feat: add gateway pools for high-availability failover#6050
Open
feat: add gateway pools for high-availability failover#6050
Conversation
|
Preview deployment for your docs. Learn more about Mintlify Previews.
💡 Tip: Enable Workflows to automatically generate PRs for you. |
Collaborator
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
Introduces gateway pools as an enterprise feature that provides automatic failover when a gateway goes down. The platform picks a random healthy member from the pool at request time. Backend: - New tables: gateway_pools, gateway_pool_memberships - gatewayPoolId column on identity_kubernetes_auths - Full CRUD + membership API under /api/v2/gateway-pools - Connected resources endpoint for pools - RBAC with separate GatewayPool permission subject - Enterprise license gate on all pool endpoints - Audit log events for pool CRUD and membership changes - Random healthy gateway selection via pickRandomHealthyGateway Frontend: - Gateway Pools sub-tab with segmented toggle in Gateways page - Pool detail sheet (v3) with member management and health checks - Reusable GatewayPicker component with grouped sections - Pool health badges, connected resources drawer - Kubernetes auth form updated to support pool selection - Enterprise upgrade prompt for non-enterprise users
- Add org-scoping check when attaching gateway pool to k8s auth - Wrap pool deletion count+delete in transaction to prevent race condition - Add MAX_GATEWAY_POOLS_PER_ORG=50 limit with advisory lock - Add orgId parameter to findByIdWithMembers DAL method - Fix useAddIdentityKubernetesAuth invalidating wrong query key
- Add gatewayPool: false to getDefaultOnPremFeatures free-tier defaults - Add gatewayPool: false to test mock license-fns - Remove MAX_GATEWAY_POOLS_PER_ORG limit and advisory lock
- Use slugSchema for pool names (max 32, lowercase alphanumeric + hyphens) - Match gateway form pattern: manual state + safeParse on submit - Add client-side name uniqueness check before API call - Close Add Gateway popover after selecting a gateway - Update migration column width to match slug max length
bernie-g
force-pushed
the
feat/gateway-pools
branch
from
a40c5b4 to
c558d9f
Compare
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 6eb9042d6e
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
- Move connected resources count to DAL subquery (eliminates N+1) - Fix PoolDetailSheet treating null health status as unreachable - Remove dead CreateGatewayPool advisory lock constant - Remove spurious gateway pool invalidation from Azure auth delete - Add warning log for unhealthy pool during k8s auth update - Fix nullish coalescing dropping explicit null on gatewayPoolId clear
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Context
When a gateway goes down, every feature that depends on it (dynamic secrets, k8s auth, PAM) stops working with no failover. Gateway Pools solve this by allowing users to create a named collection of gateways sharing network access. The platform picks a random healthy member at request time, providing automatic failover.
This is an enterprise-only feature. V1 scope: only Kubernetes auth supports pool selection. Other consumers (dynamic secrets, PAM, app connections) keep gateway-only selection and will be added in follow-ups.
New API endpoints:
POST/GET/PATCH/DELETE /api/v2/gateway-pools(pool CRUD)POST/DELETE /api/v2/gateway-pools/:poolId/memberships(member management)GET /api/v2/gateway-pools/:poolId/resources(connected resources)gatewayPoolIdDatabase changes:
gateway_poolstable (id, orgId, name)gateway_pool_membershipsjoin table (many-to-many, CASCADE deletes)gatewayPoolIdcolumn onidentity_kubernetes_auths(FK, SET NULL on delete)Screenshots
Steps to verify the change
Type
Checklist
type(scope): short description(scope is optional, e.g.,fix: prevent crash on syncorfix(api): handle null response).