mirror of https://github.com/hashicorp/consul
Tree:
2d19cd5810
1.14.0-beta1
1.6.2
18831-backport1.14.10
18831-backport1.15.6
18831-backport1.16.2
404-checker-update
Amier3-patch-1
CC-5545/upgrade-hds-packages
CC-6363/downgrade-node-for-ci
CC-6363/downgrade-node-for-v-1-point-15
CC-7146/Sidebar-item-for-linking-status
CC-7146/convert-consul-hcp-to-a-simpler-component-for-some-upcoming-changes
CC-7146/hcp-link-item-in-the-nav-bar
CSLC-103-egress-gtwy-cert-tgtwy
CSLC-91-egress-connect-proxy
CSLC-91-egress-connect-proxy-2
CTIA-8-verify-builds-v2
FFMMM-patch-1
GH-migration-add-oss-ent-builder-logic
HCPCP-1619-unix-socket-host
NET-10248-consul-cross-namespace-requests-to-a-terminating-gateway-fail-with-no-healthy-upstream
NET-10288-Bump-go-to-resolve-CVE-2024-24791
NET-10290-Bump-envoy-to-resolve-CVE-2024-39305
NET-10719-fix-apigw-jwt-cluster-generation
NET-1530-set-envoy-ext-rate-limit-plugin
NET-1594-backport
NET-1594-backport-1.14.x
NET-1594-backport-1.15.x
NET-1643-66794-consul-version-in-prometheus-format-metrics-is-0
NET-1723/append-rules
NET-1728/remove-docs-with-token-param
NET-1805-cleanup-test-container-lib-basic-topology-single-dc
NET-1805-upgrade-test-grpc
NET-2029-Normalize-status-for-new-config-entry-types
NET-2063-Implementation-API-GW-Use-XDS-primitives-instead-of-Ingress-GW-primitives
NET-2088-upgrade-test-ingress-gateway
NET-3059/acl-agent-api
NET-3914-gha-change-upgrade-test-small-runner
NET-3914-gha-change-upgrade-test-small-runner-no-splitting
NET-3914-gha-resolve-the-issue-of-running-multiple-docker-container
NET-3914-gha-run-compat-tests-single-runner
NET-3914-gha-upgrade-test-single-runner
NET-4277
NET-4277-tests
NET-438/add-ent-version-suffix
NET-4558-Address-comments-for-PR-https-github.com-hashicorp-consul-pull-15235
NET-4924_update_readme
NET-5017-status-condition-fixes
NET-5084/TrafficPermission-WorkloadIdentity-protos
NET-5090/implicit-destinations
NET-5147-plumbing
NET-5327-consistency-docs
NET-581-Configure-Vault-namespaces-for-Connect-CA-via-Helm-Stanza
NET-5889-absl
NET-6313/resource-list-poc
NET-6354
NET-6416-meshgateway-acls
NET-6453/skip-traffic-permission-test-on-M1
NET-6469/add-custom-watch
NET-6608
NET-6820-Mesh-GW-Customize-mesh-gateway-proxy-limits
NET-6821-Host-Header-Rewrite
NET-685-rate-limiting-to-registering-imported-services
NET-7014-consul-Look-up-mesh-gateway-controlling-workload-instead-of-assuming-its-identity
NET-7376-consul-consul-k8s-Set-status-on-APIGateway-with-required-info-from-kubesig
NET-800-add-internal-endpoint-to-return-all-exported-services-to-a-given-peer
NET-801-add-internal-endpoint-to-return-peer-stream-health-from-peerstream-tracker
NET-818-server-cert
NET-8983/raft-version-bump
RELENG-305
RELTOOL-20
SECVULN-6892-word-wrap
SECVULN-8533-lodash-template
SECVULN-8621_consul_api_validate_request_content_type
SuyashHashiCorp-patch-1
SuyashHashiCorp-patch-1-1
SuyashHashiCorp-patch-2
a10-thunder-adc
aahel
acl/wait-for-token-replication-to-use-token
acpana/clean-peer-2
acpana/no-19-metrics
acpana/nonuser-peering-reg-3
acpana/peering-imported-counter
add-bind-type-policy
add-docs-for-anno
add-downstream-service-meta
add-linter-net-rpc-2-test
add-linter-net-rpc-r2
add-missing-consul-env-file
add-new-golden-file-tests
add-partitions-to-e2e-gateway-tests
add-patches
add-peering-changes
add-peering-commontopo-tests-ci-fiddling
add-ui-checker
add_build_ui
adds-helm-docs-update-from-1-4-2-consul-k8s
agent/tls-types
anita-upgrade-fix
ap/exports-docs
ap/main-docs
api-gateway-all-controllers
api-gateway-sds-fixes
api-gateway-ui
api-gw-docs-broken-link
apivalidateclusters
architecture-log
ariadne/hack/backend
art
artifact-manifest/main/smoothly-fresh-quagga
ashwin-michael/crd-auto-generation
b-ui/manual-backport-d3-color
b/scada-retry-disconnect
backend-changes-doesnt-run-frontend-task-on-ci-test
backport-1.16-fix-snapshot-test
backport-squashing-fix-for-namespaces
backport/1.11.x/11107
backport/1.13.x/api-gw-docs
backport/16955-transfer-leader/safely-positive-bobcat
backport/CC-7146/convert-consul-hcp-to-a-simpler-component-for-some-upcoming-changes/barely-trusting-yeti
backport/CE-564-external-services-crd/carefully-generous-kodiak
backport/CE-572-file-system-certificate/slowly-pure-herring
backport/CE-577-release-notes/namely-fleet-lionfish
backport/CI-upload-upgrade-test-to-datadog/incredibly-helping-pig
backport/CTIA-5-gh-12578-endpoint-returns-500-instead-of-404/merely-optimum-wahoo
backport/CTIA-5-gh-12578-endpoint-returns-500-instead-of-404/partly-liberal-bluegill
backport/CTIA-5-gh-12578-endpoint-returns-500-instead-of-404/reliably-dear-hen
backport/NET-10288-Bump-go-to-resolve-CVE-2024-24791/wrongly-optimal-lamprey
backport/NET-1521/conversely-romantic-dodo
backport/NET-2292-upgrade-port-http/initially-innocent-dodo
backport/NET-3474/start-reporting-agent/slowly-inviting-whippet
backport/NET-3476/add-reporting-config/quickly-talented-wildcat
backport/NET-3860/moderately-awake-grouse
backport/NET-3860/namely-curious-iguana
backport/NET-3860/uniformly-funny-pug
backport/NET-3893/container-logs/intensely-nice-boar
backport/NET-3893/container-logs/obviously-primary-sawfly
backport/NET-3914-fix-container-test-slow-image-build/sharply-game-mastiff
backport/NET-4135/fairly-stable-lamb
backport/NET-4135/marginally-ultimate-sculpin
backport/NET-4519/annually-huge-filly
backport/NET-4519/deadly-precise-jawfish
backport/NET-4519/heavily-equal-spaniel
backport/NET-5611_fix_trigger_ci/simply-relevant-foal
backport/NET-5688-gwui-fixes/mentally-superb-prawn
backport/NET-5688-gwui-fixes/noticeably-easy-magpie
backport/NET-8717-Vulnerabilities-in-consul-enterprise-d3-color/accurately-normal-snipe
backport/RELPLAT-897-copywrite-bot-workarounds/likely-content-goshawk
backport/RELPLAT-980-license-file-updates/vertically-modern-dogfish
backport/SECVULN-8633-TOB-CONSUL24-17-Consul-configuration-allows-repeated-keys/publicly-deciding-hookworm
backport/Suppress-CVE-2024-8096/gradually-brave-ewe
backport/Suppress-CVE-2024-8096/quietly-brief-koala
backport/add-ent-and-ce-frontend-test-runs-to-pr/morally-sure-fowl
backport/add-ent-and-ce-frontend-test-runs-to-pr/painfully-outgoing-drum
backport/add-ent-and-ce-frontend-test-runs-to-pr/similarly-new-sloth
backport/add-query-for-namespace-lookup-when-creating-services
backport/add-release-config-key/gradually-wanted-trout
backport/add-release-config-key/lightly-sterling-mongrel
backport/add-release-config-key/mentally-equal-wallaby
backport/add-tests-for-gw-proxy-controller/loosely-primary-crane
backport/am-ak-patch-1/really-stirring-flounder
backport/api-gateway-install-redirrects/wholly-one-sunbird
backport/asheshvidyut/NET-3865/gratefully-apt-haddock
backport/ashwin/cluster-peering-helm-docs/curiously-legible-drum
backport/ashwin/envoy-readiness/cleanly-supreme-poodle
backport/ashwin/envoy-readiness/visually-warm-sunfish
backport/ashwin/generate-proto-deep-copy-json-marshal/naturally-exotic-anemone
backport/ashwin/peer-count-metric/greatly-many-chimp
backport/ashwin/recreate-token-docs/virtually-new-koi
backport/ashwin/use-prxoy-health-docs/uniformly-new-cattle
backport/backport/remove-CONSUL_HCP_LINK_ENABLED-flag/scarcely-precise-silkworm-manual
backport/brk.chore/remove-link-format-check/promptly-aware-garfish
backport/brk.fix/update-links-for-developer/reasonably-choice-vulture
backport/broken_links/evidently-improved-starfish
backport/broken_links/lately-faithful-falcon
backport/broken_links/regularly-living-monitor
backport/catalog-deregistration-fix/grossly-lenient-treefrog
backport/catalog-deregistration-fix/optionally-blessed-cockatoo
backport/cc-4361/hcp-metrics-bootstrap-config/manually-composed-snail
backport/cc-4519-collect-node-id/brightly-sharp-akita
backport/cc-4519-collect-node-id/suitably-funky-warthog
backport/cc-4716-link-existing-clusters/hopelessly-full-koi
backport/cc-4716-link-existing-clusters/slightly-on-wren
backport/cc-4929-cap-socket-path/horribly-sunny-airedale
backport/cc-4960/hcp-telemetry-periodic-refresh/namely-joint-tarpon
backport/cc-4960/hcp-telemetry-periodic-refresh/quietly-splendid-leech
backport/cc-4960/move-first-fetch-into-provider/informally-exciting-blowfish
backport/cc-4960/move-first-fetch-into-provider/rapidly-climbing-airedale
backport/cc-4960/move-first-fetch-into-provider/separately-nearby-seagull
backport/cc-7147-link-to-hcp-modal/kindly-verified-snipe
backport/chore-fix-module-name/fully-giving-hagfish
backport/ci-remove-duplicate-test/actually-sensible-swine
backport/compliance/license-changes/vigorously-holy-escargot
backport/consul-collector-reduce-flush-intervals/externally-natural-pangolin
backport/consul-collector-reduce-flush-intervals/likely-loved-hog
backport/consul-er-add-service-discovery-seo-doc/notably-social-koala
backport/consul-k8s-docs-typo/firstly-present-hawk
backport/consul-k8s-docs-typo/largely-liked-badger
backport/correct-redhat-tags/humbly-central-cricket
backport/correct-redhat-tags/promptly-intense-dodo
backport/correct-redhat-tags/sadly-deep-tiger
backport/cp_NET-3684/mentally-fit-squirrel
backport/cthain/net-5807/vault-ca-namespace-config/heavily-rested-donkey
backport/cthain/net-5807/vault-ca-namespace-config/miserably-factual-blowfish
backport/danielehc-fix-filter-links/cleanly-humble-mole
backport/danielehc-fix-filter-links/vaguely-welcome-jawfish
backport/dans/NET-1757/access-logs-docs/only-definite-polecat
backport/dans/NET-3917/default-0s-initial_fetch_timeout/fairly-fluent-drake
backport/dans/NET-6796/dns-v2-catalog-v2-ns-soa/mostly-real-ibex
backport/dans/fix-snapshot-save-test/partly-sweeping-mollusk
backport/dans/fix-snapshot-save-test/vaguely-solid-sheepdog
backport/dans/fix-snapshot-save-test/willingly-golden-leopard
backport/david-yu-admin-partitions/deeply-fair-quagga
backport/david-yu-admin-partitions/eminently-awaited-porpoise
backport/david-yu-admin-partitions/gradually-open-octopus
backport/david-yu-admin-partitions/jointly-ready-mole
backport/david-yu-admin-partitions/officially-charming-orca
backport/david-yu-admin-partitions/typically-fast-shark
backport/david-yu-agent-latency-requirements/severely-ready-raccoon
backport/david-yu-build-dockerfile/mutually-assuring-albacore
backport/david-yu-cleanup-1-18/distinctly-stirring-catfish
backport/david-yu-docs-cluster-peering/poorly-flying-leopard
backport/david-yu-enterprise-image/noticeably-brave-man
backport/david-yu-enterprise-image/wholly-welcome-platypus
backport/david-yu-gke-autopilot/internally-sharp-thrush
backport/david-yu-gke-autopilot/recently-driving-dingo
backport/david-yu-k8s-install-helm/normally-cool-fish
backport/david-yu-k8s-install-helm/notably-thorough-crow
backport/david-yu-k8s-install-helm/trivially-intimate-aardvark
backport/david-yu-log-level-error/lightly-polite-porpoise
backport/david-yu-log-level-error/quickly-helping-ghoul
backport/david-yu-patch-2/correctly-eternal-hamster
backport/david-yu-patch-2/nominally-viable-squirrel
backport/david-yu-patch-3/informally-factual-colt
backport/david-yu-ubi/curiously-cunning-meerkat
backport/david-yu-ubi/publicly-loving-bluejay
backport/david-yu-ubi/secretly-balanced-rodent
backport/derekm/NET-3007/fix-peer-stream-cleanup/friendly-caring-krill
backport/derekm/NET-3881/health-call-loop-entfix/possibly-safe-swan
backport/derekm/NET-3881/health-call-loop/trivially-dashing-ox
backport/derekm/NET-4958/missing-endpoints/unlikely-positive-wildcat
backport/derekm/NET-7652/broadly-regular-firefly
backport/derekm/NET-7652/freely-peaceful-kit
backport/derekm/fix-cicd-docker-pull/steadily-evolved-kitten
backport/derekm/grpc-server-keepalive/gladly-popular-cod
backport/dev-image-publishing/willingly-literate-stag
backport/dev-portal/largely-exact-worm
backport/dev-portal/thoroughly-enabling-kid
backport/dhiaayachi/fix_panic_policy_delete/logically-amazed-crow
backport/dhiaayachi/fix_panic_policy_delete/publicly-pumped-tadpole
backport/dhiaayachi/raft-wal-0.4.1/sadly-super-monarch
backport/disable_envoy_check/closely-liberal-monkfish
backport/disable_envoy_check/mistakenly-mighty-glider
backport/dns-parititon-docs/certainly-real-vulture
backport/doc-v2-traffic-permission/jointly-top-ant
backport/docs-nomad-ent/cheaply-guiding-sloth
backport/docs-nomad-ent/only-touched-mutt
backport/docs-nomad-ent/scarcely-thorough-anteater
backport/docs/1-10-upgrade-compatibility-clarification/distinctly-relaxing-snail
backport/docs/1-10-upgrade-compatibility-clarification/gradually-united-polecat
backport/docs/1-17-release-notes/friendly-smiling-sailfish
backport/docs/1-19-release-notes-fix/factually-evolving-koala
backport/docs/CE-749-remove-references-from-consul/humbly-leading-emu
backport/docs/add-rate-limit-ops-diagram/widely-alive-mallard
backport/docs/add-redirects-1.8-conf-entries/factually-relieved-flounder
backport/docs/add-redirects-1.8-conf-entries/freely-grateful-camel
backport/docs/add-redirects-1.8-conf-entries/illegally-driving-fawn
backport/docs/add-redirects-1.8-conf-entries/pleasantly-cunning-pig
backport/docs/added-1.17-features-to-enterprise-overview
backport/docs/added-redirects-for-conf-entries
backport/docs/added-redirects-for-conf-entries-1.13.x
backport/docs/added-redirects-for-conf-entries-1.14.x
backport/docs/address-multicluster-singledc-docs/hopefully-set-mallard
backport/docs/admin-partitions-114-update/correctly-enough-shad
backport/docs/admin-partitions-link-k8s/trivially-excited-jaybird
backport/docs/admin-partitions-node-scope/forcibly-bursting-kid
backport/docs/amb.migrate-link-formats/adversely-helping-troll
backport/docs/amb.migrate-link-formats/jointly-renewed-dolphin
backport/docs/amb.migrate-link-formats/thoroughly-obliging-trout
backport/docs/amb.migrate-link-formats/truly-supreme-hagfish
backport/docs/amb.migrate-link-formats/usually-sweeping-panda
backport/docs/api-gw-k8s-add-upgrade-step-1.16/fully-suited-cattle
backport/docs/apigee-backports/deeply-active-jackal
backport/docs/auto-cert-1-13-2/constantly-above-turtle
backport/docs/blake/fix-spelling-errors-aug23/partially-equal-haddock
backport/docs/capigw-0.3/carefully-sharp-rattler
backport/docs/capigw-0.3/correctly-peaceful-muskrat
backport/docs/capigw-tech-spec-update/explicitly-renewing-badger
backport/docs/capigw-tech-spec-update/formerly-awaited-elf
backport/docs/capigw-typos-usage/socially-needed-dodo
backport/docs/ce-514-envoy-constraints/publicly-modern-sturgeon
backport/docs/change-backendRefs-api-group/largely-working-woodcock
backport/docs/clarify-connect-language-2/humbly-native-spaniel
backport/docs/clarify-license-behavior-on-restart/morally-ready-monkey
backport/docs/clarify-snapshot-restore-version-restriction/blindly-sure-buffalo
backport/docs/clarify-snapshot-restore-version-restriction/firstly-endless-eagle
backport/docs/clarify-vault-ca-provider-permissions-needed/optionally-hardy-emu
backport/docs/cluster-peering-parameter-fixes/yearly-flowing-arachnid
backport/docs/common-errors/amazingly-golden-pony
backport/docs/config-enable-debug/broadly-loving-tomcat
backport/docs/config-enable-debug/conversely-positive-goblin
backport/docs/config-enable-debug/endlessly-probable-manatee
backport/docs/config-enable-debug/willingly-master-sloth
backport/docs/consistency-mode-improvements/annually-united-iguana
backport/docs/consistency-mode-improvements/implicitly-smart-jaguar
backport/docs/consistency-mode-improvements/mildly-wanted-slug
backport/docs/consistency-mode-improvements/nationally-key-swan
backport/docs/consistency-mode-improvements/slowly-mint-bull
backport/docs/consistency-mode-improvements/willingly-sterling-bluegill
backport/docs/correct-1.10.x-upgrade-path/hardly-ultimate-leopard
backport/docs/crossref-maint-mode-from-health-checks/explicitly-renewed-owl
backport/docs/deemphasize-token-query-param/reasonably-amusing-impala
backport/docs/dyu-compat-matrix/positively-funky-dory
backport/docs/enterprise-feature-table/recently-upright-lemur
backport/docs/external-crd-fix/accurately-talented-cobra
backport/docs/fips-cluster-peering/repeatedly-evolved-stallion
backport/docs/fix-api-landing-page-typos/curiously-eminent-quail
backport/docs/fix-bad-links-service-defaults-ref/evenly-causal-buzzard
backport/docs/fix-bad-links-service-defaults-ref/hardly-related-llama
backport/docs/fix-bad-links-service-defaults-ref/supposedly-selected-arachnid
backport/docs/fix-broken-links-8-18/cleanly-wired-honeybee
backport/docs/fix-broken-links-8-18/conversely-gentle-swan
backport/docs/fix-consul-ecs-tf-path/cleanly-happy-newt
backport/docs/fix-k8s-crd-example-configs/naturally-capital-bobcat
backport/docs/fix-k8s-crd-example-configs/seriously-real-cricket
backport/docs/fix-node-lookup-by-removing-tag/moderately-brave-barnacle
backport/docs/flag-ent-features-1.17/marginally-stirred-crappie
backport/docs/fox-peering-metrics-labels-table/conversely-capital-yak
backport/docs/fox-peering-metrics-labels-table/quietly-ready-louse
backport/docs/initial-multiport-fixes/constantly-thorough-pheasant
backport/docs/invoke-services-from-lambda/severely-useful-katydid
backport/docs/invoke-services-from-lambda/vigorously-generous-treefrog
backport/docs/jwt-auth-fixes/poorly-suited-pelican
backport/docs/k8s-1-14-releasenotes/widely-organic-wahoo
backport/docs/k8s-acl-fix/repeatedly-solid-cricket
backport/docs/k8s-federation-requirements/constantly-vocal-cougar
backport/docs/k8s-federation-requirements/finally-lenient-cub
backport/docs/k8s-federation-requirements/friendly-prompt-jay
backport/docs/k8s-federation-requirements/rapidly-resolved-doberman
backport/docs/k8s-federation-requirements/surely-eminent-tomcat
backport/docs/k8s-tgw-tutorial-role-id-fix/duly-known-shad
backport/docs/k8s-tgw-tutorial-role-id-fix/seemingly-social-chow
backport/docs/k8s-tgw-tutorial-role-id-fix/severely-innocent-mosquito
backport/docs/lkysow/prepare-dataplane-upgrade/deeply-joint-herring
backport/docs/lkysow/verify-outgoing/luckily-viable-anchovy
backport/docs/lkysow/verify-outgoing/sincerely-expert-buck
backport/docs/lkysow/verify-outgoing/strictly-well-sheepdog
backport/docs/manage-traffic-link-fix/hardly-together-salmon
backport/docs/mgw-primary-upgrade/poorly-sincere-rattler
backport/docs/multi-port-v1-17-ga/hopelessly-premium-ostrich
backport/docs/multiport-hcp-update/seemingly-valid-jaybird
backport/docs/new-vault-connect-ca-permissions-needed/happily-knowing-sponge
backport/docs/new-vault-connect-ca-permissions-needed/miserably-fun-drum
backport/docs/note-about-connect-service-upstream-env-var/certainly-helped-horse
backport/docs/note-about-connect-service-upstream-env-var/lively-exciting-reptile
backport/docs/nrichu-hcp-doc-patch/jolly-poetic-rat
backport/docs/page-descs-for-CLI/early-ample-basilisk
backport/docs/page-descs-for-CLI/implicitly-precious-calf
backport/docs/patch-release/constantly-teaching-giraffe
backport/docs/peering-api-update/amazingly-chief-mosquito
backport/docs/redirect-acl-system-page/rapidly-awaited-bluegill
backport/docs/redirect-acl-system-page/similarly-smiling-kodiak
backport/docs/remove-comparisons-from-ref-docs/definitely-direct-hyena
backport/docs/remove-empty-codeblockconfig-elements/daily-viable-oryx
backport/docs/remove-empty-codeblockconfig-elements/severely-merry-newt
backport/docs/restore-missing-config-content/curiously-evolving-snail
backport/docs/restore-missing-config-content/eminently-definite-tick
backport/docs/scale-typo/early-set-drum
backport/docs/scale-typo/mostly-verified-werewolf
backport/docs/search-metadata-headers/supposedly-eternal-ox
backport/docs/single-dc-multi-k8s/weekly-humorous-cricket
backport/docs/tutorial-refresh-support/mostly-settled-alien
backport/docs/tutorial-refresh-support/yearly-integral-clam
backport/docs/update-acl-docs/locally-happy-wasp
backport/docs/update-acl-docs/publicly-up-pony
backport/docs/update-consul-k8s-nginx-ingress-controller-example/sadly-inviting-pika
backport/docs/uri-decode-resource-names-for-http-api/early-neat-pipefish
backport/docs/uri-decode-resource-names-for-http-api/fairly-busy-mouse
backport/docs/use_values_yaml_everywhere/broadly-pro-possum
backport/docs/use_values_yaml_everywhere/clearly-frank-bonefish
backport/docs/wal-fix/certainly-romantic-parrot
backport/docs/what-is-consul-devdot-update/mutually-pleasing-insect
backport/docs_discovery_typo/jointly-happy-crane
backport/docs_update_helm_docs_vault_synccatalog/fairly-saved-filly
backport/dstough/GH-12628-multiple-https-ingress-services/distinctly-charming-stork
backport/dstough/GH-12628-multiple-https-ingress-services/yearly-accepted-pipefish
backport/dstough/add-noop-jobs-for-branch-protect/formerly-moving-monkey
backport/dstough/add-noop-jobs-for-branch-protect/uniformly-ideal-stallion
backport/dstough/add-noop-jobs-for-branch-protect/wildly-tight-ladybird
backport/dstough/fix-metrics-false-positive/ghastly-up-mole
backport/dstough/fix-metrics-false-positive/implicitly-integral-leech
backport/dyu/dns-port/manually-light-ant
backport/dyu/dns-port/typically-creative-hermit
backport/dyu/gh-pr-workflow/definitely-relaxed-mollusk
backport/dyu/jobs-pr-feedback/mildly-immune-hyena
backport/dyu/jobs-pr-feedback/presumably-composed-wildcat
backport/dyu/multi-port/greatly-musical-lab
backport/dyu/network-segments/loudly-tops-tadpole
backport/dyu/network-segments/specially-prepared-mammoth
backport/dyu/readme/globally-concise-oarfish
backport/dyu/ubi/carefully-funky-bonefish
backport/dyu/ubi/completely-neat-cobra
backport/dyu/ubi/finally-growing-grub
backport/dyu/ubi/optionally-content-bug
backport/dyu/ubi/ultimately-singular-leech
backport/eculver/fix-pkg-name/firmly-holy-sole
backport/eculver/fix-pkg-name/mainly-modern-elk
backport/eculver/update-nomad-integ-tests/needlessly-saved-collie
backport/eculver/update-nomad-integ-tests/nicely-fresh-bullfrog
backport/ent-port-upgrade-tests-flatten/early-precious-treefrog
backport/envoy-bootstrap-log-fix/infinitely-communal-midge
backport/envoy-bootstrap-logging/enormously-outgoing-martin
backport/exported_services_cli_and_docs/rc1
backport/f/metrics-collector-rename/achooo
backport/f/metrics-collector-rename/highly-clean-elf
backport/feature/hcp-telemetry/personally-central-caribou
backport/file-system-certificate/formally-top-minnow
backport/fix-changelog-check/blindly-pumped-shrimp
backport/fix-changelog/nearly-grown-kangaroo
backport/fix-doc/physically-growing-doberman
backport/fix-ent-merge/enormously-close-sculpin
backport/fix-error-msg-fmt/normally-allowed-redbird
backport/fix-flaky-integ-test-ingress/commonly-strong-cow
backport/fix-flaky-integ-test-ingress/noticeably-unified-dane
backport/fix-flaky-integ-test-ingress/preferably-feasible-rattler
backport/fix-gRPC-limit-peering/especially-premium-asp
backport/fix-home-link/wholly-regular-bengal
backport/fix-integ-flakiness/accurately-cunning-cardinal
backport/fix-integ-flakiness/precisely-simple-quagga
backport/fix-issuer-growing-list-maybe-from-vault/barely-still-aardvark
backport/fix-issuer-growing-list-maybe-from-vault/blindly-adequate-bluebird
backport/fix-issuer-growing-list-maybe-from-vault/uniquely-master-falcon
backport/fix-merge-config-entry/badly-eternal-bonefish
backport/fix-merge-config-entry/carefully-open-stingray
backport/fix-role-linked-token-list/blindly-trusted-glowworm
backport/fix-submat-view-bug/physically-stirring-zebra
backport/fix-unremoved-service-mesh-gateway/primarily-growing-wren
backport/fix_altdomain_dcname_overlap/loudly-definite-dingo
backport/fix_altdomain_dcname_overlap/mistakenly-ready-hog
backport/fix_altdomain_dcname_overlap/thoroughly-daring-mule
backport/fix_docs_conflict_leftovers/highly-sweet-whale
backport/gateway-upstream-disambiguation-ce/strictly-pleasant-mule
backport/gh-13169-show-leader-metrics/fairly-worthy-redbird
backport/gh-13169-show-leader-metrics/formally-pleasing-pigeon
backport/gh-13169-show-leader-metrics/inherently-wealthy-lab
backport/gh-13169-show-leader-metrics/legally-winning-joey
backport/gh-14341-txn-struct/randomly-noted-piglet
backport/gh-17320-update-metrics-doc/probably-promoted-lynx
backport/gh-18152-members-filter-dc/firstly-ideal-maggot
backport/gha-concurrency/finally-exciting-filly
backport/gha-concurrency/honestly-live-sailfish
backport/gha-concurrency/largely-gentle-crab
backport/gha-concurrency/mildly-great-unicorn
backport/hans/add_new_field_to_bootstrap_config_and_push_state/primarily-sweeping-tapir
backport/hans/add_new_field_to_bootstrap_config_and_push_state/sadly-eminent-man
backport/import-filter
backport/import-filter-v2
backport/improve_ci_run_time/miserably-glowing-boa
backport/integ-test-upgrade-test/truly-becoming-mule
backport/integ-test-use-asserter/internally-cheerful-mullet
backport/ishustava/1.14-agentless-docs-updates/internally-star-beetle
backport/ishustava/NET-3995-computed-proxy-config/slightly-cheerful-kangaroo
backport/ishustava/NET-5377-sidecar-proxy-ctrl-improvements/oddly-talented-sole
backport/issue-17886-expose-certs/definitely-wise-sturgeon
backport/jer/cc6039-policy-desc/adversely-sought-ladybird
backport/jer/cc6039-policy-desc/multiply-native-bird
backport/jer/ccm-read-only/lightly-worthy-sawfish
backport/jer/ccm-read-only/unlikely-glad-snapper
backport/jer/cloud-docs/briefly-adequate-filly
backport/jer/cloud-docs/gratefully-stunning-frog
backport/jjti/fix-hcp-client-logs/commonly-desired-antelope
backport/jjti/fix-hcp-client-logs/evenly-clean-slug
backport/jjti/fix-hcp-client-logs/happily-charmed-jawfish
backport/jjti/fix-hcp-client-logs/infinitely-decent-ibex
backport/jjti/fix-hcp-client-logs/presently-free-roughy
backport/jjti/fix-hcp-client-logs/visually-secure-spaniel
backport/jjti/fix-hcp-export-logger/intensely-growing-horse
backport/jjtimmons/reduce-export-freq/hardly-generous-martin
backport/jjtimmons/reduce-export-freq/safely-frank-mudfish
backport/jkirschner-hashicorp-patch-1/reasonably-devoted-pheasant
backport/jkirschner-hashicorp-patch-3/seriously-living-squirrel
backport/jm/0.44.0/wholly-saving-flea
backport/jm/3372/freely-intimate-gannet
backport/jm/3372/freely-singular-dingo
backport/jm/NET-3692/strangely-solid-owl
backport/jm/NET-5397/violently-choice-perch
backport/jm/NET-6081/equally-complete-thrush
backport/jm/NET-6944/clearly-winning-fly
backport/jm/NET-6944/subtly-adequate-gopher
backport/jm/NET-7025/commonly-saved-glowworm
backport/jm/NET-7025/implicitly-optimal-drum
backport/jm/NET-7025/pleasantly-balanced-sole
backport/jm/ba/sadly-tolerant-wombat
backport/jm/ba/usually-promoted-tapir
backport/jm/deep-copy-lint-enums/gladly-fine-pegasus
backport/jm/endpoint-result/yearly-better-sunfish
backport/jm/go-tests-notify-3/allegedly-trusting-moose
backport/jm/go-tests-notify-3/genuinely-pumped-glowworm
backport/jm/go-tests-notify-3/luckily-tough-platypus
backport/jm/go-tests-notify-3/nicely-electric-calf
backport/jm/local-app-protocol-test/hardly-noble-aardvark
backport/jm/macos-arm64/actively-improved-dinosaur
backport/jm/no-parallel-dns-tests/sharply-true-tetra
backport/jm/no-parallel-dns-tests/tightly-liberal-emu
backport/jm/no-parallel-dns-tests/ultimately-accurate-sponge
backport/jm/no-parallel-dns-tests/willingly-adjusted-mallard
backport/jm/remove-compat-test-splitting/honestly-outgoing-calf
backport/jm/remove-compat-test-splitting/rationally-wondrous-krill
backport/jm/remove-tests-skipping/finally-romantic-anteater
backport/jm/remove-tests-skipping/physically-enough-molly
backport/jm/remove-tests-skipping/typically-credible-bug
backport/jm/rmv-test-integrations/probably-topical-shrimp
backport/jm/test-integrations/clearly-curious-liger
backport/jm/ui-main/openly-ace-mole
backport/jm/vault-docs-redesign/indirectly-logical-monitor
backport/jm96441n/normalize-status-conditions/implicitly-mighty-racer
backport/jwt-warning-docs/completely-poetic-herring
backport/jwt-warning-docs/uniquely-organic-muskox
backport/kisunji/NET-4766-vault-ca-bug-fix/inherently-harmless-louse
backport/kisunji/NET-4766-vault-ca-bug-fix/really-leading-tick
backport/kisunji/NET-4766-vault-ca-bug-fix/secondly-first-mullet
backport/kisunji/cleanup-resources/secondly-devoted-longhorn
backport/kisunji/cleanup-resources/solely-moved-dodo
backport/kisunji/controller-test-fix/internally-artistic-buzzard
backport/kisunji/ent-label-ratelimit/normally-casual-sparrow
backport/kisunji/fix-flakes/firstly-desired-dove
backport/kisunji/fix-flakes/formally-giving-goldfish
backport/kisunji/fix-flakes/honestly-bright-dove
backport/kisunji/fix-permissive-envoy-ext/lately-ideal-calf
backport/kisunji/fix-permissive-envoy-ext/unduly-set-ram
backport/kisunji/fix-test/admittedly-valid-ray
backport/kisunji/fix-test/blatantly-prime-loon
backport/kisunji/fix-test/entirely-major-chigger
backport/kisunji/nomad-docs/hugely-concise-crawdad
backport/kisunji/nomad-docs/weekly-hip-starling
backport/kisunji/peering-tproxy-docs/truly-dominant-sawfly
backport/kisunji/update-hcp-scada-provider/socially-wise-silkworm
backport/kisunji/vault-ca-clean-unused-issuers/curiously-neat-tarpon
backport/kisunji/vault-ca-clean-unused-issuers/hugely-eminent-monster
backport/kisunji/vault-ca-clean-unused-issuers/rapidly-smart-sunbird
backport/kisunji/vault-ca-fixes/awfully-smooth-katydid
backport/kisunji/vault-ca-fixes/fully-electric-phoenix
backport/krastin/docs/improve-license/mostly-polite-turtle
backport/krastin/vault-for-consul/clearly-main-molly
backport/krastin/vault-for-consul/factually-enough-buck
backport/krastin/vault-for-consul/indirectly-mint-bison
backport/krastin/vault-for-consul/noticeably-awaited-chamois
backport/krastin/vault-for-consul/thankfully-big-condor
backport/krastin/website/telemetry-labels/duly-firm-toucan
backport/licensing-exp-v2-docs/optionally-allowed-whippet
backport/link-to-hcp-modal-error-when-acls-disabled/severely-cool-sparrow
backport/lorna/cc-6925/hcp-tls/immensely-dear-grouper
backport/lorna/cc-6925/hcp-tls/monthly-correct-buck
backport/loshz-patch-1/friendly-touched-killdeer
backport/loshz/NET-3029-fix/constantly-romantic-fox
backport/loshz/NET-3029-fix/radically-relaxing-robin
backport/ma/vault-namespace-intermediate-provider-v2/positively-unified-aardvark
backport/ma/x-forwarded-client-cert-docs-fix/extremely-definite-shark
backport/ma/x-forwarded-client-cert-docs-fix/repeatedly-fluent-filly
backport/main/strangely-tops-wombat
backport/malizz-validate-name-on-dlt-proxy-defaults/seriously-eager-werewolf
backport/mixed-service-topology/accurately-nearby-falcon
backport/mixed-service-topology/physically-large-griffon
backport/more-xds-races-and-panics/visually-tidy-crow
backport/natemollica-nm-server-workload-telemetry-update/apparently-immune-oriole
backport/natemollica-nm-server-workload-telemetry-update/hopelessly-modest-lark
backport/natemollica-nm-server-workload-telemetry-update/secondly-massive-kiwi
backport/nathancoleman-patch-1/badly-pro-pug
backport/nathancoleman-patch-1/distinctly-growing-parakeet
backport/nathancoleman-patch-1/ghastly-endless-lioness
backport/nathancoleman-patch-1/instantly-premium-sturgeon
backport/nathancoleman-patch-1/lightly-intimate-labrador
backport/nd/net-4931-l7/endlessly-intimate-reindeer
backport/net-4786/mesh-strict-dns/conversely-climbing-aphid
backport/net-bind-service/evenly-sharp-hornet
backport/nfi-net5476-nightly-peering-integ/horribly-enough-piranha
backport/nia/beta-docs-0.6.0/actively-tidy-mantis
backport/nia/beta-docs-0.6.0/evenly-humble-ray
backport/nia/docs-0.7.0/rarely-dear-finch
backport/nicoleta-k8s-annotations/shortly-rested-duckling
backport/nightly-slack-notification/daily-rich-wren
backport/nightly-slack-notification/legally-smart-terrier
backport/operator-usage-docs/definitely-curious-gecko
backport/partition-cli-acl-info-and-api-crossref/hopefully-able-urchin
backport/patch-1/actually-sharing-chigger
backport/patch-1/arguably-special-marlin
backport/patch-1/briefly-merry-mantis
backport/patch-1/correctly-cheerful-anchovy
backport/patch-1/easily-cheerful-dingo
backport/patch-1/forcibly-shining-javelin
backport/patch-1/formally-happy-dane
backport/patch-1/humbly-helpful-poodle
backport/patch-1/legally-massive-flounder
backport/patch-1/likely-next-halibut
backport/patch-1/loudly-up-hippo
backport/patch-1/noticeably-desired-seal
backport/patch-1/primarily-infinite-asp
backport/patch-1/properly-polished-condor
backport/patch-1/severely-ruling-mouse
backport/patch-1/socially-better-stork
backport/patch-1/tightly-endless-javelin
backport/patch-1/verbally-glad-killdeer
backport/peering/re-establish-terminated/immensely-active-beetle
backport/peering/term-delete/thoroughly-tough-snipe
backport/proxy-register-port-race-2/deeply-warm-man
backport/proxy-register-port-race-2/hugely-whole-hippo
backport/raft-1.5.0-pipeline-fix/extremely-eager-chamois
backport/raft-fix-nonvoter/evenly-pro-cod
backport/rboyer/deployer-makefile/early-steady-sloth
backport/rboyer/fix-drift/singularly-glad-locust
backport/rboyer/fix-manual-vip-writes/jointly-sweet-dingo
backport/release/1.18.0-followup
backport/releng/remove-duplicate-ubi/mainly-sterling-bulldog
backport/releng/remove-duplicate-ubi/singularly-leading-finch
backport/remove-CONSUL_HCP_LINK_ENABLED-flag/scarcely-precise-silkworm
backport/remove-unused-are-hosts-set-check/loudly-sweet-dingo
backport/revert-17166-jm/remove-compat-test-splitting/reliably-lenient-roughy
backport/ronald/fix-docs-typo/uniformly-teaching-martin
backport/sarahalsmiller-timeoutbehaviormutation/only-native-cow
backport/security-coredns-fix/1.15.x
backport/security-coredns-fix/1.16.x
backport/security-coredns-fix/1.17.x
backport/set-product-version/enormously-glad-titmouse
backport/set-product-version/infinitely-awaited-halibut
backport/set-product-version/instantly-direct-kitten
backport/spatel/NET-1646-add-max-ejection-percent/rarely-working-guinea
backport/spatel/busl-2024/correctly-picked-buffalo
backport/spatel/busl-2024/entirely-closing-dove
backport/spatel/busl-2024/namely-saved-squid
backport/spatel/emit-consul-version-periodically/kindly-close-wasp
backport/spatel/emit-consul-version-periodically/mentally-choice-bug
backport/spatel/list-default-peername/endlessly-moral-krill
backport/spatel/oss_to_ce/highly-moral-spider
backport/spatel/oss_to_ce/mentally-well-moccasin
backport/spatel/oss_to_ce/obviously-proud-fish
backport/support-fossa-scanning/actually-nearby-bream
backport/support-fossa-scanning/allegedly-fleet-donkey
backport/support-fossa-scanning/externally-darling-dane
backport/support-fossa-scanning/separately-exact-marlin
backport/tauhid621/exported_services_api_grpc/literally-cuddly-gecko
backport/tauhid621_exported_services_docs_and_cli/normally-positive-lionfish
backport/tauhid621_exported_services_docs_and_cli/specially-blessed-longhorn
backport/test_skip_ci/literally-cuddly-woodcock
backport/test_skip_ci/usually-glowing-fowl
backport/test_skip_ci/widely-normal-platypus
backport/tgate-http2-upstream/merely-civil-mouse
backport/troubleshoot-ports
backport/ui/CC-7062-get-back-metrics-test-with-updated-selector-upd/broadly-diverse-bear
backport/ui/NET-438-add-ent-version-suffix/actively-faithful-walleye
backport/ui/NET-438-add-ent-version-suffix/privately-inspired-escargot
backport/ui/bug/fix#18406/promptly-choice-goose
backport/ui/bug/fix#18406/roughly-credible-llama
backport/ui/bugfix/icon-tweaks/wrongly-quick-sunbird
backport/ui/feature/hcp/absolutely-mighty-mastiff
backport/ui/feature/make-global-read-only-policy-non-editable/frequently-crack-mouse
backport/ui/feature/make-global-read-only-policy-non-editable/infinitely-related-hornet
backport/ui/feature/make-global-read-only-policy-non-editable/instantly-hardy-chamois
backport/update-apigw-version/annually-renewing-whippet
backport/update-apigw-version/commonly-noted-vervet
backport/update-docs-for-splitting/primarily-smashing-halibut
backport/update-e2e-tests-for-namespaces/wholly-daring-porpoise
backport/update-ent-license-link/exactly-bold-hyena
backport/update-envoy/merely-stunning-doberman
backport/update-exported-services-compat-triggers/immensely-humble-labrador
backport/update_docs_multicluster_k8s/admittedly-decent-grubworm
backport/update_docs_multicluster_k8s/hideously-epic-tiger
backport/upgrade-test-targetImage/enormously-endless-bluegill
backport/upgrade-test-targetImage/generally-guiding-horse
backport/upgrade-testcontainer-version/pleasantly-moved-penguin
backport/upgrade-to-node-18/rationally-fancy-flamingo
backport/upstream-oss-merge/briefly-guided-quagga
backport/vault-compatability-consul-pki-token/arguably-cool-silkworm
backport/vault-compatability-consul-pki-token/incredibly-discrete-lamprey
backport/vault-compatability-consul-pki-token/lightly-arriving-cattle
backport/vault-compatability-consul-pki-token/terribly-grand-tetra
backport/vault-compatability-consul-pki-token/usefully-ethical-kiwi
backport/zalimeni/alemuro/3101-support-statefulset-pvc-retain--docs/logically-complete-krill
backport/zalimeni/feature/net-1151-l7-intentions-security-fixes--api-docs-1.19
backport/zalimeni/fix-submodule-versions-latest/thankfully-funny-colt
backport/zalimeni/k8s-1.4.0-docs-feedback/willingly-strong-pony
backport/zalimeni/net-3900-fix-tproxy-extension-panic/slowly-blessed-moray
backport/zalimeni/net-4904-bump-envoy-versions-docs/normally-endless-wren
backport/zalimeni/net-5146-bump-go-net_http-cve/externally-innocent-maggot
backport/zalimeni/net-5163-prioritize-by-locality-test/pleasantly-central-chow
backport/zalimeni/net-5163-prioritize-by-locality-test/primarily-harmless-marmoset
backport/zalimeni/net-5163-prioritize-by-locality-test/ultimately-related-drum
backport/zalimeni/net-5163-prioritize-by-locality-test/verbally-suited-aphid
backport/zalimeni/net-5217-derive-proxy-locality-from-parent-service-oss/absolutely-pumped-adder
backport/zalimeni/net-5622-consolidate-envoy-version-mgmt/similarly-crisp-mako
backport/zalimeni/net-6725-fix-sidecarproxycontroller-flake/literally-on-raven
backport/zalimeni/net-6725-fix-sidecarproxycontroller-flake/primarily-logical-stingray
backport/zalimeni/net-6741-add-make-target-dependency-update-modules/entirely-genuine-koi
backport/zalimeni/net-6741-add-make-target-dependency-update-modules/partly-welcome-unicorn
backport/zalimeni/net-7713-v2-docs-virtual-port-ref-k8s--1.18.0
backport/zalimeni/net-9224-bump-go-1.21.10/uniquely-bold-jackal
backport/zalimeni/test-bpa-0.4.1/urgently-accepted-snipe
backport/zalimeni/upgrade-vault-remove-go-jose.v2/extremely-feasible-rat
backport/zalimeni/upgrade-vault-remove-go-jose.v2/privately-square-walrus
backport/zalimeni/upgrade-vault-remove-go-jose.v2/usually-quality-locust
backport/zalimeni/use-go-version-file/firmly-tops-chow
backport/zalimeni/use-go-version-file/marginally-modest-condor
backport/zalimeni/use-go-version-file/sincerely-native-man
backup-windows-integration-27th-june
backup_grafana-dashboards
banks-patch-1
blake/1.11-oidc-ui-nspace-fix
blake/fix-kv-import-folder-prefix-10906
blake/ingress-no-dnsname-port-gh-11092
blake/support-qname-minimization-6579
blake/v1.8.0-ingress-websocket-fix
bny-custom-04052021
boruszak/docs-stable-merge
boxofrad/autoreload-merge
boxofrad/backend-list-by-owner
boxofrad/better-vault-error-logging
boxofrad/controller-api-spike
boxofrad/extract-type-registration
boxofrad/fix-changelog-pr-links
boxofrad/rename-master-acl-tokens-internally
boxofrad/resource-service-client
boxofrad/spike-catalog-write-rate-limit
boxofrad/spike-resource-http
boxofrad/spike-server-resource
boxofrad/spike-version-translation
boxofrad/streaming-contention-close-in-goroutine
boxofrad/streaming-contention-experiment
boxofrad/streaming-contention-next-fast-path
boxofrad/streaming-contention-semaphore-wakeup
boxofrad/streaming-contention-simple-semaphore
boxofrad/upgrade-grpc
brk.check-link-follow-redirect
brk.feat/mdx-v2
bug-service-defaults-override-by-proxy-defaults
build-darwin-ubuntu
bump-api
bump/go-and-envoy/rc1.20
case-insensitive-node-names-acl-checks
catalog-service-list-filter
catalog_node_watch_fix
cc-4931/nick-refactor
cc-7178-skip-flakey-test-in-navigation
changes-to-ui-folder-test
checkpoint_telemetry_poc
cherry-pick-fix
cherry-pick-merge
ci/main-assetfs-build
ci/update-security-scanner-token
clarify-connect-language-in-cli-help-text
clarify-hcl-cli
clly/upgrade-vault-api
cluster-peering-partitions
code-organization
commontopo-better
community-12079
compliance/add-headers
computed-gateway-routes-spike
config-issue-616
config_replication_id
consistent-error-handling
consul-docs-ia-redesign
consul-docs-ia-redesign-v2
consul-vs-comp
container-test-speedup
controller-cache
copy-working-file
core-multiport-fixes
correct-acl-hash-replication
crt-consul-migration
crt-migration-build-flags
cts-deprecate-port-option
cts-ls-test-docs
cts-pan-ngfw
dan/1.19.0/changelog-update
dans/NET-1154/persist-ca-updates-in-peering
dans/NET-3917/initial-fetch-timeout-permafix
dans/NET-7910/v2-dns-enable-peering
dans/fic-https-basic-test
dans/fix-compat-test-access-logs
dans/make-peer-name-uniform
dans/remove-multiport-docs
dans/remove-ws-from-jira-gha
dans/skaffold-experiment
dans/test-pr-labeler
dans/that-time-dan-broke-consul
david-yu-admin-partitions
david-yu-bug-report
david-yu-bump-envoy
david-yu-cluster-peering-docs-1-12
david-yu-edit-pr
david-yu-patch-1
david-yu-patch-2
david-yu-release-note
david-yu-v2-update
debug-1.16-api
debug-sdk
debugging-jm/NET-6294
debugging-jm/NET-6294-deepcopy
deepcopy-gatewaycontroller
dep/raft-boltdb
dependabot/github_actions/actions/setup-go-5.1.0
dependabot/github_actions/browser-actions/setup-chrome-1.7.2
dependabot/github_actions/docker/setup-qemu-action-3.2.0
dependabot/github_actions/golangci/golangci-lint-action-6.1.1
dependabot/github_actions/slackapi/slack-github-action-2.0.0
dependabot/go_modules/github.com/aliyun/alibaba-cloud-sdk-go-1.63.54
dependabot/go_modules/github.com/aws/aws-sdk-go-1.44.128
dependabot/go_modules/github.com/hashicorp/go-sockaddr-1.0.7
dependabot/go_modules/github.com/hashicorp/hcp-sdk-go-0.124.0
dependabot/go_modules/github.com/hashicorp/raft-1.7.1
dependabot/go_modules/github.com/hashicorp/raft-boltdb/v2-2.3.0
dependabot/go_modules/github.com/olekukonko/tablewriter-0.0.5
dependabot/go_modules/go.opentelemetry.io/otel/metric-1.32.0
dependabot/go_modules/golang.org/x/oauth2-0.24.0
dependabot/go_modules/gotest.tools/v3-3.5.1
dependabot/go_modules/k8s.io/apimachinery-0.31.3
dependabot/go_modules/test-integ/github.com/docker/docker-25.0.6incompatible
dependabot/go_modules/test/integration/consul-container/github.com/docker/docker-25.0.6incompatible
dependabot/go_modules/test/integration/consul-container/github.com/opencontainers/runc-1.1.14
dependabot/npm_and_yarn/ui/cross-spawn-6.0.6
dependabot/npm_and_yarn/ui/elliptic-6.6.0
dependabot/npm_and_yarn/ui/express-4.20.0
dependabot/npm_and_yarn/ui/follow-redirects-1.15.6
dependabot/npm_and_yarn/ui/rollup-2.79.2
dependabot/npm_and_yarn/ui/webpack-5.94.0
dependabot/npm_and_yarn/website/husky-9.1.7
dependabot/npm_and_yarn/website/next-15.0.3
dependabot/npm_and_yarn/website/prettier-3.3.3
derekm/NET-6565/release-1.15.3-wpac
derekm/improve-vip-lookups
derekm/xds-use-same-http-protocol-downstream-to-localapp
dhia/ca-cas-config-refactor
dhiaayachi/NET-4926-v1-ns-delete
dhiaayachi/NET-5519-ns-bridge-2
dhiaayachi/fix-trustbundle-peers
dhiaayachi/go-toolchain
dhiaayachi/raft-wal-backend-as-default
dhiaayachi/raft-wal-backend-as-default-code
disable-flaky
disco-retain-details
dl-license
dnephin/acl-resolve-token-4
dnephin/acl-resolve-token-5
dnephin/acl-resolver-6
dnephin/acl-resolver-7
dnephin/agent-setup-user-event-handler
dnephin/ca-cluster-id
dnephin/ca-cluster-id-2
dnephin/ca-manager-move-to-new-package
dnephin/ca-manager-move-to-new-package-2
dnephin/ca-remove-unused-fields
dnephin/catalog-service-list-filter
dnephin/ci-handle-ent-differences
dnephin/cleanup-ae
dnephin/cleanup-ae-2
dnephin/cleanup-ae-3
dnephin/conn-pool-docs
dnephin/deprecate-verify-incoming
dnephin/docs-day-acl-move-config-ref
dnephin/docs-day-acl-move-rules-table
dnephin/docs-day-acl-overview
dnephin/docs-more-details-about-vault-provider
dnephin/enable-logging-color
dnephin/fix-serf-tag-data-race
dnephin/http-struct-interfaces
dnephin/move-dns-server-to-apiServers
dnephin/prefix-overlap-watches
dnephin/remove-lib-translate-keys-attempt-2
dnephin/rpc-metrics
dnephin/secure-defaults
dnephin/structs-proxy-defaults-remove-name-field
dns-srv-separate-tag-from-protocol
doc-clarify-version-format
doc-fix-missing-fed-methods
docs-backport-fix-er
docs-cluster-peering-technical-preview
docs-day
docs/1-17-release-notes
docs/1.17-docs-reconcile
docs/add-partition-query-api
docs/agent-config
docs/api-catalog-register-snake_case
docs/api-overview-devdot
docs/auto-cert
docs/clarify-connect-language
docs/clarify-crd-tutorial
docs/clarify-cross-partition-mgw-export-requirement
docs/clarify-network-area-mesh-gw-compatibility
docs/cli-breakout-positional-args
docs/cli-characteristics-and-crossref
docs/cluster-peering-beta
docs/cluster-peering-improvements
docs/cluster-peering-updates
docs/consul-ia-experiement-fdbk-1
docs/consul-ia-experiment
docs/consul-ia-experiment-cts-adam
docs/consul-k8s-upgrade
docs/consul-snapshot-agent-kms-policy-4369
docs/cts-zscaler-partner-guide
docs/er-404-inline-checker
docs/fix-broken-links
docs/fix-broken-links-1
docs/fix-broken-markdown-link
docs/fix-ent-dns-service-lookup-link
docs/fix-exported-services
docs/fix-release-notes-links
docs/intentions-refactor-docs-day-2022
docs/jeff-sandbox
docs/jkirschner-hashicorp-patch-1
docs/k8s-0-49-helm-docs
docs/k8s-deployment
docs/krastin/connect-serviceintentions-fixlinks
docs/krastin/nomad-for-consul
docs/manual-backport-for-LTS
docs/manual-backport-kv-page
docs/misc-fixes
docs/note-about-connect-service-upstream-env-var
docs/peer-in-dns-lookups
docs/proposed-docs-overview-pages
docs/rebackport-k8s-fed-req-failed-pick
docs/redirect-dns-docs
docs/refactor-discover-services-docs
docs/release-1.17-reconcile-1
docs/rework-service-splitter-ref-docs
docs/rework-service-splitter-ref-docs-no-objects
docs/sentence-case-titles
docs/tables-instead-of-lists
docs/update-config-entry-ref-component
docs/update-content-cluster-peering
docs/update-faq-header
docs/update-loglevel-trace
docs/update-storage-class-ref-arch
docs/update-wan-fed-mesh-gateway-guide
docs/vault-connect-ca-namespace-improvements
docs/vault-secrets-backend-limitations
docs/waf-page-migration
ds-nd/net-9016-kvdataloss
dstough/CSLC-130-restrict-terminating-gateway-access-to-tls
dstough/GH-11250-system-ca-for-tgateways
dstough/acl-for-destinations
dstough/gateway-linked-endpoint
dstough/test-endpoint-service-query
dyu-cluster-peering-fix-1-12
dyu-license
dyu-relnotes
dyu/1.15-docs
dyu/dockerfile
dyu/envoy-bump
eculver/1.12.x/latest-changelog
eculver/1.13.0-alpha1-changelog
eculver/auth-method-docs
eculver/enable-arm-verifications
eculver/envoy-1.21.1
eculver/missing-docs-changes
eculver/oss-ent/new-params
eculver/stable-website/latest-envoy-support
eculver/verifications
eculver/verify-release-artifacts
eikenb/cloudfoundry-vault-provider-auth
eikenb/matrix-integration-testing
eikenb/vault-integration-testing
eliminate-gotest.tools/v3
envoy-crash-help
envoy-ext-local-ratelimit-fix
errors/acl-agent-token-not-set
errors/acl-not-found-bootstrap-not-exist
evrowe-consul-ui-readme-update
experiment/raft-grpc
extend-retry
external-services
f-reloadable-configuration-enable-debug-backup
feature-negotiation-grpc-api
feature/acl-replication-status
feature/envoy-support-tlsv13
ffmmm/b-10871
ffmmm/default-prom-s
fix-agent-cache-leak-3
fix-broken-dockerfile-sam
fix-cherry-pick
fix-controller-watch
fix-deregister-url-service-id
fix-entpoint-get-500
fix-failing-linting-test
fix-fips-build-amd
fix-flaky
fix-flaky-peerstream-test
fix-integ-machines
fix-lambda-docs-spacing-bug
fix-lambda-l7-routing
fix-leaf-panic
fix-leaf-timeout
fix-peering-2-partitions
fix-protobuf-generation
fix-syslog
fix-tests
fix-transparent-proxy
fix/make-test-deployer
fix_k8s_helm_docs_june
fixes/helper-text-config-entry-delete
gateway-listener-binding-bugfix
gateways/typed-status-regen
gh-13491
gh-18096-fix-missing-ttl-value
gh-maxconnections-ingress-gateway
gha-basic-artifact-validation
go-action-cache
gotest-remote-cache
gotest-remote-cache-2
grpc-envoy-bootstrap-params-oss-test
grpc-tls-compat
gw-xds-handling-eventual-consistency
hack-cloudlink
hack-deploy
hack-hcp-integration-split
hackathon/consul-common-errors
hans/ccm-playground
hcp-LastContact
hcp-link-config-skeleton
hcp/expose-grpc-scada
health-prefer-connect
hk/jm/test-integrations-fix-compatibility-test
hk/jm/test-integrations-fix-upgrade-test
ignore-exported-prefix-on-cluster-metrics
im2nguyen-patch-1
improve-intention-error-messages
improve_ci_run_time
increase-maching-size
ingress-gw-tracing-config
iradix-improved
ishustava/NET-5580-bump-all-resource-versions
ishustava/auth-method-secondary-dc
ishustava/authz-types
ishustava/debug-mesh-gw-test
ishustava/dns-proxy-poc
ishustava/fix-agent-proxy-mgr-instantiation
ishustava/mesh-controller-upstream-proxy
ishustava/multi-port-test-fixes
ishustava/sidecar-proxy-controller-tproxy
ishustava/spike-agent-cache-watch
ishustava/spike-controller-leaf-cert-watch
ishustava/spike-proxy-cfg-src-v2
ishustava/test-int-tests
ishustava/v2-traffic-perms-ir-suggestions
ishustava/vault-k8s-docs
ishustava/xds-server-v2
japple-rel-notes-reorg
japple/cherry-pick-1.11.x-release-notes
jer/ccm-read-only-squashed
jer/merge-ccm-bootstrap-config
jjtimmons/backport-48c8a83
jjtimmons/backport-otel-freq-2
jjtimmons/hcp-telemetry-periodic-refresh-start-up
jjtimmons/increase-buckets
jkirschner-hashicorp-patch-2
jm-client-timeout
jm-net-5879
jm-plug
jm-plug-git
jm-plug-http
jm/0427
jm/1.19-updated-go-mods
jm/1.5-sub
jm/1.9-sub
jm/3372-2
jm/NET-3372
jm/NET-3394
jm/NET-4237
jm/NET-4739
jm/NET-4931
jm/NET-4944
jm/NET-4944-1
jm/NET-5150
jm/NET-5590-xds-server
jm/NET-5822-test
jm/NET-6294-NET-4944
jm/NET-6385-hack
jm/NET-6941
jm/NET-8431
jm/acc-tests
jm/agent-hack
jm/bpa
jm/branch-filters
jm/break-branch-protection
jm/cc
jm/checking-changes-old
jm/client-timeout
jm/client-timeout-2
jm/delete-website
jm/destination-tests-grpc
jm/empty-endpoints
jm/ent-deps
jm/ent-dev-migration
jm/explicit-based-l7
jm/fix-jwt-auth-bug
jm/fix-sw-qa
jm/gh-20360
jm/gh-call
jm/gha-recreation
jm/go-testcontainers
jm/go-tests-notify
jm/go-tests-notify-2
jm/gtsm
jm/hack
jm/hack-int
jm/hack-int2
jm/hcp-vault
jm/helm
jm/helm-updates
jm/ip-rate-limit-api
jm/mock-handler
jm/mock-handler-2
jm/move-code
jm/multi-port-integ
jm/multilimiter-memdb
jm/net-4941-leaf
jm/plug
jm/preflight
jm/release-1.18.4
jm/remove-compat-test-splitting
jm/resource-tests
jm/retract
jm/retry-on-connect-failure
jm/rmv-compat
jm/same-docker-compose
jm/snap-restore
jm/snapshot-restore-tests
jm/split-compatibility
jm/split-tests
jm/success
jm/test
jm/test-integrations-hui-test-integ
jm/test-split
jm/test-splitting
jm/ul
jm/v2-dns-v1-data-fetcher
jm/v2-examples
jm/vault-ent-license
jm/vault-gossip
jm/vault-wan-fed
jm/vault-wan-fed-2
jm/verify-linux-fix
jm96441n/manual-backport-dupe-parents
johnlanda/bench
johnlanda/trafficpermissionscontroller
jwt-multiple-virtual-hosts
k8s_healthcheck
kisunji-patch-1
kisunji/1.12.x-revert-pathescape
kisunji/1.13.x-docs-cherrypick
kisunji/1.14.x-docs-backport
kisunji/NET-1396-token-self-expanded
kisunji/NET-2590-default-intention-policy
kisunji/approval-button
kisunji/assetfs-merge-ci
kisunji/cache-fix-test
kisunji/catalog-service-list-filter
kisunji/ent-label-ratelimit
kisunji/fix-golden
kisunji/fix-stable-website
kisunji/fix-stable-website-2
kisunji/go1.17.4
kisunji/grpc-native-balancer
kisunji/kv-docs-fix
kisunji/lintest
kisunji/merge-stable-website
kisunji/merge-test
kisunji/more-ent-test-fixes
kisunji/net-6230-namespace-trafperms
kisunji/peering-bugfix-changelog
kisunji/pin-circleci-docker-version
kisunji/replace-registry-pattern
kisunji/rpc-shim
kisunji/serveraddrs-generate-token-req
kisunji/small
kisunji/small-testfix
kisunji/subloggers
kisunji/temp
kisunji/temp-rpc-deadline
kisunji/upgrade-warning
km.vercel-config
kv-1.10.8-withlogs
kv-1.14.8-withlogs
lambda-beta-docs
lambda-docs
leadership-transfer-cmd
listener-route-spike
lkysow/consul-plugin-exec
lkysow/serverless-via-metadata
lkysow/service-not-exist
lkysow/windows-tests
loadtest-test
local-mesh-gateway-pst
locality-aware-routing
lorna/cc-6925/1-15
loshz/NET-7225-peeringv2-proto-check
luoxuan00733-patch-1
m1-investigate
ma/backport-stable-website
ma/ipv6-robustness-fixes
ma/md5_fix_oss
ma/move-enterprise-meta-try2-oss
ma/resource-listing
ma/typo-fix
ma/vault-namespace-intermediate-provider
main
make-codegen
malizz/NET-1663/fix-bug
malizz/update-proto-imports-in-1.14.x
manual-backport-1.8.0-ingress-gateway
markcv-upstreamConfig-update
mathew.estafanous/dev
max-jitter
may-alignment
mesh-gateway-all-the-things
mesh-gateway-broken-all-the-things
mgw-wanfed-hard-network-partition
migrate-tests-to-use-slack-actions
mirror-to-ent
mktg-tf-b183f7b50da4e35426c936006092c7b3
more-lambda-docs-tweaks
mrktfix18
mvincent/no-freelist-logging
natemollica-nm-patch-1
natemollica-nm-patch-2
nd/bring-back-peering-ext-addr
nd/net-7510-openapi-followup-matt-poc
nd/spike-proxy-state-controller
nd/update-compat
net-5889/workloadhealth-tests
net-6138/release/1.17.x
net-6230-namespace-tp
net-6706
net-7953/adjust-computed-gateway-protos
net-7984/clusters-for-api-gateways
net-7986/routes-for-api-gateways
net-8075/certs-for-api-gateways
net-8416-add-gateway-api-request-redirect-filter
nfi-api-client-nop-write
nfi-cache-unit-test-results
nfi-fix-go-test-check
nfi-fix-test-integ-go-mod
nfi-gha-fiddling
nfi-go-test-cache
nfi-poc-gotestdoc
nfi-poc-unit-and-upgrade
nfi-poc-unit-and-upgrade-type
nfi-split-lint-from-go-tests
nia_resize_image
nickcellino/link-status
nicoleta/bum-envoy-on-1.15.x
nicoleta/bump-envoy
nicoleta/bump-envoy-on-1.18.x
no-change-cache
no-op-ron-lint
nvanthao/b-delete-config
nvanthao/b-snapshot-recovery
only_async_trigger_changes
openapi
optimized-seek-prefix-watch
origin/markcv/CSEP-157/duplicate-sidecar-port-validation
origin/markcv/update-envoy-version-doc
oss-merge-pr-branch
oss-merge-v2
oss-rename-trigger
partition/session-test-kvs-endpoint
pcmccarron-patch-1
peering-upstream-annotation
pglass/dump-aws-bearer-token
poc-alpn-glow
poc-cli-grpc
poc-httpfilter
preetha/NET-1322
promtheus_consul_version
propogate-request-time-downstream
proxycfg-deadlock
proxycfg-deadlock-2
proxycfg/init-local-gateways-map
raft-tls-include-intermediates
rboyer/add-linter-net-rpc
rboyer/deployer-with-v2-tproxy-bookmark
rboyer/fix-v2-testing
rboyer/golden-proto-json
rboyer/hack-neo
rboyer/proxy-configuration-cache
rboyer/spike-agent-cache-watch--fork
rboyer/wrappedtypes
rboyer/xds-refactor
reach
rebase-multiport-test-fixes
refactor-add-patches
release/1.10.0
release/1.10.0-alpha
release/1.10.0-beta1
release/1.10.0-beta2
release/1.10.0-beta3
release/1.10.0-beta4
release/1.10.0-rc
release/1.10.0-rc2
release/1.10.1
release/1.10.1-beta1
release/1.10.10
release/1.10.11
release/1.10.12
release/1.10.2
release/1.10.4
release/1.10.5
release/1.10.6
release/1.10.7
release/1.10.8
release/1.10.9
release/1.10.x
release/1.11.0
release/1.11.0-alpha
release/1.11.0-beta1
release/1.11.0-beta2
release/1.11.0-beta3
release/1.11.0-rc
release/1.11.1
release/1.11.10
release/1.11.11
release/1.11.2
release/1.11.3
release/1.11.4
release/1.11.5
release/1.11.6
release/1.11.7
release/1.11.8
release/1.11.9
release/1.11.x
release/1.12.0
release/1.12.0-beta1
release/1.12.1
release/1.12.2
release/1.12.3
release/1.12.4
release/1.12.5
release/1.12.6
release/1.12.7
release/1.12.8
release/1.12.9
release/1.12.x
release/1.13.0
release/1.13.0-alpha1
release/1.13.0-alpha2
release/1.13.0-techpreview1
release/1.13.1
release/1.13.2
release/1.13.3
release/1.13.4
release/1.13.5
release/1.13.6
release/1.13.7
release/1.13.8
release/1.13.9
release/1.13.x
release/1.14.0
release/1.14.0-beta1
release/1.14.1
release/1.14.10
release/1.14.11
release/1.14.2
release/1.14.3
release/1.14.4
release/1.14.5
release/1.14.6
release/1.14.7
release/1.14.8
release/1.14.9
release/1.14.x
release/1.15.0
release/1.15.1
release/1.15.10
release/1.15.12
release/1.15.15
release/1.15.2
release/1.15.3
release/1.15.4
release/1.15.5
release/1.15.6
release/1.15.7
release/1.15.8
release/1.15.9
release/1.15.x
release/1.16.0
release/1.16.0-rc1
release/1.16.1
release/1.16.2
release/1.16.3
release/1.16.4
release/1.16.5
release/1.16.6
release/1.16.8
release/1.16.x
release/1.17.0
release/1.17.0-rc1
release/1.17.1
release/1.17.2
release/1.17.3
release/1.17.5
release/1.17.7
release/1.17.x
release/1.18.0
release/1.18.0-rc1
release/1.18.1
release/1.18.2
release/1.18.4
release/1.18.5
release/1.18.x
release/1.19.0
release/1.19.1
release/1.19.2
release/1.19.3
release/1.19.x
release/1.20.0
release/1.20.0-rc1
release/1.20.1
release/1.20.x
release/1.6.10
release/1.6.7
release/1.6.9
release/1.6.x
release/1.7.10
release/1.7.11
release/1.7.12
release/1.7.13
release/1.7.14
release/1.7.5
release/1.7.6
release/1.7.8
release/1.7.9
release/1.7.x
release/1.8.0
release/1.8.1
release/1.8.10
release/1.8.11
release/1.8.11-beta1
release/1.8.11-beta2
release/1.8.12
release/1.8.13
release/1.8.14
release/1.8.15
release/1.8.17
release/1.8.18
release/1.8.19
release/1.8.2
release/1.8.4
release/1.8.5
release/1.8.6
release/1.8.7
release/1.8.7-beta1
release/1.8.8
release/1.8.9
release/1.8.9-beta1
release/1.8.x
release/1.9.0
release/1.9.0-beta2
release/1.9.0-beta3
release/1.9.0-rc1
release/1.9.1
release/1.9.11
release/1.9.12
release/1.9.13
release/1.9.14
release/1.9.15
release/1.9.16
release/1.9.17
release/1.9.2
release/1.9.3
release/1.9.4
release/1.9.5
release/1.9.6
release/1.9.7
release/1.9.8
release/1.9.9
release/1.9.x
releng-329
remove-deprecated-peering-fields
remove-gogo-getters
remove-legacy-acl-endpoints-cli
remove-legacy-acl-vestiges
remove-references-to-consul-connect
remove-to-ingress
replace-learn-links
resource-type-gen2
resource-type-scope-gen
resource-v1
resource-v1-1.18
retry-flaky
retry-join-timeout
retry-timeout-e2e-test-NET-5208
revert-11376-leadership-transfer-onleave
revert-11692-cherry-pick-fix
revert-17760-backport/docs/lkysow-upgrade/scarcely-master-adder
revert-18796-docs/ext-authz-apigee
revert-19038-NET-5788-fix-ready-listeners-in-core
revert-20682-CC-7479-add-alert-to-link-to-hcp-modal-to-refresh-page
revert-21572-zalimeni/update-bpa
revert-version-updates
robyer/deployer-l7-split-tests
ron-test
routes-controller
sa-restructure-documentation
sar-for-unit-tests
sarah-test
sarah-test-docker-cpus
sarah/test-license-script
sarah/test-reproducible-build
scratch/data-source-metrics
security/auto-go-bump
security/ui-dependency-bump
server-rate-limit/mock-handler-2
server-rate-limit/multilimiter-lock
serverless-via-metadata
service-endpoints-id-ports
service-owner-ref
service-tags-upgrade-fix
shutdown-test-agents
silent-ui-tests
skpratt/acl-controller-test
skpratt/acl-error-debug
skpratt/resource-api-support
skpratt/temp-debug
skpratt/test-coverage-report-ci
skpratt/workload-identity
sm/add-goarm-to-main
smre-317/redhat-projectid
sp/better-make-help
spatel/NET-1847-repro
spatel/NET-3409-automate-goimports-on-commit-using-precommit
spatel/better-testlist-main
spatel/fix-typo
spatel/gci-format-all-the-things
spatel/post-release-fixups
spatel/pre-commit
spatel/sandbox
spatel/scope-required-in-registration
spatel/throwaway
spatel/throwaway-gci-results
spatel/throwaway-gci-results-2
spatel/throwaway-reviser-results
sqm
stable-website
stepbui1-patch-1
streaming-rpc
stub-api-gateway-xds
stub-v2-gateways
tagged-addrs
tagger-14
tauhid621/exported_services_api
tauhid621/peer_exported_services_api
temp
temp-branch
terminating-gateway-overrides
terminating-gateway-service
terminating-gateway-service-base
test-branch
test-gh-fix
test-go-build-cache
test-linter
test-no-concurrency
test-no-concurrency-full
test-no-disk
test-prepare
test/jjtimmons/hcp-telemetry
test/load-test-lambda
test/zalimeni/docs-skip-md
test/zalimeni/docs-skip-mdx
test_ci_skip
testingconsul-clean-up
tgw/resolver-query-fix
tgw/resolver-query-fix-1-10
tgw/resolver-query-fix-1-9
traffic-permissions-cache
troubleshoot/changelog
ua-test/conflict-1
udp-check
ui/CC-6137
ui/CC-7062-get-back-metrics-test-with-updated-selector
ui/CC-7062-get-back-metrics-test-with-updated-selector-for-draft
ui/CC-7062-get-back-metrics-test-with-updated-selector-upd
ui/NET-438-add-ent-version-suffix
ui/NET-438/add-ent-version-suffix
ui/NET-5414
ui/ariadne-core-ui
ui/ariadne/ui-changes
ui/backport/1.8.x/11328
ui/bugfix/2-instance-1-proxy
ui/bugfix/403-partitions-endpoint
ui/bugfix/fixup-routlets
ui/bugfix/notfound-t
ui/bugfix/spelling
ui/cc-7178-skip-flakey-test-in-navigation
ui/chore/ci/1.11.x
ui/chore/remove-tooltip-component
ui/chore/standardize-statechart-yield
ui/chore/upgrade-327
ui/chore/upgrade-ember-3-28
ui/codemirror-lint-removal
ui/copy-edits-for-built-in-policy-alert
ui/copy-link-mock-endpoint-to-prefixed-api
ui/de-lint
ui/feature/ember-update-3.28.6
ui/feature/fault-tolerance-link
ui/feature/fix-auth-method-views
ui/feature/has-peerings-class
ui/feature/ui-config-dashboard-urls
ui/feature/use-cut-list-item-for-services
ui/fix-home-link
ui/fix-mock-api-endpoint
ui/fix-tests-whoopsie
ui/node-engine
ui/remove-jsonlint-dep
ui/rm-intention-test-with-latency
ui/scratch/ci-stuff
ui/scratch/empty
ui/scratch/empty-w-route
ui/scratch/light-sshhhhh
ui/scratch/side-app-example
ui/scratch/storybook-overlord
ui/temporary-remove-tests-which-fails-on-consul-enterprise
ui/temporary-remove-token-policy-test
update-api-version
update-go-1.18.9-rboyer
update-golang-x-libs
update-link-to-documents-from-link-to-hcp-modal
update-linux-package-license
update-node-version-to-14
update-to-blessed-fork-of-mapstucture
update-upgrade-test-image
update-version-1.17
update_gen_meta
update_gen_meta-1
update_gen_meta-2
updategolangx
upgrade-1.3-dataplane-to-1.6-dataplane
upgrade-test-remove-docker-login
urldecode-url-query-params-part-1
use_values_yaml_instead_of_config_yaml
using-art-hashi
v2-backend-ref-note
v2-docstring-updates
v2-gateways-api-proto
v2-gateways-controller
v2-tproxy-container-tests
validate-decoded-helper
vanphan24-patch-1
vault-compatability-consul-pki-token
vault-nomad-version-bump
wal-docs
wan-fed-v2
wasm-filters
website/1.10.0
windows-integration-test-envoy
windows-preview
wire-up-traffic-permissions
x/bench-catalog
x/singleflight
x/streaming-v2
x/wal
xds-native-primitives-poc
xds/cds-ack
xw/NET-5725-client-refactor
xw/NET-5725-grpc-cli-clean-up
zalimeni/add-make-target-dependency-update-modules
zalimeni/api-1.23.0-release
zalimeni/api-sdk-backwards-compat-go-version-detect
zalimeni/check-go-max-procs
zalimeni/dhiaayachi/raft-wal-backend-as-default--suggestions
zalimeni/dns-recurse-only-if-enabled
zalimeni/enable-security-scans-release--test
zalimeni/feature/net-1151-l7-intentions-security-fixes--archive
zalimeni/fix-nightly-branch-sourcing-get-go-version
zalimeni/go-work
zalimeni/net-3447-reintroduce-new-extension-resources
zalimeni/net-5189-fix-any-slice-handling-repeated-fields
zalimeni/net-5586-support-virtual-port-xroute-dest
zalimeni/net-5622-consolidate-envoy-version-mgmt-1.17
zalimeni/net-5622-consolidate-envoy-version-mgmt-1.18
zalimeni/net-5622-consolidate-envoy-version-mgmt-test-1.19-nightly
zalimeni/net-5622-consolidate-envoy-version-mgmt-test-nightly-upgrade
zalimeni/net-6597-upgrade-go-jose-go-oidc
zalimeni/net-6600-remove-insecure-hash-use
zalimeni/net-9141-exclude-ce-license-ent
zalimeni/net-9229-remove-coredns-1.16
zalimeni/no-op-test-ci-1.14
zalimeni/sanitize-slack-ci-failure-input--test
zalimeni/skip-failure-notification-slack-on-cancel--test-skip-latest
zalimeni/skip-failure-notification-slack-on-cancel--test-skip-refactor
zalimeni/submodules-to-go-work
zalimeni/test-ci-skips
zalimeni/test-ent-license-exclusion
zalimeni/test-ent-license-exclusion--baseline-main
zalimeni/test-ent-license-exclusion-2
zalimeni/test/main-baseline-envoy-int-tests
zalimeni/tmp-show-least-request-prop-override-golden
zalimeni/try-go-workspace-submodules
zalimeni/update-k8s-docs-1.17.x
zalimeni/update-submodules-post-1.5.0
zalimeni/use-consul-go-version-nomad-vault-int-suite
zalimeni/verify-docker-engine-version
zs.test-mdx-fixes
zs.test-placeholder-page-removal
api/v1.0.0
api/v1.0.1
api/v1.1.0
api/v1.10.0
api/v1.10.1
api/v1.11.0
api/v1.12.0
api/v1.13.0
api/v1.13.1
api/v1.14.0
api/v1.15.0
api/v1.15.1
api/v1.15.2
api/v1.15.3
api/v1.16.0
api/v1.17.0
api/v1.18.0
api/v1.18.1
api/v1.18.2
api/v1.19.0
api/v1.19.1
api/v1.19.2
api/v1.2.0
api/v1.20.0
api/v1.21.0
api/v1.21.1
api/v1.21.2
api/v1.21.3
api/v1.21.4
api/v1.22.0
api/v1.22.0-rc1
api/v1.23.0
api/v1.24.0
api/v1.25.0
api/v1.25.1
api/v1.26.0-rc1
api/v1.26.1
api/v1.26.1-rc1
api/v1.27.0
api/v1.27.1
api/v1.27.2
api/v1.28.0
api/v1.28.0-rc1
api/v1.28.1
api/v1.28.2
api/v1.28.3
api/v1.28.4
api/v1.28.5
api/v1.29.0
api/v1.29.1
api/v1.29.2
api/v1.29.3
api/v1.29.4
api/v1.29.5
api/v1.29.5-rc1
api/v1.29.6
api/v1.3.0
api/v1.30.0
api/v1.4.0
api/v1.5.0
api/v1.6.0
api/v1.7.0
api/v1.8.0
api/v1.8.1
api/v1.9.0
api/v1.9.1
ent-changelog-1.15.11
ent-changelog-1.15.12
ent-changelog-1.15.13
ent-changelog-1.15.14
ent-changelog-1.15.15
ent-changelog-1.16.7
ent-changelog-1.16.8
ent-changelog-1.17.4
ent-changelog-1.17.5
ent-changelog-1.17.6
ent-changelog-1.17.7
ent-changelog-1.18.3
ent-changelog-1.18.4
ent-changelog-1.18.5
ent-changelog-1.19.3
envoyextensions/v0.1.0
envoyextensions/v0.1.1
envoyextensions/v0.1.2
envoyextensions/v0.2.0
envoyextensions/v0.2.1
envoyextensions/v0.2.2
envoyextensions/v0.2.3
envoyextensions/v0.2.4
envoyextensions/v0.3.0
envoyextensions/v0.3.0-rc1
envoyextensions/v0.4.0
envoyextensions/v0.4.1
envoyextensions/v0.5.0-rc1
envoyextensions/v0.5.1
envoyextensions/v0.5.1-rc1
envoyextensions/v0.5.2
envoyextensions/v0.5.3
envoyextensions/v0.5.4
envoyextensions/v0.6.0
envoyextensions/v0.6.0-rc1
envoyextensions/v0.6.1
envoyextensions/v0.6.2
envoyextensions/v0.7.0
envoyextensions/v0.7.1
envoyextensions/v0.7.2
envoyextensions/v0.7.3
envoyextensions/v0.7.4
envoyextensions/v0.7.4-rc1
envoyextensions/v0.7.5
envoyextensions/v0.7.6
internal/v0.1.0
list
proto-public/v0.1.0
proto-public/v0.1.1
proto-public/v0.2.0
proto-public/v0.2.1
proto-public/v0.3.0
proto-public/v0.4.0
proto-public/v0.4.0-rc1
proto-public/v0.4.1
proto-public/v0.5.0-rc1
proto-public/v0.5.1
proto-public/v0.5.1-rc1
proto-public/v0.5.2
proto-public/v0.5.3
proto-public/v0.5.4-rc1
proto-public/v0.6.0
proto-public/v0.6.0-rc1
proto-public/v0.6.1
proto-public/v0.6.2
proto-public/v0.6.3
sdk/v0.1.0
sdk/v0.1.1
sdk/v0.10.0
sdk/v0.11.0
sdk/v0.12.0
sdk/v0.13.0
sdk/v0.13.1
sdk/v0.14.0
sdk/v0.14.0-rc1
sdk/v0.14.1
sdk/v0.14.2-rc1
sdk/v0.14.3-rc1
sdk/v0.15.0
sdk/v0.15.1
sdk/v0.16.0
sdk/v0.16.0-rc1
sdk/v0.16.1
sdk/v0.2.0
sdk/v0.3.0
sdk/v0.4.0
sdk/v0.5.0
sdk/v0.6.0
sdk/v0.7.0
sdk/v0.8.0
sdk/v0.9.0
stable-website-pre-1.12.0-force-push
troubleshoot/v0.1.0
troubleshoot/v0.1.1
troubleshoot/v0.1.2
troubleshoot/v0.2.0
troubleshoot/v0.2.1
troubleshoot/v0.2.2
troubleshoot/v0.3.0
troubleshoot/v0.3.0-rc1
troubleshoot/v0.3.1
troubleshoot/v0.4.0-rc1
troubleshoot/v0.4.1
troubleshoot/v0.4.1-rc1
troubleshoot/v0.5.0
troubleshoot/v0.5.1
troubleshoot/v0.5.2
troubleshoot/v0.5.3
troubleshoot/v0.5.4
troubleshoot/v0.6.0
troubleshoot/v0.6.0-rc1
troubleshoot/v0.6.1
troubleshoot/v0.6.2
troubleshoot/v0.6.3
troubleshoot/v0.6.5
troubleshoot/v0.7.0
troubleshoot/v0.7.1
troubleshoot/v0.7.2
troubleshoot/v0.7.2-rc1
troubleshoot/v0.7.3
v0.1.0
v0.2.0
v0.2.1
v0.3.0
v0.3.1
v0.4.0
v0.4.1
v0.5.0
v0.5.0rc1
v0.5.1
v0.5.2
v0.6.0
v0.6.0-rc1
v0.6.0-rc2
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.6.4-rc1
v0.6.4-rc2
v0.6.4-rc3
v0.7.0
v0.7.0-rc1
v0.7.0-rc2
v0.7.1
v0.7.2
v0.7.2-rc1
v0.7.3
v0.7.4
v0.7.5
v0.8.0
v0.8.0-rc1
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.9.0
v0.9.0-rc1
v0.9.1
v0.9.2
v0.9.3
v0.9.3-rc1
v0.9.3-rc2
v0.9.4
v1.0.0
v1.0.0-beta1
v1.0.0-beta2
v1.0.1
v1.0.1-rc1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.1.0
v1.1.1
v1.10.0
v1.10.0-alpha
v1.10.0-beta1
v1.10.0-beta2
v1.10.0-beta3
v1.10.0-beta4
v1.10.0-rc
v1.10.0-rc2
v1.10.1
v1.10.1-beta1
v1.10.10
v1.10.11
v1.10.12
v1.10.2
v1.10.3
v1.10.4
v1.10.5
v1.10.6
v1.10.7
v1.10.8
v1.10.9
v1.11.0
v1.11.0-alpha
v1.11.0-beta1
v1.11.0-beta2
v1.11.0-beta3
v1.11.0-rc
v1.11.1
v1.11.10
v1.11.11
v1.11.2
v1.11.3
v1.11.4
v1.11.5
v1.11.6
v1.11.7
v1.11.8
v1.11.9
v1.12.0
v1.12.0-beta1
v1.12.1
v1.12.2
v1.12.3
v1.12.4
v1.12.5
v1.12.6
v1.12.7
v1.12.8
v1.12.9
v1.13.0
v1.13.0-alpha1
v1.13.0-alpha2
v1.13.1
v1.13.2
v1.13.3
v1.13.4
v1.13.5
v1.13.6
v1.13.7
v1.13.8
v1.13.9
v1.14.0
v1.14.0-beta1
v1.14.1
v1.14.10
v1.14.11
v1.14.2
v1.14.3
v1.14.4
v1.14.5
v1.14.6
v1.14.7
v1.14.8
v1.14.9
v1.15.0
v1.15.1
v1.15.10
v1.15.11
v1.15.2
v1.15.3
v1.15.4
v1.15.5
v1.15.6
v1.15.7
v1.15.8
v1.15.9
v1.16.0
v1.16.0-rc1
v1.16.1
v1.16.2
v1.16.3
v1.16.4
v1.16.5
v1.16.6
v1.16.7
v1.17.0
v1.17.0-rc1
v1.17.1
v1.17.2
v1.17.3
v1.17.4
v1.18.0
v1.18.0-rc1
v1.18.1
v1.18.2
v1.19.0
v1.19.1
v1.19.2
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.20.0
v1.20.0-rc1
v1.20.1
v1.3.0
v1.3.1
v1.4.0
v1.4.0-rc1
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.6.0
v1.6.0-beta1
v1.6.0-beta2
v1.6.0-beta3
v1.6.0-rc1
v1.6.1
v1.6.10
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.6.8
v1.6.9
v1.7.0
v1.7.0-beta1
v1.7.0-beta2
v1.7.0-beta3
v1.7.0-beta4
v1.7.1
v1.7.10
v1.7.11
v1.7.12
v1.7.13
v1.7.14
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.7.6
v1.7.7
v1.7.8
v1.7.9
v1.8.0
v1.8.0-beta1
v1.8.0-beta2
v1.8.0-rc1
v1.8.1
v1.8.10
v1.8.11
v1.8.11-beta1
v1.8.11-beta2
v1.8.12
v1.8.13
v1.8.14
v1.8.15
v1.8.16
v1.8.17
v1.8.18
v1.8.19
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.8.6
v1.8.7
v1.8.7-beta1
v1.8.8
v1.8.9
v1.8.9-beta1
v1.9.0
v1.9.0-beta1
v1.9.0-beta2
v1.9.0-beta3
v1.9.0-rc1
v1.9.1
v1.9.10
v1.9.11
v1.9.12
v1.9.13
v1.9.14
v1.9.15
v1.9.16
v1.9.17
v1.9.2
v1.9.3
v1.9.4
v1.9.5
v1.9.6
v1.9.7
v1.9.8
v1.9.9
${ noResults }
370 Commits (2d19cd58107f57accd06a58f0bb619cfcf195155)
| Author | SHA1 | Message | Date |
|---|---|---|---|
boruszak
|
38b1a515f1 |
Mergimg
|
2 years ago |
|
James Oulman
|
b8bd7a3058
|
Configure Envoy alpn_protocols based on service protocol (#14356)
* Configure Envoy alpn_protocols based on service protocol * define alpnProtocols in a more standard way * http2 protocol should be h2 only * formatting * add test for getAlpnProtocol() * create changelog entry * change scope is connect-proxy * ignore errors on ParseProxyConfig; fixes linter * add tests for grpc and http2 public listeners * remove newlines from PR * Add alpn_protocol configuration for ingress gateway * Guard against nil tlsContext * add ingress gateway w/ TLS tests for gRPC and HTTP2 * getAlpnProtocols: add TCP protocol test * add tests for ingress gateway with grpc/http2 and per-listener TLS config * add tests for ingress gateway with grpc/http2 and per-listener TLS config * add Gateway level TLS config with mixed protocol listeners to validate ALPN * update changelog to include ingress-gateway * add http/1.1 to http2 ALPN * go fmt * fix test on custom-trace-listener |
2 years ago |
|
freddygv
|
5f97223822 |
Simplify mgw watch mgmt
|
2 years ago |
|
DanStough
|
77ab28c5c7 |
feat: xDS updates for peerings control plane through mesh gw
|
2 years ago |
|
Eric Haberkorn
|
1633cf20ea
|
Make the mesh gateway changes to allow `local` mode for cluster peering data plane traffic (#14817)
Make the mesh gateway changes to allow `local` mode for cluster peering data plane traffic |
2 years ago |
|
Derek Menteer
|
a279d2d329
|
Fix explicit tproxy listeners with discovery chains. (#14751)
Fix explicit tproxy listeners with discovery chains. |
2 years ago |
|
Alex Oskotsky
|
13da2c5fad
|
Add the ability to retry on reset connection to service-routers (#12890)
|
2 years ago |
|
freddygv
|
b15d41534f |
Update xds generation for peering over mesh gws
This commit adds the xDS resources needed for INBOUND traffic from peer clusters: - 1 filter chain for all inbound peering requests. - 1 cluster for all inbound peering requests. - 1 endpoint per voting server with the gRPC TLS port configured. There is one filter chain and cluster because unlike with WAN federation, peer clusters will not attempt to dial individual servers. Peer clusters will only dial the local mesh gateway addresses. |
2 years ago |
|
Ashwin Venkatesh
|
4ba260958c
|
bug: watch local mesh gateways in non-default partitions with agentless (#14799)
|
2 years ago |
|
cskh
|
69f40df548
|
feat(ingress gateway: support configuring limits in ingress-gateway c… (#14749)
* feat(ingress gateway: support configuring limits in ingress-gateway config entry - a new Defaults field with max_connections, max_pending_connections, max_requests is added to ingress gateway config entry - new field max_connections, max_pending_connections, max_requests in individual services to overwrite the value in Default - added unit test and integration test - updated doc Co-authored-by: Chris S. Kim <ckim@hashicorp.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Dan Stough <dan.stough@hashicorp.com> |
2 years ago |
|
Eric Haberkorn
|
6570d5f004
|
Enable outbound peered requests to go through local mesh gateway (#14763)
|
2 years ago |
|
Nick Ethier
|
1c1b0994b8
|
add HCP integration component (#14723)
* add HCP integration * lint: use non-deprecated logging interface |
2 years ago |
|
freddygv
|
d818d7b096 |
Manage local server watches depending on mesh cfg
Routing peering control plane traffic through mesh gateways can be enabled or disabled at runtime with the mesh config entry. This commit updates proxycfg to add or cancel watches for local servers depending on this central config. Note that WAN federation over mesh gateways is determined by a service metadata flag, and any updates to the gateway service registration will force the creation of a new snapshot. If enabled, WAN-fed over mesh gateways will trigger a local server watch on initialize(). Because of this we will only add/remove server watches if WAN federation over mesh gateways is disabled. |
2 years ago |
|
Eric Haberkorn
|
aa8268e50c
|
Implement Cluster Peering Redirects (#14445)
implement cluster peering redirects |
2 years ago |
|
Daniel Upton
|
8c46e48e0d |
proxycfg-glue: server-local implementation of IntentionUpstreamsDestination
This is the OSS portion of enterprise PR 2463. Generalises the serverIntentionUpstreams type to support matching on a service or destination. |
2 years ago |
|
Daniel Upton
|
f8dba7e9ac |
proxycfg-glue: server-local implementation of InternalServiceDump
This is the OSS portion of enterprise PR 2489. This PR introduces a server-local implementation of the proxycfg.InternalServiceDump interface that sources data from a blocking query against the server's state store. For simplicity, it only implements the subset of the Internal.ServiceDump RPC handler actually used by proxycfg - as such the result type has been changed to IndexedCheckServiceNodes to avoid confusion. |
2 years ago |
|
Eric Haberkorn
|
3726a0ab7a
|
Finish up cluster peering failover (#14396)
|
2 years ago |
|
Daniel Upton
|
13c04a13af |
proxycfg: terminate stream on irrecoverable errors
This is the OSS portion of enterprise PR 2339. It improves our handling of "irrecoverable" errors in proxycfg data sources. The canonical example of this is what happens when the ACL token presented by Envoy is deleted/revoked. Previously, the stream would get "stuck" until the xDS server re-checked the token (after 5 minutes) and terminated the stream. Materializers would also sit burning resources retrying something that could never succeed. Now, it is possible for data sources to mark errors as "terminal" which causes the xDS stream to be closed immediately. Similarly, the submatview.Store will evict materializers when it observes they have encountered such an error. |
2 years ago |
|
Eric Haberkorn
|
58901ad7df
|
Cluster peering failover disco chain changes (#14296)
|
2 years ago |
|
Dhia Ayachi
|
6fd65a4a45
|
Tgtwy egress HTTP support (#13953)
* add golden files * add support to http in tgateway egress destination * fix slice sorting to include both address and port when using server_names * fix listener loop for http destination * fix routes to generate a route per port and a virtualhost per port-address combination * sort virtual hosts list to have a stable order * extract redundant serviceNode |
2 years ago |
|
Dhia Ayachi
|
256694b603
|
inject gateway addons to destination clusters (#13951)
|
2 years ago |
|
DanStough
|
2da8949d78 |
feat: convert destination address to slice
|
2 years ago |
|
freddygv
|
b544ce6485 |
Add ACL enforcement to peering endpoints
|
2 years ago |
|
Kyle Havlovitz
|
016f963e7e |
Remove excess debug log from ingress upstream shutdown
|
2 years ago |
|
Kyle Havlovitz
|
0be7d923dc |
Cancel upstream watches when the discovery chain has been removed
|
2 years ago |
|
Kyle Havlovitz
|
31318d7049 |
Fix duplicate Notify calls for discovery chains in ingress gateways
|
2 years ago |
|
Chris S. Kim
|
495936300e
|
Make envoy resources for inferred peered upstreams (#13758)
Peered upstreams has a separate loop in xds from discovery chain upstreams. This PR adds similar but slightly modified code to add filters for peered upstream listeners, clusters, and endpoints in the case of transparent proxy. |
2 years ago |
|
Dan Stough
|
49f3dadb8f |
feat: connect proxy xDS for destinations
Signed-off-by: Dhia Ayachi <dhia@hashicorp.com> |
2 years ago |
|
Chris S. Kim
|
f56810132f |
Check if an upstream is implicit from either intentions or peered services
|
2 years ago |
|
Chris S. Kim
|
02cff2394d |
Use new maps for proxycfg peered data
|
2 years ago |
|
Chris S. Kim
|
7f32cba735 |
Add new watch.Map type to refactor proxycfg
|
2 years ago |
|
Kyle Havlovitz
|
7d0c692374 |
Use protocol from resolved config entry, not gateway service
|
2 years ago |
|
R.B. Boyer
|
2317f37b4d
|
state: prohibit exported discovery chains to have cross-datacenter or cross-partition references (#13726)
Because peerings are pairwise, between two tuples of (datacenter, partition) having any exported reference via a discovery chain that crosses out of the peered datacenter or partition will ultimately not be able to work for various reasons. The biggest one is that there is no way in the ultimate destination to configure an intention that can allow an external SpiffeID to access a service. This PR ensures that a user simply cannot do this, so they won't run into weird situations like this. |
2 years ago |
|
Kyle Havlovitz
|
439eccdd80 |
Respect http2 protocol for upstreams of terminating gateways
|
2 years ago |
|
Daniel Upton
|
37ccbd2826 |
proxycfg: server-local intentions data source
This is the OSS portion of enterprise PR 2141. This commit provides a server-local implementation of the `proxycfg.Intentions` interface that sources data from streaming events. It adds events for the `service-intentions` config entry type, and then consumes event streams (via materialized views) for the service's explicit intentions and any applicable wildcard intentions, merging them into a single list of intentions. An alternative approach I considered was to consume _all_ intention events (via `SubjectWildcard`) and filter out the irrelevant ones. This would admittedly remove some complexity in the `agent/proxycfg-glue` package but at the expense of considerable overhead from waking potentially many thousands of connect proxies every time any intention is updated. |
2 years ago |
|
Chris S. Kim
|
d8b7940e40
|
Add internal endpoint to fetch peered upstream candidates from VirtualIP table (#13642)
For initial cluster peering TProxy support we consider all imported services of a partition to be potential upstreams. We leverage the VirtualIP table because it stores plain service names (e.g. "api", not "api-sidecar-proxy"). |
2 years ago |
|
R.B. Boyer
|
31b95c747b
|
xds: modify rbac rules to use the XFCC header for peered L7 enforcement (#13629)
When the protocol is http-like, and an intention has a peered source
then the normal RBAC mTLS SAN field check is replaces with a joint combo
of:
mTLS SAN field must be the service's local mesh gateway leaf cert
AND
the first XFCC header (from the MGW) must have a URI field that matches the original intention source
Also:
- Update the regex program limit to be much higher than the teeny
defaults, since the RBAC regex constructions are more complicated now.
- Fix a few stray panics in xds generation.
|
2 years ago |
|
R.B. Boyer
|
1a9c86ea8f
|
xds: mesh gateways now correctly load up peer-exported discovery chains using L7 protocols (#13624)
A mesh gateway will now configure the filter chains for L7 exported services using the correct discovery chain information. |
2 years ago |
|
Chris S. Kim
|
fb5eb20563
|
Pass trust domain to RBAC to validate and fix use of wrong peer trust bundles (#13508)
|
2 years ago |
|
DanStough
|
4b402e3119 |
feat: tgtwy xDS generation for destinations
Signed-off-by: Dhia Ayachi <dhia@hashicorp.com> |
2 years ago |
|
R.B. Boyer
|
201d1458c3
|
xds: mesh gateways now have their own leaf certificate when involved in a peering (#13460)
This is only configured in xDS when a service with an L7 protocol is exported. They also load any relevant trust bundles for the peered services to eventually use for L7 SPIFFE validation during mTLS termination. |
2 years ago |
|
R.B. Boyer
|
f557509e58
|
xds: allow for peered upstreams to use tagged addresses that are hostnames (#13422)
Mesh gateways can use hostnames in their tagged addresses (#7999). This is useful if you were to expose a mesh gateway using a cloud networking load balancer appliance that gives you a DNS name but no reliable static IPs. Envoy cannot accept hostnames via EDS and those must be configured using CDS. There was already logic when configuring gateways in other locations in the code, but given the illusions in play for peering the downstream of a peered service wasn't aware that it should be doing that. Also: - ensuring that we always try to use wan-like addresses to cross peer boundaries. |
2 years ago |
|
R.B. Boyer
|
ab758b7b32
|
peering: allow mesh gateways to proxy L4 peered traffic (#13339)
Mesh gateways will now enable tcp connections with SNI names including peering information so that those connections may be proxied. Note: this does not change the callers to use these mesh gateways. |
2 years ago |
|
Dan Upton
|
b168424398
|
xds: remove HTTPCheckFetcher dependency (#13366)
This is the OSS portion of enterprise PR 1994
Rather than directly interrogating the agent-local state for HTTP
checks using the `HTTPCheckFetcher` interface, we now rely on the
config snapshot containing the checks.
This reduces the number of changes required to support server xDS
sessions.
It's not clear why the fetching approach was introduced in
|
3 years ago |
|
R.B. Boyer
|
019aeaa57d
|
peering: update how cross-peer upstreams and represented in proxycfg and rendered in xds (#13362)
This removes unnecessary, vestigal remnants of discovery chains. |
3 years ago |
|
Freddy
|
a09c776645 |
Update public listener with SPIFFE Validator
Envoy's SPIFFE certificate validation extension allows for us to validate against different root certificates depending on the trust domain of the dialing proxy. If there are any trust bundles from peers in the config snapshot then we use the SPIFFE validator as the validation context, rather than the usual TrustedCA. The injected validation config includes the local root certificates as well. |
3 years ago |
|
Freddy
|
74ca6406ea
|
Configure upstream TLS context with peer root certs (#13321)
For mTLS to work between two proxies in peered clusters with different root CAs, proxies need to configure their outbound listener to use different root certificates for validation. Up until peering was introduced proxies would only ever use one set of root certificates to validate all mesh traffic, both inbound and outbound. Now an upstream proxy may have a leaf certificate signed by a CA that's different from the dialing proxy's. This PR makes changes to proxycfg and xds so that the upstream TLS validation uses different root certificates depending on which cluster is being dialed. |
3 years ago |
|
Dan Upton
|
adeabed126
|
proxycfg: replace direct agent cache usage with interfaces (#13320)
This is the OSS portion of enterprise PRs 1904, 1905, 1906, 1907, 1949, and 1971. It replaces the proxycfg manager's direct dependency on the agent cache with interfaces that will be implemented differently when serving xDS sessions from a Consul server. |
3 years ago |
|
freddygv
|
364758ef2f |
Use embedded SpiffeID for peered upstreams
|
3 years ago |
|
Dan Upton
|
2427e38839
|
Enable servers to configure arbitrary proxies from the catalog (#13244)
OSS port of enterprise PR 1822 Includes the necessary changes to the `proxycfg` and `xds` packages to enable Consul servers to configure arbitrary proxies using catalog data. Broadly, `proxycfg.Manager` now has public methods for registering, deregistering, and listing registered proxies — the existing local agent state-sync behavior has been moved into a separate component that makes use of these methods. When an xDS session is started for a proxy service in the catalog, a goroutine will be spawned to watch the service in the server's state store and re-register it with the `proxycfg.Manager` whenever it is updated (and clean it up when the client goes away). |
3 years ago |