diff --git a/.changelog/2796.txt b/.changelog/2796.txt new file mode 100644 index 0000000000..84646b502d --- /dev/null +++ b/.changelog/2796.txt @@ -0,0 +1,3 @@ +```release-note:bug +ingress-gateway: Adds missing PassiveHealthCheck to IngressGateways CRD and updates missing fields on ServiceDefaults CRD +``` \ No newline at end of file diff --git a/acceptance/tests/fixtures/bases/job-client/job.yaml b/acceptance/tests/fixtures/bases/job-client/job.yaml index cc5f2f2896..8c31caa7b4 100644 --- a/acceptance/tests/fixtures/bases/job-client/job.yaml +++ b/acceptance/tests/fixtures/bases/job-client/job.yaml @@ -1,3 +1,6 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + apiVersion: batch/v1 kind: Job metadata: diff --git a/acceptance/tests/fixtures/bases/job-client/service.yaml b/acceptance/tests/fixtures/bases/job-client/service.yaml index 36ec16133a..c18e1dfa2e 100644 --- a/acceptance/tests/fixtures/bases/job-client/service.yaml +++ b/acceptance/tests/fixtures/bases/job-client/service.yaml @@ -1,3 +1,6 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + apiVersion: v1 kind: Service metadata: diff --git a/acceptance/tests/fixtures/bases/job-client/serviceaccount.yaml b/acceptance/tests/fixtures/bases/job-client/serviceaccount.yaml index b4637d4d55..006ea2a836 100644 --- a/acceptance/tests/fixtures/bases/job-client/serviceaccount.yaml +++ b/acceptance/tests/fixtures/bases/job-client/serviceaccount.yaml @@ -1,3 +1,6 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + apiVersion: v1 kind: ServiceAccount metadata: diff --git a/acceptance/tests/fixtures/cases/jobs/job-client-inject-grace-period-0s/kustomization.yaml b/acceptance/tests/fixtures/cases/jobs/job-client-inject-grace-period-0s/kustomization.yaml index d87dbf0481..63bc1d1900 100644 --- a/acceptance/tests/fixtures/cases/jobs/job-client-inject-grace-period-0s/kustomization.yaml +++ b/acceptance/tests/fixtures/cases/jobs/job-client-inject-grace-period-0s/kustomization.yaml @@ -1,3 +1,6 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + resources: - ../../../bases/job-client diff --git a/acceptance/tests/fixtures/cases/jobs/job-client-inject-grace-period-0s/patch.yaml b/acceptance/tests/fixtures/cases/jobs/job-client-inject-grace-period-0s/patch.yaml index 46d1a417ea..24d58895cf 100644 --- a/acceptance/tests/fixtures/cases/jobs/job-client-inject-grace-period-0s/patch.yaml +++ b/acceptance/tests/fixtures/cases/jobs/job-client-inject-grace-period-0s/patch.yaml @@ -1,3 +1,6 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + apiVersion: batch/v1 kind: Job metadata: diff --git a/acceptance/tests/fixtures/cases/jobs/job-client-inject-grace-period-10s/kustomization.yaml b/acceptance/tests/fixtures/cases/jobs/job-client-inject-grace-period-10s/kustomization.yaml index d87dbf0481..63bc1d1900 100644 --- a/acceptance/tests/fixtures/cases/jobs/job-client-inject-grace-period-10s/kustomization.yaml +++ b/acceptance/tests/fixtures/cases/jobs/job-client-inject-grace-period-10s/kustomization.yaml @@ -1,3 +1,6 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + resources: - ../../../bases/job-client diff --git a/acceptance/tests/fixtures/cases/jobs/job-client-inject-grace-period-10s/patch.yaml b/acceptance/tests/fixtures/cases/jobs/job-client-inject-grace-period-10s/patch.yaml index 4db2df127e..eb2774bceb 100644 --- a/acceptance/tests/fixtures/cases/jobs/job-client-inject-grace-period-10s/patch.yaml +++ b/acceptance/tests/fixtures/cases/jobs/job-client-inject-grace-period-10s/patch.yaml @@ -1,3 +1,6 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + apiVersion: batch/v1 kind: Job metadata: diff --git a/acceptance/tests/fixtures/cases/jobs/job-client-inject/patch.yaml b/acceptance/tests/fixtures/cases/jobs/job-client-inject/patch.yaml index 5f390c1f7e..338dadce18 100644 --- a/acceptance/tests/fixtures/cases/jobs/job-client-inject/patch.yaml +++ b/acceptance/tests/fixtures/cases/jobs/job-client-inject/patch.yaml @@ -1,3 +1,6 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + apiVersion: batch/v1 kind: Job metadata: diff --git a/charts/consul/templates/crd-ingressgateways.yaml b/charts/consul/templates/crd-ingressgateways.yaml index a01fafd8dd..9fa5ef7edd 100644 --- a/charts/consul/templates/crd-ingressgateways.yaml +++ b/charts/consul/templates/crd-ingressgateways.yaml @@ -78,6 +78,43 @@ spec: while waiting for a connection to be established. format: int32 type: integer + passiveHealthCheck: + description: PassiveHealthCheck configuration determines how upstream + proxy instances will be monitored for removal from the load + balancing pool. + properties: + baseEjectionTime: + description: The base time that a host is ejected for. The + real time is equal to the base time multiplied by the number + of times the host has been ejected and is capped by max_ejection_time + (Default 300s). Defaults to 30s. + type: string + enforcingConsecutive5xx: + description: EnforcingConsecutive5xx is the % chance that + a host will be actually ejected when an outlier status is + detected through consecutive 5xx. This setting can be used + to disable ejection or to ramp it up slowly. Ex. Setting + this to 10 will make it a 10% chance that the host will + be ejected. + format: int32 + type: integer + interval: + description: Interval between health check analysis sweeps. + Each sweep may remove hosts or return hosts to the pool. + Ex. setting this to "10s" will set the interval to 10 seconds. + type: string + maxEjectionPercent: + description: The maximum % of an upstream cluster that can + be ejected due to outlier detection. Defaults to 10% but + will eject at least one host regardless of the value. + format: int32 + type: integer + maxFailures: + description: MaxFailures is the count of consecutive failures + that results in a host being removed from the pool. + format: int32 + type: integer + type: object type: object listeners: description: Listeners declares what ports the ingress gateway should @@ -157,6 +194,47 @@ spec: service is located. Partitioning is a Consul Enterprise feature. type: string + passiveHealthCheck: + description: PassiveHealthCheck configuration determines + how upstream proxy instances will be monitored for removal + from the load balancing pool. + properties: + baseEjectionTime: + description: The base time that a host is ejected + for. The real time is equal to the base time multiplied + by the number of times the host has been ejected + and is capped by max_ejection_time (Default 300s). + Defaults to 30s. + type: string + enforcingConsecutive5xx: + description: EnforcingConsecutive5xx is the % chance + that a host will be actually ejected when an outlier + status is detected through consecutive 5xx. This + setting can be used to disable ejection or to ramp + it up slowly. Ex. Setting this to 10 will make it + a 10% chance that the host will be ejected. + format: int32 + type: integer + interval: + description: Interval between health check analysis + sweeps. Each sweep may remove hosts or return hosts + to the pool. Ex. setting this to "10s" will set + the interval to 10 seconds. + type: string + maxEjectionPercent: + description: The maximum % of an upstream cluster + that can be ejected due to outlier detection. Defaults + to 10% but will eject at least one host regardless + of the value. + format: int32 + type: integer + maxFailures: + description: MaxFailures is the count of consecutive + failures that results in a host being removed from + the pool. + format: int32 + type: integer + type: object requestHeaders: description: Allow HTTP header manipulation to be configured. properties: diff --git a/charts/consul/templates/crd-servicedefaults.yaml b/charts/consul/templates/crd-servicedefaults.yaml index 870f5ad86c..fe84254bad 100644 --- a/charts/consul/templates/crd-servicedefaults.yaml +++ b/charts/consul/templates/crd-servicedefaults.yaml @@ -291,18 +291,22 @@ spec: The real time is equal to the base time multiplied by the number of times the host has been ejected and is capped by max_ejection_time (Default 300s). Defaults - to 30000ms or 30s. + to 30s. type: string enforcingConsecutive5xx: description: EnforcingConsecutive5xx is the % chance that a host will be actually ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. + Ex. Setting this to 10 will make it a 10% chance that + the host will be ejected. format: int32 type: integer interval: description: Interval between health check analysis sweeps. Each sweep may remove hosts or return hosts to the pool. + Ex. setting this to "10s" will set the interval to 10 + seconds. type: string maxEjectionPercent: description: The maximum % of an upstream cluster that @@ -408,19 +412,22 @@ spec: The real time is equal to the base time multiplied by the number of times the host has been ejected and is capped by max_ejection_time (Default 300s). Defaults - to 30000ms or 30s. + to 30s. type: string enforcingConsecutive5xx: description: EnforcingConsecutive5xx is the % chance that a host will be actually ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. + Ex. Setting this to 10 will make it a 10% chance that + the host will be ejected. format: int32 type: integer interval: description: Interval between health check analysis sweeps. Each sweep may remove hosts or return hosts - to the pool. + to the pool. Ex. setting this to "10s" will set the + interval to 10 seconds. type: string maxEjectionPercent: description: The maximum % of an upstream cluster that diff --git a/control-plane/api/v1alpha1/ingressgateway_types.go b/control-plane/api/v1alpha1/ingressgateway_types.go index 64e024fbd5..c781ab8cc8 100644 --- a/control-plane/api/v1alpha1/ingressgateway_types.go +++ b/control-plane/api/v1alpha1/ingressgateway_types.go @@ -6,7 +6,6 @@ package v1alpha1 import ( "encoding/json" "fmt" - "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" "github.com/hashicorp/consul-k8s/control-plane/api/common" @@ -77,6 +76,9 @@ type IngressServiceConfig struct { // will be allowed at a single point in time. Use this to limit HTTP/2 traffic, // since HTTP/2 has many requests per connection. MaxConcurrentRequests *uint32 `json:"maxConcurrentRequests,omitempty"` + // PassiveHealthCheck configuration determines how upstream proxy instances will + // be monitored for removal from the load balancing pool. + PassiveHealthCheck *PassiveHealthCheck `json:"passiveHealthCheck,omitempty"` } type GatewayTLSConfig struct { @@ -364,6 +366,7 @@ func (in IngressService) toConsul() capi.IngressService { MaxConnections: in.MaxConnections, MaxPendingRequests: in.MaxPendingRequests, MaxConcurrentRequests: in.MaxConcurrentRequests, + PassiveHealthCheck: in.PassiveHealthCheck.toConsul(), } } @@ -468,5 +471,6 @@ func (in *IngressServiceConfig) toConsul() *capi.IngressServiceConfig { MaxConnections: in.MaxConnections, MaxPendingRequests: in.MaxPendingRequests, MaxConcurrentRequests: in.MaxConcurrentRequests, + PassiveHealthCheck: in.PassiveHealthCheck.toConsul(), } } diff --git a/control-plane/api/v1alpha1/ingressgateway_types_test.go b/control-plane/api/v1alpha1/ingressgateway_types_test.go index dd1c3835e0..73b53f5fff 100644 --- a/control-plane/api/v1alpha1/ingressgateway_types_test.go +++ b/control-plane/api/v1alpha1/ingressgateway_types_test.go @@ -13,6 +13,7 @@ import ( "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/pointer" ) func TestIngressGateway_MatchesConsul(t *testing.T) { @@ -70,6 +71,17 @@ func TestIngressGateway_MatchesConsul(t *testing.T) { MaxConnections: &defaultMaxConnections, MaxPendingRequests: &defaultMaxPendingRequests, MaxConcurrentRequests: &defaultMaxConcurrentRequests, + PassiveHealthCheck: &PassiveHealthCheck{ + Interval: metav1.Duration{ + Duration: 2 * time.Second, + }, + MaxFailures: uint32(20), + EnforcingConsecutive5xx: pointer.Uint32(100), + MaxEjectionPercent: pointer.Uint32(10), + BaseEjectionTime: &metav1.Duration{ + Duration: 10 * time.Second, + }, + }, }, Listeners: []IngressListener{ { @@ -170,6 +182,13 @@ func TestIngressGateway_MatchesConsul(t *testing.T) { MaxConnections: &defaultMaxConnections, MaxPendingRequests: &defaultMaxPendingRequests, MaxConcurrentRequests: &defaultMaxConcurrentRequests, + PassiveHealthCheck: &capi.PassiveHealthCheck{ + Interval: 2 * time.Second, + MaxFailures: uint32(20), + EnforcingConsecutive5xx: pointer.Uint32(100), + MaxEjectionPercent: pointer.Uint32(10), + BaseEjectionTime: pointer.Duration(10 * time.Second), + }, }, Listeners: []capi.IngressListener{ { @@ -332,6 +351,17 @@ func TestIngressGateway_ToConsul(t *testing.T) { MaxConnections: &defaultMaxConnections, MaxPendingRequests: &defaultMaxPendingRequests, MaxConcurrentRequests: &defaultMaxConcurrentRequests, + PassiveHealthCheck: &PassiveHealthCheck{ + Interval: metav1.Duration{ + Duration: 2 * time.Second, + }, + MaxFailures: uint32(20), + EnforcingConsecutive5xx: pointer.Uint32(100), + MaxEjectionPercent: pointer.Uint32(10), + BaseEjectionTime: &metav1.Duration{ + Duration: 10 * time.Second, + }, + }, }, Listeners: []IngressListener{ { @@ -431,6 +461,13 @@ func TestIngressGateway_ToConsul(t *testing.T) { MaxConnections: &defaultMaxConnections, MaxPendingRequests: &defaultMaxPendingRequests, MaxConcurrentRequests: &defaultMaxConcurrentRequests, + PassiveHealthCheck: &capi.PassiveHealthCheck{ + Interval: 2 * time.Second, + MaxFailures: uint32(20), + EnforcingConsecutive5xx: pointer.Uint32(100), + MaxEjectionPercent: pointer.Uint32(10), + BaseEjectionTime: pointer.Duration(10 * time.Second), + }, }, Listeners: []capi.IngressListener{ { diff --git a/control-plane/api/v1alpha1/servicedefaults_types.go b/control-plane/api/v1alpha1/servicedefaults_types.go index 54044cb3a8..2896475f75 100644 --- a/control-plane/api/v1alpha1/servicedefaults_types.go +++ b/control-plane/api/v1alpha1/servicedefaults_types.go @@ -187,7 +187,8 @@ type UpstreamLimits struct { // be monitored for removal from the load balancing pool. type PassiveHealthCheck struct { // Interval between health check analysis sweeps. Each sweep may remove - // hosts or return hosts to the pool. + // hosts or return hosts to the pool. Ex. setting this to "10s" will set + // the interval to 10 seconds. Interval metav1.Duration `json:"interval,omitempty"` // MaxFailures is the count of consecutive failures that results in a host // being removed from the pool. @@ -195,13 +196,14 @@ type PassiveHealthCheck struct { // EnforcingConsecutive5xx is the % chance that a host will be actually ejected // when an outlier status is detected through consecutive 5xx. // This setting can be used to disable ejection or to ramp it up slowly. + // Ex. Setting this to 10 will make it a 10% chance that the host will be ejected. EnforcingConsecutive5xx *uint32 `json:"enforcingConsecutive5xx,omitempty"` // The maximum % of an upstream cluster that can be ejected due to outlier detection. // Defaults to 10% but will eject at least one host regardless of the value. MaxEjectionPercent *uint32 `json:"maxEjectionPercent,omitempty"` // The base time that a host is ejected for. The real time is equal to the base time // multiplied by the number of times the host has been ejected and is capped by - // max_ejection_time (Default 300s). Defaults to 30000ms or 30s. + // max_ejection_time (Default 300s). Defaults to 30s. BaseEjectionTime *metav1.Duration `json:"baseEjectionTime,omitempty"` } diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_ingressgateways.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_ingressgateways.yaml index fd8ebc86ff..e9994d8457 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_ingressgateways.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_ingressgateways.yaml @@ -74,6 +74,43 @@ spec: while waiting for a connection to be established. format: int32 type: integer + passiveHealthCheck: + description: PassiveHealthCheck configuration determines how upstream + proxy instances will be monitored for removal from the load + balancing pool. + properties: + baseEjectionTime: + description: The base time that a host is ejected for. The + real time is equal to the base time multiplied by the number + of times the host has been ejected and is capped by max_ejection_time + (Default 300s). Defaults to 30s. + type: string + enforcingConsecutive5xx: + description: EnforcingConsecutive5xx is the % chance that + a host will be actually ejected when an outlier status is + detected through consecutive 5xx. This setting can be used + to disable ejection or to ramp it up slowly. Ex. Setting + this to 10 will make it a 10% chance that the host will + be ejected. + format: int32 + type: integer + interval: + description: Interval between health check analysis sweeps. + Each sweep may remove hosts or return hosts to the pool. + Ex. setting this to "10s" will set the interval to 10 seconds. + type: string + maxEjectionPercent: + description: The maximum % of an upstream cluster that can + be ejected due to outlier detection. Defaults to 10% but + will eject at least one host regardless of the value. + format: int32 + type: integer + maxFailures: + description: MaxFailures is the count of consecutive failures + that results in a host being removed from the pool. + format: int32 + type: integer + type: object type: object listeners: description: Listeners declares what ports the ingress gateway should @@ -153,6 +190,47 @@ spec: service is located. Partitioning is a Consul Enterprise feature. type: string + passiveHealthCheck: + description: PassiveHealthCheck configuration determines + how upstream proxy instances will be monitored for removal + from the load balancing pool. + properties: + baseEjectionTime: + description: The base time that a host is ejected + for. The real time is equal to the base time multiplied + by the number of times the host has been ejected + and is capped by max_ejection_time (Default 300s). + Defaults to 30s. + type: string + enforcingConsecutive5xx: + description: EnforcingConsecutive5xx is the % chance + that a host will be actually ejected when an outlier + status is detected through consecutive 5xx. This + setting can be used to disable ejection or to ramp + it up slowly. Ex. Setting this to 10 will make it + a 10% chance that the host will be ejected. + format: int32 + type: integer + interval: + description: Interval between health check analysis + sweeps. Each sweep may remove hosts or return hosts + to the pool. Ex. setting this to "10s" will set + the interval to 10 seconds. + type: string + maxEjectionPercent: + description: The maximum % of an upstream cluster + that can be ejected due to outlier detection. Defaults + to 10% but will eject at least one host regardless + of the value. + format: int32 + type: integer + maxFailures: + description: MaxFailures is the count of consecutive + failures that results in a host being removed from + the pool. + format: int32 + type: integer + type: object requestHeaders: description: Allow HTTP header manipulation to be configured. properties: diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_servicedefaults.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_servicedefaults.yaml index 5a2c7a58fd..d4d639e55c 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_servicedefaults.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_servicedefaults.yaml @@ -287,18 +287,22 @@ spec: The real time is equal to the base time multiplied by the number of times the host has been ejected and is capped by max_ejection_time (Default 300s). Defaults - to 30000ms or 30s. + to 30s. type: string enforcingConsecutive5xx: description: EnforcingConsecutive5xx is the % chance that a host will be actually ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. + Ex. Setting this to 10 will make it a 10% chance that + the host will be ejected. format: int32 type: integer interval: description: Interval between health check analysis sweeps. Each sweep may remove hosts or return hosts to the pool. + Ex. setting this to "10s" will set the interval to 10 + seconds. type: string maxEjectionPercent: description: The maximum % of an upstream cluster that @@ -404,19 +408,22 @@ spec: The real time is equal to the base time multiplied by the number of times the host has been ejected and is capped by max_ejection_time (Default 300s). Defaults - to 30000ms or 30s. + to 30s. type: string enforcingConsecutive5xx: description: EnforcingConsecutive5xx is the % chance that a host will be actually ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. + Ex. Setting this to 10 will make it a 10% chance that + the host will be ejected. format: int32 type: integer interval: description: Interval between health check analysis sweeps. Each sweep may remove hosts or return hosts - to the pool. + to the pool. Ex. setting this to "10s" will set the + interval to 10 seconds. type: string maxEjectionPercent: description: The maximum % of an upstream cluster that