deps: upgrade Cilium from v1.18.0-pre.1 to v1.19.3

Signed-off-by: Quang Nguyen <nguyenquang@microsoft.com>

Author: nddq

.github/workflows/golangci-lint.yaml

@@ -35,7 +35,7 @@ jobs:
         with:
           go-version-file: go.mod
       - name: Build golangci-lint
-        run: GOOS=linux GOARCH=amd64 go build -o "$RUNNER_TEMP/golangci-lint" github.com/golangci/golangci-lint/cmd/golangci-lint
+        run: GOOS=linux GOARCH=amd64 go build -o "$RUNNER_TEMP/golangci-lint" github.com/golangci/golangci-lint/v2/cmd/golangci-lint
       - name: golangci-lint
         run: |
           "$RUNNER_TEMP/golangci-lint" run --new-from-rev=${{ github.event.pull_request.base.sha || github.event.merge_group.base_sha || github.event.before || 'HEAD~1' }} --concurrency 4 --verbose --config=.golangci.yaml --timeout=25m

Makefile

@@ -95,7 +95,7 @@ help: ## Display this help
 ##@ Tools 
 
 GOFUMPT			= go tool mvdan.cc/gofumpt
-GOLANGCI_LINT	= go tool github.com/golangci/golangci-lint/cmd/golangci-lint
+GOLANGCI_LINT	= go tool github.com/golangci/golangci-lint/v2/cmd/golangci-lint
 GORELEASER		= go tool github.com/goreleaser/goreleaser
 CONTROLLER_GEN	= go tool sigs.k8s.io/controller-tools/cmd/controller-gen
 GINKGO			= go tool github.com/onsi/ginkgo

cmd/hubble/cells_linux.go

@@ -5,18 +5,24 @@
 package hubble
 
 import (
+	"log/slog"
+	"sync"
+
+	"github.com/cilium/cilium/pkg/datapath/link"
 	"github.com/cilium/cilium/pkg/defaults"
 	"github.com/cilium/cilium/pkg/gops"
 	hubblecell "github.com/cilium/cilium/pkg/hubble/cell"
-	exportercell "github.com/cilium/cilium/pkg/hubble/exporter/cell"
+	metricscell "github.com/cilium/cilium/pkg/hubble/metrics/cell"
+	ciliumparser "github.com/cilium/cilium/pkg/hubble/parser"
 	k8sClient "github.com/cilium/cilium/pkg/k8s/client"
-	"github.com/cilium/cilium/pkg/logging"
+	"github.com/cilium/cilium/pkg/kpr"
+	"github.com/cilium/cilium/pkg/kvstore"
 	"github.com/cilium/cilium/pkg/logging/logfields"
 	"github.com/cilium/cilium/pkg/node/manager"
 	"github.com/cilium/cilium/pkg/option"
 	"github.com/cilium/cilium/pkg/pprof"
-	"github.com/cilium/cilium/pkg/recorder"
 	"github.com/cilium/hive/cell"
+	"github.com/cilium/statedb"
 	"k8s.io/client-go/rest"
 
 	"github.com/microsoft/retina/internal/buildinfo"
@@ -25,21 +31,50 @@ import (
 	"github.com/microsoft/retina/pkg/hubble/parser"
 	"github.com/microsoft/retina/pkg/hubble/resources"
 	retinak8s "github.com/microsoft/retina/pkg/k8s"
+	retinalog "github.com/microsoft/retina/pkg/log"
 	"github.com/microsoft/retina/pkg/managers/pluginmanager"
 	"github.com/microsoft/retina/pkg/monitoragent"
 	"github.com/microsoft/retina/pkg/servermanager"
 	"github.com/microsoft/retina/pkg/shared/telemetry"
 )
 
+// disabledKVStoreClient wraps a kvstore.Client but returns IsEnabled() = false.
+// This is needed because K8sCiliumEndpointsWatcher only initializes if kvstore is disabled.
+// When kvstore is enabled, Cilium expects CiliumEndpoint data to come from kvstore,
+// but Retina watches CiliumEndpoint CRDs directly and needs the watcher to populate IPCache.
+type disabledKVStoreClient struct {
+	kvstore.Client
+}
+
+// IsEnabled returns false to indicate kvstore is not being used for CiliumEndpoint sync.
+// This allows the K8sCiliumEndpointsWatcher to initialize and populate IPCache with K8sMetadata.
+func (d *disabledKVStoreClient) IsEnabled() bool {
+	return false
+}
+
+const daemonSubsys = "daemon"
+
+var (
+	loggerOnce   sync.Once
+	cachedLogger *slog.Logger
+)
+
+// logger returns a zap-backed slog logger. Resolved lazily so it reaches
+// Application Insights once SetupZapLogger has run.
+func logger() *slog.Logger {
+	loggerOnce.Do(func() {
+		cachedLogger = retinalog.SlogLogger().With(logfields.LogSubsys, daemonSubsys)
+	})
+	return cachedLogger
+}
+
 var (
 	Agent = cell.Module(
 		"agent",
 		"Retina-Agent",
 		Infrastructure,
 		ControlPlane,
 	)
-	daemonSubsys = "daemon"
-	logger       = logging.DefaultLogger.WithField(logfields.LogSubsys, daemonSubsys)
 
 	Infrastructure = cell.Module(
 		"infrastructure",
@@ -61,6 +96,19 @@ var (
 		// Kubernetes client
 		k8sClient.Cell,
 
+		// Kube proxy replacement config (needed by loadbalancer cells)
+		kpr.Cell,
+
+		// Provide a disabled kvstore client for Retina.
+		// This is important: the K8sCiliumEndpointsWatcher only initializes
+		// if kvstore.IsEnabled() returns false (because with a real kvstore,
+		// CiliumEndpoint data would come from kvstore instead of watching CRDs).
+		// Since Retina doesn't use etcd/consul and relies on watching CiliumEndpoint CRDs,
+		// we need IsEnabled() to return false so the watcher populates IPCache with K8sMetadata.
+		cell.Provide(func(db *statedb.DB) kvstore.Client {
+			return &disabledKVStoreClient{Client: kvstore.NewInMemoryClient(db, "default")}
+		}),
+
 		cell.Provide(func(cfg config.Config, k8sCfg *rest.Config) telemetry.Config {
 			return telemetry.Config{
 				Component:             "retina-agent",
@@ -92,11 +140,11 @@ var (
 
 		retinak8s.Cell,
 
-		recorder.Cell,
-
 		// Provides resources for hubble
 		resources.Cell,
-		cell.Provide(parser.New),
+
+		// Provides link cache needed by hubble parser
+		link.Cell,
 
 		// Provides the node reconciler as node manager
 		rnode.Cell,
@@ -106,9 +154,17 @@ var (
 			},
 		),
 
-		exportercell.Cell,
-		// Provides the hubble agent
-		hubblecell.Core,
+		// Provides the full hubble agent (includes parser, exporter, metrics, and TLS)
+		hubblecell.Cell,
+
+		// Force the Hubble metrics server to start. Without this, the DI system
+		// prunes newMetricsServer because nothing in Retina consumes metricscell.Server.
+		cell.Invoke(func(_ metricscell.Server) {}),
+
+		// Override Cilium's parser with Retina's parser that understands v1.Event from plugins
+		cell.DecorateAll(func(_ ciliumparser.Decoder, params parser.Params) ciliumparser.Decoder {
+			return parser.New(params)
+		}),
 
 		telemetry.Heartbeat,
 	)

cmd/hubble/daemon_linux.go

@@ -7,11 +7,12 @@ package hubble
 import (
 	"context"
 	"fmt"
+	"log/slog"
 
 	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
 
 	"github.com/microsoft/retina/pkg/config"
+	"github.com/microsoft/retina/pkg/log"
 	"github.com/microsoft/retina/pkg/managers/pluginmanager"
 	"github.com/microsoft/retina/pkg/managers/servermanager"
 
@@ -20,7 +21,6 @@ import (
 	v1 "github.com/cilium/cilium/pkg/hubble/api/v1"
 	hubblecell "github.com/cilium/cilium/pkg/hubble/cell"
 	"github.com/cilium/cilium/pkg/ipcache"
-	"github.com/cilium/cilium/pkg/k8s"
 	k8sClient "github.com/cilium/cilium/pkg/k8s/client"
 	"github.com/cilium/cilium/pkg/k8s/watchers"
 	monitoragent "github.com/cilium/cilium/pkg/monitor/agent"
@@ -34,7 +34,6 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
-	zapf "sigs.k8s.io/controller-runtime/pkg/log/zap"
 	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
 )
 
@@ -44,7 +43,9 @@ var (
 		"daemon",
 		"Retina-Agent Daemon",
 		// Create the controller manager, provides the hive with the controller manager and its client
-		cell.Provide(func(k8sCfg *rest.Config, logger logrus.FieldLogger, rcfg config.RetinaHubbleConfig) (ctrl.Manager, client.Client, error) {
+		cell.Provide(func(
+			k8sCfg *rest.Config, logger *slog.Logger, rcfg config.RetinaHubbleConfig,
+		) (ctrl.Manager, client.Client, error) {
 			if err := corev1.AddToScheme(scheme); err != nil { //nolint:govet // intentional shadow
 				logger.Error("failed to add corev1 to scheme")
 				return nil, nil, errors.Wrap(err, "failed to add corev1 to scheme")
@@ -60,7 +61,7 @@ var (
 				LeaderElectionID:       "ecaf1259.retina.io",
 			}
 
-			logf.SetLogger(zapf.New())
+			logf.SetLogger(log.LogrLogger())
 			ctrlManager, err := ctrl.NewManager(k8sCfg, mgrOption)
 			if err != nil {
 				logger.Error("failed to create manager")
@@ -71,7 +72,7 @@ var (
 		}),
 
 		// Start the controller manager
-		cell.Invoke(func(l logrus.FieldLogger, lifecycle cell.Lifecycle, ctrlManager ctrl.Manager) {
+		cell.Invoke(func(l *slog.Logger, lifecycle cell.Lifecycle, ctrlManager ctrl.Manager) {
 			var wp *workerpool.WorkerPool
 			lifecycle.Append(
 				cell.Hook{
@@ -99,7 +100,7 @@ var (
 type Daemon struct {
 	clientset k8sClient.Clientset
 
-	log            logrus.FieldLogger
+	log            *slog.Logger
 	monitorAgent   monitoragent.Agent
 	pluginManager  *pluginmanager.PluginManager
 	HTTPServer     *servermanager.HTTPServer
@@ -108,7 +109,6 @@ type Daemon struct {
 	k8swatcher     *watchers.K8sWatcher
 	localNodeStore *node.LocalNodeStore
 	ipc            *ipcache.IPCache
-	svcCache       k8s.ServiceCache
 	hubble         hubblecell.HubbleIntegration
 }
 
@@ -124,17 +124,12 @@ func newDaemon(params *daemonParams) *Daemon {
 		k8swatcher:     params.K8sWatcher,
 		localNodeStore: params.Lnds,
 		ipc:            params.IPC,
-		svcCache:       params.SvcCache,
 		hubble:         params.Hubble,
 	}
 }
 
 func (d *Daemon) Run(ctx context.Context) error {
-	// Start K8s watcher
-	d.log.WithField("localNodeStore", d.localNodeStore).Info("Starting local node store")
-
-	// Start K8s watcher. Will block till sync is complete or timeout.
-	// If sync doesn't complete within timeout (3 minutes), causes fatal error.
+	// Start K8s watcher. Blocks until sync completes or times out (3 min).
 	retinak8s.Start(ctx, d.k8swatcher)
 
 	go d.generateEvents(ctx)
@@ -147,10 +142,8 @@ func (d *Daemon) generateEvents(ctx context.Context) {
 		case <-ctx.Done():
 			return
 		case event := <-d.eventChan:
-			d.log.WithField("event", event).Debug("Sending event to monitor agent")
-			err := d.monitorAgent.SendEvent(0, event)
-			if err != nil {
-				d.log.WithError(err).Error("Unable to send event to monitor agent")
+			if err := d.monitorAgent.SendEvent(0, event); err != nil {
+				d.log.Error("Unable to send event to monitor agent", "error", err)
 			}
 		}
 	}