Backport of Adds PassiveHealthCheck Fields to ServiceDefaults and IngressGateway into release/1.16.x (#18947)

* Adds PassiveHealthCheck Fields to ServiceDefaults and IngressGateway (#18532)

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
pull/18987/head
hc-github-team-consul-core 2023-09-22 13:08:22 -04:00 committed by GitHub
parent a6a8312aee
commit e81b8a3964
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 158 additions and 131 deletions

View File

@ -42,9 +42,11 @@ The following list describes the configuration hierarchy, language-specific data
- [`MaxPendingRequests`](#defaults-maxpendingrequests): number - [`MaxPendingRequests`](#defaults-maxpendingrequests): number
- [`MaxConcurrentRequests`](#defaults-maxconcurrentrequests): number - [`MaxConcurrentRequests`](#defaults-maxconcurrentrequests): number
- [`PassiveHealthCheck`](#defaults-passivehealthcheck): map - [`PassiveHealthCheck`](#defaults-passivehealthcheck): map
- [`interval`](#defaults-passivehealthcheck): number - [`Interval`](#defaults-passivehealthcheck): number
- [`max_failures`](#defaults-passivehealthcheck): number - [`MaxFailures`](#defaults-passivehealthcheck): number
- [`enforcing_consecutive_5xx`](#defaults-passivehealthcheck): number - [`EnforcingConsecutive5xx`](#defaults-passivehealthcheck): number
- [`MaxEjectionPercent`](#defaults-passivehealthcheck): number
- [`BaseEjectionTime`](#defaults-passivehealthcheck): string
- [`Listeners`](#listeners): list of maps - [`Listeners`](#listeners): list of maps
- [`Port`](#listeners-port): number | `0` - [`Port`](#listeners-port): number | `0`
- [`Protocol`](#listeners-protocol): number | `tcp` - [`Protocol`](#listeners-protocol): number | `tcp`
@ -69,9 +71,11 @@ The following list describes the configuration hierarchy, language-specific data
- [`MaxPendingRequests`](#listeners-services-maxconnections): number | `0` - [`MaxPendingRequests`](#listeners-services-maxconnections): number | `0`
- [`MaxConcurrentRequests`](#listeners-services-maxconnections): number | `0` - [`MaxConcurrentRequests`](#listeners-services-maxconnections): number | `0`
- [`PassiveHealthCheck`](#listeners-services-passivehealthcheck): map - [`PassiveHealthCheck`](#listeners-services-passivehealthcheck): map
- [`interval`](#listeners-services-passivehealthcheck): number - [`Interval`](#listeners-services-passivehealthcheck): number
- [`max_failures`](#listeners-services-passivehealthcheck): number - [`MaxFailures`](#listeners-services-passivehealthcheck): number
- [`enforcing_consecutive_5xx`](#listeners-services-passivehealthcheck): number - [`EnforcingConsecutive5xx`](#listeners-services-passivehealthcheck): number
- [`MaxEjectionPercent`](#listeners-services-passivehealthcheck): number
- [`BaseEjectionTime`](#listeners-services-passivehealthcheck): string
- [`TLS`](#listeners-tls): map - [`TLS`](#listeners-tls): map
- [`Enabled`](#listeners-tls-enabled): boolean | `false` - [`Enabled`](#listeners-tls-enabled): boolean | `false`
- [`TLSMinVersion`](#listeners-tls-tlsminversion): string | `TLSv1_2` - [`TLSMinVersion`](#listeners-tls-tlsminversion): string | `TLSv1_2`
@ -104,9 +108,11 @@ The following list describes the configuration hierarchy, language-specific data
- [`maxPendingRequests`](#spec-defaults-maxpendingrequests): number - [`maxPendingRequests`](#spec-defaults-maxpendingrequests): number
- [`maxConcurrentRequests`](#spec-defaults-maxconcurrentrequests): number - [`maxConcurrentRequests`](#spec-defaults-maxconcurrentrequests): number
- [`passiveHealthCheck`](#spec-defaults-passivehealthcheck): map - [`passiveHealthCheck`](#spec-defaults-passivehealthcheck): map
- [`interval`](#spec-defaults-passivehealthcheck): number | no proxy's default value - [`interval`](#spec-defaults-passivehealthcheck): string
- [`max_failures`](#spec-defaults-passivehealthcheck): number | no proxy's default value - [`maxFailures`](#spec-defaults-passivehealthcheck): integer
- [`enforcing_consecutive_5xx`](#spec-defaults-passivehealthcheck): number | proxy's default value - [`enforcingConsecutive5xx`](#spec-defaults-passivehealthcheck): number
- [`maxEjectionPercent`](#spec-defaults-passivehealthcheck): number
- [`baseEjectionTime`](#spec-defaults-passivehealthcheck): string
- [`listeners`](#spec-listeners): list of maps - [`listeners`](#spec-listeners): list of maps
- [`port`](#spec-listeners-port): number | `0` - [`port`](#spec-listeners-port): number | `0`
- [`protocol`](#spec-listeners-protocol): number | `tcp` - [`protocol`](#spec-listeners-protocol): number | `tcp`
@ -131,9 +137,11 @@ The following list describes the configuration hierarchy, language-specific data
- [`maxPendingRequests`](#spec-listeners-services-maxconnections): number | `0` - [`maxPendingRequests`](#spec-listeners-services-maxconnections): number | `0`
- [`maxConcurrentRequests`](#spec-listeners-services-maxconnections): number | `0` - [`maxConcurrentRequests`](#spec-listeners-services-maxconnections): number | `0`
- [`passiveHealthCheck`](#spec-listeners-services-passivehealthcheck): map - [`passiveHealthCheck`](#spec-listeners-services-passivehealthcheck): map
- [`interval`](#spec-listeners-services-passivehealthcheck): number - [`interval`](#spec-listeners-services-passivehealthcheck): string
- [`max_failures`](#spec-listeners-services-passivehealthcheck): number - [`maxFailures`](#spec-listeners-services-passivehealthcheck): number
- [`enforcing_consecutive_5xx`](#spec-listeners-services-passivehealthcheck): number - [`enforcingConsecutive5xx`](#spec-listeners-services-passivehealthcheck): number
- [`maxEjectionPercent`](#spec-listeners-services-passivehealthcheck): integer
- [`baseEjectionTime`](#spec-listeners-services-passivehealthcheck): string
- [`tls`](#spec-listeners-tls): map - [`tls`](#spec-listeners-tls): map
- [`enabled`](#spec-listeners-tls-enabled): boolean | `false` - [`enabled`](#spec-listeners-tls-enabled): boolean | `false`
- [`tlsMinVersion`](#spec-listeners-tls-tlsminversion): string | `TLSv1_2` - [`tlsMinVersion`](#spec-listeners-tls-tlsminversion): string | `TLSv1_2`
@ -176,13 +184,15 @@ TLS = {
} }
} }
Defaults = { Defaults = {
MaxConnections = 0 MaxConnections = <number>
MaxPendingRequests = 0 MaxPendingRequests = <number>
MaxConcurrentRequests = 0 MaxConcurrentRequests = <number>
PassiveHealthCheck = { PassiveHealthCheck = {
interval = 10 Interval = "<the time between checks>"
max_failures = 5 MaxFailures = <number>
enforcing_consecutive_5xx = 100 EnforcingConsecutive5xx = <number>
MaxEjectionPercent = <number>
BaseEjectionTime = "<the base time that a host is ejected for>"
} }
} }
Listeners = [ Listeners = [
@ -216,7 +226,7 @@ Listeners = [
ResponseHeaderName = "<response header value to set>" ResponseHeaderName = "<response header value to set>"
} }
Remove = [ Remove = [
"<response header remove>" "<response header to remove>"
] ]
} }
TLS = { TLS = {
@ -229,9 +239,11 @@ Listeners = [
MaxPendingRequests = <number> MaxPendingRequests = <number>
MaxConcurrentRequests = <number> MaxConcurrentRequests = <number>
PassiveHealthCheck = { PassiveHealthCheck = {
interval = 10 Interval = "<the time between checks>"
max_failures = 5 MaxFailures = <number>
enforcing_consecutive_5xx = 100 EnforcingConsecutive5xx = <number>
MaxEjectionPercent = <number>
BaseEjectionTime = "<the base time that a host is ejected for>"
} }
}] }]
TLS = { TLS = {
@ -271,13 +283,15 @@ spec:
clusterName: <name of SDS cluster> clusterName: <name of SDS cluster>
certResource: <SDS resource name> certResource: <SDS resource name>
defaults: defaults:
maxConnections: 0 maxConnections: <number>
maxPendingRequests: 0 maxPendingRequests: <number>
maxConcurrentRequests: 0 maxConcurrentRequests: <number>
passiveHealthCheck: passiveHealthCheck:
interval: 10 interval: "<the time between checks>"
max_failures: 5 maxFailures: <number>
enforcing_consecutive_5xx: 100 enforcingConsecutive5xx: <number>
maxEjectionPercent: <number>
baseEjectionTime: "<the base time that a host is ejected for>"
listeners: listeners:
- port: 0 - port: 0
protocol: tcp protocol: tcp
@ -292,7 +306,7 @@ spec:
requestHeaderName: <request header value to add> requestHeaderName: <request header value to add>
set: set:
requestHeaderName: <request header value to set> requestHeaderName: <request header value to set>
remove: remove:
- <request header to remove> - <request header to remove>
responseHeaders: responseHeaders:
add: add:
@ -300,7 +314,7 @@ spec:
set: set:
responseHeaderName: <response header value to set> responseHeaderName: <response header value to set>
remove: remove:
- <response header remove> - <response header to remove>
tls: tls:
sds: sds:
clusterName: <name of SDS cluster> clusterName: <name of SDS cluster>
@ -309,9 +323,11 @@ spec:
maxPendingRequests: <number> maxPendingRequests: <number>
maxConcurrentRequests: <number> maxConcurrentRequests: <number>
passiveHealthCheck: passiveHealthCheck:
interval: 10 interval: "<the time between checks>"
max_failures: 5 maxFailures: <number>
enforcing_consecutive_5xx: 100 enforcingConsecutive5xx:<number>
maxEjectionPercent: <number>
baseEjectionTime: "<the base time that a host is ejected for>"
tls: tls:
enabled: false enabled: false
tlsMinVersion: TLSv1_2 tlsMinVersion: TLSv1_2
@ -349,9 +365,9 @@ spec:
} }
}, },
"Defaults" : { "Defaults" : {
"MaxConnections" : 0, "MaxConnections" : <number>,
"MaxPendingRequests" : 0, "MaxPendingRequests" : <number>,
"MaxConcurrentRequests": 0, "MaxConcurrentRequests": <number>,
"PassiveHealthCheck" : { "PassiveHealthCheck" : {
"interval": "<the time between checks>", "interval": "<the time between checks>",
"maxFailures": <number>, "maxFailures": <number>,
@ -391,7 +407,7 @@ spec:
"ResponseHeaderName" : "<response header value to set>" "ResponseHeaderName" : "<response header value to set>"
}, },
"Remove" : [ "Remove" : [
"<response header remove>" "<response header to remove>"
] ]
}, },
"TLS" : { "TLS" : {
@ -406,10 +422,9 @@ spec:
"PassiveHealthCheck" : { "PassiveHealthCheck" : {
"interval": "<the time between checks>", "interval": "<the time between checks>",
"maxFailures": <number>, "maxFailures": <number>,
"enforcingConsecutive5xx":<number>, "enforcingConsecutive5xx": <number>,
"maxEjectionPercent": <number>, "maxEjectionPercent": <number>,
"baseEjectionTime": "<the base time that a host is ejected for>" "baseEjectionTime": "<the base time that a host is ejected for>"
}
} }
], ],
"TLS" : { "TLS" : {
@ -636,9 +651,11 @@ The following table describes the configurations for passive health checks:
| Parameter | Description | Data type | Default | | Parameter | Description | Data type | Default |
| --- | --- | --- | --- | | --- | --- | --- | --- |
| `interval` | Specifies the time in nanoseconds between checks. | Integer | Proxy's default configuration, which is `10` for Envoy | | `Interval` | Specifies the time between checks. | string | `0s` |
| `max_failures` | Specifies the number of consecutive failures that cause a host to be removed from the upstream cluster. | Integer | Proxy's default configuration, which is `5` for Envoy | | `MaxFailures` | Specifies the number of consecutive failures allowed per check interval. If exceeded, Consul removes the host from the load balancer. | integer | `0` |
| `enforcing_consecutive_5xx` | Specifies a percentage that indicates how many times out of 100 that Consul ejects the host when it detects an outlier status. The outlier status is determined by consecutive errors in the 500-599 response range. | Integer | Proxy's default configuration, which is `100` for Envoy | | `EnforcingConsecutive5xx` | Specifies a percentage that indicates how many times out of 100 that Consul ejects the host when it detects an outlier status. The outlier status is determined by consecutive errors in the 500-599 response range. | integer | `100` |
| `MaxEjectionPercent` | Specifies the maximum percentage of an upstream cluster that Consul ejects when the proxy reports an outlier. Consul ejects at least one host when an outlier is detected regardless of the value. | integer | `10` |
| `BaseEjectionTime` | Specifies the minimum amount of time that an ejected host must remain outside the cluster before rejoining. The real time is equal to the value of the `BaseEjectionTime` multiplied by the number of times the host has been ejected. | string | `30s` |
### `Listeners[]` ### `Listeners[]`
@ -871,9 +888,11 @@ The following table describes the configurations for passive health checks:
| Parameter | Description | Data type | Default | | Parameter | Description | Data type | Default |
| --- | --- | --- | --- | | --- | --- | --- | --- |
| `interval` | Specifies the time in nanoseconds between checks. | Integer | Proxy's default configuration, which is `10` for Envoy | | `Interval` | Specifies the time between checks. | string | `0s` |
| `max_failures` | Specifies the number of consecutive failures that cause a host to be removed from the upstream cluster. | Integer | Proxy's default configuration, which is `5` for Envoy | | `MaxFailures` | Specifies the number of consecutive failures allowed per check interval. If exceeded, Consul removes the host from the load balancer. | integer | `0` |
| `enforcing_consecutive_5xx` | Specifies a percentage that indicates how many times out of 100 that Consul ejects the host when it detects an outlier status. The outlier status is determined by consecutive errors in the 500-599 response range. | Integer | Proxy's default configuration, which is `100` for Envoy | | `EnforcingConsecutive5xx` | Specifies a percentage that indicates how many times out of 100 that Consul ejects the host when it detects an outlier status. The outlier status is determined by consecutive errors in the 500-599 response range. | integer | `100` |
| `MaxEjectionPercent` | Specifies the maximum percentage of an upstream cluster that Consul ejects when the proxy reports an outlier. Consul ejects at least one host when an outlier is detected regardless of the value. | integer | `10` |
| `BaseEjectionTime` | Specifies the minimum amount of time that an ejected host must remain outside the cluster before rejoining. The real time is equal to the value of the `BaseEjectionTime` multiplied by the number of times the host has been ejected. | string | `30s` |
### `Listeners[].TLS` ### `Listeners[].TLS`
@ -1167,9 +1186,11 @@ The following table describes the configurations for passive health checks:
| Parameter | Description | Data type | Default | | Parameter | Description | Data type | Default |
| --- | --- | --- | --- | | --- | --- | --- | --- |
| `interval` | Specifies the time in nanoseconds between checks. | Integer | Proxy's default configuration, which is `10` for Envoy | | `Interval` | Specifies the time between checks. | string | `0s` |
| `max_failures` | Specifies the number of consecutive failures that cause a host to be removed from the upstream cluster. | Integer | Proxy's default configuration, which is `5` for Envoy | | `MaxFailures` | Specifies the number of consecutive failures allowed per check interval. If exceeded, Consul removes the host from the load balancer. | integer | `0` |
| `enforcing_consecutive_5xx` | Specifies a percentage that indicates how many times out of 100 that Consul ejects the host when it detects an outlier status. The outlier status is determined by consecutive errors in the 500-599 response range. | Integer | Proxy's default configuration, which is `100` for Envoy | | `EnforcingConsecutive5xx` | Specifies a percentage that indicates how many times out of 100 that Consul ejects the host when it detects an outlier status. The outlier status is determined by consecutive errors in the 500-599 response range. | integer | `100` |
| `MaxEjectionPercent` | Specifies the maximum percentage of an upstream cluster that Consul ejects when the proxy reports an outlier. Consul ejects at least one host when an outlier is detected regardless of the value. | integer | `10` |
| `BaseEjectionTime` | Specifies the minimum amount of time that an ejected host must remain outside the cluster before rejoining. The real time is equal to the value of the `BaseEjectionTime` multiplied by the number of times the host has been ejected. | string | `30s` |
### `spec.listeners[]` ### `spec.listeners[]`
@ -1403,9 +1424,11 @@ The following table describes the configurations for passive health checks:
| Parameter | Description | Data type | Default | | Parameter | Description | Data type | Default |
| --- | --- | --- | --- | | --- | --- | --- | --- |
| `interval` | Specifies the time in nanoseconds between checks. | Integer | Proxy's default configuration, which is `10` for Envoy | | `Interval` | Specifies the time between checks. | string | `0s` |
| `max_failures` | Specifies the number of consecutive failures that cause a host to be removed from the upstream cluster. | Integer | Proxy's default configuration, which is `5` for Envoy | | `MaxFailures` | Specifies the number of consecutive failures allowed per check interval. If exceeded, Consul removes the host from the load balancer. | integer | `0` |
| `enforcing_consecutive_5xx` | Specifies a percentage that indicates how many times out of 100 that Consul ejects the host when it detects an outlier status. The outlier status is determined by consecutive errors in the 500-599 response range. | Integer | Proxy's default configuration, which is `100` for Envoy | | `EnforcingConsecutive5xx` | Specifies a percentage that indicates how many times out of 100 that Consul ejects the host when it detects an outlier status. The outlier status is determined by consecutive errors in the 500-599 response range. | integer | `100` |
| `MaxEjectionPercent` | Specifies the maximum percentage of an upstream cluster that Consul ejects when the proxy reports an outlier. Consul ejects at least one host when an outlier is detected regardless of the value. | integer | `10` |
| `BaseEjectionTime` | Specifies the minimum amount of time that an ejected host must remain outside the cluster before rejoining. The real time is equal to the value of the `BaseEjectionTime` multiplied by the number of times the host has been ejected. | string | `30s` |
### `spec.listeners[].tls` ### `spec.listeners[].tls`

View File

@ -300,6 +300,8 @@ spec:
interval: "0s" interval: "0s"
maxFailures: 0 maxFailures: 0
enforcingConsecutive5xx: 100 enforcingConsecutive5xx: 100
maxEjectionPercent: 10
baseEjectionTime: "30s"
defaults: defaults:
protocol: <default protocol for the upstream listener> protocol: <default protocol for the upstream listener>
connectTimeoutMs: 5000 connectTimeoutMs: 5000
@ -311,9 +313,11 @@ spec:
maxPendingRequests: 0 maxPendingRequests: 0
maxConcurrentRequests: 0 maxConcurrentRequests: 0
passiveHealthCheck: passiveHealthCheck:
interval: 0s interval: "0s"
maxFailures: 0 maxFailures: 0
enforcingConsecutive5xx: 100 enforcingConsecutive5xx: 100
maxEjectionPercent: 10
baseEjectionTime: "30s"
transparentProxy: transparentProxy:
outboundListenerPort: 15001 outboundListenerPort: 15001
dialedDirectly: false dialedDirectly: false