* chore: improve CI backports by backporting new workflows
Even though these files aren't used, adding them prevents backport
failures for common changes that are backported n-2 versions.
* chore: improve CI backports by backporting new workflows (1.16)
Even though these files aren't used, adding them prevents backport
failures for common changes that are backported n-2 versions.
[1.15.x] agent: remove data race in agent config (#20200)
To fix an issue displaying the current reloaded config in the
v1/agent/self endpoint #18681 caused the agent's internal
config struct member to be deepcopied and replaced on reload.
This is not safe because the field is not protected by a lock, nor
should it be due to how it is accessed by the rest of the system.
This PR does the same deepcopy, but into a new field solely for
the point of capturing the current reloaded values for display
purposes. If there has been no reload then the original config is used.
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
* backport of commit fead597130
* Various test fixes.
* Fix race condition in reconcilePeering.
This resolves an issue where a peering object in the state store was
incorrectly mutated by a function, resulting in the test being flagged as
failing when the -race flag was used.
---------
Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
* Revert "Backport into 1.15 of NET-6944 - Replace usage of deprecated Envoy field envoy.extensions.filters.http.lua.v3.Lua.inline_code (#20052)"
This reverts commit d99c27b355.
* Revert "Backport of NET-4774 - replace usage of deprecated Envoy field match_subject_alt_names into release/1.15.x (#20055)"
This reverts commit dbc87ca992.
* Revert "Backport of NET-6942 - Replace usage of deprecated Envoy field envoy.config.cluster.v3.Cluster.http_protocol_options. into release/1.15.x (#20031)"
This reverts commit 3b70b66ecf.
* Revert "Backport of NET-6317 - update usage of deprecated fields: http2_protocol_options and access_log_path into release/1.15.x (#19951)"
This reverts commit 1268d067c8.
Revert "Backport of NET-6943 - Replace usage of deprecated Envoy field envoy.config.router.v3.WeightedCluster.total_weight. into release/1.15.x (#20059)"
This reverts commit ca07c058b6.
NET-6943 - Replace usage of deprecated Envoy field envoy.config.router.v3.WeightedCluster.total_weight. (#20011)
Co-authored-by: John Murret <john.murret@hashicorp.com>
* backport of commit 63030c8bb6
* backport of commit f40a132a83
* fix license for backport
---------
Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Fix ClusterLoadAssignment timeouts dropping endpoints.
When a large number of upstreams are configured on a single envoy
proxy, there was a chance that it would timeout when waiting for
ClusterLoadAssignments. While this doesn't always immediately cause
issues, consul-dataplane instances appear to consistently drop
endpoints from their configurations after an xDS connection is
re-established (the server dies, random disconnect, etc).
This commit adds an `xds_fetch_timeout_ms` config to service registrations
so that users can set the value higher for large instances that have
many upstreams. The timeout can be disabled by setting a value of `0`.
This configuration was introduced to reduce the risk of causing a
breaking change for users if there is ever a scenario where endpoints
would never be received. Rather than just always blocking indefinitely
or for a significantly longer period of time, this config will affect
only the service instance associated with it.
Fix xDS missing endpoint race condition.
This fixes the following race condition:
- Send update endpoints
- Send update cluster
- Recv ACK endpoints
- Recv ACK cluster
Prior to this fix, it would have resulted in the endpoints NOT existing in
Envoy. This occurred because the cluster update implicitly clears the endpoints
in Envoy, but we would never re-send the endpoint data to compensate for the
loss, because we would incorrectly ACK the invalid old endpoint hash. Since the
endpoint's hash did not actually change, they would not be resent.
The fix for this is to effectively clear out the invalid pending ACKs for child
resources whenever the parent changes. This ensures that we do not store the
child's hash as accepted when the race occurs.
An escape-hatch environment variable `XDS_PROTOCOL_LEGACY_CHILD_RESEND` was
added so that users can revert back to the old legacy behavior in the event
that this produces unknown side-effects.
This bug report and fix was mostly implemented by @ksmiley with some minor
tweaks.
Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
Co-authored-by: Keith Smiley <ksmiley@salesforce.com>
backport of commit af6045cdf1
Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com>
* backport of commit 06507fe053
* backport of commit 14e160573d
* backport of commit 088ec70f90
---------
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
hc-github-team-consul-core