Commit Graph

336 Commits (b173147305cfc8f7124da20c08d875fc0a4a9e83)

Author SHA1 Message Date
R.B. Boyer 5fe613dd05
xds: ensure the active streams counters are 64 bit aligned on 32 bit systems (#11085)
3 years ago
freddygv 9cd30e8650 Ensure partition is used for SAN validation
3 years ago
freddygv d90e30f009 Update spiffe ID patterns used for RBAC
3 years ago
freddygv 5e54f253d7 Expand testing of simplifyNotSourceSlice for partitions
3 years ago
freddygv 19da23be28 Expand testing of removeSameSourceIntentions for partitions
3 years ago
freddygv beab0cd962 Account for partition when matching src intentions
3 years ago
Paul Banks e22cc9c53a Header manip for split legs plumbing
3 years ago
Paul Banks 83fc8723a3 Header manip for service-router plumbed through
3 years ago
Paul Banks f439dfc04f Ingress gateway header manip plumbing
3 years ago
Dhia Ayachi bc0e4f2f46
partition dicovery chains (#10983)
3 years ago
Dhia Ayachi 09197c989c
add partition to SNI when partition is non default (#10917)
3 years ago
Freddy 8d83d27674
connect: update envoy supported versions to latest patch release
3 years ago
Giulio Micheloni 7fa01105cc Fix merge conflicts
3 years ago
Giulio Micheloni 655da1fc42
Merge branch 'main' into serve-panic-recovery
3 years ago
Giulio Micheloni 4b0eaa4bff grpc, xds: recovery middleware to return and log error in case of panic
3 years ago
freddygv 01936ddb70 Avoid passing zero value into variadic
3 years ago
freddygv af52d21884 Update prepared query cluster SAN validation
3 years ago
freddygv 85878685b7 Fixup proxy config test fixtures
3 years ago
Dhia Ayachi 1950ebbe1f
oss portion of ent #1069 (#10883)
3 years ago
Daniel Nephin 8252a2691c xds: document how authorization works
3 years ago
Daniel Nephin e637cd71f3 acl: use authz consistently as the variable name for an acl.Authorizer
3 years ago
Giulio Micheloni 2b14a9b59a grpc Server: turn panic into error through middleware
3 years ago
Daniel Nephin 84fac3ce0e acl: use acl.ManangeAll when ACLs are disabled
3 years ago
R.B. Boyer 188e8dc51f
agent/structs: add a bunch more EnterpriseMeta helper functions to help with partitioning (#10669)
3 years ago
Freddy 12b7e07d5c
Merge pull request #10621 from hashicorp/vuln/validate-sans
3 years ago
R.B. Boyer 20feb42d3a
xds: ensure single L7 deny intention with default deny policy does not result in allow action (CVE-2021-36213) (#10619)
3 years ago
freddygv b4c5c58c9b Add TODOs about partition handling
3 years ago
freddygv 5a82656510 Update golden files
3 years ago
freddygv 47da00d3c7 Validate SANs for passthrough clusters and failovers
3 years ago
freddygv 5454147c09 Update golden files to account for SAN validation
3 years ago
freddygv a6d3fe90b1 Validate Subject Alternative Name for upstreams
3 years ago
Daniel Nephin 7d73fd7ae5 rename GRPC->XDS where appropriate
3 years ago
jkirschner-hashicorp 5f73de6fbc
Merge pull request #10560 from jkirschner-hashicorp/change-sane-to-reasonable
3 years ago
Jared Kirschner bd536151e1 Replace use of 'sane' where appropriate
3 years ago
Dhia Ayachi 9b45107c1e
Format certificates properly (rfc7468) with a trailing new line (#10411)
3 years ago
R.B. Boyer 5b495ae8e0
xds: fix flaky protocol tests (#10410)
4 years ago
Freddy ae886136f1
Merge pull request #10404 from hashicorp/ingress-stats
4 years ago
R.B. Boyer 80c39f1083
xds: adding more delta protocol tests (#10398)
4 years ago
freddygv 924a5ba642 Regen golden files
4 years ago
Freddy 0a38c8fe10
Update agent/xds/listeners.go
4 years ago
freddygv f3e4705923 Remove unused param
4 years ago
freddygv 0aec6761dc Update ingress gateway stats labeling
4 years ago
freddygv 6f8c6043b6 Update terminating gateway stats labeling
4 years ago
R.B. Boyer 848ad8535b
xds: ensure that dependent xDS resources are reconfigured during primary type warming (#10381)
4 years ago
Freddy ffb13f35f1
Rename CatalogDestinationsOnly (#10397)
4 years ago
Freddy 429f9d8bb8
Add flag for transparent proxies to dial individual instances (#10329)
4 years ago
Freddy 7577f0e991
Revert "Avoid adding original_dst filter when not needed" (#10365)
4 years ago
Freddy 353280660f
Ensure passthrough clusters can be created (#10301)
4 years ago
Freddy 19334e8abf
Avoid adding original_dst filter when not needed (#10302)
4 years ago
R.B. Boyer ede14b7c54
xds: emit a labeled gauge of connected xDS streams by version (#10243)
4 years ago
R.B. Boyer 3b50a55533
connect: update supported envoy versions to 1.18.3, 1.17.3, 1.16.4, and 1.15.5 (#10231)
4 years ago
Daniel Nephin 347f3d2128
Merge pull request #10155 from hashicorp/dnephin/config-entry-remove-fields
4 years ago
Mark Anderson ff7fca756b Add simple test for downstream sockets
4 years ago
Mark Anderson 8040f91a43 Add support for downstreams
4 years ago
Mark Anderson 6be9cebad0 Add tests for xds/listeners
4 years ago
Mark Anderson 583ae65d5b Convert mode to string representation
4 years ago
Mark Anderson 06f0f79218 Continue working through proxy and agent
4 years ago
Freddy ed1082510d
Fixup discovery chain handling in transparent mode (#10168)
4 years ago
Freddy 2ca3f481f8
Only consider virtual IPs for transparent proxies (#10162)
4 years ago
Daniel Nephin 62efaaab21 config-entry: remove Kind and Name field from Mesh config entry
4 years ago
R.B. Boyer abc1dc0fe9
connect: update supported envoy versions to 1.18.2, 1.17.2, 1.16.3, and 1.15.4 (#10101)
4 years ago
R.B. Boyer 85a718da63
xds: ensure that all envoyproxy/go-control-plane protobuf symbols are linked into the final binary (#10131)
4 years ago
R.B. Boyer 71d45a3460
Support Incremental xDS mode (#9855)
4 years ago
Freddy 078c40425f
Rename "cluster" config entry to "mesh" (#10127)
4 years ago
Freddy 439a7fce2d
Split Upstream.Identifier() so non-empty namespace is always prepended in ent (#10031)
4 years ago
R.B. Boyer 06848ce67e fix broken golden tests
4 years ago
Freddy 55a3697b83
Merge pull request #9987 from hashicorp/remove-kube-dns-hack
4 years ago
freddygv 4e509aa768 Remove todo that was todone
4 years ago
freddygv 75edc9bc7c Avoid nil panic when cluster config doesn't exist
4 years ago
freddygv 7bd51ff536 Replace TransparentProxy bool with ProxyMode
4 years ago
Iryna Shustava 5755c97bc7
cli: Add new `consul connect redirect-traffic` command for applying traffic redirection rules when Transparent Proxy is enabled. (#9910)
4 years ago
Freddy e385e5992f
Merge pull request #9042 from lawliet89/tg-rewrite
4 years ago
freddygv c6d64a8078 Stable sort cidr ranges to match on
4 years ago
freddygv 02f6768cd2 Remove kube-dns resolution since clusterip will be a tagged addr
4 years ago
R.B. Boyer 499fee73b3
connect: add toggle to globally disable wildcard outbound network access when transparent proxy is enabled (#9973)
4 years ago
Yong Wen Chua 409768d6e5
Merge branch 'master' of github.com:hashicorp/consul into tg-rewrite
4 years ago
freddygv ad6c726453 Uncomment listener tests
4 years ago
freddygv f4f45af6d0 Merge master and fix upstream config protocol defaulting
4 years ago
freddygv 9f0696528b Rename hasChains for clarity
4 years ago
freddygv 0da8702f34 PR comments
4 years ago
freddygv bf96d536d9 Upstreams loop is only for prepared queries and they are not CentrallyConfigured
4 years ago
freddygv 8a062e1546 Handle prepared queries in Upstreams loop and escape hatches in disco chain loop
4 years ago
freddygv ce964f8ea5 Update xds for transparent proxy
4 years ago
freddygv 3f2489c31d Refactor makePublicListener
4 years ago
freddygv 8b46d8dcbb Restore old Envoy prefix on escape hatches
4 years ago
freddygv e3dc2a49df Turn Limits and PassiveHealthChecks into pointers
4 years ago
freddygv 1710ec87d2 finish moving UpstreamConfig and related fields to structs pkg
4 years ago
freddygv 87cde19b4c Create new types for service-defaults upstream cfg
4 years ago
R.B. Boyer 398b766532
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658)
4 years ago
R.B. Boyer be89557fb4
test: omit envoy golden test files that differ from the latest version (#9807)
4 years ago
Yong Wen Chua 58b553704a
Update test fixtures
4 years ago
Yong Wen Chua 750e2921b0
Auto Rewrite Host Headers for Terminating Gateways
4 years ago
R.B. Boyer 3b6ffc447b
xds: remove deprecated usages of xDS (#9602)
4 years ago
R.B. Boyer 39effd620c
xds: only try to create an ipv6 expose checks listener if ipv6 is supported by the kernel (#9765)
4 years ago
R.B. Boyer 6eeccc93ce
connect: update supported envoy point releases to 1.16.2, 1.15.3, 1.14.6, 1.13.7 (#9737)
4 years ago
Freddy 82c269a7c5
Avoid potential proxycfg/xDS deadlock using non-blocking send
4 years ago
R.B. Boyer 43193a35c6
xds: prevent LDS flaps in mesh gateways due to unstable datacenter lists (#9651)
4 years ago
R.B. Boyer adff0c05a7
xds: deduplicate mesh gateway listeners in a stable way (#9650)
4 years ago
freddygv de0cb1af7f Make xDS labeling consistent with proxycfg
4 years ago
freddygv 5ba14ad41d Add trace logs to proxycfg state runner and xds srv
4 years ago
Chris Boulton 8a35df81c7
connect: add local_request_timeout_ms to configure local_app http timeouts (#9554)
4 years ago
Daniel Nephin 4b8b2a4291 xds: remove Server.Initialize
4 years ago
Daniel Nephin 2e2ee41390 xds: Fix data race
4 years ago
Daniel Nephin 375aed5ed6 xds: Pass in logger
4 years ago
Daniel Nephin b9e60c0775 testing: skip slow tests with -short
4 years ago
Freddy fe728855ed
Add DC and NS support for Envoy metrics (#9207)
4 years ago
R.B. Boyer 8baf158ea8
Revert "Add namespace support for metrics (OSS) (#9117)" (#9124)
4 years ago
Freddy 06b3b017d3
Add namespace support for metrics (OSS) (#9117)
4 years ago
R.B. Boyer a2c50d3303
connect: add support for envoy 1.16.0, drop support for 1.12.x, and bump point releases as well (#8944)
4 years ago
R.B. Boyer 1b413b0444
connect: support defining intentions using layer 7 criteria (#8839)
4 years ago
R.B. Boyer a2a8e9c783
connect: intentions are now managed as a new config entry kind "service-intentions" (#8834)
4 years ago
freddygv 768dbaa68d Add session flag to cookie config
4 years ago
freddygv 9d2a9169fd PR comments
4 years ago
freddygv eab90ea9fa Revert EnvoyConfig nesting
4 years ago
freddygv 403a180430 Set tgw filter router config name to cluster name
4 years ago
freddygv 959d9913b8 Add server receiver to routes and log tgw err
4 years ago
freddygv 00f2794bfa Update golden files after default route fix for tgw
4 years ago
freddygv 318aa094fd Fix http assertion in route creation
4 years ago
freddygv 30ba080d25 Add explicit protocol overrides in tgw xds test cases
4 years ago
freddygv f81fe6a1a1 Remove LB infix and move injection to xds
4 years ago
freddygv 63f79e5f9b Restructure structs and other PR comments
4 years ago
freddygv 28d0602fc1 Pass LB config to Envoy via xDS
4 years ago
freddygv 2bbbd9e1da Log error as error
4 years ago
R.B. Boyer 74d5df7c7a
xds: use envoy's rbac filter to handle intentions entirely within envoy (#8569)
4 years ago
R.B. Boyer fead4fc2a5
agent: expose the list of supported envoy versions on /v1/agent/self (#8545)
4 years ago
R.B. Boyer e3cd4a8539
connect: use stronger validation that ingress gateways have compatible protocols defined for their upstreams (#8470)
4 years ago
R.B. Boyer c599a2f5f4
xds: add support for envoy 1.15.0 and drop support for 1.11.x (#8424)
4 years ago
Hans Hasselberg 496fb5fc5b
add support for envoy 1.14.4, 1.13.4, 1.12.6 (#8216)
4 years ago
R.B. Boyer 1eef096dfe
xds: version sniff envoy and switch regular expressions from 'regex' to 'safe_regex' on newer envoy versions (#8222)
4 years ago
Chris Piraino 735337b170
Append port number to ingress host domain (#8190)
4 years ago
Daniel Nephin 010a609912 Fix a bunch of unparam lint issues
4 years ago
R.B. Boyer c63c994b04
connect: upgrade github.com/envoyproxy/go-control-plane to v0.9.5 (#8165)
4 years ago
Freddy 5baa7b1b04
Always return a gateway cluster (#8158)
5 years ago
Daniel Nephin 068b43df90 Enable gofmt simplify
5 years ago
Daniel Nephin 2eac5b8023
Merge pull request #8074 from hashicorp/dnephin/remove-references-to-PatchSliceOfMaps
5 years ago
freddygv 19e3954603 Move compound service names to use ServiceName type
5 years ago
Freddy 166a8b2a58
Only pass one hostname via EDS and prefer healthy ones (#8084)
5 years ago
Daniel Nephin 8ec029ae6a Update comments that reference PatchSliceOfMaps
5 years ago
Daniel Nephin c66c533d73
Merge pull request #7964 from hashicorp/dnephin/remove-patch-slice-of-maps-forward-compat
5 years ago
Daniel Nephin 75cbbe2702 config: add HookWeakDecodeFromSlice
5 years ago
Chris Piraino 1a853fc954
Always require Host header values for http services (#7990)
5 years ago
Freddy 9ed325ba8b
Enable gateways to resolve hostnames to IPv4 addresses (#7999)
5 years ago
Daniel Nephin 6a2d7d77c0 config: use the new HookTranslateKeys instead of lib.TranslateKeys
5 years ago
Daniel Nephin 8ced4300c8 Add alias struct tags for new decode hook
5 years ago
Raphaël Rondeau 0d2f178b7b
connect: fix endpoints clusterName when using cluster escape hatch (#7319)
5 years ago
Kyle Havlovitz b14696e32a
Standardize support for Tagged and BindAddresses in Ingress Gateways (#7924)
5 years ago
Daniel Nephin 9f27d61bee Remove unused var
5 years ago
Daniel Nephin c662f0f0de Fix a number of problems found by staticcheck
5 years ago
Kyle Havlovitz 136549205c
Merge pull request #7759 from hashicorp/ingress/tls-hosts
5 years ago
Daniel Nephin 5655d7f34e Add outlier_detection check to integration test
5 years ago