commit cilium for openSUSE:Factory
Hello community,
here is the log from the commit of package cilium for openSUSE:Factory checked
in at 2020-11-02 09:41:18
Comparing /work/SRC/openSUSE:Factory/cilium (Old)
and /work/SRC/openSUSE:Factory/.cilium.new.3463 (New)
Package is "cilium"
Mon Nov 2 09:41:18 2020 rev:30 rq:845100 version:1.8.5
Changes:
--- /work/SRC/openSUSE:Factory/cilium/cilium.changes2020-08-16
20:27:35.898108844 +0200
+++ /work/SRC/openSUSE:Factory/.cilium.new.3463/cilium.changes 2020-11-02
09:41:37.845681164 +0100
@@ -1,0 +2,21 @@
+Fri Oct 30 16:50:02 UTC 2020 - Michał Rostecki
+
+- Update to 1.8.5
+ * Release notes: https://github.com/cilium/cilium/releases/tag/v1.8.5
+- Remove patches which were included upstream:
+ * 0001-option-mark-keep-bpf-templates-as-deprecated.patch
+ * 0002-make-remove-the-need-for-go-bindata.patch
+ * 0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch
+ * 0005-bpf-re-add-a-proper-types.h-mapper.patch
+ * 0006-build-Avoid-using-git-if-not-in-a-git-repo.patch
+ * 0007-option-rename-PolicyMapMaxEntries-to-PolicyMapEntrie.patch
+ * 0008-helm-allow-to-configure-bpf-nat-global-max-using-Hel.patch
+ * 0009-option-reduce-default-number-for-TCP-CT-and-NAT-tabl.patch
+ * 0010-daemon-add-option-to-dynamically-size-BPF-maps-based.patch
+- Remove downstream patch which is not needed anymore (now it's
+ enough to just modify the Helm chart with sed to set out images):
+ * 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch
+- Add upstream patch for installing the operator binary:
+ * 0001-operator-make-Add-install-target.patch
+
+---
Old:
0001-option-mark-keep-bpf-templates-as-deprecated.patch
0002-make-remove-the-need-for-go-bindata.patch
0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch
0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch
0005-bpf-re-add-a-proper-types.h-mapper.patch
0006-build-Avoid-using-git-if-not-in-a-git-repo.patch
0007-option-rename-PolicyMapMaxEntries-to-PolicyMapEntrie.patch
0008-helm-allow-to-configure-bpf-nat-global-max-using-Hel.patch
0009-option-reduce-default-number-for-TCP-CT-and-NAT-tabl.patch
0010-daemon-add-option-to-dynamically-size-BPF-maps-based.patch
cilium-1.7.6.obscpio
New:
0001-operator-make-Add-install-target.patch
cilium-1.8.5.obscpio
Other differences:
--
++ cilium.spec ++
--- /var/tmp/diff_new_pack.fm2RQv/_old 2020-11-02 09:41:39.389682646 +0100
+++ /var/tmp/diff_new_pack.fm2RQv/_new 2020-11-02 09:41:39.393682649 +0100
@@ -35,7 +35,7 @@
%endif
Name: cilium
-Version:1.7.6
+Version:1.8.5
Release:0
Summary:Linux Native, HTTP Aware Networking and Security for Containers
License:Apache-2.0 AND GPL-2.0-or-later
@@ -44,28 +44,8 @@
Source1:%{name}-rpmlintrc
Source2:cilium-cni-install
Source3:cilium-cni-uninstall
-# PATCH-FIX-UPSTREAM 0001-option-mark-keep-bpf-templates-as-deprecated.patch
-Patch1: 0001-option-mark-keep-bpf-templates-as-deprecated.patch
-# PATCH-FIX-UPSTREAM 0002-make-remove-the-need-for-go-bindata.patch
-Patch2: 0002-make-remove-the-need-for-go-bindata.patch
-# PATCH-FIX-UPSTREAM
0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch
-Patch3: 0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch
-# PATCH-FIX-OPENSUSE
0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch
-# TODO(mrostecki): Submit it upstream after we confirm that our images work
100%
-# fine, also on aarch64.
-Patch4: 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch
-# PATCH-FIX-UPSTREAM 0005-bpf-re-add-a-proper-types.h-mapper.patch
-Patch5: 0005-bpf-re-add-a-proper-types.h-mapper.patch
-# PATCH-FIX-UPSTREAM 0006-build-Avoid-using-git-if-not-in-a-git-repo.patch
-Patch6: 0006-build-Avoid-using-git-if-not-in-a-git-repo.patch
-# PATCH-FIX-UPSTREAM
0007-option-rename-PolicyMapMaxEntries-to-PolicyMapEntrie.patch
-Patch7: 0007-option-rename-PolicyMapMaxEntries-to-PolicyMapEntrie.patch
-# PATCH-FIX-UPSTREAM
0008-helm-allow-to-configure-bpf-nat-global-max-using-Hel.patch
-Patch8: 0008-helm-allow-to-configure-bpf-nat-global-max-using-Hel.patch
-# PATCH-FIX-UPSTREAM
0009-option-reduce-default-number-for-TCP-CT-and-NAT-tabl.patch
-Patch9: 0009-option-reduce-default-number-for-TCP-CT-and-NAT-tabl.patch
-# PATCH-FIX-UPSTREAM
0010-daemon-add-option-to-dynamically-size-BPF-maps-based.patch
-Patch10:0010-daemon-add-option-to-dynamically-size-BPF-maps-based.patch
+# PATCH-FIX-UPSTREAM 0001-operator-make-Add-install-target.patch
+Patch0:
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2020-08-16 20:27:20 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.3399 (New) Package is "cilium" Sun Aug 16 20:27:20 2020 rev:29 rq:826668 version:1.7.6 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2020-08-06 17:30:32.789072022 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.3399/cilium.changes 2020-08-16 20:27:35.898108844 +0200 @@ -43,0 +44,5 @@ +Tue Jul 7 13:35:47 UTC 2020 - jmassaguer...@suse.com + +- Add a _constraints to require at least 5GB of disk space + +--- New: _constraints Other differences: -- ++ cilium.spec ++ +++ empty output from diff against cilium.spec ++ _constraints ++ 5
commit cilium for openSUSE:Factory
Hello community,
here is the log from the commit of package cilium for openSUSE:Factory checked
in at 2020-08-06 17:29:53
Comparing /work/SRC/openSUSE:Factory/cilium (Old)
and /work/SRC/openSUSE:Factory/.cilium.new.3399 (New)
Package is "cilium"
Thu Aug 6 17:29:53 2020 rev:28 rq:824205 version:1.7.6
Changes:
--- /work/SRC/openSUSE:Factory/cilium/cilium.changes2020-06-23
21:02:46.669491238 +0200
+++ /work/SRC/openSUSE:Factory/.cilium.new.3399/cilium.changes 2020-08-06
17:30:32.789072022 +0200
@@ -1,0 +2,42 @@
+Mon Aug 3 16:53:32 UTC 2020 - Callum Farmer
+
+- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
+
+---
+Thu Jul 30 10:15:01 UTC 2020 - Dirk Mueller
+
+- update to 1.7.6:
+ Fixes
https://github.com/cilium/cilium/security/advisories/GHSA-9hx8-3wfx-q2vw
+ (CVE-2020-8663, CVE-2020-12605, CVE-2020-12604, CVE-2020-12603, bsc#1173559)
+
+ see https://github.com/cilium/cilium/releases/tag/v1.7.6
+ * avoid having endpoints in 'restoring' state in case the connectivity with
the KVStore is not reliable (Backport PR #12333, Upstream PR #12307, @aanm)
+ * bpf: Use nproc --all for __NR_CPUS__ (Backport PR #12363, Upstream PR
#12121, @gandro)
+ * cilium: fix encryption flow labels in ip6 case (Backport PR #12056,
Upstream PR #12015, @jrfastab)
+ * Fix bug where etcd session renew would block indefinitely, causing
endpoint provision to fail (Backport PR #12333, Upstream PR #12292,
@joestringer)
+ * Fix bug where identity allocation wouldn't cancel from api timeouts
(Backport PR #12350, Upstream PR #12328, @joestringer)
+ * Fix setting monitorAggregationLevel to max reflects via CLI (Backport PR
#12333, Upstream PR #12014, @soumynathan)
+ * Fix silent cilium monitor on systems with offline CPUs (Backport PR
#12363, Upstream PR #12310, @pchaigno)
+ * Fix syslog hook missing in DefaultLogger (Backport PR #12333, Upstream PR
#12170, @ArthurChiao)
+ * helm/operator: fix IPv6 liveness probe address for operator (Backport PR
#12333, Upstream PR #12223, @Rolinh)
+ * iptables: Remove '--nowildcard' from socket match (Backport PR #12333,
Upstream PR #12248, @jrajahalme)
+ * Istio integration is updated to Istio release 1.5.6. (Backport PR #12333,
Upstream PR #12214, @jrajahalme)
+ * Istio integration is updated to Istio release 1.5.7. (Backport PR #12357,
Upstream PR #12353, @jrajahalme)
+ * make: fix LOCKDEBUG env variable reference for docker-plugin-image
(Backport PR #12333, Upstream PR #12318, @Rolinh)
+ * option: Require native-routing-cidr only if IPv4 is enabled (Backport PR
#12354, Upstream PR #12198, @brb)
+ * policy/api: Add reserved:health entity (Backport PR #12333, Upstream PR
#12199, @pchaigno)
+ * stop Cilium from hanging on CNP or CCNP events from Kubernetes if running
with 'k8s-event-handover=true' and 'kvstore=""' (Backport PR #12333, Upstream
PR #12146, @aanm)
+ * The host proxy is updated to Envoy release 1.13.3 (Backport PR #12350,
Upstream PR #12343, @jrajahalme)
+ * Valid CNP and CCNP 'matchLabel' values must be 63 characters or less and
must be empty or begin and end with an alphanumeric character ([a-z0-9A-Z])
with dashes (-), underscores (_), dots (.), and alphanumerics between.
(Backport PR #12354, Upstream PR #12117, @aanm)
+- 0001-option-mark-keep-bpf-templates-as-deprecated.patch,
+ 0002-make-remove-the-need-for-go-bindata.patch,
+ 0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch,
+ 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch,
+ 0005-bpf-re-add-a-proper-types.h-mapper.patch,
+ 0006-build-Avoid-using-git-if-not-in-a-git-repo.patch,
+ 0007-option-rename-PolicyMapMaxEntries-to-PolicyMapEntrie.patch,
+ 0008-helm-allow-to-configure-bpf-nat-global-max-using-Hel.patch,
+ 0009-option-reduce-default-number-for-TCP-CT-and-NAT-tabl.patch,
+ 0010-daemon-add-option-to-dynamically-size-BPF-maps-based.patch: rebase
against 1.7.6
+
+---
Old:
cilium-1.7.5.obscpio
New:
cilium-1.7.6.obscpio
Other differences:
--
++ cilium.spec ++
--- /var/tmp/diff_new_pack.OztuFs/_old 2020-08-06 17:30:35.817072766 +0200
+++ /var/tmp/diff_new_pack.OztuFs/_new 2020-08-06 17:30:35.821072768 +0200
@@ -35,7 +35,7 @@
%endif
Name: cilium
-Version:1.7.5
+Version:1.7.6
Release:0
Summary:Linux Native, HTTP Aware Networking and Security for Containers
License:Apache-2.0 AND GPL-2.0-or-later
@@ -243,6 +243,7 @@
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc${service}
done
+sed -e 's-@LIBEXECDIR@-%{_libexecdir}-g' -i %{SOURCE2}
install -D -m 0755 %{SOURCE2}
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2020-06-23 21:02:19 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.2956 (New) Package is "cilium" Tue Jun 23 21:02:19 2020 rev:27 rq:814777 version:1.7.5 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2020-06-12 21:36:38.479610595 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.2956/cilium.changes 2020-06-23 21:02:46.669491238 +0200 @@ -1,0 +2,30 @@ +Mon Jun 15 16:13:44 UTC 2020 - Michał Rostecki + +- Fix cniInstallScript and cniUninstallScript values in helm chart. + +--- +Fri Jun 12 14:00:51 UTC 2020 - Dirk Mueller + +- Update to 1.7.5 + + Too many bugfixes to list here, see + https://github.com/cilium/cilium/releases/tag/v1.7.5 + https://github.com/cilium/cilium/releases/tag/v1.7.4 + https://github.com/cilium/cilium/releases/tag/v1.7.3 + https://github.com/cilium/cilium/releases/tag/v1.7.2 + https://github.com/cilium/cilium/releases/tag/v1.7.1 + +- rename 0002-bpf-re-add-a-proper-types.h-mapper.patch to + 0005-bpf-re-add-a-proper-types.h-mapper.patch +- rename 0001-build-Avoid-using-git-if-not-in-a-git-repo.patch to + 0006-build-Avoid-using-git-if-not-in-a-git-repo.patch +- rename 0005-rename-PolicyMapMaxEntries-to-PolicyMapEntries-and-define-policy-map-size-limits-as-consts.patch to + 0007-option-rename-PolicyMapMaxEntries-to-PolicyMapEntrie.patch +- rename 0006-allow-to-configure-bpf-nat-global-max-using-helm.patch to + 0008-helm-allow-to-configure-bpf-nat-global-max-using-Hel.patch +- rename 0007-reduce-default-number-for-TCP-CT-and-NAT-table-max-entries.patch to + 0009-option-reduce-default-number-for-TCP-CT-and-NAT-tabl.patch +- rename 0008-add-option-to-dynamically-size-BPF-maps-based-on-system-memory.patch to + 0010-daemon-add-option-to-dynamically-size-BPF-maps-based.patch +- remove 0001-datapath-Switch-to-upstream-bpftool-remove-additiona.patch + +--- Old: 0001-build-Avoid-using-git-if-not-in-a-git-repo.patch 0001-datapath-Switch-to-upstream-bpftool-remove-additiona.patch 0002-bpf-re-add-a-proper-types.h-mapper.patch 0005-rename-PolicyMapMaxEntries-to-PolicyMapEntries-and-define-policy-map-size-limits-as-consts.patch 0006-allow-to-configure-bpf-nat-global-max-using-helm.patch 0007-reduce-default-number-for-TCP-CT-and-NAT-table-max-entries.patch 0008-add-option-to-dynamically-size-BPF-maps-based-on-system-memory.patch cilium-1.7.0.obscpio New: 0005-bpf-re-add-a-proper-types.h-mapper.patch 0006-build-Avoid-using-git-if-not-in-a-git-repo.patch 0007-option-rename-PolicyMapMaxEntries-to-PolicyMapEntrie.patch 0008-helm-allow-to-configure-bpf-nat-global-max-using-Hel.patch 0009-option-reduce-default-number-for-TCP-CT-and-NAT-tabl.patch 0010-daemon-add-option-to-dynamically-size-BPF-maps-based.patch cilium-1.7.5.obscpio Other differences: -- ++ cilium.spec ++ --- /var/tmp/diff_new_pack.TZFIMP/_old 2020-06-23 21:02:48.509497159 +0200 +++ /var/tmp/diff_new_pack.TZFIMP/_new 2020-06-23 21:02:48.513497172 +0200 @@ -35,7 +35,7 @@ %endif Name: cilium -Version:1.7.0 +Version:1.7.5 Release:0 Summary:Linux Native, HTTP Aware Networking and Security for Containers License:Apache-2.0 AND GPL-2.0-or-later @@ -45,29 +45,27 @@ Source2:cilium-cni-install Source3:cilium-cni-uninstall # PATCH-FIX-UPSTREAM 0001-option-mark-keep-bpf-templates-as-deprecated.patch -Patch0: 0001-option-mark-keep-bpf-templates-as-deprecated.patch +Patch1: 0001-option-mark-keep-bpf-templates-as-deprecated.patch # PATCH-FIX-UPSTREAM 0002-make-remove-the-need-for-go-bindata.patch -Patch1: 0002-make-remove-the-need-for-go-bindata.patch +Patch2: 0002-make-remove-the-need-for-go-bindata.patch # PATCH-FIX-UPSTREAM 0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch -Patch2: 0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch +Patch3: 0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch # PATCH-FIX-OPENSUSE 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch # TODO(mrostecki): Submit it upstream after we confirm that our images work 100% # fine, also on aarch64. -Patch3: 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch -# PATCH-FIX-UPSTREAM 0005-rename-PolicyMapMaxEntries-to-PolicyMapEntries-and-define-policy-map-size-limits-as-consts.patch -Patch5:
commit cilium for openSUSE:Factory
Hello community,
here is the log from the commit of package cilium for openSUSE:Factory checked
in at 2020-06-12 21:35:53
Comparing /work/SRC/openSUSE:Factory/cilium (Old)
and /work/SRC/openSUSE:Factory/.cilium.new.3606 (New)
Package is "cilium"
Fri Jun 12 21:35:53 2020 rev:26 rq:813483 version:1.7.0
Changes:
--- /work/SRC/openSUSE:Factory/cilium/cilium.changes2020-05-07
15:05:33.231712331 +0200
+++ /work/SRC/openSUSE:Factory/.cilium.new.3606/cilium.changes 2020-06-12
21:36:38.479610595 +0200
@@ -1,0 +2,8 @@
+Wed Jun 10 19:44:44 UTC 2020 - Dirk Mueller
+
+- add 0002-bpf-re-add-a-proper-types.h-mapper.patch
+- add 0001-build-Avoid-using-git-if-not-in-a-git-repo.patch
+- add 0001-datapath-Switch-to-upstream-bpftool-remove-additiona.patch
+- build BPF_SRCFILES to get the list of bpf files to install
+
+---
New:
0001-build-Avoid-using-git-if-not-in-a-git-repo.patch
0001-datapath-Switch-to-upstream-bpftool-remove-additiona.patch
0002-bpf-re-add-a-proper-types.h-mapper.patch
Other differences:
--
++ cilium.spec ++
--- /var/tmp/diff_new_pack.Bq7Mn4/_old 2020-06-12 21:36:41.083620170 +0200
+++ /var/tmp/diff_new_pack.Bq7Mn4/_new 2020-06-12 21:36:41.087620184 +0200
@@ -62,10 +62,16 @@
Patch7:
0007-reduce-default-number-for-TCP-CT-and-NAT-table-max-entries.patch
# PATCH-FIX-UPSTREAM
0008-add-option-to-dynamically-size-BPF-maps-based-on-system-memory.patch
Patch8:
0008-add-option-to-dynamically-size-BPF-maps-based-on-system-memory.patch
+# PATCH-FIX-UPSTREAM 0002-bpf-re-add-a-proper-types.h-mapper.patch
+Patch10:0002-bpf-re-add-a-proper-types.h-mapper.patch
+# PATCH-FIX-UPSTREAM 0001-build-Avoid-using-git-if-not-in-a-git-repo.patch
+Patch11:0001-build-Avoid-using-git-if-not-in-a-git-repo.patch
+# PATCH-FIX-UPSTREAM
0001-datapath-Switch-to-upstream-bpftool-remove-additiona.patch
+Patch12:0001-datapath-Switch-to-upstream-bpftool-remove-additiona.patch
# Cilium needs to be aware of the version string of cilium-proxy
BuildRequires: cilium-proxy
BuildRequires: clang
-BuildRequires: git
+BuildRequires: git-core
BuildRequires: golang-github-jteeuwen-go-bindata
BuildRequires: golang-packaging
%if 0%{?suse_version} > 1510 && 0%{?is_opensuse}
@@ -193,6 +199,10 @@
%prep
%autosetup -p1
+# generate the BPF_SRCFILES which is normally part of the release tarballs but
+# not when we generate it from git (but don't run the dist scripts)
+find bpf/ -type f | grep -v .gitignore | tr "\n" ' ' > BPF_SRCFILES
+
%build
%goprep %{provider_prefix}
export GOPATH=%{_builddir}/go
@@ -316,6 +326,7 @@
%{_bindir}/cilium-map-migrate
%{_bindir}/cilium-node-monitor
%{_bindir}/maptool
+%{_localstatedir}/lib/cilium
%license LICENSE
%files cni
++ 0001-build-Avoid-using-git-if-not-in-a-git-repo.patch ++
>From 0c80bde138150fc7f5a275b075995ad8ba11caa9 Mon Sep 17 00:00:00 2001
From: Jarno Rajahalme
Date: Fri, 15 May 2020 17:33:01 -0700
Subject: [PATCH] build: Avoid using git if not in a git repo
Do not use git if not in a git repo.
Only create GIT_VERSION if the existing file is already not the
same. This helps docker caching.
Store the list bpf files to a temporary file BPF_SRCFILES, which is
ignored by git like GIT_VERSION. This allows builds to succeed without
git.
Signed-off-by: Jarno Rajahalme
---
.gitignore| 1 +
Makefile | 9 ++---
Makefile.defs | 11 ---
3 files changed, 15 insertions(+), 6 deletions(-)
--- a/Makefile.defs
+++ b/Makefile.defs
@@ -38,7 +38,7 @@
BPF_FILES_EVAL := $(shell git ls-files $(ROOT_DIR)/bpf/ | grep -v .gitignore |
tr "\n" ' ')
BPF_FILES ?= $(BPF_FILES_EVAL)
-BPF_SRCFILES := $(subst ../,,$(BPF_FILES))
+BPF_SRCFILES = $(shell cat $(ROOT_DIR)/BPF_SRCFILES)
CILIUM_DATAPATH_SHA=$(shell cat $(BPF_FILES) | sha1sum | awk '{print $$1}')
GOLDFLAGS += -X
"github.com/cilium/cilium/pkg/datapath/loader.DatapathSHA=$(CILIUM_DATAPATH_SHA)"
++ 0001-datapath-Switch-to-upstream-bpftool-remove-additiona.patch ++
>From d4b7d5a7f86c11fde6ca764a02719fa4ea9ba915 Mon Sep 17 00:00:00 2001
From: Michal Rostecki
Date: Wed, 26 Feb 2020 23:48:02 +0100
Subject: [PATCH] datapath: Switch to upstream bpftool, remove additional
arguments
[ upstream commit 35bbe48c86fdfc430de47f7f4c488f3fb1d9b711 ]
Upstream bpftool does not run probes which emit dmesg messages by
default anymore. Additional arguments for filtering out probes are not
needed anymore.
Link:
https://lore.kernel.org/bpf/20200226165941.6379-1-mroste...@opensuse.org/T/
Signed-off-by: Michal Rostecki
---
pkg/datapath/linux/probes/probes.go | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2020-05-07 15:05:11 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.2738 (New) Package is "cilium" Thu May 7 15:05:11 2020 rev:25 rq:87 version:1.7.0 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2020-04-28 22:29:22.869419119 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.2738/cilium.changes 2020-05-07 15:05:33.231712331 +0200 @@ -1,0 +2,5 @@ +Wed Apr 29 20:14:19 UTC 2020 - Dirk Mueller + +- enable build for all 64 bit arches (adds ppc64le, s390x) + +--- Other differences: -- ++ cilium.spec ++ --- /var/tmp/diff_new_pack.8U0dmN/_old 2020-05-07 15:05:34.419714960 +0200 +++ /var/tmp/diff_new_pack.8U0dmN/_new 2020-05-07 15:05:34.419714960 +0200 @@ -103,7 +103,7 @@ Requires: protobuf-c Requires: util-linux Requires: which -ExclusiveArch: aarch64 x86_64 +ExclusiveArch: aarch64 x86_64 s390x ppc64le Requires(post): %fillup_prereq %description
commit cilium for openSUSE:Factory
Hello community,
here is the log from the commit of package cilium for openSUSE:Factory checked
in at 2020-04-28 22:29:20
Comparing /work/SRC/openSUSE:Factory/cilium (Old)
and /work/SRC/openSUSE:Factory/.cilium.new.2738 (New)
Package is "cilium"
Tue Apr 28 22:29:20 2020 rev:24 rq:797590 version:1.7.0
Changes:
--- /work/SRC/openSUSE:Factory/cilium/cilium.changes2020-03-11
18:34:55.126993370 +0100
+++ /work/SRC/openSUSE:Factory/.cilium.new.2738/cilium.changes 2020-04-28
22:29:22.869419119 +0200
@@ -1,0 +2,9 @@
+Sat Apr 25 03:57:30 UTC 2020 - Swaminathan Vasudevan
+
+- Adds a couple of patches that fixes bpf load error (bsc#1151876)
+ *
0005-rename-PolicyMapMaxEntries-to-PolicyMapEntries-and-define-policy-map-size-limits-as-consts.patch(combined)
+ * 0006-allow-to-configure-bpf-nat-global-max-using-helm.patch
+ * 0007-reduce-default-number-for-TCP-CT-and-NAT-table-max-entries.patch
+ * 0008-add-option-to-dynamically-size-BPF-maps-based-on-system-memory.patch
+
+---
New:
0005-rename-PolicyMapMaxEntries-to-PolicyMapEntries-and-define-policy-map-size-limits-as-consts.patch
0006-allow-to-configure-bpf-nat-global-max-using-helm.patch
0007-reduce-default-number-for-TCP-CT-and-NAT-table-max-entries.patch
0008-add-option-to-dynamically-size-BPF-maps-based-on-system-memory.patch
Other differences:
--
++ cilium.spec ++
--- /var/tmp/diff_new_pack.lKL9yT/_old 2020-04-28 22:29:25.765424523 +0200
+++ /var/tmp/diff_new_pack.lKL9yT/_new 2020-04-28 22:29:25.769424530 +0200
@@ -54,6 +54,14 @@
# TODO(mrostecki): Submit it upstream after we confirm that our images work
100%
# fine, also on aarch64.
Patch3: 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch
+# PATCH-FIX-UPSTREAM
0005-rename-PolicyMapMaxEntries-to-PolicyMapEntries-and-define-policy-map-size-limits-as-consts.patch
+Patch5:
0005-rename-PolicyMapMaxEntries-to-PolicyMapEntries-and-define-policy-map-size-limits-as-consts.patch
+# PATCH-FIX-UPSTREAM
0006-add-option-to-dynamically-size-BPF-maps-based-on-system-memory.patch
+Patch6: 0006-allow-to-configure-bpf-nat-global-max-using-helm.patch
+# PATCH-FIX-UPSTREAM
0007-reduce-default-number-for-TCP-CT-and-NAT-table-max-entries.patch
+Patch7:
0007-reduce-default-number-for-TCP-CT-and-NAT-table-max-entries.patch
+# PATCH-FIX-UPSTREAM
0008-add-option-to-dynamically-size-BPF-maps-based-on-system-memory.patch
+Patch8:
0008-add-option-to-dynamically-size-BPF-maps-based-on-system-memory.patch
# Cilium needs to be aware of the version string of cilium-proxy
BuildRequires: cilium-proxy
BuildRequires: clang
++
0005-rename-PolicyMapMaxEntries-to-PolicyMapEntries-and-define-policy-map-size-limits-as-consts.patch
++
diff -crB --new-file cilium-1.7.0-backup/daemon/daemon.go
cilium-1.7.0-policymapentry-new/daemon/daemon.go
*** cilium-1.7.0-backup/daemon/daemon.go2020-02-18 14:32:45.0
-0800
--- cilium-1.7.0-policymapentry-new/daemon/daemon.go2020-04-24
10:52:21.067469765 -0700
***
*** 273,279
ctmap.InitMapInfo(option.Config.CTMapEntriesGlobalTCP,
option.Config.CTMapEntriesGlobalAny,
option.Config.EnableIPv4, option.Config.EnableIPv6,
)
! policymap.InitMapInfo(option.Config.PolicyMapMaxEntries)
if option.Config.DryMode == false {
if err := bpf.ConfigureResourceLimits(); err != nil {
--- 273,279
ctmap.InitMapInfo(option.Config.CTMapEntriesGlobalTCP,
option.Config.CTMapEntriesGlobalAny,
option.Config.EnableIPv4, option.Config.EnableIPv6,
)
! policymap.InitMapInfo(option.Config.PolicyMapEntries)
if option.Config.DryMode == false {
if err := bpf.ConfigureResourceLimits(); err != nil {
diff -crB --new-file cilium-1.7.0-backup/pkg/option/config.go
cilium-1.7.0-policymapentry-new/pkg/option/config.go
*** cilium-1.7.0-backup/pkg/option/config.go2020-04-23 21:08:27.747702955
-0700
--- cilium-1.7.0-policymapentry-new/pkg/option/config.go2020-04-24
17:56:30.130187069 -0700
***
*** 449,454
--- 449,460
// LimitTableMax defines the maximum CT or NAT table limit
LimitTableMax = 1 << 24 // 16Mi entries (~1GiB of entries per map)
+ // PolicyMapMin defines the minimum policy map limit.
+ PolicyMapMin = 1 << 8
+
+ // PolicyMapMax defines the minimum policy map limit.
+ PolicyMapMax = 1 << 16
+
// NATMapEntriesGlobalName configures max entries for BPF NAT table
NATMapEntriesGlobalName = "bpf-nat-global-max"
***
*** 971,979
commit cilium for openSUSE:Factory
Hello community,
here is the log from the commit of package cilium for openSUSE:Factory checked
in at 2020-03-11 18:33:53
Comparing /work/SRC/openSUSE:Factory/cilium (Old)
and /work/SRC/openSUSE:Factory/.cilium.new.3160 (New)
Package is "cilium"
Wed Mar 11 18:33:53 2020 rev:23 rq:783750 version:1.7.0
Changes:
--- /work/SRC/openSUSE:Factory/cilium/cilium.changes2020-02-29
21:20:06.754001460 +0100
+++ /work/SRC/openSUSE:Factory/.cilium.new.3160/cilium.changes 2020-03-11
18:34:55.126993370 +0100
@@ -1,0 +2,10 @@
+Mon Mar 9 11:03:44 UTC 2020 - Michał Rostecki
+
+- Remove cilium-init package.
+
+---
+Fri Mar 6 10:50:09 UTC 2020 - Michał Rostecki
+
+- Add bpftool as a runtime dependency.
+
+---
Other differences:
--
++ cilium.spec ++
--- /var/tmp/diff_new_pack.64fsqp/_old 2020-03-11 18:34:56.630994293 +0100
+++ /var/tmp/diff_new_pack.64fsqp/_new 2020-03-11 18:34:56.630994293 +0100
@@ -71,6 +71,7 @@
BuildRequires: golang(API) = 1.13
Requires: awk
Requires: binutils
+Requires: bpftool
%requires_eqcilium-proxy
# clang is needed as runtime dependency for compiling BPF programs by cilium
Requires: clang
@@ -130,19 +131,6 @@
This package provides a Docker libnetwork plugin for Cilium.
-%package init
-Summary:Script for the Cilium init container
-
-%description init
-Cilium is a software for providing, and transparently securing, network
-connectivity, and for load-balancing between application containers and
-services deployed using Linux container management platforms like Docker and
-Kubernetes.
-
-This package provides a script for the Cilium init container which cleans BPF
-maps states which should be executed before launching Cilium in Kubernetes
-clusters.
-
%package operator
Summary:Kubernetes operator for Cilium
@@ -259,7 +247,6 @@
sed -i \
-e 's|cniInstallScript: /cni-install.sh|cilium-cni-install|' \
-e 's|cniUninstallScript: /cni-uninstall.sh|cilium-cni-uninstall|' \
--e 's|initImage: cilium|initImage: cilium-init|' \
-e 's|initScript: /init-container.sh|initScript: cilium-init|' \
%{buildroot}%{_datadir}/k8s-helm/cilium/charts/agent/values.yaml
sed -i \
@@ -317,6 +304,7 @@
%{_bindir}/cilium-bugtool
%{_bindir}/cilium-health
%{_bindir}/cilium-health-responder
+%{_bindir}/cilium-init
%{_bindir}/cilium-map-migrate
%{_bindir}/cilium-node-monitor
%{_bindir}/maptool
@@ -336,9 +324,6 @@
%{_sbindir}/rccilium-docker
%{_bindir}/cilium-docker
-%files init
-%{_bindir}/cilium-init
-
%files operator
%{_bindir}/cilium-operator
++ 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch ++
--- /var/tmp/diff_new_pack.64fsqp/_old 2020-03-11 18:34:56.642994300 +0100
+++ /var/tmp/diff_new_pack.64fsqp/_new 2020-03-11 18:34:56.646994303 +0100
@@ -1,4 +1,4 @@
-From 74e791429bb4483c9039a4c93ba0b398991bb73b Mon Sep 17 00:00:00 2001
+From 6f533168004d9bdc7be259e0b0860bc6b4792936 Mon Sep 17 00:00:00 2001
From: Michal Rostecki
Date: Mon, 24 Feb 2020 19:57:31 +0100
Subject: [PATCH 4/4] helm: Allow variables for compatibility with openSUSE
@@ -16,18 +16,15 @@
- cniUninstallScript - path or command of the script which uninstalls
CNI plugin (default: /cni-uninstall.sh; openSUSE:
cilium-cni-uninstall)
-- initImage - name of the image used for the init container
- (default: cilium; openSUSE: cilium-init)
- initScript - path or command of the init container script
(default: /init-container.sh; openSUSE: cilium-init)
-There are two motivations behind those values:
-- openSUSE images use only RPM packages, RPM packages have strict rules
- where files can be installed. It's against openSUSE policies to
- install scipts in the / directory, they have to be installed in
- /usr/bin. Having ".sh" in names of installed scripts is discouraged.
-- openSUSE ships a separate container image for the init container
- script, which has its own dedicated RPM package.
+Reason behind those changes is that openSUSE images use only RPM
+packages as the source of any files. rpmlint has strict rules where
+files can be installed. It's against rpmlintrc rules and openSUSE
+policies to install scripts in the / directory, they have to be
+installed in /usr/bin. Having ".sh" extensions in names of installed
+scripts is discouraged.
After this commit, generating YAML manifest using openSUSE images can be
done with:
@@ -39,7 +36,6 @@
--set global.tag=1.6.5 \
--set agent.cniInstallScript=cilium-cni-install \
--set agent.cniUninstallScript=cilium-cni-uninstall \
- --set agent.initImage=cilium-init \
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2020-02-29 21:19:50 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.26092 (New) Package is "cilium" Sat Feb 29 21:19:50 2020 rev:22 rq:779898 version:1.7.0 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2020-01-13 22:15:44.674357376 +0100 +++ /work/SRC/openSUSE:Factory/.cilium.new.26092/cilium.changes 2020-02-29 21:20:06.754001460 +0100 @@ -1,0 +2,88 @@ +Thu Feb 27 12:16:05 UTC 2020 - Michał Rostecki + +- Use %requires_eq for cilium-proxy. + +--- +Thu Feb 27 11:35:39 UTC 2020 - Michał Rostecki + +- Add cilium-proxy as a runtime dependency. + +--- +Mon Feb 24 23:50:04 UTC 2020 - Michał Rostecki + +- Build with correct cilium-proxy version string. + +--- +Mon Feb 24 22:59:42 UTC 2020 - Michał Rostecki + +- Add upstream patches which fix running Cilium on aarch64 and + remove dependency on glibc: + * 0001-option-mark-keep-bpf-templates-as-deprecated.patch + * 0002-make-remove-the-need-for-go-bindata.patch + * 0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch +- Add downstream patch which makes helm charts compatible with + openSUSE images: + * 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch + +--- +Mon Feb 24 18:35:55 UTC 2020 - Michał Rostecki + +- Update to version 1.7.0: + * Major changes +- Add direct server return (DSR) for NodePort BPF +- Add support for k8s 1.17 +- Add support for k8s endpoint slice +- Add support for L7 visibility via pod annotations +- Clusterwide K8s Cilium Network Policies +- Envoy TLS support with header imposition + * Bugfixes +- Add better mechanism to detect if k8s caches are synced + against k8s +- api: Add missing annotations to generate DeepCopy for new + status fields +- bpf: Fix proxy redirection for egress programs +- bpf: Remove POLICY_MAP from bpf_netdev and bpf_overlay +- cilium: use %v for dumping frontend struct on error +- Correct clustermesh identity sync kvstore backend usage (to + actually use the remote) +- daemon: Upgrade spf13/viper +- eni: Check instance existence before resolving deficit +- Filter out bpftool probes emitting dmesg messages +- Fix cilium daemonset deletion on AKS +- Fix concurrent access of a variable used for metrics +- Fix issue (#10092) which incorrectly configured route MTU + with encryption and tunnel enabled. +- Fix memory corruption on clusters with IPv6 and NodePort + enabled +- Fix node-port default route detection in case there multiple + default entries with same ifindex. +- Fix regression to avoid freeing alive IPs +- Fix regular service lookup in node-port range in case of + host-reachable services. +- Fix Unlock handling for kvstore locks +- Fix vishvananda/netlink library's VethPeerIndex() stack + corruption with 4.20+ kernels. +- fqdn: Support setting tofqdns-min-ttl to 0 +- health: add ipv6 health check status to cilium health status + output +- HostToContainer propagation for /sys/fs/bpf +- ipam: Protect release from releasing alive IP +- ipcache: Add probe to check for dump capability to support + delete +- ipsec: fix connectivity after node reboots +- k8s: Fix Service.DeepEquals for ExternalIP +- kubernetes: Disable LocalNodeRoute while chaining +- node: Provide context in log when restoring router addresses +- operator: only enable kvstore watcher if kvstore is enabled +- pkg/bpf: Protect each uintptr with runtime.KeepAlive +- pkg/endpoint: access endpoint state safely across go routines +- pkg/ip: fix cilium status output for big CIDR ranges +- policy: Don't open localhost when allowing L7 traffic +- policy: Expose L3 selectors within endpoint JSON + +--- +Thu Feb 20 11:14:01 UTC 2020 - Michał Rostecki + +- Remove quick-install.yaml file, ship only helm chart instead. + +--- Old: cilium-1.6.5.obscpio New: 0001-option-mark-keep-bpf-templates-as-deprecated.patch 0002-make-remove-the-need-for-go-bindata.patch 0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch cilium-1.7.0.obscpio Other differences:
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2020-01-13 22:15:20 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.6675 (New) Package is "cilium" Mon Jan 13 22:15:20 2020 rev:21 rq:758994 version:1.6.5 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-10-23 15:48:25.998537845 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.6675/cilium.changes 2020-01-13 22:15:44.674357376 +0100 @@ -1,0 +2,32 @@ +Mon Dec 23 13:20:38 UTC 2019 - Michał Rostecki + +- Update to version 1.6.5: + * Important Bug Fixes +- Envoy is updated to release 1.12.2, including important + security fixes (CVE-2019-18801, CVE-1019-18802, + CVE-1019-18838) + * Bug fixes +- Fix disabling health-checks in chaining mode +- Delete endpoint xxx_next directories during restore +- Fix typo in io.cilium/shared-service annotation +- Fix issue where services would not be updated when comparing + two services +- Fix bugtool support for aead encryption algorithm + * Misc +- Add github actions to cilium +- Fix AKS installation guide +- Disable masquerading in all chaining documentation guides +- Update golang to 1.12.14 +- Add delay between reconnect attempts to containerd +- Decrease log level for "service not found" message + * CI +- Use force flag in Cilium install apply command +- Move missed kubectl apply calls to Apply calls +- Add nil check for init container terminated state + +--- +Thu Oct 17 15:47:04 UTC 2019 - Richard Brown + +- Remove obsolete Groups tag (fate#326485) + +--- @@ -50,0 +83,1549 @@ + +--- +Fri Oct 11 14:57:44 UTC 2019 - rbr...@suse.com + +- Update to version 1.6.3: + * Prepare for v1.6.3 release + * envoy: Update image for Envoy CVEs 2019-10-08 + * Fix IP leak on main if + * policy: remove checking of CIDR-based fields from `IsLabelBased` checks + * daemon: Populate source and destination ports for DNS records + * kvstore/etcd: always reload keypair + * bpf: Fix sockops compile on newer LLVM + * Revert "add PR #82410 patch from kubernetes/kubernetes" + * vendor: update to k8s 1.16.1 + * k8s/endpointsynchronizer: Do not delete CEP on empty k8s resource names + * monitor: Fix reporting the monitor status + * docs: update k8s supported versions + * policy: Fix up selectorcache locking issue + * bpf: fix cilium_host unroutable check + * Do not add policies/states for subnets + * Use output-mark to use table 200 post-encryption and set different MTU for main/200 tables + * Update netlink library (support for output-mark) + * vendor: Bump golang.org/sys/unix library revision + * sysctl: Add function to write any param value + * sysctl: Get rid of GOOS targets + * sysctl: Add package for managing kernel parameters + * Change kind of daemonset in microk8s-prepull.yml to apps/v1 + * docs: Simplify microk8s instructions + * health: Configure sysctl when IPv6 is disabled + * dockerfile.runtime: always run update when building dependencies + * go: bump golang to 1.12.10 + * Prepare for release v1.6.2 + * test: Add a standalone test for validating static pod labels + * daemon: Start controller when pod labels resolution fails + * iptables: fix cilium_forward chain rules to support openshift + * docs/azure: wait for azure-vnet.json to be created + * docs: add akz and az to list of spelling words + * Dockerfile: Use latest iproute2 image + * endpoint: Update proxy policies when applying policy map changes out-of-band + * test: Add L3-dependent L7 test with toFQDN + * plugins/cilium-cni: add support for AKS + * docs: fix proper nodeinit.enabled flag + * docs: fix aks guide + * docs: Do not pin cilium image vsn in kubeproxy-free guide + * cilium: encryption, replace Router() IP with CiliumInternal + * FQDN: Wait on policy map update when adding new IPs + * policy: Expose map-update WaitGroup in FQDN update callchains + * endpoint: Expose Endpoint.ApplyPolicyMapChanges + * dev VM: update to k8s 1.16.0 + * test: test against k8s 1.16.0 + * Gopkg.* bump to k8s 1.16.0 + * charts/managed-etcd: bump cilium-etcd-operator to v2.0.7 + * test: bump k8s testing versions to 1.13.11, 1.14.7 and 1.15.4 + * endpoint: start a controller to retry regeneration + * endpoint: use endpoint ID for error message + * daemon: do not delete directories created by tests if tests fail + * daemon: move directory setup into `SetUpTest` + * daemon: check error from `d.init()` + * bpf: Don't delete conntrack entries on policy deny + * use common custom dialer to connect
commit cilium for openSUSE:Factory
Hello community,
here is the log from the commit of package cilium for openSUSE:Factory checked
in at 2019-10-23 15:48:16
Comparing /work/SRC/openSUSE:Factory/cilium (Old)
and /work/SRC/openSUSE:Factory/.cilium.new.2352 (New)
Package is "cilium"
Wed Oct 23 15:48:16 2019 rev:20 rq:738202 version:1.6.3
Changes:
--- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-09-20
15:00:58.938790034 +0200
+++ /work/SRC/openSUSE:Factory/.cilium.new.2352/cilium.changes 2019-10-23
15:48:25.998537845 +0200
@@ -1,0 +2,51 @@
+Fri Oct 11 15:14:19 UTC 2019 - Michał Rostecki
+
+- Update to version 1.6.3:
+ * Highlights
+* KVStore free operation
+* 100% Kube-proxy replacement
+* Socket-based load-balancing
+* Policy scalability improvements
+* Generic CNI chaining
+* Native AWS ENI mode
+ * Key Fixes
+* Fix IP leak on main interface when using ENI IPAM
+* Fix deadlock caused by buffered channel being full when
+ large amounts of local identities are allocated while
+ FQDNSelectors are being updated
+ * Minor Bug Fixes
+* Fix apiVersion in micropk8s Daemonset in microk8s-prepull.yml
+ to apps/v1
+* Do not try to delete CiliumEndpoint from K8s if name /
+ namespace fields are empty
+* Configure sysctl if IPv6 is disabled for the health
+ endpoint's device to have IPv6 disabled as well in order to
+ avoid emitting IPv6 autoconf frames
+* Fix monitor reporting status to not show monitor as always
+ being disabled
+* Fix sockops compilation / verification on newer LLVM versions
+* Ensure that unroutable packets are dropped as being
+ unroutable when they are unroutable via cilium_host device
+* Fix bug where L7 wildcarding for policy was not occurring for
+ CIDR-based policy rules
+ * Enhancements
+* Populate source and destination ports for DNS records in the
+ monitor
+* Backport of pkg/sysctl to make it easier to configure sysctl
+ options
+* Support client certificate rotation in the etcd client
+ * Encryption Fixes
+* Fix packet drops when using encryption by setting output-mark
+ to use table 200 post-encryption and set different MTU for
+ main/200 tables / not using policies/states for subnets
+ * Dependencies
+* Update netlink library to get support for output-mark
+* Update golang version in Docker images to v1.12.10
+* Always run update when building dependencies in Docker images
+* Bump K8s dependency to v1.16.1
+* Bump golang.org/sys/unix library version
+ * Documentation
+* Update supported Kubernetes versions
+* Update microk8s instructions to use cilium plugin to microk8s
+
+---
Old:
cilium-1.5.5.tar.gz
New:
cilium-1.6.3.obscpio
cilium.obsinfo
Other differences:
--
++ cilium.spec ++
--- /var/tmp/diff_new_pack.4Ar3Hf/_old 2019-10-23 15:48:28.334540370 +0200
+++ /var/tmp/diff_new_pack.4Ar3Hf/_new 2019-10-23 15:48:28.338540374 +0200
@@ -35,13 +35,13 @@
%endif
Name: cilium
-Version:1.5.5
+Version:1.6.3
Release:0
Summary:Linux Native, HTTP Aware Networking and Security for Containers
License:Apache-2.0 AND GPL-2.0-or-later
Group: System/Management
URL:https://github.com/cilium/cilium
-Source0:%{name}-%{version}.tar.gz
+Source0:%{name}-%{version}.tar.xz
Source1:%{name}-rpmlintrc
Source2:cilium-cni-install
Source3:cilium-cni-uninstall
@@ -243,27 +243,28 @@
install -D -m 0755 contrib/packaging/docker/init-container.sh
%{buildroot}/%{_bindir}/cilium-init
install -D -m 0644 contrib/systemd/cilium
%{buildroot}%{_fillupdir}/sysconfig.cilium
install -D -m 0644 proxylib/libcilium.h %{buildroot}%{_includedir}/libcilium.h
-install -D -m 0644 examples/kubernetes/1.14/cilium-crio.yaml
%{buildroot}%{_datadir}/k8s-yaml/cilium/cilium.yaml
+install -D -m 0644 install/kubernetes/quick-install.yaml
%{buildroot}%{_datadir}/k8s-yaml/cilium/quick-install.yaml
+pushd install/kubernetes/cilium
+for yaml_file in $(find . -type f -name "*.yaml"); do
+install -D -m 0644 ${yaml_file}
%{buildroot}%{_datadir}/k8s-helm/cilium/${yaml_file}
+done
+popd
sed -i \
--e 's|image: docker.io/cilium/cilium:.*|image:
registry.opensuse.org/kubic/cilium:%{version}|g' \
--e 's|image: docker.io/cilium/cilium-init:.*|image:
registry.opensuse.org/kubic/cilium-init:%{version}|g' \
--e 's|image: docker.io/cilium/operator:.*|image:
registry.opensuse.org/kubic/cilium-operator:%{version}|g' \
--e 's|image: docker.io/cilium/cilium-etcd-operator:.*|image:
commit cilium for openSUSE:Factory
Hello community,
here is the log from the commit of package cilium for openSUSE:Factory checked
in at 2019-09-20 15:00:55
Comparing /work/SRC/openSUSE:Factory/cilium (Old)
and /work/SRC/openSUSE:Factory/.cilium.new.7948 (New)
Package is "cilium"
Fri Sep 20 15:00:55 2019 rev:19 rq: version:1.5.5
Changes:
--- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-09-19
15:47:00.931339992 +0200
+++ /work/SRC/openSUSE:Factory/.cilium.new.7948/cilium.changes 2019-09-20
15:00:58.938790034 +0200
@@ -2,80 +1,0 @@
-Mon Sep 09 10:49:29 UTC 2019 - mroste...@opensuse.org
-
-- Add patches which upgrade etcd library to 3.4.0 which has a new
- client load balancer and solves issues with unavailability of
- endpoints in etcd cluster. (bsc#1145258)
- * 0001-etcd-use-ca-file-field-from-etcd-option-if-available.patch
- * 0002-daemon-separate-kvstore-initialization-into-separate.patch
- * 0003-deps-update-etcd-to-v3.4.0.patch
-- Update to version 1.5.7:
- * cilium: update IsEtcdCluster to return true if etcd.operator="true" kv
option is set
- * bpf: try to atomically replace filters when possible
- * cilium: route mtu not set unless route.Spec set MTU
- * Revert "[daemon] - Change MTU source for cilium_host (Use the Route one)"
- * cilium: encryption, fix getting started guides create secrects command
- * datapath: Limit host->service IP SNAT to local traffic
- * cilium: fix transient rules to use allocation cidr
- * Prepare for v1.5.6 release
- * endpoint: Fix proxy port leak on endpoint delete
- * update cilium-docker-plugin, cilium-operator to golang 1.12.8
- * dockerfiles: update golang versions to 1.12.8
- * cilium: install transient rules during agent restart
- * Istio: Update to 1.2.4
- * envoy: Use patched image
- * bpf: fix verifier error due to repulling of skb->data/end
- * bpf: Attempt pulling skb->data if it is not pulled
- * bpf: Introduce revalidate_data_first()
- * cilium: add skb_pull_data to bpf_network to avoid revalidate error
- * datapath/iptables: wait until acquisition xtables lock is done
- * use iptables-manager to manage iptables executions
- * examples/kubernetes: mount xtables.lock
- * eventqueue: return error if Enqueue fails
- * eventqueue: protect against enqueueing same Event twice
- * eventqueue: use mutex to synchronize access to events channel
- * daemon: get list of frontends from ServiceCache before acquiring BPFMapMu
- * cilium: remove old probe content before restoring assets
- * cilium: encryption, ensure 0x*d00 and 0x*e00 marks dont cause conflicts
- * Dockerfile: Use proxy with legacy fix
- * envoy: Add SO_MARK option to listener config
- * test: provide capability for tests to run in their own namespace
- * docs: Fix warnings
- * test: Specify protocol during policy trace
- * istio: Update to 1.2.2
- * envoy: Istio 1.2.0 update
- * istio: Update to 1.1.7
- * test: be sure to close SSH client after a given Describe completes
- * Dockerfile: Use cilium-envoy with reduced logging.
- * Envoy: Update to the latest proxy build, use latest API
- * Gopkg: update cilium/proxy
- * envoy: Use LPM ipcache instead of xDS when available.
- * Envoy: Use an image with proxylib injection fix.
- * Dockerfile: Update proxy dependency
- * CI: Change Kafka runtime tests to use local conntrack maps.
- * [daemon] - Change MTU source for cilium_host (Use the Route one)
- * endpoint: fix deadlock when endpoint EventQueue is full
- * daemon: register warning_error metric after parsing CLI options
- * Fix seds in microk8s docs
- * daemon: Fix removal of non-existing SVCs in syncLBMapsWithK8s
- * daemon: Remove svc from cache in syncLBMapsWithK8s
- * examples/kubernetes: update k8s dev VM to v1.15.1
- * test: update k8s test version to v1.15.1
- * Gopkg: update k8s dependencies to v1.15.1
- * Add timeout to ginkgo calls
- * proxy: Do not error out if reading of open ports fails.
- * pkg/kvstore: wait for node delete delay in unit tests
- * endpoint: Create redirects before bpf map updates.
- * proxy: Perform dnsproxy Close() in the returned finalizeFunc
- * endpoint: change transition from restore state
- * test: misc. runtime policy test fixes
- * docs: Fix up unparsed SCM_WEB literals
- * pkg/{kvstore,node}: delay node delete event in kvstore
- * operator: restart non-managed kube-dns pods before connecting to etcd
- * test: move creation of Istio resources into `It`
- * test: add `ExecMiddle` function
- * datapath: Do not fail if route contains gw equal to dst
- * update to golang 1.12.7
- * test: update k8s testing versions to v1.12.10, v1.13.8 and v1.14.4
- * update golang to 1.12.7 for cilium-{operator,docker-plugin}
- * endpoint: do not log warning for specific state transition
-
Old:
commit cilium for openSUSE:Factory
Hello community,
here is the log from the commit of package cilium for openSUSE:Factory checked
in at 2019-09-19 15:46:51
Comparing /work/SRC/openSUSE:Factory/cilium (Old)
and /work/SRC/openSUSE:Factory/.cilium.new.7948 (New)
Package is "cilium"
Thu Sep 19 15:46:51 2019 rev:18 rq:729717 version:1.5.7
Changes:
--- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-08-06
15:08:11.635858223 +0200
+++ /work/SRC/openSUSE:Factory/.cilium.new.7948/cilium.changes 2019-09-19
15:47:00.931339992 +0200
@@ -1,0 +2,80 @@
+Mon Sep 09 10:49:29 UTC 2019 - mroste...@opensuse.org
+
+- Add patches which upgrade etcd library to 3.4.0 which has a new
+ client load balancer and solves issues with unavailability of
+ endpoints in etcd cluster. (bsc#1145258)
+ * 0001-etcd-use-ca-file-field-from-etcd-option-if-available.patch
+ * 0002-daemon-separate-kvstore-initialization-into-separate.patch
+ * 0003-deps-update-etcd-to-v3.4.0.patch
+- Update to version 1.5.7:
+ * cilium: update IsEtcdCluster to return true if etcd.operator="true" kv
option is set
+ * bpf: try to atomically replace filters when possible
+ * cilium: route mtu not set unless route.Spec set MTU
+ * Revert "[daemon] - Change MTU source for cilium_host (Use the Route one)"
+ * cilium: encryption, fix getting started guides create secrects command
+ * datapath: Limit host->service IP SNAT to local traffic
+ * cilium: fix transient rules to use allocation cidr
+ * Prepare for v1.5.6 release
+ * endpoint: Fix proxy port leak on endpoint delete
+ * update cilium-docker-plugin, cilium-operator to golang 1.12.8
+ * dockerfiles: update golang versions to 1.12.8
+ * cilium: install transient rules during agent restart
+ * Istio: Update to 1.2.4
+ * envoy: Use patched image
+ * bpf: fix verifier error due to repulling of skb->data/end
+ * bpf: Attempt pulling skb->data if it is not pulled
+ * bpf: Introduce revalidate_data_first()
+ * cilium: add skb_pull_data to bpf_network to avoid revalidate error
+ * datapath/iptables: wait until acquisition xtables lock is done
+ * use iptables-manager to manage iptables executions
+ * examples/kubernetes: mount xtables.lock
+ * eventqueue: return error if Enqueue fails
+ * eventqueue: protect against enqueueing same Event twice
+ * eventqueue: use mutex to synchronize access to events channel
+ * daemon: get list of frontends from ServiceCache before acquiring BPFMapMu
+ * cilium: remove old probe content before restoring assets
+ * cilium: encryption, ensure 0x*d00 and 0x*e00 marks dont cause conflicts
+ * Dockerfile: Use proxy with legacy fix
+ * envoy: Add SO_MARK option to listener config
+ * test: provide capability for tests to run in their own namespace
+ * docs: Fix warnings
+ * test: Specify protocol during policy trace
+ * istio: Update to 1.2.2
+ * envoy: Istio 1.2.0 update
+ * istio: Update to 1.1.7
+ * test: be sure to close SSH client after a given Describe completes
+ * Dockerfile: Use cilium-envoy with reduced logging.
+ * Envoy: Update to the latest proxy build, use latest API
+ * Gopkg: update cilium/proxy
+ * envoy: Use LPM ipcache instead of xDS when available.
+ * Envoy: Use an image with proxylib injection fix.
+ * Dockerfile: Update proxy dependency
+ * CI: Change Kafka runtime tests to use local conntrack maps.
+ * [daemon] - Change MTU source for cilium_host (Use the Route one)
+ * endpoint: fix deadlock when endpoint EventQueue is full
+ * daemon: register warning_error metric after parsing CLI options
+ * Fix seds in microk8s docs
+ * daemon: Fix removal of non-existing SVCs in syncLBMapsWithK8s
+ * daemon: Remove svc from cache in syncLBMapsWithK8s
+ * examples/kubernetes: update k8s dev VM to v1.15.1
+ * test: update k8s test version to v1.15.1
+ * Gopkg: update k8s dependencies to v1.15.1
+ * Add timeout to ginkgo calls
+ * proxy: Do not error out if reading of open ports fails.
+ * pkg/kvstore: wait for node delete delay in unit tests
+ * endpoint: Create redirects before bpf map updates.
+ * proxy: Perform dnsproxy Close() in the returned finalizeFunc
+ * endpoint: change transition from restore state
+ * test: misc. runtime policy test fixes
+ * docs: Fix up unparsed SCM_WEB literals
+ * pkg/{kvstore,node}: delay node delete event in kvstore
+ * operator: restart non-managed kube-dns pods before connecting to etcd
+ * test: move creation of Istio resources into `It`
+ * test: add `ExecMiddle` function
+ * datapath: Do not fail if route contains gw equal to dst
+ * update to golang 1.12.7
+ * test: update k8s testing versions to v1.12.10, v1.13.8 and v1.14.4
+ * update golang to 1.12.7 for cilium-{operator,docker-plugin}
+ * endpoint: do not log warning for specific state transition
+
+---
Old:
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2019-08-06 15:08:10 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.4126 (New) Package is "cilium" Tue Aug 6 15:08:10 2019 rev:17 rq:719587 version:1.5.5 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-06-13 22:32:20.532400858 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.4126/cilium.changes 2019-08-06 15:08:11.635858223 +0200 @@ -1,0 +2,175 @@ +Mon Jul 29 11:38:56 UTC 2019 - mroste...@opensuse.org + +- Update to version 1.5.5: + * lbmap: Get rid of bpfService cache lock + * retry vm provisioning, increase timeout + * daemon: Remove svc-v2 maps when restore is disabled + * daemon: Do not remove revNAT if removing svc fails + * pkg/k8s: add conversion for DeleteFinalStateUnknown objects + * cli: fix panic in cilium bpf sha get command + * Retry provisioning vagrant vms in CI + * pkg/k8s: hold mutex while adding events to the queue + * Change nightly CI job label from fixed to baremetal + * test: set 1.15 by default in CI Vagrantfile + * daemon: Change loglevel of "ipcache entry owned by kvstore or agent" + * pkg/kvstore: add etcd lease information into cilium status + * pkg/k8s: do not parse empty annotations + * maps/lbmap: protect service cache refcount with concurrent access + * operator: add warning message if status returns an error + * pkg/kvstore: fix nil pointer in error while doing a transaction in etcd + * examples/kubernetes: bump cilium to v1.5.4 + * bpf: Remove unneeded debug instructions to stay below instruction limit + * bpf: Prohibit encapsulation traffic from pod when running in encapsulation mode + * pkg/endpointmanager: protecting endpoints against concurrent access + * test: set k8s 1.15 as default k8s version + * CI: Clean VMs and reclaim disk in nightly test + * allocator: fix race condition when allocating local identities upon bootstrap + * identity: Initialize well-known identities before the policy repository. + * cilium: docker.go ineffectual assignment + * Disable automatic direct node routes test + * kubernetes-upstream: add seperate stage to run tests + * docs: update documentation with k8s 1.15 support + * test: run k8s 1.15.0 by default in all PRs + * test: test against 1.15.0 + * vendor: update k8s to v1.15.0 + * bpf: Set random MAC addrs for cilium interfaces + * endpoint: Set random MAC addrs for veth when creating it + * vendor: Update vishvananda/netlink + * mac: Add function to generate a random MAC addr + * test: remove unused function + * test: introduce `ExecShort` function + * docs: Clarify about legacy services enabled by default + * pkg/metrics: re-register newStatusCollector function + * CI: Clean workspace when all stages complete + * CI: Clean VMs and reclaim disk after jobs complete + * CI: Report last seen error in CiliumPreFlightCheck + * fqdn: correctly populate Source IP and Port in `notifyOnDNSMsg` + * test: do not overwrite context in `GetPodNamesContext` + * test: change `GetPodNames` to have a timeout + * test: make sure that `GetPodNames` times out after 30 seconds + * CI: Ensure k8s execs cancel contexts + * test: Fix NodeCleanMetadata by using --overwrite + * test: add timeout to `waitToDeleteCilium` helper function + * .travis: update travis golang to 1.12.5 + * Don't set debug to true in monitor test + * pkg/lock: fix RUnlockIgnoreTime + * daemon: fix endpoint restore when endpoints are not available + * Preload vagrant boxes in k8s upstream jenkinsfile + * pkg/health: Fix IPv6 URL format in HTTP probe + * test: use context with timeout to ensure that Cilium log gathering takes <= 5 minutes + * k8s: Introduce test for multiple From/To selectors + * k8s: Fix policies with multiple From/To selectors + * test: create session and run commands asynchronously + * test: bump to k8s 1.14.3 + * test: error out if no-spec policies is allowed in k8s >= 1.15 + * test/provision: upgrade k8s 1.15 to 1.15.0-beta.2 + * test: have timeout for `Exec` + * pkg/kvstore: introduced a dedicated session for locks + * pkg/kvstore: implement new *IfLocked methods for etcd + * kvstore/allocator: make the allocator aware of kvstore lock holding + * pkg/kvstore: add Comparator() to KVLocker + * pkg/kvstore: add new *IfLocked methods to perform txns + * test: bump k8s 1.13 to 1.13.7 + * test: Enable IPv6 forwarding in test VMs + * docs: Remove architecture target links + * test: add serial ports to CI VMs + * *.Jenkinsfile: remove leftover failFast + * endpoint: make sure `updateRegenerationStatistics` is called within anonymous function + * Prepare for v1.5.3 + * test: do not spawn goroutines to wait for canceled context in `RunCommandContext` + *
commit cilium for openSUSE:Factory
Hello community,
here is the log from the commit of package cilium for openSUSE:Factory checked
in at 2019-06-13 22:32:18
Comparing /work/SRC/openSUSE:Factory/cilium (Old)
and /work/SRC/openSUSE:Factory/.cilium.new.4811 (New)
Package is "cilium"
Thu Jun 13 22:32:18 2019 rev:16 rq:708377 version:1.5.3
Changes:
--- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-06-05
11:38:44.791081632 +0200
+++ /work/SRC/openSUSE:Factory/.cilium.new.4811/cilium.changes 2019-06-13
22:32:20.532400858 +0200
@@ -1,0 +2,22 @@
+Fri Jun 7 13:36:27 UTC 2019 - Michal Rostecki
+
+- Switch container image URI from devel:kubic:containers to
+ openSUSE:Containers:Tumbleweed.
+
+---
+Mon Jun 7 13:34:10 CEST 2019 - n...@suse.de
+
+- Update to version 1.5.3:
+ * pkg/kvstore: do not always UpdateIfDifferent with and without lease
+ * daemon: Refactor individual endpoint restore
+ * daemon: Don't log endpoint restore if IP alloc fails
+ * Don't overwrite minRequired in WaitforNPods
+ * node: Delay handling of node delete events received via kvstore
+ * kvstore/store: Do not remove local key on sync failure
+ * node/store: Do not delete node key in kvstore on node registration failure
+ * Jenkinsfile: backport all Jenkinsfile from master
+ * test/provision: bump k8s 1.12 to 1.12.9
+ * test: do not spawn goroutines to wait for canceled context in
`RunCommandContext`
+ * test: provide context which will be cancled to `CiliumExecContext`
+
+---
Old:
cilium-1.5.1.tar.gz
New:
cilium-1.5.3.tar.gz
Other differences:
--
++ cilium.spec ++
--- /var/tmp/diff_new_pack.oUl0sm/_old 2019-06-13 22:32:21.924400406 +0200
+++ /var/tmp/diff_new_pack.oUl0sm/_new 2019-06-13 22:32:21.924400406 +0200
@@ -35,7 +35,7 @@
%endif
Name: cilium
-Version:1.5.1
+Version:1.5.3
Release:0
Summary:Linux Native, HTTP Aware Networking and Security for Containers
License:Apache-2.0 AND GPL-2.0-or-later
@@ -245,10 +245,10 @@
install -D -m 0644 proxylib/libcilium.h %{buildroot}%{_includedir}/libcilium.h
install -D -m 0644 examples/kubernetes/1.14/cilium-crio.yaml
%{buildroot}%{_datadir}/k8s-yaml/cilium/cilium.yaml
sed -i \
--e 's|image: docker.io/cilium/cilium:.*|image:
registry.opensuse.org/devel/kubic/containers/container/kubic/cilium:%{version}|g'
\
--e 's|image: docker.io/cilium/cilium-init:.*|image:
registry.opensuse.org/devel/kubic/containers/container/kubic/cilium-init:%{version}|g'
\
--e 's|image: docker.io/cilium/operator:.*|image:
registry.opensuse.org/devel/kubic/containers/container/kubic/cilium-operator:%{version}|g'
\
--e 's|image: docker.io/cilium/cilium-etcd-operator:.*|image:
registry.opensuse.org/devel/kubic/containers/container/kubic/cilium-etcd-operator:2.0|g'
\
+-e 's|image: docker.io/cilium/cilium:.*|image:
registry.opensuse.org/kubic/cilium:%{version}|g' \
+-e 's|image: docker.io/cilium/cilium-init:.*|image:
registry.opensuse.org/kubic/cilium-init:%{version}|g' \
+-e 's|image: docker.io/cilium/operator:.*|image:
registry.opensuse.org/kubic/cilium-operator:%{version}|g' \
+-e 's|image: docker.io/cilium/cilium-etcd-operator:.*|image:
registry.opensuse.org/kubic/cilium-etcd-operator:2.0|g' \
-e 's|/init-container.sh|cilium-init|g' \
-e 's|/cni-install.sh|cilium-cni-install|g' \
-e 's|/cni-uninstall.sh|cilium-cni-uninstall|g' \
++ cilium-1.5.1.tar.gz -> cilium-1.5.3.tar.gz ++
/work/SRC/openSUSE:Factory/cilium/cilium-1.5.1.tar.gz
/work/SRC/openSUSE:Factory/.cilium.new.4811/cilium-1.5.3.tar.gz differ: char
12, line 1
commit cilium for openSUSE:Factory
Hello community,
here is the log from the commit of package cilium for openSUSE:Factory checked
in at 2019-06-05 11:38:41
Comparing /work/SRC/openSUSE:Factory/cilium (Old)
and /work/SRC/openSUSE:Factory/.cilium.new.5148 (New)
Package is "cilium"
Wed Jun 5 11:38:41 2019 rev:15 rq:707163 version:1.5.1
Changes:
--- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-05-25
13:21:18.200312725 +0200
+++ /work/SRC/openSUSE:Factory/.cilium.new.5148/cilium.changes 2019-06-05
11:38:44.791081632 +0200
@@ -1,0 +2,5 @@
+Mon Jun 3 13:34:10 CEST 2019 - n...@suse.de
+
+- Add cniVersion in cilium cni config
+
+---
Other differences:
--
++ cilium.spec ++
--- /var/tmp/diff_new_pack.wxHBUk/_old 2019-06-05 11:38:45.939081485 +0200
+++ /var/tmp/diff_new_pack.wxHBUk/_new 2019-06-05 11:38:45.943081484 +0200
@@ -260,6 +260,10 @@
mv %{buildroot}%{_sysconfdir}/cni/net.d/05-cilium-cni.conf
%{buildroot}%{_sysconfdir}/cni/net.d/10-cilium-cni.conf
+#TODO removed after https://github.com/cilium/cilium/pull/8184
+sed -i '2 i\
+"cniVersion": "0.3.1",'
%{buildroot}%{_sysconfdir}/cni/net.d/10-cilium-cni.conf
+
%pre
getent group cilium >/dev/null || groupadd -r cilium
%service_add_pre cilium-consul.service cilium-etcd.service cilium.service
commit cilium for openSUSE:Factory
Hello community,
here is the log from the commit of package cilium for openSUSE:Factory checked
in at 2019-05-25 13:21:01
Comparing /work/SRC/openSUSE:Factory/cilium (Old)
and /work/SRC/openSUSE:Factory/.cilium.new.5148 (New)
Package is "cilium"
Sat May 25 13:21:01 2019 rev:14 rq:705277 version:1.5.1
Changes:
--- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-05-13
14:50:23.822767138 +0200
+++ /work/SRC/openSUSE:Factory/.cilium.new.5148/cilium.changes 2019-05-25
13:21:18.200312725 +0200
@@ -1,0 +2,67 @@
+Fri May 10 10:20:32 UTC 2019 - Michal Rostecki
+
+- Update to version 1.5.1:
+ * Important Bugfixes:
+* Fix bug where Cilium would refuse to start if ipv6 netfilter
+ modules are unavailable.
+* Warn when iptables modules are not available.
+* Use all labels to restore endpoint identity to correctly
+ filter labels upon restart.
+* Fix cases where multiple bindings are provided to CLI flags.
+ * New Functionality / Enhancements:
+* Add node-init script to automatically restart pods managed by
+ kubenet on GKE
+* Add functionality to enable or disable metrics for specific
+ subsystems
+* bpf syscall metrics are disabled by default for performance
+* Update node, node/status to allow for patch operations in
+ Cilium RBAC
+* Patch, instead of update, node annotations for better
+ performance
+* Annotate node status with NetworkUnavailable as false
+* Performance increase by not allocating any memory when
+ iterating over BPF maps
+* CLI now prints tunnel endpoint for RemoteEndpointInfo
+* Try to register node forever in nodediscovery
+* Remove unused buildqueue package
+ * Minor Bug Fixes:
+* endpoint: do not serialize JSON for EventQueue field
+* Avoid unlocked access of endpoint security identity when
+ calculating what rules select an endpoint
+* Only dump bpf lb list if map exists
+* Fix bug where endpoint state metrics get stuck with nonzero
+ endpoints in restoring state
+* Do not init config when running with --cmdref parameter
+* Improve separation between cilium-agent and cilium CLI
+* Add cilium namespace to fqdn_gc_deletions_total metric
+* Force preallocation for SNAT maps of LRU type
+* Set BPF_F_NO_PREALLOC before comparing maps
+ * Operator:
+* Improve cilium-operator bootstrap sequence (Start health API
+ earlier, add more logging to see where the operator blocks
+ on startup)
+* Add ca-certificates to operator
+ * Documentation:
+* Add upgrade guide from >=1.4.0 to 1.5
+* Mention enable-legacy-services flag in upgrade docs
+* Add k8s 1.14 to supported versions for testing
+* Improve configmap documentation
+* Document how to get started with MicroK8s, and provide example
+ YAMLs
+* Fix typo in encryption algorithm: GMC -> GCM
+* Fix up Ubuntu apt-get install command
+* Minor fixes to AWS EKS and AWS Metadata filtering GSGs
+ * CI:
+* Wait for endpoints to be ready after containers are created,
+ deleted
+* Ensure that `go fmt` check always runs correctly in CI
+* Increase test suite timeouts to allow for cases where tests
+ take longer
+* Do not set enable-legacy-services in v1.4 ConfigMap
+* Update k8s testing versions to v1.11.10 and v1.12.8
+* Make function provided to WithTimeout run asynchronously to
+ avoid test suites getting stuck
+- Add cilium-k8s-yaml package with Kubernetes yaml file to run
+ Cilium containers.
+
+---
Old:
cilium-1.5.0.tar.gz
New:
cilium-1.5.1.tar.gz
cilium-cni-install
cilium-cni-uninstall
Other differences:
--
++ cilium.spec ++
--- /var/tmp/diff_new_pack.nwdBvv/_old 2019-05-25 13:21:19.512312237 +0200
+++ /var/tmp/diff_new_pack.nwdBvv/_new 2019-05-25 13:21:19.516312236 +0200
@@ -35,7 +35,7 @@
%endif
Name: cilium
-Version:1.5.0
+Version:1.5.1
Release:0
Summary:Linux Native, HTTP Aware Networking and Security for Containers
License:Apache-2.0 AND GPL-2.0-or-later
@@ -43,6 +43,8 @@
URL:https://github.com/cilium/cilium
Source0:%{name}-%{version}.tar.gz
Source1:%{name}-rpmlintrc
+Source2:cilium-cni-install
+Source3:cilium-cni-uninstall
BuildRequires: clang
BuildRequires: git
BuildRequires: glibc-devel
@@ -178,6 +180,20 @@
This package contains shared development files for Cilium which are used by
Cilium filters in Envoy.
+%package k8s-yaml
+Summary:Kubernetes yaml file to run Cilium containers
+Group: System/Management
+BuildArch: noarch
+
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2019-05-13 14:50:22 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.5148 (New) Package is "cilium" Mon May 13 14:50:22 2019 rev:13 rq:701969 version:1.5.0 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-05-07 23:18:49.720901878 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.5148/cilium.changes 2019-05-13 14:50:23.822767138 +0200 @@ -1,0 +2,5 @@ +Fri May 10 12:02:55 CEST 2019 - n...@suse.de + +- Add missing gzip package, cilium does zgrep of /proc/config.gz + +--- Other differences: -- ++ cilium.spec ++ --- /var/tmp/diff_new_pack.RKu7uO/_old 2019-05-13 14:50:24.754769486 +0200 +++ /var/tmp/diff_new_pack.RKu7uO/_new 2019-05-13 14:50:24.758769496 +0200 @@ -79,6 +79,7 @@ # defining few rules which redirect the traffic from kube-proxy to cilium. Then # cilium replaces some of kube-proxy functionality, using BPF programs. So, in # fact, cilium uses few iptables rules to prevent iptables usage. :) +Requires: gzip Requires: iptables Requires: llvm Requires: protobuf-c
commit cilium for openSUSE:Factory
Hello community,
here is the log from the commit of package cilium for openSUSE:Factory checked
in at 2019-05-07 23:18:45
Comparing /work/SRC/openSUSE:Factory/cilium (Old)
and /work/SRC/openSUSE:Factory/.cilium.new.5148 (New)
Package is "cilium"
Tue May 7 23:18:45 2019 rev:12 rq:701130 version:1.5.0
Changes:
--- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-04-18
13:58:24.119994759 +0200
+++ /work/SRC/openSUSE:Factory/.cilium.new.5148/cilium.changes 2019-05-07
23:18:49.720901878 +0200
@@ -1,0 +2,14 @@
+Mon May 06 13:53:28 UTC 2019 - Michal Rostecki
+
+- Update to version 1.5.0:
+ * BPF programs templating which alows to inject information into
+ELF files instead of compiling separate programs with separate
+data for each endpoint.
+ * BPF-based masquerading support - a native BPF-based SNAT
+engine.
+ * Optimizations for policy engine and load balancer.
+- Remove patches which are accepted upstream:
+ * cilium-allow-to-add-extra-go-build-flags.patch
+ * cilium-allow-to-specify-cni-install-dirs.patch
+
+---
Old:
cilium-1.4.2.tar.gz
cilium-allow-to-add-extra-go-build-flags.patch
cilium-allow-to-specify-cni-install-dirs.patch
New:
cilium-1.5.0.tar.gz
Other differences:
--
++ cilium.spec ++
--- /var/tmp/diff_new_pack.TwqGz0/_old 2019-05-07 23:18:50.408903323 +0200
+++ /var/tmp/diff_new_pack.TwqGz0/_new 2019-05-07 23:18:50.412903331 +0200
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -35,7 +35,7 @@
%endif
Name: cilium
-Version:1.4.2
+Version:1.5.0
Release:0
Summary:Linux Native, HTTP Aware Networking and Security for Containers
License:Apache-2.0 AND GPL-2.0-or-later
@@ -43,8 +43,6 @@
URL:https://github.com/cilium/cilium
Source0:%{name}-%{version}.tar.gz
Source1:%{name}-rpmlintrc
-Patch0: cilium-allow-to-add-extra-go-build-flags.patch
-Patch1: cilium-allow-to-specify-cni-install-dirs.patch
BuildRequires: clang
BuildRequires: git
BuildRequires: glibc-devel
@@ -61,7 +59,7 @@
BuildRequires: protobuf-devel
BuildRequires: shadow
BuildRequires: unzip
-BuildRequires: golang(API) = 1.10
+BuildRequires: golang(API) >= 1.10
Requires: awk
Requires: binutils
# clang and glibc headers are needed as runtime dependencies for compiling BPF
@@ -181,8 +179,6 @@
%prep
%setup -q
-%patch0 -p1
-%patch1 -p1
%build
%goprep %{provider_prefix}
@@ -287,6 +283,7 @@
%{_sbindir}/rccilium-etcd
%{_sbindir}/rccilium
%{_bindir}/cilium
+%{_bindir}/cilium-align-checker
%{_bindir}/cilium-agent
%{_bindir}/cilium-bugtool
%{_bindir}/cilium-health
++ _service ++
--- /var/tmp/diff_new_pack.TwqGz0/_old 2019-05-07 23:18:50.432903373 +0200
+++ /var/tmp/diff_new_pack.TwqGz0/_new 2019-05-07 23:18:50.436903381 +0200
@@ -4,7 +4,7 @@
git
.git
@PARENT_TAG@
-refs/tags/v1.4.2
+refs/tags/v1.5.0
cilium
enable
++ _servicedata ++
--- /var/tmp/diff_new_pack.TwqGz0/_old 2019-05-07 23:18:50.460903432 +0200
+++ /var/tmp/diff_new_pack.TwqGz0/_new 2019-05-07 23:18:50.460903432 +0200
@@ -1,4 +1,4 @@
https://github.com/cilium/cilium
- e593a077c06eb9c228676467c1ca14d21f0f15b0
\ No newline at end of file
+ e47b37c3a49fa27313d1d7afbc65544dfcf4c457
\ No newline at end of file
++ cilium-1.4.2.tar.gz -> cilium-1.5.0.tar.gz ++
/work/SRC/openSUSE:Factory/cilium/cilium-1.4.2.tar.gz
/work/SRC/openSUSE:Factory/.cilium.new.5148/cilium-1.5.0.tar.gz differ: char
14, line 1
commit cilium for openSUSE:Factory
Hello community,
here is the log from the commit of package cilium for openSUSE:Factory checked
in at 2019-04-18 13:58:20
Comparing /work/SRC/openSUSE:Factory/cilium (Old)
and /work/SRC/openSUSE:Factory/.cilium.new.5536 (New)
Package is "cilium"
Thu Apr 18 13:58:20 2019 rev:11 rq:694802 version:1.4.2
Changes:
--- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-03-12
09:55:30.523513015 +0100
+++ /work/SRC/openSUSE:Factory/.cilium.new.5536/cilium.changes 2019-04-18
13:58:24.119994759 +0200
@@ -1,0 +2,102 @@
+Tue Apr 16 12:53:38 UTC 2019 - Michal Rostecki
+
+- Add cilium-operator package which provides the Kubernetes
+ operator that does garbage collector work for Cilium.
+- Do not require cilium and docker in cilium-init package.
+
+---
+Fri Apr 12 10:51:14 UTC 2019 - Michał Rostecki
+
+- Add cilium-init package, which provides the script for Cilium
+ init container.
+
+---
+Fri Mar 29 15:59:38 UTC 2019 - mroste...@opensuse.org
+
+- Update to version 1.4.2:
+ * Prepare for v1.4.2 release
+ * cilium: ipsec, zero cb[0] to avoid incorrectly encrypting
+ * contrib: Update backporting README
+ * contrib: Fix cherry-pick to avoid omitting parts of patch
+ * cilium: push decryption up so we can decrypt even if not endpoint
+ * cilium: populate wildcard src->dst policy for ipsec
+ * daemon: Remove old health EP state dirs in restore
+ * api: Return 500 when API handlers panic.
+ * ipcache: Protect from delete events for alive IP but mismatching key
+ * store: Protect from deletion of local key via kvstore event
+ * test: Wait for cilium to start in runtime provision
+ * contrib: fix extraction of cilium-docker binary
+ * contrib: Update rebase-bindata to use fix-sha.sh
+ * contrib: Add new script to auto-fix bpf.sha
+ * cherry-pick: Print sha when applying patch.
+ * check-stable: Sort PRs by merge date
+ * workloads: Don't spin up receive queue in periodic watcher
+ * workloads: Change watcher interval from 30 seconds to 5 minutes
+ * workloads: Synchroneous handling of container events
+ * endpoints: Add optional callback to WaitForPolicyRevision
+ * daemon: Track policy implementation delay by source
+ * agent: Wait to regenerate restore endpoints until ipcache has been
populated
+ * ipcache: Provide WaitForInitialSync() to wait for kvstore sync
+ * pkg/kvstore: add 15 min TTL for the first session lease
+ * policy: Add missing import error metric calls
+ * endpoint: Fix ENABLE_NAT46 endpoint config validation
+ * endpoint: Fix and quieten endpoint revert logs
+ * test: Get rid of JoinEP flakes
+ * ctmap: Print source addresses in ctmap cli
+ * cilium: fix bailing out on auto-complete when v4/v6 ranges are specified
+ * test: Test upgrade from v1.3 to master
+ * doc: Fix --tofqdns-pre-cache reference
+ * doc: Fix delete pod commend in clustermesh guide
+ * bpf: Enable pipefail option in init.sh
+ * cilium: bpftool included DS reports error on bpf_sockops load
+ * cilium: sockmap remove socket.h dependency
+ * cilium: sockmap, convert BPF_ANY to BPF_NOEXIST
+ * 1: fix when have black hole route container pod CIDR can cause
postIpAMFailure range is full
+ * pkg/kvstore: do not use default instance to create new instance module
+ * bpf: Do not account tx for CT_SERVICE
+ * cilium.io/v2: set DerivativePolicies json to derivativePolicies
+ * fqdn-poller: Ensure monitor events contain all data
+ * ctmap: Fix order of CtKey{4,6} struct fields
+ * release: fix uploadrev script to work with changes made after 1.3
+ * datapath: Fix nil dereference in logging statement
+ * Prepare 1.4.1 release
+ * k8s/utils: wrap kubernetes controller with ControllerSyncer
+ * k8s/utils: make the ControllerSynced fields public
+ * allocator: Wait until kvstore is connected before allocating global
identities
+ * policy: Fix ipcache synchronization on startup
+ * cilium: ipsec, fix kube-proxy compatability
+ * cilium: ipsec, remove bogus mark set
+ * cilium: ipsec, zero CB_SRC_IDENTITY to ensure we don't incorrectly encrypt
+ * cilium: k8s watcher, push internal Cilium IPs through annotations
+ * policy: Add unit tests for ResolvePolicy() for L7 + ingress wildcards
+ * identity/cache: Allow using GetIdentityCache() without initializing
allocator
+ * Change endpoint policy status map to regular map
+ * Minor disambiguation to 1.4 release/upgrade doc
+ * examples: Fix docker-compose mount points
+ * docs: Add note about triggering builds with net-next
+ * FQDN: Set always a empty ToCIDRSet in case of no entries in cache.
+ * docs: re write k8s setup for ipsec
+ * datapath/linux: log errors for ipsec setup
+ * linux/ipsec: decode ipsec keys from hex
+ * cilium preflight
commit cilium for openSUSE:Factory
Hello community,
here is the log from the commit of package cilium for openSUSE:Factory checked
in at 2019-03-12 09:55:26
Comparing /work/SRC/openSUSE:Factory/cilium (Old)
and /work/SRC/openSUSE:Factory/.cilium.new.28833 (New)
Package is "cilium"
Tue Mar 12 09:55:26 2019 rev:10 rq:683920 version:1.4.0
Changes:
--- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-03-05
12:24:08.644862981 +0100
+++ /work/SRC/openSUSE:Factory/.cilium.new.28833/cilium.changes 2019-03-12
09:55:30.523513015 +0100
@@ -1,0 +2,5 @@
+Mon Mar 11 14:31:04 UTC 2019 - n...@suse.de
+
+- Move cilium-docker files to cilium-cni
+
+---
Other differences:
--
++ cilium.spec ++
--- /var/tmp/diff_new_pack.Ooc6ec/_old 2019-03-12 09:55:31.515512818 +0100
+++ /var/tmp/diff_new_pack.Ooc6ec/_new 2019-03-12 09:55:31.519512817 +0100
@@ -271,15 +271,14 @@
%dir %{_sysconfdir}/cni
%dir %{_sysconfdir}/cni/net.d
%dir %{cni_bin_dir}
+%config(noreplace) %{_sysconfdir}/cni/net.d/10-cilium-cni.conf
+%{cni_bin_dir}/cilium-cni
%files docker
%{_unitdir}/cilium-docker.service
%{_sbindir}/rccilium-docker
%{_bindir}/cilium-docker
-%config(noreplace) %{_sysconfdir}/cni/net.d/10-cilium-cni.conf
-%{cni_bin_dir}/cilium-cni
-
%files -n %{lname}
%{_libdir}/libcilium.so.%{sover}
commit cilium for openSUSE:Factory
Hello community,
here is the log from the commit of package cilium for openSUSE:Factory checked
in at 2019-03-05 12:24:02
Comparing /work/SRC/openSUSE:Factory/cilium (Old)
and /work/SRC/openSUSE:Factory/.cilium.new.28833 (New)
Package is "cilium"
Tue Mar 5 12:24:02 2019 rev:9 rq:681493 version:1.4.0
Changes:
--- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-02-28
21:44:22.657500138 +0100
+++ /work/SRC/openSUSE:Factory/.cilium.new.28833/cilium.changes 2019-03-05
12:24:08.644862981 +0100
@@ -1,0 +2,19 @@
+Mon Mar 4 14:43:27 UTC 2019 - Michał Rostecki
+
+- Add gcc as a runtime dependency. BPF programs need to have libgcc
+ and libgcc_s linked in.
+ https://github.com/cilium/cilium/issues/7273
+
+---
+Mon Mar 4 10:38:19 UTC 2019 - Michał Rostecki
+
+- Provide an explanation why glibc-devel-32bit is needed.
+- Ship cilium-cni and cilium-docker in separate packages.
+
+---
+Fri Mar 1 15:23:36 UTC 2019 - Michał Rostecki
+
+- Add missing runtime dependencies which are needed to execute
+ scripts shipped with Cilium and to compile BPF programs.
+
+---
New:
cilium-rpmlintrc
Other differences:
--
++ cilium.spec ++
--- /var/tmp/diff_new_pack.gtmGJZ/_old 2019-03-05 12:24:09.856862611 +0100
+++ /var/tmp/diff_new_pack.gtmGJZ/_new 2019-03-05 12:24:09.860862610 +0100
@@ -41,12 +41,15 @@
License:Apache-2.0 AND GPL-2.0-or-later
Group: System/Management
URL:https://github.com/cilium/cilium
-Source: %{name}-%{version}.tar.gz
+Source0:%{name}-%{version}.tar.gz
+Source1:%{name}-rpmlintrc
Patch0: cilium-allow-to-add-extra-go-build-flags.patch
Patch1: cilium-allow-to-specify-cni-install-dirs.patch
BuildRequires: clang
BuildRequires: git
BuildRequires: glibc-devel
+# glibc-devel-32bit is needed to compile bpf objects
+# https://github.com/cilium/cilium/issues/368
BuildRequires: glibc-devel-32bit
BuildRequires: golang-github-jteeuwen-go-bindata
BuildRequires: golang-packaging
@@ -59,10 +62,30 @@
BuildRequires: shadow
BuildRequires: unzip
BuildRequires: golang(API) = 1.10
+Requires: awk
+Requires: binutils
+# clang and glibc headers are needed as runtime dependencies for compiling BPF
+# programs by cilium
Requires: clang
+# Although clang is used as a compiler for BPF programs, they need to have
+# libgcc and libgcc_s linked in.
+# https://github.com/cilium/cilium/issues/7273
+Requires: gcc
+Requires: glibc-devel
+# glibc-devel-32bit is needed to compile bpf objects
+# https://github.com/cilium/cilium/issues/368
+Requires: glibc-devel-32bit
+Requires: iproute2
+# Despite the fact that cilium is using BPF programs and aims to replace
+# iptables for container security policies, iptables is still needed for
+# defining few rules which redirect the traffic from kube-proxy to cilium. Then
+# cilium replaces some of kube-proxy functionality, using BPF programs. So, in
+# fact, cilium uses few iptables rules to prevent iptables usage. :)
+Requires: iptables
Requires: llvm
Requires: protobuf-c
Requires: util-linux
+Requires: which
ExclusiveArch: aarch64 x86_64
Requires(post): %fillup_prereq
@@ -72,6 +95,35 @@
services deployed using Linux container management platforms like Docker and
Kubernetes.
+%package cni
+Summary:CNI plugin for Cilium
+Group: System/Management
+Requires: cilium
+Requires: cni
+Requires: cni-plugins
+
+%description cni
+Cilium is a software for providing, and transparently securing, network
+connectivity, and for load-balancing between application containers and
+services deployed using Linux container management platforms like Docker and
+Kubernetes.
+
+This package provides a CNI (Container Network Interface) plugin for Cilium.
+
+%package docker
+Summary:Docker libnetwork plugin for Cilium
+Group: System/Management
+Requires: cilium
+Requires: docker
+
+%description docker
+Cilium is a software for providing, and transparently securing, network
+connectivity, and for load-balancing between application containers and
+services deployed using Linux container management platforms like Docker and
+Kubernetes.
+
+This package provides a Docker libnetwork plugin for Cilium.
+
%package -n %{lname}
Summary:Shared library for Cilium
Group: System/Libraries
@@ -168,51 +220,66 @@
%pre
getent group cilium >/dev/null || groupadd -r cilium
-%service_add_pre cilium-consul.service
commit cilium for openSUSE:Factory
Hello community,
here is the log from the commit of package cilium for openSUSE:Factory checked
in at 2019-02-28 21:44:21
Comparing /work/SRC/openSUSE:Factory/cilium (Old)
and /work/SRC/openSUSE:Factory/.cilium.new.28833 (New)
Package is "cilium"
Thu Feb 28 21:44:21 2019 rev:8 rq:679881 version:1.4.0
Changes:
--- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-02-25
17:59:05.854193698 +0100
+++ /work/SRC/openSUSE:Factory/.cilium.new.28833/cilium.changes 2019-02-28
21:44:22.657500138 +0100
@@ -1,0 +2,19 @@
+Wed Feb 27 15:52:38 UTC 2019 - n...@suse.de
+
+- Fix license. BPF code templates are licensed under GPLv2 while
+ the rest is under Apache License, v2
+ (see https://github.com/cilium/cilium#license)
+
+ Cilium (the component licensed on Apache 2.0, written in Go) does
+ two things with BPF program sources (licensed on GPL-2.0):
+
+ * it executes llvm/clang to compile BPF program sources to object
+files
+ * it executes tc (a utility which is a part of iproute2) to load
+object files into the kernel
+
+ So, Cilium as a Go program only does execv calls on external
+ utilities (llvm and iproute2) to perform some actions on BPF
+ program sources and objects.
+
+---
Other differences:
--
++ cilium.spec ++
--- /var/tmp/diff_new_pack.Ov1gBD/_old 2019-02-28 21:44:23.761499666 +0100
+++ /var/tmp/diff_new_pack.Ov1gBD/_new 2019-02-28 21:44:23.761499666 +0100
@@ -38,7 +38,7 @@
Version:1.4.0
Release:0
Summary:Linux Native, HTTP Aware Networking and Security for Containers
-License:Apache-2.0 AND GPL-2.0-only
+License:Apache-2.0 AND GPL-2.0-or-later
Group: System/Management
URL:https://github.com/cilium/cilium
Source: %{name}-%{version}.tar.gz
commit cilium for openSUSE:Factory
Hello community,
here is the log from the commit of package cilium for openSUSE:Factory checked
in at 2019-02-25 17:59:01
Comparing /work/SRC/openSUSE:Factory/cilium (Old)
and /work/SRC/openSUSE:Factory/.cilium.new.28833 (New)
Package is "cilium"
Mon Feb 25 17:59:01 2019 rev:7 rq:678871 version:1.4.0
Changes:
--- /work/SRC/openSUSE:Factory/cilium/cilium.changes2019-02-24
17:09:37.532520076 +0100
+++ /work/SRC/openSUSE:Factory/.cilium.new.28833/cilium.changes 2019-02-25
17:59:05.854193698 +0100
@@ -1,0 +2,5 @@
+Mon Feb 25 09:56:48 CET 2019 - n...@suse.de
+
+- Add missing GPL2 License for eBPF source codes
+
+---
Other differences:
--
++ cilium.spec ++
--- /var/tmp/diff_new_pack.elc7pM/_old 2019-02-25 17:59:07.118192463 +0100
+++ /var/tmp/diff_new_pack.elc7pM/_new 2019-02-25 17:59:07.122192459 +0100
@@ -38,7 +38,7 @@
Version:1.4.0
Release:0
Summary:Linux Native, HTTP Aware Networking and Security for Containers
-License:Apache-2.0
+License:Apache-2.0 AND GPL-2.0-only
Group: System/Management
URL:https://github.com/cilium/cilium
Source: %{name}-%{version}.tar.gz
commit cilium for openSUSE:Factory
Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2019-02-24 17:09:29 Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.28833 (New) Package is "cilium" Sun Feb 24 17:09:29 2019 rev:6 rq:674486 version:1.4.0 Changes: --- /work/SRC/openSUSE:Factory/cilium/cilium.changes2018-09-04 22:58:12.281417533 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.28833/cilium.changes 2019-02-24 17:09:37.532520076 +0100 @@ -1,0 +2,91 @@ +Wed Feb 13 10:09:55 UTC 2019 - Michał Rostecki + +- Update to version 1.4.0: + * doc: Fix key generation for encryption + * doc: Add validation and troubleshooting section to encryption +GSG + * datapath: Report IPsec route installation errors + * datapath: Fix IPsec with IPv4 or IPv6 disabled + * docs: Add ipvlan-based datapath limitations and requirements + * doc, configmap: add missing entries + * examples/kubernetes: Add tofqdns-enable-poller option + * doc: Minor update to encryption guide + * cilium: transparent encryption with ipsec getting started docs + * Note about apiserver outside of cluster +- Add upstream patch which allows to set additional `go build` + flags + * cilium-allow-to-add-extra-go-build-flags.patch +- Add upstream patch which allows to specify installation + directories for CNI files + * cilium-allow-to-specify-cni-install-dirs.patch +- Make use of golang-packaging macros. +- Add rc* symlinks. + +--- +Thu Feb 7 12:46:51 UTC 2019 - Michał Rostecki + +- Run code checkers/linters only on openSUSE Tumbleweed. + +--- +Wed Feb 6 14:30:47 UTC 2019 - Michał Rostecki + +- Add devel package which contains a header and .so file. +- Improve descriptions of all packages. +- Set BINDIR, DESTDIR and LIBDIR variables properly instead of + manual installation of files in those destinations. +- Install bash completion script. +- Execute ldconfig in post and postun phases of the lib package. +- Fix Source attribute. + +--- +Tue Feb 5 17:44:40 CET 2019 - n...@suse.de + +- Updated to 1.4-rc7 + *pkg/datapath/ipcache: stop leaking FD + *pkg/fqdn: make any operation in the sourceRuleCopy + *daemon: change policyAdd message type from Info to Debug for dns policies + *pkg/endpoint: do not leak go routines if endpoint is disconnected + *pkg/endpoint: ignore negative time durations in metrics + *Endpoint: set a new context per endpoint regeneration + *endpoint: revert endpoint BPF config map update if regenerateBPF fails + *bpf: pin endpoint configuration map + *endpoint: Unlock endpoint to prevent deadlocks. + *daemon: Allow releasing builder while waiting for proxy ACKs + *endpoint: Make regenaration timeout greater than ExecTimeout + *endpoint: Eliminate ExecTimeout, ctx. + *daemon: Use sync.Once, rewamp comments. + *bpf: Fix node-port access to l7 proxy + *bpf: Templatize endpoint configuration + *maps: Add BPFConfigMap for endpoint configuration + *endpoint: Support dynamic BPF configuration + *bpf: Relax verifier in IPv6 drop case + *bpf: Fix tcp flag access + *bpf: Don't reset TCP timer on final ACK + *cilium: spelling: sha is an acronym replace with SHA + *bpf: Provide more specific drop reasons + *proxylib: Update proxylib.h with go 1.11 + *agent: Fix invalid printf style invocations + *gitignore: Ingore cilium-ring-dump binary + *lbmap: Retrieve service ID when dumping BPF map + *service: Restore service IDs before connecting to Kubernetes apiserver + *service: Restore bpfservie cache on startup + *lbmap: Add unit test for getBackends() + *idpool: Factor out IDPool from allocator into package for reuse + *idpool: Fix leaseAvailableID() and slice out of bounds + *node: Don't insert own node into tunnel map + *bpf: Avoid routing loops for former local endpoint IPs + *test: Use cilium-etcd-operator + *clustermesh: Fix race when shutting down clustermesh + *clustermesh: Wait for controllers to be shutdown when closing + *cni: Synchroneous pod label retrieval on CNI add + *identity: Block createEndpoint() while identity is being resolved + *bpf: Remove source MAC address validation + *bpf: Remove destination MAC address verification + *agent: Ignore IPV4_GATEWAY=0x0 when restoring + - details changelogs are in https://github.com/cilium/cilium/projects/11 +- disable bash completion +- added a new package libcilium1 +- build with go1.10(need fix for cgo alignchecker issue) + + +--- Old: v1.2.1.tar.gz New: _service _servicedata cilium-1.4.0.tar.gz
commit cilium for openSUSE:Factory
Hello community,
here is the log from the commit of package cilium for openSUSE:Factory checked
in at 2018-09-04 22:58:05
Comparing /work/SRC/openSUSE:Factory/cilium (Old)
and /work/SRC/openSUSE:Factory/.cilium.new (New)
Package is "cilium"
Tue Sep 4 22:58:05 2018 rev:5 rq:633038 version:1.2.1
Changes:
--- /work/SRC/openSUSE:Factory/cilium/cilium.changes2018-08-24
17:00:35.869822000 +0200
+++ /work/SRC/openSUSE:Factory/.cilium.new/cilium.changes 2018-09-04
22:58:12.281417533 +0200
@@ -1,0 +2,31 @@
+Tue Sep 4 15:58:32 CEST 2018 - n...@suse.de
+
+- change 00-cilium-cni.conf -> 10-cilium-cni.conf to keep sync with salt
+
+---
+Mon Sep 3 14:06:13 CEST 2018 - n...@suse.de
+
+- Use proper bash-completion dir
+- Updated to 1.2.1
+ *docker, bpf: add iproute2 version which works around missing af_alg
+ *docker, bpf: add bpftool for debugging and introspection
+ *test/k8sT: use specific commit for cilium/star-wars-demo YAMLs
+ *pkg/k8s: properly handle empty NamespaceSelector
+ *lxcmap: Improve error messages in DeleteElement()
+ *lxcmap: Fix always returning an error on delete
+ *ctmap: Mark IPv6 CT GC as completed on success
+ *endpoint: Fix endpoint regeneration failure metric
+ *Block locked code in TriggerPolicyUpdates
+ *Ignore non-existing link error in cni del
+ *fqdn: Strip toCIDRSet rules to be more resilient
+ *fqdn: Use UUIDs to manage rules
+ *fqdn: Inject IPs on initial rule insert
+ *xds: Ignore completion timeouts on resource upsert and delete
+ *endpoint: Log when BPF regeneration times out not because of Envoy
+ *endpoint: In BPF regeneration, create/remove listeners early
+ *doc: Restructure and simplify upgrade guide
+ *doc: Restructure installation guides
+ *doc: AWS EKS installation guide
+ *identity: Wait for initial set of security identities before restoring
endpoints
+
+---
Old:
v1.2.0-rc1.tar.gz
New:
v1.2.1.tar.gz
Other differences:
--
++ cilium.spec ++
--- /var/tmp/diff_new_pack.vN9IPA/_old 2018-09-04 22:58:13.425421434 +0200
+++ /var/tmp/diff_new_pack.vN9IPA/_new 2018-09-04 22:58:13.429421447 +0200
@@ -30,13 +30,13 @@
%endif
Name: cilium
-Version:1.2.0~rc1
+Version:1.2.1
Release:0
Summary:Linux Native, HTTP Aware Networking and Security for Containers
License:Apache-2.0
Group: System/Management
URL:https://github.com/cilium/cilium
-Source0:https://github.com/cilium/cilium/archive/v1.2.0-rc1.tar.gz
+Source0:https://github.com/cilium/cilium/archive/v%{version}.tar.gz
BuildRequires: clang
BuildRequires: git
BuildRequires: glibc-devel
@@ -62,19 +62,19 @@
Kubernetes.
%prep
-mkdir -p %{name}-1.2.0-rc1/src/github.com/cilium/%{name}
-tar -zxf %{SOURCE0} --strip-components=1 -C
%{name}-1.2.0-rc1/src/github.com/cilium/%{name}
+mkdir -p %{name}-%{version}/src/github.com/cilium/%{name}
+tar -zxf %{SOURCE0} --strip-components=1 -C
%{name}-%{version}/src/github.com/cilium/%{name}
%build
-export GOPATH=$(pwd)/%{name}-1.2.0-rc1
+export GOPATH=$(pwd)/%{name}-%{version}
export CILIUM_DISABLE_ENVOY_BUILD=1
-cd %{name}-1.2.0-rc1/src/github.com/cilium/%{name}
+cd %{name}-%{version}/src/github.com/cilium/%{name}
sed -i '/groupadd /s/^/#/' daemon/Makefile
make precheck
make build
%install
-cd %{name}-1.2.0-rc1/src/github.com/cilium/%{name}
+cd %{name}-%{version}/src/github.com/cilium/%{name}
%make_install
for service in cilium cilium-docker cilium-etcd cilium-consul; do
@@ -83,10 +83,14 @@
done
install -D -m 0644 contrib/systemd/cilium
%{buildroot}%{_fillupdir}/sysconfig.cilium
-install -D -m 0644 plugins/cilium-cni/00-cilium-cni.conf
%{buildroot}%{_sysconfdir}/cni/net.d/
+install -D -m 0644 plugins/cilium-cni/00-cilium-cni.conf
%{buildroot}%{_sysconfdir}/cni/net.d/10-cilium-cni.conf
install -D %{buildroot}/opt/cni/bin/cilium-cni
"%{buildroot}%{cni_bin_dir}/cilium-cni"
+mkdir -p %{buildroot}/usr/share/bash-completion/completions/
+install -D %{buildroot}%{_sysconfdir}/bash_completion.d/cilium
%{buildroot}/usr/share/bash-completion/completions/
rm %{buildroot}/opt/cni/bin/cilium-cni
+rm %{buildroot}%{_sysconfdir}/bash_completion.d/cilium
+rm %{buildroot}/etc/cni/net.d/00-cilium-cni.conf
%pre
getent group cilium >/dev/null || groupadd -r cilium
@@ -108,8 +112,8 @@
%dir %{_sysconfdir}/cni/net.d
%dir %{cni_bin_dir}
-%{_sysconfdir}/bash_completion.d/cilium
-%config(noreplace) %{_sysconfdir}/cni/net.d/00-cilium-cni.conf
+/usr/share/bash-completion/completions/cilium
+%config(noreplace) %{_sysconfdir}/cni/net.d/10-cilium-cni.conf
commit cilium for openSUSE:Factory
Hello community,
here is the log from the commit of package cilium for openSUSE:Factory checked
in at 2018-08-24 17:00:15
Comparing /work/SRC/openSUSE:Factory/cilium (Old)
and /work/SRC/openSUSE:Factory/.cilium.new (New)
Package is "cilium"
Fri Aug 24 17:00:15 2018 rev:4 rq:628056 version:1.2.0~rc1
Changes:
--- /work/SRC/openSUSE:Factory/cilium/cilium.changes2018-06-05
12:53:08.245141701 +0200
+++ /work/SRC/openSUSE:Factory/.cilium.new/cilium.changes 2018-08-24
17:00:35.869822000 +0200
@@ -1,0 +2,10 @@
+Wed Aug 8 12:06:50 CEST 2018 - n...@suse.de
+
+- Updated to 1.2.0-rc1
+ * Inter cluster service routing
+ * BPF based flow aggregation
+ * BGP with kube-router
+ more at https://github.com/cilium/cilium/releases/tag/v1.2.0-rc1
+- Add cilium group
+
+---
Old:
v1.0.0.tar.gz
New:
v1.2.0-rc1.tar.gz
Other differences:
--
++ cilium.spec ++
--- /var/tmp/diff_new_pack.WynLA1/_old 2018-08-24 17:00:36.873823189 +0200
+++ /var/tmp/diff_new_pack.WynLA1/_new 2018-08-24 17:00:36.877823193 +0200
@@ -30,13 +30,13 @@
%endif
Name: cilium
-Version:1.0.0
+Version:1.2.0~rc1
Release:0
Summary:Linux Native, HTTP Aware Networking and Security for Containers
License:Apache-2.0
Group: System/Management
URL:https://github.com/cilium/cilium
-Source0:https://github.com/cilium/cilium/archive/v%{version}.tar.gz
+Source0:https://github.com/cilium/cilium/archive/v1.2.0-rc1.tar.gz
BuildRequires: clang
BuildRequires: git
BuildRequires: glibc-devel
@@ -62,19 +62,19 @@
Kubernetes.
%prep
-mkdir -p %{name}-%{version}/src/github.com/cilium/%{name}
-tar -zxf %{SOURCE0} --strip-components=1 -C
%{name}-%{version}/src/github.com/cilium/%{name}
+mkdir -p %{name}-1.2.0-rc1/src/github.com/cilium/%{name}
+tar -zxf %{SOURCE0} --strip-components=1 -C
%{name}-1.2.0-rc1/src/github.com/cilium/%{name}
%build
-export GOPATH=$(pwd)/%{name}-%{version}
+export GOPATH=$(pwd)/%{name}-1.2.0-rc1
export CILIUM_DISABLE_ENVOY_BUILD=1
-cd %{name}-%{version}/src/github.com/cilium/%{name}
+cd %{name}-1.2.0-rc1/src/github.com/cilium/%{name}
sed -i '/groupadd /s/^/#/' daemon/Makefile
make precheck
make build
%install
-cd %{name}-%{version}/src/github.com/cilium/%{name}
+cd %{name}-1.2.0-rc1/src/github.com/cilium/%{name}
%make_install
for service in cilium cilium-docker cilium-etcd cilium-consul; do
@@ -83,12 +83,13 @@
done
install -D -m 0644 contrib/systemd/cilium
%{buildroot}%{_fillupdir}/sysconfig.cilium
-install -D -m 0644 plugins/cilium-cni/10-cilium-cni.conf
%{buildroot}%{_sysconfdir}/cni/net.d/
+install -D -m 0644 plugins/cilium-cni/00-cilium-cni.conf
%{buildroot}%{_sysconfdir}/cni/net.d/
install -D %{buildroot}/opt/cni/bin/cilium-cni
"%{buildroot}%{cni_bin_dir}/cilium-cni"
rm %{buildroot}/opt/cni/bin/cilium-cni
%pre
+getent group cilium >/dev/null || groupadd -r cilium
%service_add_pre cilium-consul.service cilium-docker.service
cilium-etcd.service cilium.service
%post
@@ -108,7 +109,7 @@
%dir %{cni_bin_dir}
%{_sysconfdir}/bash_completion.d/cilium
-%config(noreplace) %{_sysconfdir}/cni/net.d/10-cilium-cni.conf
+%config(noreplace) %{_sysconfdir}/cni/net.d/00-cilium-cni.conf
%{_fillupdir}/sysconfig.cilium
%{_usr}/lib/systemd/system/cilium-consul.service
%{_usr}/lib/systemd/system/cilium-docker.service
@@ -122,6 +123,6 @@
%{_bindir}/cilium-health
%{_bindir}/cilium-bugtool
%{cni_bin_dir}/cilium-cni
-%license %{name}-%{version}/src/github.com/cilium/cilium/LICENSE
+%license %{name}-1.2.0-rc1/src/github.com/cilium/cilium/LICENSE
%changelog
commit cilium for openSUSE:Factory
Hello community,
here is the log from the commit of package cilium for openSUSE:Factory checked
in at 2018-06-05 12:53:07
Comparing /work/SRC/openSUSE:Factory/cilium (Old)
and /work/SRC/openSUSE:Factory/.cilium.new (New)
Package is "cilium"
Tue Jun 5 12:53:07 2018 rev:3 rq:614037 version:1.0.0
Changes:
--- /work/SRC/openSUSE:Factory/cilium/cilium.changes2018-04-26
13:38:42.502591327 +0200
+++ /work/SRC/openSUSE:Factory/.cilium.new/cilium.changes 2018-06-05
12:53:08.245141701 +0200
@@ -1,0 +2,10 @@
+Mon Jun 4 16:04:59 UTC 2018 - dcass...@suse.com
+
+- Refactor %license usage to simpler form
+
+---
+Mon Jun 4 09:50:42 UTC 2018 - dcass...@suse.com
+
+- Make use of %license macro
+
+---
Other differences:
--
++ cilium.spec ++
--- /var/tmp/diff_new_pack.zRfzxc/_old 2018-06-05 12:53:08.933116503 +0200
+++ /var/tmp/diff_new_pack.zRfzxc/_new 2018-06-05 12:53:08.937116357 +0200
@@ -122,5 +122,6 @@
%{_bindir}/cilium-health
%{_bindir}/cilium-bugtool
%{cni_bin_dir}/cilium-cni
+%license %{name}-%{version}/src/github.com/cilium/cilium/LICENSE
%changelog
commit cilium for openSUSE:Factory
Hello community,
here is the log from the commit of package cilium for openSUSE:Factory checked
in at 2018-04-26 13:38:38
Comparing /work/SRC/openSUSE:Factory/cilium (Old)
and /work/SRC/openSUSE:Factory/.cilium.new (New)
Package is "cilium"
Thu Apr 26 13:38:38 2018 rev:2 rq:601000 version:1.0.0
Changes:
--- /work/SRC/openSUSE:Factory/cilium/cilium.changes2018-04-24
15:33:08.022212857 +0200
+++ /work/SRC/openSUSE:Factory/.cilium.new/cilium.changes 2018-04-26
13:38:42.502591327 +0200
@@ -1,0 +2,11 @@
+Wed Apr 25 10:54:45 CEST 2018 - n...@suse.de
+
+- Updated to v1.0.0
+ Bugfixes Changes:
+*etcd: Clear the etcd status error when connectivity is OK (3824,
@rlenglet)
+*ipcache: Fix ipcache deletion of old identities on update (3865,
@rlenglet)
+*bpf: Fix tracing message for egress policy (3806, @joestringer)
+[- envoy-optional.patch]
+- use url for source
+
+---
Old:
cilium-1.0.0-rc10.tar.gz
envoy-optional.patch
New:
v1.0.0.tar.gz
Other differences:
--
++ cilium.spec ++
--- /var/tmp/diff_new_pack.IMMjAA/_old 2018-04-26 13:38:43.558552623 +0200
+++ /var/tmp/diff_new_pack.IMMjAA/_new 2018-04-26 13:38:43.562552476 +0200
@@ -30,14 +30,13 @@
%endif
Name: cilium
-Version:1.0.0~rc10
+Version:1.0.0
Release:0
Summary:Linux Native, HTTP Aware Networking and Security for Containers
License:Apache-2.0
Group: System/Management
URL:https://github.com/cilium/cilium
-Source0:cilium-1.0.0-rc10.tar.gz
-Patch0: envoy-optional.patch
+Source0:https://github.com/cilium/cilium/archive/v%{version}.tar.gz
BuildRequires: clang
BuildRequires: git
BuildRequires: glibc-devel
@@ -65,7 +64,6 @@
%prep
mkdir -p %{name}-%{version}/src/github.com/cilium/%{name}
tar -zxf %{SOURCE0} --strip-components=1 -C
%{name}-%{version}/src/github.com/cilium/%{name}
-patch -p1 -d %{name}-%{version}/src/github.com/cilium/%{name} < %{PATCH0}
%build
export GOPATH=$(pwd)/%{name}-%{version}
