Summary:
MetadataReader is slow to startup and causes vzmgr to fail the
liveliness probe. Start serving requests without blocking on metadata reader
so that liveliness passes. Add a `readyz` handler that waits for metadatareader
so that we won't be added to the service loadbalancer until actually ready.

Test Plan: skaffold dev

Reviewers: michelle, philkuz

Reviewed By: michelle, philkuz

Differential Revision: https://phab.corp.pixielabs.ai/D9365

GitOrigin-RevId: a8d93000c00f93faa10418979e4d109a0e718f60

Summary: The parent frame of embedded Pixie may want to track its own analytics. this sends postMessages to the parent for events such as urlChanges (will help them know which script/time has been selected), and result rendering time.

Test Plan: yarn dev

Reviewers: vihang, zasgar

Reviewed By: vihang

Differential Revision: https://phab.corp.pixielabs.ai/D9367

GitOrigin-RevId: 363432f1a6cf0e792eb66e108975d0c1ef7365b7

Summary: They weren't noticing a window resize before.

Test Plan: Try running `px/pod` and resizing the window after the charts render. They should now update to fit their containers as this happens rather than ignoring the change.

Reviewers: michelle, vihang

Reviewed By: michelle

JIRA Issues: PC-1101

Differential Revision: https://phab.corp.pixielabs.ai/D9366

GitOrigin-RevId: b513b3802ddf2ca63f3c1eb11712eaa4e4da9226

Summary:
The outer type coersion caused me to miss the fact that `results`
was a required prop. Dropping the type coersion made the string literal type
checking unhappy. Using `as const` as pointed out by @nlanam and supplying the
required `results` field all the time fixes all problems.

Test Plan: Should get rid of the sentry error about missing `queryId`

Reviewers: nlanam, michelle, nserrino

Reviewed By: nlanam

Subscribers: nlanam

Differential Revision: https://phab.corp.pixielabs.ai/D9363

GitOrigin-RevId: 4b6a19e2503f7030df871aea5f9e39a9d56c6e69

Test Plan: n/a

Reviewers: nserrino

Reviewed By: nserrino

Differential Revision: https://phab.corp.pixielabs.ai/D9342

GitOrigin-RevId: 8280b7352616a8af55cf21445906ac000ffebe5a

Summary: If unsub fails, the error doesn't get propagated out, instead a nil error gets passed out which then causes a nil pointer error.

Test Plan: Tests don't break, still need to see what causes the underlying bug that gave us some issues.

Reviewers: vihang, michelle

Reviewed By: vihang, michelle

Differential Revision: https://phab.corp.pixielabs.ai/D9362

GitOrigin-RevId: 60b9d85b84a3e7d25cd87e8e1083f7e0550fe656

Summary:
We are updating our vizier phases to better match the lifecyle of our vizier.
also added a "reason" field, to match k8s' reasons, which the operator will use to track finer-grained states.

the next change will add healthcheck logic to the operator so that the operator's states will better match cloudconn's states.

Test Plan: n/a

Reviewers: nserrino, vihang, zasgar

Reviewed By: vihang

JIRA Issues: PP-2875

Differential Revision: https://phab.corp.pixielabs.ai/D9348

GitOrigin-RevId: e1ea2e3b15959ae2238d3ac44666b8f2551fe9a0

Summary: pip package required pkg-resources package which is a bug in the way Ubuntu provides metadata to pip [documented here](https://github.com/plone/training/issues/278). Removed the unnecessary package and things seem to work.

Test Plan: Was able to install package in test repo. Need to push and test to actual public repo next.

Reviewers: vihang, jamesbartlett, #third_party_approvers

Reviewed By: vihang, #third_party_approvers

Differential Revision: https://phab.corp.pixielabs.ai/D9349

GitOrigin-RevId: bda55b34b6108965180c168a5735718f6f4016d7

Summary: This enables the generational cache so that the profiler's symbol cache memory use is not unbounded.

Test Plan: Underlying module tests. And some manual testing.

Reviewers: #stirling, jps

Reviewed By: #stirling, jps

Subscribers: jps

Differential Revision: https://phab.corp.pixielabs.ai/D9177

GitOrigin-RevId: ae10d00bab3a9e2ad36e757856d2eff3e7f15620

Summary: We need to pull the cloud address from the vizier spec if possible.

Test Plan: Manual tested both cases (with and without CRD)

Reviewers: michelle, vjain

Reviewed By: michelle

JIRA Issues: PP-2813

Differential Revision: https://phab.corp.pixielabs.ai/D9233

GitOrigin-RevId: 82eea00145a095532be5e90c6d6a5a28a73faa71

Summary: This is just a nit: we refer to CRDs elsewhere, but crds in the first line of the deploy steps.

Test Plan: n/a

Reviewers: michelle

Reviewed By: michelle

Differential Revision: https://phab.corp.pixielabs.ai/D9347

GitOrigin-RevId: 68730a8d0de98bc36b7dec92d6a4e3eeb7cc9583

Summary:
TSIA. Changes proto name too but that should be safe since there are
no consumers in prod yet.

Test Plan: N/A

Reviewers: zasgar, michelle

Reviewed By: michelle

Differential Revision: https://phab.corp.pixielabs.ai/D9355

GitOrigin-RevId: 56f837af63eb357a4bb8c80ff31e4d90332b5b93

Summary: concatMap preserves order while mergeMap doesn't.

Test Plan:
Ran it with encryption/decryption logic that slows down table data
events. Made sure that the stats came after the table data.

Reviewers: michelle

Reviewed By: michelle

Differential Revision: https://phab.corp.pixielabs.ai/D9353

GitOrigin-RevId: 5fc17c4888470a9997ccd944823bc2cfb3e8ae46

Summary:
Observables are wrapped and one can just `throw` errors in the map
operators, however I missed the fact that this was not in the observable yet
and needed to be a oberver call.

Test Plan: No errors in console logs when queries are interrupted.

Reviewers: michelle

Reviewed By: michelle

Differential Revision: https://phab.corp.pixielabs.ai/D9352

GitOrigin-RevId: 76c09252bef5a44004e0656e53a3e0978da507eb

Summary: This fixes the cluster status view on the admin page.

Test Plan: `yarn dev`

Reviewers: michelle

Reviewed By: michelle

Differential Revision: https://phab.corp.pixielabs.ai/D9351

GitOrigin-RevId: 8614bd3c354b52a8e9e6acb6ce8fa4a786908233

Summary: We want cloud to pass the sentry info to Vizier via the CRD. Additionally, discovered while adapting this diff that we were not doing basic text linting on protobuf, so that is fixed now.

Test Plan: will run an e2e test locally

Reviewers: michelle, vihang

Reviewed By: vihang

JIRA Issues: PP-2814

Differential Revision: https://phab.corp.pixielabs.ai/D9345

GitOrigin-RevId: 982f573f87c0403312ce31398917912e6469becb

Summary: we are updating our CLI to login using GRPC rather than HTTP. This diff implements the AuthService in our API service.

Test Plan: patched in D9333, and ran px auth login.

Reviewers: zasgar, vihang

Reviewed By: vihang

JIRA Issues: PC-1096

Differential Revision: https://phab.corp.pixielabs.ai/D9340

GitOrigin-RevId: ba0b06c4f30d299cac385366731ff8b3e13f1e0a

Summary:
I updated the operator dev cloudAddr to be the same as vizier's dev cloudAddr, which was incorrect since that points to vzconn.
the operator should only ever need to point to the api service.

Test Plan: n/a

Reviewers: jamesbartlett

Reviewed By: jamesbartlett

Differential Revision: https://phab.corp.pixielabs.ai/D9344

GitOrigin-RevId: 43ac7ed1cc9bf8224a0f5aa870862f15f95052f7

Summary: Tagged fields were introduced in flexible versions of Kafka to support optional fields.

Test Plan: existing tests.

Reviewers: #stirling, oazizi

Reviewed By: #stirling, oazizi

Subscribers: oazizi

Differential Revision: https://phab.corp.pixielabs.ai/D9277

GitOrigin-RevId: 8d9e4d2a9ea2b936ce5f18acbaf2940f93685b22

Summary:
We were seeing issues where the operator could not connect to dev cloud. that is because it is using the incorrect cloudAddr.
we use this logic to set the cloudAddr for viziers already (see config service), but we were not updating the cloudAddr correctly for the operator itself.

technically, only the change in the operator is necessary. however, I made the additional change to the CLI since the operator needs to be heavily tested before its next release, so the CLI change will temporarily unblock for now

Test Plan: n/a

Reviewers: jamesbartlett

Reviewed By: jamesbartlett

Differential Revision: https://phab.corp.pixielabs.ai/D9341

GitOrigin-RevId: 098884b30bd3d0adb11ec51b54d56592cc7eecde

Summary:
we want to store and surface better error messages for Vizier in our UI/CLI/API/etc.
This info will be sent to vzmgr and stored in the db.

Test Plan: n/a

Reviewers: nserrino, vihang

Reviewed By: vihang

Differential Revision: https://phab.corp.pixielabs.ai/D9330

GitOrigin-RevId: 2a06db821be0efe824dd528842ddd89d24f99370

Summary:
We have observables. This should make pipelining data easier. Cleanup
some old code around buffering/cancel/error handling and unify it into the
observables framework.

The happy path seems to work fine, would love some help testing the edgecases.

Test Plan: `yarn dev`

Reviewers: zasgar, michelle, nserrino, nlanam

Reviewed By: nlanam

Subscribers: philkuz

Differential Revision: https://phab.corp.pixielabs.ai/D9338

GitOrigin-RevId: f4da9da2a2c9f8cbe3ba12eae7f3bd721fafac8d

Summary:
we want to add more detail to explain why a vizier is in its current state.
we need to add it to these protos in order to store it in the db and eventually surface it to the UI

Test Plan: n/a

Reviewers: nserrino, vihang

Reviewed By: vihang

Differential Revision: https://phab.corp.pixielabs.ai/D9331

GitOrigin-RevId: ccf00f4c52717c8d3d902b09bac9de37463ebb76

Summary: TSIA

Test Plan: N/A

Reviewers: oazizi

Reviewed By: oazizi

Differential Revision: https://phab.corp.pixielabs.ai/D9335

GitOrigin-RevId: b51c7d996d1ed38b6b8e07f8e8bb8ac53c3a03e5

Summary: TSIA

Test Plan: Test staging/prod proxies

Reviewers: michelle, vihang

Reviewed By: michelle

Differential Revision: https://phab.corp.pixielabs.ai/D9337

GitOrigin-RevId: 9765c551d0689017e5d41cd5a766d76b36bc0e37

Summary: TSIA

Test Plan: Test after deploy

Reviewers: vihang, michelle

Reviewed By: michelle

Differential Revision: https://phab.corp.pixielabs.ai/D9336

GitOrigin-RevId: 2de4a6a6be3388213d95625b2597f9fa6d988a1d

Summary: @vjain left a comment that I forgot to properly address in the diff that added this test. I ran into a bug in a later diff that would've been fixed if this was easier to maintain and the tests were combined. Therefore, decided to dedupe the tests and combine them together.

Test Plan: Ran the test, should pass

Reviewers: vihang, michelle, vjain

Reviewed By: vjain

Subscribers: vjain

Differential Revision: https://phab.corp.pixielabs.ai/D9329

GitOrigin-RevId: ab5e511192d79173eecd1ef7f248e7655a640bcb

Summary:
*TL;DR*: Rebalances how aggressively we update cached GQL data.

Apollo has a few `fetchPolicy` options when asking it to make queries. These ones are relevant for this diff:
- `cache-first`: Query cache first. If it hits, skip the network.
- `cache-and-network`: Query cache and network simultaneously, returning cached results while waiting for network results. Updates the cache when the network call completes.
- `network-only`: Only queries the network, but still updates cache when the network call completes.

When using the `pollInterval` option on a query, the default behavior is like `cache-first` for the initial query and `cache-and-network` for polled requests.

Note: for queries like `selectedClusterInfo`, changing the query variables immediately queries the network as it should.

In the admin page, we instead want to always query the network. In some other Live View components, relying on the cache alone is sufficient. This diff rebalances the settings to match.

Test Plan: Watch graphQL calls in the dev tools when checking each admin tab, and when messing with the cluster selection in the breadcrumbs of the live view. Data should no longer start stale in most places.

Reviewers: michelle, vihang

Reviewed By: michelle

JIRA Issues: PC-1091

Differential Revision: https://phab.corp.pixielabs.ai/D9325

GitOrigin-RevId: c2b22df858053745b3fdbbc6de67084af2c11235

Summary:
There was an incorrect usage of go channels causing a hang on the healthcheck, and since a lock was being held during the entire healthcheck, it would cause all future healthchecks to hang.

I fixed both the channel issue in LaunchQuery, and the lock being held during the CheckHealth call.

Test Plan: Added test for LaunchQuery hang. Tested on skaffold.

Reviewers: nserrino, michelle, vihang

Reviewed By: vihang

JIRA Issues: PP-2884

Differential Revision: https://phab.corp.pixielabs.ai/D9322

GitOrigin-RevId: 5d71dc6575df1695d51fc09b050910fab519de65

Summary: TSIA

Test Plan: N/A

Reviewers: vihang, michelle

Reviewed By: vihang, michelle

JIRA Issues: PC-1094

Differential Revision: https://phab.corp.pixielabs.ai/D9324

GitOrigin-RevId: ae0dcd4f0aba239d306f5bc530c67e68e8a6df0d

Summary:
This includes commit https://github.com/libuv/libuv/commit/c9406ba0e3d67907c1973a71968b89a6bd83c63c
which I believe fixes the crash in P131.

Test Plan: skaffold deploy vizier.

Reviewers: zasgar, michelle, nserrino, #third_party_approvers

Reviewed By: michelle, #third_party_approvers

JIRA Issues: PP-2891

Differential Revision: https://phab.corp.pixielabs.ai/D9323

GitOrigin-RevId: d684ea66bad293bc5b035ef6e74676b2858db8ff

Summary: Following D9316, idmanager is basically unused and creates a web of deps that don't need to be around. Cleaning this up.

Test Plan: Tested on skaffold and invite still works, the only feature that previously depended on the idmanager.

Reviewers: vihang, michelle, vjain

Reviewed By: vihang

Differential Revision: https://phab.corp.pixielabs.ai/D9317

GitOrigin-RevId: 512c9c895c4216472dfb2fe35129f831b812ae27

Summary:
After moving InviteUser to authpb, we still had these leftover methods sitting around. Deprecating the profile function and removing references to idmanager as part of cleanup.

Reviewers-> Let me know if this is a fine way to deprecate a function or if I should go ahead and remove the method entirely. It's unused internally at the moment.

Test Plan: deploy public cloud with skaffold and invites still work.

Reviewers: vihang, michelle

Reviewed By: vihang

Differential Revision: https://phab.corp.pixielabs.ai/D9316

GitOrigin-RevId: 4892a983daf6302101a08a789c4922d2e4a2dfc3

Summary: Preparing for additional work of more principled approach of role setting for tracing.

Test Plan: Jenkins

Reviewers: #stirling, jps

Reviewed By: #stirling, jps

Differential Revision: https://phab.corp.pixielabs.ai/D9321

GitOrigin-RevId: fbe4eeed422b87cabb732343ab8d4ed3274e6656

Summary:
We were seeing issues where NATS would restart and PEMs/Kelvin would
fail to reconnect to it. It seemed like this was due to issues in the underlying
nats.c lib and that upgrading it would solve our issues.
(See https://github.com/nats-io/nats.c/pull/426 https://github.com/nats-io/nats.c/pull/413 )

So let's try to upgrade to the latest version of `nats.c`

Note: Leaving `NATS_BUILD_TLS_FORCE_HOST_VERIFY = On` doesn't seem to work.
It causes our natcConnect to error with `NATS_SSL_ERROR, "unable to set expected hostname"`
Disabling seems fine for now, but we might want to investigate this further.

Test Plan:
`skaffold` vizier. Make sure it builds and works. Kill the `pl-nats-1`
pod and wait for it to restart. The cluster should take a minute or two but
eventually should become healthy again and be able to run queries.

Reviewers: zasgar, michelle, nserrino, #third_party_approvers

Reviewed By: michelle, #third_party_approvers

JIRA Issues: PP-2867

Differential Revision: https://phab.corp.pixielabs.ai/D9314

GitOrigin-RevId: 8dfa1205b3110128ab2a8f791233d2fc641257ee

Summary:
currently, when we create the claims for a user using an API key, we create the UserClaims for the user who created the API key. this can lead to problems if the user has been deleted. the API key should still be valid, since it is actually tied to the org.
allowed userClaims to be set as an "API user claim" using a boolean.

Test Plan: unit tests, deployed to staging and tested API key

Reviewers: zasgar, vihang

Reviewed By: zasgar

JIRA Issues: PC-1092

Differential Revision: https://phab.corp.pixielabs.ai/D9319

GitOrigin-RevId: 7871fb5cbeb7628498671b461ac717e2f6009a8f

Summary:
we want to support login using the API key, outside of embed mode.
this diff updates the regular LoginHandler to include the api key logic that was added for the embed

Test Plan: CLI

Reviewers: zasgar

Reviewed By: zasgar

Differential Revision: https://phab.corp.pixielabs.ai/D9309

GitOrigin-RevId: 523e41b4258413c2469276d129f0eba23efa5172

Test Plan: Jenkins

Reviewers: #stirling, oazizi

Reviewed By: #stirling, oazizi

Differential Revision: https://phab.corp.pixielabs.ai/D9320

GitOrigin-RevId: 5dc130bce3e99dd402a12317b169ae1578b8ccef

Summary: TSIA, just some cleanup on lint warnings.

Test Plan: N/A

Reviewers: zasgar, michelle

Reviewed By: michelle

Differential Revision: https://phab.corp.pixielabs.ai/D9307

GitOrigin-RevId: 9be8927135bb8873760c49919e8fdc5bd37ca549

Summary: In Chrome, the default settings prevent `localStorage` from being accessed cross-origin while in incognito mode. When Pixie is embedded by New Relic One, the embedded frame is considered cross-origin. Thus, all `localStorage` access needs to be wrapped in `try/catch`.

Test Plan: This is a little tricky. See the [Notion guide](https://www.notion.so/pixielabs/Testing-embedded-Pixie-web-UI-62568eb507b0473e8fc5b24aea2bfd14) for testing the embed locally. Remember to use a separate hostname to access the embed script, to ensure cross-origin rules apply. You'll need to use an Incognito window in Chrome to verify this particular fix.

Reviewers: michelle, vihang

Reviewed By: michelle

JIRA Issues: PC-1089

Differential Revision: https://phab.corp.pixielabs.ai/D9315

GitOrigin-RevId: d69bb4e8bc450c044c0432de52a22c6b14de9329