diff --git a/charts/consul/templates/crd-ingressgateways.yaml b/charts/consul/templates/crd-ingressgateways.yaml index 7cc4a174ac..4ce94f15f5 100644 --- a/charts/consul/templates/crd-ingressgateways.yaml +++ b/charts/consul/templates/crd-ingressgateways.yaml @@ -81,6 +81,40 @@ spec: while waiting for a connection to be established. format: int32 type: integer + passiveHealthCheck: + description: PassiveHealthCheck configuration determines how upstream + proxy instances will be monitored for removal from the load + balancing pool. + properties: + baseEjectionTime: + description: The base time that a host is ejected for. The + real time is equal to the base time multiplied by the number + of times the host has been ejected and is capped by max_ejection_time + (Default 300s). Defaults to 30000ms or 30s. + type: string + enforcingConsecutive5xx: + description: EnforcingConsecutive5xx is the % chance that + a host will be actually ejected when an outlier status is + detected through consecutive 5xx. This setting can be used + to disable ejection or to ramp it up slowly. + format: int32 + type: integer + interval: + description: Interval between health check analysis sweeps. + Each sweep may remove hosts or return hosts to the pool. + type: string + maxEjectionPercent: + description: The maximum % of an upstream cluster that can + be ejected due to outlier detection. Defaults to 10% but + will eject at least one host regardless of the value. + format: int32 + type: integer + maxFailures: + description: MaxFailures is the count of consecutive failures + that results in a host being removed from the pool. + format: int32 + type: integer + type: object type: object listeners: description: Listeners declares what ports the ingress gateway should @@ -160,6 +194,45 @@ spec: service is located. Partitioning is a Consul Enterprise feature. type: string + passiveHealthCheck: + description: PassiveHealthCheck configuration determines + how upstream proxy instances will be monitored for removal + from the load balancing pool. + properties: + baseEjectionTime: + description: The base time that a host is ejected + for. The real time is equal to the base time multiplied + by the number of times the host has been ejected + and is capped by max_ejection_time (Default 300s). + Defaults to 30000ms or 30s. + type: string + enforcingConsecutive5xx: + description: EnforcingConsecutive5xx is the % chance + that a host will be actually ejected when an outlier + status is detected through consecutive 5xx. This + setting can be used to disable ejection or to ramp + it up slowly. + format: int32 + type: integer + interval: + description: Interval between health check analysis + sweeps. Each sweep may remove hosts or return hosts + to the pool. + type: string + maxEjectionPercent: + description: The maximum % of an upstream cluster + that can be ejected due to outlier detection. Defaults + to 10% but will eject at least one host regardless + of the value. + format: int32 + type: integer + maxFailures: + description: MaxFailures is the count of consecutive + failures that results in a host being removed from + the pool. + format: int32 + type: integer + type: object requestHeaders: description: Allow HTTP header manipulation to be configured. properties: diff --git a/control-plane/api/v1alpha1/ingressgateway_types.go b/control-plane/api/v1alpha1/ingressgateway_types.go index 64e024fbd5..f59d7c5d72 100644 --- a/control-plane/api/v1alpha1/ingressgateway_types.go +++ b/control-plane/api/v1alpha1/ingressgateway_types.go @@ -6,7 +6,6 @@ package v1alpha1 import ( "encoding/json" "fmt" - "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" "github.com/hashicorp/consul-k8s/control-plane/api/common" @@ -77,6 +76,9 @@ type IngressServiceConfig struct { // will be allowed at a single point in time. Use this to limit HTTP/2 traffic, // since HTTP/2 has many requests per connection. MaxConcurrentRequests *uint32 `json:"maxConcurrentRequests,omitempty"` + // PassiveHealthCheck configuration determines how upstream proxy instances will + // be monitored for removal from the load balancing pool. + PassiveHealthCheck *PassiveHealthCheck `json:"passiveHealthCheck,omitempty"` } type GatewayTLSConfig struct { @@ -364,6 +366,7 @@ func (in IngressService) toConsul() capi.IngressService { MaxConnections: in.MaxConnections, MaxPendingRequests: in.MaxPendingRequests, MaxConcurrentRequests: in.MaxConcurrentRequests, + PassiveHealthCheck: in.PassiveHealthCheck.toConsul(), } } @@ -457,6 +460,7 @@ func (in *IngressServiceConfig) validate(path *field.Path) field.ErrorList { if in.MaxPendingRequests != nil && *in.MaxPendingRequests <= 0 { errs = append(errs, field.Invalid(path.Child("maxpendingrequests"), *in.MaxPendingRequests, "MaxPendingRequests must be > 0")) } + return errs } @@ -468,5 +472,6 @@ func (in *IngressServiceConfig) toConsul() *capi.IngressServiceConfig { MaxConnections: in.MaxConnections, MaxPendingRequests: in.MaxPendingRequests, MaxConcurrentRequests: in.MaxConcurrentRequests, + PassiveHealthCheck: in.PassiveHealthCheck.toConsul(), } } diff --git a/control-plane/api/v1alpha1/ingressgateway_types_test.go b/control-plane/api/v1alpha1/ingressgateway_types_test.go index dd1c3835e0..d99eba7630 100644 --- a/control-plane/api/v1alpha1/ingressgateway_types_test.go +++ b/control-plane/api/v1alpha1/ingressgateway_types_test.go @@ -4,6 +4,7 @@ package v1alpha1 import ( + "k8s.io/utils/pointer" "testing" "time" @@ -70,6 +71,17 @@ func TestIngressGateway_MatchesConsul(t *testing.T) { MaxConnections: &defaultMaxConnections, MaxPendingRequests: &defaultMaxPendingRequests, MaxConcurrentRequests: &defaultMaxConcurrentRequests, + PassiveHealthCheck: &PassiveHealthCheck{ + Interval: metav1.Duration{ + Duration: 2 * time.Second, + }, + MaxFailures: uint32(20), + EnforcingConsecutive5xx: pointer.Uint32(100), + MaxEjectionPercent: pointer.Uint32(10), + BaseEjectionTime: &metav1.Duration{ + Duration: 10 * time.Second, + }, + }, }, Listeners: []IngressListener{ { @@ -170,6 +182,13 @@ func TestIngressGateway_MatchesConsul(t *testing.T) { MaxConnections: &defaultMaxConnections, MaxPendingRequests: &defaultMaxPendingRequests, MaxConcurrentRequests: &defaultMaxConcurrentRequests, + PassiveHealthCheck: &capi.PassiveHealthCheck{ + Interval: 2 * time.Second, + MaxFailures: uint32(20), + EnforcingConsecutive5xx: pointer.Uint32(100), + MaxEjectionPercent: pointer.Uint32(10), + BaseEjectionTime: pointer.Duration(10 * time.Second), + }, }, Listeners: []capi.IngressListener{ { @@ -332,6 +351,17 @@ func TestIngressGateway_ToConsul(t *testing.T) { MaxConnections: &defaultMaxConnections, MaxPendingRequests: &defaultMaxPendingRequests, MaxConcurrentRequests: &defaultMaxConcurrentRequests, + PassiveHealthCheck: &PassiveHealthCheck{ + Interval: metav1.Duration{ + Duration: 2 * time.Second, + }, + MaxFailures: uint32(20), + EnforcingConsecutive5xx: pointer.Uint32(100), + MaxEjectionPercent: pointer.Uint32(10), + BaseEjectionTime: &metav1.Duration{ + Duration: 10 * time.Second, + }, + }, }, Listeners: []IngressListener{ { @@ -431,6 +461,13 @@ func TestIngressGateway_ToConsul(t *testing.T) { MaxConnections: &defaultMaxConnections, MaxPendingRequests: &defaultMaxPendingRequests, MaxConcurrentRequests: &defaultMaxConcurrentRequests, + PassiveHealthCheck: &capi.PassiveHealthCheck{ + Interval: 2 * time.Second, + MaxFailures: uint32(20), + EnforcingConsecutive5xx: pointer.Uint32(100), + MaxEjectionPercent: pointer.Uint32(10), + BaseEjectionTime: pointer.Duration(10 * time.Second), + }, }, Listeners: []capi.IngressListener{ { diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_ingressgateways.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_ingressgateways.yaml index fd8ebc86ff..80f161c1ee 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_ingressgateways.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_ingressgateways.yaml @@ -74,6 +74,40 @@ spec: while waiting for a connection to be established. format: int32 type: integer + passiveHealthCheck: + description: PassiveHealthCheck configuration determines how upstream + proxy instances will be monitored for removal from the load + balancing pool. + properties: + baseEjectionTime: + description: The base time that a host is ejected for. The + real time is equal to the base time multiplied by the number + of times the host has been ejected and is capped by max_ejection_time + (Default 300s). Defaults to 30000ms or 30s. + type: string + enforcingConsecutive5xx: + description: EnforcingConsecutive5xx is the % chance that + a host will be actually ejected when an outlier status is + detected through consecutive 5xx. This setting can be used + to disable ejection or to ramp it up slowly. + format: int32 + type: integer + interval: + description: Interval between health check analysis sweeps. + Each sweep may remove hosts or return hosts to the pool. + type: string + maxEjectionPercent: + description: The maximum % of an upstream cluster that can + be ejected due to outlier detection. Defaults to 10% but + will eject at least one host regardless of the value. + format: int32 + type: integer + maxFailures: + description: MaxFailures is the count of consecutive failures + that results in a host being removed from the pool. + format: int32 + type: integer + type: object type: object listeners: description: Listeners declares what ports the ingress gateway should @@ -153,6 +187,45 @@ spec: service is located. Partitioning is a Consul Enterprise feature. type: string + passiveHealthCheck: + description: PassiveHealthCheck configuration determines + how upstream proxy instances will be monitored for removal + from the load balancing pool. + properties: + baseEjectionTime: + description: The base time that a host is ejected + for. The real time is equal to the base time multiplied + by the number of times the host has been ejected + and is capped by max_ejection_time (Default 300s). + Defaults to 30000ms or 30s. + type: string + enforcingConsecutive5xx: + description: EnforcingConsecutive5xx is the % chance + that a host will be actually ejected when an outlier + status is detected through consecutive 5xx. This + setting can be used to disable ejection or to ramp + it up slowly. + format: int32 + type: integer + interval: + description: Interval between health check analysis + sweeps. Each sweep may remove hosts or return hosts + to the pool. + type: string + maxEjectionPercent: + description: The maximum % of an upstream cluster + that can be ejected due to outlier detection. Defaults + to 10% but will eject at least one host regardless + of the value. + format: int32 + type: integer + maxFailures: + description: MaxFailures is the count of consecutive + failures that results in a host being removed from + the pool. + format: int32 + type: integer + type: object requestHeaders: description: Allow HTTP header manipulation to be configured. properties: