fix(connector): add gRPC keepalive and default UNAVAILABLE retry policy

[pingsutw]

Why are the changes needed?

Connector task RPCs (CreateTask/GetTask/DeleteTask) frequently traverse an L7 gateway — e.g. the Knative/Kourier Envoy gateway that fronts connector services. That gateway reaps idle HTTP/2 connections and sends GOAWAY/drain on routing changes (which happen routinely as Knative revisions scale). The connector plugin caches one *grpc.ClientConn per endpoint for the process lifetime, so when the gateway closes the connection the cached client only discovers it on the next RPC, which then fails with:

rpc error: code = Unavailable desc = connection error: desc =
"error reading server preface: ... use of closed network connection"

surfacing to users as failed to create task from connector .... Today the client sets no keepalive and no retry policy (unless a deployment happens to specify DefaultServiceConfig), so a single reaped connection fails the in-flight task RPC.

What changes were proposed in this pull request?

In flyteplugins/go/tasks/plugins/webapi/connector:

1. Keepalive (primary fix). getGrpcConnection now always sets keepalive.ClientParameters{Time: 30s, Timeout: 10s, PermitWithoutStream: true} so long-lived connector connections are not reaped while idle and a half-dead connection is detected proactively instead of on the next RPC.
2. Default service config with retry. Introduced a package-level defaultGRPCServiceConfig (round-robin LB + retryPolicy retrying only UNAVAILABLE, with exponential backoff, plus retryThrottling to avoid hammering a connector that is genuinely down). getGrpcConnection falls back to it when a Deployment does not set its own DefaultServiceConfig, so every deployment (DefaultConnector, connectors, connectorApps) gets LB + retry uniformly without per-deployment config. Per-deployment DefaultServiceConfig still overrides.

UNAVAILABLE is the only retried code: the "server preface" failure means the request was never delivered, so retrying is safe; the connector's async create/get/delete are keyed by task-execution-id so retries are idempotent.

How was this patch tested?

Unit tests added/updated in the same package (go test ./go/tasks/plugins/webapi/connector/... passes, go vet and gofmt clean):

• TestDefaultGRPCServiceConfig — asserts the default config is valid JSON (grpc silently ignores malformed configs), uses round_robin, targets flyteidl2.connector.AsyncConnectorService, retries only UNAVAILABLE, and includes retryThrottling.
• TestGetGrpcConnection — verifies the empty→fallback path and that a deployment-specific DefaultServiceConfig still takes precedence.
• Updated TestDefaultAgentConfig for the new empty default.

Labels

• fixed

Check all the applicable boxes

• I updated the documentation accordingly.
• All new and existing tests passed.
• All commits are signed-off.

[Copilot]

Pull request overview

This PR updates the connector gRPC client defaults to make long-lived connector RPC connections more resilient to idle gateway connection reaping and transient UNAVAILABLE errors.

Changes:

• Adds a default gRPC service config with round-robin load balancing, UNAVAILABLE retries, and retry throttling.
• Adds client-side keepalive parameters for connector gRPC connections.
• Updates default config and unit tests to reflect the new fallback behavior.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File	Description
flyteplugins/go/tasks/plugins/webapi/connector/client.go	Adds default service config fallback and keepalive dial options.
flyteplugins/go/tasks/plugins/webapi/connector/config.go	Leaves default connector service config empty so client fallback applies.
flyteplugins/go/tasks/plugins/webapi/connector/config_test.go	Updates default config expectations.
flyteplugins/go/tasks/plugins/webapi/connector/client_test.go	Adds tests for default service config structure and connection fallback behavior.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[pingsutw]

Thanks, but this isn't needed for the grpc-go version we use (v1.81.1). The core google.golang.org/grpc package already registers round_robin for us: clientconn.go (which is package grpc) has

// google.golang.org/grpc/clientconn.go:55
_ "google.golang.org/grpc/balancer/roundrobin"           // To register roundrobin.

and roundrobin's init() calls balancer.Register(...). Since this file already imports google.golang.org/grpc, the balancer is registered as soon as the package loads — no separate blank import required. The manual blank import was only necessary in much older grpc-go releases (pre ~v1.36) before that import was folded into clientconn.go.

Also, {"loadBalancingConfig":[{"round_robin":{}}]} was already the prior default service config and is in use in production, so there's no silent fallback here.

[pingsutw]

Good catch — this is valid, and the enforcement is cross-language (grpcio/Python servers run on C-core, whose defaults match grpc-go: min_recv_ping_interval_without_data = 5m, max_ping_strikes = 2, permit_without_calls = false), so unconditional aggressive keepalive could indeed trigger GOAWAY "too_many_pings" on a directly-reached connector.

Fixed: keepalive is now opt-in per Deployment via a new KeepaliveConfig, and getGrpcConnection applies it only when configured (default off). So directly-reached grpc-go/grpcio connectors get no idle pings. Keepalive is enabled only for connectors fronted by an L7 gateway (Knative/Kourier Envoy) where the pings terminate at Envoy rather than the connector's grpc server. The UNAVAILABLE retry policy remains always-on as the universal safety net.

[Copilot]

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

[Copilot]

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.