Skip to content

ipam: Do not update local node if ENI config is invalid#41760

Merged
pippolo84 merged 1 commit intocilium:mainfrom
appian:issue-41626
Sep 22, 2025
Merged

ipam: Do not update local node if ENI config is invalid#41760
pippolo84 merged 1 commit intocilium:mainfrom
appian:issue-41626

Conversation

@jasonaliyetti
Copy link
Copy Markdown
Contributor

@jasonaliyetti jasonaliyetti commented Sep 18, 2025
edited
Loading

Please ensure your pull request adheres to the following guidelines:

  • For first time contributors, read Submitting a pull request
  • All code is covered by unit and/or runtime tests where feasible.
  • All commits contain a well written commit description including a title,
    description and a Fixes: #XXX line if the commit addresses a particular
    GitHub issue.
  • If your commit description contains a Fixes: <commit-id> tag, then
    please add the commit author[s] as reviewer[s] to this issue.
  • All commits are signed off. See the section Developer’s Certificate of Origin
  • Provide a title or release-note blurb suitable for the release notes.
  • Are you a user of Cilium? Please add yourself to the Users doc
  • Thanks for contributing!

It is possible to update the local node to hold an inconsistent ENI state which prevents correct ENI device configuration. This change makes setOwnNodeWithoutPoolUpdate handle local node updates consistent with how updateLocalNodeResource handles it.

Fixes: #41626

Avoid scenario where ENI device configuration can be skipped.

@jasonaliyetti jasonaliyetti requested a review from a team as a code owner September 18, 2025 15:19
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Sep 18, 2025
@github-actions github-actions bot added the kind/community-contribution This was a contribution made by a community member. label Sep 18, 2025
@jasonaliyetti jasonaliyetti force-pushed the issue-41626 branch 2 times, most recently from 29dfaea to fc5300d Compare September 18, 2025 15:33
@pippolo84 pippolo84 added release-note/bug This PR fixes an issue in a previous release of Cilium. area/eni Impacts ENI based IPAM. labels Sep 19, 2025
@maintainer-s-little-helper maintainer-s-little-helper bot removed dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. labels Sep 19, 2025
pippolo84
pippolo84 approved these changes Sep 19, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@pippolo84 pippolo84 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks! 💯

@pippolo84 pippolo84 added needs-backport/1.16 needs-backport/1.17 This PR / issue needs backporting to the v1.17 branch needs-backport/1.18 This PR / issue needs backporting to the v1.18 branch labels Sep 19, 2025
@pippolo84
Copy link
Copy Markdown
Member

pippolo84 commented Sep 19, 2025

/test

@pippolo84 pippolo84 enabled auto-merge September 19, 2025 13:09
@jasonaliyetti
Copy link
Copy Markdown
Contributor Author

jasonaliyetti commented Sep 22, 2025

@pippolo84 These seem like fragile test failures based on a cursory glance. Is there anything I need to do to get this merged?

@pippolo84
Copy link
Copy Markdown
Member

pippolo84 commented Sep 22, 2025

ci-e2e-upgrade is hitting #41520, but this has already been solved in #41812. @jasonaliyetti could you please rebase on top of main branch?

Also, ci-clustermesh is hitting #40835 and ci-eks is hitting #37948, so they are flakes too. Let's rebase and rerun the CI 👍

@jasonaliyetti
ipam: Do not update local node if ENI config is invalid
86db29a 
It is possible to update the local node to hold an inconsistent ENI state which prevents correct ENI device configuration.
This change makes setOwnNodeWithoutPoolUpdate handle local node updates consistent with how updateLocalNodeResource handles it.

Fixes: cilium#41626

Signed-off-by: Jason Aliyetti <[email protected]>
auto-merge was automatically disabled September 22, 2025 15:52

Head branch was pushed to by a user without write access

@jasonaliyetti
Copy link
Copy Markdown
Contributor Author

jasonaliyetti commented Sep 22, 2025

Rebased

@pippolo84
Copy link
Copy Markdown
Member

pippolo84 commented Sep 22, 2025

/test

@pippolo84 pippolo84 enabled auto-merge September 22, 2025 19:25
@pippolo84 pippolo84 added this pull request to the merge queue Sep 22, 2025
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Sep 22, 2025
Merged via the queue into cilium:main with commit 41aa980 Sep 22, 2025
71 checks passed
@joestringer joestringer removed needs-backport/1.16 needs-backport/1.17 This PR / issue needs backporting to the v1.17 branch labels Sep 26, 2025
@joestringer joestringer added affects/v1.16 This issue affects v1.16 branch affects/v1.17 This issue affects v1.17 branch labels Sep 26, 2025
@joestringer
Copy link
Copy Markdown
Member

joestringer commented Sep 26, 2025

We don't make general bugfixes to older releases at this time, policy described here: https://docs.cilium.io/en/stable/contributing/release/backports/#backport-criteria-for-x-y-1-z-and-x-y-2-z. I've updated the labels accordingly.

@jasonaliyetti
Copy link
Copy Markdown
Contributor Author

jasonaliyetti commented Sep 26, 2025
edited
Loading

@joestringer does that mean this won't get back ported to 1.16 or 1.17?

My concern here is that we (and I would assume others) can't move on from 1.15 directly to 1.18 as per the docs. We can't go to 1.16 or 1.17 without this patch bc it'd cause instability.

@joestringer
Copy link
Copy Markdown
Member

joestringer commented Sep 26, 2025

Cilium is focused on the future and making sure the latest release is stable, plus avoiding any potential cause of destabilization for the two next older releases. v1.16 and v1.17 are currently focused on security updates. We do not have the maintainer bandwidth to be backporting every single fix to those releases and handling the risk and regressions out of that. That's why the policy is in place.

I thank you for the fix as I expect that should help similar situations for both you and others when operating on the newer versions of Cilium. For older versions I suggest you pull your preferred branch and apply the fix / build your own images.

@joamaki joamaki mentioned this pull request Oct 1, 2025
Merged
14 tasks
@joamaki joamaki added backport-pending/1.18 The backport for Cilium 1.18.x for this PR is in progress. and removed needs-backport/1.18 This PR / issue needs backporting to the v1.18 branch labels Oct 1, 2025
@github-actions github-actions bot added backport-done/1.18 The backport for Cilium 1.18.x for this PR is done. and removed backport-pending/1.18 The backport for Cilium 1.18.x for this PR is in progress. labels Oct 4, 2025
@cilium-release-bot cilium-release-bot bot moved this to Released in cilium v1.19.0 Feb 3, 2026
@pippolo84 pippolo84 mentioned this pull request Mar 30, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pippolo84 pippolo84 pippolo84 approved these changes

Assignees

No one assigned

Labels

affects/v1.16 This issue affects v1.16 branch affects/v1.17 This issue affects v1.17 branch area/eni Impacts ENI based IPAM. backport-done/1.18 The backport for Cilium 1.18.x for this PR is done. kind/community-contribution This was a contribution made by a community member. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/bug This PR fixes an issue in a previous release of Cilium.

Projects

No open projects
cilium v1.19.0
Status: Released

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Sporadic connectivity issues on 1.16

4 participants

@jasonaliyetti @pippolo84 @joestringer @joamaki