Previously there was a default controller URL in the proxy. This
default was never used for any proxy injected by `conduit inject` and
it was the wrong default when using the proxy outside of Kubernetes.
Also more generally this is such an important setting in terms of
correctness and security that it was dangerous to let it be implied in
any context.
Remove the default, requiring that it be set in order for the proxy to
start.
Cobra supports bash and zsh completion code generation, but our cli
project was not leveraging it.
Add a 'completion' command to the conduit cli, which outputs bash and
zsh completion code.
Signed-off-by: Andrew Seigner <andrew@sig.gy>
* Add framework for healthcheck in CLI
Signed-off-by: Phil Calcado <phil@buoyant.io>
* Add self-checked for kubectl
Signed-off-by: Phil Calcado <phil@buoyant.io>
* Clear formatting code
Signed-off-by: Phil Calcado <phil@buoyant.io>
* Removed ununsed objects from status
Signed-off-by: Phil Calcado <phil@buoyant.io>
* Removed ununsed parameter
Signed-off-by: Phil Calcado <phil@buoyant.io>
* Ignore errored self checkers
Signed-off-by: Phil Calcado <phil@buoyant.io>
* Make the check error by default
Signed-off-by: Phil Calcado <phil@buoyant.io>
* Log error, format changes
Signed-off-by: Phil Calcado <phil@buoyant.io>
README.md currently documents how to get started with a released version
of Conduit, but not how to build and deploy from source.
This change adds a section to enable building and deploying from source,
it assumes working Go and Minikube environments.
Signed-off-by: Andrew Seigner <andrew@sig.gy>
We need to address the flaky checks, but for now it is better to have these skipped than a build with false negatives.
Signed-off-by: Phil Calcado <phil@buoyant.io>
The README.md in the Web project describes building and running the Web
service locally, against a public API server in Docker.
Add instructions for running the Web Service locally against a public
API Server in Kubernetes.
Signed-off-by: Andrew Seigner <andrew@sig.gy>
* Add func to rsolve kubectl-like names to canonical names
Signed-off-by: Phil Calcado <phil@buoyant.io>
* Refactor API instantiation
Signed-off-by: Phil Calcado <phil@buoyant.io>
* Make version command testable
Signed-off-by: Phil Calcado <phil@buoyant.io>
* Make get command testable
Signed-off-by: Phil Calcado <phil@buoyant.io>
* Add tests for api utils
Signed-off-by: Phil Calcado <phil@buoyant.io>
* Make stat command testable
Signed-off-by: Phil Calcado <phil@buoyant.io>
* Make tap command testablë
Signed-off-by: Phil Calcado <phil@buoyant.io>
Previously the destinations service would look for services in the
"default" namespace if the service name didn't have at least two
labels. However, the "default" namespace is almost always the wrong
namespace. The only reasonable default namespace is the namespace of
the client service, which isn't given to the destinations service.
Therefore it shouldn't try to default the namespace.
Accordingly, stop defaulting the namespace to "default".
Validated by manually testing the emojivoto service before and after
the proxy implemented namespace defaulting itself.
* add silent exits on all conduit commands
* Revert "add silent exits on all conduit commands"
This reverts commit 07488ca
* adds back a change that was accidentally removed on revert
* Stop printing errors to stderr
* Have better empty states in Deployment Detail and Pod Detail
* Fix call to action on deployment detail page
Adds various checks to hide sections of pages that don't have data:
* Removes the timeseries graphs and latency overview from Deployment/Pod
detail if there are no metrics for it
* Removes the Upstreams/Downstreams if num upstreams / downstreams is 0
* Removes the pod barcharts from the Deployment detail if there are no pods
* If there are no pod metrics, populate the list of pods from /pods
These changes strip the pod detail view down a lot if there's no pod data, but that might be fine
* Move kubectl logis to k8s package
* Made kubectl return *url.URL, just like API
* Make k8s API code respect /Users/pcalcado/.kube/config (closes#17)
* Fix style mistakes and typos
* fix inconsistent deployment count on servicemesh page.
* tests added for deploy count messaging on servicemesh page
* refactored code for Call To Action component to use 'instructions' in util
* refactored correlating css
* Remove integration test clause from travis file
* Use correct channel for asyn process error reporting
* Fix test for sorting stat keys
* Make integration tests only run if CONDUIT_INTEGRATION_TESTS_ENABLED is set
* Fix timeouts in tests
* Fix handler test check for version
* Removes smoke test that required kubectl as not present on travis
* Replace tail with sleep to avoid leaking subprocesses during tests
* Fix typo & extract constant
Previously `conduit inject` did not enable automatic name completion in
the proxy. As a result services couldn't connect to services outside
the "default" namespace without qualifying the service name with (at
least) the namespace. This is arguably safer but it isn't compatible
with the way things work in Kubernetes when the proxy isn't used.
Enable name auto-completion in the proxy so that the proxy will add
the current pod's namespace to any unqualified service name. This
depends on the feature being added to the proxy (PR #59).
Due to some issues with how zones are dealt with in the project, the
zone component isn't provided; it turns out that it doesn't matter
whether we provide the zone in the current implementation. Dealing
with the zone better will be added later.
Validated by deploying the emojivoto service with its configuration
updated to use unqualified names (`sed "s/\\.emojivoto//g"`). Before
this change this modified configuration would fail; now it succeeds.
Fixes#9.
* Proxy: Map unqualified/partially-qualified names to FQDN
Previously we required the service to fully qualify all service names
for outbound traffic. Many services are written assuming that
Kubernetes will complete names using its DNS search path, and those
services weren't working with Conduit.
Now add an option, used by default, to fully-qualify the domain names.
Currently only Kubernetes-like name completion for services is
supported, but the configuration syntax is open-ended to allow for
alternatives in the future. Also, the auto-completion can be disabled
for applications that prefer to ensure they're always using unambiguous
names. Once routing is implemented then it is likely that (default)
routing rules will replace these hard-coded rules.
Unit tests for the name completion logic are included.
Part of the solution for #9. The changes to `conduit inject` to
actually use this facility will be in another PR.
* Introduce objects to manage kubectl and shell
* Make dashboard command use new shell & kubectl objects
* Make compatible with version numbers like v1.9.0-beta.1
* Add version check for kubectl
* Refactor error to use proper method from fmt pa ckage
* Make channel and error handling more idiomatic and safe
* Make version require 1.8.0
* fix sidebar highlighting when dashboard is opened via cli:
- took path prefix into account
* addressed review feedback: using pathprefix
* addressed review feedback:
- revert to using this.props.location
* updates sidebar, initial progress indicator
* Update web README
Previously `conduit inject` was configuring the proxy to log a lot of
detail, most of which is probably shouldn't be relevant to Conduit
users.
Configure the proxy to log at the "info" level instead for the proxy
itself, and the "warn" level for internal components of the proxy.
Validated by manually doing a `conduit inject`, triggering some
traffic, and inspecting the logs.
Fixes#57
Previously `connection::Connection` was only being used for inbound
connections, not outbound connections. This led to some duplicate
logic and also made it difficult to adapt that code to enable TLS.
Now outbound connections use `connection::Connection` too. This will
allow the upcoming TLS logic to guarantee that `TCP_NODELAY` is
enabled at the right time, and the TLS logic also control access to
the underlying plaintext socket for security reasons.
Adds a ServiceAccount, ClusterRole, and ClusterRoleBinding to the conduit install output that allows the Conduit controller read access to the k8s API.
I have tested this on RBAC-enabled minikube and minikube without RBAC.
Previously every use of `BoundPort` repeated a bunch of logic.
Move the repeated logic to `BoundPort` itself. Just remove the no-op
handshaking logic; new handshaking logic will be added to `BoundPort`
when TLS is added.
Previously the default value of this setting was in lib.rs instead of
being automatically set in `Config` like all the other defaults, which
was inconsistent and confusing.
Fix this by moving the defaulting logic to `Config`.
Validated by running the test suite.
Previously the logic related to listening for incoming TCP connections
was duplicated in several places.
Begin centralizing this logic. Future commits will centralize it
further.
No validation was done other than running the test suite.
Previously `Process` did its own environment variable parsing and did
not benefit from the improved error handling that `config` now has.
Additionally, future changes will need access to these same environment
variables in other parts of the proxy.
Move `Process`'s environment variable parsing to `config` to address
both of these issues. Now there are no uses of `env::var` outside of
`config` except for logging, which is the final desired state.
I validated this manually.
* Proxy: Use production config parsing in tests
Previosuly the testing code for the proxy was sensitive to the values
of environment variables unintentionally, because `Config` looked at
the environment variables. Also, the tests were largely avoiding
testing the production configuration parsing code since they were
doing their own parsing.
Now the tests avoid looking at environment variables other than
`ENV_LOG`, which makes them more resilient. Also the tests now parse
the settings using the same code as production use uses.
I validated this manually.
Previously, as soon as we would encounter one environment variable with
an invalid value we would exit. This is frustrating behavior when
deploying to Kubernetes and there are multiple problems because the
edit-compile-test cycle is so slow.
Fix this by parsing all the environment variables and logging error
messages before exiting.
I validated this manually.
* updates to README linking to docs and getting started
* minor line break revisions
* markdown revisions and simplification
* updating line breaks and errant spaces
* updates grammar and simplifies language
* Revamp metrics processing in MetricUtils
- Try to improve documentation of functions
- Remove nested data from processed metrics - they were often duplicated data
- Split out timeseries processing from rollup processing
- Remove the 'rollup' level of nesting
- Limit the number of timeseries we fetch on the deployments page
This PR adds a configurable timeout duration after which in-flight telemetry reports are dropped, cancelling the corresponding RPC request to the control plane.
I've also made the `Timeout` implementation used in `TimeoutConnect` generic, and reused it in multiple places, including the timeout for in-flight reports.
Signed-off-by: Eliza Weisman <eliza@buoyant.io>
Brian Smith
Sky Ao
Andrew Seigner
Phil Calçado
Kevin Lingerfelt
Risha Mars
Christopher Schmidt
Sean McArthur
Franziska von der Goltz
Dennis Adjei-Baah
Alex Leong
Sterling White
Eliza Weisman
Oliver Gould