Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2020-02-29 21:19:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cilium" Sat Feb 29 21:19:50 2020 rev:22 rq:779898 version:1.7.0 Changes: -------- --- /work/SRC/openSUSE:Factory/cilium/cilium.changes 2020-01-13 22:15:44.674357376 +0100 +++ /work/SRC/openSUSE:Factory/.cilium.new.26092/cilium.changes 2020-02-29 21:20:06.754001460 +0100 @@ -1,0 +2,88 @@ +Thu Feb 27 12:16:05 UTC 2020 - Michał Rostecki <[email protected]> + +- Use %requires_eq for cilium-proxy. + +------------------------------------------------------------------- +Thu Feb 27 11:35:39 UTC 2020 - Michał Rostecki <[email protected]> + +- Add cilium-proxy as a runtime dependency. + +------------------------------------------------------------------- +Mon Feb 24 23:50:04 UTC 2020 - Michał Rostecki <[email protected]> + +- Build with correct cilium-proxy version string. + +------------------------------------------------------------------- +Mon Feb 24 22:59:42 UTC 2020 - Michał Rostecki <[email protected]> + +- Add upstream patches which fix running Cilium on aarch64 and + remove dependency on glibc: + * 0001-option-mark-keep-bpf-templates-as-deprecated.patch + * 0002-make-remove-the-need-for-go-bindata.patch + * 0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch +- Add downstream patch which makes helm charts compatible with + openSUSE images: + * 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch + +------------------------------------------------------------------- +Mon Feb 24 18:35:55 UTC 2020 - Michał Rostecki <[email protected]> + +- Update to version 1.7.0: + * Major changes + - Add direct server return (DSR) for NodePort BPF + - Add support for k8s 1.17 + - Add support for k8s endpoint slice + - Add support for L7 visibility via pod annotations + - Clusterwide K8s Cilium Network Policies + - Envoy TLS support with header imposition + * Bugfixes + - Add better mechanism to detect if k8s caches are synced + against k8s + - api: Add missing annotations to generate DeepCopy for new + status fields + - bpf: Fix proxy redirection for egress programs + - bpf: Remove POLICY_MAP from bpf_netdev and bpf_overlay + - cilium: use %v for dumping frontend struct on error + - Correct clustermesh identity sync kvstore backend usage (to + actually use the remote) + - daemon: Upgrade spf13/viper + - eni: Check instance existence before resolving deficit + - Filter out bpftool probes emitting dmesg messages + - Fix cilium daemonset deletion on AKS + - Fix concurrent access of a variable used for metrics + - Fix issue (#10092) which incorrectly configured route MTU + with encryption and tunnel enabled. + - Fix memory corruption on clusters with IPv6 and NodePort + enabled + - Fix node-port default route detection in case there multiple + default entries with same ifindex. + - Fix regression to avoid freeing alive IPs + - Fix regular service lookup in node-port range in case of + host-reachable services. + - Fix Unlock handling for kvstore locks + - Fix vishvananda/netlink library's VethPeerIndex() stack + corruption with 4.20+ kernels. + - fqdn: Support setting tofqdns-min-ttl to 0 + - health: add ipv6 health check status to cilium health status + output + - HostToContainer propagation for /sys/fs/bpf + - ipam: Protect release from releasing alive IP + - ipcache: Add probe to check for dump capability to support + delete + - ipsec: fix connectivity after node reboots + - k8s: Fix Service.DeepEquals for ExternalIP + - kubernetes: Disable LocalNodeRoute while chaining + - node: Provide context in log when restoring router addresses + - operator: only enable kvstore watcher if kvstore is enabled + - pkg/bpf: Protect each uintptr with runtime.KeepAlive + - pkg/endpoint: access endpoint state safely across go routines + - pkg/ip: fix cilium status output for big CIDR ranges + - policy: Don't open localhost when allowing L7 traffic + - policy: Expose L3 selectors within endpoint JSON + +------------------------------------------------------------------- +Thu Feb 20 11:14:01 UTC 2020 - Michał Rostecki <[email protected]> + +- Remove quick-install.yaml file, ship only helm chart instead. + +------------------------------------------------------------------- Old: ---- cilium-1.6.5.obscpio New: ---- 0001-option-mark-keep-bpf-templates-as-deprecated.patch 0002-make-remove-the-need-for-go-bindata.patch 0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch cilium-1.7.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cilium.spec ++++++ --- /var/tmp/diff_new_pack.jkHurq/_old 2020-02-29 21:20:11.002002229 +0100 +++ /var/tmp/diff_new_pack.jkHurq/_new 2020-02-29 21:20:11.014002252 +0100 @@ -1,7 +1,7 @@ # # spec file for package cilium # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -35,7 +35,7 @@ %endif Name: cilium -Version: 1.6.5 +Version: 1.7.0 Release: 0 Summary: Linux Native, HTTP Aware Networking and Security for Containers License: Apache-2.0 AND GPL-2.0-or-later @@ -44,12 +44,20 @@ Source1: %{name}-rpmlintrc Source2: cilium-cni-install Source3: cilium-cni-uninstall +# PATCH-FIX-UPSTREAM 0001-option-mark-keep-bpf-templates-as-deprecated.patch +Patch0: 0001-option-mark-keep-bpf-templates-as-deprecated.patch +# PATCH-FIX-UPSTREAM 0002-make-remove-the-need-for-go-bindata.patch +Patch1: 0002-make-remove-the-need-for-go-bindata.patch +# PATCH-FIX-UPSTREAM 0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch +Patch2: 0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch +# PATCH-FIX-OPENSUSE 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch +# TODO(mrostecki): Submit it upstream after we confirm that our images work 100% +# fine, also on aarch64. +Patch3: 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch +# Cilium needs to be aware of the version string of cilium-proxy +BuildRequires: cilium-proxy BuildRequires: clang BuildRequires: git -BuildRequires: glibc-devel -# glibc-devel-32bit is needed to compile bpf objects -# https://github.com/cilium/cilium/issues/368 -BuildRequires: glibc-devel-32bit BuildRequires: golang-github-jteeuwen-go-bindata BuildRequires: golang-packaging %if 0%{?suse_version} > 1510 && 0%{?is_opensuse} @@ -60,27 +68,27 @@ BuildRequires: protobuf-devel BuildRequires: shadow BuildRequires: unzip -BuildRequires: golang(API) >= 1.10 +BuildRequires: golang(API) = 1.13 Requires: awk Requires: binutils -# clang and glibc headers are needed as runtime dependencies for compiling BPF -# programs by cilium +%requires_eq cilium-proxy +# clang is needed as runtime dependency for compiling BPF programs by cilium Requires: clang # Although clang is used as a compiler for BPF programs, they need to have # libgcc and libgcc_s linked in. # https://github.com/cilium/cilium/issues/7273 Requires: gcc -Requires: glibc-devel -# glibc-devel-32bit is needed to compile bpf objects -# https://github.com/cilium/cilium/issues/368 -Requires: glibc-devel-32bit +Requires: gzip Requires: iproute2 # Despite the fact that cilium is using BPF programs and aims to replace # iptables for container security policies, iptables is still needed for # defining few rules which redirect the traffic from kube-proxy to cilium. Then # cilium replaces some of kube-proxy functionality, using BPF programs. So, in # fact, cilium uses few iptables rules to prevent iptables usage. :) -Requires: gzip +# +# TODO(mrostecki): (27-02-2020) That comment above is actually quite old. After +# upgrade to 1.7.x we can get rid of kube-proxy and thus get rid of iptables. +# But I need to test that properly. Requires: iptables Requires: llvm Requires: protobuf-c @@ -187,7 +195,7 @@ containers in a Kubernetes cluster. %prep -%setup -q +%autosetup -p1 %build %goprep %{provider_prefix} @@ -195,12 +203,13 @@ cd $GOPATH/src/%{provider_prefix} export EXTRA_GOBUILD_FLAGS="-v -p 4 -x -buildmode=pie" +export CILIUM_ENVOY_SHA="$(cilium-envoy --version | cut -d : -f 2 | xargs echo -n)" sed -i '/groupadd /s/^/#/' daemon/Makefile sed -i '/groupadd /s/^/#/' operator/Makefile # create bindata.go which is no included in the source as it is ignored # because of .gitignore -make -C daemon apply-bindata +make -C daemon CILIUM_ENVOY_SHA="${CILIUM_ENVOY_SHA}" %if 0%{?suse_version} > 1510 && 0%{?is_opensuse} make precheck @@ -209,7 +218,7 @@ make logging-subsys-field %endif -make build +make build CILIUM_ENVOY_SHA="${CILIUM_ENVOY_SHA}" %install export GOPATH=%{_builddir}/go @@ -235,21 +244,27 @@ install -D -m 0755 contrib/packaging/docker/init-container.sh %{buildroot}/%{_bindir}/cilium-init install -D -m 0644 contrib/systemd/cilium %{buildroot}%{_fillupdir}/sysconfig.cilium install -D -m 0644 proxylib/libcilium.h %{buildroot}%{_includedir}/libcilium.h -install -D -m 0644 install/kubernetes/quick-install.yaml %{buildroot}%{_datadir}/k8s-yaml/cilium/quick-install.yaml pushd install/kubernetes/cilium for yaml_file in $(find . -type f -name "*.yaml"); do install -D -m 0644 ${yaml_file} %{buildroot}%{_datadir}/k8s-helm/cilium/${yaml_file} done popd + +# Adjust Helm charts values to our images. +sed -i \ + -e 's|integration: none|integration: crio|' \ + -e 's|registry: docker.io/cilium|registry: registry.opensuse.org/kubic|' \ + -e 's|tag: v%{version}|tag: %{version}|' \ + %{buildroot}%{_datadir}/k8s-helm/cilium/values.yaml +sed -i \ + -e 's|cniInstallScript: /cni-install.sh|cilium-cni-install|' \ + -e 's|cniUninstallScript: /cni-uninstall.sh|cilium-cni-uninstall|' \ + -e 's|initImage: cilium|initImage: cilium-init|' \ + -e 's|initScript: /init-container.sh|initScript: cilium-init|' \ + %{buildroot}%{_datadir}/k8s-helm/cilium/charts/agent/values.yaml sed -i \ - -e 's|image: \"docker.io/cilium/cilium:.*|image: \"registry.opensuse.org/kubic/cilium:%{version}\"|' \ - -e 's|image: \"docker.io/cilium/cilium-init:.*|image: \"registry.opensuse.org/kubic/cilium-init:%{version}\"|' \ - -e 's|image: \"docker.io/cilium/operator:.*|image: \"registry.opensuse.org/kubic/cilium-operator:%{version}\"|' \ - -e 's|/init-container.sh|cilium-init|g' \ - -e 's|/cni-install.sh|cilium-cni-install|g' \ - -e 's|/cni-uninstall.sh|cilium-cni-uninstall|g' \ - -e 's|--config-dir=/tmp/cilium/config-map|--config-dir=/tmp/cilium/config-map\n - --disable-envoy-version-check|g' \ - %{buildroot}%{_datadir}/k8s-yaml/cilium/quick-install.yaml + -e 's|image: operator|image: cilium-operator|' \ + %{buildroot}%{_datadir}/k8s-helm/cilium/charts/operator/values.yaml mkdir -p %{buildroot}%{bash_completion_dir} %{buildroot}%{_bindir}/cilium completion > %{buildroot}%{bash_completion_dir}/cilium @@ -304,7 +319,7 @@ %{_bindir}/cilium-health-responder %{_bindir}/cilium-map-migrate %{_bindir}/cilium-node-monitor -%{_bindir}/cilium-ring-dump +%{_bindir}/maptool %license LICENSE %files cni @@ -335,9 +350,6 @@ %{_libdir}/libcilium.so %files k8s-yaml -%dir %{_datarootdir}/k8s-yaml -%dir %{_datarootdir}/k8s-yaml/cilium -%{_datadir}/k8s-yaml/cilium/quick-install.yaml %dir %{_datadir}/k8s-helm %{_datadir}/k8s-helm/cilium ++++++ 0001-option-mark-keep-bpf-templates-as-deprecated.patch ++++++ From 58eb131a65d85735b44d5a2151d2fc554df30b84 Mon Sep 17 00:00:00 2001 From: Tobias Klauser <[email protected]> Date: Wed, 12 Feb 2020 14:07:41 +0100 Subject: [PATCH 1/4] option: mark --keep-bpf-templates as deprecated With go-bindata being removed, the flag becomes a no-op. Mark it as deprecated and announce removal in v1.9. Updates #10075 Signed-off-by: Tobias Klauser <[email protected]> --- Documentation/cmdref/cilium-agent.md | 1 - daemon/daemon_main.go | 1 + pkg/option/config.go | 2 ++ 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Documentation/cmdref/cilium-agent.md b/Documentation/cmdref/cilium-agent.md index 9853f7f25..c99206643 100644 --- a/Documentation/cmdref/cilium-agent.md +++ b/Documentation/cmdref/cilium-agent.md @@ -111,7 +111,6 @@ cilium-agent [flags] --k8s-require-ipv6-pod-cidr Require IPv6 PodCIDR to be specified in node resource --k8s-watcher-endpoint-selector string K8s endpoint watcher will watch for these k8s endpoints (default "metadata.name!=kube-scheduler,metadata.name!=kube-controller-manager,metadata.name!=etcd-operator,metadata.name!=gcp-controller-manager") --k8s-watcher-queue-size uint Queue size used to serialize each k8s event type (default 1024) - --keep-bpf-templates Do not restore BPF template files from binary --keep-config When restoring state, keeps containers' configuration in place --kube-proxy-replacement string auto-enable available features for kube-proxy replacement ("probe"), or enable only selected features (will panic if any selected feature cannot be enabled) ("partial") or enable all features (will panic if any feature cannot be enabled) ("strict"), or completely disable it (ignores any selected feature) ("disabled") (default "partial") --kvstore string Key-value store type diff --git a/daemon/daemon_main.go b/daemon/daemon_main.go index a07d757d9..b778722fe 100644 --- a/daemon/daemon_main.go +++ b/daemon/daemon_main.go @@ -453,6 +453,7 @@ func init() { flags.Bool(option.KeepBPFTemplates, false, "Do not restore BPF template files from binary") option.BindEnv(option.KeepBPFTemplates) + flags.MarkDeprecated(option.KeepBPFTemplates, "This option is no longer supported and will be removed in v1.9") flags.String(option.KVStore, "", "Key-value store type") option.BindEnv(option.KVStore) diff --git a/pkg/option/config.go b/pkg/option/config.go index 525bfc340..77b661d4d 100644 --- a/pkg/option/config.go +++ b/pkg/option/config.go @@ -223,6 +223,8 @@ const ( KeepConfig = "keep-config" // KeepBPFTemplates do not restore BPF template files from binary + // Deprecated: This option is no longer available since cilium-agent does + // not include the BPF templates anymore. KeepBPFTemplates = "keep-bpf-templates" // KVStore key-value store type -- 2.25.1 ++++++ 0002-make-remove-the-need-for-go-bindata.patch ++++++ From 4ffd46ee1f8d0f71165d6538283456fae44496b7 Mon Sep 17 00:00:00 2001 From: Tobias Klauser <[email protected]> Date: Thu, 13 Feb 2020 11:09:40 +0100 Subject: [PATCH 2/4] make: remove the need for go-bindata Use of go-bindata dates back from times when people ran Cilium as static binary. This has become uncommon and users either use the container image or a package manager which will both ship /var/lib/cilium directly so there is no need to unpack any assets via the binary. For people still wanting to use Cilium as a static binary, e.g. for local development provide the `install-bpf` Makefile target to install the BPF assets into `/var/lib/cilium`. This saves ~380 kB in the resulting cilium-agent binary: == daemon/cilium-agent == bss 7752192 7752160 -32 data 894041 651280 -242761 dec 64545230 64166071 -379159 hex 3d8e1ce 3d318b7 -5c917 text 55898997 55762631 -136366 Updates #10056 Fixes #10075 Signed-off-by: Tobias Klauser <[email protected]> --- .travis/prepare.sh | 1 - CODEOWNERS | 43 +++++++++++++++++++ Dockerfile | 2 +- Dockerfile.builder | 6 +-- .../contributing/development/dev_setup.rst | 2 - Makefile | 14 +++--- Makefile.defs | 9 +++- contrib/packaging/deb/Dockerfile | 2 - contrib/packaging/rpm/Dockerfile | 2 +- contrib/packaging/rpm/cilium.spec.envsubst | 2 - contrib/scripts/bindata.sh | 43 ------------------- contrib/scripts/check-fmt.sh | 3 +- contrib/scripts/fix-sha.sh | 13 ------ contrib/shell/util.sh | 30 ------------- daemon/Makefile | 27 +----------- daemon/bpf.sha | 2 - daemon/daemon_main.go | 21 +++------ pkg/datapath/linux/requirements.go | 3 ++ test/docker-compose.yml | 2 +- test/packet/scripts/install.sh | 1 - 21 files changed, 73 insertions(+), 157 deletions(-) delete mode 100755 contrib/scripts/bindata.sh delete mode 100755 contrib/scripts/fix-sha.sh delete mode 100644 daemon/bpf.sha diff --git a/.travis/prepare.sh b/.travis/prepare.sh index 3b5c75994..b5e045599 100755 --- a/.travis/prepare.sh +++ b/.travis/prepare.sh @@ -15,6 +15,5 @@ NEWPATH="/usr/local/clang/bin" export PATH="$NEWPATH:$PATH" # disable go modules to avoid downloading all dependencies when doing go get -GO111MODULE=off go get github.com/cilium/go-bindata/go-bindata GO111MODULE=off go get golang.org/x/tools/cmd/cover GO111MODULE=off go get github.com/mattn/goveralls diff --git a/CODEOWNERS b/CODEOWNERS index 2ca3943f5..18d3a89ca 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -27,6 +27,49 @@ # is not properly picked up in Github. * @cilium/janitors api/ @cilium/api +bpf/ @cilium/bpf +bugtool/cmd/ @cilium/cli +cilium/ @cilium/cli +cilium-health/cmd/ @cilium/cli +cilium-health/launch/ @cilium/health +contrib/packaging/deb/ @eloycoto +contrib/packaging/docker/ @aanm @ianvernon +contrib/vagrant @cilium/ci +daemon/ @cilium/agent +daemon/datapath.* @cilium/bpf +daemon/endpoint.* @cilium/endpoint +daemon/health.* @cilium/health +daemon/ipcache.* @cilium/ipcache +daemon/k8s_watcher.* @cilium/kubernetes +daemon/loadbalancer.* @cilium/loadbalancer +daemon/metrics.* @cilium/metrics +daemon/policy.* @cilium/policy +daemon/prefilter.go @cilium/bpf +daemon/proxy.go @cilium/proxy +daemon/requirements.go @cilium/bpf +daemon/state.go @cilium/endpoint +daemon/sysctl.* @cilium/bpf +Documentation/ @cilium/docs +Documentation/bpf.rst @scanf @borkmann +Documentation/contributing.rst @cilium/contributing +envoy/ @cilium/proxy +examples/ @cilium/docs +examples/getting-started/Vagrantfile @cilium/ci +examples/kubernetes/ @cilium/kubernetes +examples/kubernetes-ingress/ @cilium/kubernetes +examples/mesos/Vagrantfile @cilium/ci +examples/minikube/ @cilium/kubernetes +ginkgo.Jenkinsfile @cilium/ci +kubernetes-upstream.Jenkinsfile @cilium/ci +ginkgo-all.Jenkinsfile @cilium/ci +ginkgo-kubernetes-all.Jenkinsfile @cilium/ci +install/kubernetes/ @cilium/kubernetes +Jenkinsfile @cilium/ci +Jenkinsfile.nightly @cilium/ci +operator/ @cilium/operator +pkg/annotation @cilium/kubernetes +pkg/apierror/ @cilium/api +pkg/apipanic/ @cilium/api pkg/apisocket/ @cilium/api pkg/monitor/payload @cilium/api pkg/policy/api/ @cilium/api diff --git a/Dockerfile b/Dockerfile index 538baaba1..25e9278cb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ FROM quay.io/cilium/cilium-envoy:c31482c3e49670980c05cafc914320f7949b266f as cil # versions to be built while allowing the new versions to make changes # that are not backwards compatible. # -FROM quay.io/cilium/cilium-builder:2020-02-13 as builder +FROM quay.io/cilium/cilium-builder:2020-02-19 as builder LABEL maintainer="[email protected]" WORKDIR /go/src/github.com/cilium/cilium COPY . ./ diff --git a/Dockerfile.builder b/Dockerfile.builder index e51853892..6f53d2261 100644 --- a/Dockerfile.builder +++ b/Dockerfile.builder @@ -56,8 +56,4 @@ RUN curl -sfL https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz | tar go get -d -u github.com/gordonklaus/ineffassign && \ cd /go/src/github.com/gordonklaus/ineffassign && \ git checkout -b 1003c8bd00dc2869cb5ca5282e6ce33834fed514 1003c8bd00dc2869cb5ca5282e6ce33834fed514 && \ - go install && \ - go get -d github.com/cilium/go-bindata/... && \ - cd /go/src/github.com/cilium/go-bindata && \ - git checkout -b e950ad39c6092155a6d89f04c90b1c46d8c97d49 e950ad39c6092155a6d89f04c90b1c46d8c97d49 && \ - go install github.com/cilium/go-bindata/go-bindata + go install diff --git a/Documentation/contributing/development/dev_setup.rst b/Documentation/contributing/development/dev_setup.rst index 82b691766..2fdfd6b21 100644 --- a/Documentation/contributing/development/dev_setup.rst +++ b/Documentation/contributing/development/dev_setup.rst @@ -30,8 +30,6 @@ contribute to Cilium: +----------------------------------------------------------------------------------+--------------------------+-------------------------------------------------------------------------------+ | `go <https://golang.org/dl/>`_ | 1.13.8 | N/A (OS-specific) | +----------------------------------------------------------------------------------+--------------------------+-------------------------------------------------------------------------------+ -| `go-bindata <https://github.com/cilium/go-bindata>`_ | ``a0ff2567cfb`` | ``go get -u github.com/cilium/go-bindata/...`` | -+----------------------------------------------------------------------------------+--------------------------+-------------------------------------------------------------------------------+ + `ginkgo <https://github.com/onsi/ginkgo>`__ | >= 1.4.0 | ``go get -u github.com/onsi/ginkgo/ginkgo`` | +----------------------------------------------------------------------------------+--------------------------+-------------------------------------------------------------------------------+ + `gomega <https://github.com/onsi/gomega>`_ | >= 1.2.0 | ``go get -u github.com/onsi/gomega`` | diff --git a/Makefile b/Makefile index 6086de77f..a91fa53ae 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,4 @@ include Makefile.defs -include daemon/bpf.sha SUBDIRS_CILIUM_CONTAINER := proxylib envoy plugins/cilium-cni bpf cilium daemon cilium-health bugtool ifdef LIBNETWORK_PLUGIN @@ -12,9 +11,6 @@ TESTPKGS_EVAL := $(subst github.com/cilium/cilium/,,$(shell $(CGO_DISABLED) $(GO TESTPKGS ?= $(TESTPKGS_EVAL) GOLANGVERSION := $(shell $(GO) version 2>/dev/null | grep -Eo '(go[0-9].[0-9])') GOLANG_SRCFILES := $(shell for pkg in $(subst github.com/cilium/cilium/,,$(GOFILES)); do find $$pkg -name *.go -print; done | grep -v vendor | sort | uniq) -BPF_FILES_EVAL := $(shell git ls-files $(ROOT_DIR)/bpf/ | grep -v .gitignore | tr "\n" ' ') -BPF_FILES ?= $(BPF_FILES_EVAL) -BPF_SRCFILES := $(subst ../,,$(BPF_FILES)) SWAGGER_VERSION := v0.20.1 SWAGGER := $(CONTAINER_ENGINE_FULL) run --rm -v $(CURDIR):$(CURDIR) -w $(CURDIR) --entrypoint swagger quay.io/goswagger/swagger:$(SWAGGER_VERSION) @@ -148,7 +144,6 @@ unit-tests: start-kvstores $(QUIET) $(MAKE) -C tools/maptool/ $(QUIET) $(MAKE) -C test/bpf/ test/bpf/unit-test - $(QUIET) $(MAKE) -C daemon/ check-bindata ifeq ($(SKIP_VET),"false") $(MAKE) govet endif @@ -191,11 +186,16 @@ clean: clean-container -$(MAKE) -C ./contrib/packaging/rpm clean -rm -f GIT_VERSION -install: +install-bpf: + $(INSTALL) -m 0750 -d $(DESTDIR)$(LOCALSTATEDIR)/lib/cilium + -rm -f $(DESTDIR)$(LOCALSTATEDIR)/lib/cilium/bpf + $(foreach bpfsrc,$(BPF_SRCFILES), $(INSTALL) -D -m 0644 $(bpfsrc) $(DESTDIR)$(LOCALSTATEDIR)/lib/cilium/$(bpfsrc);) + +install: install-bpf $(INSTALL) -m 0755 -d $(DESTDIR)$(BINDIR) for i in $(SUBDIRS); do $(MAKE) -C $$i install; done -install-container: +install-container: install-bpf $(INSTALL) -m 0755 -d $(DESTDIR)$(BINDIR) for i in $(SUBDIRS_CILIUM_CONTAINER); do $(MAKE) -C $$i install; done diff --git a/Makefile.defs b/Makefile.defs index f59ee3cfc..2e472a839 100644 --- a/Makefile.defs +++ b/Makefile.defs @@ -10,6 +10,7 @@ BINDIR?=$(PREFIX)/bin CNIBINDIR?=/opt/cni/bin CNICONFDIR?=/etc/cni/net.d LIBDIR?=$(PREFIX)/lib +LOCALSTATEDIR?=/var RUNDIR?=/var/run CONFDIR?=/etc @@ -34,7 +35,13 @@ GOLDFLAGS = -X "github.com/cilium/cilium/pkg/version.Version=$(BUILD)" CILIUM_ENVOY_SHA=$(shell grep -o "FROM.*cilium/cilium-envoy:[0-9a-fA-F]*" $(ROOT_DIR)/Dockerfile | cut -d : -f 2) GOLDFLAGS += -X "github.com/cilium/cilium/pkg/envoy.RequiredEnvoyVersionSHA=$(CILIUM_ENVOY_SHA)" -GOLDFLAGS += -X "github.com/cilium/cilium/pkg/datapath/loader.DatapathSHA=$(GO_BINDATA_SHA1SUM)" + +BPF_FILES_EVAL := $(shell git ls-files $(ROOT_DIR)/bpf/ | grep -v .gitignore | tr "\n" ' ') +BPF_FILES ?= $(BPF_FILES_EVAL) +BPF_SRCFILES := $(subst ../,,$(BPF_FILES)) + +CILIUM_DATAPATH_SHA=$(shell cat $(BPF_FILES) | sha1sum | awk '{print $$1}') +GOLDFLAGS += -X "github.com/cilium/cilium/pkg/datapath/loader.DatapathSHA=$(CILIUM_DATAPATH_SHA)" # Set DOCKER_IMAGE_TAG with "latest" by default ifeq ($(DOCKER_IMAGE_TAG),) diff --git a/contrib/packaging/deb/Dockerfile b/contrib/packaging/deb/Dockerfile index 740d1334f..993b66aa2 100644 --- a/contrib/packaging/deb/Dockerfile +++ b/contrib/packaging/deb/Dockerfile @@ -19,8 +19,6 @@ RUN apt-get update && \ ENV GOPATH /go ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH -RUN go get -u github.com/cilium/go-bindata/... - RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH" WORKDIR $GOPATH diff --git a/contrib/packaging/rpm/Dockerfile b/contrib/packaging/rpm/Dockerfile index d3e534830..e93ac4320 100644 --- a/contrib/packaging/rpm/Dockerfile +++ b/contrib/packaging/rpm/Dockerfile @@ -6,7 +6,7 @@ RUN curl -sSL -o /etc/yum.repos.d/vbatts-bazel-fedora-28.repo \ https://copr.fedorainfracloud.org/coprs/vbatts/bazel/repo/fedora-28/vbatts-bazel-fedora-28.repo RUN dnf -y update && \ - dnf -y install fedora-packager fedora-review golang go-bindata gettext \ + dnf -y install fedora-packager fedora-review golang gettext \ git glibc-devel.x86_64 glibc-devel.i686 cmake bazel libtool wget \ clang make gcc-c++ elfutils-libelf-devel libstdc++-static && \ mkdir -p /opt/cilium/ diff --git a/contrib/packaging/rpm/cilium.spec.envsubst b/contrib/packaging/rpm/cilium.spec.envsubst index 9c334bb61..cb35465f2 100644 --- a/contrib/packaging/rpm/cilium.spec.envsubst +++ b/contrib/packaging/rpm/cilium.spec.envsubst @@ -59,7 +59,6 @@ Requires: docker-engine >= 1.12, glibc-devel(x86-32), iproute >= 4.10, clan BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang} BuildRequires: golang -BuildRequires: go-bindata BuildRequires: glibc-devel(x86-32) BuildRequires: cmake BuildRequires: bazel @@ -107,7 +106,6 @@ echo "%{version}.%{release}" > VERSION export PKG_BUILD=1 -make -C daemon apply-bindata make V=1 proxylib plugins bpf cilium daemon monitor cilium-health bugtool tools operator %install diff --git a/contrib/scripts/bindata.sh b/contrib/scripts/bindata.sh deleted file mode 100755 index 6a4a36f61..000000000 --- a/contrib/scripts/bindata.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash - -arg1=$1 - -BINDATA_FILE=bindata.go -REQUIRED_GO_VERSION=$(cat ../GO_VERSION) - -if [[ "$arg1" == "apply" ]]; then - NEW_SHA1SUM=`sha1sum ${BINDATA_FILE} | awk '{ print $1}'` - GO_VERSION_USED=`go version | awk '{ print $3 }'` - BPF_FILES=`git ls-files ../bpf/ | grep -v .gitignore | tr "\n" ' '` - sed -i "s/GO_BINDATA_SHA1SUM=.*/GO_BINDATA_SHA1SUM=${NEW_SHA1SUM}/g" bpf.sha - sed -i "s#BPF_FILES=.*#BPF_FILES=${BPF_FILES}#g" bpf.sha - exit 0 -fi - -GO_BINDATA_SHA1SUM=$arg1 - -if [[ $GO_BINDATA_SHA1SUM == "" ]]; then - echo "please provide a sha1sum for the expected bindata." - exit 1 -fi - -if echo "$GO_BINDATA_SHA1SUM bindata.go" | sha1sum -c --quiet; then - exit 0 -fi - -echo "########################################################################" -echo "" -echo " ERROR: bindata.go is out of date." -echo "" -echo " This can happen for two reasons:" -echo " 1. You are using a go-bindata binary compiled with a different version" -echo " of golang (not ${REQUIRED_GO_VERSION}). If so, please up/downgrade." -echo "" -echo " 2. You have made changes to the bpf/ directory. Please run the" -echo " following command to update the SHA in daemon/bpf.sha:" -echo "" -echo " $ make -C daemon apply-bindata" -echo "" -echo "########################################################################" - -exit 1 diff --git a/contrib/scripts/check-fmt.sh b/contrib/scripts/check-fmt.sh index 37853cc06..faf1c1c28 100755 --- a/contrib/scripts/check-fmt.sh +++ b/contrib/scripts/check-fmt.sh @@ -7,8 +7,7 @@ diff="$(find . ! \( -path './contrib' -prune \) \ ! \( -path './vendor' -prune \) \ ! \( -path './.git' -prune \) \ ! \( -path '*.validate.go' -prune \) \ - -type f -name '*.go' | grep -v "daemon/bindata.go" | \ - xargs gofmt -d -l -s )" + -type f -name '*.go' | xargs gofmt -d -l -s )" if [ -n "$diff" ]; then echo "Unformatted Go source code:" diff --git a/contrib/scripts/fix-sha.sh b/contrib/scripts/fix-sha.sh deleted file mode 100755 index e6f73d9ca..000000000 --- a/contrib/scripts/fix-sha.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/env bash - -SHA_PATH="daemon/bpf.sha" -MAKE=${MAKE:-"make"} -if [ ! -e "$SHA_PATH" ]; then - echo "Could not locate bpf.sha. Are you in the right directory?" >&2 - exit 1 -fi - -echo "GO_BINDATA_SHA1SUM=01234567890abcdef78901234567890abcdef789" > "$SHA_PATH" -echo "BPF_FILES=../bpf/.gitignore" >> "$SHA_PATH" -${MAKE} -C daemon apply-bindata -${MAKE} -C daemon apply-bindata diff --git a/contrib/shell/util.sh b/contrib/shell/util.sh index 52f83a49b..64bc11877 100644 --- a/contrib/shell/util.sh +++ b/contrib/shell/util.sh @@ -81,34 +81,4 @@ function relative() { done } -# Continue rebasing and progressively update the daemon/bpf.sha each time there -# is a merge conflict for it. If there are merge conflicts in other files, it -# will stop rebasing and return for user input. -# -# Expected usage: -# $ git rebase origin/master -# <Merge failure on daemon/bpf.sha> -# $ rebase-bindata -# <For each conflict, your editor opens to review the commit. Save & exit> -function rebase-bindata -{ - ( - local dir - if ! git rebase --show-current-patch ; then - return - fi - set -x - while ! git rebase --continue ; do - dir=$(cd $(dirname ${BASH_SOURCE})/../.. && pwd) - $dir/contrib/scripts/fix-sha.sh - git add daemon/bpf.sha - if [ $(git diff --diff-filter=U | wc -l) -ne 0 ]; then - echo "Files that need manual merge:" - git diff --name-only --diff-filter=U - break - fi - done - ) -} - trap "echo" EXIT diff --git a/daemon/Makefile b/daemon/Makefile index ddbd83de2..8f2c5e9c8 100644 --- a/daemon/Makefile +++ b/daemon/Makefile @@ -1,25 +1,13 @@ -# We keep track of the SHA over bindata.go plus the go version used to -# generate the bindata.go as it affects the generated code. A change -# of version is likely causing a SHA conflict as well. -include bpf.sha - # GOBUILD relies on the order of makefile list to get VERSION file include ../Makefile.defs - TARGET=cilium-agent LINKS=cilium-node-monitor SOURCES := $(shell find ../api ../common ../daemon ../pkg . \( -name '*.go' ! -name '*_test.go' \)) -$(TARGET): $(SOURCES) check-bindata +$(TARGET): $(SOURCES) @$(ECHO_GO) $(QUIET) CGO_ENABLED=0 $(GO) build $(GOBUILD) -o $(TARGET) -GO_BINDATA := $(QUIET) go-bindata -prefix ../ -mode 0640 -modtime 1450269211 \ - -ignore Makefile -ignore bpf_features.h -ignore lxc_config.h \ - -ignore netdev_config.h -ignore node_config.h -ignore filter_config.h \ - -ignore '.+\.o$$' -ignore '.+\.orig$$' -ignore '.+~$$' \ - -ignore '\.DS_Store' - all: $(TARGET) links links: @@ -47,16 +35,3 @@ install: $(foreach link,$(LINKS), ln -f -s $(TARGET) $(DESTDIR)$(BINDIR)/$(link) || cp $(TARGET) $(DESTDIR)$(BINDIR)/$(link);) endif - -.PHONY: check-bindata -check-bindata: bindata.go - @echo " CHECK contrib/scripts/bindata.sh" - $(QUIET) ../contrib/scripts/bindata.sh $(GO_BINDATA_SHA1SUM) - -apply-bindata: go-bindata - @$(ECHO_GEN)bpf.sha - $(QUIET) ../contrib/scripts/bindata.sh apply - -bindata.go go-bindata: $(BPF_FILES) - @$(ECHO_GEN) $@ - $(GO_BINDATA) -o ./bindata.go $(BPF_FILES) diff --git a/daemon/bpf.sha b/daemon/bpf.sha deleted file mode 100644 index d846a53a0..000000000 --- a/daemon/bpf.sha +++ /dev/null @@ -1,2 +0,0 @@ -GO_BINDATA_SHA1SUM=cbfa4658613722c813e201abf9cab36a5653b20f -BPF_FILES=../bpf/COPYING ../bpf/Makefile ../bpf/Makefile.bpf ../bpf/bpf_alignchecker.c ../bpf/bpf_features.h ../bpf/bpf_hostdev_ingress.c ../bpf/bpf_ipsec.c ../bpf/bpf_lxc.c ../bpf/bpf_netdev.c ../bpf/bpf_network.c ../bpf/bpf_overlay.c ../bpf/bpf_sock.c ../bpf/bpf_xdp.c ../bpf/cilium-map-migrate.c ../bpf/filter_config.h ../bpf/include/bpf/api.h ../bpf/include/elf/elf.h ../bpf/include/elf/gelf.h ../bpf/include/elf/libelf.h ../bpf/include/iproute2/bpf_elf.h ../bpf/include/linux/bpf.h ../bpf/include/linux/bpf_common.h ../bpf/include/linux/byteorder.h ../bpf/include/linux/byteorder/big_endian.h ../bpf/include/linux/byteorder/little_endian.h ../bpf/include/linux/icmp.h ../bpf/include/linux/icmpv6.h ../bpf/include/linux/if_arp.h ../bpf/include/linux/if_ether.h ../bpf/include/linux/if_packet.h ../bpf/include/linux/in.h ../bpf/include/linux/in6.h ../bpf/include/linux/ioctl.h ../bpf/include/linux/ip.h ../bpf/include/linux/ipv6.h ../bpf/include/linux/perf_event.h ../bpf/include/linux/swab.h ../bpf/include/linux/tcp.h ../bpf/include/linux/type_mapper.h ../bpf/include/linux/udp.h ../bpf/init.sh ../bpf/lib/arp.h ../bpf/lib/common.h ../bpf/lib/config.h ../bpf/lib/conntrack.h ../bpf/lib/conntrack_map.h ../bpf/lib/conntrack_test.h ../bpf/lib/csum.h ../bpf/lib/dbg.h ../bpf/lib/drop.h ../bpf/lib/encap.h ../bpf/lib/eps.h ../bpf/lib/eth.h ../bpf/lib/events.h ../bpf/lib/icmp6.h ../bpf/lib/identity.h ../bpf/lib/ipv4.h ../bpf/lib/ipv6.h ../bpf/lib/ipv6_test.h ../bpf/lib/l3.h ../bpf/lib/l4.h ../bpf/lib/lb.h ../bpf/lib/lxc.h ../bpf/lib/maps.h ../bpf/lib/metrics.h ../bpf/lib/nat.h ../bpf/lib/nat46.h ../bpf/lib/nodeport.h ../bpf/lib/policy.h ../bpf/lib/signal.h ../bpf/lib/tailcall.h ../bpf/lib/trace.h ../bpf/lib/utils.h ../bpf/lib/xdp.h ../bpf/lxc_config.h ../bpf/netdev_config.h ../bpf/node_config.h ../bpf/probes/raw_change_tail.t ../bpf/probes/raw_fib_lookup.t ../bpf/probes/raw_insn.h ../bpf/probes/raw_invalidate_hash.t ../bpf/probes/raw_lpm_map.t ../bpf/probes/raw_lru_map.t ../bpf/probes/raw_main.c ../bpf/probes/raw_max_insn.t ../bpf/probes/raw_sock_cookie.t ../bpf/run_probes.sh ../bpf/sockops/Makefile ../bpf/sockops/bpf_redir.c ../bpf/sockops/bpf_sockops.c ../bpf/sockops/bpf_sockops.h ../bpf/sockops/sockops_config.h diff --git a/daemon/daemon_main.go b/daemon/daemon_main.go index b778722fe..7e7c89374 100644 --- a/daemon/daemon_main.go +++ b/daemon/daemon_main.go @@ -718,9 +718,9 @@ func init() { viper.BindPFlags(flags) } -// RestoreExecPermissions restores file permissions to 0740 of all files inside +// restoreExecPermissions restores file permissions to 0740 of all files inside // `searchDir` with the given regex `patterns`. -func RestoreExecPermissions(searchDir string, patterns ...string) error { +func restoreExecPermissions(searchDir string, patterns ...string) error { fileList := []string{} err := filepath.Walk(searchDir, func(path string, f os.FileInfo, err error) error { for _, pattern := range patterns { @@ -881,20 +881,11 @@ func initEnv(cmd *cobra.Command) { if err := os.MkdirAll(option.Config.LibDir, defaults.RuntimePathRights); err != nil { scopedLog.WithError(err).Fatal("Could not create library directory") } - if !option.Config.KeepTemplates { - // We need to remove the old probes here as otherwise stale .t tests could - // still reside from newer Cilium versions which might break downgrade. - if err := os.RemoveAll(filepath.Join(option.Config.BpfDir, "/probes/")); err != nil { - scopedLog.WithError(err).Fatal("Could not delete old probes from library directory") - } - if err := RestoreAssets(option.Config.LibDir, defaults.BpfDir); err != nil { - scopedLog.WithError(err).Fatal("Unable to restore agent assets") - } - // Restore permissions of executable files - if err := RestoreExecPermissions(option.Config.LibDir, `.*\.sh`); err != nil { - scopedLog.WithError(err).Fatal("Unable to restore agent assets") - } + // Restore permissions of executable files + if err := restoreExecPermissions(option.Config.LibDir, `.*\.sh`); err != nil { + scopedLog.WithError(err).Fatal("Unable to restore agent asset permissions") } + if option.Config.MaxControllerInterval < 0 { scopedLog.Fatalf("Invalid %s value %d", option.MaxCtrlIntervalName, option.Config.MaxControllerInterval) } diff --git a/pkg/datapath/linux/requirements.go b/pkg/datapath/linux/requirements.go index a131d80a9..4902c0446 100644 --- a/pkg/datapath/linux/requirements.go +++ b/pkg/datapath/linux/requirements.go @@ -203,6 +203,9 @@ func CheckMinRequirements() { if err := os.Chdir(option.Config.LibDir); err != nil { log.WithError(err).WithField(logfields.Path, option.Config.LibDir).Fatal("Could not change to runtime directory") } + if _, err := os.Stat(option.Config.BpfDir); os.IsNotExist(err) { + log.WithError(err).Fatalf("BPF template directory: NOT OK. Please run 'make install-bpf'") + } probeScript := filepath.Join(option.Config.BpfDir, "run_probes.sh") if err := exec.Command(probeScript, option.Config.BpfDir, option.Config.StateDir).Run(); err != nil { log.WithError(err).Fatal("BPF Verifier: NOT OK. Unable to run checker for bpf_features") diff --git a/test/docker-compose.yml b/test/docker-compose.yml index dd3381aac..907403167 100644 --- a/test/docker-compose.yml +++ b/test/docker-compose.yml @@ -15,7 +15,7 @@ services: command: "etcd -name etcd0 -advertise-client-urls http://0.0.0.0:4002 -listen-client-urls http://0.0.0.0:4002 -initial-cluster-token etcd-cluster-1 -initial-cluster-state new" privileged: true base_image: - image: "quay.io/cilium/cilium-builder:2020-02-13" + image: "quay.io/cilium/cilium-builder:2020-02-19" volumes: - "./../:/go/src/github.com/cilium/cilium/" privileged: true diff --git a/test/packet/scripts/install.sh b/test/packet/scripts/install.sh index d5181b0e1..ffd1038e2 100644 --- a/test/packet/scripts/install.sh +++ b/test/packet/scripts/install.sh @@ -65,7 +65,6 @@ sudo ln -s /usr/local/go/bin/* /usr/local/bin/ go version sudo mkdir /go/ export GOPATH=/go/ -go get -u github.com/cilium/go-bindata/... go get -u github.com/google/gops go get -u github.com/onsi/ginkgo/ginkgo go get -u github.com/onsi/gomega/... -- 2.25.1 ++++++ 0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch ++++++ ++++ 1516 lines (skipped) ++++++ 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch ++++++ From 74e791429bb4483c9039a4c93ba0b398991bb73b Mon Sep 17 00:00:00 2001 From: Michal Rostecki <[email protected]> Date: Mon, 24 Feb 2020 19:57:31 +0100 Subject: [PATCH 4/4] helm: Allow variables for compatibility with openSUSE images tl;dr: Few minor variables, which have no impact for users of Cilium using images from Dockerhub, but are necessary for (open)SUSE to consume the upstream helm charts without maintaining forks or crazy sed magic. This change introduces several new values in helm charts which make it possible to use them with images from registry.opensuse.org: - cniInstallScript - path or command of the script which installs CNI plugin (default: /cni-install.sh; openSUSE: cilium-cni-install) - cniUninstallScript - path or command of the script which uninstalls CNI plugin (default: /cni-uninstall.sh; openSUSE: cilium-cni-uninstall) - initImage - name of the image used for the init container (default: cilium; openSUSE: cilium-init) - initScript - path or command of the init container script (default: /init-container.sh; openSUSE: cilium-init) There are two motivations behind those values: - openSUSE images use only RPM packages, RPM packages have strict rules where files can be installed. It's against openSUSE policies to install scipts in the / directory, they have to be installed in /usr/bin. Having ".sh" in names of installed scripts is discouraged. - openSUSE ships a separate container image for the init container script, which has its own dedicated RPM package. After this commit, generating YAML manifest using openSUSE images can be done with: helm template cilium \ --namespace=kube-system \ --set global.containerRuntime.integration=crio \ --set global.registry=registry.opensuse.org/devel/kubic/containers/container/kubic \ --set global.tag=1.6.5 \ --set agent.cniInstallScript=cilium-cni-install \ --set agent.cniUninstallScript=cilium-cni-uninstall \ --set agent.initImage=cilium-init \ --set agent.initScript=cilium-init \ --set operator.image=cilium-operator > opensuse.yaml For the upstream Cilium images, default values do not bring any changes. Signed-off-by: Michal Rostecki <[email protected]> --- .../charts/agent/templates/daemonset.yaml | 18 +++++++++--------- .../kubernetes/cilium/charts/agent/values.yaml | 4 ++++ 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/install/kubernetes/cilium/charts/agent/templates/daemonset.yaml b/install/kubernetes/cilium/charts/agent/templates/daemonset.yaml index fe99c9e53..de24ad7c4 100644 --- a/install/kubernetes/cilium/charts/agent/templates/daemonset.yaml +++ b/install/kubernetes/cilium/charts/agent/templates/daemonset.yaml @@ -136,12 +136,12 @@ spec: postStart: exec: command: - - "/cni-install.sh" + - {{ .Values.cniInstallScript }} -{{- if .Values.global.debug.enabled }} "--enable-debug=true"{{- else }} "--enable-debug=false"{{- end }} preStop: exec: command: - - /cni-uninstall.sh + - {{ .Values.cniUninstallScript }} {{- end }} name: cilium-agent {{- if .Values.global.prometheus.enabled }} @@ -233,10 +233,10 @@ spec: {{- if and .Values.global.nodeinit.enabled (not (eq .Values.global.nodeinit.bootstrapFile "")) }} - name: wait-for-node-init command: ['sh', '-c', 'until stat {{ .Values.global.nodeinit.bootstrapFile }} > /dev/null 2>&1; do echo "Waiting on node-init to run..."; sleep 1; done'] -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" +{{- if contains "/" .Values.initImage }} + image: "{{ .Values.initImage }}" {{- else }} - image: "{{ .Values.global.registry }}/{{ .Values.image }}:{{ .Values.global.tag }}" + image: "{{ .Values.global.registry }}/{{ .Values.initImage }}:{{ .Values.global.tag }}" {{- end }} imagePullPolicy: {{ .Values.global.pullPolicy }} volumeMounts: @@ -244,7 +244,7 @@ spec: name: cilium-bootstrap-file {{- end }} - command: - - /init-container.sh + - {{ .Values.initScript }} env: - name: CILIUM_ALL_STATE valueFrom: @@ -264,10 +264,10 @@ spec: key: wait-bpf-mount name: cilium-config optional: true -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" +{{- if contains "/" .Values.initImage }} + image: "{{ .Values.initImage }}" {{- else }} - image: "{{ .Values.global.registry }}/{{ .Values.image }}:{{ .Values.global.tag }}" + image: "{{ .Values.global.registry }}/{{ .Values.initImage }}:{{ .Values.global.tag }}" {{- end }} imagePullPolicy: {{ .Values.global.pullPolicy }} name: clean-cilium-state diff --git a/install/kubernetes/cilium/charts/agent/values.yaml b/install/kubernetes/cilium/charts/agent/values.yaml index 233d3e068..d534de3d2 100644 --- a/install/kubernetes/cilium/charts/agent/values.yaml +++ b/install/kubernetes/cilium/charts/agent/values.yaml @@ -1,4 +1,8 @@ +cniInstallScript: /cni-install.sh +cniUninstallScript: /cni-uninstall.sh image: cilium +initImage: cilium +initScript: /init-container.sh # Specifies the maximum number of Pods that can be unavailable during the # update process. -- 2.25.1 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.jkHurq/_old 2020-02-29 21:20:11.126002474 +0100 +++ /var/tmp/diff_new_pack.jkHurq/_new 2020-02-29 21:20:11.130002482 +0100 @@ -4,7 +4,7 @@ <param name="scm">git</param> <param name="exclude">.git</param> <param name="versionformat">@PARENT_TAG@</param> - <param name="revision">refs/tags/v1.6.5</param> + <param name="revision">refs/tags/v1.7.0</param> <param name="filename">cilium</param> <param name="changesgenerate">disable</param> </service> ++++++ cilium-1.6.5.obscpio -> cilium-1.7.0.obscpio ++++++ /work/SRC/openSUSE:Factory/cilium/cilium-1.6.5.obscpio /work/SRC/openSUSE:Factory/.cilium.new.26092/cilium-1.7.0.obscpio differ: char 48, line 1 ++++++ cilium.obsinfo ++++++ --- /var/tmp/diff_new_pack.jkHurq/_old 2020-02-29 21:20:11.178002577 +0100 +++ /var/tmp/diff_new_pack.jkHurq/_new 2020-02-29 21:20:11.182002585 +0100 @@ -1,5 +1,5 @@ name: cilium -version: 1.6.5 -mtime: 1576510138 -commit: 88642ed7049e1037283c550db8103a58bcf2e574 +version: 1.7.0 +mtime: 1582065165 +commit: adeaf8c04371e7f1ab17379578a0b74814793587
