consul/agent/proxycfg-glue
Derek Menteer 04edace1de
Fix issue with streaming service health watches. (#17775)
Fix issue with streaming service health watches.

This commit fixes an issue where the health streams were unaware of service
export changes. Whenever an exported-services config entry is modified, it is
effectively an ACL change.

The bug would be triggered by the following situation:

- no services are exported
- an upstream watch to service X is spawned
- the streaming backend filters out data for service X (due to lack of exports)
- service X is finally exported

In the situation above, the streaming backend does not trigger a refresh of its
data.  This means that any events that were supposed to have been received prior
to the export are NOT backfilled, and the watches never see service X spawning.

We currently have decided to not trigger a stream refresh in this situation due
to the potential for a thundering herd effect (touching exports would cause a
re-fetch of all watches for that partition, potentially).  Therefore, a local
blocking-query approach was added by this commit for agentless.

It's also worth noting that the streaming subscription is currently bypassed
most of the time with agentful, because proxycfg has a `req.Source.Node != ""`
which prevents the `streamingEnabled` check from passing.  This means that while
agents should technically have this same issue, they don't experience it with
mesh health watches.

Note that this is a temporary fix that solves the issue for proxycfg, but not
service-discovery use cases.
2023-06-15 12:46:58 -05:00
..
config_entry.go
discovery_chain.go
discovery_chain_test.go
exported_peered_services.go
exported_peered_services_test.go
federation_state_list_mesh_gateways.go
federation_state_list_mesh_gateways_test.go
gateway_services.go
gateway_services_test.go
glue.go
health.go
health_blocking.go
health_blocking_test.go
health_test.go
helpers_test.go
intention_upstreams.go
intention_upstreams_test.go
intentions.go
intentions_oss.go
intentions_test.go
internal_service_dump.go
internal_service_dump_test.go
leafcerts.go
peered_upstreams.go
peered_upstreams_test.go
peering_list.go
peering_list_test.go
resolved_service_config.go
resolved_service_config_test.go
service_http_checks.go
service_http_checks_test.go
service_list.go
service_list_test.go
trust_bundle.go
trust_bundle_test.go