Commit Graph

17835 Commits (add15bec2efde78d2da4adad6c87b538c89d7f25)

Author SHA1 Message Date
Sarah Alsmiller add15bec2e fix tabs 2022-07-21 16:54:03 -05:00
Sarah Alsmiller b9501b5170 erge branch 'sa-restructure-documentation' of github.com:hashicorp/consul into sa-restructure-documentation 2022-07-21 15:13:00 -05:00
Sarah Alsmiller e0d38ea01e add consul k8s install instructions 2022-07-21 15:12:49 -05:00
sarahalsmiller c9f622de38
Update website/content/docs/api-gateway/configuration/gatewayclassconfig.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:59:14 -05:00
Sarah Alsmiller 63e806f993 Merge branch 'sa-restructure-documentation' of github.com:hashicorp/consul into sa-restructure-documentation 2022-07-21 14:54:04 -05:00
Sarah Alsmiller 20e97a7729 merge back in mike's environment doc in install 2022-07-21 14:53:55 -05:00
sarahalsmiller c54e0904de
Update website/content/docs/api-gateway/configuration/gateway.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:55 -05:00
sarahalsmiller 5d02480430
Update website/content/docs/api-gateway/configuration/gateway.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:47 -05:00
sarahalsmiller dfc9ae4a60
Update website/content/docs/api-gateway/configuration/gateway.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:34 -05:00
sarahalsmiller 9feb465f62
Update website/content/docs/api-gateway/configuration/gateway.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:25 -05:00
Sarah Alsmiller 7cbc1d9138 fix indent issue 2022-07-20 16:21:14 -05:00
sarahalsmiller c859af7ad9
Update website/content/docs/api-gateway/install.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-20 16:04:53 -05:00
sarahalsmiller f1a6067a0b
Update website/data/docs-nav-data.json
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-20 16:03:56 -05:00
sarahalsmiller 381a987549
Update website/content/docs/api-gateway/usage/basic-usage.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-20 16:02:20 -05:00
sarahalsmiller c5e4923640
Update website/content/docs/api-gateway/usage/basic-usage.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-20 16:02:09 -05:00
sarahalsmiller 5215b63598
Update website/content/docs/api-gateway/usage/basic-usage.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-20 16:00:04 -05:00
Sarah Alsmiller 7c32c94696 fix rendering issue 2022-07-14 12:54:40 -05:00
Sarah Alsmiller 1c15944dfb restore tech specs 2022-07-14 12:49:58 -05:00
Sarah Alsmiller a1a5148a30 seperate technical specs back out 2022-07-14 12:42:22 -05:00
Sarah Alsmiller b8718a9fad fix formating issue 2022-07-14 11:31:18 -05:00
Sarah Alsmiller 1358609742 merge 2022-07-14 11:24:39 -05:00
Sarah Alsmiller 64a7bebe4c change file name 2022-07-14 11:22:05 -05:00
Sarah Alsmiller 49ae65b9de add links 2022-07-14 11:15:01 -05:00
Sarah Alsmiller 773e73f325 content 2022-07-14 11:07:27 -05:00
Sarah Alsmiller b909d0934d fix identation 2022-07-14 11:06:16 -05:00
John Cowen 68e79b8180
ui: Add additional API requests for peering establishment (#13734) 2022-07-14 11:23:16 +01:00
John Cowen f6edc37d0c
ui: Move peers to a subapplication (#13725) 2022-07-14 11:22:45 +01:00
John Cowen 610038ce67
ui: Thread through data-source invalidate method (#13710)
* ui: Thread through data-source invalidate method

* Remove old invalidating state
2022-07-14 09:30:35 +01:00
John Cowen 96d11465b9
ui: Make our old TabNav component easily usable with a state machine (#13705)
* ui: Make our old TabNav component easily usable with a state machine

* Add an event handler that receives an object
2022-07-14 09:30:07 +01:00
Evan Culver aea0d6f6bf
Add changelog entries from latest releases (#13746) 2022-07-13 18:23:53 -07:00
sarahalsmiller 3267f3ea46
Update website/content/docs/api-gateway/usage/basic-usage.mdx
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2022-07-13 16:21:13 -05:00
sarahalsmiller 45467e141b
Update website/content/docs/api-gateway/usage/basic-usage.mdx
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2022-07-13 16:18:39 -05:00
sarahalsmiller 8cd1ff2d24
Update website/content/docs/api-gateway/configuration/gatewayclassconfig.mdx
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2022-07-13 16:01:53 -05:00
sarahalsmiller f076c8086d
Update website/content/docs/api-gateway/configuration/gatewayclass.mdx
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2022-07-13 16:01:45 -05:00
Chris S. Kim f56810132f Check if an upstream is implicit from either intentions or peered services 2022-07-13 16:53:20 -04:00
Chris S. Kim 02cff2394d Use new maps for proxycfg peered data 2022-07-13 16:05:10 -04:00
Chris S. Kim 7f32cba735 Add new watch.Map type to refactor proxycfg 2022-07-13 16:05:10 -04:00
Chris S. Kim b4ffa9ae0c Scrub VirtualIPs before exporting 2022-07-13 16:05:10 -04:00
Kyle Havlovitz 9097e2b0f0
Merge pull request #13699 from hashicorp/tgate-http2-upstream
Respect http2 protocol for upstreams of terminating gateways
2022-07-13 09:41:15 -07:00
R.B. Boyer f1cc185335
proto: add package prefixes for all proto files where it is safe (#13735)
We cannot do this for "subscribe" and "partition" this easily without
breakage so those are omitted.

Any protobuf message passed around via an Any construct will have the
fully qualified package name embedded in the protobuf as a string. Also
RPC method dispatch will include the package of the service during
serialization.

- We will be passing pbservice and pbpeering through an Any as part of
  peer stream replication.

- We will be exposing two new gRPC services via pbpeering and
  pbpeerstream.
2022-07-13 11:03:27 -05:00
Dan Upton b9e525d689
grpc: rename public/private directories to external/internal (#13721)
Previously, public referred to gRPC services that are both exposed on
the dedicated gRPC port and have their definitions in the proto-public
directory (so were considered usable by 3rd parties). Whereas private
referred to services on the multiplexed server port that are only usable
by agents and other servers.

Now, we're splitting these definitions, such that external/internal
refers to the port and public/private refers to whether they can be used
by 3rd parties.

This is necessary because the peering replication API needs to be
exposed on the dedicated port, but is not (yet) suitable for use by 3rd
parties.
2022-07-13 16:33:48 +01:00
R.B. Boyer 30fffd0c90
peerstream: some cosmetic refactors to make this easier to follow (#13732)
- Use some protobuf construction helper methods for brevity.
- Rename a local variable to avoid later shadowing.
- Rename the Nonce field to be more like xDS's naming.
- Be more explicit about which PeerID fields are empty.
2022-07-13 10:00:35 -05:00
John Cowen 6fa68a5b57
ui: Remove UNDEFINED state from being undeleteable (#13702)
* ui: Remove UNDEFINED state from being undeleteable

* Fixup node tests
2022-07-13 12:06:16 +01:00
John Cowen 6b67b74a19
ui: Remove horizontal scrollbar from peering list rows (#13701) 2022-07-13 11:22:49 +01:00
Kyle Havlovitz 7d0c692374 Use protocol from resolved config entry, not gateway service 2022-07-12 16:23:40 -07:00
Kyle Havlovitz 7162e3bde2 Enable http2 options for grpc protocol 2022-07-12 14:38:44 -07:00
R.B. Boyer c5c216008d
peering: always send the mesh gateway SpiffeID even for tcp services (#13728)
If someone were to switch a peer-exported service from L4 to L7 there
would be a brief SAN validation hiccup as traffic shifted to the mesh
gateway for termination.

This PR sends the mesh gateway SpiffeID down all the time so the clients
always expect a switch.
2022-07-12 11:38:13 -05:00
R.B. Boyer f0e6e4e697
state: prohibit changing an exported tcp discovery chain in a way that would break SAN validation (#13727)
For L4/tcp exported services the mesh gateways will not be terminating
TLS. A caller in one peer will be directly establishing TLS connections
to the ultimate exported service in the other peer.

The caller will be doing SAN validation using the replicated SpiffeID
values shipped from the exporting side. There are a class of discovery
chain edits that could be done on the exporting side that would cause
the introduction of a new SpiffeID value. In between the time of the
config entry update on the exporting side and the importing side getting
updated peer stream data requests to the exported service would fail due
to SAN validation errors.

This is unacceptable so instead prohibit the exporting peer from making
changes that would break peering in this way.
2022-07-12 11:17:33 -05:00
R.B. Boyer 2317f37b4d
state: prohibit exported discovery chains to have cross-datacenter or cross-partition references (#13726)
Because peerings are pairwise, between two tuples of (datacenter,
partition) having any exported reference via a discovery chain that
crosses out of the peered datacenter or partition will ultimately not be
able to work for various reasons. The biggest one is that there is no
way in the ultimate destination to configure an intention that can allow
an external SpiffeID to access a service.

This PR ensures that a user simply cannot do this, so they won't run
into weird situations like this.
2022-07-12 11:03:41 -05:00
Michael Klein 75768a2039
ui: peer permission handling (#13724)
* Request peering permissions when peerings is active

* Update peering ability to use peering resource

* fix canDelete peer permission to check write permission

* use super call in abilities.peer#canDelete
2022-07-12 16:16:47 +01:00