Commit Graph

378 Commits (72bae90724ad0211ae3f2f8e068550760b95b02b)

Author SHA1 Message Date
Freddy 2ca3f481f8
Only consider virtual IPs for transparent proxies (#10162)
4 years ago
Daniel Nephin 62efaaab21 config-entry: remove Kind and Name field from Mesh config entry
4 years ago
R.B. Boyer abc1dc0fe9
connect: update supported envoy versions to 1.18.2, 1.17.2, 1.16.3, and 1.15.4 (#10101)
4 years ago
R.B. Boyer 85a718da63
xds: ensure that all envoyproxy/go-control-plane protobuf symbols are linked into the final binary (#10131)
4 years ago
R.B. Boyer 71d45a3460
Support Incremental xDS mode (#9855)
4 years ago
Freddy 078c40425f
Rename "cluster" config entry to "mesh" (#10127)
4 years ago
Freddy 439a7fce2d
Split Upstream.Identifier() so non-empty namespace is always prepended in ent (#10031)
4 years ago
R.B. Boyer 06848ce67e fix broken golden tests
4 years ago
Freddy 55a3697b83
Merge pull request #9987 from hashicorp/remove-kube-dns-hack
4 years ago
freddygv 4e509aa768 Remove todo that was todone
4 years ago
freddygv 75edc9bc7c Avoid nil panic when cluster config doesn't exist
4 years ago
freddygv 7bd51ff536 Replace TransparentProxy bool with ProxyMode
4 years ago
Iryna Shustava 5755c97bc7
cli: Add new `consul connect redirect-traffic` command for applying traffic redirection rules when Transparent Proxy is enabled. (#9910)
4 years ago
Freddy e385e5992f
Merge pull request #9042 from lawliet89/tg-rewrite
4 years ago
freddygv c6d64a8078 Stable sort cidr ranges to match on
4 years ago
freddygv 02f6768cd2 Remove kube-dns resolution since clusterip will be a tagged addr
4 years ago
R.B. Boyer 499fee73b3
connect: add toggle to globally disable wildcard outbound network access when transparent proxy is enabled (#9973)
4 years ago
Yong Wen Chua 409768d6e5
Merge branch 'master' of github.com:hashicorp/consul into tg-rewrite
4 years ago
freddygv ad6c726453 Uncomment listener tests
4 years ago
freddygv f4f45af6d0 Merge master and fix upstream config protocol defaulting
4 years ago
freddygv 9f0696528b Rename hasChains for clarity
4 years ago
freddygv 0da8702f34 PR comments
4 years ago
freddygv bf96d536d9 Upstreams loop is only for prepared queries and they are not CentrallyConfigured
4 years ago
freddygv 8a062e1546 Handle prepared queries in Upstreams loop and escape hatches in disco chain loop
4 years ago
freddygv ce964f8ea5 Update xds for transparent proxy
4 years ago
freddygv 3f2489c31d Refactor makePublicListener
4 years ago
freddygv 8b46d8dcbb Restore old Envoy prefix on escape hatches
4 years ago
freddygv e3dc2a49df Turn Limits and PassiveHealthChecks into pointers
4 years ago
freddygv 1710ec87d2 finish moving UpstreamConfig and related fields to structs pkg
4 years ago
freddygv 87cde19b4c Create new types for service-defaults upstream cfg
4 years ago
R.B. Boyer 398b766532
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658)
4 years ago
R.B. Boyer be89557fb4
test: omit envoy golden test files that differ from the latest version (#9807)
4 years ago
Yong Wen Chua 58b553704a
Update test fixtures
4 years ago
Yong Wen Chua 750e2921b0
Auto Rewrite Host Headers for Terminating Gateways
4 years ago
R.B. Boyer 3b6ffc447b
xds: remove deprecated usages of xDS (#9602)
4 years ago
R.B. Boyer 39effd620c
xds: only try to create an ipv6 expose checks listener if ipv6 is supported by the kernel (#9765)
4 years ago
R.B. Boyer 6eeccc93ce
connect: update supported envoy point releases to 1.16.2, 1.15.3, 1.14.6, 1.13.7 (#9737)
4 years ago
Freddy 82c269a7c5
Avoid potential proxycfg/xDS deadlock using non-blocking send
4 years ago
R.B. Boyer 43193a35c6
xds: prevent LDS flaps in mesh gateways due to unstable datacenter lists (#9651)
4 years ago
R.B. Boyer adff0c05a7
xds: deduplicate mesh gateway listeners in a stable way (#9650)
4 years ago
freddygv de0cb1af7f Make xDS labeling consistent with proxycfg
4 years ago
freddygv 5ba14ad41d Add trace logs to proxycfg state runner and xds srv
4 years ago
Chris Boulton 8a35df81c7
connect: add local_request_timeout_ms to configure local_app http timeouts (#9554)
4 years ago
Daniel Nephin 4b8b2a4291 xds: remove Server.Initialize
4 years ago
Daniel Nephin 2e2ee41390 xds: Fix data race
4 years ago
Daniel Nephin 375aed5ed6 xds: Pass in logger
4 years ago
Daniel Nephin b9e60c0775 testing: skip slow tests with -short
4 years ago
Freddy fe728855ed
Add DC and NS support for Envoy metrics (#9207)
4 years ago
R.B. Boyer 8baf158ea8
Revert "Add namespace support for metrics (OSS) (#9117)" (#9124)
4 years ago
Freddy 06b3b017d3
Add namespace support for metrics (OSS) (#9117)
4 years ago
R.B. Boyer a2c50d3303
connect: add support for envoy 1.16.0, drop support for 1.12.x, and bump point releases as well (#8944)
4 years ago
R.B. Boyer 1b413b0444
connect: support defining intentions using layer 7 criteria (#8839)
4 years ago
R.B. Boyer a2a8e9c783
connect: intentions are now managed as a new config entry kind "service-intentions" (#8834)
4 years ago
freddygv 768dbaa68d Add session flag to cookie config
4 years ago
freddygv 9d2a9169fd PR comments
4 years ago
freddygv eab90ea9fa Revert EnvoyConfig nesting
4 years ago
freddygv 403a180430 Set tgw filter router config name to cluster name
4 years ago
freddygv 959d9913b8 Add server receiver to routes and log tgw err
4 years ago
freddygv 00f2794bfa Update golden files after default route fix for tgw
4 years ago
freddygv 318aa094fd Fix http assertion in route creation
4 years ago
freddygv 30ba080d25 Add explicit protocol overrides in tgw xds test cases
4 years ago
freddygv f81fe6a1a1 Remove LB infix and move injection to xds
4 years ago
freddygv 63f79e5f9b Restructure structs and other PR comments
4 years ago
freddygv 28d0602fc1 Pass LB config to Envoy via xDS
4 years ago
freddygv 2bbbd9e1da Log error as error
4 years ago
R.B. Boyer 74d5df7c7a
xds: use envoy's rbac filter to handle intentions entirely within envoy (#8569)
4 years ago
R.B. Boyer fead4fc2a5
agent: expose the list of supported envoy versions on /v1/agent/self (#8545)
4 years ago
R.B. Boyer e3cd4a8539
connect: use stronger validation that ingress gateways have compatible protocols defined for their upstreams (#8470)
4 years ago
R.B. Boyer c599a2f5f4
xds: add support for envoy 1.15.0 and drop support for 1.11.x (#8424)
4 years ago
Hans Hasselberg 496fb5fc5b
add support for envoy 1.14.4, 1.13.4, 1.12.6 (#8216)
4 years ago
R.B. Boyer 1eef096dfe
xds: version sniff envoy and switch regular expressions from 'regex' to 'safe_regex' on newer envoy versions (#8222)
4 years ago
Chris Piraino 735337b170
Append port number to ingress host domain (#8190)
4 years ago
Daniel Nephin 010a609912 Fix a bunch of unparam lint issues
5 years ago
R.B. Boyer c63c994b04
connect: upgrade github.com/envoyproxy/go-control-plane to v0.9.5 (#8165)
5 years ago
Freddy 5baa7b1b04
Always return a gateway cluster (#8158)
5 years ago
Daniel Nephin 068b43df90 Enable gofmt simplify
5 years ago
Daniel Nephin 2eac5b8023
Merge pull request #8074 from hashicorp/dnephin/remove-references-to-PatchSliceOfMaps
5 years ago
freddygv 19e3954603 Move compound service names to use ServiceName type
5 years ago
Freddy 166a8b2a58
Only pass one hostname via EDS and prefer healthy ones (#8084)
5 years ago
Daniel Nephin 8ec029ae6a Update comments that reference PatchSliceOfMaps
5 years ago
Daniel Nephin c66c533d73
Merge pull request #7964 from hashicorp/dnephin/remove-patch-slice-of-maps-forward-compat
5 years ago
Daniel Nephin 75cbbe2702 config: add HookWeakDecodeFromSlice
5 years ago
Chris Piraino 1a853fc954
Always require Host header values for http services (#7990)
5 years ago
Freddy 9ed325ba8b
Enable gateways to resolve hostnames to IPv4 addresses (#7999)
5 years ago
Daniel Nephin 6a2d7d77c0 config: use the new HookTranslateKeys instead of lib.TranslateKeys
5 years ago
Daniel Nephin 8ced4300c8 Add alias struct tags for new decode hook
5 years ago
Raphaël Rondeau 0d2f178b7b
connect: fix endpoints clusterName when using cluster escape hatch (#7319)
5 years ago
Kyle Havlovitz b14696e32a
Standardize support for Tagged and BindAddresses in Ingress Gateways (#7924)
5 years ago
Daniel Nephin 9f27d61bee Remove unused var
5 years ago
Daniel Nephin c662f0f0de Fix a number of problems found by staticcheck
5 years ago
Kyle Havlovitz 136549205c
Merge pull request #7759 from hashicorp/ingress/tls-hosts
5 years ago
Daniel Nephin 5655d7f34e Add outlier_detection check to integration test
5 years ago
Daniel Nephin eaa05d623a xds: Add passive health check config for upstreams
5 years ago
Freddy c32a4f1ece
Fix up enterprise compatibility for gateways (#7813)
5 years ago
Chris Piraino f55e20a2f7
Allow ingress gateways to send empty clusters, routes, and listeners (#7795)
5 years ago
Kyle Havlovitz f14c54e25e Add TLS option and DNS SAN support to ingress config
5 years ago
Chris Piraino d498a0afc9 Correctly set a namespace label in the required domain for xds routes
5 years ago
Chris Piraino 45e635286a Re-add comment on connect-proxy virtual hosts
5 years ago
Chris Piraino c44f877758 Comment why it is ok to expect upstreams slice to not be empty
5 years ago
Chris Piraino 881760f701 xds: Use only the port number as the configured route name
5 years ago
Chris Piraino f40833d094 Allow Hosts field to be set on an ingress config entry
5 years ago
Kyle Havlovitz 711d1389aa Support multiple listeners referencing the same service in gateway definitions
5 years ago
Kyle Havlovitz 247f9eaf13 Allow ingress gateways to route traffic based on Host header
5 years ago
Freddy 137a2c32c6
TLS Origination for Terminating Gateways (#7671)
5 years ago
freddygv 4710410cb5 Remove fallthrough
5 years ago
freddygv d1e6d668c2 Add authz filter when creating filterchain
5 years ago
freddygv d82e7e8c2a Fix listener error handling
5 years ago
freddygv 6abc71f915 Skip filter chain creation if no client cert
5 years ago
freddygv 09a8e5f36d Use golden files for gateway certs and fix listener test flakiness
5 years ago
freddygv c0e1751878 Allow terminating-gateway to setup listener before servicegroups are known
5 years ago
freddygv 913b13f31f Add subset support
5 years ago
freddygv 219c78e586 Add xds cluster/listener/endpoint management
5 years ago
Chris Piraino ecc8a2d6f7 Allow ingress gateways to route through mesh gateways
5 years ago
Chris Piraino cb9df538d5 Add all the xds ingress tests
5 years ago
Kyle Havlovitz e7b1ee55de Add http routing support and integration test to ingress gateways
5 years ago
Kyle Havlovitz e9e8c0e730
Ingress Gateways for TCP services (#7509)
5 years ago
Andy Lindeman c1cb18c648
proxycfg: support path exposed with non-HTTP2 protocol (#7510)
5 years ago
Daniel Nephin 1d90ecc31d Remove unused token parameter
5 years ago
Daniel Nephin ef68e404a5 A little less 'just'
5 years ago
Daniel Nephin 002fc85ef2 Remove unused customEDSClusterJSON
5 years ago
Freddy 18d356899c
Enable CLI to register terminating gateways (#7500)
5 years ago
Kim Ngo bef693df9c
agent/xds: Update mesh gateway to use service router timeout (#7444)
5 years ago
R.B. Boyer 6adad71125
wan federation via mesh gateways (#6884)
5 years ago
Matt Keeler 4c9577678e
xDS Mesh Gateway Resolver Subset Fixes (#7294)
5 years ago
Chris Piraino 47ff532735
Fixes envoy config when both RetryOn* values are set (#7280)
5 years ago
Matt Keeler dfb0177dbc
Testing updates to support namespaced testing of the agent/xds… (#7185)
5 years ago
Matt Keeler bfc03ec587
Fix a couple bugs regarding intentions with namespaces (#7169)
5 years ago
Chris Piraino 401221de58
Allow users to configure either unstructured or JSON logging (#7130)
5 years ago
Matt Keeler c09693e545
Updates to Config Entries and Connect for Namespaces (#7116)
5 years ago
Hans Hasselberg 11a571de95
agent: setup grpc server with auto_encrypt certs and add -https-port (#7086)
5 years ago
Matt Keeler 5934f803bf
Sync of OSS changes to support namespaces (#6909)
5 years ago
Chris Piraino f3b54fa535
Allow configuration of upstream connection limits in Envoy (#6829)
5 years ago
R.B. Boyer 2011f3d7dc
xds: mesh gateway CDS requests are now allowed to receive an empty CDS reply (#6787)
5 years ago
Matt Keeler e4ea9b0a96
Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675)
5 years ago
R.B. Boyer 97aa050c20
agent: allow mesh gateways to initialize even if there are no connect services registered yet (#6576)
5 years ago
R.B. Boyer 8dcba472a2
xds: tcp services using the discovery chain should not assume RDS during LDS (#6623)
5 years ago
Matt Keeler 973341a592
ACL Authorizer overhaul (#6620)
5 years ago
Freddy fdd10dd8b8
Expose HTTP-based paths through Connect proxy (#6446)
5 years ago
R.B. Boyer dfcdc41ef8
connect: allow 'envoy_cluster_json' escape hatch to continue to function (#6378)
5 years ago
R.B. Boyer 7a6faccf2f
docs: document how envoy escape hatches work with the discovery chain (#6350)
5 years ago
R.B. Boyer 561b2fe606
connect: generate the full SNI names for discovery targets in the compiler rather than in the xds package (#6340)
5 years ago
R.B. Boyer ae79cdab1b
connect: introduce ExternalSNI field on service-defaults (#6324)
5 years ago
R.B. Boyer 72207256b9
xds: improve how envoy metrics are emitted (#6312)
5 years ago
R.B. Boyer 8e22d80e35
connect: fix failover through a mesh gateway to a remote datacenter (#6259)
5 years ago
R.B. Boyer c395affc93
connect: expose an API endpoint to compile the discovery chain (#6248)
5 years ago
R.B. Boyer f02924fafe
connect: simplify the compiled discovery chain data structures (#6242)
5 years ago
R.B. Boyer 6393edba53
connect: reconcile how upstream configuration works with discovery chains (#6225)
5 years ago
Matt Keeler fcc18c1675
Fix prepared query upstream endpoint generation (#6236)
5 years ago
R.B. Boyer ad9e7b6ae9
connect: allow L7 routers to match on http methods (#6164)
5 years ago
R.B. Boyer 85cf2706e6
connect: change router syntax for matching query parameters to resemble the syntax for matching paths and headers for consistency. (#6163)
5 years ago
R.B. Boyer 1dbd92e091
connect: validate and test more of the L7 config entries (#6156)
5 years ago
R.B. Boyer e039dfd7f8
connect: rework how the service resolver subset OnlyPassing flag works (#6173)
5 years ago
hashicorp-ci a4431da1cc Merge Consul OSS branch 'master' at commit ef257b084d
5 years ago
Christian Muehlhaeuser 16193665ca Fixed a few tautological condition mistakes (#6177)
5 years ago
R.B. Boyer d7a5158805
xds: allow http match criteria to be applied to routes on services using grpc protocols (#6149)
5 years ago
R.B. Boyer bcd2de3a2e
implement some missing service-router features and add more xDS testing (#6065)
5 years ago
Jack Pearkes e6f1b78efb Make cluster names SNI always (#6081)
5 years ago
Michael Schurter b5aab27c21 connect: allow overriding envoy listener bind_address (#6033)
5 years ago
Matt Keeler 62ad0294d4 Don't use WatchedDatacenters in the xds code as thsoe get nil'ed out prior to sending to xds
5 years ago
Matt Keeler 25f580bcaa Fix a bunch of xds flaky tests
5 years ago
Matt Keeler a8e2e866e3 Update xds/proxycfg tests to use the same looking trust domain as a normal system
5 years ago
Matt Keeler a7421c160f Implement mesh gateway management of service subsets
5 years ago
R.B. Boyer 4bdb690a25
activate most discovery chain features in xDS for envoy (#6024)
5 years ago
Matt Keeler 8d953f5840 Implement Mesh Gateways
5 years ago
R.B. Boyer 38d76c624e
Allow for both snake_case and CamelCase for config entries written with 'consul config write'. (#6044)
6 years ago
Matt Keeler 813e009a2d
Prepare for having different service kinds that are all generic… (#6013)
6 years ago
Paul Banks ffcfdf29fc
Upgrade xDS (go-control-plane) API to support Envoy 1.10. (#5872)
6 years ago
Matt Keeler 2ba6c3ac00
Update links to envoy docs on xDS protocol (#5871)
6 years ago
Paul Banks 421ecd32fc
Connect: allow configuring Envoy for L7 Observability (#5558)
6 years ago
Paul Banks 89fa5ec3ba
Connect: Fix Envoy getting stuck during load (#5499)
6 years ago
R.B. Boyer f4a3b9d518
fix typos reported by golangci-lint:misspell (#5434)
6 years ago
Nicholas Jackson 99fe9dabce Envoy config cluster (#5308)
6 years ago
R.B. Boyer d3eb781384 Check ACLs more often for xDS endpoints.
6 years ago
R.B. Boyer 2dea3e2bd7 Fix some test typos.
6 years ago
Matt Keeler 18b29c45c4
New ACLs (#4791)
6 years ago
Paul Banks c9217c958e merge feedback: fix typos; actually use deliverLatest added previously but not plumbed in
6 years ago
Paul Banks dca1303d05 Connect Envoy Command (#4735)
6 years ago
Paul Banks 1909a95118 xDS Server Implementation (#4731)
6 years ago