Commit Graph

19038 Commits (5cd0ccfc755437043d7e1016e39238b83fdd7aaf)

Author SHA1 Message Date
Jeff Boruszak 74f08b9667
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-10-11 09:34:17 -05:00
Mariano Asselborn 2bb2846790
Enable ironbank integration (#14931) 2022-10-11 10:27:06 -04:00
freddygv f4cc4577ca Fix alias check leak
Preivously when alias check was removed it would not be stopped nor
cleaned up from the associated aliasChecks map.

This means that any time an alias check was deregistered we would
leak a goroutine for CheckAlias.run() because the stopCh would never
be closed.

This issue mostly affects service mesh deployments on platforms where
the client agent is mostly static but proxy services come and go
regularly, since by default sidecars are registered with an alias check.
2022-10-10 16:42:29 -06:00
James Oulman b8bd7a3058
Configure Envoy alpn_protocols based on service protocol (#14356)
* Configure Envoy alpn_protocols based on service protocol

* define alpnProtocols in a more standard way

* http2 protocol should be h2 only

* formatting

* add test for getAlpnProtocol()

* create changelog entry

* change scope is connect-proxy

* ignore errors on ParseProxyConfig; fixes linter

* add tests for grpc and http2 public listeners

* remove newlines from PR

* Add alpn_protocol configuration for ingress gateway

* Guard against nil tlsContext

* add ingress gateway w/ TLS tests for gRPC and HTTP2

* getAlpnProtocols: add TCP protocol test

* add tests for ingress gateway with grpc/http2 and per-listener TLS config

* add tests for ingress gateway with grpc/http2 and per-listener TLS config

* add Gateway level TLS config with mixed protocol listeners to validate ALPN

* update changelog to include ingress-gateway

* add http/1.1 to http2 ALPN

* go fmt

* fix test on custom-trace-listener
2022-10-10 13:13:56 -07:00
Freddy a73c6a26c8
Merge pull request #14747 from hashicorp/kisunji/NET-801-add-peer-stream-status 2022-10-10 14:07:54 -06:00
freddygv b16a69d16f Add changelog entry 2022-10-10 13:35:12 -06:00
freddygv bf72df7b0e Fixup test 2022-10-10 13:20:14 -06:00
Chris S. Kim 4f4112662e Fix nil pointer 2022-10-10 13:20:14 -06:00
Chris S. Kim b0a4c5c563 Include stream-related information in peering endpoints 2022-10-10 13:20:14 -06:00
cskh 7770be3d57
docs: fix missing agent caching method (#14928) 2022-10-10 14:38:04 -04:00
Paul Glass c0c187f1c5
Merge central config for GetEnvoyBootstrapParams (#14869)
This fixes GetEnvoyBootstrapParams to merge in proxy-defaults and service-defaults.

Co-authored-by: Dan Upton <daniel@floppy.co>
2022-10-10 12:40:27 -05:00
Freddy b757624b59
Merge pull request #14918 from hashicorp/fix/metrics-checker 2022-10-10 11:12:37 -06:00
Geoffrey Grosenbach 58c8a10b98
Fix outdated support email address (#14907)
The software delivery support email address is no longer valid. This replaces it with a link to the official support website.
2022-10-07 16:29:38 -07:00
Kyle Schochenmaier 2f1845a4fa
update helm docs (#14912) 2022-10-07 16:07:57 -07:00
Freddy 4abad02abd
Merge pull request #14796 from hashicorp/peering/use-connect-ca 2022-10-07 10:37:37 -06:00
Freddy 56d4aba18c
Merge pull request #14917 from hashicorp/dans/NET-718/peering-outbound-mesh-gateway-xds 2022-10-07 10:20:38 -06:00
freddygv 7851b30aad Add changelog entry 2022-10-07 09:54:08 -06:00
freddygv 7d4da6eb22 Fixup test 2022-10-07 09:34:16 -06:00
freddygv 79da55a4b9 Ensure lines were modified
It's possible that the output of the diff contains surrounding lines
that were not modified. This change filters further to lines that were
added or removed.
2022-10-07 09:24:37 -06:00
freddygv 3034df6a5c Require Connect and TLS to generate peering tokens
By requiring Connect and a gRPC TLS listener we can automatically
configure TLS for all peering control-plane traffic.
2022-10-07 09:06:29 -06:00
freddygv fac3ddc857 Use internal server certificate for peering TLS
A previous commit introduced an internally-managed server certificate
to use for peering-related purposes.

Now the peering token has been updated to match that behavior:
- The server name matches the structure of the server cert
- The CA PEMs correspond to the Connect CA

Note that if Conect is disabled, and by extension the Connect CA, we
fall back to the previous behavior of returning the manually configured
certs and local server SNI.

Several tests were updated to use the gRPC TLS port since they enable
Connect by default. This means that the peering token will embed the
Connect CA, and the dialer will expect a TLS listener.
2022-10-07 09:05:32 -06:00
freddygv 5f97223822 Simplify mgw watch mgmt 2022-10-07 08:54:37 -06:00
freddygv d54db25421 Use existing query options to build ctx 2022-10-07 08:46:53 -06:00
DanStough 77ab28c5c7 feat: xDS updates for peerings control plane through mesh gw 2022-10-07 08:46:42 -06:00
Tyler Wendlandt 2c349bb126
ui: Remove node name from agentless service instance (#14903)
* [NET-949]: Remove node name from agentless instance

* Add changelog entry
2022-10-07 04:01:34 -06:00
Tim Rosenblatt 97ad73ad24
Fixes broken URLs in Dataplane docs (#14910) 2022-10-06 19:23:02 -07:00
Jared Kirschner 8c3376d1e5
Merge pull request #14898 from hashicorp/docs/new-vault-connect-ca-permissions-needed
docs: vault ca provider patch upgrade guidance
2022-10-06 19:11:50 -04:00
Jared Kirschner 2603c0da52 docs: vault ca provider patch upgrade guidance 2022-10-06 16:04:43 -07:00
HashiBot 1ade1de38b
website: upgrade next version (#14906)
Co-authored-by: Bryce Kalow <bkalow@hashicorp.com>
2022-10-06 14:15:47 -05:00
Tyler Wendlandt f0be55df86
ui: Update empty-state copy throughout app (#14721)
* Update empty-state copy throughout app

Update empty-states throughout the app to only include mentions of ACLs if the user has ACLs enabled.

* Update peers empty state copy
Flip the empty state copy logic for peers. Small typo fixes on other empty states.

* Update Node empty state with docs

* Update intentions empty state
Make ACL copy dependent on if acls are enabled.

* Update Nodes empty state learn copy

* Fix binding rule copy key
2022-10-06 11:01:49 -06:00
Michael Klein 62a66a32d7
ui: Setup Hashicorp Design System for usage in consul-ui (#14394)
* Use postcss instead of ember-cli-sass

This will make it possible to work with tailwindcss.

* configure postcss to compile sass
* add "sub-app" css into app/styles tree

* pin node@14 via volta

Only used by people that use volta

* Install tailwind and autoprefixer

* Create tailwind config

* Use tailwind via postcss

* Fix: tailwind changes current styling

When adding tailwind to the bottom of app.scss we apparently
change the way the application looks. We will import
it first to make sure we don't change the current styling
of the application right now.

* Automatic import of HDS colors in tailwind

* Install @hashicorp/design-system-components

* install add-on
* setup postcss scss pipeline to include tokens css
* import add-on css

* Install ember-auto-import v2

HDS depends on v2 of ember-auto-import so we need to upgrade.

* Upgrade ember-cli-yadda

v0.6.0 of ember-cli-yadda adds configuration for webpack.
This configuration is incompatible with webpack v5
which ember-auto-import v2 is using.
We need to upgrade ember-cli-yadda to the latest
version that fixes this incompatability with auto-import v2

* Install ember-flight-icons

HDS components are using the addon internally.

* Document HDS usage in engineering docs

* Upgrade ember-cli-api-double

* fix new linting errors
2022-10-06 17:17:20 +02:00
Eric Haberkorn 1633cf20ea
Make the mesh gateway changes to allow `local` mode for cluster peering data plane traffic (#14817)
Make the mesh gateway changes to allow `local` mode for cluster peering data plane traffic
2022-10-06 09:54:14 -04:00
cskh c1b5f34fb7
fix: missing UDP field in checkType (#14885)
* fix: missing UDP field in checkType

* Add changelog

* Update doc
2022-10-05 15:57:21 -04:00
Derek Menteer a279d2d329
Fix explicit tproxy listeners with discovery chains. (#14751)
Fix explicit tproxy listeners with discovery chains.
2022-10-05 14:38:25 -05:00
Tyler Wendlandt 3638dc13fb
ui: Wrap service names on show and instance routes (#14771)
* Wrap service names on show and instance routes
Moves the trailing type/kind/actions to the second row of the header
no matter what length the service name is. Wraps service name text.

* Change grid format of AppView globally

* Add tooltips to the last element of breadcrumbs
2022-10-05 13:21:34 -06:00
Matt Keeler 2811925417
Add changelog entry for #12890 2022-10-05 13:35:07 -04:00
Alex Oskotsky 13da2c5fad
Add the ability to retry on reset connection to service-routers (#12890) 2022-10-05 13:06:44 -04:00
Tu Nguyen f650aa0044
fix broken links (#14892) 2022-10-05 09:54:49 -07:00
cskh 995671ff6f
fix(api): missing peer name in query option (#14835) 2022-10-05 10:04:08 -04:00
Michael Klein 6fbe799178
Allow managed-runtime badge to be dynamic (#14853) 2022-10-05 11:48:03 +02:00
Nathan Coleman 78b437760b
Merge pull request #14880 from hashicorp/nathancoleman-patch-1
Update CAPIGW comparison docs
2022-10-04 20:14:23 -04:00
Ashlee M Boyer c6ace151dc
Merge pull request #14878 from hashicorp/docs/amb.fix-broken-links
[docs] Fix broken Learn link
2022-10-04 19:11:06 -05:00
Ashlee Boyer b5a468aa6e empty commit 2022-10-04 20:09:33 -04:00
John Murret 79a541fd7d
Upgrade serf to v0.10.1 and memberlist to v0.5.0 to get memberlist size metrics and broadcast queue depth metric (#14873)
* updating to serf v0.10.1 and memberlist v0.5.0 to get memberlist size metrics and memberlist broadcast queue depth metric

* update changelog

* update changelog

* correcting changelog

* adding "QueueCheckInterval" for memberlist to test

* updating integration test containers to grab latest api
2022-10-04 17:51:37 -06:00
Nathan Coleman 90db6f4fd0
Update website/content/docs/consul-vs-other/api-gateway-compare.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-10-04 19:41:16 -04:00
Nathan Coleman 86722af89f
Update website/content/docs/consul-vs-other/api-gateway-compare.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2022-10-04 18:05:03 -04:00
Nathan Coleman e22d575240
Use consistent casing for "Consul API Gateway" vs. "API gateway" 2022-10-04 17:35:58 -04:00
Nathan Coleman 710e010594
Update documentation link to improve readability 2022-10-04 17:34:32 -04:00
Ashlee Boyer d42831e6c5 Empty-Commit 2022-10-04 16:39:56 -04:00
Evan Culver a3be5a5a82
connect: Bump Envoy 1.20 to 1.20.7, 1.21 to 1.21.5 and 1.22 to 1.22.5 (#14831) 2022-10-04 13:15:01 -07:00