v1.17 Backports 2025-02-14 #37648
Merged
v1.17 Backports 2025-02-14 #37648
+786
−389
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ upstream commit 8c29ef9 ] In some cases, base images may not be built, which blocks protobuf API regeneration. To address this, the API generation step is merged with the "commit changes" step, and the dependency on base images being built is removed. This ensures that Renovate PRs consistently recreate the API code. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 018ed47 ] Signed-off-by: saiaunghlyanhtet <saiaunghlyanhtet2003@gmail.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 79f7d1a ] This commit : 1. Replace CILIUM_RUNTIME_IMAGE variable set in cilium images (cf. Dockerfiles) with the cilium-runtime image variable set in set-env-var action. 2. Changes the sed commands present in images/runtime/update-cilium-runtime-images.sh : - Changing the way the image variable is set inside the script. Before that the image was a constant, now it will be extracted from the image_full variable passed as parameter of the script. - For Dockerfile, it will not check what is prefixed and will update the image based on its name, so if any changes are name for any reason on prefixed image name on Dockerfiles this won't disrupt the image tag/digest update. example : if CILIUM_RUNTIME_IMAGE=quay.io/cilium/cilium-runtime:tag@digest is changed for RUNTIME_IMAGE=quay.io/cilium/cilium-runtime:tag@digest (or any other name) this won't affect the update process - For workflows, since the runtime image has been moved to an action (set-env-var), we now look on the .github/actions directory. Also added a double quote character to be sure no templating issue will be encountered when updating the set-env action. 3. Changes images/scripts/update-cilium-runtime-images.sh, used to lint cilium runtime images in CI, by removing the image name from a constant variable to a parameter passed along the call of the script. We are keeping quay.io/cilium/cilium-runtime as default parameter in the makefile, if nothing is provided to the script/target. But we allow ourselves the possibility to override this variable. This will allow us to change the repository of the runtime image without having to change the whole image build/lint process. Signed-off-by: Antony Reynaud <antony.reynaud@isovalent.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
nbusseneau
added
kind/backports
nbusseneau
had a problem deploying
to
release-base-images
GitHub Actions
Error
nbusseneau
requested review from
joestringer,
dylandreimerink,
christarazi,
aanm,
jrajahalme,
liyihuang,
sayboras,
Artyop,
antonipp,
julianwiedmann and
haozhangami
devodev
approved these changes
Feb 14, 2025
|
I messed up the runtime image update, will fix. |
nbusseneau
force-pushed
the
pr/v1.17-backport-2025-02-14-06-43
branch
from
203db76 to
1515a0b
Compare
nbusseneau
had a problem deploying
to
release-base-images
GitHub Actions
Error
[ upstream commit 9542013 ] [ backporter's notes: manually added the new CILIUM_RUNTIME_IMAGE env variable. ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit eceb7f1 ] New entry's proxy port priority can be greater than other's only when it is greater than zero. Otherwise the iteration can be skipped. Signed-off-by: Jarno Rajahalme <jarno@isovalent.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 94432bf ] As discussed in [0], this feature should currently only be used when BPF masquerading is enabled. [0] #35298 (comment) Signed-off-by: Julian Wiedmann <jwi@isovalent.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit f1ab7eb ] Explain why we're doing a plain redirect, without rewriting the DMAC. See #35298 (comment). Signed-off-by: Julian Wiedmann <jwi@isovalent.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 2a141a9 ] These options could be ineffective as they were duplicated across multiple Cells, which has undefined behavior in earlier versions of the Hive library. Upcoming versions will reject this duplication outright, so this commit fixes the duplicate config by relying on the spire package to provide the relevant config option. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 74f7468 ] These options could be ineffective as they were duplicated across multiple Cells, which has undefined behavior in earlier versions of the Hive library. Upcoming versions will reject this duplication outright, so this commit fixes the duplicate config by pushing it into the central operator config. While we're at it, hide the options. The goal here is to read the cilium-agent's desired configuration and highlight when that configuration would prevent the operator from doing its job. The operator itself doesn't really have nodeport or KPR configuration to apply. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 9715b5c ] This commit makes endpoint flags available for plumbing in the new ipcache API, allowing to set them from higher in the stack Signed-off-by: Tommaso Pozzetti <tommypozzetti@hotmail.it> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit e8db5d3 ] Always set tunnel_endpoint in ipcache, even for directly reachable endpoints. This ensures DSR info is available for DSR with geneve dispatch. Use endpointFlags to set the skiptunnel flag for directly reachable endpoints such that, even if overlay is enabled, we do not do an unneeded encap. Fixes: #36901 Signed-off-by: Tommaso Pozzetti <tommypozzetti@hotmail.it> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 322a7b9 ] Specify the allocateLoadBalancerNodePorts service spec of the load balancer service example in the chapter 'Selective Service Type Exposure'. If this spec is not set (true by default), then Kubernetes will allocate node ports on the service anyway. Then, clarify the use of this example. Signed-off-by: Yohan Belléguic <yohan.belleguic@arkea.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
nbusseneau
temporarily deployed
to
release-base-images
GitHub Actions
Inactive
|
So I think the image build checks are failing because we change the call in this PR to use a new @Artyop @aanm Is that analysis correct? If yes, I think we can just ignore the failures just this once 😇 |
haozhangami
approved these changes
Feb 15, 2025
|
/test |
julianwiedmann
approved these changes
Feb 17, 2025
Artyop
approved these changes
Feb 17, 2025
There was a problem hiding this comment.
So I think the image build checks are failing because we change the call in this PR to use a new
RUNTIME_IMAGEenvironment variables, which is not yet present in the target branch because it's added as part of the PR.@Artyop @aanm Is that analysis correct? If yes, I think we can just ignore the failures just this once 😇
It is, and this behavior will be fixed in #37595
lgtm
ritwikranjan
approved these changes
Feb 17, 2025
|
Backport of #37293 LGTM. |
viktor-kurchenko
approved these changes
Feb 17, 2025
aanm
approved these changes
Feb 18, 2025
viktor-kurchenko
approved these changes
Feb 18, 2025
dylandreimerink
approved these changes
Feb 18, 2025
sayboras
approved these changes
Feb 18, 2025
nbusseneau
had a problem deploying
to
release-base-images
GitHub Actions
Failure
nbusseneau
had a problem deploying
to
release-base-images
GitHub Actions
Failure
jrajahalme
approved these changes
Feb 19, 2025
liyihuang
approved these changes
Feb 19, 2025
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
2.097152e+06instead of2097152#37236 (@dee-kryvenko)Once this PR is merged, a GitHub action will update the labels of these PRs: