Luke Kysow
3530d3782d
peering: read endpoints can now return failing status ( #13849 )
...
Track streams that have been disconnected due to an error and
set their statuses to failing.
2022-07-25 14:27:53 -07:00
Kyle Havlovitz
93de25f87c
Merge pull request #13872 from hashicorp/remove-upstream-log
...
Remove extra logging from ingress upstream watch shutdown
2022-07-25 12:55:30 -07:00
David Yu
5867db4b0e
docs: followup on grammar and typo for latency requirements ( #13888 )
2022-07-25 12:50:11 -07:00
alex
45c3562477
docs: add peering metric doc ( #13862 )
...
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-25 12:43:06 -07:00
Chris S. Kim
73a84f256f
Preserve PeeringState on upsert ( #13666 )
...
Fixes a bug where if the generate token is called twice, the second call upserts the zero-value (undefined) of PeeringState.
2022-07-25 14:37:56 -04:00
David Yu
5786309356
docs: add details around Consul latency requirements ( #13881 )
...
* docs: add details around Consul latency requirements
2022-07-25 11:02:31 -07:00
Chris S. Kim
8ed49ea4d0
Update envoy metrics label extraction for peered clusters and listeners ( #13818 )
...
Now that peered upstreams can generate envoy resources (#13758 ), we need a way to disambiguate local from peered resources in our metrics. The key difference is that datacenter and partition will be replaced with peer, since in the context of peered resources partition is ambiguous (could refer to the partition in a remote cluster or one that exists locally). The partition and datacenter of the proxy will always be that of the source service.
Regexes were updated to make emitting datacenter and partition labels mutually exclusive with peer labels.
Listener filter names were updated to better match the existing regex.
Cluster names assigned to peered upstreams were updated to be synthesized from local peer name (it previously used the externally provided primary SNI, which contained the peer name from the other side of the peering). Integration tests were updated to assert for the new peer labels.
2022-07-25 13:49:00 -04:00
Michael Klein
f7f26220ba
ui: add peers to node search ( #13875 )
...
* Make nodes searchable by peer
* fix only surface peer filter on service search when feature is on
2022-07-25 18:46:47 +02:00
DanStough
dfd50d68ed
chore: ignore vscode files
2022-07-25 12:31:58 -04:00
DanStough
2da8949d78
feat: convert destination address to slice
2022-07-25 12:31:58 -04:00
Luke Kysow
cf4af7c765
Re-document peering disabled ( #13879 )
...
Change wording because it does have effect on clients because it
disables peering in the UI served from that client.
2022-07-25 09:30:37 -07:00
Freddy
f03cca7576
[OSS] Add ACL enforcement to peering endpoints ( #13878 )
2022-07-25 10:04:10 -06:00
Matt Keeler
58e4d8235b
Enable/Disable Peering Support in the UI ( #13816 )
...
We enabled/disable based on the config flag.
2022-07-25 11:50:11 -04:00
freddygv
b544ce6485
Add ACL enforcement to peering endpoints
2022-07-25 09:34:29 -06:00
Kyle Havlovitz
016f963e7e
Remove excess debug log from ingress upstream shutdown
2022-07-22 17:29:38 -07:00
alex
279d458e6e
peering: use ShouldDial to validate peer role ( #13823 )
...
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-22 15:56:25 -07:00
Luke Kysow
a1e6d69454
peering: add config to enable/disable peering ( #13867 )
...
* peering: add config to enable/disable peering
Add config:
```
peering {
enabled = true
}
```
Defaults to true. When disabled:
1. All peering RPC endpoints will return an error
2. Leader won't start its peering establishment goroutines
3. Leader won't start its peering deletion goroutines
2022-07-22 15:20:21 -07:00
Kyle Havlovitz
0786517b56
Merge pull request #13847 from hashicorp/gateway-goroutine-leak
...
Fix goroutine leaks in proxycfg when using ingress gateway
2022-07-22 14:43:22 -07:00
Freddy
f99df57840
[OSS] Add new peering ACL rule ( #13848 )
...
This commit adds a new ACL rule named "peering" to authorize
actions taken against peering-related endpoints.
The "peering" rule has several key properties:
- It is scoped to a partition, and MUST be defined in the default
namespace.
- Its access level must be "read', "write", or "deny".
- Granting an access level will apply to all peerings. This ACL rule
cannot be used to selective grant access to some peerings but not
others.
- If the peering rule is not specified, we fall back to the "operator"
rule and then the default ACL rule.
2022-07-22 14:42:23 -06:00
NicoletaPopoviciu
a3cdcf0c86
docs: Updates k8s annotation docs ( #13809 )
...
* Updates k8s annotation docs
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2022-07-22 13:26:31 -07:00
Sarah Alsmiller
082ad42ff4
add redirects
2022-07-22 14:20:27 -05:00
alex
927cee692b
peering: emit exported services count metric ( #13811 )
...
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-22 12:05:08 -07:00
Matt Keeler
77917b6b5d
Rename some protobuf package names to be fqdn like ( #13861 )
...
These are used in various bits of the wire format (for gRPC) and internally with Go’s registry so we want to namespace things properly.
2022-07-22 14:59:34 -04:00
Thomas Eckert
acf4758e12
Add options and examples to proxy read
2022-07-22 13:43:38 -04:00
Kyle Havlovitz
6e1dd05a19
Add changelog note
2022-07-22 10:33:50 -07:00
A.J. Sanon
90ae5ffd16
Add ECS audit logging docs ( #13729 )
2022-07-22 13:30:25 -04:00
Michael Klein
bcbc36ecec
Improve peered service empty downstreams message ( #13854 )
2022-07-22 19:28:13 +02:00
Thomas Eckert
16c8563049
Add descriptions to the subjects
2022-07-22 12:14:01 -04:00
sarahalsmiller
355f6dbd48
Update website/content/docs/api-gateway/usage/basic-usage.mdx
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-22 09:45:00 -05:00
Daniel Upton
a8df87f574
proxycfg-glue: server-local implementation of `ExportedPeeredServices`
...
This is the OSS portion of enterprise PR 2377.
Adds a server-local implementation of the proxycfg.ExportedPeeredServices
interface that sources data from a blocking query against the server's
state store.
2022-07-22 15:23:23 +01:00
Eric Haberkorn
501089292e
Add Cluster Peering Failover Support to Prepared Queries ( #13835 )
...
Add peering failover support to prepared queries
2022-07-22 09:14:43 -04:00
Sarah Alsmiller
2f8b0174b2
fix tabs
2022-07-21 17:38:57 -05:00
Sarah Alsmiller
596f421881
fix tabs
2022-07-21 17:21:22 -05:00
Sarah Alsmiller
7d66c77f9c
fix tabs
2022-07-21 17:11:07 -05:00
Nitya Dhanushkodi
f47319b7c6
update generate token endpoint to take external addresses ( #13844 )
...
Update generate token endpoint (rpc, http, and api module)
If ServerExternalAddresses are set, it will override any addresses gotten from the "consul" service, and be used in the token instead, and dialed by the dialer. This allows for setting up a load balancer for example, in front of the consul servers.
2022-07-21 14:56:11 -07:00
Sarah Alsmiller
add15bec2e
fix tabs
2022-07-21 16:54:03 -05:00
Thomas Eckert
73e8b3cc0d
Add proxy list docs
2022-07-21 17:47:39 -04:00
Sarah Alsmiller
b9501b5170
erge branch 'sa-restructure-documentation' of github.com:hashicorp/consul into sa-restructure-documentation
2022-07-21 15:13:00 -05:00
Sarah Alsmiller
e0d38ea01e
add consul k8s install instructions
2022-07-21 15:12:49 -05:00
sarahalsmiller
c9f622de38
Update website/content/docs/api-gateway/configuration/gatewayclassconfig.mdx
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:59:14 -05:00
Sarah Alsmiller
63e806f993
Merge branch 'sa-restructure-documentation' of github.com:hashicorp/consul into sa-restructure-documentation
2022-07-21 14:54:04 -05:00
Sarah Alsmiller
20e97a7729
merge back in mike's environment doc in install
2022-07-21 14:53:55 -05:00
sarahalsmiller
c54e0904de
Update website/content/docs/api-gateway/configuration/gateway.mdx
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:55 -05:00
sarahalsmiller
5d02480430
Update website/content/docs/api-gateway/configuration/gateway.mdx
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:47 -05:00
sarahalsmiller
dfc9ae4a60
Update website/content/docs/api-gateway/configuration/gateway.mdx
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:34 -05:00
sarahalsmiller
9feb465f62
Update website/content/docs/api-gateway/configuration/gateway.mdx
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:25 -05:00
alex
58d66a002e
Merge pull request #13845 from hashicorp/acpana/peering-rename-oss
...
[SYNC] Rename peering internal to ~
2022-07-21 11:20:38 -07:00
acpana
12b773ab02
Rename peering internal to ~
...
sync ENT to 5679392c81
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-21 10:51:05 -07:00
Luke Kysow
0c87be0845
peering: Add heartbeating to peering streams ( #13806 )
...
* Add heartbeating to peering streams
2022-07-21 10:03:27 -07:00
Chris Thain
af40b9b144
Add Consul Lambda integration tests ( #13770 )
2022-07-21 09:54:56 -07:00