio approved these changes

Assignees

No one assigned

Labels

area/agent Cilium agent related. kind/community-contribution This was a contribution made by a community member. needs-backport/1.17 This PR / issue needs backporting to the v1.17 branch needs-backport/1.18 This PR / issue needs backporting to the v1.18 branch needs-backport/1.19 This PR / issue needs backporting to the v1.19 branch ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/bug This PR fixes an issue in a previous release of Cilium.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Cilium Error: "metadata resolver: pod store out-of-date" for Static Pod in Kubernetes

4 participants

@aaroniscode @fristonio @christarazi @julianwiedmann