Skip to content

Swiftv1 dual stack prototype #4196

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
estebancams wants to merge 47 commits into from
+26,533 −1,057
Closed

Swiftv1 dual stack prototype #4196

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
47 commits
Select commit Hold shift + click to select a range
4fe1647
POC CNI and CNS changes to support IPv6 Secondary IPs.
alhimel Nov 3, 2025
d6e3480
Cleaning up all the changes to keep only minimal needed for POC to work.
alhimel Nov 20, 2025
6c23bcc
reverting extra nl added by mistake
alhimel Nov 20, 2025
b1aa9d9
Extending the MTPNC status (#4058)
shreyashastantram Oct 13, 2025
20b5368
ci: skip portforward in windows dualstack (#4076)
QxBytes Oct 13, 2025
9140280
ci: add cilium ebpf e2e overlay and podsubnet test (#4073)
QxBytes Oct 13, 2025
082edc7
Add status to mtpnc crd (#4070)
aggarwal0009 Oct 15, 2025
6d55226
CNS Change for Subnet Overlay Expansion Job (#4074)
rejain456 Oct 21, 2025
6f83142
chore: update dependencies for CVEs (#4093)
paulyufan2 Oct 22, 2025
4cf2e20
downgrade easyjson GO package to unblock Release build (#4084)
paulyufan2 Oct 22, 2025
0f61b26
enable dual NIC support in transparent VLAN (#4057)
mugeshsp Oct 22, 2025
8092b0f
fix: Adding delete timestamp check (#4078)
shreyashastantram Oct 22, 2025
b3d654d
Update GO security dependencies (#4096)
paulyufan2 Oct 23, 2025
3ddc447
Expanding mtpnc status to include delete status (#4085)
shreyashastantram Oct 24, 2025
4e742b1
[CNS] Overlay Expansion Subnet Update Job Bug Fix (#4103)
rejain789 Nov 5, 2025
32928f9
Swiftv2 Long running cluster - test pipeline (#4099)
sivakami-projects Nov 5, 2025
a2dbdb3
ci: clean up disk space before build and skip windows port forward (#…
QxBytes Nov 5, 2025
a683f4d
ci: remove debug stack usage (#4075)
QxBytes Nov 5, 2025
8581bbe
filtering mTLS connections based on the subject name from Caller (#4081)
ZetaoZhuang Nov 5, 2025
6bd4fde
Return nil when HNS endpoint ID is empty during deletion (#4105)
Copilot Nov 6, 2025
3a7c759
ci: bump actions/upload-artifact from 4 to 5 (#4102)
dependabot[bot] Nov 6, 2025
cf87eab
ci: bump actions/download-artifact from 4 to 6 (#4101)
dependabot[bot] Nov 6, 2025
3e6d8a8
feature: Adding apipa nic support for swiftv2 windows (#4012)
tamilmani1989 Nov 11, 2025
8bf932a
ci: Manifests files for cilium v1.18 (#4100)
vipul-21 Nov 16, 2025
e4fe6ea
[NPM Lite] Bypassing IPSets for IP CIDR Block Based Network Policies …
rejain789 Nov 26, 2025
204ff19
fix: do not copy empty values into secondary IP configs (#4155)
santhoshmprabhu Dec 4, 2025
4ca7012
fix: Re-enable codespaces (#4124)
jpayne3506 Dec 4, 2025
26a491a
fix: set logger for controller-runtime (#4123)
rbtr Dec 4, 2025
606ee06
test: expand LRP test to include lifecycle events (#4086)
karina-ranadive Dec 4, 2025
5d75e26
feat: add support for windows MAC hex dump (#4122)
ecigar13 Dec 5, 2025
854149b
chore: add swiftv2 windows conflist (#4144)
jackieluc Dec 5, 2025
7a87ed9
ci: add AKS Swiftv2 Manifold E2E in ACN pipeline (#4128)
sharifnasser Dec 10, 2025
2e85337
forwardport: [NPM] [Vulnerability] Resolve stdlib CVEs by Updating go…
rayaisaiah Dec 12, 2025
d7cd197
ci: re-enable port forward tests on windows (#4164)
QxBytes Dec 12, 2025
38bd8d3
Datapath tests for Long running clusters. (#4142)
sivakami-projects Dec 18, 2025
c0b0fdb
ci: fix ebpf manifests and allow e2e usage with cilium 1.18 and up (#…
QxBytes Dec 19, 2025
c04353b
feat: select linux network mode based on conflist instead of statefil…
QxBytes Dec 19, 2025
65e43f6
deps: bump golang.org/x/crypto from 0.41.0 to 0.45.0 in /azure-ipam (…
dependabot[bot] Dec 22, 2025
593bbaa
deps: bump golang.org/x/crypto from 0.43.0 to 0.45.0 (#4131)
dependabot[bot] Dec 22, 2025
d7a06bb
deps: bump github.com/containernetworking/plugins from 1.8.0 to 1.9.0…
dependabot[bot] Dec 22, 2025
0903a06
Enable scale tests with 20 pods (#4179)
sivakami-projects Dec 23, 2025
bebad17
ci: General Cilium Nightly fixes (#4175)
jpayne3506 Dec 29, 2025
abaa01c
ci: move cilium deploy logic to makefile (#4184)
QxBytes Jan 5, 2026
ef6db44
Deploy Linux BYON nodes and enable datapath tests on long running clu…
sivakami-projects Jan 6, 2026
a03d95a
deps: bump the all-go-minor-and-patch group across 1 directory with 2…
dependabot[bot] Jan 6, 2026
931a245
fix: infinite loop in Device Plugin caused by stale SocketWatcher sta…
isaac-dasan Jan 9, 2026
418e025
feat: added code for multitenancy cni to create dual stack endpoints
estebancams Jan 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .devcontainer/devcontainer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"build": {
"dockerfile": "Dockerfile",
"args": {
"VARIANT": "1.24",
"VARIANT": "1.24-bullseye",
"NODE_VERSION": "none"
}
},
Expand Down Expand Up @@ -58,7 +58,7 @@
"remoteUser": "vscode",
"features": {
"ghcr.io/devcontainers/features/go:1": {
"version": "1.23.2"
"version": "1.24.1"
},
"docker-in-docker": "latest",
"kubectl-helm-minikube": "latest",
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/cyclonus-netpol-extended-nightly-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ jobs:
mv ./test/cyclonus/cyclonus-test.txt ./cyclonus-test_${{ matrix.profile }}.txt

- name: "Upload Logs"
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v5
if: always()
with:
name: logs-${{ matrix.profile }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/cyclonus-netpol-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ jobs:
mv ./test/cyclonus/cyclonus-test.txt ./cyclonus-test_${{ matrix.profile }}.txt

- name: 'Upload Logs'
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v5
if: always()
with:
name: logs-${{ matrix.profile }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/golangci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ jobs:
run: make bpf-lib && go generate ./...

- name: Upload generated code
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v5
with:
name: generated-bpf-program-code
path: ./bpf-prog/azure-block-iptables/pkg/blockservice
Expand All @@ -46,7 +46,7 @@ jobs:
with:
go-version-file: go.mod
- name: Download generated code
uses: actions/download-artifact@v4
uses: actions/download-artifact@v6
with:
name: generated-bpf-program-code
path: ./bpf-prog/azure-block-iptables/pkg/blockservice
Expand Down
4 changes: 2 additions & 2 deletions .pipelines/build/dockerfiles/cns.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,11 @@ ENTRYPOINT ["azure-cns.exe"]
EXPOSE 10090

# mcr.microsoft.com/azurelinux/base/core:3.0
FROM --platform=linux/${ARCH} mcr.microsoft.com/azurelinux/base/core@sha256:833693619d523c23b1fe4d9c1f64a6c697e2a82f7a6ee26e1564897c3fe3fa02 AS build-helper
FROM --platform=linux/${ARCH} mcr.microsoft.com/azurelinux/base/core@sha256:3d53b96f4e336a197023bda703a056eaefecc6728e9a2b0c1ef42f7dce183338 AS build-helper
RUN tdnf install -y iptables

# mcr.microsoft.com/azurelinux/distroless/minimal:3.0
FROM --platform=linux/${ARCH} mcr.microsoft.com/azurelinux/distroless/minimal@sha256:d784c8233e87e8bce2e902ff59a91262635e4cabc25ec55ac0a718344514db3c AS linux
FROM --platform=linux/${ARCH} mcr.microsoft.com/azurelinux/distroless/minimal@sha256:6b78aa535a2a5107ee308b767c0f1f5055a58d0e751f9d87543bc504da6d0ed3 AS linux
ARG ARTIFACT_DIR .

COPY --from=build-helper /usr/sbin/*tables* /usr/sbin/
Expand Down
39 changes: 10 additions & 29 deletions .pipelines/cni/cilium/cilium-overlay-load-test-template.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,34 +93,19 @@ stages:
if [ ! -z ${{ parameters.dualstackVersion }} ]; then
echo "Use dualstack version of Cilium"
export CILIUM_VERSION_TAG=${{ parameters.dualstackVersion }}
fi

echo "install Cilium ${CILIUM_VERSION_TAG}"
export DIR=$(echo ${CILIUM_VERSION_TAG#v} | cut -d. -f1,2)
echo "installing files from ${DIR}"

echo "deploy Cilium ConfigMap"
if [ ! -z ${{ parameters.dualstackVersion }} ]; then
echo "Use dualstack configmap for Cilium"
kubectl apply -f test/integration/manifests/cilium/v${DIR}/cilium-config/cilium-config-dualstack.yaml
else
kubectl apply -f test/integration/manifests/cilium/v${DIR}/cilium-config/cilium-config.yaml
fi

# Passes Cilium image to daemonset and deployment
kubectl apply -f test/integration/manifests/cilium/v${DIR}/cilium-agent/files
kubectl apply -f test/integration/manifests/cilium/v${DIR}/cilium-operator/files

if [ ! -z ${{ parameters.dualstackVersion }} ]; then
echo "Use dualstack daemonset for Cilium"
export DIR=$(echo ${CILIUM_VERSION_TAG#v} | cut -d. -f1,2)
export IPV6_IMAGE_REGISTRY=acnpublic.azurecr.io
export IPV6_HP_BPF_VERSION=$(make ipv6-hp-bpf-version)
envsubst '${CILIUM_VERSION_TAG},${CILIUM_IMAGE_REGISTRY},${IPV6_IMAGE_REGISTRY},${IPV6_HP_BPF_VERSION}' < test/integration/manifests/cilium/v${DIR}/cilium-agent/templates/daemonset-dualstack.yaml | kubectl apply -f -
echo "IPV6_HP_BPF_VERSION: $IPV6_HP_BPF_VERSION"
echo "IPV6_IMAGE_REGISTRY: $IPV6_IMAGE_REGISTRY"
echo "installing cilium dualstack version ${CILIUM_VERSION_TAG} from directory ${DIR}"
make -C ./hack/aks deploy-cilium-dualstack
else
envsubst '${CILIUM_VERSION_TAG},${CILIUM_IMAGE_REGISTRY}' < test/integration/manifests/cilium/v${DIR}/cilium-agent/templates/daemonset.yaml | kubectl apply -f -
export DIR=$(echo ${CILIUM_VERSION_TAG#v} | cut -d. -f1,2)
echo "installing cilium version ${CILIUM_VERSION_TAG} from directory ${DIR}"
make -C ./hack/aks deploy-cilium
fi

envsubst '${CILIUM_VERSION_TAG},${CILIUM_IMAGE_REGISTRY}' < test/integration/manifests/cilium/v${DIR}/cilium-operator/templates/deployment.yaml | kubectl apply -f -
kubectl get po -owide -A

- ${{if eq(parameters.hubbleEnabled, true)}}:
Expand All @@ -146,12 +131,8 @@ stages:
echo "install Cilium onto Overlay Cluster with hubble enabled"
export CILIUM_VERSION_TAG=${CILIUM_HUBBLE_VERSION_TAG}
export DIR=$(echo ${CILIUM_VERSION_TAG#v} | cut -d. -f1,2)
echo "installing files from ${DIR}"
kubectl apply -f test/integration/manifests/cilium/v${DIR}/cilium-config/cilium-config-hubble.yaml
kubectl apply -f test/integration/manifests/cilium/v${DIR}/cilium-agent/files
kubectl apply -f test/integration/manifests/cilium/v${DIR}/cilium-operator/files
envsubst '${CILIUM_IMAGE_REGISTRY},${CILIUM_VERSION_TAG}' < test/integration/manifests/cilium/v${DIR}/cilium-agent/templates/daemonset.yaml | kubectl apply -f -
envsubst '${CILIUM_IMAGE_REGISTRY},${CILIUM_VERSION_TAG}' < test/integration/manifests/cilium/v${DIR}/cilium-operator/templates/deployment.yaml | kubectl apply -f -
echo "installing cilium hubble version ${CILIUM_VERSION_TAG} from directory ${DIR}"
make -C ./hack/aks deploy-cilium-hubble
kubectl get po -owide -A

- job: deploy_cns_and_ipam
Expand Down
30 changes: 8 additions & 22 deletions .pipelines/cni/cilium/cilium-scale-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,33 +46,19 @@ stages:
echo "Redeploy all cilium components and update cilium version. Redeploy all to catch all changes between versions"
pwd

echo "install Cilium ${CILIUM_VERSION_TAG}"
export DIR=$(echo ${CILIUM_VERSION_TAG#v} | cut -d. -f1,2)
echo "installing files from ${DIR}"

echo "deploy Cilium ConfigMap"
if ${IS_DUALSTACK}; then
echo "Use dualstack configmap for Cilium"
kubectl apply -f test/integration/manifests/cilium/v${DIR}/cilium-config/cilium-config-dualstack.yaml
else
kubectl apply -f test/integration/manifests/cilium/v${DIR}/cilium-config/cilium-config.yaml
fi

# Passes Cilium image to daemonset and deployment
kubectl apply -f test/integration/manifests/cilium/v${DIR}/cilium-agent/files
kubectl apply -f test/integration/manifests/cilium/v${DIR}/cilium-operator/files

export CILIUM_VERSION_TAG=${CILIUM_VERSION_TAG}
export CILIUM_IMAGE_REGISTRY=${CILIUM_IMAGE_REGISTRY}
if ${IS_DUALSTACK}; then
echo "Use dualstack daemonset for Cilium"
echo "Use dualstack version of Cilium"
export IPV6_IMAGE_REGISTRY=acnpublic.azurecr.io
envsubst '${CILIUM_VERSION_TAG},${CILIUM_IMAGE_REGISTRY},${IPV6_IMAGE_REGISTRY},${IPV6_HP_BPF_VERSION}' < test/integration/manifests/cilium/v${DIR}/cilium-agent/templates/daemonset-dualstack.yaml | kubectl apply -f -
export IPV6_HP_BPF_VERSION=${IPV6_HP_BPF_VERSION}
echo "IPV6_HP_BPF_VERSION: $IPV6_HP_BPF_VERSION"
echo "IPV6_IMAGE_REGISTRY: $IPV6_IMAGE_REGISTRY"
echo "installing cilium dualstack version ${CILIUM_VERSION_TAG} from directory ${DIR}"
make -C ./hack/aks deploy-cilium-dualstack
else
envsubst '${CILIUM_VERSION_TAG},${CILIUM_IMAGE_REGISTRY}' < test/integration/manifests/cilium/v${DIR}/cilium-agent/templates/daemonset.yaml | kubectl apply -f -
echo "installing cilium version ${CILIUM_VERSION_TAG} from directory ${DIR}"
make -C ./hack/aks deploy-cilium
fi

envsubst '${CILIUM_VERSION_TAG},${CILIUM_IMAGE_REGISTRY}' < test/integration/manifests/cilium/v${DIR}/cilium-operator/templates/deployment.yaml | kubectl apply -f -
kubectl get po -owide -A

echo "Deploy Azure-CNS"
Expand Down
12 changes: 8 additions & 4 deletions .pipelines/cni/cilium/nightly-release-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ stages:
steps:
- bash: |
set -ex

cd .pipelines/
git clone https://github.com/cilium/cilium.git
cd cilium
Expand Down Expand Up @@ -65,18 +65,18 @@ stages:
fi

if [ "$(type)" = "docker-operator-generic-image" ]; then
# Apply patch to Dockerfile
# Apply patch to Dockerfile
DOCKERFILE_PATH="./images/$(directory)/Dockerfile"
echo "Patching Dockerfile: $DOCKERFILE_PATH"

# Add ARG and ENV statements to disable systemcrypto for Microsoft Go
sed -i '/^FROM.*builder/a ARG GOEXPERIMENT=boringcrypto \nENV GOEXPERIMENT=${GOEXPERIMENT}' "$DOCKERFILE_PATH"
fi

BUILD_ARGS=${GO_ARGS}${ALPINE_ARGS}
DOCKER_FLAGS="$BUILD_ARGS" \
make $(type)

name: BuildCiliumImage
displayName: "Build Cilium Image"
- task: AzureCLI@2
Expand Down Expand Up @@ -117,6 +117,8 @@ stages:
GOBIN: "$(GOPATH)/bin" # Go binaries path
modulePath: "$(GOPATH)/src/github.com/Azure/azure-container-networking"
commitID: $[ stagedependencies.setup.env.outputs['EnvironmentalVariables.commitID'] ]
pool:
name: $(BUILD_POOL_NAME_DEFAULT)
jobs:
- template: ../../templates/create-cluster.yaml
parameters:
Expand All @@ -134,13 +136,15 @@ stages:
- cilium_overlay_nightly
pool:
name: $(BUILD_POOL_NAME_DEFAULT)
timeoutInMinutes: 120
steps:
- template: ../../singletenancy/cilium-overlay/cilium-overlay-e2e-step-template.yaml
parameters:
name: "cilium_nightly"
clusterName: ciliumnightly-$(commitID)
testHubble: true
testLRP: true
nightly: true

- template: ../../cni/k8s-e2e/k8s-e2e-job-template.yaml
parameters:
Expand Down
29 changes: 28 additions & 1 deletion .pipelines/containers/container-template.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,38 @@ steps:

- script: |
set -e
echo "Disk space before cleanup..."
df -h /
echo "Removing unnecessary files to free up disk space..."
sudo rm -rf \
/opt/hostedtoolcache \
/opt/google/chrome \
/opt/microsoft/msedge \
/opt/microsoft/powershell \
/opt/pipx \
/usr/lib/mono \
/usr/local/julia* \
/usr/local/lib/android \
/usr/local/lib/node_modules \
/usr/local/share/chromium \
/usr/local/share/powershell \
/usr/share/dotnet \
/usr/share/swift
echo "Disk space after cleanup..."
df -h /
displayName: "Clean up disk space"

- script: |
set -e
echo "=== Disk space BEFORE make image ==="
df -h
if [ ${{ parameters.os }} = 'windows' ]; then export BUILDX_ACTION='--push'; fi
make ${{ parameters.name }}-image OS=${{ parameters.os }} ARCH=${{ parameters.arch }}
echo "=== Disk space AFTER make image ==="
df -h
name: image_build
displayName: Image Build
retryCountOnTaskFailure: 3
retryCountOnTaskFailure: 2

- task: AzureCLI@2
displayName: "Logout"
Expand Down
35 changes: 35 additions & 0 deletions .pipelines/multitenancy/swiftv2-manifold-e2e.stages.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
parameters:
name: ""
dependsOn: ""

stages:
- stage: manifold_e2e
displayName: E2E - AKS Swiftv2 Manifold
variables:
TAG: $[ stageDependencies.setup.env.outputs['EnvironmentalVariables.Tag'] ]
IMAGE_REPO_PATH: $[ format('{0}/', stageDependencies.setup.env.outputs['EnvironmentalVariables.imageRepositoryPath']) ]
${{ if eq(parameters.dependsOn, 'publish') }}:
IMAGE_REPO_PATH_REF: 'azure-'
${{ else }}:
IMAGE_REPO_PATH_REF: $(IMAGE_REPO_PATH)
dependsOn:
- ${{ parameters.dependsOn }}
- setup
jobs:
- job: ${{ parameters.name }}
displayName: AKS Swiftv2 Multitenancy Manifold E2E Test Suite - (${{ parameters.name }})
timeoutInMinutes: 210
pool:
name: $(BUILD_POOL_NAME_DEFAULT)
isCustom: true
type: linux
steps:
- task: TriggerBuild@3
inputs:
buildDefinition: '391699'
templateParameters: 'regions: ["westus2"], useAcnPublic: true, cnscniversion: $(TAG), cnscniversionwindows: $(TAG), cnscniImagePrefix: $(IMAGE_REPO_PATH_REF)'
useSameBranch: false
queueBuildForUserThatTriggeredBuild: true
branchToUse: 'refs/heads/master'
waitForQueuedBuildsToFinish: true
authenticationMethod: 'OAuth Token'
Loading