The `linkerd upgrade` command read the control-plane's config from
Kubernetes, which required the environment to be configured to connect
to the appropriate k8s cluster.
Intrdouce a `linkerd upgrade --from-manifests` flag, allowing the user
to feed the output of `linkerd install` into the upgrade command.
Fixes#2629
Signed-off-by: Andrew Seigner <siggy@buoyant.io>
In https://github.com/linkerd/linkerd2-proxy/pull/233, we fixed an issue
in the proxy where, when the proxy performed TLS discovery (on inbound
connections), detection on a slow or idle connection could block all
other connections from being accepted on the listener.
Fixes#2581#2585#2630
Makes the "overview" view of the Linkerd dashboard functional on mobile devices, with responsive tables and a minimized sidebar.
Also lines up the sidebar icons and makes them a uniform size on both desktop and mobile views.
This is a first step towards a fully-responsive dashboard.
The list of known proxy log errors has been growing, and causing regular
ci failures.
Skip proxy logging errors. The tests will continue to run and report
unexpected errors, but this will not fail the tests (and ci). Also break
out the controller log errors separately, and continue to fail on those.
Signed-off-by: Andrew Seigner <siggy@buoyant.io>
This change introduces some unit tests on individual methods in the
upgrade code path, along with some minor cleanup.
Part of #2637
Signed-off-by: Andrew Seigner <siggy@buoyant.io>
adds integration tests for service profiles that test profile generation through the tap and Open API flags.
Signed-off-by: Dennis Adjei-Baah <dennis@buoyant.io>
When upgrading from an older cluster that has a Linkerd config but no
identity, we need to generate an identity context so that the cluster is
configured properly.
Fixes#2650
The UUID implementation we use to generate install IDs is technically
not random enough for secure uses, which ours is not. To prevent
security scanners like SNYK from flagging this false-positive, let's
just switch to the other UUID implementation (Already in our
dependencies).
92f15e78a9 incorrectly removed the config
version override when patching a config from options, which caused
upgrade to stop updating the config version.
Fixes#2660
The instalOnlyFlagSet incorrectly extends the recordableFlagSet.
I'm not sure if this has any potential for unexpected user interactions,
but it's at least confusing when reading the code.
This change makes the flag sets distinct.
Add validation webhook for service profiles
Fixes#2075
Todo in a follow-up PRs: remove the SP check from the CLI check.
Signed-off-by: Alejandro Pedraza <alejandro@buoyant.io>
When the --ha flag is set, we currently set a 10m CPU request, which
corresponds to 1% of a core, which isn't actually enough to keep the
proxy responding to health checks if you have 100 processes on the box.
Let's give ourselves a little more breathing room.
Fixes#2643
Problem:
In #2532 I removed the Tap/Top tables if there was no http traffic, but the
check I used depended on a stats object being present in the processed metrics
(spoiler: it isn't present in the processed metrics).
Solution:
Use a better check for no traffic.
The new check checks for both no requests (so nil request rate) and
also no latency (in the case that the service is http but receiving no traffic).
Fixes#2641
This change introduces a basic unit test for the `linkerd upgrade`
command. Given a mock k8s client with linkerd-config and
linkerd-identity-issuer objects, it validates the rendered yaml output
against an expected file.
To enable this testing, most of the logic in the top-level upgrade
command has been moved down into a `validateAndBuild` method.
TODO:
- test individual functions around mutating options, flags, configs, and
values
- enable reading the install information from a manifest rather than k8s
Part of #2637
Signed-off-by: Andrew Seigner <siggy@buoyant.io>
This change introduces integration tests for `linkerd inject`. The tests
perform CLI injection, with and without params, and validates the
output, including annotations.
Also add some known errors in logs to `install_test.go`.
TODO:
- deploy uninjected and injected resources to a default and
auto-injected cluster
- test creation and update
Part of #2459
Signed-off-by: Andrew Seigner <siggy@buoyant.io>
Adds a URL to the `linkerd upgrade` output which contains full upgrade instructions. The message and the URL anchors are different in the case of success or failure.
Fixes#2575.
Enhance webhook unit tests by checking returned JSON patch
Also have labels/annotations added during injection to be added in order
Fixes#2560
Signed-off-by: Alejandro Pedraza <alejandro@buoyant.io>
* Define proxy version override annotation
* Don't override global linkerd version during inject
This ensures consistent usages of the config.linkerd.io/linkerd-version and
linkerd.io/proxy-version annotations. The former will only be used to track
overridden version, while the latter shows the cluster's current default
version.
* Rename proxy version config override annotation
Signed-off-by: Ivan Sim <ivan@buoyant.io>
Previous control plane versions do not provide an 'install' config, so
this field cannot be required.
Now, missing empty are handled more gracefully; and upgrade repairs
install configs with missing fields.
* proxy: Bump pinned version to f2d907b
This change picks up:
* Added configuration for overriding the connection backoff
* Added configuration for overriding the HTTP/2 stream or connection window size
* Disable potentially info-leaking header
Signed-off-by: Kevin Leimkuhler <kevin@kleimkuhler.com>
* Disable external profiles by default
* Rename the --disable-external-profiles flag to --enable-external-profiles
Signed-off-by: Ivan Sim <ivan@buoyant.io>
The `install` command errors when the deploy target contains an existing
Linkerd deployment. The `upgrade` command is introduced to reinstall or
reconfigure the Linkerd control plane.
Upgrade works as follows:
1. The controller config is fetched from the Kubernetes API. The Public
API is not used, because we need to be able to reinstall the control
plane when the Public API is not available; and we are not concerned
about RBAC restrictions preventing the installer from reading the
config (as we are for inject).
2. The install configuration is read, particularly the flags used during
the last install/upgrade. If these flags were not set again during the
upgrade, the previous values are used as if they were passed this time.
The configuration is updated from the combination of these values,
including the install configuration itself.
Note that some flags, including the linkerd-version, are omitted
since they are stored elsewhere in the configurations and don't make
sense to track as overrides..
3. The issuer secrets are read from the Kubernetes API so that they can
be re-used. There is currently no way to reconfigure issuer
certificates. We will need to create _another_ workflow for
updating these credentials.
4. The install rendering is invoked with values and config fetched from
the cluster, synthesized with the new configuration.
Introduce a `bin/test-scale` script to deploy Linkerd alongside sample
apps at scale.
This script deploys the following:
- Linkerd control-plane, with service profiles
- 5 namespaces x 5 replicas of each:
- Emojivoto demo app
- Books demo app, with service profiles
- Lifecycle / bb test environment
Fixes#2517
Signed-off-by: Andrew Seigner <siggy@buoyant.io>
The integration tests were not exercising proxy auto inject.
Introduce a `--proxy-auto-inject` flag to `install_test.go`, which
now exercises install, check, and smoke test deploy for both manual and
auto injected use cases.
Part of #2569
Signed-off-by: Andrew Seigner <siggy@buoyant.io>
Introduce a `bin/test-clouds` and cleanup script, to run integration
tests against 4 cloud providers.
Also modify the integration tests to accept a `--context` param to
specify the Kubernetes context to run the tests against.
Fixes#2516
Signed-off-by: Andrew Seigner <siggy@buoyant.io>
Adds local and cloud integration testing for the dashboard using WebdriverIO and
SauceLabs. Includes documentation on how to set up and run the Sauce Connect
proxy locally. Adds a `bin/web integration` script that takes `local` or `cloud`
arguments to run the tests.
Note: for web development, the web server launched by `bin/web run` and `bin/web
dev` is now 7777, not 8084, because the Sauce Connect proxy can only tunnel to
certain ports.
Fixes#2490
The following PR adds validation to the New Service Profile popup form in the linkerd dashboard for the service and namespace user input.
* Add validation to the Service Profile form (#2490)
Signed-off-by: Gaurav Kumar <gaurav.kumar9825@gmail.com>
* Change RegExp to handle all cases
Signed-off-by: Gaurav Kumar <gaurav.kumar9825@gmail.com>
* Fix link and error msg issue
Signed-off-by: Gaurav Kumar <gaurav.kumar9825@gmail.com>
* Refactor code
Signed-off-by: Gaurav Kumar <gaurav.kumar9825@gmail.com>
* Revert to onBlur and remove warning on field clear
Signed-off-by: Gaurav Kumar <gaurav.kumar9825@gmail.com>
* Refactor code to make it more readable
Signed-off-by: Gaurav Kumar <gaurav.kumar9825@gmail.com>
* Reset state to initialstate on form close
Signed-off-by: Gaurav Kumar <gaurav.kumar9825@gmail.com>
Andrew Seigner
Douglas Jordan
Ivan Sim
Dennis Adjei-Baah
Oliver Gould
Carol A. Scott
Alex Leong
Kevin Lingerfelt
Katerina
Kevin Leimkuhler
Alejandro Pedraza
Risha Mars
harsh jain
Gaurav Kumar