Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2019-09-19 15:46:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.7948 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cilium" Thu Sep 19 15:46:51 2019 rev:18 rq:729717 version:1.5.7 Changes: -------- --- /work/SRC/openSUSE:Factory/cilium/cilium.changes 2019-08-06 15:08:11.635858223 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.7948/cilium.changes 2019-09-19 15:47:00.931339992 +0200 @@ -1,0 +2,80 @@ +Mon Sep 09 10:49:29 UTC 2019 - [email protected] + +- Add patches which upgrade etcd library to 3.4.0 which has a new + client load balancer and solves issues with unavailability of + endpoints in etcd cluster. (bsc#1145258) + * 0001-etcd-use-ca-file-field-from-etcd-option-if-available.patch + * 0002-daemon-separate-kvstore-initialization-into-separate.patch + * 0003-deps-update-etcd-to-v3.4.0.patch +- Update to version 1.5.7: + * cilium: update IsEtcdCluster to return true if etcd.operator="true" kv option is set + * bpf: try to atomically replace filters when possible + * cilium: route mtu not set unless route.Spec set MTU + * Revert "[daemon] - Change MTU source for cilium_host (Use the Route one)" + * cilium: encryption, fix getting started guides create secrects command + * datapath: Limit host->service IP SNAT to local traffic + * cilium: fix transient rules to use allocation cidr + * Prepare for v1.5.6 release + * endpoint: Fix proxy port leak on endpoint delete + * update cilium-docker-plugin, cilium-operator to golang 1.12.8 + * dockerfiles: update golang versions to 1.12.8 + * cilium: install transient rules during agent restart + * Istio: Update to 1.2.4 + * envoy: Use patched image + * bpf: fix verifier error due to repulling of skb->data/end + * bpf: Attempt pulling skb->data if it is not pulled + * bpf: Introduce revalidate_data_first() + * cilium: add skb_pull_data to bpf_network to avoid revalidate error + * datapath/iptables: wait until acquisition xtables lock is done + * use iptables-manager to manage iptables executions + * examples/kubernetes: mount xtables.lock + * eventqueue: return error if Enqueue fails + * eventqueue: protect against enqueueing same Event twice + * eventqueue: use mutex to synchronize access to events channel + * daemon: get list of frontends from ServiceCache before acquiring BPFMapMu + * cilium: remove old probe content before restoring assets + * cilium: encryption, ensure 0x*d00 and 0x*e00 marks dont cause conflicts + * Dockerfile: Use proxy with legacy fix + * envoy: Add SO_MARK option to listener config + * test: provide capability for tests to run in their own namespace + * docs: Fix warnings + * test: Specify protocol during policy trace + * istio: Update to 1.2.2 + * envoy: Istio 1.2.0 update + * istio: Update to 1.1.7 + * test: be sure to close SSH client after a given Describe completes + * Dockerfile: Use cilium-envoy with reduced logging. + * Envoy: Update to the latest proxy build, use latest API + * Gopkg: update cilium/proxy + * envoy: Use LPM ipcache instead of xDS when available. + * Envoy: Use an image with proxylib injection fix. + * Dockerfile: Update proxy dependency + * CI: Change Kafka runtime tests to use local conntrack maps. + * [daemon] - Change MTU source for cilium_host (Use the Route one) + * endpoint: fix deadlock when endpoint EventQueue is full + * daemon: register warning_error metric after parsing CLI options + * Fix seds in microk8s docs + * daemon: Fix removal of non-existing SVCs in syncLBMapsWithK8s + * daemon: Remove svc from cache in syncLBMapsWithK8s + * examples/kubernetes: update k8s dev VM to v1.15.1 + * test: update k8s test version to v1.15.1 + * Gopkg: update k8s dependencies to v1.15.1 + * Add timeout to ginkgo calls + * proxy: Do not error out if reading of open ports fails. + * pkg/kvstore: wait for node delete delay in unit tests + * endpoint: Create redirects before bpf map updates. + * proxy: Perform dnsproxy Close() in the returned finalizeFunc + * endpoint: change transition from restore state + * test: misc. runtime policy test fixes + * docs: Fix up unparsed SCM_WEB literals + * pkg/{kvstore,node}: delay node delete event in kvstore + * operator: restart non-managed kube-dns pods before connecting to etcd + * test: move creation of Istio resources into `It` + * test: add `ExecMiddle` function + * datapath: Do not fail if route contains gw equal to dst + * update to golang 1.12.7 + * test: update k8s testing versions to v1.12.10, v1.13.8 and v1.14.4 + * update golang to 1.12.7 for cilium-{operator,docker-plugin} + * endpoint: do not log warning for specific state transition + +------------------------------------------------------------------- Old: ---- cilium-1.5.5.tar.gz New: ---- 0001-etcd-use-ca-file-field-from-etcd-option-if-available.patch 0002-daemon-separate-kvstore-initialization-into-separate.patch 0003-deps-update-etcd-to-v3.4.0.patch cilium-1.5.7.obscpio cilium.obsinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cilium.spec ++++++ --- /var/tmp/diff_new_pack.BlEjSf/_old 2019-09-19 15:47:01.851339805 +0200 +++ /var/tmp/diff_new_pack.BlEjSf/_new 2019-09-19 15:47:01.855339804 +0200 @@ -35,16 +35,23 @@ %endif Name: cilium -Version: 1.5.5 +Version: 1.5.7 Release: 0 Summary: Linux Native, HTTP Aware Networking and Security for Containers License: Apache-2.0 AND GPL-2.0-or-later Group: System/Management URL: https://github.com/cilium/cilium -Source0: %{name}-%{version}.tar.gz +Source0: %{name}-%{version}.tar.xz Source1: %{name}-rpmlintrc Source2: cilium-cni-install Source3: cilium-cni-uninstall +# PATCH-FIX-UPSTREAM bsc#1145258 -- Update configmap values for etcd v3.4.0 +Patch0: 0001-etcd-use-ca-file-field-from-etcd-option-if-available.patch +# PATCH-FIX-UPSTREAM bsc#1145258 -- Separate kvstore initialization in daemon to +# the separate function - needed for the next patch to apply without conflicts +Patch1: 0002-daemon-separate-kvstore-initialization-into-separate.patch +# PATCH-FIX-UPSTREAM bsc#1145258 -- Update etcd library to v3.4.0 +Patch2: 0003-deps-update-etcd-to-v3.4.0.patch BuildRequires: clang BuildRequires: git BuildRequires: glibc-devel @@ -196,6 +203,10 @@ %prep %setup -q +%patch0 +%patch1 +# patch macro adds the --fuzz=0 option which does not work with the last patch +patch --no-backup-if-mismatch -p0 %{PATCH2} %build %goprep %{provider_prefix} ++++++ 0001-etcd-use-ca-file-field-from-etcd-option-if-available.patch ++++++ ++++ 1204 lines (skipped) ++++++ 0002-daemon-separate-kvstore-initialization-into-separate.patch ++++++ >From a0d638baf88df0b7ceaef67dc3ae4b32cf7abc88 Mon Sep 17 00:00:00 2001 From: Ian Vernon <[email protected]> Date: Tue, 28 May 2019 16:29:26 -0700 Subject: [PATCH 2/3] daemon: separate kvstore initialization into separate function Signed-off by: Ian Vernon <[email protected]> --- daemon/daemon_main.go | 93 ++++++++++++++++++++++--------------------- 1 file changed, 48 insertions(+), 45 deletions(-) diff --git daemon/daemon_main.go daemon/daemon_main.go index 76ad61a39..ac693e3eb 100644 --- daemon/daemon_main.go +++ daemon/daemon_main.go @@ -1142,6 +1142,53 @@ func endParallelMapMode() { ipcachemap.IPCache.EndParallelMode() } +func (d *Daemon) initKVStore() { + goopts := &kvstore.ExtraOptions{ + ClusterSizeDependantInterval: d.nodeDiscovery.Manager.ClusterSizeDependantInterval, + } + + // If K8s is enabled we can do the service translation automagically by + // looking at services from k8s and retrieve the service IP from that. + // This makes cilium to not depend on kube dns to interact with etcd + if k8s.IsEnabled() && kvstore.IsEtcdOperator(option.Config.KVStore, option.Config.KVStoreOpt, option.Config.K8sNamespace) { + // Wait services and endpoints cache are synced with k8s before setting + // up etcd so we can perform the name resolution for etcd-operator + // to the service IP as well perform the service -> backend IPs for + // that service IP. + d.waitForCacheSync(k8sAPIGroupServiceV1Core, k8sAPIGroupEndpointV1Core) + log := log.WithField(logfields.LogSubsys, "etcd") + goopts.DialOption = []grpc.DialOption{ + grpc.WithDialer(func(s string, duration time.Duration) (conn net.Conn, e error) { + // If the service is available, do the service translation to + // the service IP. Otherwise dial with the original service + // name `s`. + svc := k8s.ParseServiceIDFrom(s) + if svc != nil { + backendIP := d.k8sSvcCache.GetRandomBackendIP(*svc) + if backendIP != nil { + s = backendIP.String() + } + } else { + log.Debug("Service not found") + } + log.Debugf("custom dialer based on k8s service backend is dialing to %q", s) + return net.Dial("tcp", s) + }, + ), + } + } + + if err := kvstore.Setup(option.Config.KVStore, option.Config.KVStoreOpt, goopts); err != nil { + addrkey := fmt.Sprintf("%s.address", option.Config.KVStore) + addr := option.Config.KVStoreOpt[addrkey] + + log.WithError(err).WithFields(logrus.Fields{ + "kvstore": option.Config.KVStore, + "address": addr, + }).Fatal("Unable to setup kvstore") + } +} + func runDaemon() { datapathConfig := linuxdatapath.DatapathConfiguration{ HostDevice: option.Config.HostDevice, @@ -1205,51 +1252,7 @@ func runDaemon() { // subsystem as well in parallel so caches will start to be synchronized // with k8s. k8sCachesSynced := d.initK8sSubsystem() - - goopts := &kvstore.ExtraOptions{ - ClusterSizeDependantInterval: d.nodeDiscovery.Manager.ClusterSizeDependantInterval, - } - - // If K8s is enabled we can do the service translation automagically by - // looking at services from k8s and retrieve the service IP from that. - // This makes cilium to not depend on kube dns to interact with etcd - if k8s.IsEnabled() && kvstore.IsEtcdOperator(option.Config.KVStore, option.Config.KVStoreOpt, option.Config.K8sNamespace) { - // Wait services and endpoints cache are synced with k8s before setting - // up etcd so we can perform the name resolution for etcd-operator - // to the service IP as well perform the service -> backend IPs for - // that service IP. - d.waitForCacheSync(k8sAPIGroupServiceV1Core, k8sAPIGroupEndpointV1Core) - log := log.WithField(logfields.LogSubsys, "etcd") - goopts.DialOption = []grpc.DialOption{ - grpc.WithDialer(func(s string, duration time.Duration) (conn net.Conn, e error) { - // If the service is available, do the service translation to - // the service IP. Otherwise dial with the original service - // name `s`. - svc := k8s.ParseServiceIDFrom(s) - if svc != nil { - backendIP := d.k8sSvcCache.GetRandomBackendIP(*svc) - if backendIP != nil { - s = backendIP.String() - } - } else { - log.Debug("Service not found") - } - log.Debugf("custom dialer based on k8s service backend is dialing to %q", s) - return net.Dial("tcp", s) - }, - ), - } - } - - if err := kvstore.Setup(option.Config.KVStore, option.Config.KVStoreOpt, goopts); err != nil { - addrkey := fmt.Sprintf("%s.address", option.Config.KVStore) - addr := option.Config.KVStoreOpt[addrkey] - - log.WithError(err).WithFields(logrus.Fields{ - "kvstore": option.Config.KVStore, - "address": addr, - }).Fatal("Unable to setup kvstore") - } + d.initKVStore() // Wait only for certain caches, but not all! // (Check Daemon.initK8sSubsystem() for more info) -- 2.23.0 ++++++ 0003-deps-update-etcd-to-v3.4.0.patch ++++++ ++++ 30547 lines (skipped) ++++++ _service ++++++ --- /var/tmp/diff_new_pack.BlEjSf/_old 2019-09-19 15:47:01.927339789 +0200 +++ /var/tmp/diff_new_pack.BlEjSf/_new 2019-09-19 15:47:01.927339789 +0200 @@ -1,16 +1,17 @@ <services> - <service name="tar_scm" mode="disabled"> + <service name="obs_scm" mode="disabled"> <param name="url">https://github.com/cilium/cilium</param> <param name="scm">git</param> <param name="exclude">.git</param> <param name="versionformat">@PARENT_TAG@</param> - <param name="revision">refs/tags/v1.5.5</param> + <param name="revision">refs/tags/v1.5.7</param> <param name="filename">cilium</param> <param name="changesgenerate">enable</param> </service> - <service name="recompress" mode="disabled"> - <param name="file">cilium-*.tar</param> - <param name="compression">gz</param> + <service mode="buildtime" name="tar"/> + <service mode="buildtime" name="recompress"> + <param name="file">*.tar</param> + <param name="compression">xz</param> </service> <service name="set_version" mode="disabled"/> </services> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.BlEjSf/_old 2019-09-19 15:47:01.955339784 +0200 +++ /var/tmp/diff_new_pack.BlEjSf/_new 2019-09-19 15:47:01.955339784 +0200 @@ -1,4 +1,4 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/cilium/cilium</param> - <param name="changesrevision">9ba05044cd52d3ad38a15dcc55cc91ce79638f83</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">6373fdaa9d3e51aff1143dcfbd00a8e13dc43362</param></service></servicedata> \ No newline at end of file ++++++ cilium.obsinfo ++++++ name: cilium version: 1.5.7 mtime: 1566582409 commit: 6373fdaa9d3e51aff1143dcfbd00a8e13dc43362
