hashicorp · missylbytes · Aug 29, 2023 · Aug 18, 2023 · Aug 18, 2023 · Aug 23, 2023
@@ -0,0 +1,3 @@
+```release-note:bug
+ingress-gateway: Adds missing PassiveHealthCheck to IngressGateways CRD and updates missing fields on ServiceDefaults CRD
+```
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 apiVersion: batch/v1
 kind: Job
 metadata:

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 apiVersion: v1
 kind: Service
 metadata:

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 apiVersion: v1
 kind: ServiceAccount
 metadata:

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 
 resources:
   - ../../../bases/job-client

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 apiVersion: batch/v1
 kind: Job
 metadata:

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 
 resources:
   - ../../../bases/job-client

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 apiVersion: batch/v1
 kind: Job
 metadata:

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 apiVersion: batch/v1
 kind: Job
 metadata:

@@ -81,6 +81,43 @@ spec:
                       while waiting for a connection to be established.
                     format: int32
                     type: integer
+                  passiveHealthCheck:
+                    description: PassiveHealthCheck configuration determines how upstream
+                      proxy instances will be monitored for removal from the load
+                      balancing pool.
+                    properties:
+                      baseEjectionTime:
+                        description: The base time that a host is ejected for. The
+                          real time is equal to the base time multiplied by the number
+                          of times the host has been ejected and is capped by max_ejection_time
+                          (Default 300s). Defaults to 30s.
+                        type: string
+                      enforcingConsecutive5xx:
+                        description: EnforcingConsecutive5xx is the % chance that
+                          a host will be actually ejected when an outlier status is
+                          detected through consecutive 5xx. This setting can be used
+                          to disable ejection or to ramp it up slowly. Ex. Setting
+                          this to 10 will make it a 10% chance that the host will
+                          be ejected.
+                        format: int32
+                        type: integer
+                      interval:
+                        description: Interval between health check analysis sweeps.
+                          Each sweep may remove hosts or return hosts to the pool.
+                          Ex. setting this to "10s" will set the interval to 10 seconds.
+                        type: string
+                      maxEjectionPercent:
+                        description: The maximum % of an upstream cluster that can
+                          be ejected due to outlier detection. Defaults to 10% but
+                          will eject at least one host regardless of the value.
+                        format: int32
+                        type: integer
+                      maxFailures:
+                        description: MaxFailures is the count of consecutive failures
+                          that results in a host being removed from the pool.
+                        format: int32
+                        type: integer
+                    type: object
                 type: object
               listeners:
                 description: Listeners declares what ports the ingress gateway should
@@ -160,6 +197,47 @@ spec:
                               service is located. Partitioning is a Consul Enterprise
                               feature.
                             type: string
+                          passiveHealthCheck:
+                            description: PassiveHealthCheck configuration determines
+                              how upstream proxy instances will be monitored for removal
+                              from the load balancing pool.
+                            properties:
+                              baseEjectionTime:
+                                description: The base time that a host is ejected
+                                  for. The real time is equal to the base time multiplied
+                                  by the number of times the host has been ejected
+                                  and is capped by max_ejection_time (Default 300s).
+                                  Defaults to 30s.
+                                type: string
+                              enforcingConsecutive5xx:
+                                description: EnforcingConsecutive5xx is the % chance
+                                  that a host will be actually ejected when an outlier
+                                  status is detected through consecutive 5xx. This
+                                  setting can be used to disable ejection or to ramp
+                                  it up slowly. Ex. Setting this to 10 will make it
+                                  a 10% chance that the host will be ejected.
+                                format: int32
+                                type: integer
+                              interval:
+                                description: Interval between health check analysis
+                                  sweeps. Each sweep may remove hosts or return hosts
+                                  to the pool. Ex. setting this to "10s" will set
+                                  the interval to 10 seconds.
+                                type: string
+                              maxEjectionPercent:
+                                description: The maximum % of an upstream cluster
+                                  that can be ejected due to outlier detection. Defaults
+                                  to 10% but will eject at least one host regardless
+                                  of the value.
+                                format: int32
+                                type: integer
+                              maxFailures:
+                                description: MaxFailures is the count of consecutive
+                                  failures that results in a host being removed from
+                                  the pool.
+                                format: int32
+                                type: integer
+                            type: object
                           requestHeaders:
                             description: Allow HTTP header manipulation to be configured.
                             properties:

@@ -163,15 +163,6 @@ spec:
                       type: string
                     type: array
                 type: object
-              prioritizeByLocality:
-                description: PrioritizeByLocality contains the configuration for
-                  locality aware routing.
-                properties:
-                  mode:
-                    description: Mode specifies the behavior of PrioritizeByLocality
-                      routing. Valid values are "", "none", and "failover".
-                    type: string
-                type: object
               meshGateway:
                 description: MeshGateway controls the default mesh gateway configuration
                   for this service.
@@ -204,6 +195,16 @@ spec:
                   your services secure, we recommend using "strict" mode whenever
                   possible and enabling "permissive" mode only when necessary.'
                 type: string
+              prioritizeByLocality:
+                description: PrioritizeByLocality controls whether the locality of
+                  services within the local partition will be used to prioritize connectivity.
+                properties:
+                  mode:
+                    description: 'Mode specifies the type of prioritization that will
+                      be performed when selecting nodes in the local partition. Valid
+                      values are: "" (default "none"), "none", and "failover".'
+                    type: string
+                type: object
               transparentProxy:
                 description: 'TransparentProxy controls configuration specific to
                   proxies in transparent mode. Note: This cannot be set using the

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.9.2
+    controller-gen.kubebuilder.io/version: v0.8.0
   creationTimestamp: null
   name: routeretryfilters.consul.hashicorp.com
   labels:
@@ -53,7 +53,7 @@ spec:
           metadata:
             type: object
           spec:
-            description: RouteRetryFilterSpec defines the desired state of RouteRetryFilter
+            description: RouteRetryFilterSpec defines the desired state of RouteRetryFilter.
             properties:
               numRetries:
                 format: int32
@@ -114,4 +114,10 @@ spec:
     storage: true
     subresources:
       status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
 {{- end }}
@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.9.2
+    controller-gen.kubebuilder.io/version: v0.8.0
   creationTimestamp: null
   name: routetimeoutfilters.consul.hashicorp.com
   labels:
@@ -54,7 +54,7 @@ spec:
           metadata:
             type: object
           spec:
-            description: RouteTimeoutFilterSpec defines the desired state of RouteTimeoutFilter
+            description: RouteTimeoutFilterSpec defines the desired state of RouteTimeoutFilter.
             properties:
               idleTimeout:
                 description: A Duration represents the elapsed time between two instants
@@ -112,4 +112,10 @@ spec:
     storage: true
     subresources:
       status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
 {{- end }}
@@ -294,18 +294,22 @@ spec:
                               The real time is equal to the base time multiplied by
                               the number of times the host has been ejected and is
                               capped by max_ejection_time (Default 300s). Defaults
-                              to 30000ms or 30s.
+                              to 30s.
                             type: string
                           enforcingConsecutive5xx:
                             description: EnforcingConsecutive5xx is the % chance that
                               a host will be actually ejected when an outlier status
                               is detected through consecutive 5xx. This setting can
                               be used to disable ejection or to ramp it up slowly.
+                              Ex. Setting this to 10 will make it a 10% chance that
+                              the host will be ejected.
                             format: int32
                             type: integer
                           interval:
                             description: Interval between health check analysis sweeps.
                               Each sweep may remove hosts or return hosts to the pool.
+                              Ex. setting this to "10s" will set the interval to 10
+                              seconds.
                             type: string
                           maxEjectionPercent:
                             description: The maximum % of an upstream cluster that
@@ -411,19 +415,22 @@ spec:
                                 The real time is equal to the base time multiplied
                                 by the number of times the host has been ejected and
                                 is capped by max_ejection_time (Default 300s). Defaults
-                                to 30000ms or 30s.
+                                to 30s.
                               type: string
                             enforcingConsecutive5xx:
                               description: EnforcingConsecutive5xx is the % chance
                                 that a host will be actually ejected when an outlier
                                 status is detected through consecutive 5xx. This setting
                                 can be used to disable ejection or to ramp it up slowly.
+                                Ex. Setting this to 10 will make it a 10% chance that
+                                the host will be ejected.
                               format: int32
                               type: integer
                             interval:
                               description: Interval between health check analysis
                                 sweeps. Each sweep may remove hosts or return hosts
-                                to the pool.
+                                to the pool. Ex. setting this to "10s" will set the
+                                interval to 10 seconds.
                               type: string
                             maxEjectionPercent:
                               description: The maximum % of an upstream cluster that

@@ -6,7 +6,6 @@ package v1alpha1
 import (
 	"encoding/json"
 	"fmt"
-
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
 	"github.com/hashicorp/consul-k8s/control-plane/api/common"
@@ -77,6 +76,9 @@ type IngressServiceConfig struct {
 	// will be allowed at a single point in time. Use this to limit HTTP/2 traffic,
 	// since HTTP/2 has many requests per connection.
 	MaxConcurrentRequests *uint32 `json:"maxConcurrentRequests,omitempty"`
+	// PassiveHealthCheck configuration determines how upstream proxy instances will
+	// be monitored for removal from the load balancing pool.
+	PassiveHealthCheck *PassiveHealthCheck `json:"passiveHealthCheck,omitempty"`
 }
 
 type GatewayTLSConfig struct {
@@ -364,6 +366,7 @@ func (in IngressService) toConsul() capi.IngressService {
 		MaxConnections:        in.MaxConnections,
 		MaxPendingRequests:    in.MaxPendingRequests,
 		MaxConcurrentRequests: in.MaxConcurrentRequests,
+		PassiveHealthCheck:    in.PassiveHealthCheck.toConsul(),
 	}
 }
 
@@ -468,5 +471,6 @@ func (in *IngressServiceConfig) toConsul() *capi.IngressServiceConfig {
 		MaxConnections:        in.MaxConnections,
 		MaxPendingRequests:    in.MaxPendingRequests,
 		MaxConcurrentRequests: in.MaxConcurrentRequests,
+		PassiveHealthCheck:    in.PassiveHealthCheck.toConsul(),
 	}
 }
@@ -13,6 +13,7 @@ import (
 	"github.com/stretchr/testify/require"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/utils/pointer"
 )
 
 func TestIngressGateway_MatchesConsul(t *testing.T) {
@@ -70,6 +71,17 @@ func TestIngressGateway_MatchesConsul(t *testing.T) {
 						MaxConnections:        &defaultMaxConnections,
 						MaxPendingRequests:    &defaultMaxPendingRequests,
 						MaxConcurrentRequests: &defaultMaxConcurrentRequests,
+						PassiveHealthCheck: &PassiveHealthCheck{
+							Interval: metav1.Duration{
+								Duration: 2 * time.Second,
+							},
+							MaxFailures:             uint32(20),
+							EnforcingConsecutive5xx: pointer.Uint32(100),
+							MaxEjectionPercent:      pointer.Uint32(10),
+							BaseEjectionTime: &metav1.Duration{
+								Duration: 10 * time.Second,
+							},
+						},
 					},
 					Listeners: []IngressListener{
 						{
@@ -170,6 +182,13 @@ func TestIngressGateway_MatchesConsul(t *testing.T) {
 					MaxConnections:        &defaultMaxConnections,
 					MaxPendingRequests:    &defaultMaxPendingRequests,
 					MaxConcurrentRequests: &defaultMaxConcurrentRequests,
+					PassiveHealthCheck: &capi.PassiveHealthCheck{
+						Interval:                2 * time.Second,
+						MaxFailures:             uint32(20),
+						EnforcingConsecutive5xx: pointer.Uint32(100),
+						MaxEjectionPercent:      pointer.Uint32(10),
+						BaseEjectionTime:        pointer.Duration(10 * time.Second),
+					},
 				},
 				Listeners: []capi.IngressListener{
 					{
@@ -332,6 +351,17 @@ func TestIngressGateway_ToConsul(t *testing.T) {
 						MaxConnections:        &defaultMaxConnections,
 						MaxPendingRequests:    &defaultMaxPendingRequests,
 						MaxConcurrentRequests: &defaultMaxConcurrentRequests,
+						PassiveHealthCheck: &PassiveHealthCheck{
+							Interval: metav1.Duration{
+								Duration: 2 * time.Second,
+							},
+							MaxFailures:             uint32(20),
+							EnforcingConsecutive5xx: pointer.Uint32(100),
+							MaxEjectionPercent:      pointer.Uint32(10),
+							BaseEjectionTime: &metav1.Duration{
+								Duration: 10 * time.Second,
+							},
+						},
 					},
 					Listeners: []IngressListener{
 						{
@@ -431,6 +461,13 @@ func TestIngressGateway_ToConsul(t *testing.T) {
 					MaxConnections:        &defaultMaxConnections,
 					MaxPendingRequests:    &defaultMaxPendingRequests,
 					MaxConcurrentRequests: &defaultMaxConcurrentRequests,
+					PassiveHealthCheck: &capi.PassiveHealthCheck{
+						Interval:                2 * time.Second,
+						MaxFailures:             uint32(20),
+						EnforcingConsecutive5xx: pointer.Uint32(100),
+						MaxEjectionPercent:      pointer.Uint32(10),
+						BaseEjectionTime:        pointer.Duration(10 * time.Second),
+					},
 				},
 				Listeners: []capi.IngressListener{
 					{