cilium / cilium / 12000
39%

DEFAULT BRANCH: master
Ran
Jobs 1
Files 445
Run time 36s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 45.922% (+0.004%) from 45.918%
12000

push

travis-ci-com

jrfastab 
cilium: fix disconnects on operator restarts when using ipsec

As reported by Laurent:

"
We noticed that on container restarts established TCP connections were
disconnected (under load). After some investigation we noticed these
events on the agent for all nodes:

- Received key update via kvstore with invalid EncryptionKey:0
- a few minutes later Received key update via kvstore with valid
  EncryptionKey:x

After looking into the code, it seems that on operator restart the node
Informer will add all nodes to the kvstore based on the k8s-node resource
which does not have the EncryptionKey info and will set it to 0. Watches
on the agents will then update the ipsec configuration and create the
issue. After a while, the agents update their kvstore resource to the the
good value and traffic can flow again (I haven't checked but I assume
there is a reconcile loop in the agents).
"

Andre suggest only updating the EncryptionState from NodeUpdated if a
valid key is provided. Its not valid to both have encryption enabled
and specify the null key for example. However, for rolling updates
disabling encryption we may have a state where locally encryption
is enabled but the remote node is disabling encryption, signaled by
sending a null encryption key.

So instead of checking in NodeUpdated lets push key into K8s annotation
then we can read it out correctly when an event is received and push
down stack to configure datapath correctly. This adds the new K8s
annotation CiliumEncryptionKey, ".network.encryption-key"

Fixes: 500fb2b5cd3e6 ("node: Discover other nodes based on CiliumNode custom resource")
Reported-by: Laurent Bernaille <laurent.bernaille@datadoghq.com>
Suggested-by: Andre Martins <andre@cilium.io>
Signed-off-by: John Fastabend <john.fastabend@gmail.com>

26344 of 57367 relevant lines covered (45.92%)

1932.38 hits per line

Jobs
ID Job ID Ran Files Coverage
1 12000.1 0
45.92
 Travis Job 12000.1
Source Files on build 12000
Detailed source file information is not available for this build.