/ci-e2e-upgrade

/ci-kpr

Why are the tests failing? Please triage.

Why are the tests failing? Please triage.

For ci-ginkgo: #41254

/test

ci-kpr failure: #41974
ci-ginkgo failure: #41254

ci-ginkgo failure: #41254

That issue is marked as duplicate of #41194, which was fixed on August 18 via #41234. If you're now observing the same symptoms then either that issue was not fixed, or there's a new issue with the same symptoms. Sounds like we need to either reopen or file a fresh issue for this, otherwise we will continue to ignore it. Given that the same test seemed to fail on Sept 30 as well (per #40213 (comment)), this seems to be recurring. Are we sure this is affecting the main branch as well or could there be a regression in this PR?

But wait, the latest failure isn't even failing in the same test as that issue. The symptoms seem different.

I'll re-run the tests to get a better view into whether the tests are reliably failing or not.

/test

Commit 42347d5 does not match "(?m)^Signed-off-by:".

Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin

The following ci-integration test flakiness is caused by this PR:

--- FAIL: TestMergeL7PolicyEgressWithMultipleSelectors (0.00s)

    l4_filter_test.go:194: 
        	Error Trace:	/home/runner/work/cilium/cilium/pkg/policy/l4_filter_test.go:194
        	            				/home/runner/work/cilium/cilium/pkg/policy/l4.go:1475
        	            				/home/runner/work/cilium/cilium/pkg/policy/l4_filter_test.go:164
        	            				/home/runner/work/cilium/cilium/pkg/policy/l4_filter_test.go:225
        	            				/home/runner/work/cilium/cilium/pkg/policy/l4_filter_test.go:279
        	            				/home/runner/work/cilium/cilium/pkg/policy/rule_test.go:2455
        	Error:      	Should be true
        	Test:       	TestMergeL7PolicyEgressWithMultipleSelectors
        	Messages:   	Expected: {"priority":101,"http":[{"method":"GET"},{"host":"foo"}]}
        	            	Actual: {"priority":101,"http":[{"host":"foo"},{"method":"GET"}]}

The ordering of L7 rules within PerSelectorPolicy becomes non-deterministic. The current Equal method insists that the order of HTTP rules (and DNS, L7 and Kafka rules, too) match exactly, which is not necessary.

I have added a commit that changes the DeepEqual for L7Rule so that the order of HTTP, FQDN and L7 rules does not matter. I am not changing the DeepEqual for Kafka rules, as they are not causing test flakiness right now, Kafka rules are marked as deprecated and fixing it would require changes to an external package.

/test

The two ci-ginkgo failures appear to be flakes. The first one is failing because the node doesn't become health (filed issue), the second one is failing because eBPF cleanup fails after the test succeeds (filed issue). Both appear to be unrelated to this PR.

ci-clustermesh failure looks to be the same as this ci-ginkgo failure: #42125

time=2025-10-10T17:59:29.331812219Z level=error source=/go/src/github.com/cilium/cilium/pkg/endpoint/policy.go:805 msg="endpoint regeneration failed" ciliumEndpointName=/ endpointID=3250 containerID="" desiredPolicyRevision=0 k8sPodName=/ datapathPolicyRevision=0 ipv4=11.10.0.58 containerInterface="" identity=4 ipv6="" subsys=endpoint error="loading eBPF collection into the kernel: map cilium_percpu_trace_id: pin map to /sys/fs/bpf/tc/globals/cilium_percpu_trace_id: file exists" (1 occurrences)

The key part being:

loading eBPF collection into the kernel: map cilium_percpu_trace_id: pin map to /sys/fs/bpf/tc/globals/cilium_percpu_trace_id: file exists"

/test

/test

/ci-ginkgo

The more times we run ci-ginkgo and hit the same failure, the less sure I am whether there's no regression here. The failure rate for f14-datapath-service-ns-xdp-2 is high, but the workflow history shows it often passing, and even in the 20 scheduled runs from the last week it still passed around half of those runs. I'm not sure the probability of hitting the same failure this many times in a row against this PR, but I wouldn't expect failures this many times.

I retriggered the target job for the third time just now at this link: https://github.com/cilium/cilium/actions/runs/18501946770 .

Thanks for your patience and efforts on this @TheBeeZee !