Summary: This fixes the cluster status view on the admin page.

Test Plan: `yarn dev`

Reviewers: michelle

Reviewed By: michelle

Differential Revision: https://phab.corp.pixielabs.ai/D9351

GitOrigin-RevId: 8614bd3c354b52a8e9e6acb6ce8fa4a786908233

Summary: We want cloud to pass the sentry info to Vizier via the CRD. Additionally, discovered while adapting this diff that we were not doing basic text linting on protobuf, so that is fixed now.

Test Plan: will run an e2e test locally

Reviewers: michelle, vihang

Reviewed By: vihang

JIRA Issues: PP-2814

Differential Revision: https://phab.corp.pixielabs.ai/D9345

GitOrigin-RevId: 982f573f87c0403312ce31398917912e6469becb

Summary: we are updating our CLI to login using GRPC rather than HTTP. This diff implements the AuthService in our API service.

Test Plan: patched in D9333, and ran px auth login.

Reviewers: zasgar, vihang

Reviewed By: vihang

JIRA Issues: PC-1096

Differential Revision: https://phab.corp.pixielabs.ai/D9340

GitOrigin-RevId: ba0b06c4f30d299cac385366731ff8b3e13f1e0a

Summary:
I updated the operator dev cloudAddr to be the same as vizier's dev cloudAddr, which was incorrect since that points to vzconn.
the operator should only ever need to point to the api service.

Test Plan: n/a

Reviewers: jamesbartlett

Reviewed By: jamesbartlett

Differential Revision: https://phab.corp.pixielabs.ai/D9344

GitOrigin-RevId: 43ac7ed1cc9bf8224a0f5aa870862f15f95052f7

Summary: Tagged fields were introduced in flexible versions of Kafka to support optional fields.

Test Plan: existing tests.

Reviewers: #stirling, oazizi

Reviewed By: #stirling, oazizi

Subscribers: oazizi

Differential Revision: https://phab.corp.pixielabs.ai/D9277

GitOrigin-RevId: 8d9e4d2a9ea2b936ce5f18acbaf2940f93685b22

Summary:
We were seeing issues where the operator could not connect to dev cloud. that is because it is using the incorrect cloudAddr.
we use this logic to set the cloudAddr for viziers already (see config service), but we were not updating the cloudAddr correctly for the operator itself.

technically, only the change in the operator is necessary. however, I made the additional change to the CLI since the operator needs to be heavily tested before its next release, so the CLI change will temporarily unblock for now

Test Plan: n/a

Reviewers: jamesbartlett

Reviewed By: jamesbartlett

Differential Revision: https://phab.corp.pixielabs.ai/D9341

GitOrigin-RevId: 098884b30bd3d0adb11ec51b54d56592cc7eecde

Summary:
we want to store and surface better error messages for Vizier in our UI/CLI/API/etc.
This info will be sent to vzmgr and stored in the db.

Test Plan: n/a

Reviewers: nserrino, vihang

Reviewed By: vihang

Differential Revision: https://phab.corp.pixielabs.ai/D9330

GitOrigin-RevId: 2a06db821be0efe824dd528842ddd89d24f99370

Summary:
We have observables. This should make pipelining data easier. Cleanup
some old code around buffering/cancel/error handling and unify it into the
observables framework.

The happy path seems to work fine, would love some help testing the edgecases.

Test Plan: `yarn dev`

Reviewers: zasgar, michelle, nserrino, nlanam

Reviewed By: nlanam

Subscribers: philkuz

Differential Revision: https://phab.corp.pixielabs.ai/D9338

GitOrigin-RevId: f4da9da2a2c9f8cbe3ba12eae7f3bd721fafac8d

Summary:
we want to add more detail to explain why a vizier is in its current state.
we need to add it to these protos in order to store it in the db and eventually surface it to the UI

Test Plan: n/a

Reviewers: nserrino, vihang

Reviewed By: vihang

Differential Revision: https://phab.corp.pixielabs.ai/D9331

GitOrigin-RevId: ccf00f4c52717c8d3d902b09bac9de37463ebb76

Summary: TSIA

Test Plan: N/A

Reviewers: oazizi

Reviewed By: oazizi

Differential Revision: https://phab.corp.pixielabs.ai/D9335

GitOrigin-RevId: b51c7d996d1ed38b6b8e07f8e8bb8ac53c3a03e5

Summary: TSIA

Test Plan: Test staging/prod proxies

Reviewers: michelle, vihang

Reviewed By: michelle

Differential Revision: https://phab.corp.pixielabs.ai/D9337

GitOrigin-RevId: 9765c551d0689017e5d41cd5a766d76b36bc0e37

Summary: TSIA

Test Plan: Test after deploy

Reviewers: vihang, michelle

Reviewed By: michelle

Differential Revision: https://phab.corp.pixielabs.ai/D9336

GitOrigin-RevId: 2de4a6a6be3388213d95625b2597f9fa6d988a1d

Summary: @vjain left a comment that I forgot to properly address in the diff that added this test. I ran into a bug in a later diff that would've been fixed if this was easier to maintain and the tests were combined. Therefore, decided to dedupe the tests and combine them together.

Test Plan: Ran the test, should pass

Reviewers: vihang, michelle, vjain

Reviewed By: vjain

Subscribers: vjain

Differential Revision: https://phab.corp.pixielabs.ai/D9329

GitOrigin-RevId: ab5e511192d79173eecd1ef7f248e7655a640bcb

Summary:
*TL;DR*: Rebalances how aggressively we update cached GQL data.

Apollo has a few `fetchPolicy` options when asking it to make queries. These ones are relevant for this diff:
- `cache-first`: Query cache first. If it hits, skip the network.
- `cache-and-network`: Query cache and network simultaneously, returning cached results while waiting for network results. Updates the cache when the network call completes.
- `network-only`: Only queries the network, but still updates cache when the network call completes.

When using the `pollInterval` option on a query, the default behavior is like `cache-first` for the initial query and `cache-and-network` for polled requests.

Note: for queries like `selectedClusterInfo`, changing the query variables immediately queries the network as it should.

In the admin page, we instead want to always query the network. In some other Live View components, relying on the cache alone is sufficient. This diff rebalances the settings to match.

Test Plan: Watch graphQL calls in the dev tools when checking each admin tab, and when messing with the cluster selection in the breadcrumbs of the live view. Data should no longer start stale in most places.

Reviewers: michelle, vihang

Reviewed By: michelle

JIRA Issues: PC-1091

Differential Revision: https://phab.corp.pixielabs.ai/D9325

GitOrigin-RevId: c2b22df858053745b3fdbbc6de67084af2c11235

Summary:
There was an incorrect usage of go channels causing a hang on the healthcheck, and since a lock was being held during the entire healthcheck, it would cause all future healthchecks to hang.

I fixed both the channel issue in LaunchQuery, and the lock being held during the CheckHealth call.

Test Plan: Added test for LaunchQuery hang. Tested on skaffold.

Reviewers: nserrino, michelle, vihang

Reviewed By: vihang

JIRA Issues: PP-2884

Differential Revision: https://phab.corp.pixielabs.ai/D9322

GitOrigin-RevId: 5d71dc6575df1695d51fc09b050910fab519de65

Summary: TSIA

Test Plan: N/A

Reviewers: vihang, michelle

Reviewed By: vihang, michelle

JIRA Issues: PC-1094

Differential Revision: https://phab.corp.pixielabs.ai/D9324

GitOrigin-RevId: ae0dcd4f0aba239d306f5bc530c67e68e8a6df0d

Summary:
This includes commit https://github.com/libuv/libuv/commit/c9406ba0e3d67907c1973a71968b89a6bd83c63c
which I believe fixes the crash in P131.

Test Plan: skaffold deploy vizier.

Reviewers: zasgar, michelle, nserrino, #third_party_approvers

Reviewed By: michelle, #third_party_approvers

JIRA Issues: PP-2891

Differential Revision: https://phab.corp.pixielabs.ai/D9323

GitOrigin-RevId: d684ea66bad293bc5b035ef6e74676b2858db8ff

Summary: Following D9316, idmanager is basically unused and creates a web of deps that don't need to be around. Cleaning this up.

Test Plan: Tested on skaffold and invite still works, the only feature that previously depended on the idmanager.

Reviewers: vihang, michelle, vjain

Reviewed By: vihang

Differential Revision: https://phab.corp.pixielabs.ai/D9317

GitOrigin-RevId: 512c9c895c4216472dfb2fe35129f831b812ae27

Summary:
After moving InviteUser to authpb, we still had these leftover methods sitting around. Deprecating the profile function and removing references to idmanager as part of cleanup.

Reviewers-> Let me know if this is a fine way to deprecate a function or if I should go ahead and remove the method entirely. It's unused internally at the moment.

Test Plan: deploy public cloud with skaffold and invites still work.

Reviewers: vihang, michelle

Reviewed By: vihang

Differential Revision: https://phab.corp.pixielabs.ai/D9316

GitOrigin-RevId: 4892a983daf6302101a08a789c4922d2e4a2dfc3

Summary: Preparing for additional work of more principled approach of role setting for tracing.

Test Plan: Jenkins

Reviewers: #stirling, jps

Reviewed By: #stirling, jps

Differential Revision: https://phab.corp.pixielabs.ai/D9321

GitOrigin-RevId: fbe4eeed422b87cabb732343ab8d4ed3274e6656

Summary:
We were seeing issues where NATS would restart and PEMs/Kelvin would
fail to reconnect to it. It seemed like this was due to issues in the underlying
nats.c lib and that upgrading it would solve our issues.
(See https://github.com/nats-io/nats.c/pull/426 https://github.com/nats-io/nats.c/pull/413 )

So let's try to upgrade to the latest version of `nats.c`

Note: Leaving `NATS_BUILD_TLS_FORCE_HOST_VERIFY = On` doesn't seem to work.
It causes our natcConnect to error with `NATS_SSL_ERROR, "unable to set expected hostname"`
Disabling seems fine for now, but we might want to investigate this further.

Test Plan:
`skaffold` vizier. Make sure it builds and works. Kill the `pl-nats-1`
pod and wait for it to restart. The cluster should take a minute or two but
eventually should become healthy again and be able to run queries.

Reviewers: zasgar, michelle, nserrino, #third_party_approvers

Reviewed By: michelle, #third_party_approvers

JIRA Issues: PP-2867

Differential Revision: https://phab.corp.pixielabs.ai/D9314

GitOrigin-RevId: 8dfa1205b3110128ab2a8f791233d2fc641257ee

Summary:
currently, when we create the claims for a user using an API key, we create the UserClaims for the user who created the API key. this can lead to problems if the user has been deleted. the API key should still be valid, since it is actually tied to the org.
allowed userClaims to be set as an "API user claim" using a boolean.

Test Plan: unit tests, deployed to staging and tested API key

Reviewers: zasgar, vihang

Reviewed By: zasgar

JIRA Issues: PC-1092

Differential Revision: https://phab.corp.pixielabs.ai/D9319

GitOrigin-RevId: 7871fb5cbeb7628498671b461ac717e2f6009a8f

Summary:
we want to support login using the API key, outside of embed mode.
this diff updates the regular LoginHandler to include the api key logic that was added for the embed

Test Plan: CLI

Reviewers: zasgar

Reviewed By: zasgar

Differential Revision: https://phab.corp.pixielabs.ai/D9309

GitOrigin-RevId: 523e41b4258413c2469276d129f0eba23efa5172

Test Plan: Jenkins

Reviewers: #stirling, oazizi

Reviewed By: #stirling, oazizi

Differential Revision: https://phab.corp.pixielabs.ai/D9320

GitOrigin-RevId: 5dc130bce3e99dd402a12317b169ae1578b8ccef

Summary: TSIA, just some cleanup on lint warnings.

Test Plan: N/A

Reviewers: zasgar, michelle

Reviewed By: michelle

Differential Revision: https://phab.corp.pixielabs.ai/D9307

GitOrigin-RevId: 9be8927135bb8873760c49919e8fdc5bd37ca549

Summary: In Chrome, the default settings prevent `localStorage` from being accessed cross-origin while in incognito mode. When Pixie is embedded by New Relic One, the embedded frame is considered cross-origin. Thus, all `localStorage` access needs to be wrapped in `try/catch`.

Test Plan: This is a little tricky. See the [Notion guide](https://www.notion.so/pixielabs/Testing-embedded-Pixie-web-UI-62568eb507b0473e8fc5b24aea2bfd14) for testing the embed locally. Remember to use a separate hostname to access the embed script, to ensure cross-origin rules apply. You'll need to use an Incognito window in Chrome to verify this particular fix.

Reviewers: michelle, vihang

Reviewed By: michelle

JIRA Issues: PC-1089

Differential Revision: https://phab.corp.pixielabs.ai/D9315

GitOrigin-RevId: d69bb4e8bc450c044c0432de52a22c6b14de9329

Summary: Tweak for consistent behavior between the symbolizers

Test Plan: Updated the test case

Reviewers: #stirling, jps

Reviewed By: #stirling, jps

Differential Revision: https://phab.corp.pixielabs.ai/D9297

GitOrigin-RevId: 957da66f8447393afe8151a0d5538de05973e960

Summary:
Enable use of different symbolizers for user and kernel space.

Important, since the ElfReader symbolizer doesn't handle kernel symbols.

Test Plan: Existing tests.

Reviewers: #stirling, jps

Reviewed By: #stirling, jps

Subscribers: jps

Differential Revision: https://phab.corp.pixielabs.ai/D9296

GitOrigin-RevId: dc27c10346d0a23f0171268478f542d8c889fd17

Summary:
This is currently done in the CLI deploy, but we want the logic to exist for all deploy methods.
WIll remove in CLI deploy once everyone uses the operator.

Test Plan: ran it with and without storage classes

Reviewers: michelle, vjain

Reviewed By: michelle, vjain

JIRA Issues: PP-2873

Differential Revision: https://phab.corp.pixielabs.ai/D9303

GitOrigin-RevId: e760e2995909bc963b0768630536680266602459

Summary:
We want our consumer of v2c to be a Durable so that we don't have to re-ingest v2c messages that we've already processed (and thought to be the cause of PC-1090). We also need to make the subscriber a queue subscribe to handle the case where two vzmgr pods are running simultaneously during a release rollout (see comment on QueueSubscribe in indexer/md/md.go).

If you're comparing the two, it's important to note that we don't care about index updating for this QueueSubscribe so we don't use the Index name anywhere. Anything that's pushed on the Indexer stream can be reread by Indexer consumers By changing the durable names.

Test Plan: Tested on skaffold and updates still propagate as expected (update in cluster pod should show up in the autocomplete which uses data from the indexer).

Reviewers: vihang, michelle, vjain

Reviewed By: michelle

JIRA Issues: PC-1090

Differential Revision: https://phab.corp.pixielabs.ai/D9308

GitOrigin-RevId: 3ca414035fd43063426390e1adc29de84bc52c47

Summary: Don't index non function symbols (like variables) to save some memory.

Test Plan: Existing tests

Reviewers: #stirling, jps

Reviewed By: #stirling, jps

Differential Revision: https://phab.corp.pixielabs.ai/D9301

GitOrigin-RevId: cfd1ddcae720708be77b766ab914b72a42ac40d9

Summary: Unable to repro the HasColumn issue, so adding some more info if we see that again on a customer cluster.

Test Plan: n/a

Reviewers: nserrino

Reviewed By: nserrino

Differential Revision: https://phab.corp.pixielabs.ai/D9302

GitOrigin-RevId: d2f4265a5330e92f5f70558d2621d752125dde6d

Summary: Pick up Sentry DSN from Cloud, fill out in template

Test Plan: manual

Reviewers: nserrino, michelle

Reviewed By: michelle

JIRA Issues: PP-2811

Differential Revision: https://phab.corp.pixielabs.ai/D9151

GitOrigin-RevId: 706beecc3ffd3c7bd96d2d96722aa515b4d5f218

Summary: It was previously deploying to `default` which made it confusing to find

Test Plan: ran it and the operator shows up in the right spot

Reviewers: michelle, vjain

Reviewed By: vjain

Differential Revision: https://phab.corp.pixielabs.ai/D9293

GitOrigin-RevId: 0e2abae42975550d71dfddbbdf6db9ae5623b3b3

Summary: Fixes a segfault that was caused by a dangling std::function being called after its bound object had been deleted. This was introduced by my changes because I got rid of an unrelated lock that happened to be held whilst the function was called, and whilst deleting the handle to the function.

Test Plan: Added test that fails on main in tsan but passes with this fix.

Reviewers: nserrino

Reviewed By: nserrino

JIRA Issues: PP-2880, PP-2881

Differential Revision: https://phab.corp.pixielabs.ai/D9299

GitOrigin-RevId: d4b9fa3cac00f17a1ce4439c21223fdb009cc402

Summary: We are exposing this service to the operator, so we need to add it to the ingress

Test Plan: n/a

Reviewers: nserrino, vjain

Reviewed By: nserrino

Differential Revision: https://phab.corp.pixielabs.ai/D9300

GitOrigin-RevId: 36e7b0522a68925524f3d5304e3afab7c57057d7

Summary: Might be my newer kernel, but found another possible symbol name.

Test Plan: This is a test

Reviewers: #stirling, yzhao

Reviewed By: #stirling, yzhao

Differential Revision: https://phab.corp.pixielabs.ai/D9295

GitOrigin-RevId: ef5759774b4b7f2102f34cbdceb163234795d98a

PC-1090: Fix issue where we unnecessarily request old updates even though we've already queued updates to the indexer.

Summary:
Now we init the vzstate based on what's on the index channel/stream. This avoids the problem of reloading unnecessary data from the v2c stream and pushing unnecessary data to MetadataIndex stream.

This lucidchart lays it all out: https://lucid.app/lucidchart/6926d476-249b-4afd-8ac4-57b07e6569af/edit

Test Plan: Added a test that makes sure we actually check the last entry on the channel before we proceed.

Reviewers: vihang, michelle, zasgar, vjain

Reviewed By: vihang

JIRA Issues: PC-1090

Differential Revision: https://phab.corp.pixielabs.ai/D9285

GitOrigin-RevId: a819c3496475e7f459ce86877eaded85dbca7026

Summary:
Found out that the getMissingUpdates call actually expects an extra response from the metadata request. Basically a simple off by 1 error. Our tests also hid this from us because we didn't check to make sure the processVizeirUpdates didn't send extra updates.

1. Updated the expectation in the getMissingUpdates request (-1)
2. Updated tests to make sure we check for extra indexer updates
3. Updated tests to compare value of updates that we do receive to expected value

Test Plan: updated tests

Reviewers: vihang, michelle

Reviewed By: vihang

JIRA Issues: PC-1090

Differential Revision: https://phab.corp.pixielabs.ai/D9290

GitOrigin-RevId: 21ba4a598ff5280baa85b42948d9e7fa8837a4f8

Summary: Adds flexible versiong for Kafka.

Test Plan: existing tests.

Reviewers: #stirling, oazizi

Reviewed By: #stirling, oazizi

Subscribers: oazizi

Differential Revision: https://phab.corp.pixielabs.ai/D9263

GitOrigin-RevId: b5b54efd81dad758839308794ed37aa5e8dbf3ba