chore: apply enterprise changes that were missed to some testing files (#19504)
This should align between CE ef35525 and ENT 7f95226dbe40151c8f17dd4464784b60cf358dc1 in:
- testing/integration/consul-container
- test-integ
- testing/deployer
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
testing/deployer: support tproxy in v2 for dataplane (#19094)
This updates the testing/deployer (aka "topology test") framework to allow for a
v2-oriented topology to opt services into enabling TransparentProxy. The restrictions
are similar to that of #19046
The multiport Ports map that was added in #19046 was changed to allow for the
protocol to be specified at this time, but for now the only supported protocol is TCP
as only L4 functions currently on main.
As part of making transparent proxy work, the DNS server needed a new zonefile
for responding to virtual.consul requests, since there is no Kubernetes DNS and
the Consul DNS work for v2 has not happened yet. Once Consul DNS supports v2 we should switch over. For now the format of queries is:
<service>--<namespace>--<partition>.virtual.consul
Additionally:
- All transparent proxy enabled services are assigned a virtual ip in the 10.244.0/24
range. This is something Consul will do in v2 at a later date, likely during 1.18.
- All services with exposed ports (non-mesh) are assigned a virtual port number for use
with tproxy
- The consul-dataplane image has been made un-distroless, and gotten the necessary
tools to execute consul connect redirect-traffic before running dataplane, thus simulating
a kubernetes init container in plain docker.
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
testing/deployer: update deployer to use v2 catalog constructs when requested (#19046)
This updates the testing/deployer (aka "topology test") framework to conditionally
configure and launch catalog constructs using v2 resources. This is controlled via a
Version field on the Node construct in a topology.Config. This only functions for a
dataplane type and has other restrictions that match the rest of v2 (no peering, no
wanfed, no mesh gateways).
Like config entries, you can statically provide a set of initial resources to be synced
when bringing up the cluster (beyond those that are generated for you such as
workloads, services, etc).
If you want to author a test that can be freely converted between v1 and v2 then that
is possible. If you switch to the multi-port definition on a topology.Service (aka
"workload/instance") then that makes v1 ineligible.
This also adds a starter set of "on every PR" integration tests for single and multiport
under test-integ/catalogv2
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
* Upgrade Consul UI to Node 18 (#19252)
* Upgrading node to node 18
* Ensure we're on latest version of yarn as well
* add comma to make frontend tests run
* Use Node 18 Alpine image in UI build dockerfile
* delete package-lock.json
---------
Co-authored-by: wenincode <tyler.wendlandt@hashicorp.com>
Co-authored-by: Ella Cai <ella.y.cai@gmail.com>
Co-authored-by: Ella Cai <ella@hashicorp.com>
* Resetting node 14 on nightly test 1.13
---------
Co-authored-by: Chris Hut <tophernuts@gmail.com>
Co-authored-by: Ella Cai <ella.y.cai@gmail.com>
Co-authored-by: Ella Cai <ella@hashicorp.com>
* backport of commit f142c77956
* backport of commit 79eadd1afd
* backport of commit d269c63a99
* backport of commit 532aad4dbf
* backport of commit 2de83d470f
* backport of commit c8af477a30
* NET-6080 - xds controller golden file inputs into xds resources - destinations (#19244)
* NET-5397 - wire up golden tests from sidecar-proxy controller for xds controller and xdsv2
* WIP
* WIP
* everything matching except leafCerts. need to mock those
* single port destinations working except mixed destinations
* golden test input to xds controller tests for destinations
* proposed fix for failover group naming errors
* clean up test to use helper.
* clean up test to use helper.
* fix test file
* add docstring for test function.
* add docstring for test function.
* fix linting error
* fixing test after route fix merged into main
* first source test works
* WIP
* modify all source files
* source tests pass
* fixing tests after bug fix in main
* got first destination working.
* adding destinations
* fix docstring for test
* fixing tests after bug fix in main
---------
Co-authored-by: John Murret <john.murret@hashicorp.com>
* server: run the api checks against the path without params (#19205)
* Clone proto into deepcopy correctly (#19204)
* chore: update version and nightly CI for 1.17 (#19208)
Update version file to 1.18-dev, and replace 1.13 nightly test with
1.17.
* mesh: add validation hook to proxy configuration (#19186)
* mesh: add more validations to Destinations resource (#19202)
* catalog, mesh: implement missing ACL hooks (#19143)
This change adds ACL hooks to the remaining catalog and mesh resources, excluding any computed ones. Those will for now continue using the default operator:x permissions.
It refactors a lot of the common testing functions so that they can be re-used between resources.
There are also some types that we don't yet support (e.g. virtual IPs) that this change adds ACL hooks to for future-proofing.
* NET-5073 - ProxyConfiguration: implement various connection options (#19187)
* NET-5073 - ProxyConfiguration: implement various connection options
* PR feedback - LocalConnection and InboundConnection do not affect exposed routes. configure L7 route destinations. fix connection proto sequence numbers.
* add timeout to L7 Route Destinations
* Relplat 897 copywrite bot workarounds (#19200)
Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
* mesh: add xRoute ACL hook tenancy tests (#19177)
Enhance the xRoute ACL hook tests to cover tenanted situations.
These tests will only execute in enterprise.
* resource: enforce lowercase v2 resource names (#19218)
* mesh: add DestinationPolicy ACL hook tenancy tests (#19178)
Enhance the DestinationPolicy ACL hook tests to cover tenanted situations.
These tests will only execute in enterprise.
* catalog: add FailoverPolicy ACL hook tenancy test (#19179)
* docs: Multi-port corrections (#19224)
* typo fixes and instruction corrections
* typo
* link path correction
* Add reason why port 53 is not used by default (#19222)
* Update dns-configuration.mdx
* Update website/content/docs/services/discovery/dns-configuration.mdx
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
* v2tenancy: rename v1alpha1 -> v2beta1 (#19227)
* [NET-5944] security: Update Go version to 1.20.10 and `x/net` to 0.17.0 (#19225)
* Bump golang.org/x/net to 0.17.0
This resolves [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325)
/ [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487).
* Update Go version to 1.20.10
This resolves [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325)
/ [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)
(`net/http`).
* NET-6097 - sidecar proxy controller - give name to first failover policy target (#19239)
* Cc 5545: Upgrade HDS packages and modifiers (#19226)
* Upgrade @hashicorp/design-system-tokens to 1.9.0
* Upgrade @hashicorp/design-system-components to 1.8.1
* Upgrade @hashicorp/design-system-components and ember-in-viewport
* Explicitly install ember-modifier@4.1.0
* rename copy-button
* Fix how cleanup is done in with-copyable
* Update aria-menu modifier for new structure
* Update css-prop modifier to new structure
* Convert did-upsert to regular class modifier
* Update notification modifier for new structure
* Update on-oustside modifier for new structure
* Move destroy handler registration in with-copyable
* Update style modifier for new structure
* Update validate modifier for new structure
* Guard against setting on destroyed object
* Upgrade @hashicorp/design-system-components to 2.14.1
* Remove debugger
* Guard against null in aria-menu
* Fix undefined hash in validate addon
* Upgrade ember-on-resize-modifier
* Fix copy button import, missing import and array destructuring
---------
Co-authored-by: wenincode <tyler.wendlandt@hashicorp.com>
* [NET-5810] CE changes for multiple virtual hosts (#19246)
CE changes for multiple virtual hosts
* Net 4893- Ensure we're testing all the latest versions of Vault/Nomad (#19119)
* NET-5592 - update Nomad integration testing
* NET-4893: Ensure we're testing all the latest versions of Vault/Nomad
* docs: Fix example control-plane-request-limit HCL and JSON (#19105)
The control-plane-request-limit config entry does not support
specifying parameter names in snake case format.
This commit updates the HCL and JSON examples to use the supported
camel case key format.
* test: add 1.17 nightly integrations test (#19253)
* fix expose paths (#19257)
When testing adding http probes to apps, I ran into some issues which I fixed here:
- The listener should be listening on the exposed listener port, updated that.
- The listener and route names were pointing to the path of the exposed path. In my test, the path was "/" resulting in an empty string path. Also, the path may not be unique across exposed path listeners, so I decided to use the path+exposed port as the unique identifier.
* docs: Multiport HCP constraint update (#19261)
* Add sentence
* link text adjustment
* docs: Fix multi-port install (#19262)
* Update configure.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Prevent circular dependencies between v2 resources and generate a mermaid diagram with their dependencies (#19230)
* build(docker): always publish full and minor version tags for dev images (#19278)
* fix nightly integration test: envoy version and n-2 version (#19286)
* [NET-6221] Ensure LB policy set for locality-aware routing (CE) (#19283)
Ensure LB policy set for locality-aware routing (CE)
`overprovisioningFactor` should be overridden with the expected value
(100,000) when there are multiple endpoint groups. Update code and
tests to enforce this.
This is an Enterprise feature. This commit represents the CE portions of
the change; tests are added in the corresponding `consul-enterprise`
change.
* fix: allow snake case keys for ip based rate limit config entry (#19277)
* fix: allow snake case keys for ip based rate limit config entry
* chore: add changelog
* reformatted the JSON schema server conf ref (#19288)
* acls,catalog,mesh: properly authorize workload selectors on writes (#19260)
To properly enforce writes on resources that have workload selectors with prefixes, we need another service authorization rule that allows us to check whether read is allowed within a given prefix. Specifically we need to only allow writes if the policy prefix allows for a wider set of names than the prefix selector on the resource. We should also not allow policies with exact names for prefix matches.
Part of [NET-3993]
* NET-6239: Temporarily disable verify envoy check (#19299)
* skip verify envoy version
* cleanup
* Update supported Envoy versions (#19276)
* mesh: provide missing domain to route configurations in ProxyStateTemplate (#19298)
* add empty domains
* update unit tests
* enable verify envoy script (#19303)
* Vault CA bugfixes (#19285)
* Re-add retry logic to Vault token renewal
* Fix goroutine leak
* Add test for detecting goroutine leak
* Add changelog
* Rename tests
* Add comment
* Backout Envoy 1.28.0 (#19306)
* added ent to ce downgrade changes (#19311)
* added ent to ce downgrade changes
* added changelog
* added busl headers
* skip envoy version check in ci (#19315)
* Tenancy Bridge v2 (#19220)
* tenancy bridge v2 for v2 resources
* add missing copywrite headers
* remove branch name causing conflicts (#19319)
* mesh: ensure route configs are named uniquely per port (#19323)
* [NET-5327] Templated policies api/cli docs (#19270)
* More templated policies docs (#19312)
[NET-5327]More templated policies docs
* Fixing docs to add more templated policies references (#19335)
* Upgrade Consul UI to Node 18 (#19252)
* Upgrading node to node 18
* Ensure we're on latest version of yarn as well
* add comma to make frontend tests run
* Use Node 18 Alpine image in UI build dockerfile
* delete package-lock.json
---------
Co-authored-by: wenincode <tyler.wendlandt@hashicorp.com>
Co-authored-by: Ella Cai <ella.y.cai@gmail.com>
Co-authored-by: Ella Cai <ella@hashicorp.com>
* resource: default peername to local in list endpoints (#19340)
* NET-5397 - wire up golden tests from sidecar-proxy controller for xds controller and xdsv2
* WIP
* WIP
* everything matching except leafCerts. need to mock those
* single port destinations working except mixed destinations
* golden test input to xds controller tests for destinations
* proposed fix for failover group naming errors
* clean up test to use helper.
* clean up test to use helper.
* fix test file
* add docstring for test function.
* add docstring for test function.
* fix linting error
* fixing test after route fix merged into main
* first source test works
* WIP
* modify all source files
* backport of commit 17a76f6e24
* backport of commit de5a7c0e11
* backport of commit eb8e27cc48
---------
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com>
Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
Co-authored-by: modrake <12264057+modrake@users.noreply.github.com>
Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
Co-authored-by: Semir Patel <semir.patel@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
Co-authored-by: Chris Hut <tophernuts@gmail.com>
Co-authored-by: wenincode <tyler.wendlandt@hashicorp.com>
Co-authored-by: John Maguire <john.maguire@hashicorp.com>
Co-authored-by: Sophie Gairo <97480023+sophie-gairo@users.noreply.github.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Dan Stough <dan.stough@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com>
Co-authored-by: cskh <hui.kang@hashicorp.com>
Co-authored-by: Poonam Jadhav <poonam.jadhav@hashicorp.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Anita Akaeze <anita.akaeze@hashicorp.com>
Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: aahel <aahel.guha@hashicorp.com>
Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com>
Co-authored-by: Ella Cai <ella.y.cai@gmail.com>
Co-authored-by: Ella Cai <ella@hashicorp.com>
* server: run the api checks against the path without params (#19205)
* Clone proto into deepcopy correctly (#19204)
* chore: update version and nightly CI for 1.17 (#19208)
Update version file to 1.18-dev, and replace 1.13 nightly test with
1.17.
* mesh: add validation hook to proxy configuration (#19186)
* mesh: add more validations to Destinations resource (#19202)
* catalog, mesh: implement missing ACL hooks (#19143)
This change adds ACL hooks to the remaining catalog and mesh resources, excluding any computed ones. Those will for now continue using the default operator:x permissions.
It refactors a lot of the common testing functions so that they can be re-used between resources.
There are also some types that we don't yet support (e.g. virtual IPs) that this change adds ACL hooks to for future-proofing.
* NET-5073 - ProxyConfiguration: implement various connection options (#19187)
* NET-5073 - ProxyConfiguration: implement various connection options
* PR feedback - LocalConnection and InboundConnection do not affect exposed routes. configure L7 route destinations. fix connection proto sequence numbers.
* add timeout to L7 Route Destinations
* Relplat 897 copywrite bot workarounds (#19200)
Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
* mesh: add xRoute ACL hook tenancy tests (#19177)
Enhance the xRoute ACL hook tests to cover tenanted situations.
These tests will only execute in enterprise.
* resource: enforce lowercase v2 resource names (#19218)
* mesh: add DestinationPolicy ACL hook tenancy tests (#19178)
Enhance the DestinationPolicy ACL hook tests to cover tenanted situations.
These tests will only execute in enterprise.
* catalog: add FailoverPolicy ACL hook tenancy test (#19179)
* docs: Multi-port corrections (#19224)
* typo fixes and instruction corrections
* typo
* link path correction
* Add reason why port 53 is not used by default (#19222)
* Update dns-configuration.mdx
* Update website/content/docs/services/discovery/dns-configuration.mdx
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
* v2tenancy: rename v1alpha1 -> v2beta1 (#19227)
* [NET-5944] security: Update Go version to 1.20.10 and `x/net` to 0.17.0 (#19225)
* Bump golang.org/x/net to 0.17.0
This resolves [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325)
/ [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487).
* Update Go version to 1.20.10
This resolves [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325)
/ [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)
(`net/http`).
* NET-6097 - sidecar proxy controller - give name to first failover policy target (#19239)
* Cc 5545: Upgrade HDS packages and modifiers (#19226)
* Upgrade @hashicorp/design-system-tokens to 1.9.0
* Upgrade @hashicorp/design-system-components to 1.8.1
* Upgrade @hashicorp/design-system-components and ember-in-viewport
* Explicitly install ember-modifier@4.1.0
* rename copy-button
* Fix how cleanup is done in with-copyable
* Update aria-menu modifier for new structure
* Update css-prop modifier to new structure
* Convert did-upsert to regular class modifier
* Update notification modifier for new structure
* Update on-oustside modifier for new structure
* Move destroy handler registration in with-copyable
* Update style modifier for new structure
* Update validate modifier for new structure
* Guard against setting on destroyed object
* Upgrade @hashicorp/design-system-components to 2.14.1
* Remove debugger
* Guard against null in aria-menu
* Fix undefined hash in validate addon
* Upgrade ember-on-resize-modifier
* Fix copy button import, missing import and array destructuring
---------
Co-authored-by: wenincode <tyler.wendlandt@hashicorp.com>
* [NET-5810] CE changes for multiple virtual hosts (#19246)
CE changes for multiple virtual hosts
* Net 4893- Ensure we're testing all the latest versions of Vault/Nomad (#19119)
* NET-5592 - update Nomad integration testing
* NET-4893: Ensure we're testing all the latest versions of Vault/Nomad
* docs: Fix example control-plane-request-limit HCL and JSON (#19105)
The control-plane-request-limit config entry does not support
specifying parameter names in snake case format.
This commit updates the HCL and JSON examples to use the supported
camel case key format.
* test: add 1.17 nightly integrations test (#19253)
* fix expose paths (#19257)
When testing adding http probes to apps, I ran into some issues which I fixed here:
- The listener should be listening on the exposed listener port, updated that.
- The listener and route names were pointing to the path of the exposed path. In my test, the path was "/" resulting in an empty string path. Also, the path may not be unique across exposed path listeners, so I decided to use the path+exposed port as the unique identifier.
* docs: Multiport HCP constraint update (#19261)
* Add sentence
* link text adjustment
* docs: Fix multi-port install (#19262)
* Update configure.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Prevent circular dependencies between v2 resources and generate a mermaid diagram with their dependencies (#19230)
* build(docker): always publish full and minor version tags for dev images (#19278)
* fix nightly integration test: envoy version and n-2 version (#19286)
* [NET-6221] Ensure LB policy set for locality-aware routing (CE) (#19283)
Ensure LB policy set for locality-aware routing (CE)
`overprovisioningFactor` should be overridden with the expected value
(100,000) when there are multiple endpoint groups. Update code and
tests to enforce this.
This is an Enterprise feature. This commit represents the CE portions of
the change; tests are added in the corresponding `consul-enterprise`
change.
* fix: allow snake case keys for ip based rate limit config entry (#19277)
* fix: allow snake case keys for ip based rate limit config entry
* chore: add changelog
* reformatted the JSON schema server conf ref (#19288)
* acls,catalog,mesh: properly authorize workload selectors on writes (#19260)
To properly enforce writes on resources that have workload selectors with prefixes, we need another service authorization rule that allows us to check whether read is allowed within a given prefix. Specifically we need to only allow writes if the policy prefix allows for a wider set of names than the prefix selector on the resource. We should also not allow policies with exact names for prefix matches.
Part of [NET-3993]
* NET-6239: Temporarily disable verify envoy check (#19299)
* skip verify envoy version
* cleanup
* Update supported Envoy versions (#19276)
* mesh: provide missing domain to route configurations in ProxyStateTemplate (#19298)
* add empty domains
* update unit tests
* enable verify envoy script (#19303)
* Vault CA bugfixes (#19285)
* Re-add retry logic to Vault token renewal
* Fix goroutine leak
* Add test for detecting goroutine leak
* Add changelog
* Rename tests
* Add comment
* Backout Envoy 1.28.0 (#19306)
* added ent to ce downgrade changes (#19311)
* added ent to ce downgrade changes
* added changelog
* added busl headers
* skip envoy version check in ci (#19315)
* Tenancy Bridge v2 (#19220)
* tenancy bridge v2 for v2 resources
* add missing copywrite headers
* remove branch name causing conflicts (#19319)
* mesh: ensure route configs are named uniquely per port (#19323)
* [NET-5327] Templated policies api/cli docs (#19270)
* More templated policies docs (#19312)
[NET-5327]More templated policies docs
* Fixing docs to add more templated policies references (#19335)
* Upgrade Consul UI to Node 18 (#19252)
* Upgrading node to node 18
* Ensure we're on latest version of yarn as well
* add comma to make frontend tests run
* Use Node 18 Alpine image in UI build dockerfile
* delete package-lock.json
---------
Co-authored-by: wenincode <tyler.wendlandt@hashicorp.com>
Co-authored-by: Ella Cai <ella.y.cai@gmail.com>
Co-authored-by: Ella Cai <ella@hashicorp.com>
* resource: default peername to local in list endpoints (#19340)
* NET-5397 - wire up golden tests from sidecar-proxy controller for xds controller and xdsv2
* WIP
* WIP
* everything matching except leafCerts. need to mock those
* single port destinations working except mixed destinations
* golden test input to xds controller tests for destinations
* proposed fix for failover group naming errors
* clean up test to use helper.
* clean up test to use helper.
* fix test file
* add docstring for test function.
* add docstring for test function.
* fix linting error
* backport of commit b5fa4f29c8
* backport of commit e7ff94b3a6
---------
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com>
Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
Co-authored-by: modrake <12264057+modrake@users.noreply.github.com>
Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
Co-authored-by: Semir Patel <semir.patel@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
Co-authored-by: Chris Hut <tophernuts@gmail.com>
Co-authored-by: wenincode <tyler.wendlandt@hashicorp.com>
Co-authored-by: John Maguire <john.maguire@hashicorp.com>
Co-authored-by: Sophie Gairo <97480023+sophie-gairo@users.noreply.github.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Dan Stough <dan.stough@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com>
Co-authored-by: cskh <hui.kang@hashicorp.com>
Co-authored-by: Poonam Jadhav <poonam.jadhav@hashicorp.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Anita Akaeze <anita.akaeze@hashicorp.com>
Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: aahel <aahel.guha@hashicorp.com>
Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com>
Co-authored-by: Ella Cai <ella.y.cai@gmail.com>
Co-authored-by: Ella Cai <ella@hashicorp.com>
Add grpc keepalive configuration. (#19339)
Prior to the introduction of this configuration, grpc keepalive messages were
sent after 2 hours of inactivity on the stream. This posed issues in various
scenarios where the server-side xds connection balancing was unaware that envoy
instances were uncleanly killed / force-closed, since the connections would
only be cleaned up after ~5 minutes of TCP timeouts occurred. Setting this
config to a 30 second interval with a 20 second timeout ensures that at most,
it should take up to 50 seconds for a dead xds connection to be closed.
* backport of commit 8a6a858584
* backport of commit 1922b5f539
* backport of commit a4dff42744
* backport of commit cb7e5ded36
* backport of commit fcc9ee6542
* backport of commit 61d1c264d8
---------
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
hc-github-team-consul-core