fix: upgrade cilium to a stable version

.gitignore

@@ -46,3 +46,5 @@ netperf-*.json
 netperf-*.csv
 
 .certs/
+
+artifacts/

Makefile

@@ -562,7 +562,6 @@ quick-deploy-hubble:
 	$(MAKE) helm-uninstall || true
 	$(MAKE) helm-install-without-tls HELM_IMAGE_TAG=$(TAG)-linux-amd64
 
-
 .PHONY: simplify-dashboards
 simplify-dashboards:
 	cd deploy/testutils && go test ./... -tags=dashboard,simplifydashboard -v && cd $(REPO_ROOT)

cli/Dockerfile

@@ -1,7 +1,6 @@
 # skopeo inspect docker://mcr.microsoft.com/oss/go/microsoft/golang:1.24.1-cbl-mariner2.0 --format "{{.Name}}@{{.Digest}}"
 FROM --platform=$BUILDPLATFORM mcr.microsoft.com/oss/go/microsoft/golang@sha256:605d0a6f05734845927f450a62e081bd19c03dbe1fdbf993cfedc8506c9192b4 AS builder
 
-
 ARG VERSION
 ARG APP_INSIGHTS_ID
 

cmd/hubble/cells_linux.go

@@ -7,22 +7,31 @@ package hubble
 import (
 	"github.com/cilium/cilium/pkg/defaults"
 	"github.com/cilium/cilium/pkg/gops"
-	"github.com/cilium/cilium/pkg/hive/cell"
+	hubblecell "github.com/cilium/cilium/pkg/hubble/cell"
+	exportercell "github.com/cilium/cilium/pkg/hubble/exporter/cell"
+	hubbleParser "github.com/cilium/cilium/pkg/hubble/parser"
+	"github.com/cilium/cilium/pkg/ipcache"
+	"github.com/cilium/cilium/pkg/k8s"
 	k8sClient "github.com/cilium/cilium/pkg/k8s/client"
+	"github.com/cilium/cilium/pkg/logging"
+	"github.com/cilium/cilium/pkg/logging/logfields"
+	"github.com/cilium/cilium/pkg/node/manager"
 	"github.com/cilium/cilium/pkg/option"
 	"github.com/cilium/cilium/pkg/pprof"
-	"github.com/cilium/proxy/pkg/logging"
-	"github.com/cilium/proxy/pkg/logging/logfields"
+	"github.com/cilium/cilium/pkg/recorder"
+	"github.com/cilium/hive/cell"
+	"github.com/sirupsen/logrus"
+	"k8s.io/client-go/rest"
+
 	"github.com/microsoft/retina/internal/buildinfo"
 	"github.com/microsoft/retina/pkg/config"
 	rnode "github.com/microsoft/retina/pkg/controllers/daemon/nodereconciler"
-	hubbleserver "github.com/microsoft/retina/pkg/hubble"
+	"github.com/microsoft/retina/pkg/hubble/parser"
 	retinak8s "github.com/microsoft/retina/pkg/k8s"
 	"github.com/microsoft/retina/pkg/managers/pluginmanager"
 	"github.com/microsoft/retina/pkg/monitoragent"
 	"github.com/microsoft/retina/pkg/servermanager"
 	"github.com/microsoft/retina/pkg/shared/telemetry"
-	"k8s.io/client-go/rest"
 )
 
 var (
@@ -40,15 +49,14 @@ var (
 		"Infrastructure",
 
 		// Register the pprof HTTP handlers, to get runtime profiling data.
-		pprof.Cell,
-		cell.Config(pprof.Config{
+		pprof.Cell(pprof.Config{
 			Pprof:        true,
 			PprofAddress: option.PprofAddressAgent,
 			PprofPort:    option.PprofPortAgent,
 		}),
 
 		// Runs the gops agent, a tool to diagnose Go processes.
-		gops.Cell(defaults.GopsPortAgent),
+		gops.Cell(true, defaults.GopsPortAgent),
 
 		// Parse Retina specific configuration
 		config.Cell,
@@ -81,17 +89,31 @@ var (
 
 		daemonCell,
 
-		// Provides the node reconciler
-		rnode.Cell,
-
-		// Provides the hubble agent
-		hubbleserver.Cell,
-
 		pluginmanager.Cell,
 
+		servermanager.Cell,
+
 		retinak8s.Cell,
 
-		servermanager.Cell,
+		recorder.Cell,
+
+		cell.Provide(
+			func(l logrus.FieldLogger, ipc *ipcache.IPCache, sc *k8s.ServiceCacheImpl) hubbleParser.Decoder {
+				return parser.New(l.WithField("decoder", nil), sc, ipc)
+			},
+		),
+
+		// Provides the node reconciler as node manager
+		rnode.Cell,
+		cell.Provide(
+			func(nr *rnode.NodeReconciler) manager.NodeManager {
+				return nr
+			},
+		),
+
+		exportercell.Cell,
+		// Provides the hubble agent
+		hubblecell.Core,
 
 		telemetry.Heartbeat,
 	)

cmd/hubble/daemon_linux.go

@@ -17,14 +17,15 @@ import (
 
 	retinak8s "github.com/microsoft/retina/pkg/k8s"
 
-	"github.com/cilium/cilium/pkg/hive/cell"
 	v1 "github.com/cilium/cilium/pkg/hubble/api/v1"
+	hubblecell "github.com/cilium/cilium/pkg/hubble/cell"
 	"github.com/cilium/cilium/pkg/ipcache"
 	"github.com/cilium/cilium/pkg/k8s"
 	k8sClient "github.com/cilium/cilium/pkg/k8s/client"
 	"github.com/cilium/cilium/pkg/k8s/watchers"
 	monitoragent "github.com/cilium/cilium/pkg/monitor/agent"
 	"github.com/cilium/cilium/pkg/node"
+	"github.com/cilium/hive/cell"
 	"github.com/cilium/workerpool"
 
 	corev1 "k8s.io/api/core/v1"
@@ -107,7 +108,8 @@ type Daemon struct {
 	k8swatcher     *watchers.K8sWatcher
 	localNodeStore *node.LocalNodeStore
 	ipc            *ipcache.IPCache
-	svcCache       *k8s.ServiceCache
+	svcCache       k8s.ServiceCache
+	hubble         hubblecell.HubbleIntegration
 }
 
 func newDaemon(params *daemonParams) *Daemon {
@@ -123,6 +125,7 @@ func newDaemon(params *daemonParams) *Daemon {
 		localNodeStore: params.Lnds,
 		ipc:            params.IPC,
 		svcCache:       params.SvcCache,
+		hubble:         params.Hubble,
 	}
 }
 

cmd/hubble/daemon_main_linux.go

@@ -9,30 +9,28 @@ import (
 	"context"
 	"fmt"
 	"io"
-	"math"
+	"log/slog"
+	"os"
 	"path/filepath"
-	"strings"
 
 	zaphook "github.com/Sytten/logrus-zap-hook"
-	"github.com/cilium/cilium/pkg/defaults"
 	"github.com/cilium/cilium/pkg/hive"
-	"github.com/cilium/cilium/pkg/hive/cell"
 	v1 "github.com/cilium/cilium/pkg/hubble/api/v1"
-	"github.com/cilium/cilium/pkg/hubble/exporter/exporteroption"
-	"github.com/cilium/cilium/pkg/hubble/observer/observeroption"
+	hubblecell "github.com/cilium/cilium/pkg/hubble/cell"
 	"github.com/cilium/cilium/pkg/ipcache"
 	"github.com/cilium/cilium/pkg/k8s"
 	k8sClient "github.com/cilium/cilium/pkg/k8s/client"
 	"github.com/cilium/cilium/pkg/k8s/watchers"
+	"github.com/cilium/cilium/pkg/logging"
 	"github.com/cilium/cilium/pkg/metrics"
 	monitorAgent "github.com/cilium/cilium/pkg/monitor/agent"
-	monitorAPI "github.com/cilium/cilium/pkg/monitor/api"
 	"github.com/cilium/cilium/pkg/node"
 	"github.com/cilium/cilium/pkg/option"
 	"github.com/cilium/cilium/pkg/promise"
 	"github.com/cilium/cilium/pkg/time"
 	"github.com/cilium/ebpf/rlimit"
-	"github.com/cilium/proxy/pkg/logging"
+	"github.com/cilium/hive/cell"
+
 	"github.com/microsoft/retina/internal/buildinfo"
 	"github.com/microsoft/retina/pkg/config"
 	"github.com/microsoft/retina/pkg/log"
@@ -62,104 +60,6 @@ func InitGlobalFlags(cmd *cobra.Command, vp *viper.Viper) {
 	flags.String(option.ConfigDir, "/retina/config", `Configuration directory that contains a file for each option`)
 	option.BindEnv(vp, option.ConfigDir)
 
-	flags.Bool(option.EnableHubble, false, "Enable hubble server")
-	option.BindEnv(vp, option.EnableHubble)
-
-	flags.String(option.HubbleSocketPath, defaults.HubbleSockPath, "Set hubble's socket path to listen for connections")
-	option.BindEnv(vp, option.HubbleSocketPath)
-
-	flags.String(option.HubbleListenAddress, "", `An additional address for Hubble server to listen to, e.g. ":4244"`)
-	option.BindEnv(vp, option.HubbleListenAddress)
-
-	flags.Bool(option.HubblePreferIpv6, false, "Prefer IPv6 addresses for announcing nodes when both address types are available.")
-	option.BindEnv(vp, option.HubblePreferIpv6)
-
-	flags.Bool(option.HubbleTLSDisabled, false, "Allow Hubble server to run on the given listen address without TLS.")
-	option.BindEnv(vp, option.HubbleTLSDisabled)
-
-	flags.String(option.HubbleTLSCertFile, "", "Path to the public key file for the Hubble server. The file must contain PEM encoded data.")
-	option.BindEnv(vp, option.HubbleTLSCertFile)
-
-	flags.String(option.HubbleTLSKeyFile, "", "Path to the private key file for the Hubble server. The file must contain PEM encoded data.")
-	option.BindEnv(vp, option.HubbleTLSKeyFile)
-
-	flags.StringSlice(option.HubbleTLSClientCAFiles, []string{}, "Paths to one or more public key files of client CA certificates to use for TLS with mutual authentication (mTLS). The files must contain PEM encoded data. When provided, this option effectively enables mTLS.") //nolint:lll // long line (over 80 characters).
-	option.BindEnv(vp, option.HubbleTLSClientCAFiles)
-
-	flags.Int(option.HubbleEventBufferCapacity, observeroption.Default.MaxFlows.AsInt(), "Capacity of Hubble events buffer. The provided value must be one less than an integer power of two and no larger than 65535 (ie: 1, 3, ..., 2047, 4095, ..., 65535)") //nolint:lll // long line.
-	option.BindEnv(vp, option.HubbleEventBufferCapacity)
-
-	flags.Int(option.HubbleEventQueueSize, 0, "Buffer size of the channel to receive monitor events.")
-	option.BindEnv(vp, option.HubbleEventQueueSize)
-
-	flags.String(option.HubbleMetricsServer, "", "Address to serve Hubble metrics on.")
-	option.BindEnv(vp, option.HubbleMetricsServer)
-
-	flags.StringSlice(option.HubbleMetrics, []string{}, "List of Hubble metrics to enable.")
-	option.BindEnv(vp, option.HubbleMetrics)
-
-	flags.String(option.HubbleFlowlogsConfigFilePath, "", "Filepath with configuration of hubble flowlogs")
-	option.BindEnv(vp, option.HubbleFlowlogsConfigFilePath)
-
-	flags.String(option.HubbleExportFilePath, exporteroption.Default.Path, "Filepath to write Hubble events to.")
-	option.BindEnv(vp, option.HubbleExportFilePath)
-
-	flags.Int(option.HubbleExportFileMaxSizeMB, exporteroption.Default.MaxSizeMB, "Size in MB at which to rotate Hubble export file.")
-	option.BindEnv(vp, option.HubbleExportFileMaxSizeMB)
-
-	flags.Int(option.HubbleExportFileMaxBackups, exporteroption.Default.MaxBackups, "Number of rotated Hubble export files to keep.")
-	option.BindEnv(vp, option.HubbleExportFileMaxBackups)
-
-	flags.Bool(option.HubbleExportFileCompress, exporteroption.Default.Compress, "Compress rotated Hubble export files.")
-	option.BindEnv(vp, option.HubbleExportFileCompress)
-
-	flags.StringSlice(option.HubbleExportAllowlist, []string{}, "Specify allowlist as JSON encoded FlowFilters to Hubble exporter.")
-	option.BindEnv(vp, option.HubbleExportAllowlist)
-
-	flags.StringSlice(option.HubbleExportDenylist, []string{}, "Specify denylist as JSON encoded FlowFilters to Hubble exporter.")
-	option.BindEnv(vp, option.HubbleExportDenylist)
-
-	flags.StringSlice(option.HubbleExportFieldmask, []string{}, "Specify list of fields to use for field mask in Hubble exporter.")
-	option.BindEnv(vp, option.HubbleExportFieldmask)
-
-	flags.Bool(option.EnableHubbleRecorderAPI, true, "Enable the Hubble recorder API")
-	option.BindEnv(vp, option.EnableHubbleRecorderAPI)
-
-	flags.String(option.HubbleRecorderStoragePath, defaults.HubbleRecorderStoragePath, "Directory in which pcap files created via the Hubble Recorder API are stored")
-	option.BindEnv(vp, option.HubbleRecorderStoragePath)
-
-	flags.Int(option.HubbleRecorderSinkQueueSize, defaults.HubbleRecorderSinkQueueSize, "Queue size of each Hubble recorder sink")
-	option.BindEnv(vp, option.HubbleRecorderSinkQueueSize)
-
-	flags.Bool(option.HubbleSkipUnknownCGroupIDs, true, "Skip Hubble events with unknown cgroup ids")
-	option.BindEnv(vp, option.HubbleSkipUnknownCGroupIDs)
-
-	flags.StringSlice(option.HubbleMonitorEvents, []string{},
-		fmt.Sprintf(
-			"Cilium monitor events for Hubble to observe: [%s]. By default, Hubble observes all monitor events.",
-			strings.Join(monitorAPI.AllMessageTypeNames(), " "),
-		),
-	)
-	option.BindEnv(vp, option.HubbleMonitorEvents)
-
-	flags.Bool(option.HubbleRedactEnabled, defaults.HubbleRedactEnabled, "Hubble redact sensitive information from flows")
-	option.BindEnv(vp, option.HubbleRedactEnabled)
-
-	flags.Bool(option.HubbleRedactHttpURLQuery, defaults.HubbleRedactHttpURLQuery, "Hubble redact http URL query from flows")
-	option.BindEnv(vp, option.HubbleRedactHttpURLQuery)
-
-	flags.Bool(option.HubbleRedactHttpUserInfo, defaults.HubbleRedactHttpUserInfo, "Hubble redact http user info from flows")
-	option.BindEnv(vp, option.HubbleRedactHttpUserInfo)
-
-	flags.Bool(option.HubbleRedactKafkaApiKey, defaults.HubbleRedactKafkaApiKey, "Hubble redact Kafka API key from flows")
-	option.BindEnv(vp, option.HubbleRedactKafkaApiKey)
-
-	flags.StringSlice(option.HubbleRedactHttpHeadersAllow, []string{}, "HTTP headers to keep visible in flows")
-	option.BindEnv(vp, option.HubbleRedactHttpHeadersAllow)
-
-	flags.StringSlice(option.HubbleRedactHttpHeadersDeny, []string{}, "HTTP headers to redact from flows")
-	option.BindEnv(vp, option.HubbleRedactHttpHeadersDeny)
-
 	if err := vp.BindPFlags(flags); err != nil {
 		logger.Fatalf("BindPFlags failed: %s", err)
 	}
@@ -179,8 +79,9 @@ type daemonParams struct {
 	K8sWatcher    *watchers.K8sWatcher
 	Lnds          *node.LocalNodeStore
 	IPC           *ipcache.IPCache
-	SvcCache      *k8s.ServiceCache
+	SvcCache      k8s.ServiceCache
 	Telemetry     telemetry.Telemetry
+	Hubble        hubblecell.HubbleIntegration
 	Config        config.Config
 }
 
@@ -288,9 +189,6 @@ func bootstrapLogging(logger *logrus.Logger) {
 
 func initDaemonConfig(vp *viper.Viper) {
 	option.Config.Populate(vp)
-	if option.Config.HubbleEventBufferCapacity == 0 {
-		option.Config.HubbleEventBufferCapacity = int(math.Pow(2, 14) - 1) //nolint:gomnd // this is just math
-	}
 
 	time.MaxInternalTimerDelay = vp.GetDuration(option.MaxInternalTimerDelay)
 }
@@ -301,6 +199,8 @@ func Execute(cobraCmd *cobra.Command, h *hive.Hive) {
 	initDaemonConfig(h.Viper())
 	initLogging()
 
+	hiveLogger := slog.New(slog.NewTextHandler(os.Stdout, nil))
+
 	// Allow the current process to lock memory for eBPF resources.
 	if err := rlimit.RemoveMemlock(); err != nil {
 		logger.Fatal("failed to remove memlock", zap.Error(err))
@@ -309,7 +209,7 @@ func Execute(cobraCmd *cobra.Command, h *hive.Hive) {
 	//nolint:gocritic // without granular commits this commented-out code may be lost
 	// initEnv(h.Viper())
 
-	if err := h.Run(); err != nil {
+	if err := h.Run(hiveLogger); err != nil {
 		logger.Fatal(err)
 	}
 }

controller/Dockerfile

@@ -64,7 +64,7 @@ ARG GOOS=linux # default to linux
 ARG VERSION
 ENV GOARCH=${GOARCH}
 ENV GOOS=${GOOS}
-RUN --mount=type=cache,target="/root/.cache/go-build" go build -v -o /go/bin/retina/controller -ldflags "-X github.com/microsoft/retina/internal/buildinfo.Version="$VERSION" -X github.com/microsoft/retina/internal/buildinfo.ApplicationInsightsID="$APP_INSIGHTS_ID"" controller/main.go 
+RUN --mount=type=cache,target="/root/.cache/go-build" go build -x -v -o /go/bin/retina/controller -ldflags "-X github.com/microsoft/retina/internal/buildinfo.Version="$VERSION" -X github.com/microsoft/retina/internal/buildinfo.ApplicationInsightsID="$APP_INSIGHTS_ID"" controller/main.go 
 
 
 # init binary

controller/Dockerfile.gogen

@@ -1,7 +1,6 @@
 # skopeo inspect docker://mcr.microsoft.com/oss/go/microsoft/golang:1.24.1-cbl-mariner2.0 --format "{{.Name}}@{{.Digest}}"
 FROM --platform=$BUILDPLATFORM mcr.microsoft.com/oss/go/microsoft/golang@sha256:605d0a6f05734845927f450a62e081bd19c03dbe1fdbf993cfedc8506c9192b4
 
-
 # Default linux/architecture.
 ARG GOOS=linux
 ENV GOOS=${GOOS}