consul/website/redirects.js

216 lines
6.4 KiB
JavaScript
Raw Normal View History

/**
* Copyright (c) HashiCorp, Inc.
[COMPLIANCE] License changes (#18443) * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
2023-08-11 13:12:13 +00:00
* SPDX-License-Identifier: BUSL-1.1
*/
// REDIRECTS FILE
// See the README file in this directory for documentation. Please do not
// modify or delete existing redirects without first verifying internally.
// Next.js redirect documentation: https://nextjs.org/docs/api-reference/next.config.js/redirects
Docs/cluster peering 1.15 updates (#16291) * initial commit * initial commit * Overview updates * Overview page improvements * More Overview improvements * improvements * Small fixes/updates * Updates * Overview updates * Nav data * More nav updates * Fix * updates * Updates + tip test * Directory test * refining * Create restructure w/ k8s * Single usage page * Technical Specification * k8s pages * typo * L7 traffic management * Manage connections * k8s page fix * Create page tab corrections * link to k8s * intentions * corrections * Add-on intention descriptions * adjustments * Missing </CodeTabs> * Diagram improvements * Final diagram update * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: David Yu <dyu@hashicorp.com> * diagram name fix * Fixes * Updates to index.mdx * Tech specs page corrections * Tech specs page rename * update link to tech specs * K8s - new pages + tech specs * k8s - manage peering connections * k8s L7 traffic management * Separated establish connection pages * Directory fixes * Usage clean up * k8s docs edits * Updated nav data * CodeBlock Component fix * filename * CodeBlockConfig removal * Redirects * Update k8s filenames * Reshuffle k8s tech specs for clarity, fmt yaml files * Update general cluster peering docs, reorder CLI > API > UI, cross link to kubernetes * Fix config rendering in k8s usage docs, cross link to general usage from k8s docs * fix legacy link * update k8s docs * fix nested list rendering * redirect fix * page error --------- Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: David Yu <dyu@hashicorp.com> Co-authored-by: Tu Nguyen <im2nguyen@gmail.com>
2023-02-23 17:58:39 +00:00
module.exports = [
{
source: '/consul/docs/connect/cluster-peering/create-manage-peering',
Docs/cluster peering 1.15 updates (#16291) * initial commit * initial commit * Overview updates * Overview page improvements * More Overview improvements * improvements * Small fixes/updates * Updates * Overview updates * Nav data * More nav updates * Fix * updates * Updates + tip test * Directory test * refining * Create restructure w/ k8s * Single usage page * Technical Specification * k8s pages * typo * L7 traffic management * Manage connections * k8s page fix * Create page tab corrections * link to k8s * intentions * corrections * Add-on intention descriptions * adjustments * Missing </CodeTabs> * Diagram improvements * Final diagram update * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: David Yu <dyu@hashicorp.com> * diagram name fix * Fixes * Updates to index.mdx * Tech specs page corrections * Tech specs page rename * update link to tech specs * K8s - new pages + tech specs * k8s - manage peering connections * k8s L7 traffic management * Separated establish connection pages * Directory fixes * Usage clean up * k8s docs edits * Updated nav data * CodeBlock Component fix * filename * CodeBlockConfig removal * Redirects * Update k8s filenames * Reshuffle k8s tech specs for clarity, fmt yaml files * Update general cluster peering docs, reorder CLI > API > UI, cross link to kubernetes * Fix config rendering in k8s usage docs, cross link to general usage from k8s docs * fix legacy link * update k8s docs * fix nested list rendering * redirect fix * page error --------- Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: David Yu <dyu@hashicorp.com> Co-authored-by: Tu Nguyen <im2nguyen@gmail.com>
2023-02-23 17:58:39 +00:00
destination:
'/consul/docs/connect/cluster-peering/usage/establish-cluster-peering',
Docs/cluster peering 1.15 updates (#16291) * initial commit * initial commit * Overview updates * Overview page improvements * More Overview improvements * improvements * Small fixes/updates * Updates * Overview updates * Nav data * More nav updates * Fix * updates * Updates + tip test * Directory test * refining * Create restructure w/ k8s * Single usage page * Technical Specification * k8s pages * typo * L7 traffic management * Manage connections * k8s page fix * Create page tab corrections * link to k8s * intentions * corrections * Add-on intention descriptions * adjustments * Missing </CodeTabs> * Diagram improvements * Final diagram update * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: David Yu <dyu@hashicorp.com> * diagram name fix * Fixes * Updates to index.mdx * Tech specs page corrections * Tech specs page rename * update link to tech specs * K8s - new pages + tech specs * k8s - manage peering connections * k8s L7 traffic management * Separated establish connection pages * Directory fixes * Usage clean up * k8s docs edits * Updated nav data * CodeBlock Component fix * filename * CodeBlockConfig removal * Redirects * Update k8s filenames * Reshuffle k8s tech specs for clarity, fmt yaml files * Update general cluster peering docs, reorder CLI > API > UI, cross link to kubernetes * Fix config rendering in k8s usage docs, cross link to general usage from k8s docs * fix legacy link * update k8s docs * fix nested list rendering * redirect fix * page error --------- Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: David Yu <dyu@hashicorp.com> Co-authored-by: Tu Nguyen <im2nguyen@gmail.com>
2023-02-23 17:58:39 +00:00
permanent: true,
},
{
source: '/consul/docs/connect/cluster-peering/usage/establish-peering',
destination:
'/consul/docs/connect/cluster-peering/usage/establish-cluster-peering',
permanent: true,
},
{
source: '/consul/docs/connect/cluster-peering/k8s',
destination: '/consul/docs/k8s/connect/cluster-peering/tech-specs',
Docs/cluster peering 1.15 updates (#16291) * initial commit * initial commit * Overview updates * Overview page improvements * More Overview improvements * improvements * Small fixes/updates * Updates * Overview updates * Nav data * More nav updates * Fix * updates * Updates + tip test * Directory test * refining * Create restructure w/ k8s * Single usage page * Technical Specification * k8s pages * typo * L7 traffic management * Manage connections * k8s page fix * Create page tab corrections * link to k8s * intentions * corrections * Add-on intention descriptions * adjustments * Missing </CodeTabs> * Diagram improvements * Final diagram update * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: David Yu <dyu@hashicorp.com> * diagram name fix * Fixes * Updates to index.mdx * Tech specs page corrections * Tech specs page rename * update link to tech specs * K8s - new pages + tech specs * k8s - manage peering connections * k8s L7 traffic management * Separated establish connection pages * Directory fixes * Usage clean up * k8s docs edits * Updated nav data * CodeBlock Component fix * filename * CodeBlockConfig removal * Redirects * Update k8s filenames * Reshuffle k8s tech specs for clarity, fmt yaml files * Update general cluster peering docs, reorder CLI > API > UI, cross link to kubernetes * Fix config rendering in k8s usage docs, cross link to general usage from k8s docs * fix legacy link * update k8s docs * fix nested list rendering * redirect fix * page error --------- Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: David Yu <dyu@hashicorp.com> Co-authored-by: Tu Nguyen <im2nguyen@gmail.com>
2023-02-23 17:58:39 +00:00
permanent: true,
},
{
source: '/consul/docs/connect/intentions#intention-management-permissions',
destination: `/consul/docs/connect/intentions/create-manage-intentions#acl-requirements`,
permanent: true,
},
{
source: '/consul/docs/connect/intentions#intention-basics',
destination: `/consul/docs/connect/intentions`,
permanent: true,
},
{
source: '/consul/docs/connect/transparent-proxy',
destination: '/consul/docs/k8s/connect/transparent-proxy',
permanent: true,
},
{
source: '/consul/docs/agent/limits/init-rate-limits',
destination: '/consul/docs/agent/limits/usage/init-rate-limits',
permanent: true,
},
{
source: '/consul/docs/agent/limits/set-global-traffic-rate-limits',
destination:
'/consul/docs/agent/limits/usage/set-global-traffic-rate-limits',
permanent: true,
},
{
source:
'/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-peers',
destination:
'/consul/docs/connect/cluster-peering/usage/establish-cluster-peering',
permanent: true,
},
{
source: '/consul/docs/enterprise/sentinel',
destination:
'/consul/docs/dynamic-app-config/kv#using-sentinel-to-apply-policies-for-consul-kv',
permanent: true,
},
{
source:
'/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters',
destination: '/consul/docs/k8s/deployment-configurations/multi-cluster',
permanent: true,
},
{
source: '/consul/docs/connect/registration/service-registration',
destination: '/consul/docs/connect/proxies/proxy-config-reference',
permanent: true,
},
{
source: '/consul/docs/connect/registration',
destination: '/consul/docs/connect/proxies/',
permanent: true,
},
{
source: '/consul/docs/connect/registration/sidecar-service',
destination: '/consul/docs/connect/proxies/deploy-sidecar-services',
permanent: true,
},
Docs/ce 477 dataplanes on ecs (#19010) * updated architecture topic * fixed type in arch diagram filenames * fixed path to img file * updated index page - still need to add links * moved arch and tech specs to reference folder * moved other ref topics to ref folder * set up the Deploy folder and TF install topics * merged secure conf into TF deploy instructions * moved bind addr and route conf to their own topics * moved arch and tech specs back to main folder * update migrate-existing-tasks content * merged manual deploy content; added serv conf ref * fixed links * added procedure for upgrading to dataplanes * fixed linked reported by checker * added updates to dataplanes overview page * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Ganesh S <ganesh.seetharaman@hashicorp.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Ganesh S <ganesh.seetharaman@hashicorp.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Ganesh S <ganesh.seetharaman@hashicorp.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Ganesh S <ganesh.seetharaman@hashicorp.com> * updated links and added redirects * removed old architecture content --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Ganesh S <ganesh.seetharaman@hashicorp.com>
2023-10-05 14:33:44 +00:00
{
source: '/consul/docs/ecs/terraform/install',
destination: '/consul/docs/ecs/deploy/terraform',
permanent: true,
},
{
source: '/consul/docs/ecs/terraform/secure-configuration',
destination: '/consul/docs/ecs/deploy/terraform',
permanent: true,
},
{
source: '/consul/docs/ecs/terraform/migrate-existing-tasks',
destination: '/consul/docs/ecs/deploy/migrate-existing-tasks',
permanent: true,
},
{
source: '/consul/docs/ecs/manual/install',
destination: '/consul/docs/ecs/deploy/manual',
permanent: true,
},
{
source: '/consul/docs/ecs/manual/secure-configuration',
destination: '/consul/docs/ecs/deploy/manual',
permanent: true,
},
{
source: '/consul/docs/ecs/manual/acl-controller',
destination: '/consul/docs/ecs/deploy/manual',
permanent: true,
},
{
source: '/consul/docs/ecs/task-resource-usage',
destination: '/consul/docs/ecs/tech-specs',
permanent: true,
},
{
source: '/consul/docs/ecs/requirements',
destination: '/consul/docs/ecs/tech-specs',
permanent: true,
},
{
source: '/consul/docs/ecs/configuration-reference',
destination: '/consul/docs/ecs/reference/configuration-reference',
permanent: true,
},
{
source: '/consul/docs/ecs/compatibility',
destination: '/consul/docs/ecs/reference/compatibility',
permanent: true,
},
Docs/api-gw-jwts-openshift-1-17-x (#19035) * update main apigw overview * moved the tech specs to main gw folder * merged tech specs into single topic * restructure nav part 1 * fix typo in nav json file * moved k8s install up one level * restructure nav part 2 * moved and created all listeners and routes content * moved errors ref and upgrades * fix error in upgrade-k8s link * moved conf refs to appropriate spots * updated conf overview * fixed some links and bad formatting * fixed link * added JWT on VMs usage page * added JWT conf to APIGW conf entry * added JWTs to HTTP route conf entry * added new gatwaypolicy k8s conf reference * added metadesc for gatewaypolicy conf ref * added http route auth filter k8s conf ref * added http route auth filter k8s conf ref to nav * updates to k8s route conf ref to include extensionRef * added JWTs usage page for k8s * fixed link in gwpolicy conf ref * added openshift installation info to installation pages * fixed bad link on tech specs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * fixed VerityClaims param * best guess at verifyclaims params * tweaks to gateway policy dconf ref * Docs/ce 475 retries timeouts for apigw (#19086) * added timeout and retry conf ref for k8s * added retry and TO filters to HTTP routes conf ref for VMs * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * fix copy/paste error in http route conf entry --------- Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * update links across site and add redirects * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> * Applied feedback from review * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Update CRD configuration for responseHeaderModifiers * Update Config Entry for http-route * Add ResponseFilter example to service * Update website/redirects.js errant curly brace breaking the preview * fix links and bad MD * fixed md formatting issues * fix formatting errors * fix formatting errors * Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx * Apply suggestions from code review * fixed typo * Fix headers in http-route * Apply suggestions from code review Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com>
2023-10-10 20:29:55 +00:00
{
source: '/consul/docs/connect/gateways/api-gateway/usage',
destination:
'/consul/docs/connect/gateways/api-gateway/deploy/listeners-vms',
permanent: true,
},
{
Backport of fixed typos in redirect for api gateways into release/1.17.x (#19528) * server: run the api checks against the path without params (#19205) * Clone proto into deepcopy correctly (#19204) * chore: update version and nightly CI for 1.17 (#19208) Update version file to 1.18-dev, and replace 1.13 nightly test with 1.17. * mesh: add validation hook to proxy configuration (#19186) * mesh: add more validations to Destinations resource (#19202) * catalog, mesh: implement missing ACL hooks (#19143) This change adds ACL hooks to the remaining catalog and mesh resources, excluding any computed ones. Those will for now continue using the default operator:x permissions. It refactors a lot of the common testing functions so that they can be re-used between resources. There are also some types that we don't yet support (e.g. virtual IPs) that this change adds ACL hooks to for future-proofing. * NET-5073 - ProxyConfiguration: implement various connection options (#19187) * NET-5073 - ProxyConfiguration: implement various connection options * PR feedback - LocalConnection and InboundConnection do not affect exposed routes. configure L7 route destinations. fix connection proto sequence numbers. * add timeout to L7 Route Destinations * Relplat 897 copywrite bot workarounds (#19200) Co-authored-by: Ronald Ekambi <ronekambi@gmail.com> * mesh: add xRoute ACL hook tenancy tests (#19177) Enhance the xRoute ACL hook tests to cover tenanted situations. These tests will only execute in enterprise. * resource: enforce lowercase v2 resource names (#19218) * mesh: add DestinationPolicy ACL hook tenancy tests (#19178) Enhance the DestinationPolicy ACL hook tests to cover tenanted situations. These tests will only execute in enterprise. * catalog: add FailoverPolicy ACL hook tenancy test (#19179) * docs: Multi-port corrections (#19224) * typo fixes and instruction corrections * typo * link path correction * Add reason why port 53 is not used by default (#19222) * Update dns-configuration.mdx * Update website/content/docs/services/discovery/dns-configuration.mdx Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> * v2tenancy: rename v1alpha1 -> v2beta1 (#19227) * [NET-5944] security: Update Go version to 1.20.10 and `x/net` to 0.17.0 (#19225) * Bump golang.org/x/net to 0.17.0 This resolves [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) / [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). * Update Go version to 1.20.10 This resolves [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) / [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) (`net/http`). * NET-6097 - sidecar proxy controller - give name to first failover policy target (#19239) * Cc 5545: Upgrade HDS packages and modifiers (#19226) * Upgrade @hashicorp/design-system-tokens to 1.9.0 * Upgrade @hashicorp/design-system-components to 1.8.1 * Upgrade @hashicorp/design-system-components and ember-in-viewport * Explicitly install ember-modifier@4.1.0 * rename copy-button * Fix how cleanup is done in with-copyable * Update aria-menu modifier for new structure * Update css-prop modifier to new structure * Convert did-upsert to regular class modifier * Update notification modifier for new structure * Update on-oustside modifier for new structure * Move destroy handler registration in with-copyable * Update style modifier for new structure * Update validate modifier for new structure * Guard against setting on destroyed object * Upgrade @hashicorp/design-system-components to 2.14.1 * Remove debugger * Guard against null in aria-menu * Fix undefined hash in validate addon * Upgrade ember-on-resize-modifier * Fix copy button import, missing import and array destructuring --------- Co-authored-by: wenincode <tyler.wendlandt@hashicorp.com> * [NET-5810] CE changes for multiple virtual hosts (#19246) CE changes for multiple virtual hosts * Net 4893- Ensure we're testing all the latest versions of Vault/Nomad (#19119) * NET-5592 - update Nomad integration testing * NET-4893: Ensure we're testing all the latest versions of Vault/Nomad * docs: Fix example control-plane-request-limit HCL and JSON (#19105) The control-plane-request-limit config entry does not support specifying parameter names in snake case format. This commit updates the HCL and JSON examples to use the supported camel case key format. * test: add 1.17 nightly integrations test (#19253) * fix expose paths (#19257) When testing adding http probes to apps, I ran into some issues which I fixed here: - The listener should be listening on the exposed listener port, updated that. - The listener and route names were pointing to the path of the exposed path. In my test, the path was "/" resulting in an empty string path. Also, the path may not be unique across exposed path listeners, so I decided to use the path+exposed port as the unique identifier. * docs: Multiport HCP constraint update (#19261) * Add sentence * link text adjustment * docs: Fix multi-port install (#19262) * Update configure.mdx Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Prevent circular dependencies between v2 resources and generate a mermaid diagram with their dependencies (#19230) * build(docker): always publish full and minor version tags for dev images (#19278) * fix nightly integration test: envoy version and n-2 version (#19286) * [NET-6221] Ensure LB policy set for locality-aware routing (CE) (#19283) Ensure LB policy set for locality-aware routing (CE) `overprovisioningFactor` should be overridden with the expected value (100,000) when there are multiple endpoint groups. Update code and tests to enforce this. This is an Enterprise feature. This commit represents the CE portions of the change; tests are added in the corresponding `consul-enterprise` change. * fix: allow snake case keys for ip based rate limit config entry (#19277) * fix: allow snake case keys for ip based rate limit config entry * chore: add changelog * reformatted the JSON schema server conf ref (#19288) * acls,catalog,mesh: properly authorize workload selectors on writes (#19260) To properly enforce writes on resources that have workload selectors with prefixes, we need another service authorization rule that allows us to check whether read is allowed within a given prefix. Specifically we need to only allow writes if the policy prefix allows for a wider set of names than the prefix selector on the resource. We should also not allow policies with exact names for prefix matches. Part of [NET-3993] * NET-6239: Temporarily disable verify envoy check (#19299) * skip verify envoy version * cleanup * Update supported Envoy versions (#19276) * mesh: provide missing domain to route configurations in ProxyStateTemplate (#19298) * add empty domains * update unit tests * enable verify envoy script (#19303) * Vault CA bugfixes (#19285) * Re-add retry logic to Vault token renewal * Fix goroutine leak * Add test for detecting goroutine leak * Add changelog * Rename tests * Add comment * Backout Envoy 1.28.0 (#19306) * added ent to ce downgrade changes (#19311) * added ent to ce downgrade changes * added changelog * added busl headers * skip envoy version check in ci (#19315) * Tenancy Bridge v2 (#19220) * tenancy bridge v2 for v2 resources * add missing copywrite headers * remove branch name causing conflicts (#19319) * mesh: ensure route configs are named uniquely per port (#19323) * [NET-5327] Templated policies api/cli docs (#19270) * More templated policies docs (#19312) [NET-5327]More templated policies docs * Fixing docs to add more templated policies references (#19335) * Upgrade Consul UI to Node 18 (#19252) * Upgrading node to node 18 * Ensure we're on latest version of yarn as well * add comma to make frontend tests run * Use Node 18 Alpine image in UI build dockerfile * delete package-lock.json --------- Co-authored-by: wenincode <tyler.wendlandt@hashicorp.com> Co-authored-by: Ella Cai <ella.y.cai@gmail.com> Co-authored-by: Ella Cai <ella@hashicorp.com> * resource: default peername to local in list endpoints (#19340) * Add grpc keepalive configuration. (#19339) Prior to the introduction of this configuration, grpc keepalive messages were sent after 2 hours of inactivity on the stream. This posed issues in various scenarios where the server-side xds connection balancing was unaware that envoy instances were uncleanly killed / force-closed, since the connections would only be cleaned up after ~5 minutes of TCP timeouts occurred. Setting this config to a 30 second interval with a 20 second timeout ensures that at most, it should take up to 50 seconds for a dead xds connection to be closed. * bump raft-wal version to 0.4.1 (#19314) * bump raft-wal version to 0.4.1 * changelog * go mod tidy integration tests * go mod tidy test-integ * NET-5397 - wire up destination golden tests from sidecar-proxy controller for xds controller and xdsv2 (#19167) * NET-5397 - wire up golden tests from sidecar-proxy controller for xds controller and xdsv2 * WIP * WIP * everything matching except leafCerts. need to mock those * single port destinations working except mixed destinations * golden test input to xds controller tests for destinations * proposed fix for failover group naming errors * clean up test to use helper. * clean up test to use helper. * fix test file * add docstring for test function. * add docstring for test function. * fix linting error * fixing test after route fix merged into main * gvk partial inference (#19058) * gvk partial inference * NET-6079 - wire up sidecarproxy golden file inputs into xds controller - sources (#19241) * NET-5397 - wire up golden tests from sidecar-proxy controller for xds controller and xdsv2 * WIP * WIP * everything matching except leafCerts. need to mock those * single port destinations working except mixed destinations * golden test input to xds controller tests for destinations * proposed fix for failover group naming errors * clean up test to use helper. * clean up test to use helper. * fix test file * add docstring for test function. * add docstring for test function. * fix linting error * fixing test after route fix merged into main * first source test works * WIP * modify all source files * source tests pass * fixing tests after bug fix in main * NET-6080 - xds controller golden file inputs into xds resources - destinations (#19244) * NET-5397 - wire up golden tests from sidecar-proxy controller for xds controller and xdsv2 * WIP * WIP * everything matching except leafCerts. need to mock those * single port destinations working except mixed destinations * golden test input to xds controller tests for destinations * proposed fix for failover group naming errors * clean up test to use helper. * clean up test to use helper. * fix test file * add docstring for test function. * add docstring for test function. * fix linting error * fixing test after route fix merged into main * first source test works * WIP * modify all source files * source tests pass * fixing tests after bug fix in main * got first destination working. * adding destinations * fix docstring for test * fixing tests after bug fix in main * NET-6081 - xds controller golden file inputs into xds resources - sources (#19250) * NET-5397 - wire up golden tests from sidecar-proxy controller for xds controller and xdsv2 * WIP * WIP * everything matching except leafCerts. need to mock those * single port destinations working except mixed destinations * golden test input to xds controller tests for destinations * proposed fix for failover group naming errors * clean up test to use helper. * clean up test to use helper. * fix test file * add docstring for test function. * add docstring for test function. * fix linting error * fixing test after route fix merged into main * first source test works * WIP * modify all source files * source tests pass * fixing tests after bug fix in main * got first destination working. * adding destinations * fix docstring for test * fixing tests after bug fix in main * adding source proxies * fixing tests after bug fix in main * got first destination working. * adding destinations * fix docstring for test * fixing tests after bug fix in main * got first destination working. * adding destinations * fix docstring for test * fixing tests after bug fix in main * Use strict DNS for mesh gateways with hostnames (#19268) * Use strict DNS for mesh gateways with hostnames * Add changelog * [NET-6305] xds: Ensure v2 route match and protocol are populated for gRPC (#19343) * xds: Ensure v2 route match is populated for gRPC Similar to HTTP, ensure that route match config (which is required by Envoy) is populated when default values are used. Because the default matches generated for gRPC contain a single empty `GRPCRouteMatch`, and that proto does not directly support prefix-based config, an interpretation of the empty struct is needed to generate the same output that the `HTTPRouteMatch` is explicitly configured to provide in internal/mesh/internal/controllers/routes/generate.go. * xds: Ensure protocol set for gRPC resources Add explicit protocol in `ProxyStateTemplate` builders and validate it is always set on clusters. This ensures that HTTP filters and `http2_protocol_options` are populated in all the necessary places for gRPC traffic and prevents future unintended omissions of non-TCP protocols. Co-authored-by: John Murret <john.murret@hashicorp.com> --------- Co-authored-by: John Murret <john.murret@hashicorp.com> * Add clarification for route match behavior (#19363) * Add clarification for route match behavior * Update website/content/docs/connect/config-entries/service-defaults.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> --------- Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Fix 1.17.x release notes and added templated policies (#19370) * docs - release notes (add enterprise label and example of non compatible service name) (#19377) * Update v1_17_x.mdx * Update v1_17_x.mdx * feat: read resource namespace (#19320) * test: add missing tests for read resource namespace * refactor: remove redundant test * refactor: rename import aliases * fix: typo var name * refctor: remove another redundant test * Net 5875 - Create the Exported Services Resources (#19117) * init * computed exported service * make proto * exported services resource * exported services test * added some tests and namespace exported service * partition exported services * computed service * computed services tests * register types * fix comment * make proto lint * fix proto format make proto * make codegen * Update proto-public/pbmulticluster/v1alpha1/computed_exported_services.proto Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * Update internal/multicluster/internal/types/computed_exported_services.go Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * using different way of resource creation in tests * make proto * fix computed exported services test * fix tests * differnet validation for computed services for ent and ce * Acls for exported services * added validations for enterprise features in ce * fix error * fix acls test * Update internal/multicluster/internal/types/validation_exported_services_ee.go Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * removed the create method * update proto * removed namespace * created seperate function for ce and ent * test files updated and validations fixed * added nil checks * fix tests * added comments * removed tenancy check * added mutation function * fix mutation method * fix list permissions in test * fix pr comments * fix tests * lisence * busl license * Update internal/multicluster/internal/types/helpers_ce.go Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * Update internal/multicluster/internal/types/helpers_ce.go Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * Update internal/multicluster/internal/types/helpers_ce.go Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * make proto * some pr comments addressed * some pr comments addressed * acls helper * some comment changes * removed unused files * fixes * fix function in file * caps * some positioing * added test for validation error * fix names * made valid a function * remvoed patch * removed mutations * v2 beta1 * v2beta1 * rmeoved v1alpha1 * validate error * merge ent * some nits * removed dup func * removed nil check --------- Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * test: add missing tests for list endpoint (#19364) * Add enterprise label for rate limiting (#19384) * test deployer: fix a bug when deploying cluster with various ent images (#19381) * Stop use of templated-policy and templated-policy-file simultaneously (#19389) * Resource Hook Pre-Decode Utilities (#18548) Add some generic type hook wrappers to first decode the data There seems to be a pattern for Validation, Mutation and Write Authorization hooks where they first need to decode the Any data before doing the domain specific work. This PR introduces 3 new functions to generate wrappers around the other hooks to pre-decode the data into a DecodedResource and pass that in instead of the original pbresource.Resource. This PR also updates the various catalog data types to use the new hook generators. * resource: resource service now checks for `v2tenancy` feature flag (#19400) * Fix casing in example yaml config (#19369) * Delete unused files (#19402) * NET-6294 - v1 Agentless proxycfg datasource errors after v2 changes (#19365) * increasing unit tests timeout from 10m to 30m (#19423) * [NET-6138] security: Bump `google.golang.org/grpc` to 1.56.3 (CVE-2023-44487) (#19414) Bump google.golang.org/grpc to 1.56.3 This resolves [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). Co-authored-by: Chris Thain <chris.m.thain@gmail.com> * Update multi-port examples to remove spec.template.metadata.name (#19430) * integ test: snapshot mesh frozen bug test (#19435) * integ test: snapshot mesh frozen bug test * docs - Update k8s compat matrix (#19378) * Update compatibility.mdx * Update README.md (#19413) * Fix typo in kind for JWT config on API Gateway (#19441) * NET-5186 Add NET_BIND_SERVICE capability to consul-dataplane requirements (#18512) * Add NET_BIND_SERVICE capability to list of consul-dataplane requirements * Add link to related Kubernetes documentation Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * added redirect for conf entries 1.8.x (#19460) * Update docs for service splitter example typo (#19469) * Regen expired test certs (#19476) * build: ensure we pull through the hashicorp proxy instead of going directly to the docker hub (#19482) * temporarily disallow L7 traffic permissions (#19322) * Source / local_app golden tests to include all protocols. (#19436) * cover all protocols in local_app golden tests * fix xds tests * updating latest * fix broken test * add sorting of routers to TestBuildLocalApp to get rid of the flaking * [NET-5916] Fix locality-aware routing config and tests (CE) (#19483) Fix locality-aware routing config and tests * testing/deployer: update deployer to use v2 catalog constructs when requested (#19046) This updates the testing/deployer (aka "topology test") framework to conditionally configure and launch catalog constructs using v2 resources. This is controlled via a Version field on the Node construct in a topology.Config. This only functions for a dataplane type and has other restrictions that match the rest of v2 (no peering, no wanfed, no mesh gateways). Like config entries, you can statically provide a set of initial resources to be synced when bringing up the cluster (beyond those that are generated for you such as workloads, services, etc). If you want to author a test that can be freely converted between v1 and v2 then that is possible. If you switch to the multi-port definition on a topology.Service (aka "workload/instance") then that makes v1 ineligible. This also adds a starter set of "on every PR" integration tests for single and multiport under test-integ/catalogv2 * resource: misc finalizer apis (#19474) * testing/deployer: support tproxy in v2 for dataplane (#19094) This updates the testing/deployer (aka "topology test") framework to allow for a v2-oriented topology to opt services into enabling TransparentProxy. The restrictions are similar to that of #19046 The multiport Ports map that was added in #19046 was changed to allow for the protocol to be specified at this time, but for now the only supported protocol is TCP as only L4 functions currently on main. As part of making transparent proxy work, the DNS server needed a new zonefile for responding to virtual.consul requests, since there is no Kubernetes DNS and the Consul DNS work for v2 has not happened yet. Once Consul DNS supports v2 we should switch over. For now the format of queries is: <service>--<namespace>--<partition>.virtual.consul Additionally: - All transparent proxy enabled services are assigned a virtual ip in the 10.244.0/24 range. This is something Consul will do in v2 at a later date, likely during 1.18. - All services with exposed ports (non-mesh) are assigned a virtual port number for use with tproxy - The consul-dataplane image has been made un-distroless, and gotten the necessary tools to execute consul connect redirect-traffic before running dataplane, thus simulating a kubernetes init container in plain docker. * update v2 changelog (#19446) * NET-6319 - L7 routes have statePrefix of upstream. and should have a full path (#19473) * resource: finalizer aware delete endpoint (2 of 5) (#19493) resource: make delete endpoint finalizer aware * build: dependency updates for 1.17.0 (#19453) * chore: apply enterprise changes that were missed to some testing files (#19504) This should align between CE ef35525 and ENT 7f95226dbe40151c8f17dd4464784b60cf358dc1 in: - testing/integration/consul-container - test-integ - testing/deployer * Net-6291/fix/watch resources (#19467) * fix: update watch endpoint to default based on scope * test: additional test * refactor: rename list validate function * refactor: rename validate<Op>Request() -> ensure<Op>RequestValid() for consistency * XDS V1 should not make runs for TCP Disco Chains. (#19496) * XDS V1 should not make runs for TCP Disco Chains. * update TestEnvoyExtenderWithSnapshot * testing: disable v2 linkage to nodes in integration tests (#19509) * Shuffle CICD tests to spread worker load. (#19501) * [NET-6459] Fix issue with wanfed lan ip conflicts. (#19503) Fix issue with wanfed lan ip conflicts. Prior to this commit, the connection pools were unaware which datacenter the connection was associated with. This meant that any time servers with overlapping LAN IP addresses and node shortnames existed, they would be incorrectly co-located in the same pool. Whenever this occurred, the servers would get stuck in an infinite loop of forwarding RPCs to themselves (rather than the intended remote DC) until they eventually run out of memory. Most notably, this issue can occur whenever wan federation through mesh gateways is enabled. This fix adds extra metadata to specify which DC the connection is associated with in the pool. * CC-5545: Side Nav (#19342) * Initial work for sidenav * Use HDS::Text * Add resolution for ember-element-helper * WIP dc selector * Update HCP Home link * DC selector * Hook up remaining selectors * Fix settings and tutorial links * Remove comments * Remove skip-links * Replace auth with new dropdown * Use href-to helper for sidenav links * Changelog * Add description to NavSelector * Wrap version in footer and role * Fix login tests * Add data-test selectors for namespaces * Fix datacenter disclosure menu test * Stop rendering auth dialog if acls are disabled * Update disabled selector state and token selector * Fix logic in ACL selector * Fix HCP Home integration test * Remove toggling the sidenav in tests * Add sidenav to eng docs * Re-add debug navigation for eng docs * Remove ember-in-viewport * Remove unused styles * Upgrade @hashicorp/design-system-componentseee * Add translations for side-nav * Only show back to hcp link if url is present * Disable responsive due to a11y-dialog issue * fixed typos in redirect for api gateways * backport of commit 7f84855aa8ea0acac64238b98669ad7bb6bd6829 * backport of commit d78a0efe8cb6eb08121598ffa096d567a08b4e16 * backport of commit 655ebb48647ac6cdeb3a993a602fb58e9b71d6e7 --------- Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com> Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com> Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> Co-authored-by: John Murret <john.murret@hashicorp.com> Co-authored-by: modrake <12264057+modrake@users.noreply.github.com> Co-authored-by: Ronald Ekambi <ronekambi@gmail.com> Co-authored-by: Semir Patel <semir.patel@hashicorp.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: David Yu <dyu@hashicorp.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: Chris Hut <tophernuts@gmail.com> Co-authored-by: wenincode <tyler.wendlandt@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Sophie Gairo <97480023+sophie-gairo@users.noreply.github.com> Co-authored-by: Blake Covarrubias <blake@covarrubi.as> Co-authored-by: Dan Stough <dan.stough@hashicorp.com> Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com> Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> Co-authored-by: cskh <hui.kang@hashicorp.com> Co-authored-by: Poonam Jadhav <poonam.jadhav@hashicorp.com> Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Anita Akaeze <anita.akaeze@hashicorp.com> Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com> Co-authored-by: Chris S. Kim <ckim@hashicorp.com> Co-authored-by: aahel <aahel.guha@hashicorp.com> Co-authored-by: Dhia Ayachi <dhia@hashicorp.com> Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com> Co-authored-by: Ella Cai <ella.y.cai@gmail.com> Co-authored-by: Ella Cai <ella@hashicorp.com> Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com> Co-authored-by: wangxinyi7 <121973291+wangxinyi7@users.noreply.github.com> Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> Co-authored-by: Ashesh Vidyut <134911583+absolutelightning@users.noreply.github.com> Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: Chris Thain <chris.m.thain@gmail.com> Co-authored-by: skpratt <sarah.pratt@hashicorp.com> Co-authored-by: trujillo-adam <ajosetru@gmail.com>
2023-11-06 17:29:58 +00:00
source: '/consul/docs/api-gateway',
destination: '/consul/docs/connect/gateways/api-gateway',
Docs/api-gw-jwts-openshift-1-17-x (#19035) * update main apigw overview * moved the tech specs to main gw folder * merged tech specs into single topic * restructure nav part 1 * fix typo in nav json file * moved k8s install up one level * restructure nav part 2 * moved and created all listeners and routes content * moved errors ref and upgrades * fix error in upgrade-k8s link * moved conf refs to appropriate spots * updated conf overview * fixed some links and bad formatting * fixed link * added JWT on VMs usage page * added JWT conf to APIGW conf entry * added JWTs to HTTP route conf entry * added new gatwaypolicy k8s conf reference * added metadesc for gatewaypolicy conf ref * added http route auth filter k8s conf ref * added http route auth filter k8s conf ref to nav * updates to k8s route conf ref to include extensionRef * added JWTs usage page for k8s * fixed link in gwpolicy conf ref * added openshift installation info to installation pages * fixed bad link on tech specs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * fixed VerityClaims param * best guess at verifyclaims params * tweaks to gateway policy dconf ref * Docs/ce 475 retries timeouts for apigw (#19086) * added timeout and retry conf ref for k8s * added retry and TO filters to HTTP routes conf ref for VMs * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * fix copy/paste error in http route conf entry --------- Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * update links across site and add redirects * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> * Applied feedback from review * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Update CRD configuration for responseHeaderModifiers * Update Config Entry for http-route * Add ResponseFilter example to service * Update website/redirects.js errant curly brace breaking the preview * fix links and bad MD * fixed md formatting issues * fix formatting errors * fix formatting errors * Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx * Apply suggestions from code review * fixed typo * Fix headers in http-route * Apply suggestions from code review Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com>
2023-10-10 20:29:55 +00:00
permanent: true,
},
{
source: '/consul/docs/api-gateway/install',
Backport of fixed typos in redirect for api gateways into release/1.17.x (#19528) * server: run the api checks against the path without params (#19205) * Clone proto into deepcopy correctly (#19204) * chore: update version and nightly CI for 1.17 (#19208) Update version file to 1.18-dev, and replace 1.13 nightly test with 1.17. * mesh: add validation hook to proxy configuration (#19186) * mesh: add more validations to Destinations resource (#19202) * catalog, mesh: implement missing ACL hooks (#19143) This change adds ACL hooks to the remaining catalog and mesh resources, excluding any computed ones. Those will for now continue using the default operator:x permissions. It refactors a lot of the common testing functions so that they can be re-used between resources. There are also some types that we don't yet support (e.g. virtual IPs) that this change adds ACL hooks to for future-proofing. * NET-5073 - ProxyConfiguration: implement various connection options (#19187) * NET-5073 - ProxyConfiguration: implement various connection options * PR feedback - LocalConnection and InboundConnection do not affect exposed routes. configure L7 route destinations. fix connection proto sequence numbers. * add timeout to L7 Route Destinations * Relplat 897 copywrite bot workarounds (#19200) Co-authored-by: Ronald Ekambi <ronekambi@gmail.com> * mesh: add xRoute ACL hook tenancy tests (#19177) Enhance the xRoute ACL hook tests to cover tenanted situations. These tests will only execute in enterprise. * resource: enforce lowercase v2 resource names (#19218) * mesh: add DestinationPolicy ACL hook tenancy tests (#19178) Enhance the DestinationPolicy ACL hook tests to cover tenanted situations. These tests will only execute in enterprise. * catalog: add FailoverPolicy ACL hook tenancy test (#19179) * docs: Multi-port corrections (#19224) * typo fixes and instruction corrections * typo * link path correction * Add reason why port 53 is not used by default (#19222) * Update dns-configuration.mdx * Update website/content/docs/services/discovery/dns-configuration.mdx Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> * v2tenancy: rename v1alpha1 -> v2beta1 (#19227) * [NET-5944] security: Update Go version to 1.20.10 and `x/net` to 0.17.0 (#19225) * Bump golang.org/x/net to 0.17.0 This resolves [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) / [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). * Update Go version to 1.20.10 This resolves [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) / [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) (`net/http`). * NET-6097 - sidecar proxy controller - give name to first failover policy target (#19239) * Cc 5545: Upgrade HDS packages and modifiers (#19226) * Upgrade @hashicorp/design-system-tokens to 1.9.0 * Upgrade @hashicorp/design-system-components to 1.8.1 * Upgrade @hashicorp/design-system-components and ember-in-viewport * Explicitly install ember-modifier@4.1.0 * rename copy-button * Fix how cleanup is done in with-copyable * Update aria-menu modifier for new structure * Update css-prop modifier to new structure * Convert did-upsert to regular class modifier * Update notification modifier for new structure * Update on-oustside modifier for new structure * Move destroy handler registration in with-copyable * Update style modifier for new structure * Update validate modifier for new structure * Guard against setting on destroyed object * Upgrade @hashicorp/design-system-components to 2.14.1 * Remove debugger * Guard against null in aria-menu * Fix undefined hash in validate addon * Upgrade ember-on-resize-modifier * Fix copy button import, missing import and array destructuring --------- Co-authored-by: wenincode <tyler.wendlandt@hashicorp.com> * [NET-5810] CE changes for multiple virtual hosts (#19246) CE changes for multiple virtual hosts * Net 4893- Ensure we're testing all the latest versions of Vault/Nomad (#19119) * NET-5592 - update Nomad integration testing * NET-4893: Ensure we're testing all the latest versions of Vault/Nomad * docs: Fix example control-plane-request-limit HCL and JSON (#19105) The control-plane-request-limit config entry does not support specifying parameter names in snake case format. This commit updates the HCL and JSON examples to use the supported camel case key format. * test: add 1.17 nightly integrations test (#19253) * fix expose paths (#19257) When testing adding http probes to apps, I ran into some issues which I fixed here: - The listener should be listening on the exposed listener port, updated that. - The listener and route names were pointing to the path of the exposed path. In my test, the path was "/" resulting in an empty string path. Also, the path may not be unique across exposed path listeners, so I decided to use the path+exposed port as the unique identifier. * docs: Multiport HCP constraint update (#19261) * Add sentence * link text adjustment * docs: Fix multi-port install (#19262) * Update configure.mdx Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Prevent circular dependencies between v2 resources and generate a mermaid diagram with their dependencies (#19230) * build(docker): always publish full and minor version tags for dev images (#19278) * fix nightly integration test: envoy version and n-2 version (#19286) * [NET-6221] Ensure LB policy set for locality-aware routing (CE) (#19283) Ensure LB policy set for locality-aware routing (CE) `overprovisioningFactor` should be overridden with the expected value (100,000) when there are multiple endpoint groups. Update code and tests to enforce this. This is an Enterprise feature. This commit represents the CE portions of the change; tests are added in the corresponding `consul-enterprise` change. * fix: allow snake case keys for ip based rate limit config entry (#19277) * fix: allow snake case keys for ip based rate limit config entry * chore: add changelog * reformatted the JSON schema server conf ref (#19288) * acls,catalog,mesh: properly authorize workload selectors on writes (#19260) To properly enforce writes on resources that have workload selectors with prefixes, we need another service authorization rule that allows us to check whether read is allowed within a given prefix. Specifically we need to only allow writes if the policy prefix allows for a wider set of names than the prefix selector on the resource. We should also not allow policies with exact names for prefix matches. Part of [NET-3993] * NET-6239: Temporarily disable verify envoy check (#19299) * skip verify envoy version * cleanup * Update supported Envoy versions (#19276) * mesh: provide missing domain to route configurations in ProxyStateTemplate (#19298) * add empty domains * update unit tests * enable verify envoy script (#19303) * Vault CA bugfixes (#19285) * Re-add retry logic to Vault token renewal * Fix goroutine leak * Add test for detecting goroutine leak * Add changelog * Rename tests * Add comment * Backout Envoy 1.28.0 (#19306) * added ent to ce downgrade changes (#19311) * added ent to ce downgrade changes * added changelog * added busl headers * skip envoy version check in ci (#19315) * Tenancy Bridge v2 (#19220) * tenancy bridge v2 for v2 resources * add missing copywrite headers * remove branch name causing conflicts (#19319) * mesh: ensure route configs are named uniquely per port (#19323) * [NET-5327] Templated policies api/cli docs (#19270) * More templated policies docs (#19312) [NET-5327]More templated policies docs * Fixing docs to add more templated policies references (#19335) * Upgrade Consul UI to Node 18 (#19252) * Upgrading node to node 18 * Ensure we're on latest version of yarn as well * add comma to make frontend tests run * Use Node 18 Alpine image in UI build dockerfile * delete package-lock.json --------- Co-authored-by: wenincode <tyler.wendlandt@hashicorp.com> Co-authored-by: Ella Cai <ella.y.cai@gmail.com> Co-authored-by: Ella Cai <ella@hashicorp.com> * resource: default peername to local in list endpoints (#19340) * Add grpc keepalive configuration. (#19339) Prior to the introduction of this configuration, grpc keepalive messages were sent after 2 hours of inactivity on the stream. This posed issues in various scenarios where the server-side xds connection balancing was unaware that envoy instances were uncleanly killed / force-closed, since the connections would only be cleaned up after ~5 minutes of TCP timeouts occurred. Setting this config to a 30 second interval with a 20 second timeout ensures that at most, it should take up to 50 seconds for a dead xds connection to be closed. * bump raft-wal version to 0.4.1 (#19314) * bump raft-wal version to 0.4.1 * changelog * go mod tidy integration tests * go mod tidy test-integ * NET-5397 - wire up destination golden tests from sidecar-proxy controller for xds controller and xdsv2 (#19167) * NET-5397 - wire up golden tests from sidecar-proxy controller for xds controller and xdsv2 * WIP * WIP * everything matching except leafCerts. need to mock those * single port destinations working except mixed destinations * golden test input to xds controller tests for destinations * proposed fix for failover group naming errors * clean up test to use helper. * clean up test to use helper. * fix test file * add docstring for test function. * add docstring for test function. * fix linting error * fixing test after route fix merged into main * gvk partial inference (#19058) * gvk partial inference * NET-6079 - wire up sidecarproxy golden file inputs into xds controller - sources (#19241) * NET-5397 - wire up golden tests from sidecar-proxy controller for xds controller and xdsv2 * WIP * WIP * everything matching except leafCerts. need to mock those * single port destinations working except mixed destinations * golden test input to xds controller tests for destinations * proposed fix for failover group naming errors * clean up test to use helper. * clean up test to use helper. * fix test file * add docstring for test function. * add docstring for test function. * fix linting error * fixing test after route fix merged into main * first source test works * WIP * modify all source files * source tests pass * fixing tests after bug fix in main * NET-6080 - xds controller golden file inputs into xds resources - destinations (#19244) * NET-5397 - wire up golden tests from sidecar-proxy controller for xds controller and xdsv2 * WIP * WIP * everything matching except leafCerts. need to mock those * single port destinations working except mixed destinations * golden test input to xds controller tests for destinations * proposed fix for failover group naming errors * clean up test to use helper. * clean up test to use helper. * fix test file * add docstring for test function. * add docstring for test function. * fix linting error * fixing test after route fix merged into main * first source test works * WIP * modify all source files * source tests pass * fixing tests after bug fix in main * got first destination working. * adding destinations * fix docstring for test * fixing tests after bug fix in main * NET-6081 - xds controller golden file inputs into xds resources - sources (#19250) * NET-5397 - wire up golden tests from sidecar-proxy controller for xds controller and xdsv2 * WIP * WIP * everything matching except leafCerts. need to mock those * single port destinations working except mixed destinations * golden test input to xds controller tests for destinations * proposed fix for failover group naming errors * clean up test to use helper. * clean up test to use helper. * fix test file * add docstring for test function. * add docstring for test function. * fix linting error * fixing test after route fix merged into main * first source test works * WIP * modify all source files * source tests pass * fixing tests after bug fix in main * got first destination working. * adding destinations * fix docstring for test * fixing tests after bug fix in main * adding source proxies * fixing tests after bug fix in main * got first destination working. * adding destinations * fix docstring for test * fixing tests after bug fix in main * got first destination working. * adding destinations * fix docstring for test * fixing tests after bug fix in main * Use strict DNS for mesh gateways with hostnames (#19268) * Use strict DNS for mesh gateways with hostnames * Add changelog * [NET-6305] xds: Ensure v2 route match and protocol are populated for gRPC (#19343) * xds: Ensure v2 route match is populated for gRPC Similar to HTTP, ensure that route match config (which is required by Envoy) is populated when default values are used. Because the default matches generated for gRPC contain a single empty `GRPCRouteMatch`, and that proto does not directly support prefix-based config, an interpretation of the empty struct is needed to generate the same output that the `HTTPRouteMatch` is explicitly configured to provide in internal/mesh/internal/controllers/routes/generate.go. * xds: Ensure protocol set for gRPC resources Add explicit protocol in `ProxyStateTemplate` builders and validate it is always set on clusters. This ensures that HTTP filters and `http2_protocol_options` are populated in all the necessary places for gRPC traffic and prevents future unintended omissions of non-TCP protocols. Co-authored-by: John Murret <john.murret@hashicorp.com> --------- Co-authored-by: John Murret <john.murret@hashicorp.com> * Add clarification for route match behavior (#19363) * Add clarification for route match behavior * Update website/content/docs/connect/config-entries/service-defaults.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> --------- Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Fix 1.17.x release notes and added templated policies (#19370) * docs - release notes (add enterprise label and example of non compatible service name) (#19377) * Update v1_17_x.mdx * Update v1_17_x.mdx * feat: read resource namespace (#19320) * test: add missing tests for read resource namespace * refactor: remove redundant test * refactor: rename import aliases * fix: typo var name * refctor: remove another redundant test * Net 5875 - Create the Exported Services Resources (#19117) * init * computed exported service * make proto * exported services resource * exported services test * added some tests and namespace exported service * partition exported services * computed service * computed services tests * register types * fix comment * make proto lint * fix proto format make proto * make codegen * Update proto-public/pbmulticluster/v1alpha1/computed_exported_services.proto Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * Update internal/multicluster/internal/types/computed_exported_services.go Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * using different way of resource creation in tests * make proto * fix computed exported services test * fix tests * differnet validation for computed services for ent and ce * Acls for exported services * added validations for enterprise features in ce * fix error * fix acls test * Update internal/multicluster/internal/types/validation_exported_services_ee.go Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * removed the create method * update proto * removed namespace * created seperate function for ce and ent * test files updated and validations fixed * added nil checks * fix tests * added comments * removed tenancy check * added mutation function * fix mutation method * fix list permissions in test * fix pr comments * fix tests * lisence * busl license * Update internal/multicluster/internal/types/helpers_ce.go Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * Update internal/multicluster/internal/types/helpers_ce.go Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * Update internal/multicluster/internal/types/helpers_ce.go Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * make proto * some pr comments addressed * some pr comments addressed * acls helper * some comment changes * removed unused files * fixes * fix function in file * caps * some positioing * added test for validation error * fix names * made valid a function * remvoed patch * removed mutations * v2 beta1 * v2beta1 * rmeoved v1alpha1 * validate error * merge ent * some nits * removed dup func * removed nil check --------- Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * test: add missing tests for list endpoint (#19364) * Add enterprise label for rate limiting (#19384) * test deployer: fix a bug when deploying cluster with various ent images (#19381) * Stop use of templated-policy and templated-policy-file simultaneously (#19389) * Resource Hook Pre-Decode Utilities (#18548) Add some generic type hook wrappers to first decode the data There seems to be a pattern for Validation, Mutation and Write Authorization hooks where they first need to decode the Any data before doing the domain specific work. This PR introduces 3 new functions to generate wrappers around the other hooks to pre-decode the data into a DecodedResource and pass that in instead of the original pbresource.Resource. This PR also updates the various catalog data types to use the new hook generators. * resource: resource service now checks for `v2tenancy` feature flag (#19400) * Fix casing in example yaml config (#19369) * Delete unused files (#19402) * NET-6294 - v1 Agentless proxycfg datasource errors after v2 changes (#19365) * increasing unit tests timeout from 10m to 30m (#19423) * [NET-6138] security: Bump `google.golang.org/grpc` to 1.56.3 (CVE-2023-44487) (#19414) Bump google.golang.org/grpc to 1.56.3 This resolves [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). Co-authored-by: Chris Thain <chris.m.thain@gmail.com> * Update multi-port examples to remove spec.template.metadata.name (#19430) * integ test: snapshot mesh frozen bug test (#19435) * integ test: snapshot mesh frozen bug test * docs - Update k8s compat matrix (#19378) * Update compatibility.mdx * Update README.md (#19413) * Fix typo in kind for JWT config on API Gateway (#19441) * NET-5186 Add NET_BIND_SERVICE capability to consul-dataplane requirements (#18512) * Add NET_BIND_SERVICE capability to list of consul-dataplane requirements * Add link to related Kubernetes documentation Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * added redirect for conf entries 1.8.x (#19460) * Update docs for service splitter example typo (#19469) * Regen expired test certs (#19476) * build: ensure we pull through the hashicorp proxy instead of going directly to the docker hub (#19482) * temporarily disallow L7 traffic permissions (#19322) * Source / local_app golden tests to include all protocols. (#19436) * cover all protocols in local_app golden tests * fix xds tests * updating latest * fix broken test * add sorting of routers to TestBuildLocalApp to get rid of the flaking * [NET-5916] Fix locality-aware routing config and tests (CE) (#19483) Fix locality-aware routing config and tests * testing/deployer: update deployer to use v2 catalog constructs when requested (#19046) This updates the testing/deployer (aka "topology test") framework to conditionally configure and launch catalog constructs using v2 resources. This is controlled via a Version field on the Node construct in a topology.Config. This only functions for a dataplane type and has other restrictions that match the rest of v2 (no peering, no wanfed, no mesh gateways). Like config entries, you can statically provide a set of initial resources to be synced when bringing up the cluster (beyond those that are generated for you such as workloads, services, etc). If you want to author a test that can be freely converted between v1 and v2 then that is possible. If you switch to the multi-port definition on a topology.Service (aka "workload/instance") then that makes v1 ineligible. This also adds a starter set of "on every PR" integration tests for single and multiport under test-integ/catalogv2 * resource: misc finalizer apis (#19474) * testing/deployer: support tproxy in v2 for dataplane (#19094) This updates the testing/deployer (aka "topology test") framework to allow for a v2-oriented topology to opt services into enabling TransparentProxy. The restrictions are similar to that of #19046 The multiport Ports map that was added in #19046 was changed to allow for the protocol to be specified at this time, but for now the only supported protocol is TCP as only L4 functions currently on main. As part of making transparent proxy work, the DNS server needed a new zonefile for responding to virtual.consul requests, since there is no Kubernetes DNS and the Consul DNS work for v2 has not happened yet. Once Consul DNS supports v2 we should switch over. For now the format of queries is: <service>--<namespace>--<partition>.virtual.consul Additionally: - All transparent proxy enabled services are assigned a virtual ip in the 10.244.0/24 range. This is something Consul will do in v2 at a later date, likely during 1.18. - All services with exposed ports (non-mesh) are assigned a virtual port number for use with tproxy - The consul-dataplane image has been made un-distroless, and gotten the necessary tools to execute consul connect redirect-traffic before running dataplane, thus simulating a kubernetes init container in plain docker. * update v2 changelog (#19446) * NET-6319 - L7 routes have statePrefix of upstream. and should have a full path (#19473) * resource: finalizer aware delete endpoint (2 of 5) (#19493) resource: make delete endpoint finalizer aware * build: dependency updates for 1.17.0 (#19453) * chore: apply enterprise changes that were missed to some testing files (#19504) This should align between CE ef35525 and ENT 7f95226dbe40151c8f17dd4464784b60cf358dc1 in: - testing/integration/consul-container - test-integ - testing/deployer * Net-6291/fix/watch resources (#19467) * fix: update watch endpoint to default based on scope * test: additional test * refactor: rename list validate function * refactor: rename validate<Op>Request() -> ensure<Op>RequestValid() for consistency * XDS V1 should not make runs for TCP Disco Chains. (#19496) * XDS V1 should not make runs for TCP Disco Chains. * update TestEnvoyExtenderWithSnapshot * testing: disable v2 linkage to nodes in integration tests (#19509) * Shuffle CICD tests to spread worker load. (#19501) * [NET-6459] Fix issue with wanfed lan ip conflicts. (#19503) Fix issue with wanfed lan ip conflicts. Prior to this commit, the connection pools were unaware which datacenter the connection was associated with. This meant that any time servers with overlapping LAN IP addresses and node shortnames existed, they would be incorrectly co-located in the same pool. Whenever this occurred, the servers would get stuck in an infinite loop of forwarding RPCs to themselves (rather than the intended remote DC) until they eventually run out of memory. Most notably, this issue can occur whenever wan federation through mesh gateways is enabled. This fix adds extra metadata to specify which DC the connection is associated with in the pool. * CC-5545: Side Nav (#19342) * Initial work for sidenav * Use HDS::Text * Add resolution for ember-element-helper * WIP dc selector * Update HCP Home link * DC selector * Hook up remaining selectors * Fix settings and tutorial links * Remove comments * Remove skip-links * Replace auth with new dropdown * Use href-to helper for sidenav links * Changelog * Add description to NavSelector * Wrap version in footer and role * Fix login tests * Add data-test selectors for namespaces * Fix datacenter disclosure menu test * Stop rendering auth dialog if acls are disabled * Update disabled selector state and token selector * Fix logic in ACL selector * Fix HCP Home integration test * Remove toggling the sidenav in tests * Add sidenav to eng docs * Re-add debug navigation for eng docs * Remove ember-in-viewport * Remove unused styles * Upgrade @hashicorp/design-system-componentseee * Add translations for side-nav * Only show back to hcp link if url is present * Disable responsive due to a11y-dialog issue * fixed typos in redirect for api gateways * backport of commit 7f84855aa8ea0acac64238b98669ad7bb6bd6829 * backport of commit d78a0efe8cb6eb08121598ffa096d567a08b4e16 * backport of commit 655ebb48647ac6cdeb3a993a602fb58e9b71d6e7 --------- Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com> Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com> Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> Co-authored-by: John Murret <john.murret@hashicorp.com> Co-authored-by: modrake <12264057+modrake@users.noreply.github.com> Co-authored-by: Ronald Ekambi <ronekambi@gmail.com> Co-authored-by: Semir Patel <semir.patel@hashicorp.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: David Yu <dyu@hashicorp.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: Chris Hut <tophernuts@gmail.com> Co-authored-by: wenincode <tyler.wendlandt@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Sophie Gairo <97480023+sophie-gairo@users.noreply.github.com> Co-authored-by: Blake Covarrubias <blake@covarrubi.as> Co-authored-by: Dan Stough <dan.stough@hashicorp.com> Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com> Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> Co-authored-by: cskh <hui.kang@hashicorp.com> Co-authored-by: Poonam Jadhav <poonam.jadhav@hashicorp.com> Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Anita Akaeze <anita.akaeze@hashicorp.com> Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com> Co-authored-by: Chris S. Kim <ckim@hashicorp.com> Co-authored-by: aahel <aahel.guha@hashicorp.com> Co-authored-by: Dhia Ayachi <dhia@hashicorp.com> Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com> Co-authored-by: Ella Cai <ella.y.cai@gmail.com> Co-authored-by: Ella Cai <ella@hashicorp.com> Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com> Co-authored-by: wangxinyi7 <121973291+wangxinyi7@users.noreply.github.com> Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> Co-authored-by: Ashesh Vidyut <134911583+absolutelightning@users.noreply.github.com> Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: Chris Thain <chris.m.thain@gmail.com> Co-authored-by: skpratt <sarah.pratt@hashicorp.com> Co-authored-by: trujillo-adam <ajosetru@gmail.com>
2023-11-06 17:29:58 +00:00
destination: '/consul/docs/connect/gateways/api-gateway/install-k8s',
Docs/api-gw-jwts-openshift-1-17-x (#19035) * update main apigw overview * moved the tech specs to main gw folder * merged tech specs into single topic * restructure nav part 1 * fix typo in nav json file * moved k8s install up one level * restructure nav part 2 * moved and created all listeners and routes content * moved errors ref and upgrades * fix error in upgrade-k8s link * moved conf refs to appropriate spots * updated conf overview * fixed some links and bad formatting * fixed link * added JWT on VMs usage page * added JWT conf to APIGW conf entry * added JWTs to HTTP route conf entry * added new gatwaypolicy k8s conf reference * added metadesc for gatewaypolicy conf ref * added http route auth filter k8s conf ref * added http route auth filter k8s conf ref to nav * updates to k8s route conf ref to include extensionRef * added JWTs usage page for k8s * fixed link in gwpolicy conf ref * added openshift installation info to installation pages * fixed bad link on tech specs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * fixed VerityClaims param * best guess at verifyclaims params * tweaks to gateway policy dconf ref * Docs/ce 475 retries timeouts for apigw (#19086) * added timeout and retry conf ref for k8s * added retry and TO filters to HTTP routes conf ref for VMs * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * fix copy/paste error in http route conf entry --------- Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * update links across site and add redirects * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> * Applied feedback from review * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Update CRD configuration for responseHeaderModifiers * Update Config Entry for http-route * Add ResponseFilter example to service * Update website/redirects.js errant curly brace breaking the preview * fix links and bad MD * fixed md formatting issues * fix formatting errors * fix formatting errors * Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx * Apply suggestions from code review * fixed typo * Fix headers in http-route * Apply suggestions from code review Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com>
2023-10-10 20:29:55 +00:00
permanent: true,
},
{
source: '/consul/docs/api-gateway/usage/reroute-http-requests',
destination:
'/consul/docs/connect/gateways/api-gateway/define-routes/reroute-http-requests',
permanent: true,
},
{
source: '/consul/docs/api-gateway/usage/route-to-peered-services',
destination:
Backport of fixed typos in redirect for api gateways into release/1.17.x (#19528) * server: run the api checks against the path without params (#19205) * Clone proto into deepcopy correctly (#19204) * chore: update version and nightly CI for 1.17 (#19208) Update version file to 1.18-dev, and replace 1.13 nightly test with 1.17. * mesh: add validation hook to proxy configuration (#19186) * mesh: add more validations to Destinations resource (#19202) * catalog, mesh: implement missing ACL hooks (#19143) This change adds ACL hooks to the remaining catalog and mesh resources, excluding any computed ones. Those will for now continue using the default operator:x permissions. It refactors a lot of the common testing functions so that they can be re-used between resources. There are also some types that we don't yet support (e.g. virtual IPs) that this change adds ACL hooks to for future-proofing. * NET-5073 - ProxyConfiguration: implement various connection options (#19187) * NET-5073 - ProxyConfiguration: implement various connection options * PR feedback - LocalConnection and InboundConnection do not affect exposed routes. configure L7 route destinations. fix connection proto sequence numbers. * add timeout to L7 Route Destinations * Relplat 897 copywrite bot workarounds (#19200) Co-authored-by: Ronald Ekambi <ronekambi@gmail.com> * mesh: add xRoute ACL hook tenancy tests (#19177) Enhance the xRoute ACL hook tests to cover tenanted situations. These tests will only execute in enterprise. * resource: enforce lowercase v2 resource names (#19218) * mesh: add DestinationPolicy ACL hook tenancy tests (#19178) Enhance the DestinationPolicy ACL hook tests to cover tenanted situations. These tests will only execute in enterprise. * catalog: add FailoverPolicy ACL hook tenancy test (#19179) * docs: Multi-port corrections (#19224) * typo fixes and instruction corrections * typo * link path correction * Add reason why port 53 is not used by default (#19222) * Update dns-configuration.mdx * Update website/content/docs/services/discovery/dns-configuration.mdx Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> * v2tenancy: rename v1alpha1 -> v2beta1 (#19227) * [NET-5944] security: Update Go version to 1.20.10 and `x/net` to 0.17.0 (#19225) * Bump golang.org/x/net to 0.17.0 This resolves [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) / [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). * Update Go version to 1.20.10 This resolves [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) / [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) (`net/http`). * NET-6097 - sidecar proxy controller - give name to first failover policy target (#19239) * Cc 5545: Upgrade HDS packages and modifiers (#19226) * Upgrade @hashicorp/design-system-tokens to 1.9.0 * Upgrade @hashicorp/design-system-components to 1.8.1 * Upgrade @hashicorp/design-system-components and ember-in-viewport * Explicitly install ember-modifier@4.1.0 * rename copy-button * Fix how cleanup is done in with-copyable * Update aria-menu modifier for new structure * Update css-prop modifier to new structure * Convert did-upsert to regular class modifier * Update notification modifier for new structure * Update on-oustside modifier for new structure * Move destroy handler registration in with-copyable * Update style modifier for new structure * Update validate modifier for new structure * Guard against setting on destroyed object * Upgrade @hashicorp/design-system-components to 2.14.1 * Remove debugger * Guard against null in aria-menu * Fix undefined hash in validate addon * Upgrade ember-on-resize-modifier * Fix copy button import, missing import and array destructuring --------- Co-authored-by: wenincode <tyler.wendlandt@hashicorp.com> * [NET-5810] CE changes for multiple virtual hosts (#19246) CE changes for multiple virtual hosts * Net 4893- Ensure we're testing all the latest versions of Vault/Nomad (#19119) * NET-5592 - update Nomad integration testing * NET-4893: Ensure we're testing all the latest versions of Vault/Nomad * docs: Fix example control-plane-request-limit HCL and JSON (#19105) The control-plane-request-limit config entry does not support specifying parameter names in snake case format. This commit updates the HCL and JSON examples to use the supported camel case key format. * test: add 1.17 nightly integrations test (#19253) * fix expose paths (#19257) When testing adding http probes to apps, I ran into some issues which I fixed here: - The listener should be listening on the exposed listener port, updated that. - The listener and route names were pointing to the path of the exposed path. In my test, the path was "/" resulting in an empty string path. Also, the path may not be unique across exposed path listeners, so I decided to use the path+exposed port as the unique identifier. * docs: Multiport HCP constraint update (#19261) * Add sentence * link text adjustment * docs: Fix multi-port install (#19262) * Update configure.mdx Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Prevent circular dependencies between v2 resources and generate a mermaid diagram with their dependencies (#19230) * build(docker): always publish full and minor version tags for dev images (#19278) * fix nightly integration test: envoy version and n-2 version (#19286) * [NET-6221] Ensure LB policy set for locality-aware routing (CE) (#19283) Ensure LB policy set for locality-aware routing (CE) `overprovisioningFactor` should be overridden with the expected value (100,000) when there are multiple endpoint groups. Update code and tests to enforce this. This is an Enterprise feature. This commit represents the CE portions of the change; tests are added in the corresponding `consul-enterprise` change. * fix: allow snake case keys for ip based rate limit config entry (#19277) * fix: allow snake case keys for ip based rate limit config entry * chore: add changelog * reformatted the JSON schema server conf ref (#19288) * acls,catalog,mesh: properly authorize workload selectors on writes (#19260) To properly enforce writes on resources that have workload selectors with prefixes, we need another service authorization rule that allows us to check whether read is allowed within a given prefix. Specifically we need to only allow writes if the policy prefix allows for a wider set of names than the prefix selector on the resource. We should also not allow policies with exact names for prefix matches. Part of [NET-3993] * NET-6239: Temporarily disable verify envoy check (#19299) * skip verify envoy version * cleanup * Update supported Envoy versions (#19276) * mesh: provide missing domain to route configurations in ProxyStateTemplate (#19298) * add empty domains * update unit tests * enable verify envoy script (#19303) * Vault CA bugfixes (#19285) * Re-add retry logic to Vault token renewal * Fix goroutine leak * Add test for detecting goroutine leak * Add changelog * Rename tests * Add comment * Backout Envoy 1.28.0 (#19306) * added ent to ce downgrade changes (#19311) * added ent to ce downgrade changes * added changelog * added busl headers * skip envoy version check in ci (#19315) * Tenancy Bridge v2 (#19220) * tenancy bridge v2 for v2 resources * add missing copywrite headers * remove branch name causing conflicts (#19319) * mesh: ensure route configs are named uniquely per port (#19323) * [NET-5327] Templated policies api/cli docs (#19270) * More templated policies docs (#19312) [NET-5327]More templated policies docs * Fixing docs to add more templated policies references (#19335) * Upgrade Consul UI to Node 18 (#19252) * Upgrading node to node 18 * Ensure we're on latest version of yarn as well * add comma to make frontend tests run * Use Node 18 Alpine image in UI build dockerfile * delete package-lock.json --------- Co-authored-by: wenincode <tyler.wendlandt@hashicorp.com> Co-authored-by: Ella Cai <ella.y.cai@gmail.com> Co-authored-by: Ella Cai <ella@hashicorp.com> * resource: default peername to local in list endpoints (#19340) * Add grpc keepalive configuration. (#19339) Prior to the introduction of this configuration, grpc keepalive messages were sent after 2 hours of inactivity on the stream. This posed issues in various scenarios where the server-side xds connection balancing was unaware that envoy instances were uncleanly killed / force-closed, since the connections would only be cleaned up after ~5 minutes of TCP timeouts occurred. Setting this config to a 30 second interval with a 20 second timeout ensures that at most, it should take up to 50 seconds for a dead xds connection to be closed. * bump raft-wal version to 0.4.1 (#19314) * bump raft-wal version to 0.4.1 * changelog * go mod tidy integration tests * go mod tidy test-integ * NET-5397 - wire up destination golden tests from sidecar-proxy controller for xds controller and xdsv2 (#19167) * NET-5397 - wire up golden tests from sidecar-proxy controller for xds controller and xdsv2 * WIP * WIP * everything matching except leafCerts. need to mock those * single port destinations working except mixed destinations * golden test input to xds controller tests for destinations * proposed fix for failover group naming errors * clean up test to use helper. * clean up test to use helper. * fix test file * add docstring for test function. * add docstring for test function. * fix linting error * fixing test after route fix merged into main * gvk partial inference (#19058) * gvk partial inference * NET-6079 - wire up sidecarproxy golden file inputs into xds controller - sources (#19241) * NET-5397 - wire up golden tests from sidecar-proxy controller for xds controller and xdsv2 * WIP * WIP * everything matching except leafCerts. need to mock those * single port destinations working except mixed destinations * golden test input to xds controller tests for destinations * proposed fix for failover group naming errors * clean up test to use helper. * clean up test to use helper. * fix test file * add docstring for test function. * add docstring for test function. * fix linting error * fixing test after route fix merged into main * first source test works * WIP * modify all source files * source tests pass * fixing tests after bug fix in main * NET-6080 - xds controller golden file inputs into xds resources - destinations (#19244) * NET-5397 - wire up golden tests from sidecar-proxy controller for xds controller and xdsv2 * WIP * WIP * everything matching except leafCerts. need to mock those * single port destinations working except mixed destinations * golden test input to xds controller tests for destinations * proposed fix for failover group naming errors * clean up test to use helper. * clean up test to use helper. * fix test file * add docstring for test function. * add docstring for test function. * fix linting error * fixing test after route fix merged into main * first source test works * WIP * modify all source files * source tests pass * fixing tests after bug fix in main * got first destination working. * adding destinations * fix docstring for test * fixing tests after bug fix in main * NET-6081 - xds controller golden file inputs into xds resources - sources (#19250) * NET-5397 - wire up golden tests from sidecar-proxy controller for xds controller and xdsv2 * WIP * WIP * everything matching except leafCerts. need to mock those * single port destinations working except mixed destinations * golden test input to xds controller tests for destinations * proposed fix for failover group naming errors * clean up test to use helper. * clean up test to use helper. * fix test file * add docstring for test function. * add docstring for test function. * fix linting error * fixing test after route fix merged into main * first source test works * WIP * modify all source files * source tests pass * fixing tests after bug fix in main * got first destination working. * adding destinations * fix docstring for test * fixing tests after bug fix in main * adding source proxies * fixing tests after bug fix in main * got first destination working. * adding destinations * fix docstring for test * fixing tests after bug fix in main * got first destination working. * adding destinations * fix docstring for test * fixing tests after bug fix in main * Use strict DNS for mesh gateways with hostnames (#19268) * Use strict DNS for mesh gateways with hostnames * Add changelog * [NET-6305] xds: Ensure v2 route match and protocol are populated for gRPC (#19343) * xds: Ensure v2 route match is populated for gRPC Similar to HTTP, ensure that route match config (which is required by Envoy) is populated when default values are used. Because the default matches generated for gRPC contain a single empty `GRPCRouteMatch`, and that proto does not directly support prefix-based config, an interpretation of the empty struct is needed to generate the same output that the `HTTPRouteMatch` is explicitly configured to provide in internal/mesh/internal/controllers/routes/generate.go. * xds: Ensure protocol set for gRPC resources Add explicit protocol in `ProxyStateTemplate` builders and validate it is always set on clusters. This ensures that HTTP filters and `http2_protocol_options` are populated in all the necessary places for gRPC traffic and prevents future unintended omissions of non-TCP protocols. Co-authored-by: John Murret <john.murret@hashicorp.com> --------- Co-authored-by: John Murret <john.murret@hashicorp.com> * Add clarification for route match behavior (#19363) * Add clarification for route match behavior * Update website/content/docs/connect/config-entries/service-defaults.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> --------- Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Fix 1.17.x release notes and added templated policies (#19370) * docs - release notes (add enterprise label and example of non compatible service name) (#19377) * Update v1_17_x.mdx * Update v1_17_x.mdx * feat: read resource namespace (#19320) * test: add missing tests for read resource namespace * refactor: remove redundant test * refactor: rename import aliases * fix: typo var name * refctor: remove another redundant test * Net 5875 - Create the Exported Services Resources (#19117) * init * computed exported service * make proto * exported services resource * exported services test * added some tests and namespace exported service * partition exported services * computed service * computed services tests * register types * fix comment * make proto lint * fix proto format make proto * make codegen * Update proto-public/pbmulticluster/v1alpha1/computed_exported_services.proto Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * Update internal/multicluster/internal/types/computed_exported_services.go Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * using different way of resource creation in tests * make proto * fix computed exported services test * fix tests * differnet validation for computed services for ent and ce * Acls for exported services * added validations for enterprise features in ce * fix error * fix acls test * Update internal/multicluster/internal/types/validation_exported_services_ee.go Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * removed the create method * update proto * removed namespace * created seperate function for ce and ent * test files updated and validations fixed * added nil checks * fix tests * added comments * removed tenancy check * added mutation function * fix mutation method * fix list permissions in test * fix pr comments * fix tests * lisence * busl license * Update internal/multicluster/internal/types/helpers_ce.go Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * Update internal/multicluster/internal/types/helpers_ce.go Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * Update internal/multicluster/internal/types/helpers_ce.go Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * make proto * some pr comments addressed * some pr comments addressed * acls helper * some comment changes * removed unused files * fixes * fix function in file * caps * some positioing * added test for validation error * fix names * made valid a function * remvoed patch * removed mutations * v2 beta1 * v2beta1 * rmeoved v1alpha1 * validate error * merge ent * some nits * removed dup func * removed nil check --------- Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * test: add missing tests for list endpoint (#19364) * Add enterprise label for rate limiting (#19384) * test deployer: fix a bug when deploying cluster with various ent images (#19381) * Stop use of templated-policy and templated-policy-file simultaneously (#19389) * Resource Hook Pre-Decode Utilities (#18548) Add some generic type hook wrappers to first decode the data There seems to be a pattern for Validation, Mutation and Write Authorization hooks where they first need to decode the Any data before doing the domain specific work. This PR introduces 3 new functions to generate wrappers around the other hooks to pre-decode the data into a DecodedResource and pass that in instead of the original pbresource.Resource. This PR also updates the various catalog data types to use the new hook generators. * resource: resource service now checks for `v2tenancy` feature flag (#19400) * Fix casing in example yaml config (#19369) * Delete unused files (#19402) * NET-6294 - v1 Agentless proxycfg datasource errors after v2 changes (#19365) * increasing unit tests timeout from 10m to 30m (#19423) * [NET-6138] security: Bump `google.golang.org/grpc` to 1.56.3 (CVE-2023-44487) (#19414) Bump google.golang.org/grpc to 1.56.3 This resolves [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). Co-authored-by: Chris Thain <chris.m.thain@gmail.com> * Update multi-port examples to remove spec.template.metadata.name (#19430) * integ test: snapshot mesh frozen bug test (#19435) * integ test: snapshot mesh frozen bug test * docs - Update k8s compat matrix (#19378) * Update compatibility.mdx * Update README.md (#19413) * Fix typo in kind for JWT config on API Gateway (#19441) * NET-5186 Add NET_BIND_SERVICE capability to consul-dataplane requirements (#18512) * Add NET_BIND_SERVICE capability to list of consul-dataplane requirements * Add link to related Kubernetes documentation Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * added redirect for conf entries 1.8.x (#19460) * Update docs for service splitter example typo (#19469) * Regen expired test certs (#19476) * build: ensure we pull through the hashicorp proxy instead of going directly to the docker hub (#19482) * temporarily disallow L7 traffic permissions (#19322) * Source / local_app golden tests to include all protocols. (#19436) * cover all protocols in local_app golden tests * fix xds tests * updating latest * fix broken test * add sorting of routers to TestBuildLocalApp to get rid of the flaking * [NET-5916] Fix locality-aware routing config and tests (CE) (#19483) Fix locality-aware routing config and tests * testing/deployer: update deployer to use v2 catalog constructs when requested (#19046) This updates the testing/deployer (aka "topology test") framework to conditionally configure and launch catalog constructs using v2 resources. This is controlled via a Version field on the Node construct in a topology.Config. This only functions for a dataplane type and has other restrictions that match the rest of v2 (no peering, no wanfed, no mesh gateways). Like config entries, you can statically provide a set of initial resources to be synced when bringing up the cluster (beyond those that are generated for you such as workloads, services, etc). If you want to author a test that can be freely converted between v1 and v2 then that is possible. If you switch to the multi-port definition on a topology.Service (aka "workload/instance") then that makes v1 ineligible. This also adds a starter set of "on every PR" integration tests for single and multiport under test-integ/catalogv2 * resource: misc finalizer apis (#19474) * testing/deployer: support tproxy in v2 for dataplane (#19094) This updates the testing/deployer (aka "topology test") framework to allow for a v2-oriented topology to opt services into enabling TransparentProxy. The restrictions are similar to that of #19046 The multiport Ports map that was added in #19046 was changed to allow for the protocol to be specified at this time, but for now the only supported protocol is TCP as only L4 functions currently on main. As part of making transparent proxy work, the DNS server needed a new zonefile for responding to virtual.consul requests, since there is no Kubernetes DNS and the Consul DNS work for v2 has not happened yet. Once Consul DNS supports v2 we should switch over. For now the format of queries is: <service>--<namespace>--<partition>.virtual.consul Additionally: - All transparent proxy enabled services are assigned a virtual ip in the 10.244.0/24 range. This is something Consul will do in v2 at a later date, likely during 1.18. - All services with exposed ports (non-mesh) are assigned a virtual port number for use with tproxy - The consul-dataplane image has been made un-distroless, and gotten the necessary tools to execute consul connect redirect-traffic before running dataplane, thus simulating a kubernetes init container in plain docker. * update v2 changelog (#19446) * NET-6319 - L7 routes have statePrefix of upstream. and should have a full path (#19473) * resource: finalizer aware delete endpoint (2 of 5) (#19493) resource: make delete endpoint finalizer aware * build: dependency updates for 1.17.0 (#19453) * chore: apply enterprise changes that were missed to some testing files (#19504) This should align between CE ef35525 and ENT 7f95226dbe40151c8f17dd4464784b60cf358dc1 in: - testing/integration/consul-container - test-integ - testing/deployer * Net-6291/fix/watch resources (#19467) * fix: update watch endpoint to default based on scope * test: additional test * refactor: rename list validate function * refactor: rename validate<Op>Request() -> ensure<Op>RequestValid() for consistency * XDS V1 should not make runs for TCP Disco Chains. (#19496) * XDS V1 should not make runs for TCP Disco Chains. * update TestEnvoyExtenderWithSnapshot * testing: disable v2 linkage to nodes in integration tests (#19509) * Shuffle CICD tests to spread worker load. (#19501) * [NET-6459] Fix issue with wanfed lan ip conflicts. (#19503) Fix issue with wanfed lan ip conflicts. Prior to this commit, the connection pools were unaware which datacenter the connection was associated with. This meant that any time servers with overlapping LAN IP addresses and node shortnames existed, they would be incorrectly co-located in the same pool. Whenever this occurred, the servers would get stuck in an infinite loop of forwarding RPCs to themselves (rather than the intended remote DC) until they eventually run out of memory. Most notably, this issue can occur whenever wan federation through mesh gateways is enabled. This fix adds extra metadata to specify which DC the connection is associated with in the pool. * CC-5545: Side Nav (#19342) * Initial work for sidenav * Use HDS::Text * Add resolution for ember-element-helper * WIP dc selector * Update HCP Home link * DC selector * Hook up remaining selectors * Fix settings and tutorial links * Remove comments * Remove skip-links * Replace auth with new dropdown * Use href-to helper for sidenav links * Changelog * Add description to NavSelector * Wrap version in footer and role * Fix login tests * Add data-test selectors for namespaces * Fix datacenter disclosure menu test * Stop rendering auth dialog if acls are disabled * Update disabled selector state and token selector * Fix logic in ACL selector * Fix HCP Home integration test * Remove toggling the sidenav in tests * Add sidenav to eng docs * Re-add debug navigation for eng docs * Remove ember-in-viewport * Remove unused styles * Upgrade @hashicorp/design-system-componentseee * Add translations for side-nav * Only show back to hcp link if url is present * Disable responsive due to a11y-dialog issue * fixed typos in redirect for api gateways * backport of commit 7f84855aa8ea0acac64238b98669ad7bb6bd6829 * backport of commit d78a0efe8cb6eb08121598ffa096d567a08b4e16 * backport of commit 655ebb48647ac6cdeb3a993a602fb58e9b71d6e7 --------- Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com> Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com> Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> Co-authored-by: John Murret <john.murret@hashicorp.com> Co-authored-by: modrake <12264057+modrake@users.noreply.github.com> Co-authored-by: Ronald Ekambi <ronekambi@gmail.com> Co-authored-by: Semir Patel <semir.patel@hashicorp.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: David Yu <dyu@hashicorp.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: Chris Hut <tophernuts@gmail.com> Co-authored-by: wenincode <tyler.wendlandt@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Sophie Gairo <97480023+sophie-gairo@users.noreply.github.com> Co-authored-by: Blake Covarrubias <blake@covarrubi.as> Co-authored-by: Dan Stough <dan.stough@hashicorp.com> Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com> Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> Co-authored-by: cskh <hui.kang@hashicorp.com> Co-authored-by: Poonam Jadhav <poonam.jadhav@hashicorp.com> Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Anita Akaeze <anita.akaeze@hashicorp.com> Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com> Co-authored-by: Chris S. Kim <ckim@hashicorp.com> Co-authored-by: aahel <aahel.guha@hashicorp.com> Co-authored-by: Dhia Ayachi <dhia@hashicorp.com> Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com> Co-authored-by: Ella Cai <ella.y.cai@gmail.com> Co-authored-by: Ella Cai <ella@hashicorp.com> Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com> Co-authored-by: wangxinyi7 <121973291+wangxinyi7@users.noreply.github.com> Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> Co-authored-by: Ashesh Vidyut <134911583+absolutelightning@users.noreply.github.com> Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: Chris Thain <chris.m.thain@gmail.com> Co-authored-by: skpratt <sarah.pratt@hashicorp.com> Co-authored-by: trujillo-adam <ajosetru@gmail.com>
2023-11-06 17:29:58 +00:00
'/consul/docs/connect/gateways/api-gateway/define-routes/route-to-peered-services',
Docs/api-gw-jwts-openshift-1-17-x (#19035) * update main apigw overview * moved the tech specs to main gw folder * merged tech specs into single topic * restructure nav part 1 * fix typo in nav json file * moved k8s install up one level * restructure nav part 2 * moved and created all listeners and routes content * moved errors ref and upgrades * fix error in upgrade-k8s link * moved conf refs to appropriate spots * updated conf overview * fixed some links and bad formatting * fixed link * added JWT on VMs usage page * added JWT conf to APIGW conf entry * added JWTs to HTTP route conf entry * added new gatwaypolicy k8s conf reference * added metadesc for gatewaypolicy conf ref * added http route auth filter k8s conf ref * added http route auth filter k8s conf ref to nav * updates to k8s route conf ref to include extensionRef * added JWTs usage page for k8s * fixed link in gwpolicy conf ref * added openshift installation info to installation pages * fixed bad link on tech specs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * fixed VerityClaims param * best guess at verifyclaims params * tweaks to gateway policy dconf ref * Docs/ce 475 retries timeouts for apigw (#19086) * added timeout and retry conf ref for k8s * added retry and TO filters to HTTP routes conf ref for VMs * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * fix copy/paste error in http route conf entry --------- Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * update links across site and add redirects * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> * Applied feedback from review * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Update CRD configuration for responseHeaderModifiers * Update Config Entry for http-route * Add ResponseFilter example to service * Update website/redirects.js errant curly brace breaking the preview * fix links and bad MD * fixed md formatting issues * fix formatting errors * fix formatting errors * Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx * Apply suggestions from code review * fixed typo * Fix headers in http-route * Apply suggestions from code review Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com>
2023-10-10 20:29:55 +00:00
permanent: true,
},
{
source: '/consul/docs/api-gateway/usage/errors',
destination: '/consul/docs/connect/gateways/api-gateway/errors',
permanent: true,
},
{
source: '/consul/docs/api-gateway/usage/usage',
destination:
'/consul/docs/connect/gateways/api-gateway/deploy/listeners-k8s',
permanent: true,
},
{
source: '/consul/docs/api-gateway/upgrades',
destination: '/consul/docs/connect/gateways/api-gateway/upgrades-k8s',
permanent: true,
},
{
Backport of fixed typos in redirect for api gateways into release/1.17.x (#19528) * server: run the api checks against the path without params (#19205) * Clone proto into deepcopy correctly (#19204) * chore: update version and nightly CI for 1.17 (#19208) Update version file to 1.18-dev, and replace 1.13 nightly test with 1.17. * mesh: add validation hook to proxy configuration (#19186) * mesh: add more validations to Destinations resource (#19202) * catalog, mesh: implement missing ACL hooks (#19143) This change adds ACL hooks to the remaining catalog and mesh resources, excluding any computed ones. Those will for now continue using the default operator:x permissions. It refactors a lot of the common testing functions so that they can be re-used between resources. There are also some types that we don't yet support (e.g. virtual IPs) that this change adds ACL hooks to for future-proofing. * NET-5073 - ProxyConfiguration: implement various connection options (#19187) * NET-5073 - ProxyConfiguration: implement various connection options * PR feedback - LocalConnection and InboundConnection do not affect exposed routes. configure L7 route destinations. fix connection proto sequence numbers. * add timeout to L7 Route Destinations * Relplat 897 copywrite bot workarounds (#19200) Co-authored-by: Ronald Ekambi <ronekambi@gmail.com> * mesh: add xRoute ACL hook tenancy tests (#19177) Enhance the xRoute ACL hook tests to cover tenanted situations. These tests will only execute in enterprise. * resource: enforce lowercase v2 resource names (#19218) * mesh: add DestinationPolicy ACL hook tenancy tests (#19178) Enhance the DestinationPolicy ACL hook tests to cover tenanted situations. These tests will only execute in enterprise. * catalog: add FailoverPolicy ACL hook tenancy test (#19179) * docs: Multi-port corrections (#19224) * typo fixes and instruction corrections * typo * link path correction * Add reason why port 53 is not used by default (#19222) * Update dns-configuration.mdx * Update website/content/docs/services/discovery/dns-configuration.mdx Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> * v2tenancy: rename v1alpha1 -> v2beta1 (#19227) * [NET-5944] security: Update Go version to 1.20.10 and `x/net` to 0.17.0 (#19225) * Bump golang.org/x/net to 0.17.0 This resolves [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) / [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). * Update Go version to 1.20.10 This resolves [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) / [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) (`net/http`). * NET-6097 - sidecar proxy controller - give name to first failover policy target (#19239) * Cc 5545: Upgrade HDS packages and modifiers (#19226) * Upgrade @hashicorp/design-system-tokens to 1.9.0 * Upgrade @hashicorp/design-system-components to 1.8.1 * Upgrade @hashicorp/design-system-components and ember-in-viewport * Explicitly install ember-modifier@4.1.0 * rename copy-button * Fix how cleanup is done in with-copyable * Update aria-menu modifier for new structure * Update css-prop modifier to new structure * Convert did-upsert to regular class modifier * Update notification modifier for new structure * Update on-oustside modifier for new structure * Move destroy handler registration in with-copyable * Update style modifier for new structure * Update validate modifier for new structure * Guard against setting on destroyed object * Upgrade @hashicorp/design-system-components to 2.14.1 * Remove debugger * Guard against null in aria-menu * Fix undefined hash in validate addon * Upgrade ember-on-resize-modifier * Fix copy button import, missing import and array destructuring --------- Co-authored-by: wenincode <tyler.wendlandt@hashicorp.com> * [NET-5810] CE changes for multiple virtual hosts (#19246) CE changes for multiple virtual hosts * Net 4893- Ensure we're testing all the latest versions of Vault/Nomad (#19119) * NET-5592 - update Nomad integration testing * NET-4893: Ensure we're testing all the latest versions of Vault/Nomad * docs: Fix example control-plane-request-limit HCL and JSON (#19105) The control-plane-request-limit config entry does not support specifying parameter names in snake case format. This commit updates the HCL and JSON examples to use the supported camel case key format. * test: add 1.17 nightly integrations test (#19253) * fix expose paths (#19257) When testing adding http probes to apps, I ran into some issues which I fixed here: - The listener should be listening on the exposed listener port, updated that. - The listener and route names were pointing to the path of the exposed path. In my test, the path was "/" resulting in an empty string path. Also, the path may not be unique across exposed path listeners, so I decided to use the path+exposed port as the unique identifier. * docs: Multiport HCP constraint update (#19261) * Add sentence * link text adjustment * docs: Fix multi-port install (#19262) * Update configure.mdx Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Prevent circular dependencies between v2 resources and generate a mermaid diagram with their dependencies (#19230) * build(docker): always publish full and minor version tags for dev images (#19278) * fix nightly integration test: envoy version and n-2 version (#19286) * [NET-6221] Ensure LB policy set for locality-aware routing (CE) (#19283) Ensure LB policy set for locality-aware routing (CE) `overprovisioningFactor` should be overridden with the expected value (100,000) when there are multiple endpoint groups. Update code and tests to enforce this. This is an Enterprise feature. This commit represents the CE portions of the change; tests are added in the corresponding `consul-enterprise` change. * fix: allow snake case keys for ip based rate limit config entry (#19277) * fix: allow snake case keys for ip based rate limit config entry * chore: add changelog * reformatted the JSON schema server conf ref (#19288) * acls,catalog,mesh: properly authorize workload selectors on writes (#19260) To properly enforce writes on resources that have workload selectors with prefixes, we need another service authorization rule that allows us to check whether read is allowed within a given prefix. Specifically we need to only allow writes if the policy prefix allows for a wider set of names than the prefix selector on the resource. We should also not allow policies with exact names for prefix matches. Part of [NET-3993] * NET-6239: Temporarily disable verify envoy check (#19299) * skip verify envoy version * cleanup * Update supported Envoy versions (#19276) * mesh: provide missing domain to route configurations in ProxyStateTemplate (#19298) * add empty domains * update unit tests * enable verify envoy script (#19303) * Vault CA bugfixes (#19285) * Re-add retry logic to Vault token renewal * Fix goroutine leak * Add test for detecting goroutine leak * Add changelog * Rename tests * Add comment * Backout Envoy 1.28.0 (#19306) * added ent to ce downgrade changes (#19311) * added ent to ce downgrade changes * added changelog * added busl headers * skip envoy version check in ci (#19315) * Tenancy Bridge v2 (#19220) * tenancy bridge v2 for v2 resources * add missing copywrite headers * remove branch name causing conflicts (#19319) * mesh: ensure route configs are named uniquely per port (#19323) * [NET-5327] Templated policies api/cli docs (#19270) * More templated policies docs (#19312) [NET-5327]More templated policies docs * Fixing docs to add more templated policies references (#19335) * Upgrade Consul UI to Node 18 (#19252) * Upgrading node to node 18 * Ensure we're on latest version of yarn as well * add comma to make frontend tests run * Use Node 18 Alpine image in UI build dockerfile * delete package-lock.json --------- Co-authored-by: wenincode <tyler.wendlandt@hashicorp.com> Co-authored-by: Ella Cai <ella.y.cai@gmail.com> Co-authored-by: Ella Cai <ella@hashicorp.com> * resource: default peername to local in list endpoints (#19340) * Add grpc keepalive configuration. (#19339) Prior to the introduction of this configuration, grpc keepalive messages were sent after 2 hours of inactivity on the stream. This posed issues in various scenarios where the server-side xds connection balancing was unaware that envoy instances were uncleanly killed / force-closed, since the connections would only be cleaned up after ~5 minutes of TCP timeouts occurred. Setting this config to a 30 second interval with a 20 second timeout ensures that at most, it should take up to 50 seconds for a dead xds connection to be closed. * bump raft-wal version to 0.4.1 (#19314) * bump raft-wal version to 0.4.1 * changelog * go mod tidy integration tests * go mod tidy test-integ * NET-5397 - wire up destination golden tests from sidecar-proxy controller for xds controller and xdsv2 (#19167) * NET-5397 - wire up golden tests from sidecar-proxy controller for xds controller and xdsv2 * WIP * WIP * everything matching except leafCerts. need to mock those * single port destinations working except mixed destinations * golden test input to xds controller tests for destinations * proposed fix for failover group naming errors * clean up test to use helper. * clean up test to use helper. * fix test file * add docstring for test function. * add docstring for test function. * fix linting error * fixing test after route fix merged into main * gvk partial inference (#19058) * gvk partial inference * NET-6079 - wire up sidecarproxy golden file inputs into xds controller - sources (#19241) * NET-5397 - wire up golden tests from sidecar-proxy controller for xds controller and xdsv2 * WIP * WIP * everything matching except leafCerts. need to mock those * single port destinations working except mixed destinations * golden test input to xds controller tests for destinations * proposed fix for failover group naming errors * clean up test to use helper. * clean up test to use helper. * fix test file * add docstring for test function. * add docstring for test function. * fix linting error * fixing test after route fix merged into main * first source test works * WIP * modify all source files * source tests pass * fixing tests after bug fix in main * NET-6080 - xds controller golden file inputs into xds resources - destinations (#19244) * NET-5397 - wire up golden tests from sidecar-proxy controller for xds controller and xdsv2 * WIP * WIP * everything matching except leafCerts. need to mock those * single port destinations working except mixed destinations * golden test input to xds controller tests for destinations * proposed fix for failover group naming errors * clean up test to use helper. * clean up test to use helper. * fix test file * add docstring for test function. * add docstring for test function. * fix linting error * fixing test after route fix merged into main * first source test works * WIP * modify all source files * source tests pass * fixing tests after bug fix in main * got first destination working. * adding destinations * fix docstring for test * fixing tests after bug fix in main * NET-6081 - xds controller golden file inputs into xds resources - sources (#19250) * NET-5397 - wire up golden tests from sidecar-proxy controller for xds controller and xdsv2 * WIP * WIP * everything matching except leafCerts. need to mock those * single port destinations working except mixed destinations * golden test input to xds controller tests for destinations * proposed fix for failover group naming errors * clean up test to use helper. * clean up test to use helper. * fix test file * add docstring for test function. * add docstring for test function. * fix linting error * fixing test after route fix merged into main * first source test works * WIP * modify all source files * source tests pass * fixing tests after bug fix in main * got first destination working. * adding destinations * fix docstring for test * fixing tests after bug fix in main * adding source proxies * fixing tests after bug fix in main * got first destination working. * adding destinations * fix docstring for test * fixing tests after bug fix in main * got first destination working. * adding destinations * fix docstring for test * fixing tests after bug fix in main * Use strict DNS for mesh gateways with hostnames (#19268) * Use strict DNS for mesh gateways with hostnames * Add changelog * [NET-6305] xds: Ensure v2 route match and protocol are populated for gRPC (#19343) * xds: Ensure v2 route match is populated for gRPC Similar to HTTP, ensure that route match config (which is required by Envoy) is populated when default values are used. Because the default matches generated for gRPC contain a single empty `GRPCRouteMatch`, and that proto does not directly support prefix-based config, an interpretation of the empty struct is needed to generate the same output that the `HTTPRouteMatch` is explicitly configured to provide in internal/mesh/internal/controllers/routes/generate.go. * xds: Ensure protocol set for gRPC resources Add explicit protocol in `ProxyStateTemplate` builders and validate it is always set on clusters. This ensures that HTTP filters and `http2_protocol_options` are populated in all the necessary places for gRPC traffic and prevents future unintended omissions of non-TCP protocols. Co-authored-by: John Murret <john.murret@hashicorp.com> --------- Co-authored-by: John Murret <john.murret@hashicorp.com> * Add clarification for route match behavior (#19363) * Add clarification for route match behavior * Update website/content/docs/connect/config-entries/service-defaults.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> --------- Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Fix 1.17.x release notes and added templated policies (#19370) * docs - release notes (add enterprise label and example of non compatible service name) (#19377) * Update v1_17_x.mdx * Update v1_17_x.mdx * feat: read resource namespace (#19320) * test: add missing tests for read resource namespace * refactor: remove redundant test * refactor: rename import aliases * fix: typo var name * refctor: remove another redundant test * Net 5875 - Create the Exported Services Resources (#19117) * init * computed exported service * make proto * exported services resource * exported services test * added some tests and namespace exported service * partition exported services * computed service * computed services tests * register types * fix comment * make proto lint * fix proto format make proto * make codegen * Update proto-public/pbmulticluster/v1alpha1/computed_exported_services.proto Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * Update internal/multicluster/internal/types/computed_exported_services.go Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * using different way of resource creation in tests * make proto * fix computed exported services test * fix tests * differnet validation for computed services for ent and ce * Acls for exported services * added validations for enterprise features in ce * fix error * fix acls test * Update internal/multicluster/internal/types/validation_exported_services_ee.go Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * removed the create method * update proto * removed namespace * created seperate function for ce and ent * test files updated and validations fixed * added nil checks * fix tests * added comments * removed tenancy check * added mutation function * fix mutation method * fix list permissions in test * fix pr comments * fix tests * lisence * busl license * Update internal/multicluster/internal/types/helpers_ce.go Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * Update internal/multicluster/internal/types/helpers_ce.go Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * Update internal/multicluster/internal/types/helpers_ce.go Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * make proto * some pr comments addressed * some pr comments addressed * acls helper * some comment changes * removed unused files * fixes * fix function in file * caps * some positioing * added test for validation error * fix names * made valid a function * remvoed patch * removed mutations * v2 beta1 * v2beta1 * rmeoved v1alpha1 * validate error * merge ent * some nits * removed dup func * removed nil check --------- Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> * test: add missing tests for list endpoint (#19364) * Add enterprise label for rate limiting (#19384) * test deployer: fix a bug when deploying cluster with various ent images (#19381) * Stop use of templated-policy and templated-policy-file simultaneously (#19389) * Resource Hook Pre-Decode Utilities (#18548) Add some generic type hook wrappers to first decode the data There seems to be a pattern for Validation, Mutation and Write Authorization hooks where they first need to decode the Any data before doing the domain specific work. This PR introduces 3 new functions to generate wrappers around the other hooks to pre-decode the data into a DecodedResource and pass that in instead of the original pbresource.Resource. This PR also updates the various catalog data types to use the new hook generators. * resource: resource service now checks for `v2tenancy` feature flag (#19400) * Fix casing in example yaml config (#19369) * Delete unused files (#19402) * NET-6294 - v1 Agentless proxycfg datasource errors after v2 changes (#19365) * increasing unit tests timeout from 10m to 30m (#19423) * [NET-6138] security: Bump `google.golang.org/grpc` to 1.56.3 (CVE-2023-44487) (#19414) Bump google.golang.org/grpc to 1.56.3 This resolves [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). Co-authored-by: Chris Thain <chris.m.thain@gmail.com> * Update multi-port examples to remove spec.template.metadata.name (#19430) * integ test: snapshot mesh frozen bug test (#19435) * integ test: snapshot mesh frozen bug test * docs - Update k8s compat matrix (#19378) * Update compatibility.mdx * Update README.md (#19413) * Fix typo in kind for JWT config on API Gateway (#19441) * NET-5186 Add NET_BIND_SERVICE capability to consul-dataplane requirements (#18512) * Add NET_BIND_SERVICE capability to list of consul-dataplane requirements * Add link to related Kubernetes documentation Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * added redirect for conf entries 1.8.x (#19460) * Update docs for service splitter example typo (#19469) * Regen expired test certs (#19476) * build: ensure we pull through the hashicorp proxy instead of going directly to the docker hub (#19482) * temporarily disallow L7 traffic permissions (#19322) * Source / local_app golden tests to include all protocols. (#19436) * cover all protocols in local_app golden tests * fix xds tests * updating latest * fix broken test * add sorting of routers to TestBuildLocalApp to get rid of the flaking * [NET-5916] Fix locality-aware routing config and tests (CE) (#19483) Fix locality-aware routing config and tests * testing/deployer: update deployer to use v2 catalog constructs when requested (#19046) This updates the testing/deployer (aka "topology test") framework to conditionally configure and launch catalog constructs using v2 resources. This is controlled via a Version field on the Node construct in a topology.Config. This only functions for a dataplane type and has other restrictions that match the rest of v2 (no peering, no wanfed, no mesh gateways). Like config entries, you can statically provide a set of initial resources to be synced when bringing up the cluster (beyond those that are generated for you such as workloads, services, etc). If you want to author a test that can be freely converted between v1 and v2 then that is possible. If you switch to the multi-port definition on a topology.Service (aka "workload/instance") then that makes v1 ineligible. This also adds a starter set of "on every PR" integration tests for single and multiport under test-integ/catalogv2 * resource: misc finalizer apis (#19474) * testing/deployer: support tproxy in v2 for dataplane (#19094) This updates the testing/deployer (aka "topology test") framework to allow for a v2-oriented topology to opt services into enabling TransparentProxy. The restrictions are similar to that of #19046 The multiport Ports map that was added in #19046 was changed to allow for the protocol to be specified at this time, but for now the only supported protocol is TCP as only L4 functions currently on main. As part of making transparent proxy work, the DNS server needed a new zonefile for responding to virtual.consul requests, since there is no Kubernetes DNS and the Consul DNS work for v2 has not happened yet. Once Consul DNS supports v2 we should switch over. For now the format of queries is: <service>--<namespace>--<partition>.virtual.consul Additionally: - All transparent proxy enabled services are assigned a virtual ip in the 10.244.0/24 range. This is something Consul will do in v2 at a later date, likely during 1.18. - All services with exposed ports (non-mesh) are assigned a virtual port number for use with tproxy - The consul-dataplane image has been made un-distroless, and gotten the necessary tools to execute consul connect redirect-traffic before running dataplane, thus simulating a kubernetes init container in plain docker. * update v2 changelog (#19446) * NET-6319 - L7 routes have statePrefix of upstream. and should have a full path (#19473) * resource: finalizer aware delete endpoint (2 of 5) (#19493) resource: make delete endpoint finalizer aware * build: dependency updates for 1.17.0 (#19453) * chore: apply enterprise changes that were missed to some testing files (#19504) This should align between CE ef35525 and ENT 7f95226dbe40151c8f17dd4464784b60cf358dc1 in: - testing/integration/consul-container - test-integ - testing/deployer * Net-6291/fix/watch resources (#19467) * fix: update watch endpoint to default based on scope * test: additional test * refactor: rename list validate function * refactor: rename validate<Op>Request() -> ensure<Op>RequestValid() for consistency * XDS V1 should not make runs for TCP Disco Chains. (#19496) * XDS V1 should not make runs for TCP Disco Chains. * update TestEnvoyExtenderWithSnapshot * testing: disable v2 linkage to nodes in integration tests (#19509) * Shuffle CICD tests to spread worker load. (#19501) * [NET-6459] Fix issue with wanfed lan ip conflicts. (#19503) Fix issue with wanfed lan ip conflicts. Prior to this commit, the connection pools were unaware which datacenter the connection was associated with. This meant that any time servers with overlapping LAN IP addresses and node shortnames existed, they would be incorrectly co-located in the same pool. Whenever this occurred, the servers would get stuck in an infinite loop of forwarding RPCs to themselves (rather than the intended remote DC) until they eventually run out of memory. Most notably, this issue can occur whenever wan federation through mesh gateways is enabled. This fix adds extra metadata to specify which DC the connection is associated with in the pool. * CC-5545: Side Nav (#19342) * Initial work for sidenav * Use HDS::Text * Add resolution for ember-element-helper * WIP dc selector * Update HCP Home link * DC selector * Hook up remaining selectors * Fix settings and tutorial links * Remove comments * Remove skip-links * Replace auth with new dropdown * Use href-to helper for sidenav links * Changelog * Add description to NavSelector * Wrap version in footer and role * Fix login tests * Add data-test selectors for namespaces * Fix datacenter disclosure menu test * Stop rendering auth dialog if acls are disabled * Update disabled selector state and token selector * Fix logic in ACL selector * Fix HCP Home integration test * Remove toggling the sidenav in tests * Add sidenav to eng docs * Re-add debug navigation for eng docs * Remove ember-in-viewport * Remove unused styles * Upgrade @hashicorp/design-system-componentseee * Add translations for side-nav * Only show back to hcp link if url is present * Disable responsive due to a11y-dialog issue * fixed typos in redirect for api gateways * backport of commit 7f84855aa8ea0acac64238b98669ad7bb6bd6829 * backport of commit d78a0efe8cb6eb08121598ffa096d567a08b4e16 * backport of commit 655ebb48647ac6cdeb3a993a602fb58e9b71d6e7 --------- Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com> Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com> Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> Co-authored-by: John Murret <john.murret@hashicorp.com> Co-authored-by: modrake <12264057+modrake@users.noreply.github.com> Co-authored-by: Ronald Ekambi <ronekambi@gmail.com> Co-authored-by: Semir Patel <semir.patel@hashicorp.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: David Yu <dyu@hashicorp.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: Chris Hut <tophernuts@gmail.com> Co-authored-by: wenincode <tyler.wendlandt@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Sophie Gairo <97480023+sophie-gairo@users.noreply.github.com> Co-authored-by: Blake Covarrubias <blake@covarrubi.as> Co-authored-by: Dan Stough <dan.stough@hashicorp.com> Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com> Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com> Co-authored-by: cskh <hui.kang@hashicorp.com> Co-authored-by: Poonam Jadhav <poonam.jadhav@hashicorp.com> Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Anita Akaeze <anita.akaeze@hashicorp.com> Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com> Co-authored-by: Chris S. Kim <ckim@hashicorp.com> Co-authored-by: aahel <aahel.guha@hashicorp.com> Co-authored-by: Dhia Ayachi <dhia@hashicorp.com> Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com> Co-authored-by: Ella Cai <ella.y.cai@gmail.com> Co-authored-by: Ella Cai <ella@hashicorp.com> Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com> Co-authored-by: wangxinyi7 <121973291+wangxinyi7@users.noreply.github.com> Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> Co-authored-by: Ashesh Vidyut <134911583+absolutelightning@users.noreply.github.com> Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: Chris Thain <chris.m.thain@gmail.com> Co-authored-by: skpratt <sarah.pratt@hashicorp.com> Co-authored-by: trujillo-adam <ajosetru@gmail.com>
2023-11-06 17:29:58 +00:00
source: '/consul/docs/api-gateway/configuration',
destination: '/consul/docs/connect/gateways/api-gateway/configuration',
Docs/api-gw-jwts-openshift-1-17-x (#19035) * update main apigw overview * moved the tech specs to main gw folder * merged tech specs into single topic * restructure nav part 1 * fix typo in nav json file * moved k8s install up one level * restructure nav part 2 * moved and created all listeners and routes content * moved errors ref and upgrades * fix error in upgrade-k8s link * moved conf refs to appropriate spots * updated conf overview * fixed some links and bad formatting * fixed link * added JWT on VMs usage page * added JWT conf to APIGW conf entry * added JWTs to HTTP route conf entry * added new gatwaypolicy k8s conf reference * added metadesc for gatewaypolicy conf ref * added http route auth filter k8s conf ref * added http route auth filter k8s conf ref to nav * updates to k8s route conf ref to include extensionRef * added JWTs usage page for k8s * fixed link in gwpolicy conf ref * added openshift installation info to installation pages * fixed bad link on tech specs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * fixed VerityClaims param * best guess at verifyclaims params * tweaks to gateway policy dconf ref * Docs/ce 475 retries timeouts for apigw (#19086) * added timeout and retry conf ref for k8s * added retry and TO filters to HTTP routes conf ref for VMs * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * fix copy/paste error in http route conf entry --------- Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * update links across site and add redirects * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> * Applied feedback from review * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Update CRD configuration for responseHeaderModifiers * Update Config Entry for http-route * Add ResponseFilter example to service * Update website/redirects.js errant curly brace breaking the preview * fix links and bad MD * fixed md formatting issues * fix formatting errors * fix formatting errors * Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx * Apply suggestions from code review * fixed typo * Fix headers in http-route * Apply suggestions from code review Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com>
2023-10-10 20:29:55 +00:00
permanent: true,
},
{
source: '/consul/docs/api-gateway/configuration/:slug',
destination:
'/consul/docs/connect/gateways/api-gateway/configuration/:slug',
permanent: true,
},
{
source: '/consul/docs/connect/failover',
destination: '/consul/docs/connect/manage-traffic/failover',
permanent: true,
},
{
source: '/consul/docs/connect/l7',
destination: '/consul/docs/connect/manage-traffic',
permanent: true,
},
{
source: '/consul/docs/connect/l7/:slug',
destination: '/consul/docs/connect/manage-traffic/:slug',
permanent: true,
},
{
source: '/consul/docs/v1.8.x/connect/config-entries/:slug',
destination: '/consul/docs/v1.8.x/agent/config-entries/:slug',
permanent: true,
},
Docs/cluster peering 1.15 updates (#16291) * initial commit * initial commit * Overview updates * Overview page improvements * More Overview improvements * improvements * Small fixes/updates * Updates * Overview updates * Nav data * More nav updates * Fix * updates * Updates + tip test * Directory test * refining * Create restructure w/ k8s * Single usage page * Technical Specification * k8s pages * typo * L7 traffic management * Manage connections * k8s page fix * Create page tab corrections * link to k8s * intentions * corrections * Add-on intention descriptions * adjustments * Missing </CodeTabs> * Diagram improvements * Final diagram update * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: David Yu <dyu@hashicorp.com> * diagram name fix * Fixes * Updates to index.mdx * Tech specs page corrections * Tech specs page rename * update link to tech specs * K8s - new pages + tech specs * k8s - manage peering connections * k8s L7 traffic management * Separated establish connection pages * Directory fixes * Usage clean up * k8s docs edits * Updated nav data * CodeBlock Component fix * filename * CodeBlockConfig removal * Redirects * Update k8s filenames * Reshuffle k8s tech specs for clarity, fmt yaml files * Update general cluster peering docs, reorder CLI > API > UI, cross link to kubernetes * Fix config rendering in k8s usage docs, cross link to general usage from k8s docs * fix legacy link * update k8s docs * fix nested list rendering * redirect fix * page error --------- Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: David Yu <dyu@hashicorp.com> Co-authored-by: Tu Nguyen <im2nguyen@gmail.com>
2023-02-23 17:58:39 +00:00
]