commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2020-11-02 09:41:18 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.3463 (New) Package is "cilium" Mon Nov 2 09:41:18 2020 rev:30 rq:845100 version:1.8.5 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2020-08-16 20:27:35.898108844 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.3463/cilium.changes 2020-11-02 09:41:37.845681164 +0100 @@ -1,0 +2,21 @@ +Fri Oct 30 16:50:02 UTC 2020 - Michał Rostecki + +- Update to 1.8.5 + * Release notes: https://github.com/cilium/cilium/releases/tag/v1.8.5 +- Remove patches which were included upstream: + * 0001-option-mark-keep-bpf-templates-as-deprecated.patch + * 0002-make-remove-the-need-for-go-bindata.patch + * 0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch + * 0005-bpf-re-add-a-proper-types.h-mapper.patch + * 0006-build-Avoid-using-git-if-not-in-a-git-repo.patch + * 0007-option-rename-PolicyMapMaxEntries-to-PolicyMapEntrie.patch + * 0008-helm-allow-to-configure-bpf-nat-global-max-using-Hel.patch + * 0009-option-reduce-default-number-for-TCP-CT-and-NAT-tabl.patch + * 0010-daemon-add-option-to-dynamically-size-BPF-maps-based.patch +- Remove downstream patch which is not needed anymore (now it's + enough to just modify the Helm chart with sed to set out images): + * 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch +- Add upstream patch for installing the operator binary: + * 0001-operator-make-Add-install-target.patch + +--- Old: 0001-option-mark-keep-bpf-templates-as-deprecated.patch 0002-make-remove-the-need-for-go-bindata.patch 0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch 0005-bpf-re-add-a-proper-types.h-mapper.patch 0006-build-Avoid-using-git-if-not-in-a-git-repo.patch 0007-option-rename-PolicyMapMaxEntries-to-PolicyMapEntrie.patch 0008-helm-allow-to-configure-bpf-nat-global-max-using-Hel.patch 0009-option-reduce-default-number-for-TCP-CT-and-NAT-tabl.patch 0010-daemon-add-option-to-dynamically-size-BPF-maps-based.patch cilium-1.7.6.obscpio New: 0001-operator-make-Add-install-target.patch cilium-1.8.5.obscpio Other differences: -- ++ cilium.spec ++ --- /var/tmp/diff_new_pack.fm2RQv/_old 2020-11-02 09:41:39.389682646 +0100 +++ /var/tmp/diff_new_pack.fm2RQv/_new 2020-11-02 09:41:39.393682649 +0100 @@ -35,7 +35,7 @@ %endif Name: cilium -Version:1.7.6 +Version:1.8.5 Release:0 Summary:Linux Native, HTTP Aware Networking and Security for Containers License:Apache-2.0 AND GPL-2.0-or-later @@ -44,28 +44,8 @@ Source1:%{name}-rpmlintrc Source2:cilium-cni-install Source3:cilium-cni-uninstall -# PATCH-FIX-UPSTREAM 0001-option-mark-keep-bpf-templates-as-deprecated.patch -Patch1: 0001-option-mark-keep-bpf-templates-as-deprecated.patch -# PATCH-FIX-UPSTREAM 0002-make-remove-the-need-for-go-bindata.patch -Patch2: 0002-make-remove-the-need-for-go-bindata.patch -# PATCH-FIX-UPSTREAM 0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch -Patch3: 0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch -# PATCH-FIX-OPENSUSE 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch -# TODO(mrostecki): Submit it upstream after we confirm that our images work 100% -# fine, also on aarch64. -Patch4: 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch -# PATCH-FIX-UPSTREAM 0005-bpf-re-add-a-proper-types.h-mapper.patch -Patch5: 0005-bpf-re-add-a-proper-types.h-mapper.patch -# PATCH-FIX-UPSTREAM 0006-build-Avoid-using-git-if-not-in-a-git-repo.patch -Patch6: 0006-build-Avoid-using-git-if-not-in-a-git-repo.patch -# PATCH-FIX-UPSTREAM 0007-option-rename-PolicyMapMaxEntries-to-PolicyMapEntrie.patch -Patch7: 0007-option-rename-PolicyMapMaxEntries-to-PolicyMapEntrie.patch -# PATCH-FIX-UPSTREAM 0008-helm-allow-to-configure-bpf-nat-global-max-using-Hel.patch -Patch8: 0008-helm-allow-to-configure-bpf-nat-global-max-using-Hel.patch -# PATCH-FIX-UPSTREAM 0009-option-reduce-default-number-for-TCP-CT-and-NAT-tabl.patch -Patch9: 0009-option-reduce-default-number-for-TCP-CT-and-NAT-tabl.patch -# PATCH-FIX-UPSTREAM 0010-daemon-add-option-to-dynamically-size-BPF-maps-based.patch -Patch10:0010-daemon-add-option-to-dynamically-size-BPF-maps-based.patch +# PATCH-FIX-UPSTREAM 0001-operator-make-Add-install-target.patch +Patch0:
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2020-08-16 20:27:20 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.3399 (New) Package is "cilium" Sun Aug 16 20:27:20 2020 rev:29 rq:826668 version:1.7.6 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2020-08-06 17:30:32.789072022 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.3399/cilium.changes 2020-08-16 20:27:35.898108844 +0200 @@ -43,0 +44,5 @@ +Tue Jul 7 13:35:47 UTC 2020 - jmassaguer...@suse.com + +- Add a _constraints to require at least 5GB of disk space + +--- New: _constraints Other differences: -- ++ cilium.spec ++ +++ empty output from diff against cilium.spec ++ _constraints ++ 5
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2020-08-06 17:29:53 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.3399 (New) Package is "cilium" Thu Aug 6 17:29:53 2020 rev:28 rq:824205 version:1.7.6 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2020-06-23 21:02:46.669491238 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.3399/cilium.changes 2020-08-06 17:30:32.789072022 +0200 @@ -1,0 +2,42 @@ +Mon Aug 3 16:53:32 UTC 2020 - Callum Farmer + +- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) + +--- +Thu Jul 30 10:15:01 UTC 2020 - Dirk Mueller + +- update to 1.7.6: + Fixes https://github.com/cilium/cilium/security/advisories/GHSA-9hx8-3wfx-q2vw + (CVE-2020-8663, CVE-2020-12605, CVE-2020-12604, CVE-2020-12603, bsc#1173559) + + see https://github.com/cilium/cilium/releases/tag/v1.7.6 + * avoid having endpoints in 'restoring' state in case the connectivity with the KVStore is not reliable (Backport PR #12333, Upstream PR #12307, @aanm) + * bpf: Use nproc --all for __NR_CPUS__ (Backport PR #12363, Upstream PR #12121, @gandro) + * cilium: fix encryption flow labels in ip6 case (Backport PR #12056, Upstream PR #12015, @jrfastab) + * Fix bug where etcd session renew would block indefinitely, causing endpoint provision to fail (Backport PR #12333, Upstream PR #12292, @joestringer) + * Fix bug where identity allocation wouldn't cancel from api timeouts (Backport PR #12350, Upstream PR #12328, @joestringer) + * Fix setting monitorAggregationLevel to max reflects via CLI (Backport PR #12333, Upstream PR #12014, @soumynathan) + * Fix silent cilium monitor on systems with offline CPUs (Backport PR #12363, Upstream PR #12310, @pchaigno) + * Fix syslog hook missing in DefaultLogger (Backport PR #12333, Upstream PR #12170, @ArthurChiao) + * helm/operator: fix IPv6 liveness probe address for operator (Backport PR #12333, Upstream PR #12223, @Rolinh) + * iptables: Remove '--nowildcard' from socket match (Backport PR #12333, Upstream PR #12248, @jrajahalme) + * Istio integration is updated to Istio release 1.5.6. (Backport PR #12333, Upstream PR #12214, @jrajahalme) + * Istio integration is updated to Istio release 1.5.7. (Backport PR #12357, Upstream PR #12353, @jrajahalme) + * make: fix LOCKDEBUG env variable reference for docker-plugin-image (Backport PR #12333, Upstream PR #12318, @Rolinh) + * option: Require native-routing-cidr only if IPv4 is enabled (Backport PR #12354, Upstream PR #12198, @brb) + * policy/api: Add reserved:health entity (Backport PR #12333, Upstream PR #12199, @pchaigno) + * stop Cilium from hanging on CNP or CCNP events from Kubernetes if running with 'k8s-event-handover=true' and 'kvstore=""' (Backport PR #12333, Upstream PR #12146, @aanm) + * The host proxy is updated to Envoy release 1.13.3 (Backport PR #12350, Upstream PR #12343, @jrajahalme) + * Valid CNP and CCNP 'matchLabel' values must be 63 characters or less and must be empty or begin and end with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. (Backport PR #12354, Upstream PR #12117, @aanm) +- 0001-option-mark-keep-bpf-templates-as-deprecated.patch, + 0002-make-remove-the-need-for-go-bindata.patch, + 0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch, + 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch, + 0005-bpf-re-add-a-proper-types.h-mapper.patch, + 0006-build-Avoid-using-git-if-not-in-a-git-repo.patch, + 0007-option-rename-PolicyMapMaxEntries-to-PolicyMapEntrie.patch, + 0008-helm-allow-to-configure-bpf-nat-global-max-using-Hel.patch, + 0009-option-reduce-default-number-for-TCP-CT-and-NAT-tabl.patch, + 0010-daemon-add-option-to-dynamically-size-BPF-maps-based.patch: rebase against 1.7.6 + +--- Old: cilium-1.7.5.obscpio New: cilium-1.7.6.obscpio Other differences: -- ++ cilium.spec ++ --- /var/tmp/diff_new_pack.OztuFs/_old 2020-08-06 17:30:35.817072766 +0200 +++ /var/tmp/diff_new_pack.OztuFs/_new 2020-08-06 17:30:35.821072768 +0200 @@ -35,7 +35,7 @@ %endif Name: cilium -Version:1.7.5 +Version:1.7.6 Release:0 Summary:Linux Native, HTTP Aware Networking and Security for Containers License:Apache-2.0 AND GPL-2.0-or-later @@ -243,6 +243,7 @@ ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc${service} done +sed -e 's-@LIBEXECDIR@-%{_libexecdir}-g' -i %{SOURCE2} install -D -m 0755 %{SOURCE2}
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2020-06-23 21:02:19 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.2956 (New) Package is "cilium" Tue Jun 23 21:02:19 2020 rev:27 rq:814777 version:1.7.5 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2020-06-12 21:36:38.479610595 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.2956/cilium.changes 2020-06-23 21:02:46.669491238 +0200 @@ -1,0 +2,30 @@ +Mon Jun 15 16:13:44 UTC 2020 - Michał Rostecki + +- Fix cniInstallScript and cniUninstallScript values in helm chart. + +--- +Fri Jun 12 14:00:51 UTC 2020 - Dirk Mueller + +- Update to 1.7.5 + + Too many bugfixes to list here, see + https://github.com/cilium/cilium/releases/tag/v1.7.5 + https://github.com/cilium/cilium/releases/tag/v1.7.4 + https://github.com/cilium/cilium/releases/tag/v1.7.3 + https://github.com/cilium/cilium/releases/tag/v1.7.2 + https://github.com/cilium/cilium/releases/tag/v1.7.1 + +- rename 0002-bpf-re-add-a-proper-types.h-mapper.patch to + 0005-bpf-re-add-a-proper-types.h-mapper.patch +- rename 0001-build-Avoid-using-git-if-not-in-a-git-repo.patch to + 0006-build-Avoid-using-git-if-not-in-a-git-repo.patch +- rename 0005-rename-PolicyMapMaxEntries-to-PolicyMapEntries-and-define-policy-map-size-limits-as-consts.patch to + 0007-option-rename-PolicyMapMaxEntries-to-PolicyMapEntrie.patch +- rename 0006-allow-to-configure-bpf-nat-global-max-using-helm.patch to + 0008-helm-allow-to-configure-bpf-nat-global-max-using-Hel.patch +- rename 0007-reduce-default-number-for-TCP-CT-and-NAT-table-max-entries.patch to + 0009-option-reduce-default-number-for-TCP-CT-and-NAT-tabl.patch +- rename 0008-add-option-to-dynamically-size-BPF-maps-based-on-system-memory.patch to + 0010-daemon-add-option-to-dynamically-size-BPF-maps-based.patch +- remove 0001-datapath-Switch-to-upstream-bpftool-remove-additiona.patch + +--- Old: 0001-build-Avoid-using-git-if-not-in-a-git-repo.patch 0001-datapath-Switch-to-upstream-bpftool-remove-additiona.patch 0002-bpf-re-add-a-proper-types.h-mapper.patch 0005-rename-PolicyMapMaxEntries-to-PolicyMapEntries-and-define-policy-map-size-limits-as-consts.patch 0006-allow-to-configure-bpf-nat-global-max-using-helm.patch 0007-reduce-default-number-for-TCP-CT-and-NAT-table-max-entries.patch 0008-add-option-to-dynamically-size-BPF-maps-based-on-system-memory.patch cilium-1.7.0.obscpio New: 0005-bpf-re-add-a-proper-types.h-mapper.patch 0006-build-Avoid-using-git-if-not-in-a-git-repo.patch 0007-option-rename-PolicyMapMaxEntries-to-PolicyMapEntrie.patch 0008-helm-allow-to-configure-bpf-nat-global-max-using-Hel.patch 0009-option-reduce-default-number-for-TCP-CT-and-NAT-tabl.patch 0010-daemon-add-option-to-dynamically-size-BPF-maps-based.patch cilium-1.7.5.obscpio Other differences: -- ++ cilium.spec ++ --- /var/tmp/diff_new_pack.TZFIMP/_old 2020-06-23 21:02:48.509497159 +0200 +++ /var/tmp/diff_new_pack.TZFIMP/_new 2020-06-23 21:02:48.513497172 +0200 @@ -35,7 +35,7 @@ %endif Name: cilium -Version:1.7.0 +Version:1.7.5 Release:0 Summary:Linux Native, HTTP Aware Networking and Security for Containers License:Apache-2.0 AND GPL-2.0-or-later @@ -45,29 +45,27 @@ Source2:cilium-cni-install Source3:cilium-cni-uninstall # PATCH-FIX-UPSTREAM 0001-option-mark-keep-bpf-templates-as-deprecated.patch -Patch0: 0001-option-mark-keep-bpf-templates-as-deprecated.patch +Patch1: 0001-option-mark-keep-bpf-templates-as-deprecated.patch # PATCH-FIX-UPSTREAM 0002-make-remove-the-need-for-go-bindata.patch -Patch1: 0002-make-remove-the-need-for-go-bindata.patch +Patch2: 0002-make-remove-the-need-for-go-bindata.patch # PATCH-FIX-UPSTREAM 0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch -Patch2: 0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch +Patch3: 0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch # PATCH-FIX-OPENSUSE 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch # TODO(mrostecki): Submit it upstream after we confirm that our images work 100% # fine, also on aarch64. -Patch3: 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch -# PATCH-FIX-UPSTREAM 0005-rename-PolicyMapMaxEntries-to-PolicyMapEntries-and-define-policy-map-size-limits-as-consts.patch -Patch5:
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2020-06-12 21:35:53 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.3606 (New) Package is "cilium" Fri Jun 12 21:35:53 2020 rev:26 rq:813483 version:1.7.0 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2020-05-07 15:05:33.231712331 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.3606/cilium.changes 2020-06-12 21:36:38.479610595 +0200 @@ -1,0 +2,8 @@ +Wed Jun 10 19:44:44 UTC 2020 - Dirk Mueller + +- add 0002-bpf-re-add-a-proper-types.h-mapper.patch +- add 0001-build-Avoid-using-git-if-not-in-a-git-repo.patch +- add 0001-datapath-Switch-to-upstream-bpftool-remove-additiona.patch +- build BPF_SRCFILES to get the list of bpf files to install + +--- New: 0001-build-Avoid-using-git-if-not-in-a-git-repo.patch 0001-datapath-Switch-to-upstream-bpftool-remove-additiona.patch 0002-bpf-re-add-a-proper-types.h-mapper.patch Other differences: -- ++ cilium.spec ++ --- /var/tmp/diff_new_pack.Bq7Mn4/_old 2020-06-12 21:36:41.083620170 +0200 +++ /var/tmp/diff_new_pack.Bq7Mn4/_new 2020-06-12 21:36:41.087620184 +0200 @@ -62,10 +62,16 @@ Patch7: 0007-reduce-default-number-for-TCP-CT-and-NAT-table-max-entries.patch # PATCH-FIX-UPSTREAM 0008-add-option-to-dynamically-size-BPF-maps-based-on-system-memory.patch Patch8: 0008-add-option-to-dynamically-size-BPF-maps-based-on-system-memory.patch +# PATCH-FIX-UPSTREAM 0002-bpf-re-add-a-proper-types.h-mapper.patch +Patch10:0002-bpf-re-add-a-proper-types.h-mapper.patch +# PATCH-FIX-UPSTREAM 0001-build-Avoid-using-git-if-not-in-a-git-repo.patch +Patch11:0001-build-Avoid-using-git-if-not-in-a-git-repo.patch +# PATCH-FIX-UPSTREAM 0001-datapath-Switch-to-upstream-bpftool-remove-additiona.patch +Patch12:0001-datapath-Switch-to-upstream-bpftool-remove-additiona.patch # Cilium needs to be aware of the version string of cilium-proxy BuildRequires: cilium-proxy BuildRequires: clang -BuildRequires: git +BuildRequires: git-core BuildRequires: golang-github-jteeuwen-go-bindata BuildRequires: golang-packaging %if 0%{?suse_version} > 1510 && 0%{?is_opensuse} @@ -193,6 +199,10 @@ %prep %autosetup -p1 +# generate the BPF_SRCFILES which is normally part of the release tarballs but +# not when we generate it from git (but don't run the dist scripts) +find bpf/ -type f | grep -v .gitignore | tr "\n" ' ' > BPF_SRCFILES + %build %goprep %{provider_prefix} export GOPATH=%{_builddir}/go @@ -316,6 +326,7 @@ %{_bindir}/cilium-map-migrate %{_bindir}/cilium-node-monitor %{_bindir}/maptool +%{_localstatedir}/lib/cilium %license LICENSE %files cni ++ 0001-build-Avoid-using-git-if-not-in-a-git-repo.patch ++ >From 0c80bde138150fc7f5a275b075995ad8ba11caa9 Mon Sep 17 00:00:00 2001 From: Jarno Rajahalme Date: Fri, 15 May 2020 17:33:01 -0700 Subject: [PATCH] build: Avoid using git if not in a git repo Do not use git if not in a git repo. Only create GIT_VERSION if the existing file is already not the same. This helps docker caching. Store the list bpf files to a temporary file BPF_SRCFILES, which is ignored by git like GIT_VERSION. This allows builds to succeed without git. Signed-off-by: Jarno Rajahalme --- .gitignore| 1 + Makefile | 9 ++--- Makefile.defs | 11 --- 3 files changed, 15 insertions(+), 6 deletions(-) --- a/Makefile.defs +++ b/Makefile.defs @@ -38,7 +38,7 @@ BPF_FILES_EVAL := $(shell git ls-files $(ROOT_DIR)/bpf/ | grep -v .gitignore | tr "\n" ' ') BPF_FILES ?= $(BPF_FILES_EVAL) -BPF_SRCFILES := $(subst ../,,$(BPF_FILES)) +BPF_SRCFILES = $(shell cat $(ROOT_DIR)/BPF_SRCFILES) CILIUM_DATAPATH_SHA=$(shell cat $(BPF_FILES) | sha1sum | awk '{print $$1}') GOLDFLAGS += -X "github.com/cilium/cilium/pkg/datapath/loader.DatapathSHA=$(CILIUM_DATAPATH_SHA)" ++ 0001-datapath-Switch-to-upstream-bpftool-remove-additiona.patch ++ >From d4b7d5a7f86c11fde6ca764a02719fa4ea9ba915 Mon Sep 17 00:00:00 2001 From: Michal Rostecki Date: Wed, 26 Feb 2020 23:48:02 +0100 Subject: [PATCH] datapath: Switch to upstream bpftool, remove additional arguments [ upstream commit 35bbe48c86fdfc430de47f7f4c488f3fb1d9b711 ] Upstream bpftool does not run probes which emit dmesg messages by default anymore. Additional arguments for filtering out probes are not needed anymore. Link: https://lore.kernel.org/bpf/20200226165941.6379-1-mroste...@opensuse.org/T/ Signed-off-by: Michal Rostecki --- pkg/datapath/linux/probes/probes.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2020-05-07 15:05:11 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.2738 (New) Package is "cilium" Thu May 7 15:05:11 2020 rev:25 rq:87 version:1.7.0 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2020-04-28 22:29:22.869419119 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.2738/cilium.changes 2020-05-07 15:05:33.231712331 +0200 @@ -1,0 +2,5 @@ +Wed Apr 29 20:14:19 UTC 2020 - Dirk Mueller + +- enable build for all 64 bit arches (adds ppc64le, s390x) + +--- Other differences: -- ++ cilium.spec ++ --- /var/tmp/diff_new_pack.8U0dmN/_old 2020-05-07 15:05:34.419714960 +0200 +++ /var/tmp/diff_new_pack.8U0dmN/_new 2020-05-07 15:05:34.419714960 +0200 @@ -103,7 +103,7 @@ Requires: protobuf-c Requires: util-linux Requires: which -ExclusiveArch: aarch64 x86_64 +ExclusiveArch: aarch64 x86_64 s390x ppc64le Requires(post): %fillup_prereq %description
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2020-04-28 22:29:20 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.2738 (New) Package is "cilium" Tue Apr 28 22:29:20 2020 rev:24 rq:797590 version:1.7.0 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2020-03-11 18:34:55.126993370 +0100 +++ /work/SRC/openSUSE:Factory/.cilium.new.2738/cilium.changes 2020-04-28 22:29:22.869419119 +0200 @@ -1,0 +2,9 @@ +Sat Apr 25 03:57:30 UTC 2020 - Swaminathan Vasudevan + +- Adds a couple of patches that fixes bpf load error (bsc#1151876) + * 0005-rename-PolicyMapMaxEntries-to-PolicyMapEntries-and-define-policy-map-size-limits-as-consts.patch(combined) + * 0006-allow-to-configure-bpf-nat-global-max-using-helm.patch + * 0007-reduce-default-number-for-TCP-CT-and-NAT-table-max-entries.patch + * 0008-add-option-to-dynamically-size-BPF-maps-based-on-system-memory.patch + +--- New: 0005-rename-PolicyMapMaxEntries-to-PolicyMapEntries-and-define-policy-map-size-limits-as-consts.patch 0006-allow-to-configure-bpf-nat-global-max-using-helm.patch 0007-reduce-default-number-for-TCP-CT-and-NAT-table-max-entries.patch 0008-add-option-to-dynamically-size-BPF-maps-based-on-system-memory.patch Other differences: -- ++ cilium.spec ++ --- /var/tmp/diff_new_pack.lKL9yT/_old 2020-04-28 22:29:25.765424523 +0200 +++ /var/tmp/diff_new_pack.lKL9yT/_new 2020-04-28 22:29:25.769424530 +0200 @@ -54,6 +54,14 @@ # TODO(mrostecki): Submit it upstream after we confirm that our images work 100% # fine, also on aarch64. Patch3: 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch +# PATCH-FIX-UPSTREAM 0005-rename-PolicyMapMaxEntries-to-PolicyMapEntries-and-define-policy-map-size-limits-as-consts.patch +Patch5: 0005-rename-PolicyMapMaxEntries-to-PolicyMapEntries-and-define-policy-map-size-limits-as-consts.patch +# PATCH-FIX-UPSTREAM 0006-add-option-to-dynamically-size-BPF-maps-based-on-system-memory.patch +Patch6: 0006-allow-to-configure-bpf-nat-global-max-using-helm.patch +# PATCH-FIX-UPSTREAM 0007-reduce-default-number-for-TCP-CT-and-NAT-table-max-entries.patch +Patch7: 0007-reduce-default-number-for-TCP-CT-and-NAT-table-max-entries.patch +# PATCH-FIX-UPSTREAM 0008-add-option-to-dynamically-size-BPF-maps-based-on-system-memory.patch +Patch8: 0008-add-option-to-dynamically-size-BPF-maps-based-on-system-memory.patch # Cilium needs to be aware of the version string of cilium-proxy BuildRequires: cilium-proxy BuildRequires: clang ++ 0005-rename-PolicyMapMaxEntries-to-PolicyMapEntries-and-define-policy-map-size-limits-as-consts.patch ++ diff -crB --new-file cilium-1.7.0-backup/daemon/daemon.go cilium-1.7.0-policymapentry-new/daemon/daemon.go *** cilium-1.7.0-backup/daemon/daemon.go2020-02-18 14:32:45.0 -0800 --- cilium-1.7.0-policymapentry-new/daemon/daemon.go2020-04-24 10:52:21.067469765 -0700 *** *** 273,279 ctmap.InitMapInfo(option.Config.CTMapEntriesGlobalTCP, option.Config.CTMapEntriesGlobalAny, option.Config.EnableIPv4, option.Config.EnableIPv6, ) ! policymap.InitMapInfo(option.Config.PolicyMapMaxEntries) if option.Config.DryMode == false { if err := bpf.ConfigureResourceLimits(); err != nil { --- 273,279 ctmap.InitMapInfo(option.Config.CTMapEntriesGlobalTCP, option.Config.CTMapEntriesGlobalAny, option.Config.EnableIPv4, option.Config.EnableIPv6, ) ! policymap.InitMapInfo(option.Config.PolicyMapEntries) if option.Config.DryMode == false { if err := bpf.ConfigureResourceLimits(); err != nil { diff -crB --new-file cilium-1.7.0-backup/pkg/option/config.go cilium-1.7.0-policymapentry-new/pkg/option/config.go *** cilium-1.7.0-backup/pkg/option/config.go2020-04-23 21:08:27.747702955 -0700 --- cilium-1.7.0-policymapentry-new/pkg/option/config.go2020-04-24 17:56:30.130187069 -0700 *** *** 449,454 --- 449,460 // LimitTableMax defines the maximum CT or NAT table limit LimitTableMax = 1 << 24 // 16Mi entries (~1GiB of entries per map) + // PolicyMapMin defines the minimum policy map limit. + PolicyMapMin = 1 << 8 + + // PolicyMapMax defines the minimum policy map limit. + PolicyMapMax = 1 << 16 + // NATMapEntriesGlobalName configures max entries for BPF NAT table NATMapEntriesGlobalName = "bpf-nat-global-max" *** *** 971,979
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2020-03-11 18:33:53 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.3160 (New) Package is "cilium" Wed Mar 11 18:33:53 2020 rev:23 rq:783750 version:1.7.0 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2020-02-29 21:20:06.754001460 +0100 +++ /work/SRC/openSUSE:Factory/.cilium.new.3160/cilium.changes 2020-03-11 18:34:55.126993370 +0100 @@ -1,0 +2,10 @@ +Mon Mar 9 11:03:44 UTC 2020 - Michał Rostecki + +- Remove cilium-init package. + +--- +Fri Mar 6 10:50:09 UTC 2020 - Michał Rostecki + +- Add bpftool as a runtime dependency. + +--- Other differences: -- ++ cilium.spec ++ --- /var/tmp/diff_new_pack.64fsqp/_old 2020-03-11 18:34:56.630994293 +0100 +++ /var/tmp/diff_new_pack.64fsqp/_new 2020-03-11 18:34:56.630994293 +0100 @@ -71,6 +71,7 @@ BuildRequires: golang(API) = 1.13 Requires: awk Requires: binutils +Requires: bpftool %requires_eqcilium-proxy # clang is needed as runtime dependency for compiling BPF programs by cilium Requires: clang @@ -130,19 +131,6 @@ This package provides a Docker libnetwork plugin for Cilium. -%package init -Summary:Script for the Cilium init container - -%description init -Cilium is a software for providing, and transparently securing, network -connectivity, and for load-balancing between application containers and -services deployed using Linux container management platforms like Docker and -Kubernetes. - -This package provides a script for the Cilium init container which cleans BPF -maps states which should be executed before launching Cilium in Kubernetes -clusters. - %package operator Summary:Kubernetes operator for Cilium @@ -259,7 +247,6 @@ sed -i \ -e 's|cniInstallScript: /cni-install.sh|cilium-cni-install|' \ -e 's|cniUninstallScript: /cni-uninstall.sh|cilium-cni-uninstall|' \ --e 's|initImage: cilium|initImage: cilium-init|' \ -e 's|initScript: /init-container.sh|initScript: cilium-init|' \ %{buildroot}%{_datadir}/k8s-helm/cilium/charts/agent/values.yaml sed -i \ @@ -317,6 +304,7 @@ %{_bindir}/cilium-bugtool %{_bindir}/cilium-health %{_bindir}/cilium-health-responder +%{_bindir}/cilium-init %{_bindir}/cilium-map-migrate %{_bindir}/cilium-node-monitor %{_bindir}/maptool @@ -336,9 +324,6 @@ %{_sbindir}/rccilium-docker %{_bindir}/cilium-docker -%files init -%{_bindir}/cilium-init - %files operator %{_bindir}/cilium-operator ++ 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch ++ --- /var/tmp/diff_new_pack.64fsqp/_old 2020-03-11 18:34:56.642994300 +0100 +++ /var/tmp/diff_new_pack.64fsqp/_new 2020-03-11 18:34:56.646994303 +0100 @@ -1,4 +1,4 @@ -From 74e791429bb4483c9039a4c93ba0b398991bb73b Mon Sep 17 00:00:00 2001 +From 6f533168004d9bdc7be259e0b0860bc6b4792936 Mon Sep 17 00:00:00 2001 From: Michal Rostecki Date: Mon, 24 Feb 2020 19:57:31 +0100 Subject: [PATCH 4/4] helm: Allow variables for compatibility with openSUSE @@ -16,18 +16,15 @@ - cniUninstallScript - path or command of the script which uninstalls CNI plugin (default: /cni-uninstall.sh; openSUSE: cilium-cni-uninstall) -- initImage - name of the image used for the init container - (default: cilium; openSUSE: cilium-init) - initScript - path or command of the init container script (default: /init-container.sh; openSUSE: cilium-init) -There are two motivations behind those values: -- openSUSE images use only RPM packages, RPM packages have strict rules - where files can be installed. It's against openSUSE policies to - install scipts in the / directory, they have to be installed in - /usr/bin. Having ".sh" in names of installed scripts is discouraged. -- openSUSE ships a separate container image for the init container - script, which has its own dedicated RPM package. +Reason behind those changes is that openSUSE images use only RPM +packages as the source of any files. rpmlint has strict rules where +files can be installed. It's against rpmlintrc rules and openSUSE +policies to install scripts in the / directory, they have to be +installed in /usr/bin. Having ".sh" extensions in names of installed +scripts is discouraged. After this commit, generating YAML manifest using openSUSE images can be done with: @@ -39,7 +36,6 @@ --set global.tag=1.6.5 \ --set agent.cniInstallScript=cilium-cni-install \ --set agent.cniUninstallScript=cilium-cni-uninstall \ - --set agent.initImage=cilium-init \
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2020-02-29 21:19:50 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.26092 (New) Package is "cilium" Sat Feb 29 21:19:50 2020 rev:22 rq:779898 version:1.7.0 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2020-01-13 22:15:44.674357376 +0100 +++ /work/SRC/openSUSE:Factory/.cilium.new.26092/cilium.changes 2020-02-29 21:20:06.754001460 +0100 @@ -1,0 +2,88 @@ +Thu Feb 27 12:16:05 UTC 2020 - Michał Rostecki + +- Use %requires_eq for cilium-proxy. + +--- +Thu Feb 27 11:35:39 UTC 2020 - Michał Rostecki + +- Add cilium-proxy as a runtime dependency. + +--- +Mon Feb 24 23:50:04 UTC 2020 - Michał Rostecki + +- Build with correct cilium-proxy version string. + +--- +Mon Feb 24 22:59:42 UTC 2020 - Michał Rostecki + +- Add upstream patches which fix running Cilium on aarch64 and + remove dependency on glibc: + * 0001-option-mark-keep-bpf-templates-as-deprecated.patch + * 0002-make-remove-the-need-for-go-bindata.patch + * 0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch +- Add downstream patch which makes helm charts compatible with + openSUSE images: + * 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch + +--- +Mon Feb 24 18:35:55 UTC 2020 - Michał Rostecki + +- Update to version 1.7.0: + * Major changes +- Add direct server return (DSR) for NodePort BPF +- Add support for k8s 1.17 +- Add support for k8s endpoint slice +- Add support for L7 visibility via pod annotations +- Clusterwide K8s Cilium Network Policies +- Envoy TLS support with header imposition + * Bugfixes +- Add better mechanism to detect if k8s caches are synced + against k8s +- api: Add missing annotations to generate DeepCopy for new + status fields +- bpf: Fix proxy redirection for egress programs +- bpf: Remove POLICY_MAP from bpf_netdev and bpf_overlay +- cilium: use %v for dumping frontend struct on error +- Correct clustermesh identity sync kvstore backend usage (to + actually use the remote) +- daemon: Upgrade spf13/viper +- eni: Check instance existence before resolving deficit +- Filter out bpftool probes emitting dmesg messages +- Fix cilium daemonset deletion on AKS +- Fix concurrent access of a variable used for metrics +- Fix issue (#10092) which incorrectly configured route MTU + with encryption and tunnel enabled. +- Fix memory corruption on clusters with IPv6 and NodePort + enabled +- Fix node-port default route detection in case there multiple + default entries with same ifindex. +- Fix regression to avoid freeing alive IPs +- Fix regular service lookup in node-port range in case of + host-reachable services. +- Fix Unlock handling for kvstore locks +- Fix vishvananda/netlink library's VethPeerIndex() stack + corruption with 4.20+ kernels. +- fqdn: Support setting tofqdns-min-ttl to 0 +- health: add ipv6 health check status to cilium health status + output +- HostToContainer propagation for /sys/fs/bpf +- ipam: Protect release from releasing alive IP +- ipcache: Add probe to check for dump capability to support + delete +- ipsec: fix connectivity after node reboots +- k8s: Fix Service.DeepEquals for ExternalIP +- kubernetes: Disable LocalNodeRoute while chaining +- node: Provide context in log when restoring router addresses +- operator: only enable kvstore watcher if kvstore is enabled +- pkg/bpf: Protect each uintptr with runtime.KeepAlive +- pkg/endpoint: access endpoint state safely across go routines +- pkg/ip: fix cilium status output for big CIDR ranges +- policy: Don't open localhost when allowing L7 traffic +- policy: Expose L3 selectors within endpoint JSON + +--- +Thu Feb 20 11:14:01 UTC 2020 - Michał Rostecki + +- Remove quick-install.yaml file, ship only helm chart instead. + +--- Old: cilium-1.6.5.obscpio New: 0001-option-mark-keep-bpf-templates-as-deprecated.patch 0002-make-remove-the-need-for-go-bindata.patch 0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch cilium-1.7.0.obscpio Other differences:
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2020-01-13 22:15:20 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.6675 (New) Package is "cilium" Mon Jan 13 22:15:20 2020 rev:21 rq:758994 version:1.6.5 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-10-23 15:48:25.998537845 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.6675/cilium.changes 2020-01-13 22:15:44.674357376 +0100 @@ -1,0 +2,32 @@ +Mon Dec 23 13:20:38 UTC 2019 - Michał Rostecki + +- Update to version 1.6.5: + * Important Bug Fixes +- Envoy is updated to release 1.12.2, including important + security fixes (CVE-2019-18801, CVE-1019-18802, + CVE-1019-18838) + * Bug fixes +- Fix disabling health-checks in chaining mode +- Delete endpoint xxx_next directories during restore +- Fix typo in io.cilium/shared-service annotation +- Fix issue where services would not be updated when comparing + two services +- Fix bugtool support for aead encryption algorithm + * Misc +- Add github actions to cilium +- Fix AKS installation guide +- Disable masquerading in all chaining documentation guides +- Update golang to 1.12.14 +- Add delay between reconnect attempts to containerd +- Decrease log level for "service not found" message + * CI +- Use force flag in Cilium install apply command +- Move missed kubectl apply calls to Apply calls +- Add nil check for init container terminated state + +--- +Thu Oct 17 15:47:04 UTC 2019 - Richard Brown + +- Remove obsolete Groups tag (fate#326485) + +--- @@ -50,0 +83,1549 @@ + +--- +Fri Oct 11 14:57:44 UTC 2019 - rbr...@suse.com + +- Update to version 1.6.3: + * Prepare for v1.6.3 release + * envoy: Update image for Envoy CVEs 2019-10-08 + * Fix IP leak on main if + * policy: remove checking of CIDR-based fields from `IsLabelBased` checks + * daemon: Populate source and destination ports for DNS records + * kvstore/etcd: always reload keypair + * bpf: Fix sockops compile on newer LLVM + * Revert "add PR #82410 patch from kubernetes/kubernetes" + * vendor: update to k8s 1.16.1 + * k8s/endpointsynchronizer: Do not delete CEP on empty k8s resource names + * monitor: Fix reporting the monitor status + * docs: update k8s supported versions + * policy: Fix up selectorcache locking issue + * bpf: fix cilium_host unroutable check + * Do not add policies/states for subnets + * Use output-mark to use table 200 post-encryption and set different MTU for main/200 tables + * Update netlink library (support for output-mark) + * vendor: Bump golang.org/sys/unix library revision + * sysctl: Add function to write any param value + * sysctl: Get rid of GOOS targets + * sysctl: Add package for managing kernel parameters + * Change kind of daemonset in microk8s-prepull.yml to apps/v1 + * docs: Simplify microk8s instructions + * health: Configure sysctl when IPv6 is disabled + * dockerfile.runtime: always run update when building dependencies + * go: bump golang to 1.12.10 + * Prepare for release v1.6.2 + * test: Add a standalone test for validating static pod labels + * daemon: Start controller when pod labels resolution fails + * iptables: fix cilium_forward chain rules to support openshift + * docs/azure: wait for azure-vnet.json to be created + * docs: add akz and az to list of spelling words + * Dockerfile: Use latest iproute2 image + * endpoint: Update proxy policies when applying policy map changes out-of-band + * test: Add L3-dependent L7 test with toFQDN + * plugins/cilium-cni: add support for AKS + * docs: fix proper nodeinit.enabled flag + * docs: fix aks guide + * docs: Do not pin cilium image vsn in kubeproxy-free guide + * cilium: encryption, replace Router() IP with CiliumInternal + * FQDN: Wait on policy map update when adding new IPs + * policy: Expose map-update WaitGroup in FQDN update callchains + * endpoint: Expose Endpoint.ApplyPolicyMapChanges + * dev VM: update to k8s 1.16.0 + * test: test against k8s 1.16.0 + * Gopkg.* bump to k8s 1.16.0 + * charts/managed-etcd: bump cilium-etcd-operator to v2.0.7 + * test: bump k8s testing versions to 1.13.11, 1.14.7 and 1.15.4 + * endpoint: start a controller to retry regeneration + * endpoint: use endpoint ID for error message + * daemon: do not delete directories created by tests if tests fail + * daemon: move directory setup into `SetUpTest` + * daemon: check error from `d.init()` + * bpf: Don't delete conntrack entries on policy deny + * use common custom dialer to connect
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2019-10-23 15:48:16 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.2352 (New) Package is "cilium" Wed Oct 23 15:48:16 2019 rev:20 rq:738202 version:1.6.3 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-09-20 15:00:58.938790034 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.2352/cilium.changes 2019-10-23 15:48:25.998537845 +0200 @@ -1,0 +2,51 @@ +Fri Oct 11 15:14:19 UTC 2019 - Michał Rostecki + +- Update to version 1.6.3: + * Highlights +* KVStore free operation +* 100% Kube-proxy replacement +* Socket-based load-balancing +* Policy scalability improvements +* Generic CNI chaining +* Native AWS ENI mode + * Key Fixes +* Fix IP leak on main interface when using ENI IPAM +* Fix deadlock caused by buffered channel being full when + large amounts of local identities are allocated while + FQDNSelectors are being updated + * Minor Bug Fixes +* Fix apiVersion in micropk8s Daemonset in microk8s-prepull.yml + to apps/v1 +* Do not try to delete CiliumEndpoint from K8s if name / + namespace fields are empty +* Configure sysctl if IPv6 is disabled for the health + endpoint's device to have IPv6 disabled as well in order to + avoid emitting IPv6 autoconf frames +* Fix monitor reporting status to not show monitor as always + being disabled +* Fix sockops compilation / verification on newer LLVM versions +* Ensure that unroutable packets are dropped as being + unroutable when they are unroutable via cilium_host device +* Fix bug where L7 wildcarding for policy was not occurring for + CIDR-based policy rules + * Enhancements +* Populate source and destination ports for DNS records in the + monitor +* Backport of pkg/sysctl to make it easier to configure sysctl + options +* Support client certificate rotation in the etcd client + * Encryption Fixes +* Fix packet drops when using encryption by setting output-mark + to use table 200 post-encryption and set different MTU for + main/200 tables / not using policies/states for subnets + * Dependencies +* Update netlink library to get support for output-mark +* Update golang version in Docker images to v1.12.10 +* Always run update when building dependencies in Docker images +* Bump K8s dependency to v1.16.1 +* Bump golang.org/sys/unix library version + * Documentation +* Update supported Kubernetes versions +* Update microk8s instructions to use cilium plugin to microk8s + +--- Old: cilium-1.5.5.tar.gz New: cilium-1.6.3.obscpio cilium.obsinfo Other differences: -- ++ cilium.spec ++ --- /var/tmp/diff_new_pack.4Ar3Hf/_old 2019-10-23 15:48:28.334540370 +0200 +++ /var/tmp/diff_new_pack.4Ar3Hf/_new 2019-10-23 15:48:28.338540374 +0200 @@ -35,13 +35,13 @@ %endif Name: cilium -Version:1.5.5 +Version:1.6.3 Release:0 Summary:Linux Native, HTTP Aware Networking and Security for Containers License:Apache-2.0 AND GPL-2.0-or-later Group: System/Management URL:https://github.com/cilium/cilium -Source0:%{name}-%{version}.tar.gz +Source0:%{name}-%{version}.tar.xz Source1:%{name}-rpmlintrc Source2:cilium-cni-install Source3:cilium-cni-uninstall @@ -243,27 +243,28 @@ install -D -m 0755 contrib/packaging/docker/init-container.sh %{buildroot}/%{_bindir}/cilium-init install -D -m 0644 contrib/systemd/cilium %{buildroot}%{_fillupdir}/sysconfig.cilium install -D -m 0644 proxylib/libcilium.h %{buildroot}%{_includedir}/libcilium.h -install -D -m 0644 examples/kubernetes/1.14/cilium-crio.yaml %{buildroot}%{_datadir}/k8s-yaml/cilium/cilium.yaml +install -D -m 0644 install/kubernetes/quick-install.yaml %{buildroot}%{_datadir}/k8s-yaml/cilium/quick-install.yaml +pushd install/kubernetes/cilium +for yaml_file in $(find . -type f -name "*.yaml"); do +install -D -m 0644 ${yaml_file} %{buildroot}%{_datadir}/k8s-helm/cilium/${yaml_file} +done +popd sed -i \ --e 's|image: docker.io/cilium/cilium:.*|image: registry.opensuse.org/kubic/cilium:%{version}|g' \ --e 's|image: docker.io/cilium/cilium-init:.*|image: registry.opensuse.org/kubic/cilium-init:%{version}|g' \ --e 's|image: docker.io/cilium/operator:.*|image: registry.opensuse.org/kubic/cilium-operator:%{version}|g' \ --e 's|image: docker.io/cilium/cilium-etcd-operator:.*|image:
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2019-09-20 15:00:55 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.7948 (New) Package is "cilium" Fri Sep 20 15:00:55 2019 rev:19 rq: version:1.5.5 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-09-19 15:47:00.931339992 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.7948/cilium.changes 2019-09-20 15:00:58.938790034 +0200 @@ -2,80 +1,0 @@ -Mon Sep 09 10:49:29 UTC 2019 - mroste...@opensuse.org - -- Add patches which upgrade etcd library to 3.4.0 which has a new - client load balancer and solves issues with unavailability of - endpoints in etcd cluster. (bsc#1145258) - * 0001-etcd-use-ca-file-field-from-etcd-option-if-available.patch - * 0002-daemon-separate-kvstore-initialization-into-separate.patch - * 0003-deps-update-etcd-to-v3.4.0.patch -- Update to version 1.5.7: - * cilium: update IsEtcdCluster to return true if etcd.operator="true" kv option is set - * bpf: try to atomically replace filters when possible - * cilium: route mtu not set unless route.Spec set MTU - * Revert "[daemon] - Change MTU source for cilium_host (Use the Route one)" - * cilium: encryption, fix getting started guides create secrects command - * datapath: Limit host->service IP SNAT to local traffic - * cilium: fix transient rules to use allocation cidr - * Prepare for v1.5.6 release - * endpoint: Fix proxy port leak on endpoint delete - * update cilium-docker-plugin, cilium-operator to golang 1.12.8 - * dockerfiles: update golang versions to 1.12.8 - * cilium: install transient rules during agent restart - * Istio: Update to 1.2.4 - * envoy: Use patched image - * bpf: fix verifier error due to repulling of skb->data/end - * bpf: Attempt pulling skb->data if it is not pulled - * bpf: Introduce revalidate_data_first() - * cilium: add skb_pull_data to bpf_network to avoid revalidate error - * datapath/iptables: wait until acquisition xtables lock is done - * use iptables-manager to manage iptables executions - * examples/kubernetes: mount xtables.lock - * eventqueue: return error if Enqueue fails - * eventqueue: protect against enqueueing same Event twice - * eventqueue: use mutex to synchronize access to events channel - * daemon: get list of frontends from ServiceCache before acquiring BPFMapMu - * cilium: remove old probe content before restoring assets - * cilium: encryption, ensure 0x*d00 and 0x*e00 marks dont cause conflicts - * Dockerfile: Use proxy with legacy fix - * envoy: Add SO_MARK option to listener config - * test: provide capability for tests to run in their own namespace - * docs: Fix warnings - * test: Specify protocol during policy trace - * istio: Update to 1.2.2 - * envoy: Istio 1.2.0 update - * istio: Update to 1.1.7 - * test: be sure to close SSH client after a given Describe completes - * Dockerfile: Use cilium-envoy with reduced logging. - * Envoy: Update to the latest proxy build, use latest API - * Gopkg: update cilium/proxy - * envoy: Use LPM ipcache instead of xDS when available. - * Envoy: Use an image with proxylib injection fix. - * Dockerfile: Update proxy dependency - * CI: Change Kafka runtime tests to use local conntrack maps. - * [daemon] - Change MTU source for cilium_host (Use the Route one) - * endpoint: fix deadlock when endpoint EventQueue is full - * daemon: register warning_error metric after parsing CLI options - * Fix seds in microk8s docs - * daemon: Fix removal of non-existing SVCs in syncLBMapsWithK8s - * daemon: Remove svc from cache in syncLBMapsWithK8s - * examples/kubernetes: update k8s dev VM to v1.15.1 - * test: update k8s test version to v1.15.1 - * Gopkg: update k8s dependencies to v1.15.1 - * Add timeout to ginkgo calls - * proxy: Do not error out if reading of open ports fails. - * pkg/kvstore: wait for node delete delay in unit tests - * endpoint: Create redirects before bpf map updates. - * proxy: Perform dnsproxy Close() in the returned finalizeFunc - * endpoint: change transition from restore state - * test: misc. runtime policy test fixes - * docs: Fix up unparsed SCM_WEB literals - * pkg/{kvstore,node}: delay node delete event in kvstore - * operator: restart non-managed kube-dns pods before connecting to etcd - * test: move creation of Istio resources into `It` - * test: add `ExecMiddle` function - * datapath: Do not fail if route contains gw equal to dst - * update to golang 1.12.7 - * test: update k8s testing versions to v1.12.10, v1.13.8 and v1.14.4 - * update golang to 1.12.7 for cilium-{operator,docker-plugin} - * endpoint: do not log warning for specific state transition - Old:
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2019-09-19 15:46:51 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.7948 (New) Package is "cilium" Thu Sep 19 15:46:51 2019 rev:18 rq:729717 version:1.5.7 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-08-06 15:08:11.635858223 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.7948/cilium.changes 2019-09-19 15:47:00.931339992 +0200 @@ -1,0 +2,80 @@ +Mon Sep 09 10:49:29 UTC 2019 - mroste...@opensuse.org + +- Add patches which upgrade etcd library to 3.4.0 which has a new + client load balancer and solves issues with unavailability of + endpoints in etcd cluster. (bsc#1145258) + * 0001-etcd-use-ca-file-field-from-etcd-option-if-available.patch + * 0002-daemon-separate-kvstore-initialization-into-separate.patch + * 0003-deps-update-etcd-to-v3.4.0.patch +- Update to version 1.5.7: + * cilium: update IsEtcdCluster to return true if etcd.operator="true" kv option is set + * bpf: try to atomically replace filters when possible + * cilium: route mtu not set unless route.Spec set MTU + * Revert "[daemon] - Change MTU source for cilium_host (Use the Route one)" + * cilium: encryption, fix getting started guides create secrects command + * datapath: Limit host->service IP SNAT to local traffic + * cilium: fix transient rules to use allocation cidr + * Prepare for v1.5.6 release + * endpoint: Fix proxy port leak on endpoint delete + * update cilium-docker-plugin, cilium-operator to golang 1.12.8 + * dockerfiles: update golang versions to 1.12.8 + * cilium: install transient rules during agent restart + * Istio: Update to 1.2.4 + * envoy: Use patched image + * bpf: fix verifier error due to repulling of skb->data/end + * bpf: Attempt pulling skb->data if it is not pulled + * bpf: Introduce revalidate_data_first() + * cilium: add skb_pull_data to bpf_network to avoid revalidate error + * datapath/iptables: wait until acquisition xtables lock is done + * use iptables-manager to manage iptables executions + * examples/kubernetes: mount xtables.lock + * eventqueue: return error if Enqueue fails + * eventqueue: protect against enqueueing same Event twice + * eventqueue: use mutex to synchronize access to events channel + * daemon: get list of frontends from ServiceCache before acquiring BPFMapMu + * cilium: remove old probe content before restoring assets + * cilium: encryption, ensure 0x*d00 and 0x*e00 marks dont cause conflicts + * Dockerfile: Use proxy with legacy fix + * envoy: Add SO_MARK option to listener config + * test: provide capability for tests to run in their own namespace + * docs: Fix warnings + * test: Specify protocol during policy trace + * istio: Update to 1.2.2 + * envoy: Istio 1.2.0 update + * istio: Update to 1.1.7 + * test: be sure to close SSH client after a given Describe completes + * Dockerfile: Use cilium-envoy with reduced logging. + * Envoy: Update to the latest proxy build, use latest API + * Gopkg: update cilium/proxy + * envoy: Use LPM ipcache instead of xDS when available. + * Envoy: Use an image with proxylib injection fix. + * Dockerfile: Update proxy dependency + * CI: Change Kafka runtime tests to use local conntrack maps. + * [daemon] - Change MTU source for cilium_host (Use the Route one) + * endpoint: fix deadlock when endpoint EventQueue is full + * daemon: register warning_error metric after parsing CLI options + * Fix seds in microk8s docs + * daemon: Fix removal of non-existing SVCs in syncLBMapsWithK8s + * daemon: Remove svc from cache in syncLBMapsWithK8s + * examples/kubernetes: update k8s dev VM to v1.15.1 + * test: update k8s test version to v1.15.1 + * Gopkg: update k8s dependencies to v1.15.1 + * Add timeout to ginkgo calls + * proxy: Do not error out if reading of open ports fails. + * pkg/kvstore: wait for node delete delay in unit tests + * endpoint: Create redirects before bpf map updates. + * proxy: Perform dnsproxy Close() in the returned finalizeFunc + * endpoint: change transition from restore state + * test: misc. runtime policy test fixes + * docs: Fix up unparsed SCM_WEB literals + * pkg/{kvstore,node}: delay node delete event in kvstore + * operator: restart non-managed kube-dns pods before connecting to etcd + * test: move creation of Istio resources into `It` + * test: add `ExecMiddle` function + * datapath: Do not fail if route contains gw equal to dst + * update to golang 1.12.7 + * test: update k8s testing versions to v1.12.10, v1.13.8 and v1.14.4 + * update golang to 1.12.7 for cilium-{operator,docker-plugin} + * endpoint: do not log warning for specific state transition + +--- Old:
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2019-08-06 15:08:10 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.4126 (New) Package is "cilium" Tue Aug 6 15:08:10 2019 rev:17 rq:719587 version:1.5.5 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-06-13 22:32:20.532400858 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.4126/cilium.changes 2019-08-06 15:08:11.635858223 +0200 @@ -1,0 +2,175 @@ +Mon Jul 29 11:38:56 UTC 2019 - mroste...@opensuse.org + +- Update to version 1.5.5: + * lbmap: Get rid of bpfService cache lock + * retry vm provisioning, increase timeout + * daemon: Remove svc-v2 maps when restore is disabled + * daemon: Do not remove revNAT if removing svc fails + * pkg/k8s: add conversion for DeleteFinalStateUnknown objects + * cli: fix panic in cilium bpf sha get command + * Retry provisioning vagrant vms in CI + * pkg/k8s: hold mutex while adding events to the queue + * Change nightly CI job label from fixed to baremetal + * test: set 1.15 by default in CI Vagrantfile + * daemon: Change loglevel of "ipcache entry owned by kvstore or agent" + * pkg/kvstore: add etcd lease information into cilium status + * pkg/k8s: do not parse empty annotations + * maps/lbmap: protect service cache refcount with concurrent access + * operator: add warning message if status returns an error + * pkg/kvstore: fix nil pointer in error while doing a transaction in etcd + * examples/kubernetes: bump cilium to v1.5.4 + * bpf: Remove unneeded debug instructions to stay below instruction limit + * bpf: Prohibit encapsulation traffic from pod when running in encapsulation mode + * pkg/endpointmanager: protecting endpoints against concurrent access + * test: set k8s 1.15 as default k8s version + * CI: Clean VMs and reclaim disk in nightly test + * allocator: fix race condition when allocating local identities upon bootstrap + * identity: Initialize well-known identities before the policy repository. + * cilium: docker.go ineffectual assignment + * Disable automatic direct node routes test + * kubernetes-upstream: add seperate stage to run tests + * docs: update documentation with k8s 1.15 support + * test: run k8s 1.15.0 by default in all PRs + * test: test against 1.15.0 + * vendor: update k8s to v1.15.0 + * bpf: Set random MAC addrs for cilium interfaces + * endpoint: Set random MAC addrs for veth when creating it + * vendor: Update vishvananda/netlink + * mac: Add function to generate a random MAC addr + * test: remove unused function + * test: introduce `ExecShort` function + * docs: Clarify about legacy services enabled by default + * pkg/metrics: re-register newStatusCollector function + * CI: Clean workspace when all stages complete + * CI: Clean VMs and reclaim disk after jobs complete + * CI: Report last seen error in CiliumPreFlightCheck + * fqdn: correctly populate Source IP and Port in `notifyOnDNSMsg` + * test: do not overwrite context in `GetPodNamesContext` + * test: change `GetPodNames` to have a timeout + * test: make sure that `GetPodNames` times out after 30 seconds + * CI: Ensure k8s execs cancel contexts + * test: Fix NodeCleanMetadata by using --overwrite + * test: add timeout to `waitToDeleteCilium` helper function + * .travis: update travis golang to 1.12.5 + * Don't set debug to true in monitor test + * pkg/lock: fix RUnlockIgnoreTime + * daemon: fix endpoint restore when endpoints are not available + * Preload vagrant boxes in k8s upstream jenkinsfile + * pkg/health: Fix IPv6 URL format in HTTP probe + * test: use context with timeout to ensure that Cilium log gathering takes <= 5 minutes + * k8s: Introduce test for multiple From/To selectors + * k8s: Fix policies with multiple From/To selectors + * test: create session and run commands asynchronously + * test: bump to k8s 1.14.3 + * test: error out if no-spec policies is allowed in k8s >= 1.15 + * test/provision: upgrade k8s 1.15 to 1.15.0-beta.2 + * test: have timeout for `Exec` + * pkg/kvstore: introduced a dedicated session for locks + * pkg/kvstore: implement new *IfLocked methods for etcd + * kvstore/allocator: make the allocator aware of kvstore lock holding + * pkg/kvstore: add Comparator() to KVLocker + * pkg/kvstore: add new *IfLocked methods to perform txns + * test: bump k8s 1.13 to 1.13.7 + * test: Enable IPv6 forwarding in test VMs + * docs: Remove architecture target links + * test: add serial ports to CI VMs + * *.Jenkinsfile: remove leftover failFast + * endpoint: make sure `updateRegenerationStatistics` is called within anonymous function + * Prepare for v1.5.3 + * test: do not spawn goroutines to wait for canceled context in `RunCommandContext` + *
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2019-06-13 22:32:18 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.4811 (New) Package is "cilium" Thu Jun 13 22:32:18 2019 rev:16 rq:708377 version:1.5.3 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-06-05 11:38:44.791081632 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.4811/cilium.changes 2019-06-13 22:32:20.532400858 +0200 @@ -1,0 +2,22 @@ +Fri Jun 7 13:36:27 UTC 2019 - Michal Rostecki + +- Switch container image URI from devel:kubic:containers to + openSUSE:Containers:Tumbleweed. + +--- +Mon Jun 7 13:34:10 CEST 2019 - n...@suse.de + +- Update to version 1.5.3: + * pkg/kvstore: do not always UpdateIfDifferent with and without lease + * daemon: Refactor individual endpoint restore + * daemon: Don't log endpoint restore if IP alloc fails + * Don't overwrite minRequired in WaitforNPods + * node: Delay handling of node delete events received via kvstore + * kvstore/store: Do not remove local key on sync failure + * node/store: Do not delete node key in kvstore on node registration failure + * Jenkinsfile: backport all Jenkinsfile from master + * test/provision: bump k8s 1.12 to 1.12.9 + * test: do not spawn goroutines to wait for canceled context in `RunCommandContext` + * test: provide context which will be cancled to `CiliumExecContext` + +--- Old: cilium-1.5.1.tar.gz New: cilium-1.5.3.tar.gz Other differences: -- ++ cilium.spec ++ --- /var/tmp/diff_new_pack.oUl0sm/_old 2019-06-13 22:32:21.924400406 +0200 +++ /var/tmp/diff_new_pack.oUl0sm/_new 2019-06-13 22:32:21.924400406 +0200 @@ -35,7 +35,7 @@ %endif Name: cilium -Version:1.5.1 +Version:1.5.3 Release:0 Summary:Linux Native, HTTP Aware Networking and Security for Containers License:Apache-2.0 AND GPL-2.0-or-later @@ -245,10 +245,10 @@ install -D -m 0644 proxylib/libcilium.h %{buildroot}%{_includedir}/libcilium.h install -D -m 0644 examples/kubernetes/1.14/cilium-crio.yaml %{buildroot}%{_datadir}/k8s-yaml/cilium/cilium.yaml sed -i \ --e 's|image: docker.io/cilium/cilium:.*|image: registry.opensuse.org/devel/kubic/containers/container/kubic/cilium:%{version}|g' \ --e 's|image: docker.io/cilium/cilium-init:.*|image: registry.opensuse.org/devel/kubic/containers/container/kubic/cilium-init:%{version}|g' \ --e 's|image: docker.io/cilium/operator:.*|image: registry.opensuse.org/devel/kubic/containers/container/kubic/cilium-operator:%{version}|g' \ --e 's|image: docker.io/cilium/cilium-etcd-operator:.*|image: registry.opensuse.org/devel/kubic/containers/container/kubic/cilium-etcd-operator:2.0|g' \ +-e 's|image: docker.io/cilium/cilium:.*|image: registry.opensuse.org/kubic/cilium:%{version}|g' \ +-e 's|image: docker.io/cilium/cilium-init:.*|image: registry.opensuse.org/kubic/cilium-init:%{version}|g' \ +-e 's|image: docker.io/cilium/operator:.*|image: registry.opensuse.org/kubic/cilium-operator:%{version}|g' \ +-e 's|image: docker.io/cilium/cilium-etcd-operator:.*|image: registry.opensuse.org/kubic/cilium-etcd-operator:2.0|g' \ -e 's|/init-container.sh|cilium-init|g' \ -e 's|/cni-install.sh|cilium-cni-install|g' \ -e 's|/cni-uninstall.sh|cilium-cni-uninstall|g' \ ++ cilium-1.5.1.tar.gz -> cilium-1.5.3.tar.gz ++ /work/SRC/openSUSE:Factory/cilium/cilium-1.5.1.tar.gz /work/SRC/openSUSE:Factory/.cilium.new.4811/cilium-1.5.3.tar.gz differ: char 12, line 1
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2019-06-05 11:38:41 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.5148 (New) Package is "cilium" Wed Jun 5 11:38:41 2019 rev:15 rq:707163 version:1.5.1 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-05-25 13:21:18.200312725 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.5148/cilium.changes 2019-06-05 11:38:44.791081632 +0200 @@ -1,0 +2,5 @@ +Mon Jun 3 13:34:10 CEST 2019 - n...@suse.de + +- Add cniVersion in cilium cni config + +--- Other differences: -- ++ cilium.spec ++ --- /var/tmp/diff_new_pack.wxHBUk/_old 2019-06-05 11:38:45.939081485 +0200 +++ /var/tmp/diff_new_pack.wxHBUk/_new 2019-06-05 11:38:45.943081484 +0200 @@ -260,6 +260,10 @@ mv %{buildroot}%{_sysconfdir}/cni/net.d/05-cilium-cni.conf %{buildroot}%{_sysconfdir}/cni/net.d/10-cilium-cni.conf +#TODO removed after https://github.com/cilium/cilium/pull/8184 +sed -i '2 i\ +"cniVersion": "0.3.1",' %{buildroot}%{_sysconfdir}/cni/net.d/10-cilium-cni.conf + %pre getent group cilium >/dev/null || groupadd -r cilium %service_add_pre cilium-consul.service cilium-etcd.service cilium.service
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2019-05-25 13:21:01 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.5148 (New) Package is "cilium" Sat May 25 13:21:01 2019 rev:14 rq:705277 version:1.5.1 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-05-13 14:50:23.822767138 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.5148/cilium.changes 2019-05-25 13:21:18.200312725 +0200 @@ -1,0 +2,67 @@ +Fri May 10 10:20:32 UTC 2019 - Michal Rostecki + +- Update to version 1.5.1: + * Important Bugfixes: +* Fix bug where Cilium would refuse to start if ipv6 netfilter + modules are unavailable. +* Warn when iptables modules are not available. +* Use all labels to restore endpoint identity to correctly + filter labels upon restart. +* Fix cases where multiple bindings are provided to CLI flags. + * New Functionality / Enhancements: +* Add node-init script to automatically restart pods managed by + kubenet on GKE +* Add functionality to enable or disable metrics for specific + subsystems +* bpf syscall metrics are disabled by default for performance +* Update node, node/status to allow for patch operations in + Cilium RBAC +* Patch, instead of update, node annotations for better + performance +* Annotate node status with NetworkUnavailable as false +* Performance increase by not allocating any memory when + iterating over BPF maps +* CLI now prints tunnel endpoint for RemoteEndpointInfo +* Try to register node forever in nodediscovery +* Remove unused buildqueue package + * Minor Bug Fixes: +* endpoint: do not serialize JSON for EventQueue field +* Avoid unlocked access of endpoint security identity when + calculating what rules select an endpoint +* Only dump bpf lb list if map exists +* Fix bug where endpoint state metrics get stuck with nonzero + endpoints in restoring state +* Do not init config when running with --cmdref parameter +* Improve separation between cilium-agent and cilium CLI +* Add cilium namespace to fqdn_gc_deletions_total metric +* Force preallocation for SNAT maps of LRU type +* Set BPF_F_NO_PREALLOC before comparing maps + * Operator: +* Improve cilium-operator bootstrap sequence (Start health API + earlier, add more logging to see where the operator blocks + on startup) +* Add ca-certificates to operator + * Documentation: +* Add upgrade guide from >=1.4.0 to 1.5 +* Mention enable-legacy-services flag in upgrade docs +* Add k8s 1.14 to supported versions for testing +* Improve configmap documentation +* Document how to get started with MicroK8s, and provide example + YAMLs +* Fix typo in encryption algorithm: GMC -> GCM +* Fix up Ubuntu apt-get install command +* Minor fixes to AWS EKS and AWS Metadata filtering GSGs + * CI: +* Wait for endpoints to be ready after containers are created, + deleted +* Ensure that `go fmt` check always runs correctly in CI +* Increase test suite timeouts to allow for cases where tests + take longer +* Do not set enable-legacy-services in v1.4 ConfigMap +* Update k8s testing versions to v1.11.10 and v1.12.8 +* Make function provided to WithTimeout run asynchronously to + avoid test suites getting stuck +- Add cilium-k8s-yaml package with Kubernetes yaml file to run + Cilium containers. + +--- Old: cilium-1.5.0.tar.gz New: cilium-1.5.1.tar.gz cilium-cni-install cilium-cni-uninstall Other differences: -- ++ cilium.spec ++ --- /var/tmp/diff_new_pack.nwdBvv/_old 2019-05-25 13:21:19.512312237 +0200 +++ /var/tmp/diff_new_pack.nwdBvv/_new 2019-05-25 13:21:19.516312236 +0200 @@ -35,7 +35,7 @@ %endif Name: cilium -Version:1.5.0 +Version:1.5.1 Release:0 Summary:Linux Native, HTTP Aware Networking and Security for Containers License:Apache-2.0 AND GPL-2.0-or-later @@ -43,6 +43,8 @@ URL:https://github.com/cilium/cilium Source0:%{name}-%{version}.tar.gz Source1:%{name}-rpmlintrc +Source2:cilium-cni-install +Source3:cilium-cni-uninstall BuildRequires: clang BuildRequires: git BuildRequires: glibc-devel @@ -178,6 +180,20 @@ This package contains shared development files for Cilium which are used by Cilium filters in Envoy. +%package k8s-yaml +Summary:Kubernetes yaml file to run Cilium containers +Group: System/Management +BuildArch: noarch +
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2019-05-13 14:50:22 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.5148 (New) Package is "cilium" Mon May 13 14:50:22 2019 rev:13 rq:701969 version:1.5.0 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-05-07 23:18:49.720901878 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.5148/cilium.changes 2019-05-13 14:50:23.822767138 +0200 @@ -1,0 +2,5 @@ +Fri May 10 12:02:55 CEST 2019 - n...@suse.de + +- Add missing gzip package, cilium does zgrep of /proc/config.gz + +--- Other differences: -- ++ cilium.spec ++ --- /var/tmp/diff_new_pack.RKu7uO/_old 2019-05-13 14:50:24.754769486 +0200 +++ /var/tmp/diff_new_pack.RKu7uO/_new 2019-05-13 14:50:24.758769496 +0200 @@ -79,6 +79,7 @@ # defining few rules which redirect the traffic from kube-proxy to cilium. Then # cilium replaces some of kube-proxy functionality, using BPF programs. So, in # fact, cilium uses few iptables rules to prevent iptables usage. :) +Requires: gzip Requires: iptables Requires: llvm Requires: protobuf-c
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2019-05-07 23:18:45 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.5148 (New) Package is "cilium" Tue May 7 23:18:45 2019 rev:12 rq:701130 version:1.5.0 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-04-18 13:58:24.119994759 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.5148/cilium.changes 2019-05-07 23:18:49.720901878 +0200 @@ -1,0 +2,14 @@ +Mon May 06 13:53:28 UTC 2019 - Michal Rostecki + +- Update to version 1.5.0: + * BPF programs templating which alows to inject information into +ELF files instead of compiling separate programs with separate +data for each endpoint. + * BPF-based masquerading support - a native BPF-based SNAT +engine. + * Optimizations for policy engine and load balancer. +- Remove patches which are accepted upstream: + * cilium-allow-to-add-extra-go-build-flags.patch + * cilium-allow-to-specify-cni-install-dirs.patch + +--- Old: cilium-1.4.2.tar.gz cilium-allow-to-add-extra-go-build-flags.patch cilium-allow-to-specify-cni-install-dirs.patch New: cilium-1.5.0.tar.gz Other differences: -- ++ cilium.spec ++ --- /var/tmp/diff_new_pack.TwqGz0/_old 2019-05-07 23:18:50.408903323 +0200 +++ /var/tmp/diff_new_pack.TwqGz0/_new 2019-05-07 23:18:50.412903331 +0200 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -35,7 +35,7 @@ %endif Name: cilium -Version:1.4.2 +Version:1.5.0 Release:0 Summary:Linux Native, HTTP Aware Networking and Security for Containers License:Apache-2.0 AND GPL-2.0-or-later @@ -43,8 +43,6 @@ URL:https://github.com/cilium/cilium Source0:%{name}-%{version}.tar.gz Source1:%{name}-rpmlintrc -Patch0: cilium-allow-to-add-extra-go-build-flags.patch -Patch1: cilium-allow-to-specify-cni-install-dirs.patch BuildRequires: clang BuildRequires: git BuildRequires: glibc-devel @@ -61,7 +59,7 @@ BuildRequires: protobuf-devel BuildRequires: shadow BuildRequires: unzip -BuildRequires: golang(API) = 1.10 +BuildRequires: golang(API) >= 1.10 Requires: awk Requires: binutils # clang and glibc headers are needed as runtime dependencies for compiling BPF @@ -181,8 +179,6 @@ %prep %setup -q -%patch0 -p1 -%patch1 -p1 %build %goprep %{provider_prefix} @@ -287,6 +283,7 @@ %{_sbindir}/rccilium-etcd %{_sbindir}/rccilium %{_bindir}/cilium +%{_bindir}/cilium-align-checker %{_bindir}/cilium-agent %{_bindir}/cilium-bugtool %{_bindir}/cilium-health ++ _service ++ --- /var/tmp/diff_new_pack.TwqGz0/_old 2019-05-07 23:18:50.432903373 +0200 +++ /var/tmp/diff_new_pack.TwqGz0/_new 2019-05-07 23:18:50.436903381 +0200 @@ -4,7 +4,7 @@ git .git @PARENT_TAG@ -refs/tags/v1.4.2 +refs/tags/v1.5.0 cilium enable ++ _servicedata ++ --- /var/tmp/diff_new_pack.TwqGz0/_old 2019-05-07 23:18:50.460903432 +0200 +++ /var/tmp/diff_new_pack.TwqGz0/_new 2019-05-07 23:18:50.460903432 +0200 @@ -1,4 +1,4 @@ https://github.com/cilium/cilium - e593a077c06eb9c228676467c1ca14d21f0f15b0 \ No newline at end of file + e47b37c3a49fa27313d1d7afbc65544dfcf4c457 \ No newline at end of file ++ cilium-1.4.2.tar.gz -> cilium-1.5.0.tar.gz ++ /work/SRC/openSUSE:Factory/cilium/cilium-1.4.2.tar.gz /work/SRC/openSUSE:Factory/.cilium.new.5148/cilium-1.5.0.tar.gz differ: char 14, line 1
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2019-04-18 13:58:20 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.5536 (New) Package is "cilium" Thu Apr 18 13:58:20 2019 rev:11 rq:694802 version:1.4.2 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-03-12 09:55:30.523513015 +0100 +++ /work/SRC/openSUSE:Factory/.cilium.new.5536/cilium.changes 2019-04-18 13:58:24.119994759 +0200 @@ -1,0 +2,102 @@ +Tue Apr 16 12:53:38 UTC 2019 - Michal Rostecki + +- Add cilium-operator package which provides the Kubernetes + operator that does garbage collector work for Cilium. +- Do not require cilium and docker in cilium-init package. + +--- +Fri Apr 12 10:51:14 UTC 2019 - Michał Rostecki + +- Add cilium-init package, which provides the script for Cilium + init container. + +--- +Fri Mar 29 15:59:38 UTC 2019 - mroste...@opensuse.org + +- Update to version 1.4.2: + * Prepare for v1.4.2 release + * cilium: ipsec, zero cb[0] to avoid incorrectly encrypting + * contrib: Update backporting README + * contrib: Fix cherry-pick to avoid omitting parts of patch + * cilium: push decryption up so we can decrypt even if not endpoint + * cilium: populate wildcard src->dst policy for ipsec + * daemon: Remove old health EP state dirs in restore + * api: Return 500 when API handlers panic. + * ipcache: Protect from delete events for alive IP but mismatching key + * store: Protect from deletion of local key via kvstore event + * test: Wait for cilium to start in runtime provision + * contrib: fix extraction of cilium-docker binary + * contrib: Update rebase-bindata to use fix-sha.sh + * contrib: Add new script to auto-fix bpf.sha + * cherry-pick: Print sha when applying patch. + * check-stable: Sort PRs by merge date + * workloads: Don't spin up receive queue in periodic watcher + * workloads: Change watcher interval from 30 seconds to 5 minutes + * workloads: Synchroneous handling of container events + * endpoints: Add optional callback to WaitForPolicyRevision + * daemon: Track policy implementation delay by source + * agent: Wait to regenerate restore endpoints until ipcache has been populated + * ipcache: Provide WaitForInitialSync() to wait for kvstore sync + * pkg/kvstore: add 15 min TTL for the first session lease + * policy: Add missing import error metric calls + * endpoint: Fix ENABLE_NAT46 endpoint config validation + * endpoint: Fix and quieten endpoint revert logs + * test: Get rid of JoinEP flakes + * ctmap: Print source addresses in ctmap cli + * cilium: fix bailing out on auto-complete when v4/v6 ranges are specified + * test: Test upgrade from v1.3 to master + * doc: Fix --tofqdns-pre-cache reference + * doc: Fix delete pod commend in clustermesh guide + * bpf: Enable pipefail option in init.sh + * cilium: bpftool included DS reports error on bpf_sockops load + * cilium: sockmap remove socket.h dependency + * cilium: sockmap, convert BPF_ANY to BPF_NOEXIST + * 1: fix when have black hole route container pod CIDR can cause postIpAMFailure range is full + * pkg/kvstore: do not use default instance to create new instance module + * bpf: Do not account tx for CT_SERVICE + * cilium.io/v2: set DerivativePolicies json to derivativePolicies + * fqdn-poller: Ensure monitor events contain all data + * ctmap: Fix order of CtKey{4,6} struct fields + * release: fix uploadrev script to work with changes made after 1.3 + * datapath: Fix nil dereference in logging statement + * Prepare 1.4.1 release + * k8s/utils: wrap kubernetes controller with ControllerSyncer + * k8s/utils: make the ControllerSynced fields public + * allocator: Wait until kvstore is connected before allocating global identities + * policy: Fix ipcache synchronization on startup + * cilium: ipsec, fix kube-proxy compatability + * cilium: ipsec, remove bogus mark set + * cilium: ipsec, zero CB_SRC_IDENTITY to ensure we don't incorrectly encrypt + * cilium: k8s watcher, push internal Cilium IPs through annotations + * policy: Add unit tests for ResolvePolicy() for L7 + ingress wildcards + * identity/cache: Allow using GetIdentityCache() without initializing allocator + * Change endpoint policy status map to regular map + * Minor disambiguation to 1.4 release/upgrade doc + * examples: Fix docker-compose mount points + * docs: Add note about triggering builds with net-next + * FQDN: Set always a empty ToCIDRSet in case of no entries in cache. + * docs: re write k8s setup for ipsec + * datapath/linux: log errors for ipsec setup + * linux/ipsec: decode ipsec keys from hex + * cilium preflight
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2019-03-12 09:55:26 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.28833 (New) Package is "cilium" Tue Mar 12 09:55:26 2019 rev:10 rq:683920 version:1.4.0 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-03-05 12:24:08.644862981 +0100 +++ /work/SRC/openSUSE:Factory/.cilium.new.28833/cilium.changes 2019-03-12 09:55:30.523513015 +0100 @@ -1,0 +2,5 @@ +Mon Mar 11 14:31:04 UTC 2019 - n...@suse.de + +- Move cilium-docker files to cilium-cni + +--- Other differences: -- ++ cilium.spec ++ --- /var/tmp/diff_new_pack.Ooc6ec/_old 2019-03-12 09:55:31.515512818 +0100 +++ /var/tmp/diff_new_pack.Ooc6ec/_new 2019-03-12 09:55:31.519512817 +0100 @@ -271,15 +271,14 @@ %dir %{_sysconfdir}/cni %dir %{_sysconfdir}/cni/net.d %dir %{cni_bin_dir} +%config(noreplace) %{_sysconfdir}/cni/net.d/10-cilium-cni.conf +%{cni_bin_dir}/cilium-cni %files docker %{_unitdir}/cilium-docker.service %{_sbindir}/rccilium-docker %{_bindir}/cilium-docker -%config(noreplace) %{_sysconfdir}/cni/net.d/10-cilium-cni.conf -%{cni_bin_dir}/cilium-cni - %files -n %{lname} %{_libdir}/libcilium.so.%{sover}
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2019-03-05 12:24:02 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.28833 (New) Package is "cilium" Tue Mar 5 12:24:02 2019 rev:9 rq:681493 version:1.4.0 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-02-28 21:44:22.657500138 +0100 +++ /work/SRC/openSUSE:Factory/.cilium.new.28833/cilium.changes 2019-03-05 12:24:08.644862981 +0100 @@ -1,0 +2,19 @@ +Mon Mar 4 14:43:27 UTC 2019 - Michał Rostecki + +- Add gcc as a runtime dependency. BPF programs need to have libgcc + and libgcc_s linked in. + https://github.com/cilium/cilium/issues/7273 + +--- +Mon Mar 4 10:38:19 UTC 2019 - Michał Rostecki + +- Provide an explanation why glibc-devel-32bit is needed. +- Ship cilium-cni and cilium-docker in separate packages. + +--- +Fri Mar 1 15:23:36 UTC 2019 - Michał Rostecki + +- Add missing runtime dependencies which are needed to execute + scripts shipped with Cilium and to compile BPF programs. + +--- New: cilium-rpmlintrc Other differences: -- ++ cilium.spec ++ --- /var/tmp/diff_new_pack.gtmGJZ/_old 2019-03-05 12:24:09.856862611 +0100 +++ /var/tmp/diff_new_pack.gtmGJZ/_new 2019-03-05 12:24:09.860862610 +0100 @@ -41,12 +41,15 @@ License:Apache-2.0 AND GPL-2.0-or-later Group: System/Management URL:https://github.com/cilium/cilium -Source: %{name}-%{version}.tar.gz +Source0:%{name}-%{version}.tar.gz +Source1:%{name}-rpmlintrc Patch0: cilium-allow-to-add-extra-go-build-flags.patch Patch1: cilium-allow-to-specify-cni-install-dirs.patch BuildRequires: clang BuildRequires: git BuildRequires: glibc-devel +# glibc-devel-32bit is needed to compile bpf objects +# https://github.com/cilium/cilium/issues/368 BuildRequires: glibc-devel-32bit BuildRequires: golang-github-jteeuwen-go-bindata BuildRequires: golang-packaging @@ -59,10 +62,30 @@ BuildRequires: shadow BuildRequires: unzip BuildRequires: golang(API) = 1.10 +Requires: awk +Requires: binutils +# clang and glibc headers are needed as runtime dependencies for compiling BPF +# programs by cilium Requires: clang +# Although clang is used as a compiler for BPF programs, they need to have +# libgcc and libgcc_s linked in. +# https://github.com/cilium/cilium/issues/7273 +Requires: gcc +Requires: glibc-devel +# glibc-devel-32bit is needed to compile bpf objects +# https://github.com/cilium/cilium/issues/368 +Requires: glibc-devel-32bit +Requires: iproute2 +# Despite the fact that cilium is using BPF programs and aims to replace +# iptables for container security policies, iptables is still needed for +# defining few rules which redirect the traffic from kube-proxy to cilium. Then +# cilium replaces some of kube-proxy functionality, using BPF programs. So, in +# fact, cilium uses few iptables rules to prevent iptables usage. :) +Requires: iptables Requires: llvm Requires: protobuf-c Requires: util-linux +Requires: which ExclusiveArch: aarch64 x86_64 Requires(post): %fillup_prereq @@ -72,6 +95,35 @@ services deployed using Linux container management platforms like Docker and Kubernetes. +%package cni +Summary:CNI plugin for Cilium +Group: System/Management +Requires: cilium +Requires: cni +Requires: cni-plugins + +%description cni +Cilium is a software for providing, and transparently securing, network +connectivity, and for load-balancing between application containers and +services deployed using Linux container management platforms like Docker and +Kubernetes. + +This package provides a CNI (Container Network Interface) plugin for Cilium. + +%package docker +Summary:Docker libnetwork plugin for Cilium +Group: System/Management +Requires: cilium +Requires: docker + +%description docker +Cilium is a software for providing, and transparently securing, network +connectivity, and for load-balancing between application containers and +services deployed using Linux container management platforms like Docker and +Kubernetes. + +This package provides a Docker libnetwork plugin for Cilium. + %package -n %{lname} Summary:Shared library for Cilium Group: System/Libraries @@ -168,51 +220,66 @@ %pre getent group cilium >/dev/null || groupadd -r cilium -%service_add_pre cilium-consul.service
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2019-02-28 21:44:21 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.28833 (New) Package is "cilium" Thu Feb 28 21:44:21 2019 rev:8 rq:679881 version:1.4.0 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-02-25 17:59:05.854193698 +0100 +++ /work/SRC/openSUSE:Factory/.cilium.new.28833/cilium.changes 2019-02-28 21:44:22.657500138 +0100 @@ -1,0 +2,19 @@ +Wed Feb 27 15:52:38 UTC 2019 - n...@suse.de + +- Fix license. BPF code templates are licensed under GPLv2 while + the rest is under Apache License, v2 + (see https://github.com/cilium/cilium#license) + + Cilium (the component licensed on Apache 2.0, written in Go) does + two things with BPF program sources (licensed on GPL-2.0): + + * it executes llvm/clang to compile BPF program sources to object +files + * it executes tc (a utility which is a part of iproute2) to load +object files into the kernel + + So, Cilium as a Go program only does execv calls on external + utilities (llvm and iproute2) to perform some actions on BPF + program sources and objects. + +--- Other differences: -- ++ cilium.spec ++ --- /var/tmp/diff_new_pack.Ov1gBD/_old 2019-02-28 21:44:23.761499666 +0100 +++ /var/tmp/diff_new_pack.Ov1gBD/_new 2019-02-28 21:44:23.761499666 +0100 @@ -38,7 +38,7 @@ Version:1.4.0 Release:0 Summary:Linux Native, HTTP Aware Networking and Security for Containers -License:Apache-2.0 AND GPL-2.0-only +License:Apache-2.0 AND GPL-2.0-or-later Group: System/Management URL:https://github.com/cilium/cilium Source: %{name}-%{version}.tar.gz
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2019-02-25 17:59:01 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.28833 (New) Package is "cilium" Mon Feb 25 17:59:01 2019 rev:7 rq:678871 version:1.4.0 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-02-24 17:09:37.532520076 +0100 +++ /work/SRC/openSUSE:Factory/.cilium.new.28833/cilium.changes 2019-02-25 17:59:05.854193698 +0100 @@ -1,0 +2,5 @@ +Mon Feb 25 09:56:48 CET 2019 - n...@suse.de + +- Add missing GPL2 License for eBPF source codes + +--- Other differences: -- ++ cilium.spec ++ --- /var/tmp/diff_new_pack.elc7pM/_old 2019-02-25 17:59:07.118192463 +0100 +++ /var/tmp/diff_new_pack.elc7pM/_new 2019-02-25 17:59:07.122192459 +0100 @@ -38,7 +38,7 @@ Version:1.4.0 Release:0 Summary:Linux Native, HTTP Aware Networking and Security for Containers -License:Apache-2.0 +License:Apache-2.0 AND GPL-2.0-only Group: System/Management URL:https://github.com/cilium/cilium Source: %{name}-%{version}.tar.gz
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2019-02-24 17:09:29 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.28833 (New) Package is "cilium" Sun Feb 24 17:09:29 2019 rev:6 rq:674486 version:1.4.0 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2018-09-04 22:58:12.281417533 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.28833/cilium.changes 2019-02-24 17:09:37.532520076 +0100 @@ -1,0 +2,91 @@ +Wed Feb 13 10:09:55 UTC 2019 - Michał Rostecki + +- Update to version 1.4.0: + * doc: Fix key generation for encryption + * doc: Add validation and troubleshooting section to encryption +GSG + * datapath: Report IPsec route installation errors + * datapath: Fix IPsec with IPv4 or IPv6 disabled + * docs: Add ipvlan-based datapath limitations and requirements + * doc, configmap: add missing entries + * examples/kubernetes: Add tofqdns-enable-poller option + * doc: Minor update to encryption guide + * cilium: transparent encryption with ipsec getting started docs + * Note about apiserver outside of cluster +- Add upstream patch which allows to set additional `go build` + flags + * cilium-allow-to-add-extra-go-build-flags.patch +- Add upstream patch which allows to specify installation + directories for CNI files + * cilium-allow-to-specify-cni-install-dirs.patch +- Make use of golang-packaging macros. +- Add rc* symlinks. + +--- +Thu Feb 7 12:46:51 UTC 2019 - Michał Rostecki + +- Run code checkers/linters only on openSUSE Tumbleweed. + +--- +Wed Feb 6 14:30:47 UTC 2019 - Michał Rostecki + +- Add devel package which contains a header and .so file. +- Improve descriptions of all packages. +- Set BINDIR, DESTDIR and LIBDIR variables properly instead of + manual installation of files in those destinations. +- Install bash completion script. +- Execute ldconfig in post and postun phases of the lib package. +- Fix Source attribute. + +--- +Tue Feb 5 17:44:40 CET 2019 - n...@suse.de + +- Updated to 1.4-rc7 + *pkg/datapath/ipcache: stop leaking FD + *pkg/fqdn: make any operation in the sourceRuleCopy + *daemon: change policyAdd message type from Info to Debug for dns policies + *pkg/endpoint: do not leak go routines if endpoint is disconnected + *pkg/endpoint: ignore negative time durations in metrics + *Endpoint: set a new context per endpoint regeneration + *endpoint: revert endpoint BPF config map update if regenerateBPF fails + *bpf: pin endpoint configuration map + *endpoint: Unlock endpoint to prevent deadlocks. + *daemon: Allow releasing builder while waiting for proxy ACKs + *endpoint: Make regenaration timeout greater than ExecTimeout + *endpoint: Eliminate ExecTimeout, ctx. + *daemon: Use sync.Once, rewamp comments. + *bpf: Fix node-port access to l7 proxy + *bpf: Templatize endpoint configuration + *maps: Add BPFConfigMap for endpoint configuration + *endpoint: Support dynamic BPF configuration + *bpf: Relax verifier in IPv6 drop case + *bpf: Fix tcp flag access + *bpf: Don't reset TCP timer on final ACK + *cilium: spelling: sha is an acronym replace with SHA + *bpf: Provide more specific drop reasons + *proxylib: Update proxylib.h with go 1.11 + *agent: Fix invalid printf style invocations + *gitignore: Ingore cilium-ring-dump binary + *lbmap: Retrieve service ID when dumping BPF map + *service: Restore service IDs before connecting to Kubernetes apiserver + *service: Restore bpfservie cache on startup + *lbmap: Add unit test for getBackends() + *idpool: Factor out IDPool from allocator into package for reuse + *idpool: Fix leaseAvailableID() and slice out of bounds + *node: Don't insert own node into tunnel map + *bpf: Avoid routing loops for former local endpoint IPs + *test: Use cilium-etcd-operator + *clustermesh: Fix race when shutting down clustermesh + *clustermesh: Wait for controllers to be shutdown when closing + *cni: Synchroneous pod label retrieval on CNI add + *identity: Block createEndpoint() while identity is being resolved + *bpf: Remove source MAC address validation + *bpf: Remove destination MAC address verification + *agent: Ignore IPV4_GATEWAY=0x0 when restoring + - details changelogs are in https://github.com/cilium/cilium/projects/11 +- disable bash completion +- added a new package libcilium1 +- build with go1.10(need fix for cgo alignchecker issue) + + +--- Old: v1.2.1.tar.gz New: _service _servicedata cilium-1.4.0.tar.gz
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2018-09-04 22:58:05 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new (New) Package is "cilium" Tue Sep 4 22:58:05 2018 rev:5 rq:633038 version:1.2.1 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2018-08-24 17:00:35.869822000 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new/cilium.changes 2018-09-04 22:58:12.281417533 +0200 @@ -1,0 +2,31 @@ +Tue Sep 4 15:58:32 CEST 2018 - n...@suse.de + +- change 00-cilium-cni.conf -> 10-cilium-cni.conf to keep sync with salt + +--- +Mon Sep 3 14:06:13 CEST 2018 - n...@suse.de + +- Use proper bash-completion dir +- Updated to 1.2.1 + *docker, bpf: add iproute2 version which works around missing af_alg + *docker, bpf: add bpftool for debugging and introspection + *test/k8sT: use specific commit for cilium/star-wars-demo YAMLs + *pkg/k8s: properly handle empty NamespaceSelector + *lxcmap: Improve error messages in DeleteElement() + *lxcmap: Fix always returning an error on delete + *ctmap: Mark IPv6 CT GC as completed on success + *endpoint: Fix endpoint regeneration failure metric + *Block locked code in TriggerPolicyUpdates + *Ignore non-existing link error in cni del + *fqdn: Strip toCIDRSet rules to be more resilient + *fqdn: Use UUIDs to manage rules + *fqdn: Inject IPs on initial rule insert + *xds: Ignore completion timeouts on resource upsert and delete + *endpoint: Log when BPF regeneration times out not because of Envoy + *endpoint: In BPF regeneration, create/remove listeners early + *doc: Restructure and simplify upgrade guide + *doc: Restructure installation guides + *doc: AWS EKS installation guide + *identity: Wait for initial set of security identities before restoring endpoints + +--- Old: v1.2.0-rc1.tar.gz New: v1.2.1.tar.gz Other differences: -- ++ cilium.spec ++ --- /var/tmp/diff_new_pack.vN9IPA/_old 2018-09-04 22:58:13.425421434 +0200 +++ /var/tmp/diff_new_pack.vN9IPA/_new 2018-09-04 22:58:13.429421447 +0200 @@ -30,13 +30,13 @@ %endif Name: cilium -Version:1.2.0~rc1 +Version:1.2.1 Release:0 Summary:Linux Native, HTTP Aware Networking and Security for Containers License:Apache-2.0 Group: System/Management URL:https://github.com/cilium/cilium -Source0:https://github.com/cilium/cilium/archive/v1.2.0-rc1.tar.gz +Source0:https://github.com/cilium/cilium/archive/v%{version}.tar.gz BuildRequires: clang BuildRequires: git BuildRequires: glibc-devel @@ -62,19 +62,19 @@ Kubernetes. %prep -mkdir -p %{name}-1.2.0-rc1/src/github.com/cilium/%{name} -tar -zxf %{SOURCE0} --strip-components=1 -C %{name}-1.2.0-rc1/src/github.com/cilium/%{name} +mkdir -p %{name}-%{version}/src/github.com/cilium/%{name} +tar -zxf %{SOURCE0} --strip-components=1 -C %{name}-%{version}/src/github.com/cilium/%{name} %build -export GOPATH=$(pwd)/%{name}-1.2.0-rc1 +export GOPATH=$(pwd)/%{name}-%{version} export CILIUM_DISABLE_ENVOY_BUILD=1 -cd %{name}-1.2.0-rc1/src/github.com/cilium/%{name} +cd %{name}-%{version}/src/github.com/cilium/%{name} sed -i '/groupadd /s/^/#/' daemon/Makefile make precheck make build %install -cd %{name}-1.2.0-rc1/src/github.com/cilium/%{name} +cd %{name}-%{version}/src/github.com/cilium/%{name} %make_install for service in cilium cilium-docker cilium-etcd cilium-consul; do @@ -83,10 +83,14 @@ done install -D -m 0644 contrib/systemd/cilium %{buildroot}%{_fillupdir}/sysconfig.cilium -install -D -m 0644 plugins/cilium-cni/00-cilium-cni.conf %{buildroot}%{_sysconfdir}/cni/net.d/ +install -D -m 0644 plugins/cilium-cni/00-cilium-cni.conf %{buildroot}%{_sysconfdir}/cni/net.d/10-cilium-cni.conf install -D %{buildroot}/opt/cni/bin/cilium-cni "%{buildroot}%{cni_bin_dir}/cilium-cni" +mkdir -p %{buildroot}/usr/share/bash-completion/completions/ +install -D %{buildroot}%{_sysconfdir}/bash_completion.d/cilium %{buildroot}/usr/share/bash-completion/completions/ rm %{buildroot}/opt/cni/bin/cilium-cni +rm %{buildroot}%{_sysconfdir}/bash_completion.d/cilium +rm %{buildroot}/etc/cni/net.d/00-cilium-cni.conf %pre getent group cilium >/dev/null || groupadd -r cilium @@ -108,8 +112,8 @@ %dir %{_sysconfdir}/cni/net.d %dir %{cni_bin_dir} -%{_sysconfdir}/bash_completion.d/cilium -%config(noreplace) %{_sysconfdir}/cni/net.d/00-cilium-cni.conf +/usr/share/bash-completion/completions/cilium +%config(noreplace) %{_sysconfdir}/cni/net.d/10-cilium-cni.conf
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2018-08-24 17:00:15 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new (New) Package is "cilium" Fri Aug 24 17:00:15 2018 rev:4 rq:628056 version:1.2.0~rc1 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2018-06-05 12:53:08.245141701 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new/cilium.changes 2018-08-24 17:00:35.869822000 +0200 @@ -1,0 +2,10 @@ +Wed Aug 8 12:06:50 CEST 2018 - n...@suse.de + +- Updated to 1.2.0-rc1 + * Inter cluster service routing + * BPF based flow aggregation + * BGP with kube-router + more at https://github.com/cilium/cilium/releases/tag/v1.2.0-rc1 +- Add cilium group + +--- Old: v1.0.0.tar.gz New: v1.2.0-rc1.tar.gz Other differences: -- ++ cilium.spec ++ --- /var/tmp/diff_new_pack.WynLA1/_old 2018-08-24 17:00:36.873823189 +0200 +++ /var/tmp/diff_new_pack.WynLA1/_new 2018-08-24 17:00:36.877823193 +0200 @@ -30,13 +30,13 @@ %endif Name: cilium -Version:1.0.0 +Version:1.2.0~rc1 Release:0 Summary:Linux Native, HTTP Aware Networking and Security for Containers License:Apache-2.0 Group: System/Management URL:https://github.com/cilium/cilium -Source0:https://github.com/cilium/cilium/archive/v%{version}.tar.gz +Source0:https://github.com/cilium/cilium/archive/v1.2.0-rc1.tar.gz BuildRequires: clang BuildRequires: git BuildRequires: glibc-devel @@ -62,19 +62,19 @@ Kubernetes. %prep -mkdir -p %{name}-%{version}/src/github.com/cilium/%{name} -tar -zxf %{SOURCE0} --strip-components=1 -C %{name}-%{version}/src/github.com/cilium/%{name} +mkdir -p %{name}-1.2.0-rc1/src/github.com/cilium/%{name} +tar -zxf %{SOURCE0} --strip-components=1 -C %{name}-1.2.0-rc1/src/github.com/cilium/%{name} %build -export GOPATH=$(pwd)/%{name}-%{version} +export GOPATH=$(pwd)/%{name}-1.2.0-rc1 export CILIUM_DISABLE_ENVOY_BUILD=1 -cd %{name}-%{version}/src/github.com/cilium/%{name} +cd %{name}-1.2.0-rc1/src/github.com/cilium/%{name} sed -i '/groupadd /s/^/#/' daemon/Makefile make precheck make build %install -cd %{name}-%{version}/src/github.com/cilium/%{name} +cd %{name}-1.2.0-rc1/src/github.com/cilium/%{name} %make_install for service in cilium cilium-docker cilium-etcd cilium-consul; do @@ -83,12 +83,13 @@ done install -D -m 0644 contrib/systemd/cilium %{buildroot}%{_fillupdir}/sysconfig.cilium -install -D -m 0644 plugins/cilium-cni/10-cilium-cni.conf %{buildroot}%{_sysconfdir}/cni/net.d/ +install -D -m 0644 plugins/cilium-cni/00-cilium-cni.conf %{buildroot}%{_sysconfdir}/cni/net.d/ install -D %{buildroot}/opt/cni/bin/cilium-cni "%{buildroot}%{cni_bin_dir}/cilium-cni" rm %{buildroot}/opt/cni/bin/cilium-cni %pre +getent group cilium >/dev/null || groupadd -r cilium %service_add_pre cilium-consul.service cilium-docker.service cilium-etcd.service cilium.service %post @@ -108,7 +109,7 @@ %dir %{cni_bin_dir} %{_sysconfdir}/bash_completion.d/cilium -%config(noreplace) %{_sysconfdir}/cni/net.d/10-cilium-cni.conf +%config(noreplace) %{_sysconfdir}/cni/net.d/00-cilium-cni.conf %{_fillupdir}/sysconfig.cilium %{_usr}/lib/systemd/system/cilium-consul.service %{_usr}/lib/systemd/system/cilium-docker.service @@ -122,6 +123,6 @@ %{_bindir}/cilium-health %{_bindir}/cilium-bugtool %{cni_bin_dir}/cilium-cni -%license %{name}-%{version}/src/github.com/cilium/cilium/LICENSE +%license %{name}-1.2.0-rc1/src/github.com/cilium/cilium/LICENSE %changelog
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2018-06-05 12:53:07 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new (New) Package is "cilium" Tue Jun 5 12:53:07 2018 rev:3 rq:614037 version:1.0.0 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2018-04-26 13:38:42.502591327 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new/cilium.changes 2018-06-05 12:53:08.245141701 +0200 @@ -1,0 +2,10 @@ +Mon Jun 4 16:04:59 UTC 2018 - dcass...@suse.com + +- Refactor %license usage to simpler form + +--- +Mon Jun 4 09:50:42 UTC 2018 - dcass...@suse.com + +- Make use of %license macro + +--- Other differences: -- ++ cilium.spec ++ --- /var/tmp/diff_new_pack.zRfzxc/_old 2018-06-05 12:53:08.933116503 +0200 +++ /var/tmp/diff_new_pack.zRfzxc/_new 2018-06-05 12:53:08.937116357 +0200 @@ -122,5 +122,6 @@ %{_bindir}/cilium-health %{_bindir}/cilium-bugtool %{cni_bin_dir}/cilium-cni +%license %{name}-%{version}/src/github.com/cilium/cilium/LICENSE %changelog
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2018-04-26 13:38:38 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new (New) Package is "cilium" Thu Apr 26 13:38:38 2018 rev:2 rq:601000 version:1.0.0 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2018-04-24 15:33:08.022212857 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new/cilium.changes 2018-04-26 13:38:42.502591327 +0200 @@ -1,0 +2,11 @@ +Wed Apr 25 10:54:45 CEST 2018 - n...@suse.de + +- Updated to v1.0.0 + Bugfixes Changes: +*etcd: Clear the etcd status error when connectivity is OK (3824, @rlenglet) +*ipcache: Fix ipcache deletion of old identities on update (3865, @rlenglet) +*bpf: Fix tracing message for egress policy (3806, @joestringer) +[- envoy-optional.patch] +- use url for source + +--- Old: cilium-1.0.0-rc10.tar.gz envoy-optional.patch New: v1.0.0.tar.gz Other differences: -- ++ cilium.spec ++ --- /var/tmp/diff_new_pack.IMMjAA/_old 2018-04-26 13:38:43.558552623 +0200 +++ /var/tmp/diff_new_pack.IMMjAA/_new 2018-04-26 13:38:43.562552476 +0200 @@ -30,14 +30,13 @@ %endif Name: cilium -Version:1.0.0~rc10 +Version:1.0.0 Release:0 Summary:Linux Native, HTTP Aware Networking and Security for Containers License:Apache-2.0 Group: System/Management URL:https://github.com/cilium/cilium -Source0:cilium-1.0.0-rc10.tar.gz -Patch0: envoy-optional.patch +Source0:https://github.com/cilium/cilium/archive/v%{version}.tar.gz BuildRequires: clang BuildRequires: git BuildRequires: glibc-devel @@ -65,7 +64,6 @@ %prep mkdir -p %{name}-%{version}/src/github.com/cilium/%{name} tar -zxf %{SOURCE0} --strip-components=1 -C %{name}-%{version}/src/github.com/cilium/%{name} -patch -p1 -d %{name}-%{version}/src/github.com/cilium/%{name} < %{PATCH0} %build export GOPATH=$(pwd)/%{name}-%{version}