Cilium: 1.1 Release Planning

Created on 7 Apr 2018  路  19Comments  路  Source: cilium/cilium

Cilium 1.1 planning

Release Dates

Feature Freeze: 2018-05-18 Revised: 2018-05-25
Projected release date: 2018-05-31

High Level

  • [ ] Inter cluster service routing
  • [x] Further Istio integration and sidecar model improvements (target Istio 0.8+) (https://github.com/cilium/cilium/pull/3911, https://github.com/cilium/cilium/pull/3968, https://github.com/cilium/cilium/issues/4169) (on track)
  • [x] Microscope improvements
  • [x] Iterative policy model enhancements
  • [x] containerd support (https://github.com/cilium/cilium/issues/2354) (in progress, optimistic to make 1.1)
  • [x] Endpoint generation improvement (unassigned)
  • [x] Additional metrics
  • [x] CI usability and coverage improvements
  • [x] Complete external connectivity (visibility & enforcement)

Inter cluster routing

  • [x] Design

CI usability and coverage improvements

  • [x] Filter out noise in CI logs to improve producitivity (https://github.com/cilium/cilium/pull/4127, https://github.com/cilium/cilium/pull/4035, https://github.com/cilium/cilium/pull/4087)
  • [x] Adding Kubernetes NP tests (#3570 )
  • [x] Add ingress/egress default deny tests for CNP (https://github.com/cilium/cilium/issues/3343)
  • [ ] Simulate world in Ginkgo CI (https://github.com/cilium/cilium/issues/3325)
  • [ ] BLOCKED: K8s CI: Update the multinode tests to use the Kafka Roles. (https://github.com/cilium/cilium/issues/3361)

  • [x] L3/L4/L7 drop/reject metrics (https://github.com/cilium/cilium/issues/3284)

    • [x] L7
    • [x] L3/L4

      • [x] DataPath bpf metrics map for collecting drops/forwards #4155

      • [x] Controller for reading metrics bpf map and exporting to prometheus #4171

  • [x] Representing the cilium status (https://github.com/cilium/cilium/issues/3997)

Iterative policy model enhancements

  • [x] CIDR dependent L4 (https://github.com/cilium/cilium/issues/1684, https://github.com/cilium/cilium/pull/3835)
  • [x] Init Identity Policy (https://github.com/cilium/cilium/issues/3855, https://github.com/cilium/cilium/pull/3911)

Endpoint Generation Improvements

  • [x] Controller backed generic BPF map sync interface (https://github.com/cilium/cilium/issues/3161) (on track)

Microscope Improvements

  • [x] Single pane view
  • [x] Simplified logging mode (#3887, @nebril) (on track)
  • [ ] Aggregated flow view (deferred to 1.2 via BPF datapath work)
  • [ ] Consistent resolution of identities and ids to labels (#3889) (partially done)
  • [x] Reliable --related-to flag (#3888, @nebril) (deferred to 1.2)

Complete external connectivity (visibility & enforcement)

  • [x] CIDR support in Envoy (https://github.com/cilium/cilium/pull/3763)
  • [x] Merge 0-len CIDR prefix fix (https://github.com/cilium/cilium/pull/3805)

Important Bugs

  • [x] Only listen on BPF perf ring buffer if readers are present on the API (https://github.com/cilium/cilium/issues/3979)
  • [x] Reject non-TCP L4 rules if L7 rules are specified (https://github.com/cilium/cilium/issues/3573)
  • [x] Endpoint state directories can be left behind after build failure (https://github.com/cilium/cilium/issues/3494)
  • [x] conntrack: updateCT doesn't delete update entries' proxy ports when importing L7 policy (https://github.com/cilium/cilium/issues/3208)
  • [x] HTTP rule sanitization doesn't catch bad regex (https://github.com/cilium/cilium/issues/3401)
kinmeta

All 19 comments

https://github.com/cilium/cilium/issues/3161 would be useful to tackle in 1.1, as we should ideally always retry map updates if possible and not just bail out on the first try.

"Adding Kubernetes NP tests " - was this tackled by https://github.com/cilium/cilium/pull/3570 ?

Add ingress/egress default deny tests for CNP (#3343) I finished this one. Marking done.

@aanm Do we have a better handle at integrating v3 without creating compatibility problems at this point? I'm still not sure how we can provide a smooth transition without being able to version CRDs.

I also think we should tackle https://github.com/cilium/cilium/issues/3401 as part of 1.1.

Also, we should triage community-reports : https://github.com/cilium/cilium/issues?q=is%3Aissue+is%3Aopen+label%3Akind%2Fcommunity-report .

I've gone through and tried to mark anything filed by an external contributor with this label. We can prioritize accordingly and see if the reports need further investigation, as they might show bugs in Cilium we have not hit yet in testing.

I also want to start getting bots integrated to manage issues. This will help a lot with our GH backlog. See https://github.com/cilium/cilium/issues/1787

@tgraf I think we should add this one https://github.com/cilium/cilium/issues/2354

I think we should add this one #2354

I agree, it keeps coming up more and more.

@jrajahalme @rlenglet for the bullet "CIDR support in Envoy" I linked a PR that seemed relevant. If it isn't could you make an appropriate issue to link to?

@raybejjani Thanks, that PR is the one, but needs a fix that is approved but still needs to pass CI and be merged. I added a checkbox for that.

I'd like to nominate upgrade compatibility to this, already full, list. We already test for it but do we test for partially upgraded clusters and the various outcomes etc. ?

would thrift support be considered? specifically the binary protocol and multiplexed frames.

would thrift support be considered? specifically the binary protocol and multiplexed frames.

@naude-r I've filed https://github.com/cilium/cilium/issues/4020

@tgraf thank you. will be keeping a keen eye on this.

envoy is also looking into thrift support [1]. not sure how that will influence cilium?

[1] [envoy thrift](https://github.com/envoyproxy/envoy/issues/2247)

envoy is also looking into thrift support [1]. not sure how that will influence cilium?

Excellent. I will link it. Cilium leverages Envoy although it is not limited Envoy so when Envoy gets support Cilium will only require to add a small policy language extension.

Updated the metrics section with the progress of data path bits for supporting L3/L4 drops/forwards

All feature work has been done, closing

Was this page helpful?
0 / 5 - 0 ratings