diff --git a/go.mod b/go.mod index 0f1260f4cb..2458bc526a 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ replace ( require ( github.com/blang/semver/v4 v4.0.0 github.com/cilium/charts v0.0.0-20240711191516-3eef29895257 - github.com/cilium/cilium v1.16.0-rc.1 + github.com/cilium/cilium v1.16.0-rc.2 github.com/cilium/workerpool v1.2.0 github.com/cloudflare/cfssl v1.6.5 github.com/go-openapi/strfmt v0.23.0 diff --git a/go.sum b/go.sum index 9c81085827..da4e31883e 100644 --- a/go.sum +++ b/go.sum @@ -70,8 +70,8 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/cilium/charts v0.0.0-20240711191516-3eef29895257 h1:F82VLTKZvi3Ds7SDDILKeM1HI5vnuP0tuImVKU5TdkU= github.com/cilium/charts v0.0.0-20240711191516-3eef29895257/go.mod h1:M3C9VOlFvRzuV+a01t07Tw4uFLSfkCH3L542IWjf6BU= -github.com/cilium/cilium v1.16.0-rc.1 h1:OxK4SD3jyEQcjSNrNMeADQQ1sb0gO0hy+eXO+8wYPgM= -github.com/cilium/cilium v1.16.0-rc.1/go.mod h1:u/Hggj4kmmYtLvZ+wG2nppabk7wpAFn09Sm+Bo1kGvo= +github.com/cilium/cilium v1.16.0-rc.2 h1:XLF4jebCI0/joV1Ma1+cdiGaokFB0VYLsEgS165I+W4= +github.com/cilium/cilium v1.16.0-rc.2/go.mod h1:u/Hggj4kmmYtLvZ+wG2nppabk7wpAFn09Sm+Bo1kGvo= github.com/cilium/ebpf v0.15.0 h1:7NxJhNiBT3NG8pZJ3c+yfrVdHY8ScgKD27sScgjLMMk= github.com/cilium/ebpf v0.15.0/go.mod h1:DHp1WyrLeiBh19Cf/tfiSMhqheEiK8fXFZ4No0P1Hso= github.com/cilium/hive v0.0.0-20240529072208-d997f86e4219 h1:iX4v9lg63iTv8x8MWUMVbeWqtAGcV6yh/w3Zp9sP3ME= diff --git a/vendor/github.com/cilium/cilium/AUTHORS b/vendor/github.com/cilium/cilium/AUTHORS index bc1245eef0..bda0410317 100644 --- a/vendor/github.com/cilium/cilium/AUTHORS +++ b/vendor/github.com/cilium/cilium/AUTHORS @@ -73,6 +73,7 @@ Anton Tykhyy atykhyy@gmail.com Anubhab Majumdar anmajumdar@microsoft.com Anurag Aggarwal anurag.aggarwal@flipkart.com Archana Shinde archana.m.shinde@intel.com +Archer Wu archerwu9425@icloud.com Ardika Bagus me@ardikabs.com Arika Chen eaglesora@gmail.com Arnaud Meukam ameukam@gmail.com @@ -126,6 +127,7 @@ Carlos Castro carlos.castro@jumo.world Carson Anderson carson.anderson@goteleport.com Carson Yang yangchuansheng33@gmail.com Casey Callendrello cdc@isovalent.com +cdtzabra 22188574+cdtzabra@users.noreply.github.com Cezary Zawadka czawadka@google.com Chance Zibolski chance.zibolski@gmail.com Changyu Wang changyuwang@tencent.com @@ -460,6 +462,7 @@ Madhu Challa madhu@cilium.io Madhusudan.C.S madhusudancs@gmail.com Mahadev Panchal mahadev.panchal@benisontech.com MaiReo sawako.saki@gmail.com +Mais mai.saleh@siemens.com Maksym Lushpenko iviakciivi@gmail.com Manali Bhutiyani manali@covalent.io Mandar U Jog mjog@google.com @@ -538,6 +541,7 @@ Mohit Marathe mohitmarathe23@gmail.com Moritz Eckert m1gh7ym0@gmail.com Moritz Johner beller.moritz@googlemail.com Moshe Immerman moshe.immerman@vitalitygroup.com +mrproliu 741550557@qq.com mvtab mvtabilitas@protonmail.com naoki-take naoki-take@cybozu.co.jp Natalia Reka Ivanko natalia@isovalent.com @@ -825,6 +829,7 @@ Yugo Kobayashi kobdotsh@gmail.com yulng wei.yang@daocloud.io Yurii Dzobak yurii.dzobak@lotusflare.com Yurii Komar Subreptivus@gmail.com +Yusho Yamaguchi yusho.yamaguchi@sony.com Yusuke Suzuki yusuke.suzuki@isovalent.com Yutaro Hayakawa yutaro.hayakawa@isovalent.com Yves Blusseau yves.blusseau@acoss.fr diff --git a/vendor/github.com/cilium/cilium/api/v1/flow/flow.pb.go b/vendor/github.com/cilium/cilium/api/v1/flow/flow.pb.go index 6b6367ec61..1ca2bce5bb 100644 --- a/vendor/github.com/cilium/cilium/api/v1/flow/flow.pb.go +++ b/vendor/github.com/cilium/cilium/api/v1/flow/flow.pb.go @@ -3,8 +3,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.31.0 -// protoc v5.27.1 +// protoc-gen-go v1.34.2 +// protoc v5.27.2 // source: flow/flow.proto package flow @@ -5782,7 +5782,7 @@ func file_flow_flow_proto_rawDescGZIP() []byte { var file_flow_flow_proto_enumTypes = make([]protoimpl.EnumInfo, 15) var file_flow_flow_proto_msgTypes = make([]protoimpl.MessageInfo, 38) -var file_flow_flow_proto_goTypes = []interface{}{ +var file_flow_flow_proto_goTypes = []any{ (FlowType)(0), // 0: flow.FlowType (AuthType)(0), // 1: flow.AuthType (TraceObservationPoint)(0), // 2: flow.TraceObservationPoint @@ -5930,7 +5930,7 @@ func file_flow_flow_proto_init() { return } if !protoimpl.UnsafeEnabled { - file_flow_flow_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[0].Exporter = func(v any, i int) any { switch v := v.(*Flow); i { case 0: return &v.state @@ -5942,7 +5942,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[1].Exporter = func(v any, i int) any { switch v := v.(*Layer4); i { case 0: return &v.state @@ -5954,7 +5954,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[2].Exporter = func(v any, i int) any { switch v := v.(*Layer7); i { case 0: return &v.state @@ -5966,7 +5966,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[3].Exporter = func(v any, i int) any { switch v := v.(*TraceContext); i { case 0: return &v.state @@ -5978,7 +5978,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[4].Exporter = func(v any, i int) any { switch v := v.(*TraceParent); i { case 0: return &v.state @@ -5990,7 +5990,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[5].Exporter = func(v any, i int) any { switch v := v.(*Endpoint); i { case 0: return &v.state @@ -6002,7 +6002,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[6].Exporter = func(v any, i int) any { switch v := v.(*Workload); i { case 0: return &v.state @@ -6014,7 +6014,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[7].Exporter = func(v any, i int) any { switch v := v.(*TCP); i { case 0: return &v.state @@ -6026,7 +6026,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[8].Exporter = func(v any, i int) any { switch v := v.(*IP); i { case 0: return &v.state @@ -6038,7 +6038,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[9].Exporter = func(v any, i int) any { switch v := v.(*Ethernet); i { case 0: return &v.state @@ -6050,7 +6050,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[10].Exporter = func(v any, i int) any { switch v := v.(*TCPFlags); i { case 0: return &v.state @@ -6062,7 +6062,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[11].Exporter = func(v any, i int) any { switch v := v.(*UDP); i { case 0: return &v.state @@ -6074,7 +6074,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[12].Exporter = func(v any, i int) any { switch v := v.(*SCTP); i { case 0: return &v.state @@ -6086,7 +6086,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[13].Exporter = func(v any, i int) any { switch v := v.(*ICMPv4); i { case 0: return &v.state @@ -6098,7 +6098,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[14].Exporter = func(v any, i int) any { switch v := v.(*ICMPv6); i { case 0: return &v.state @@ -6110,7 +6110,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[15].Exporter = func(v any, i int) any { switch v := v.(*Policy); i { case 0: return &v.state @@ -6122,7 +6122,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[16].Exporter = func(v any, i int) any { switch v := v.(*EventTypeFilter); i { case 0: return &v.state @@ -6134,7 +6134,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[17].Exporter = func(v any, i int) any { switch v := v.(*CiliumEventType); i { case 0: return &v.state @@ -6146,7 +6146,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[18].Exporter = func(v any, i int) any { switch v := v.(*FlowFilter); i { case 0: return &v.state @@ -6158,7 +6158,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[19].Exporter = func(v any, i int) any { switch v := v.(*DNS); i { case 0: return &v.state @@ -6170,7 +6170,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[20].Exporter = func(v any, i int) any { switch v := v.(*HTTPHeader); i { case 0: return &v.state @@ -6182,7 +6182,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[21].Exporter = func(v any, i int) any { switch v := v.(*HTTP); i { case 0: return &v.state @@ -6194,7 +6194,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[22].Exporter = func(v any, i int) any { switch v := v.(*Kafka); i { case 0: return &v.state @@ -6206,7 +6206,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[23].Exporter = func(v any, i int) any { switch v := v.(*Service); i { case 0: return &v.state @@ -6218,7 +6218,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[24].Exporter = func(v any, i int) any { switch v := v.(*LostEvent); i { case 0: return &v.state @@ -6230,7 +6230,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[25].Exporter = func(v any, i int) any { switch v := v.(*AgentEvent); i { case 0: return &v.state @@ -6242,7 +6242,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[26].Exporter = func(v any, i int) any { switch v := v.(*AgentEventUnknown); i { case 0: return &v.state @@ -6254,7 +6254,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[27].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[27].Exporter = func(v any, i int) any { switch v := v.(*TimeNotification); i { case 0: return &v.state @@ -6266,7 +6266,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[28].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[28].Exporter = func(v any, i int) any { switch v := v.(*PolicyUpdateNotification); i { case 0: return &v.state @@ -6278,7 +6278,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[29].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[29].Exporter = func(v any, i int) any { switch v := v.(*EndpointRegenNotification); i { case 0: return &v.state @@ -6290,7 +6290,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[30].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[30].Exporter = func(v any, i int) any { switch v := v.(*EndpointUpdateNotification); i { case 0: return &v.state @@ -6302,7 +6302,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[31].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[31].Exporter = func(v any, i int) any { switch v := v.(*IPCacheNotification); i { case 0: return &v.state @@ -6314,7 +6314,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[32].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[32].Exporter = func(v any, i int) any { switch v := v.(*ServiceUpsertNotificationAddr); i { case 0: return &v.state @@ -6326,7 +6326,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[33].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[33].Exporter = func(v any, i int) any { switch v := v.(*ServiceUpsertNotification); i { case 0: return &v.state @@ -6338,7 +6338,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[34].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[34].Exporter = func(v any, i int) any { switch v := v.(*ServiceDeleteNotification); i { case 0: return &v.state @@ -6350,7 +6350,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[35].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[35].Exporter = func(v any, i int) any { switch v := v.(*NetworkInterface); i { case 0: return &v.state @@ -6362,7 +6362,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[36].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[36].Exporter = func(v any, i int) any { switch v := v.(*DebugEvent); i { case 0: return &v.state @@ -6374,7 +6374,7 @@ func file_flow_flow_proto_init() { return nil } } - file_flow_flow_proto_msgTypes[37].Exporter = func(v interface{}, i int) interface{} { + file_flow_flow_proto_msgTypes[37].Exporter = func(v any, i int) any { switch v := v.(*FlowFilter_Experimental); i { case 0: return &v.state @@ -6387,19 +6387,19 @@ func file_flow_flow_proto_init() { } } } - file_flow_flow_proto_msgTypes[1].OneofWrappers = []interface{}{ + file_flow_flow_proto_msgTypes[1].OneofWrappers = []any{ (*Layer4_TCP)(nil), (*Layer4_UDP)(nil), (*Layer4_ICMPv4)(nil), (*Layer4_ICMPv6)(nil), (*Layer4_SCTP)(nil), } - file_flow_flow_proto_msgTypes[2].OneofWrappers = []interface{}{ + file_flow_flow_proto_msgTypes[2].OneofWrappers = []any{ (*Layer7_Dns)(nil), (*Layer7_Http)(nil), (*Layer7_Kafka)(nil), } - file_flow_flow_proto_msgTypes[25].OneofWrappers = []interface{}{ + file_flow_flow_proto_msgTypes[25].OneofWrappers = []any{ (*AgentEvent_Unknown)(nil), (*AgentEvent_AgentStart)(nil), (*AgentEvent_PolicyUpdate)(nil), diff --git a/vendor/github.com/cilium/cilium/api/v1/observer/observer.pb.go b/vendor/github.com/cilium/cilium/api/v1/observer/observer.pb.go index 9515c23821..35af2a2055 100644 --- a/vendor/github.com/cilium/cilium/api/v1/observer/observer.pb.go +++ b/vendor/github.com/cilium/cilium/api/v1/observer/observer.pb.go @@ -3,8 +3,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.31.0 -// protoc v5.27.1 +// protoc-gen-go v1.34.2 +// protoc v5.27.2 // source: observer/observer.proto package observer @@ -2000,7 +2000,7 @@ func file_observer_observer_proto_rawDescGZIP() []byte { } var file_observer_observer_proto_msgTypes = make([]protoimpl.MessageInfo, 17) -var file_observer_observer_proto_goTypes = []interface{}{ +var file_observer_observer_proto_goTypes = []any{ (*ServerStatusRequest)(nil), // 0: observer.ServerStatusRequest (*ServerStatusResponse)(nil), // 1: observer.ServerStatusResponse (*GetFlowsRequest)(nil), // 2: observer.GetFlowsRequest @@ -2088,7 +2088,7 @@ func file_observer_observer_proto_init() { return } if !protoimpl.UnsafeEnabled { - file_observer_observer_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + file_observer_observer_proto_msgTypes[0].Exporter = func(v any, i int) any { switch v := v.(*ServerStatusRequest); i { case 0: return &v.state @@ -2100,7 +2100,7 @@ func file_observer_observer_proto_init() { return nil } } - file_observer_observer_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + file_observer_observer_proto_msgTypes[1].Exporter = func(v any, i int) any { switch v := v.(*ServerStatusResponse); i { case 0: return &v.state @@ -2112,7 +2112,7 @@ func file_observer_observer_proto_init() { return nil } } - file_observer_observer_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + file_observer_observer_proto_msgTypes[2].Exporter = func(v any, i int) any { switch v := v.(*GetFlowsRequest); i { case 0: return &v.state @@ -2124,7 +2124,7 @@ func file_observer_observer_proto_init() { return nil } } - file_observer_observer_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + file_observer_observer_proto_msgTypes[3].Exporter = func(v any, i int) any { switch v := v.(*GetFlowsResponse); i { case 0: return &v.state @@ -2136,7 +2136,7 @@ func file_observer_observer_proto_init() { return nil } } - file_observer_observer_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + file_observer_observer_proto_msgTypes[4].Exporter = func(v any, i int) any { switch v := v.(*GetAgentEventsRequest); i { case 0: return &v.state @@ -2148,7 +2148,7 @@ func file_observer_observer_proto_init() { return nil } } - file_observer_observer_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + file_observer_observer_proto_msgTypes[5].Exporter = func(v any, i int) any { switch v := v.(*GetAgentEventsResponse); i { case 0: return &v.state @@ -2160,7 +2160,7 @@ func file_observer_observer_proto_init() { return nil } } - file_observer_observer_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + file_observer_observer_proto_msgTypes[6].Exporter = func(v any, i int) any { switch v := v.(*GetDebugEventsRequest); i { case 0: return &v.state @@ -2172,7 +2172,7 @@ func file_observer_observer_proto_init() { return nil } } - file_observer_observer_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + file_observer_observer_proto_msgTypes[7].Exporter = func(v any, i int) any { switch v := v.(*GetDebugEventsResponse); i { case 0: return &v.state @@ -2184,7 +2184,7 @@ func file_observer_observer_proto_init() { return nil } } - file_observer_observer_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + file_observer_observer_proto_msgTypes[8].Exporter = func(v any, i int) any { switch v := v.(*GetNodesRequest); i { case 0: return &v.state @@ -2196,7 +2196,7 @@ func file_observer_observer_proto_init() { return nil } } - file_observer_observer_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + file_observer_observer_proto_msgTypes[9].Exporter = func(v any, i int) any { switch v := v.(*GetNodesResponse); i { case 0: return &v.state @@ -2208,7 +2208,7 @@ func file_observer_observer_proto_init() { return nil } } - file_observer_observer_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { + file_observer_observer_proto_msgTypes[10].Exporter = func(v any, i int) any { switch v := v.(*Node); i { case 0: return &v.state @@ -2220,7 +2220,7 @@ func file_observer_observer_proto_init() { return nil } } - file_observer_observer_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { + file_observer_observer_proto_msgTypes[11].Exporter = func(v any, i int) any { switch v := v.(*TLS); i { case 0: return &v.state @@ -2232,7 +2232,7 @@ func file_observer_observer_proto_init() { return nil } } - file_observer_observer_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { + file_observer_observer_proto_msgTypes[12].Exporter = func(v any, i int) any { switch v := v.(*GetNamespacesRequest); i { case 0: return &v.state @@ -2244,7 +2244,7 @@ func file_observer_observer_proto_init() { return nil } } - file_observer_observer_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { + file_observer_observer_proto_msgTypes[13].Exporter = func(v any, i int) any { switch v := v.(*GetNamespacesResponse); i { case 0: return &v.state @@ -2256,7 +2256,7 @@ func file_observer_observer_proto_init() { return nil } } - file_observer_observer_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { + file_observer_observer_proto_msgTypes[14].Exporter = func(v any, i int) any { switch v := v.(*Namespace); i { case 0: return &v.state @@ -2268,7 +2268,7 @@ func file_observer_observer_proto_init() { return nil } } - file_observer_observer_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { + file_observer_observer_proto_msgTypes[15].Exporter = func(v any, i int) any { switch v := v.(*ExportEvent); i { case 0: return &v.state @@ -2280,7 +2280,7 @@ func file_observer_observer_proto_init() { return nil } } - file_observer_observer_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { + file_observer_observer_proto_msgTypes[16].Exporter = func(v any, i int) any { switch v := v.(*GetFlowsRequest_Experimental); i { case 0: return &v.state @@ -2293,12 +2293,12 @@ func file_observer_observer_proto_init() { } } } - file_observer_observer_proto_msgTypes[3].OneofWrappers = []interface{}{ + file_observer_observer_proto_msgTypes[3].OneofWrappers = []any{ (*GetFlowsResponse_Flow)(nil), (*GetFlowsResponse_NodeStatus)(nil), (*GetFlowsResponse_LostEvents)(nil), } - file_observer_observer_proto_msgTypes[15].OneofWrappers = []interface{}{ + file_observer_observer_proto_msgTypes[15].OneofWrappers = []any{ (*ExportEvent_Flow)(nil), (*ExportEvent_NodeStatus)(nil), (*ExportEvent_LostEvents)(nil), diff --git a/vendor/github.com/cilium/cilium/api/v1/observer/observer_grpc.pb.go b/vendor/github.com/cilium/cilium/api/v1/observer/observer_grpc.pb.go index 1e61a0c82b..6ff1171896 100644 --- a/vendor/github.com/cilium/cilium/api/v1/observer/observer_grpc.pb.go +++ b/vendor/github.com/cilium/cilium/api/v1/observer/observer_grpc.pb.go @@ -4,7 +4,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.3.0 -// - protoc v5.27.1 +// - protoc v5.27.2 // source: observer/observer.proto package observer diff --git a/vendor/github.com/cilium/cilium/api/v1/relay/relay.pb.go b/vendor/github.com/cilium/cilium/api/v1/relay/relay.pb.go index 3fe724d989..945401746f 100644 --- a/vendor/github.com/cilium/cilium/api/v1/relay/relay.pb.go +++ b/vendor/github.com/cilium/cilium/api/v1/relay/relay.pb.go @@ -3,8 +3,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.31.0 -// protoc v5.27.1 +// protoc-gen-go v1.34.2 +// protoc v5.27.2 // source: relay/relay.proto package relay @@ -197,7 +197,7 @@ func file_relay_relay_proto_rawDescGZIP() []byte { var file_relay_relay_proto_enumTypes = make([]protoimpl.EnumInfo, 1) var file_relay_relay_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_relay_relay_proto_goTypes = []interface{}{ +var file_relay_relay_proto_goTypes = []any{ (NodeState)(0), // 0: relay.NodeState (*NodeStatusEvent)(nil), // 1: relay.NodeStatusEvent } @@ -216,7 +216,7 @@ func file_relay_relay_proto_init() { return } if !protoimpl.UnsafeEnabled { - file_relay_relay_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + file_relay_relay_proto_msgTypes[0].Exporter = func(v any, i int) any { switch v := v.(*NodeStatusEvent); i { case 0: return &v.state diff --git a/vendor/github.com/cilium/cilium/pkg/bgpv1/agent/controller.go b/vendor/github.com/cilium/cilium/pkg/bgpv1/agent/controller.go index 7b60065809..b363faa684 100644 --- a/vendor/github.com/cilium/cilium/pkg/bgpv1/agent/controller.go +++ b/vendor/github.com/cilium/cilium/pkg/bgpv1/agent/controller.go @@ -5,6 +5,7 @@ package agent import ( "context" + "errors" "fmt" "github.com/cilium/hive/cell" @@ -233,6 +234,10 @@ func (c *Controller) Reconcile(ctx context.Context) error { Name: c.LocalCiliumNode.Name, }) if err != nil { + if errors.Is(err, store.ErrStoreUninitialized) { + log.Debug("BGPNodeConfig store not yet initialized") + return nil // skip the reconciliation - once the store is initialized, it will trigger new reconcile event + } log.WithError(err).Error("failed to get BGPNodeConfig") return err } diff --git a/vendor/github.com/cilium/cilium/pkg/container/bitlpm/trie.go b/vendor/github.com/cilium/cilium/pkg/container/bitlpm/trie.go index 29868759c8..aff850a6a3 100644 --- a/vendor/github.com/cilium/cilium/pkg/container/bitlpm/trie.go +++ b/vendor/github.com/cilium/cilium/pkg/container/bitlpm/trie.go @@ -112,21 +112,18 @@ type node[K, T any] struct { // // Note: If the prefix argument exceeds the Trie's maximum // prefix, it will be set to the Trie's maximum prefix. -func (t *trie[K, T]) ExactLookup(prefixLen uint, k Key[K]) (T, bool) { +func (t *trie[K, T]) ExactLookup(prefixLen uint, k Key[K]) (ret T, found bool) { prefixLen = min(prefixLen, t.maxPrefix) - var ( - empty, ret T - matchPrefix uint - ) - t.traverse(t.maxPrefix, k, func(currentNode *node[K, T], matchLen uint) bool { - ret = currentNode.value - matchPrefix = matchLen + t.traverse(prefixLen, k, func(currentNode *node[K, T], matchLen uint) bool { + // Only copy node value if exact prefix length is found + if matchLen == prefixLen { + ret = currentNode.value + found = true + return false // no need to continue + } return true }) - if matchPrefix != prefixLen { - return empty, false - } - return ret, true + return ret, found } // LongestPrefixMatch returns the value for the key with the @@ -185,6 +182,10 @@ func (t *trie[K, T]) Descendants(prefixLen uint, k Key[K], fn func(prefix uint, currentNode.forEach(fn) return } + // currentNode is a leaf and has no children. Calling k.BitValueAt may overrun the key storage. + if currentNode.prefixLen >= t.maxPrefix { + return + } currentNode = currentNode.children[k.BitValueAt(currentNode.prefixLen)] } } diff --git a/vendor/github.com/cilium/cilium/pkg/datapath/tables/node_address.go b/vendor/github.com/cilium/cilium/pkg/datapath/tables/node_address.go index c46af3cda5..ffae5cb401 100644 --- a/vendor/github.com/cilium/cilium/pkg/datapath/tables/node_address.go +++ b/vendor/github.com/cilium/cilium/pkg/datapath/tables/node_address.go @@ -16,6 +16,7 @@ import ( "github.com/cilium/hive/job" "github.com/cilium/statedb" "github.com/cilium/statedb/index" + "github.com/cilium/stream" "github.com/sirupsen/logrus" "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/util/sets" @@ -24,6 +25,7 @@ import ( "github.com/cilium/cilium/pkg/defaults" "github.com/cilium/cilium/pkg/ip" "github.com/cilium/cilium/pkg/logging/logfields" + "github.com/cilium/cilium/pkg/node" "github.com/cilium/cilium/pkg/option" "github.com/cilium/cilium/pkg/rate" "github.com/cilium/cilium/pkg/time" @@ -206,13 +208,14 @@ type nodeAddressControllerParams struct { Devices statedb.Table[*Device] NodeAddresses statedb.RWTable[NodeAddress] AddressScopeMax AddressScopeMax + LocalNode *node.LocalNodeStore } type nodeAddressController struct { nodeAddressControllerParams - deviceChanges statedb.ChangeIterator[*Device] - + deviceChanges statedb.ChangeIterator[*Device] + k8sIPv4, k8sIPv6 netip.Addr fallbackAddresses fallbackAddresses } @@ -248,10 +251,14 @@ func (n *nodeAddressController) register() { return fmt.Errorf("DeleteTracker: %w", err) } + if node, err := n.LocalNode.Get(ctx); err == nil { + n.updateK8sNodeIPs(node) + } + // Do an immediate update to populate the table before it is read from. devices, _ := n.Devices.All(txn) for dev, _, ok := devices.Next(); ok; dev, _, ok = devices.Next() { - n.update(txn, nil, n.getAddressesFromDevice(dev), nil, dev.Name) + n.update(txn, n.getAddressesFromDevice(dev), nil, dev.Name) n.updateWildcardDevice(txn, dev, false) } txn.Commit() @@ -265,24 +272,43 @@ func (n *nodeAddressController) register() { } +func (n *nodeAddressController) updateK8sNodeIPs(node node.LocalNode) (updated bool) { + if ip := node.GetNodeIP(true); ip != nil { + if newIP, ok := netip.AddrFromSlice(ip); ok { + if newIP != n.k8sIPv6 { + n.k8sIPv6 = newIP + updated = true + } + } + } + if ip := node.GetNodeIP(false); ip != nil { + if newIP, ok := netip.AddrFromSlice(ip); ok { + if newIP != n.k8sIPv4 { + n.k8sIPv4 = newIP + updated = true + } + } + } + return +} + func (n *nodeAddressController) run(ctx context.Context, reporter cell.Health) error { defer n.deviceChanges.Close() + localNodeChanges := stream.ToChannel(ctx, n.LocalNode) + n.updateK8sNodeIPs(<-localNodeChanges) + limiter := rate.NewLimiter(nodeAddressControllerMinInterval, 1) for { txn := n.DB.WriteTxn(n.NodeAddresses) for change, _, ok := n.deviceChanges.Next(); ok; change, _, ok = n.deviceChanges.Next() { dev := change.Object - // Note: prefix match! existing may contain node addresses from devices with names - // prefixed by dev. See https://github.com/cilium/cilium/issues/29324. - addrIter := n.NodeAddresses.List(txn, NodeAddressDeviceNameIndex.Query(dev.Name)) - existing := statedb.Collect(addrIter) - var new sets.Set[NodeAddress] + var new []NodeAddress if !change.Deleted { new = n.getAddressesFromDevice(dev) } - n.update(txn, sets.New(existing...), new, reporter, dev.Name) + n.update(txn, new, reporter, dev.Name) n.updateWildcardDevice(txn, dev, change.Deleted) } txn.Commit() @@ -291,6 +317,22 @@ func (n *nodeAddressController) run(ctx context.Context, reporter cell.Health) e case <-ctx.Done(): return nil case <-n.deviceChanges.Watch(n.DB.ReadTxn()): + case localNode, ok := <-localNodeChanges: + if !ok { + localNodeChanges = nil + break + } + if n.updateK8sNodeIPs(localNode) { + // Recompute the node addresses as the k8s node IP has changed, which + // affects the prioritization. + txn := n.DB.WriteTxn(n.NodeAddresses) + devices, _ := n.Devices.All(txn) + for dev, _, ok := devices.Next(); ok; dev, _, ok = devices.Next() { + n.update(txn, n.getAddressesFromDevice(dev), nil, dev.Name) + n.updateWildcardDevice(txn, dev, false) + } + txn.Commit() + } } if err := limiter.Wait(ctx); err != nil { return err @@ -313,7 +355,7 @@ func (n *nodeAddressController) updateWildcardDevice(txn statedb.WriteTxn, dev * n.NodeAddresses.Delete(txn, addr) } - newAddrs := sets.New[NodeAddress]() + newAddrs := []NodeAddress{} for _, fallback := range n.fallbackAddresses.addrs() { if !fallback.IsValid() { continue @@ -324,7 +366,7 @@ func (n *nodeAddressController) updateWildcardDevice(txn statedb.WriteTxn, dev * Primary: true, DeviceName: WildcardDeviceName, } - newAddrs.Insert(nodeAddr) + newAddrs = append(newAddrs, nodeAddr) n.NodeAddresses.Insert(txn, nodeAddr) } @@ -337,9 +379,7 @@ func (n *nodeAddressController) updateFallbacks(txn statedb.ReadTxn, dev *Device } fallbacks := &n.fallbackAddresses - if deleted && (fallbacks.ipv4.dev == dev || fallbacks.ipv6.dev == dev) { - // The device that was used for fallback address was removed. - // Clear the fallbacks and reprocess from scratch. + if deleted && fallbacks.fromDevice(dev) { fallbacks.clear() devices, _ := n.Devices.All(txn) for dev, _, ok := devices.Next(); ok; dev, _, ok = devices.Next() { @@ -352,30 +392,32 @@ func (n *nodeAddressController) updateFallbacks(txn statedb.ReadTxn, dev *Device } // updates the node addresses of a single device. -func (n *nodeAddressController) update(txn statedb.WriteTxn, existing, new sets.Set[NodeAddress], reporter cell.Health, device string) { +func (n *nodeAddressController) update(txn statedb.WriteTxn, new []NodeAddress, reporter cell.Health, device string) { updated := false - prefixLen := len(device) - // Insert new addresses that did not exist. - for addr := range new { - if !existing.Has(addr) { + // Gather the set of currently existing addresses for this device. + current := sets.New(statedb.Collect( + statedb.Map( + n.NodeAddresses.List(txn, NodeAddressDeviceNameIndex.Query(device)), + func(addr NodeAddress) netip.Addr { + return addr.Addr + }))...) + + // Update the new set of addresses for this device. We try to avoid insertions when nothing has changed + // to avoid unnecessary wakeups to watchers of the table. + for _, addr := range new { + old, _, hadOld := n.NodeAddresses.Get(txn, NodeAddressIndex.Query(NodeAddressKey{Addr: addr.Addr, DeviceName: device})) + if !hadOld || old != addr { updated = true n.NodeAddresses.Insert(txn, addr) } + current.Delete(addr.Addr) } - // Remove addresses that were not part of the new set. - for addr := range existing { - // Ensure full device name match. 'device' may be a prefix of DeviceName, and we don't want - // to delete node addresses of `cilium_host` because they are not on `cilium`. - if prefixLen != len(addr.DeviceName) { - continue - } - - if !new.Has(addr) { - updated = true - n.NodeAddresses.Delete(txn, addr) - } + // Delete the addresses no longer associated with the device. + for addr := range current { + updated = true + n.NodeAddresses.Delete(txn, NodeAddress{DeviceName: device, Addr: addr}) } if updated { @@ -387,7 +429,7 @@ func (n *nodeAddressController) update(txn statedb.WriteTxn, existing, new sets. } } -func (n *nodeAddressController) getAddressesFromDevice(dev *Device) sets.Set[NodeAddress] { +func (n *nodeAddressController) getAddressesFromDevice(dev *Device) []NodeAddress { if dev.Flags&net.FlagUp == 0 { return nil } @@ -409,10 +451,6 @@ func (n *nodeAddressController) getAddressesFromDevice(dev *Device) sets.Set[Nod addrs := make([]NodeAddress, 0, len(dev.Addrs)) - // ipv4Found and ipv6Found are set to true when the primary address is picked - // (used for the Primary flag) - ipv4Found, ipv6Found := false, false - // The indexes for the first public and private addresses for picking NodePort // addresses. ipv4PublicIndex, ipv4PrivateIndex := -1, -1 @@ -436,12 +474,13 @@ func (n *nodeAddressController) getAddressesFromDevice(dev *Device) sets.Set[Nod index := len(addrs) isPublic := ip.IsPublicAddr(addr.Addr.AsSlice()) - primary := false if addr.Addr.Is4() { - if !ipv4Found { - ipv4Found = true - primary = true + if addr.Addr.Unmap() == n.k8sIPv4.Unmap() { + // Address matches the K8s Node IP. Force this to be picked. + ipv4PublicIndex = index + ipv4PrivateIndex = index } + if ipv4PublicIndex < 0 && isPublic { ipv4PublicIndex = index } @@ -451,9 +490,10 @@ func (n *nodeAddressController) getAddressesFromDevice(dev *Device) sets.Set[Nod } if addr.Addr.Is6() { - if !ipv6Found { - ipv6Found = true - primary = true + if addr.Addr == n.k8sIPv6 { + // Address matches the K8s Node IP. Force this to be picked. + ipv6PublicIndex = index + ipv6PrivateIndex = index } if ipv6PublicIndex < 0 && isPublic { @@ -474,7 +514,6 @@ func (n *nodeAddressController) getAddressesFromDevice(dev *Device) sets.Set[Nod addrs = append(addrs, NodeAddress{ Addr: addr.Addr, - Primary: primary, NodePort: nodePort, DeviceName: dev.Name, }) @@ -487,7 +526,6 @@ func (n *nodeAddressController) getAddressesFromDevice(dev *Device) sets.Set[Nod } else if ipv4PublicIndex >= 0 { addrs[ipv4PublicIndex].NodePort = true } - if ipv6PrivateIndex >= 0 { addrs[ipv6PrivateIndex].NodePort = true } else if ipv6PublicIndex >= 0 { @@ -495,13 +533,25 @@ func (n *nodeAddressController) getAddressesFromDevice(dev *Device) sets.Set[Nod } } - return sets.New(addrs...) + // Pick the primary address. Prefer public over private. + if ipv4PublicIndex >= 0 { + addrs[ipv4PublicIndex].Primary = true + } else if ipv4PrivateIndex >= 0 { + addrs[ipv4PrivateIndex].Primary = true + } + if ipv6PublicIndex >= 0 { + addrs[ipv6PublicIndex].Primary = true + } else if ipv6PrivateIndex >= 0 { + addrs[ipv6PrivateIndex].Primary = true + } + + return addrs } // showAddresses formats a Set[NodeAddress] as "1.2.3.4 (primary, nodeport), fe80::1" -func showAddresses(addrs sets.Set[NodeAddress]) string { +func showAddresses(addrs []NodeAddress) string { ss := make([]string, 0, len(addrs)) - for addr := range addrs { + for _, addr := range addrs { var extras []string if addr.Primary { extras = append(extras, "primary") @@ -571,7 +621,27 @@ func (f *fallbackAddresses) addrs() []netip.Addr { return []netip.Addr{f.ipv4.addr.Addr, f.ipv6.addr.Addr} } +func (f *fallbackAddresses) fromDevice(dev *Device) bool { + return (f.ipv4.dev != nil && f.ipv4.dev.Name == dev.Name) || + (f.ipv6.dev != nil && f.ipv6.dev.Name == dev.Name) +} + +func (f *fallbackAddresses) clearDevice(dev *Device) { + // Clear the fallbacks if they were from a prior version of this device + // as the addresses may have been removed. + if f.ipv4.dev != nil && f.ipv4.dev.Name == dev.Name { + f.ipv4 = fallbackAddress{} + } + if f.ipv6.dev != nil && f.ipv6.dev.Name == dev.Name { + f.ipv6 = fallbackAddress{} + } +} + func (f *fallbackAddresses) update(dev *Device) (updated bool) { + prevIPv4, prevIPv6 := f.ipv4.addr, f.ipv6.addr + + f.clearDevice(dev) + // Iterate over all addresses to see if any of them make for a better // fallback address. for _, addr := range dev.Addrs { @@ -602,12 +672,11 @@ func (f *fallbackAddresses) update(dev *Device) (updated bool) { better = addr.Addr.Less(fa.addr.Addr) } if better { - updated = true fa.dev = dev fa.addr = addr } } - return + return prevIPv4 != f.ipv4.addr || prevIPv6 != f.ipv6.addr } // Shared test address definitions diff --git a/vendor/github.com/cilium/cilium/pkg/defaults/defaults.go b/vendor/github.com/cilium/cilium/pkg/defaults/defaults.go index c0d7226c83..4bc61ad277 100644 --- a/vendor/github.com/cilium/cilium/pkg/defaults/defaults.go +++ b/vendor/github.com/cilium/cilium/pkg/defaults/defaults.go @@ -189,6 +189,10 @@ const ( // DNSProxyLockCount. DNSProxyLockTimeout = 500 * time.Millisecond + // DNSProxySocketLingerTimeout defines how many seconds we wait for the connection + // between the DNS proxy and the upstream server to be closed. + DNSProxySocketLingerTimeout = 10 + // IdentityChangeGracePeriod is the default value for // option.IdentityChangeGracePeriod IdentityChangeGracePeriod = 5 * time.Second diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/register.go b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/register.go index 13bf874bbd..928531e75f 100644 --- a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/register.go +++ b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/register.go @@ -15,5 +15,5 @@ const ( // // Maintainers: Run ./Documentation/check-crd-compat-table.sh for each release // Developers: Bump patch for each change in the CRD schema. - CustomResourceDefinitionSchemaVersion = "1.29.10" + CustomResourceDefinitionSchemaVersion = "1.29.11" ) diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2/clrp_types.go b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2/clrp_types.go index bf8892cc9a..d085df8f6a 100644 --- a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2/clrp_types.go +++ b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2/clrp_types.go @@ -156,12 +156,14 @@ type CiliumLocalRedirectPolicySpec struct { // It can not be empty. // // +kubebuilder:validation:Required + // +kubebuilder:validation:XValidation:rule="self == oldSelf", message="redirectFrontend is immutable" RedirectFrontend RedirectFrontend `json:"redirectFrontend"` // RedirectBackend specifies backend configuration to redirect traffic to. // It can not be empty. // // +kubebuilder:validation:Required + // +kubebuilder:validation:XValidation:rule="self == oldSelf", message="redirectBackend is immutable" RedirectBackend RedirectBackend `json:"redirectBackend"` // SkipRedirectFromBackend indicates whether traffic matching RedirectFrontend @@ -179,6 +181,8 @@ type CiliumLocalRedirectPolicySpec struct { // destination "169.254.169.254:80". // // +kubebuilder:validation:Optional + // +kubebuilder:default=false + // +kubebuilder:validation:XValidation:rule="self == oldSelf", message="skipRedirectFromBackend is immutable" SkipRedirectFromBackend bool `json:"skipRedirectFromBackend"` // Description can be used by the creator of the policy to describe the diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1/bgp_advert_types.go b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1/bgp_advert_types.go index 0f2fc15590..f601819dae 100644 --- a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1/bgp_advert_types.go +++ b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1/bgp_advert_types.go @@ -108,7 +108,7 @@ type BGPAdvertisement struct { Service *BGPServiceOptions `json:"service,omitempty"` // Selector is a label selector to select objects of the type specified by AdvertisementType. - // If not specified, all objects of the type specified by AdvertisementType are selected for advertisement. + // If not specified, no objects of the type specified by AdvertisementType are selected for advertisement. // // +kubebuilder:validation:Optional Selector *slimv1.LabelSelector `json:"selector,omitempty"` diff --git a/vendor/github.com/cilium/cilium/pkg/kvstore/consul.go b/vendor/github.com/cilium/cilium/pkg/kvstore/consul.go index 4847560090..c223221d57 100644 --- a/vendor/github.com/cilium/cilium/pkg/kvstore/consul.go +++ b/vendor/github.com/cilium/cilium/pkg/kvstore/consul.go @@ -10,6 +10,7 @@ import ( "errors" "fmt" "os" + "strings" consulAPI "github.com/hashicorp/consul/api" "github.com/sirupsen/logrus" @@ -305,6 +306,7 @@ func (c *consulClient) LockPath(ctx context.Context, path string) (KVLocker, err // watch starts watching for changes in a prefix func (c *consulClient) watch(ctx context.Context, w *Watcher) { + scope := GetScopeFromKey(strings.TrimRight(w.Prefix, "/")) // Last known state of all KVPairs matching the prefix localState := map[string]consulAPI.KVPair{} nextIndex := uint64(0) @@ -355,7 +357,7 @@ func (c *consulClient) watch(ctx context.Context, w *Watcher) { Key: newPair.Key, Value: newPair.Value, } - trackEventQueued(newPair.Key, EventTypeCreate, queueStart.End(true).Total()) + trackEventQueued(scope, EventTypeCreate, queueStart.End(true).Total()) } else if oldPair.ModifyIndex != newPair.ModifyIndex { queueStart := spanstat.Start() w.Events <- KeyValueEvent{ @@ -363,7 +365,7 @@ func (c *consulClient) watch(ctx context.Context, w *Watcher) { Key: newPair.Key, Value: newPair.Value, } - trackEventQueued(newPair.Key, EventTypeModify, queueStart.End(true).Total()) + trackEventQueued(scope, EventTypeModify, queueStart.End(true).Total()) } // Everything left on localState will be assumed to @@ -379,7 +381,7 @@ func (c *consulClient) watch(ctx context.Context, w *Watcher) { Key: deletedPair.Key, Value: deletedPair.Value, } - trackEventQueued(deletedPair.Key, EventTypeDelete, queueStart.End(true).Total()) + trackEventQueued(scope, EventTypeDelete, queueStart.End(true).Total()) delete(localState, k) } diff --git a/vendor/github.com/cilium/cilium/pkg/kvstore/etcd.go b/vendor/github.com/cilium/cilium/pkg/kvstore/etcd.go index e824a706ed..5fca752cfd 100644 --- a/vendor/github.com/cilium/cilium/pkg/kvstore/etcd.go +++ b/vendor/github.com/cilium/cilium/pkg/kvstore/etcd.go @@ -763,6 +763,7 @@ func (e *etcdClient) DeletePrefix(ctx context.Context, path string) (err error) // watch starts watching for changes in a prefix func (e *etcdClient) watch(ctx context.Context, w *Watcher) { + scope := GetScopeFromKey(strings.TrimRight(w.Prefix, "/")) localCache := watcherCache{} listSignalSent := false @@ -844,7 +845,7 @@ reList: Value: key.Value, Typ: t, } - trackEventQueued(string(key.Key), t, queueStart.End(true).Total()) + trackEventQueued(scope, t, queueStart.End(true).Total()) } nextRev := revision + 1 @@ -864,7 +865,7 @@ reList: queueStart := spanstat.Start() w.Events <- event - trackEventQueued(k, EventTypeDelete, queueStart.End(true).Total()) + trackEventQueued(scope, EventTypeDelete, queueStart.End(true).Total()) }) // Only send the list signal once @@ -954,7 +955,7 @@ reList: queueStart := spanstat.Start() w.Events <- event - trackEventQueued(string(ev.Kv.Key), event.Typ, queueStart.End(true).Total()) + trackEventQueued(scope, event.Typ, queueStart.End(true).Total()) } } } diff --git a/vendor/github.com/cilium/cilium/pkg/kvstore/metrics.go b/vendor/github.com/cilium/cilium/pkg/kvstore/metrics.go index 4f09efd734..ae92d61ae1 100644 --- a/vendor/github.com/cilium/cilium/pkg/kvstore/metrics.go +++ b/vendor/github.com/cilium/cilium/pkg/kvstore/metrics.go @@ -38,11 +38,11 @@ func increaseMetric(key, kind, action string, duration time.Duration, err error) WithLabelValues(namespace, kind, action, outcome).Observe(duration.Seconds()) } -func trackEventQueued(key string, typ EventType, duration time.Duration) { +func trackEventQueued(scope string, typ EventType, duration time.Duration) { if !metrics.KVStoreEventsQueueDuration.IsEnabled() { return } - metrics.KVStoreEventsQueueDuration.WithLabelValues(GetScopeFromKey(key), typ.String()).Observe(duration.Seconds()) + metrics.KVStoreEventsQueueDuration.WithLabelValues(scope, typ.String()).Observe(duration.Seconds()) } func recordQuorumError(err string) { diff --git a/vendor/github.com/cilium/cilium/pkg/kvstore/store/store.go b/vendor/github.com/cilium/cilium/pkg/kvstore/store/store.go index 73a05859b7..f3e4ea023d 100644 --- a/vendor/github.com/cilium/cilium/pkg/kvstore/store/store.go +++ b/vendor/github.com/cilium/cilium/pkg/kvstore/store/store.go @@ -185,23 +185,22 @@ type LocalKey interface { } // KVPair represents a basic implementation of the LocalKey interface -type KVPair struct{ Key, Value string } +type KVPair struct { + Key string + Value []byte +} -func NewKVPair(key, value string) *KVPair { return &KVPair{Key: key, Value: value} } +func NewKVPair(key, value string) *KVPair { return &KVPair{Key: key, Value: []byte(value)} } func KVPairCreator() Key { return &KVPair{} } func (kv *KVPair) GetKeyName() string { return kv.Key } -func (kv *KVPair) Marshal() ([]byte, error) { return []byte(kv.Value), nil } +func (kv *KVPair) Marshal() ([]byte, error) { return kv.Value, nil } func (kv *KVPair) Unmarshal(key string, data []byte) error { - kv.Key, kv.Value = key, string(data) + kv.Key, kv.Value = key, data return nil } -func (kv *KVPair) DeepKeyCopy() LocalKey { - return NewKVPair(kv.Key, kv.Value) -} - // JoinSharedStore creates a new shared store based on the provided // configuration. An error is returned if the configuration is invalid. The // store is initialized with the contents of the kvstore. An error is returned diff --git a/vendor/github.com/cilium/cilium/pkg/monitor/api/files.go b/vendor/github.com/cilium/cilium/pkg/monitor/api/files.go index 71d07a27df..a2b4f460a4 100644 --- a/vendor/github.com/cilium/cilium/pkg/monitor/api/files.go +++ b/vendor/github.com/cilium/cilium/pkg/monitor/api/files.go @@ -16,6 +16,7 @@ var files = map[uint8]string{ 4: "bpf_xdp.c", 5: "bpf_sock.c", 6: "bpf_network.c", + 7: "bpf_wireguard.c", // header files from bpf/lib/ 101: "arp.h", diff --git a/vendor/github.com/cilium/cilium/pkg/option/.gitignore b/vendor/github.com/cilium/cilium/pkg/option/.gitignore new file mode 100644 index 0000000000..68fddb5ff9 --- /dev/null +++ b/vendor/github.com/cilium/cilium/pkg/option/.gitignore @@ -0,0 +1 @@ +agent-runtime-config*.json diff --git a/vendor/github.com/cilium/cilium/pkg/option/config.go b/vendor/github.com/cilium/cilium/pkg/option/config.go index 06ebe427b4..9381391d88 100644 --- a/vendor/github.com/cilium/cilium/pkg/option/config.go +++ b/vendor/github.com/cilium/cilium/pkg/option/config.go @@ -468,9 +468,17 @@ const ( // DNSProxyLockCount. DNSProxyLockTimeout = "dnsproxy-lock-timeout" + // DNSProxySocketLingerTimeout defines how many seconds we wait for the connection + // between the DNS proxy and the upstream server to be closed. + DNSProxySocketLingerTimeout = "dnsproxy-socket-linger-timeout" + // DNSProxyEnableTransparentMode enables transparent mode for the DNS proxy. DNSProxyEnableTransparentMode = "dnsproxy-enable-transparent-mode" + // DNSProxyInsecureSkipTransparentModeCheck is a hidden flag that allows users + // to disable transparent mode even if IPSec is enabled + DNSProxyInsecureSkipTransparentModeCheck = "dnsproxy-insecure-skip-transparent-mode-check" + // MTUName is the name of the MTU option MTUName = "mtu" @@ -1782,6 +1790,10 @@ type DaemonConfig struct { // DNSProxyEnableTransparentMode enables transparent mode for the DNS proxy. DNSProxyEnableTransparentMode bool + // DNSProxyInsecureSkipTransparentModeCheck is a hidden flag that allows users + // to disable transparent mode even if IPSec is enabled + DNSProxyInsecureSkipTransparentModeCheck bool + // DNSProxyLockCount is the array size containing mutexes which protect // against parallel handling of DNS response names. DNSProxyLockCount int @@ -1790,6 +1802,10 @@ type DaemonConfig struct { // DNSProxyLockCount. DNSProxyLockTimeout time.Duration + // DNSProxySocketLingerTimeout defines how many seconds we wait for the connection + // between the DNS proxy and the upstream server to be closed. + DNSProxySocketLingerTimeout int + // EnableXTSocketFallback allows disabling of kernel's ip_early_demux // sysctl option if `xt_socket` kernel module is not available. EnableXTSocketFallback bool @@ -3262,8 +3278,10 @@ func (c *DaemonConfig) Populate(vp *viper.Viper) { c.DNSProxyConcurrencyLimit = vp.GetInt(DNSProxyConcurrencyLimit) c.DNSProxyConcurrencyProcessingGracePeriod = vp.GetDuration(DNSProxyConcurrencyProcessingGracePeriod) c.DNSProxyEnableTransparentMode = vp.GetBool(DNSProxyEnableTransparentMode) + c.DNSProxyInsecureSkipTransparentModeCheck = vp.GetBool(DNSProxyInsecureSkipTransparentModeCheck) c.DNSProxyLockCount = vp.GetInt(DNSProxyLockCount) c.DNSProxyLockTimeout = vp.GetDuration(DNSProxyLockTimeout) + c.DNSProxySocketLingerTimeout = vp.GetInt(DNSProxySocketLingerTimeout) c.FQDNRejectResponse = vp.GetString(FQDNRejectResponseCode) // Convert IP strings into net.IPNet types diff --git a/vendor/github.com/cilium/cilium/pkg/policy/api/egress.go b/vendor/github.com/cilium/cilium/pkg/policy/api/egress.go index 69d7e0eb15..05ba0166ff 100644 --- a/vendor/github.com/cilium/cilium/pkg/policy/api/egress.go +++ b/vendor/github.com/cilium/cilium/pkg/policy/api/egress.go @@ -7,11 +7,14 @@ import ( "context" slim_metav1 "github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/meta/v1" + "github.com/cilium/cilium/pkg/slices" ) // EgressCommonRule is a rule that shares some of its fields across the // EgressRule and EgressDenyRule. It's publicly exported so the code generators // can generate code for this structure. +// +// +deepequal-gen:private-method=true type EgressCommonRule struct { // ToEndpoints is a list of endpoints identified by an EndpointSelector to // which the endpoints subject to the rule are allowed to communicate. @@ -111,6 +114,27 @@ type EgressCommonRule struct { aggregatedSelectors EndpointSelectorSlice `json:"-"` } +// DeepEqual returns true if both EgressCommonRule are deep equal. +// The semantic of a nil slice in one of its fields is different from the semantic +// of an empty non-nil slice, thus it explicitly checks for that case before calling +// the autogenerated method. +func (in *EgressCommonRule) DeepEqual(other *EgressCommonRule) bool { + if slices.XorNil(in.ToEndpoints, other.ToEndpoints) { + return false + } + if slices.XorNil(in.ToCIDR, other.ToCIDR) { + return false + } + if slices.XorNil(in.ToCIDRSet, other.ToCIDRSet) { + return false + } + if slices.XorNil(in.ToEntities, other.ToEntities) { + return false + } + + return in.deepEqual(other) +} + // EgressRule contains all rule types which can be applied at egress, i.e. // network traffic that originates inside the endpoint and exits the endpoint // selected by the endpointSelector. diff --git a/vendor/github.com/cilium/cilium/pkg/policy/api/ingress.go b/vendor/github.com/cilium/cilium/pkg/policy/api/ingress.go index b9ecc355d6..d4d8ce5e63 100644 --- a/vendor/github.com/cilium/cilium/pkg/policy/api/ingress.go +++ b/vendor/github.com/cilium/cilium/pkg/policy/api/ingress.go @@ -7,11 +7,14 @@ import ( "context" slim_metav1 "github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/meta/v1" + "github.com/cilium/cilium/pkg/slices" ) // IngressCommonRule is a rule that shares some of its fields across the // IngressRule and IngressDenyRule. It's publicly exported so the code // generators can generate code for this structure. +// +// +deepequal-gen:private-method=true type IngressCommonRule struct { // FromEndpoints is a list of endpoints identified by an // EndpointSelector which are allowed to communicate with the endpoint @@ -99,6 +102,27 @@ type IngressCommonRule struct { aggregatedSelectors EndpointSelectorSlice `json:"-"` } +// DeepEqual returns true if both IngressCommonRule are deep equal. +// The semantic of a nil slice in one of its fields is different from the semantic +// of an empty non-nil slice, thus it explicitly checks for that case before calling +// the autogenerated method. +func (in *IngressCommonRule) DeepEqual(other *IngressCommonRule) bool { + if slices.XorNil(in.FromEndpoints, other.FromEndpoints) { + return false + } + if slices.XorNil(in.FromCIDR, other.FromCIDR) { + return false + } + if slices.XorNil(in.FromCIDRSet, other.FromCIDRSet) { + return false + } + if slices.XorNil(in.FromEntities, other.FromEntities) { + return false + } + + return in.deepEqual(other) +} + // IngressRule contains all rule types which can be applied at ingress, // i.e. network traffic that originates outside of the endpoint and // is entering the endpoint selected by the endpointSelector. diff --git a/vendor/github.com/cilium/cilium/pkg/policy/api/zz_generated.deepequal.go b/vendor/github.com/cilium/cilium/pkg/policy/api/zz_generated.deepequal.go index 665f90b928..ced0d973b7 100644 --- a/vendor/github.com/cilium/cilium/pkg/policy/api/zz_generated.deepequal.go +++ b/vendor/github.com/cilium/cilium/pkg/policy/api/zz_generated.deepequal.go @@ -194,9 +194,9 @@ func (in *DefaultDenyConfig) DeepEqual(other *DefaultDenyConfig) bool { return true } -// DeepEqual is an autogenerated deepequal function, deeply comparing the +// deepEqual is an autogenerated deepequal function, deeply comparing the // receiver with other. in must be non-nil. -func (in *EgressCommonRule) DeepEqual(other *EgressCommonRule) bool { +func (in *EgressCommonRule) deepEqual(other *EgressCommonRule) bool { if other == nil { return false } @@ -619,9 +619,9 @@ func (in *ICMPRules) DeepEqual(other *ICMPRules) bool { return true } -// DeepEqual is an autogenerated deepequal function, deeply comparing the +// deepEqual is an autogenerated deepequal function, deeply comparing the // receiver with other. in must be non-nil. -func (in *IngressCommonRule) DeepEqual(other *IngressCommonRule) bool { +func (in *IngressCommonRule) deepEqual(other *IngressCommonRule) bool { if other == nil { return false } diff --git a/vendor/github.com/cilium/cilium/pkg/policy/mapstate.go b/vendor/github.com/cilium/cilium/pkg/policy/mapstate.go index 4141cc56a0..ff32374513 100644 --- a/vendor/github.com/cilium/cilium/pkg/policy/mapstate.go +++ b/vendor/github.com/cilium/cilium/pkg/policy/mapstate.go @@ -8,7 +8,6 @@ import ( "net" "slices" "strconv" - "testing" "github.com/hashicorp/go-hclog" "github.com/sirupsen/logrus" @@ -77,14 +76,16 @@ type MapState interface { RevertChanges(ChangeState) AddVisibilityKeys(PolicyOwner, uint16, *VisibilityMetadata, ChangeState) Len() int - Equals(MapState) bool - Diff(t *testing.T, expected MapState) string allowAllIdentities(ingress, egress bool) determineAllowLocalhostIngress() deniesL4(policyOwner PolicyOwner, l4 *L4Filter) bool denyPreferredInsertWithChanges(newKey Key, newEntry MapStateEntry, identities Identities, features policyFeatures, changes ChangeState) deleteKeyWithChanges(key Key, owner MapStateOwner, changes ChangeState) + + // For testing from other packages only + Equals(MapState) bool + Diff(expected MapState) string } // mapState is a state of a policy map. @@ -422,7 +423,7 @@ func (msA *mapState) Equals(msB MapState) bool { // Diff returns the string of differences between 'obtained' and 'expected' prefixed with // '+ ' or '- ' for obtaining something unexpected, or not obtaining the expected, respectively. // For use in debugging. -func (obtained *mapState) Diff(_ *testing.T, expected MapState) (res string) { +func (obtained *mapState) Diff(expected MapState) (res string) { res += "Missing (-), Unexpected (+):\n" expected.ForEach(func(kE Key, vE MapStateEntry) bool { if vO, ok := obtained.Get(kE); ok { @@ -436,8 +437,8 @@ func (obtained *mapState) Diff(_ *testing.T, expected MapState) (res string) { return true }) obtained.ForEach(func(kE Key, vE MapStateEntry) bool { - if vO, ok := expected.Get(kE); !ok { - res += "+ " + kE.String() + ": " + vO.String() + "\n" + if _, ok := expected.Get(kE); !ok { + res += "+ " + kE.String() + ": " + vE.String() + "\n" } return true }) diff --git a/vendor/github.com/cilium/cilium/pkg/policy/selectorcache.go b/vendor/github.com/cilium/cilium/pkg/policy/selectorcache.go index eac71c17ee..ee955422b4 100644 --- a/vendor/github.com/cilium/cilium/pkg/policy/selectorcache.go +++ b/vendor/github.com/cilium/cilium/pkg/policy/selectorcache.go @@ -5,6 +5,7 @@ package policy import ( "net" + "strings" "sync" "github.com/sirupsen/logrus" @@ -43,13 +44,15 @@ func newIdentity(nid identity.NumericIdentity, lbls labels.LabelArray) scIdentit // getLocalScopeNets returns the most specific CIDR for a local scope identity. func getLocalScopeNets(id identity.NumericIdentity, lbls labels.LabelArray) []*net.IPNet { if id.HasLocalScope() { - var ( - maskSize int - mostSpecificCidr *net.IPNet - ) + var mostSpecificCidr *net.IPNet + maskSize := -1 // allow for 0-length prefix (e.g., "0.0.0.0/0") for _, lbl := range lbls { if lbl.Source == labels.LabelSourceCIDR { - _, netIP, err := net.ParseCIDR(lbl.Key) + // Reverse the transformation done in labels.maskedIPToLabel() + // as ':' is not allowed within a k8s label, colons are represented + // with '-'. + cidr := strings.ReplaceAll(lbl.Key, "-", ":") + _, netIP, err := net.ParseCIDR(cidr) if err == nil { if ms, _ := netIP.Mask.Size(); ms > maskSize { mostSpecificCidr = netIP diff --git a/vendor/github.com/cilium/cilium/pkg/slices/slices.go b/vendor/github.com/cilium/cilium/pkg/slices/slices.go index be9652454d..e229cb146b 100644 --- a/vendor/github.com/cilium/cilium/pkg/slices/slices.go +++ b/vendor/github.com/cilium/cilium/pkg/slices/slices.go @@ -145,3 +145,9 @@ func SubsetOf[S ~[]T, T comparable](a, b S) (bool, []T) { d := Diff(a, b) return len(d) == 0, d } + +// XorNil returns true if one of the two slices is nil while the other is not. +func XorNil[T any](s1, s2 []T) bool { + return s1 == nil && s2 != nil || + s1 != nil && s2 == nil +} diff --git a/vendor/modules.txt b/vendor/modules.txt index e146575dc9..9a93696f73 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -58,7 +58,7 @@ github.com/chai2010/gettext-go/po # github.com/cilium/charts v0.0.0-20240711191516-3eef29895257 ## explicit; go 1.17 github.com/cilium/charts -# github.com/cilium/cilium v1.16.0-rc.1 +# github.com/cilium/cilium v1.16.0-rc.2 ## explicit; go 1.22.0 github.com/cilium/cilium/api/v1/client github.com/cilium/cilium/api/v1/client/bgp