Commit Graph

18394 Commits (0abb923d661350f0bea344887f16a1d58c1836df)

Author SHA1 Message Date
Luke Kysow 3530d3782d
peering: read endpoints can now return failing status (#13849)
Track streams that have been disconnected due to an error and
set their statuses to failing.
2022-07-25 14:27:53 -07:00
Kyle Havlovitz 93de25f87c
Merge pull request #13872 from hashicorp/remove-upstream-log
Remove extra logging from ingress upstream watch shutdown
2022-07-25 12:55:30 -07:00
David Yu 5867db4b0e
docs: followup on grammar and typo for latency requirements (#13888) 2022-07-25 12:50:11 -07:00
alex 45c3562477
docs: add peering metric doc (#13862)
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-25 12:43:06 -07:00
Chris S. Kim 73a84f256f
Preserve PeeringState on upsert (#13666)
Fixes a bug where if the generate token is called twice, the second call upserts the zero-value (undefined) of PeeringState.
2022-07-25 14:37:56 -04:00
David Yu 5786309356
docs: add details around Consul latency requirements (#13881)
* docs: add details around Consul latency requirements
2022-07-25 11:02:31 -07:00
Chris S. Kim 8ed49ea4d0
Update envoy metrics label extraction for peered clusters and listeners (#13818)
Now that peered upstreams can generate envoy resources (#13758), we need a way to disambiguate local from peered resources in our metrics. The key difference is that datacenter and partition will be replaced with peer, since in the context of peered resources partition is ambiguous (could refer to the partition in a remote cluster or one that exists locally). The partition and datacenter of the proxy will always be that of the source service.

Regexes were updated to make emitting datacenter and partition labels mutually exclusive with peer labels.

Listener filter names were updated to better match the existing regex.

Cluster names assigned to peered upstreams were updated to be synthesized from local peer name (it previously used the externally provided primary SNI, which contained the peer name from the other side of the peering). Integration tests were updated to assert for the new peer labels.
2022-07-25 13:49:00 -04:00
Michael Klein f7f26220ba
ui: add peers to node search (#13875)
* Make nodes searchable by peer

* fix only surface peer filter on service search when feature is on
2022-07-25 18:46:47 +02:00
DanStough dfd50d68ed chore: ignore vscode files 2022-07-25 12:31:58 -04:00
DanStough 2da8949d78 feat: convert destination address to slice 2022-07-25 12:31:58 -04:00
Luke Kysow cf4af7c765
Re-document peering disabled (#13879)
Change wording because it does have effect on clients because it
disables peering in the UI served from that client.
2022-07-25 09:30:37 -07:00
Freddy f03cca7576
[OSS] Add ACL enforcement to peering endpoints (#13878) 2022-07-25 10:04:10 -06:00
Matt Keeler 58e4d8235b
Enable/Disable Peering Support in the UI (#13816)
We enabled/disable based on the config flag.
2022-07-25 11:50:11 -04:00
freddygv b544ce6485 Add ACL enforcement to peering endpoints 2022-07-25 09:34:29 -06:00
Kyle Havlovitz 016f963e7e Remove excess debug log from ingress upstream shutdown 2022-07-22 17:29:38 -07:00
alex 279d458e6e
peering: use ShouldDial to validate peer role (#13823)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-22 15:56:25 -07:00
Luke Kysow a1e6d69454
peering: add config to enable/disable peering (#13867)
* peering: add config to enable/disable peering

Add config:

```
peering {
  enabled = true
}
```

Defaults to true. When disabled:
1. All peering RPC endpoints will return an error
2. Leader won't start its peering establishment goroutines
3. Leader won't start its peering deletion goroutines
2022-07-22 15:20:21 -07:00
Kyle Havlovitz 0786517b56
Merge pull request #13847 from hashicorp/gateway-goroutine-leak
Fix goroutine leaks in proxycfg when using ingress gateway
2022-07-22 14:43:22 -07:00
Freddy f99df57840
[OSS] Add new peering ACL rule (#13848)
This commit adds a new ACL rule named "peering" to authorize
actions taken against peering-related endpoints.

The "peering" rule has several key properties:
- It is scoped to a partition, and MUST be defined in the default
  namespace.

- Its access level must be "read', "write", or "deny".

- Granting an access level will apply to all peerings. This ACL rule
  cannot be used to selective grant access to some peerings but not
  others.

- If the peering rule is not specified, we fall back to the "operator"
  rule and then the default ACL rule.
2022-07-22 14:42:23 -06:00
NicoletaPopoviciu a3cdcf0c86
docs: Updates k8s annotation docs (#13809)
* Updates k8s annotation docs
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2022-07-22 13:26:31 -07:00
Sarah Alsmiller 082ad42ff4 add redirects 2022-07-22 14:20:27 -05:00
alex 927cee692b
peering: emit exported services count metric (#13811)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-22 12:05:08 -07:00
Matt Keeler 77917b6b5d
Rename some protobuf package names to be fqdn like (#13861)
These are used in various bits of the wire format (for gRPC) and internally with Go’s registry so we want to namespace things properly.
2022-07-22 14:59:34 -04:00
Thomas Eckert acf4758e12 Add options and examples to proxy read 2022-07-22 13:43:38 -04:00
Kyle Havlovitz 6e1dd05a19 Add changelog note 2022-07-22 10:33:50 -07:00
A.J. Sanon 90ae5ffd16
Add ECS audit logging docs (#13729) 2022-07-22 13:30:25 -04:00
Michael Klein bcbc36ecec
Improve peered service empty downstreams message (#13854) 2022-07-22 19:28:13 +02:00
Thomas Eckert 16c8563049 Add descriptions to the subjects 2022-07-22 12:14:01 -04:00
sarahalsmiller 355f6dbd48
Update website/content/docs/api-gateway/usage/basic-usage.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-22 09:45:00 -05:00
Daniel Upton a8df87f574 proxycfg-glue: server-local implementation of `ExportedPeeredServices`
This is the OSS portion of enterprise PR 2377.

Adds a server-local implementation of the proxycfg.ExportedPeeredServices
interface that sources data from a blocking query against the server's
state store.
2022-07-22 15:23:23 +01:00
Eric Haberkorn 501089292e
Add Cluster Peering Failover Support to Prepared Queries (#13835)
Add peering failover support to prepared queries
2022-07-22 09:14:43 -04:00
Sarah Alsmiller 2f8b0174b2 fix tabs 2022-07-21 17:38:57 -05:00
Sarah Alsmiller 596f421881 fix tabs 2022-07-21 17:21:22 -05:00
Sarah Alsmiller 7d66c77f9c fix tabs 2022-07-21 17:11:07 -05:00
Nitya Dhanushkodi f47319b7c6
update generate token endpoint to take external addresses (#13844)
Update generate token endpoint (rpc, http, and api module)

If ServerExternalAddresses are set, it will override any addresses gotten from the "consul" service, and be used in the token instead, and dialed by the dialer. This allows for setting up a load balancer for example, in front of the consul servers.
2022-07-21 14:56:11 -07:00
Sarah Alsmiller add15bec2e fix tabs 2022-07-21 16:54:03 -05:00
Thomas Eckert 73e8b3cc0d Add proxy list docs 2022-07-21 17:47:39 -04:00
Sarah Alsmiller b9501b5170 erge branch 'sa-restructure-documentation' of github.com:hashicorp/consul into sa-restructure-documentation 2022-07-21 15:13:00 -05:00
Sarah Alsmiller e0d38ea01e add consul k8s install instructions 2022-07-21 15:12:49 -05:00
sarahalsmiller c9f622de38
Update website/content/docs/api-gateway/configuration/gatewayclassconfig.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:59:14 -05:00
Sarah Alsmiller 63e806f993 Merge branch 'sa-restructure-documentation' of github.com:hashicorp/consul into sa-restructure-documentation 2022-07-21 14:54:04 -05:00
Sarah Alsmiller 20e97a7729 merge back in mike's environment doc in install 2022-07-21 14:53:55 -05:00
sarahalsmiller c54e0904de
Update website/content/docs/api-gateway/configuration/gateway.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:55 -05:00
sarahalsmiller 5d02480430
Update website/content/docs/api-gateway/configuration/gateway.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:47 -05:00
sarahalsmiller dfc9ae4a60
Update website/content/docs/api-gateway/configuration/gateway.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:34 -05:00
sarahalsmiller 9feb465f62
Update website/content/docs/api-gateway/configuration/gateway.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:25 -05:00
alex 58d66a002e
Merge pull request #13845 from hashicorp/acpana/peering-rename-oss
[SYNC] Rename peering internal to ~
2022-07-21 11:20:38 -07:00
acpana 12b773ab02
Rename peering internal to ~
sync ENT to 5679392c81

Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-21 10:51:05 -07:00
Luke Kysow 0c87be0845
peering: Add heartbeating to peering streams (#13806)
* Add heartbeating to peering streams
2022-07-21 10:03:27 -07:00
Chris Thain af40b9b144
Add Consul Lambda integration tests (#13770) 2022-07-21 09:54:56 -07:00