* ingress-gateways: don't log error when registering gateway
Previously, when an ingress gateway was registered without a
corresponding ingress gateway config entry, an error was logged
because the watch on the config entry returned a nil result.
This is expected so don't log an error.
* config entry: hardcode proxy-defaults name as global
proxy-defaults can only have the name global. Because of this,
we support not even setting the name in the config file:
```
kind = "proxy-defaults"
```
Previously, writing this would result in the output:
```
Config entry written: proxy-defaults/
```
Now it will output:
```
Config entry written: proxy-defaults/global
```
This change follows what was done for the new Mesh config entry.
* autoencrypt: helpful error for clients with wrong dc
If clients have set a different datacenter than the servers they're
connecting with for autoencrypt, give a helpful error message.
This continues the work done in #14908 where a crude solution to prevent a
goroutine leak was implemented. The former code would launch a perpetual
goroutine family every iteration (+1 +1) and the fixed code simply caused a
new goroutine family to first cancel the prior one to prevent the
leak (-1 +1 == 0).
This PR refactors this code completely to:
- make it more understandable
- remove the recursion-via-goroutine strangeness
- prevent unnecessary RPC fetches when the prior one has errored.
The core issue arose from a conflation of the entry.Fetching field to mean:
- there is an RPC (blocking query) in flight right now
- there is a goroutine running to manage the RPC fetch retry loop
The problem is that the goroutine-leak-avoidance check would treat
Fetching like (2), but within the body of a goroutine it would flip that
boolean back to false before the retry sleep. This would cause a new
chain of goroutines to launch which #14908 would correct crudely.
The refactored code uses a plain for-loop and changes the semantics
to track state for "is there a goroutine associated with this cache entry"
instead of the former.
We use a uint64 unique identity per goroutine instead of a boolean so
that any orphaned goroutines can tell when they've been replaced when
the expiry loop deletes a cache entry while the goroutine is still running
and is later replaced.
To support Destinations on the service-defaults (for tproxy with terminating gateway), we need to now also make servers watch service-defaults config entries.
The `lib/startup`-addon is used to create a custom
index.html page to boot up the app. Because this is
a custom approach and we aren't relying on setting
rootURL to a different value when running the app
in `production` we need to set `publicAssetURL`
in the configuration we pass to `ember-auto-import`.
Reference:
9a2887f1d0/docs/upgrade-guide-2.0.md (quick-summary)
Previously, I would sometimes get Killed errors when executing the
binary created by `make dev`. This is because we were using `cp`
and OSX has a bug where it caches the old signature and so doesn't
allow the new binary to run (see https://apple.stackexchange.com/a/428388)
This commit updates the establish endpoint to bubble up a 403 status
code to callers when the establishment secret from the token is invalid.
This is a signal that a new peering token must be generated.
Luke Kysow
R.B. Boyer
Michael Klein
Jared Kirschner
Jared Kirschner
Chris S. Kim
cskh
Iryna Shustava
Venu Yanamandra
Freddy
David Yu
freddygv
DanStough
Tyler Wendlandt
trujillo-adam