Commit Graph

21034 Commits (b03d770dc3e0b71185d8d408a2d59a04a36a0ee8)

Author SHA1 Message Date
John Maguire c6c2d8bf82
[NET-6426] Modify Reconcile Loop for Mesh Gateway Resources to Correctly Write Proxy State Template (#20085) 2024-01-08 23:26:00 -05:00
Michael Zalimeni 3b111277ad
ci: Single source of truth for Go version in CI and Dockerfile (#20058)
ci: Set Go version consistently via .go-version

Ensure Go version is determined consistently for CI and Docker builds
rather than spread across several different files.

The intent is to eventually replace this with use of the `toolchain`
directive in Go 1.21.
2024-01-08 17:18:41 -05:00
Nathan Coleman 8233303876
Adjust type + field names for ComputedExportedServices (#20030)
Adjust type + field names for ComputedExportedServices

The existing type and field names in `ComputedExportedServices` are confusing to work with.

For example, the mechanics of looping through services and their consumers wind up being:
```go
// The field name here doesn't reflect what is actually at each index of the list
for _, service := range exportedServices.Consumers {
    for _, consumer := range service.Consumers {
        // The prefix matching the type here causes stutter when reading and
        // isn't consistent with naming conventions for tenancy in pbresource
        tenancy := consumer.ConsumerTenancy
    }
}
```
2024-01-08 21:56:45 +00:00
John Murret 21e2bb2a67
Make DNS test run across a matrix of dns and catalog versions. (#20114)
* Make DNS test run across a matrix of dns and catalog versions.

* node tests

* add version hcl config to service lookup tests
2024-01-08 13:14:26 -07:00
Melissa Kam 5dc8eabcce
[CC-7041] Update and start the SCADA provider in HCP manager (#19976)
* Update SCADA provider version

Also update mocks for SCADA provider.

* Create SCADA provider w/o HCP config, then update

Adds a placeholder config option to allow us to initialize a SCADA provider
without the HCP configuration. Also adds an update method to then add the
HCP configuration. We need this to be able to eventually always register a
SCADA listener at startup before the HCP config values are known.

* Pass cloud configuration to HCP manager

Save the entire cloud configuration and pass it to the HCP
manager.

* Update and start SCADA provider in HCP manager

Move config updating and starting to the HCP manager. The HCP manager
will eventually be responsible for all processes that contribute
to linking to HCP.
2024-01-08 09:49:29 -06:00
Ganesh S 0d57acc549
Add sameness group references in exported services controller (#20100) 2024-01-08 11:55:52 +05:30
John Murret c12245be3c
Break up DNS tests into 3 files to help with GH UI and IDE issues. (#20103) 2024-01-05 13:37:27 -07:00
cskh 15b40f36f3
Use safeio to write server metadata file (#20101)
* Use safeio to write server metadata file

* guard the conversion
2024-01-05 14:46:19 -05:00
Dan Stough d2f6a25c28
docs: remove unsupported critical flag from DNS weights (#19801) 2024-01-05 10:28:18 -05:00
Krastin Krastev be414757b1
docs/consul: rename the Vault secret engine for Consul integration (#20049)
* rename the KV secret engine

* update WAN federation guide

* update snapshot-agent doc

* update replication doc

* update partition doc

* update gossip doc

* update ent-license doc

* update bootstrap-token doc

* update index doc

* fix license kv path

* vault kv path explanation for /data/

* Update website/content/docs/k8s/deployment-configurations/vault/data-integration/index.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2024-01-05 13:22:56 +02:00
sarahalsmiller a820e9af26
Add listeners to meshgateway spec (#20082)
add listeners to meshgateway
2024-01-04 18:42:32 +00:00
John Murret 7a410d7c5b
NET-6945 - Replace usage of deprecated Envoy field envoy.config.core.v3.HeaderValueOption.append (#20078)
* NET-6945 - Replace usage of deprecated Envoy field envoy.config.core.v3.HeaderValueOption.append

* update proto for v2 and then update xds v2 logic

* add changelog

* Update 20078.txt to be consistent with existing changelog entries

* swap enum values tomatch envoy.
2024-01-04 00:36:25 +00:00
John Murret 55d7e95a3e
Clean up and make the changelog entries consistent for the replacement of Envoy deprecated fields. (#20079)
Clean up and make the changelog entries consistent for the replacement of Envoy deprrecated fields.
2024-01-03 13:31:56 -07:00
Dan Stough 073959866d
feat(v2): add consul service and workloads to catalog (#20077) 2024-01-03 15:14:42 -05:00
cskh 8e2d4e3aaf
upgrade test(LTS): import remaining agent config from usage profile (#19999)
* upgrade test(LTS): import remaining agent config from usage profile
2024-01-03 12:52:49 -05:00
John Murret d925e4b812
NET-6946 / NET-6941 - Replace usage of deprecated Envoy fields envoy.config.route.v3.HeaderMatcher.safe_regex_match and envoy.type.matcher.v3.RegexMatcher.google_re2 (#20013)
* NET-6946 - Replace usage of deprecated Envoy field envoy.config.route.v3.HeaderMatcher.safe_regex_match

* removing unrelated changes

* update golden files

* do not set engine type
2024-01-03 09:53:39 -07:00
cskh 3b94efa8de
Fix upgrade test envoy version (#20075)
* ci: fix envoy version in upgrade test
2024-01-03 11:29:05 -05:00
Valeriia Ruban 44dfbe7dcb
fix: add test which has been removed for metrics to unblock CI (#20009) 2024-01-02 11:21:05 -08:00
Michael Zalimeni a1c0115a74
ci: increase runner size for security scans (#20068)
We've noticed runners appearing to become resource-starved during heavy
CI traffic. While we should try to prevent this by limiting the
scanner's CPU consumption, increasing the runner size should help in the
interim.
2024-01-02 17:53:35 +00:00
hc-github-team-es-release-engineering 0e73c32ac2
[DO NOT MERGE UNTIL EOY] update year in LICENSE and copywrite files (#19780)
update year in LICENSE and copywrite files

Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2024-01-02 08:41:12 -08:00
Kumar Kavish 9c8e9cebaa
[NET-6765] Audit the routes controller and add missing tenancy tests (#20016)
- moved resources to different tenancies.
2023-12-28 16:00:18 +05:30
John Murret 2f335113f8
NET-6943 - Replace usage of deprecated Envoy field envoy.config.router.v3.WeightedCluster.total_weight. (#20011) 2023-12-22 19:49:44 +00:00
John Murret 90cd56c5c3
NET-4774 - replace usage of deprecated Envoy field match_subject_alt_names (#19954) 2023-12-22 18:34:44 +00:00
John Murret 21ea5c92fd
NET-6944 - Replace usage of deprecated Envoy field envoy.extensions.filters.http.lua.v3.Lua.inline_code (#20012) 2023-12-22 17:20:41 +00:00
John Murret b9ad0dfa41
NET-7025 - ci: test-integrations failures in compatibility tests. panics occuring in selectionTracker.TrackIDForSelection (#20040)
* ci: test-integrations failures in compatibility tests. panics occuring in selectionTracker.TrackIDForSelection

* Update selection_tracker.go
2023-12-22 16:32:40 +00:00
John Murret 62a07b4204
update makefile, compatibility tests, and nightlies to use latest envoy. (#20048) 2023-12-22 15:56:48 +00:00
John Murret 0f3cc3d631
fix formatting issue in envoy bootstrapping. (#20036) 2023-12-21 15:18:11 -07:00
Nathan Coleman ab60fec15a
[NET-6426] Add gateway proxy controller that generates empty proxy state template (#19901)
* NET-6426 Create ProxyStateTemplate when reconciling MeshGateway resource

* Add TODO for switching fetch method based on gateway type

* Use gateway-kind in workload metadata instead of owner reference

* Create ProxyStateTemplate builder for gatewayproxy controller

* Update to use new controller interface

* Add copyright headers

* Set correct name for ProxyStateTemplate identity reference

* Generate empty ProxyStateTemplate by fetching MeshGateway

This cheats and looks up the MeshGateway directly. In the future, we will need a Workload => xGateway mapper

* Specify owner reference when writing ProxyStateTemplate

* Update dependency mapper to account for multiple controllers per resource type

* Regenerate v2 resource dependencies map

* Add helpful trace logs, tag TODOs with ticket identifiers
2023-12-21 16:37:47 -05:00
John Murret a19df32fa5
NET-6942 - Replace usage of deprecated Envoy field envoy.config.cluster.v3.Cluster.http_protocol_options. (#20010)
* NET-6942 - Replace usage of deprecated Envoy field envoy.config.cluster.v3.Cluster.http_protocol_options.

* add changelog
2023-12-21 15:41:05 -05:00
Michael Zalimeni fe10339caa
[NET-7009] security: update x/crypto to 0.17.0 (#20023)
security: update x/crypto to 0.17.0

This addresses CVE-2023-48795 (x/crypto/ssh).
2023-12-21 20:11:19 +00:00
David Yu e7c7bc74c4
Dockerfile: bump up to `ubi-minimal:9.3` (#20014)
* Update Dockerfile
2023-12-21 11:55:20 -08:00
Nathan Coleman 874e68f1eb
[NET-6899] Create name-aligned Service when reconciling MeshGateway resource (#19900)
* NET-6899 Create name-aligned Service when reconciling MeshGateway resource

The Service has an owner reference added to it indicating that it belongs to a MeshGateway

* Specify port list when creating Service

* Use constants, add TODO w/ ticket reference

* Include gateway-kind in metadata of Service resource
2023-12-21 13:26:25 -05:00
Michael Zalimeni d0bc091a60
[NET-6969] security: Re-enable Go Module + secrets security scans for release branches (#19978)
* security: re-enable security scan release block

This was previously disabled due to an unresolved false-positive CVE.
Re-enabling both secrets and OSV + Go Modules scanning, which per our
current scan results should not be a blocker to future releases.

* security: run security scans on main and release branches
2023-12-21 15:11:05 +00:00
Valeriia Ruban a87ab8b093
feat: updated github checks with frontend-test-ce end frontend-test-e… (#19995) 2023-12-20 12:47:24 -08:00
Nitya Dhanushkodi 9975b8bd73
[NET-5455] Allow disabling request and idle timeouts with negative values in service router and service resolver (#19992)
* add coverage for testing these timeouts
2023-12-19 15:36:07 -08:00
wangxinyi7 013bcefe5c
grpc client in tls mode (#19680)
* client in tls mode
2023-12-19 10:04:55 -08:00
cskh cff872749d
agent: prevent empty server_metadata.json (#19935) 2023-12-19 10:01:56 -05:00
Ashesh Vidyut 4e451f2358
NET 6409 (#19515)
* Update website/content/docs/k8s/k8s-cli.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/k8s-cli.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* fix doc

* Update website/content/docs/k8s/k8s-cli.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

---------

Co-authored-by: David Yu <dyu@hashicorp.com>
2023-12-18 14:28:16 -08:00
David Yu a3fa683ba5
docs: Update network segments in compat matrix for Enterprise features (#19933)
Update index.mdx
2023-12-18 14:27:43 -08:00
Ashesh Vidyut f1dee1a718
Net 6603 (#19718)
* Update docs for NET-6603

* json format

* json caps

* Update website/content/docs/k8s/k8s-cli.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-12-18 14:27:23 -08:00
Nathan Coleman 010bf533d1
NET-6663 Modify sidecarproxy controller to skip xGateway resources (#19902)
* NET-6663 Modify sidecarproxy controller to skip xGateway resources

* Check workload metadata after nil-check for workload

* Add test asserting that workloads with meta gateway-kind are ignored

* Use more common pattern for map access to increase readability
2023-12-18 21:54:41 +00:00
David Yu de86ba76ee
docs: typo formatting consul-k8s docs (#19973)
Update install-cli.mdx
2023-12-18 12:14:53 -08:00
aahel ae998a698a
added computed failover policy resource (#19975) 2023-12-18 05:52:24 +00:00
wangxinyi7 cae23821dc
update changelog (#19966) 2023-12-15 10:03:01 -08:00
Derek Menteer bbdbf3e4f8
Fix bug with prepared queries using sameness-groups. (#19970)
This commit fixes an issue where the partition was not properly set
on the peering query failover target created from sameness-groups.
Before this change, it was always empty, meaning that the data
would be queried with respect to the default partition always. This
resulted in a situation where a PQ that was attempting to use a
sameness-group for failover would select peers from the default
partition, rather than the partition of the sameness-group itself.
2023-12-15 11:42:13 -06:00
Michael Zalimeni 79e02f8a89
ci: upload test results to DataDog on test failure (#19956)
Due to the unintuitive behavior of GHA w.r.t. implicit status check
`success()`, test results were only being uploaded on success (failures
presumably came from retried tests that passed).
2023-12-14 23:13:04 +00:00
Nathan Coleman 02d4520235
Fix typo in service-defaults documentation (#19957) 2023-12-14 22:12:28 +00:00
John Murret 83cbe15b44
cli: Deprecate the `-admin-access-log-path` flag from `consul connect envoy` command in favor of: `-admin-access-log-config`. (#19943)
* cli: Deprecate the `-admin-access-log-path` flag from `consul connect envoy` command in favor of: `-admin-access-log-config`.

* fix changelog

* add in documentation change.
2023-12-14 20:36:47 +00:00
John Murret a995505976
NET-6317 - update usage of deprecated fields: http2_protocol_options and access_log_path (#19940)
* updating usage of http2_protocol_options and access_log_path

* add changelog

* update template for AdminAccessLogConfig

* remove mucking with AdminAccessLogConfig
2023-12-14 13:08:53 -07:00
natemollica-dev afc6fe8308
Update telemetry.mdx RPC Metrics (#19593)
* Update telemetry.mdx RPC Metrics

Update Server Workload telemetry section to demonstrate explicitly enabling metric emission as they're [default disabled](f5bf256425/agent/config/builder.go (L2763C1-L2763C1)).

* Update telemetry.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update telemetry.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-12-14 10:52:45 -08:00