Commit Graph

19119 Commits (bdbeb9e3f65996c4951154714b4a8bdcd205c3e5)

Author SHA1 Message Date
Riddhi Shah 345191a0df
Service http checks data source for agentless proxies (#14924)
Adds another datasource for proxycfg.HTTPChecks, for use on server agents. Typically these checks are performed by local client agents and there is no equivalent of this in agentless (where servers configure consul-dataplane proxies).
Hence, the data source is mostly a no-op on servers but in the case where the service is present within the local state, it delegates to the cache data source.
2022-10-12 07:49:56 -07:00
Freddy 9ca8bb8ec4
Merge pull request #14958 from hashicorp/peering/nonce 2022-10-12 08:18:15 -06:00
freddygv 1b46b35041 Actually track nonce in test 2022-10-12 07:50:17 -06:00
Derek Menteer f330438a45 Fix incorrect backoff-wait logic. 2022-10-12 08:01:10 -05:00
Dhia Ayachi 7f6c52a9ee
bump raft version to v1.3.11 (#14897)
* bump raft version to v1.3.11

* Add change log

* fix go.sum
2022-10-12 08:51:52 -04:00
Michael Klein c286544fa8
Merge pull request #14938 from hashicorp/ui/chore/removable-terminated-peers
ui: make terminated peers removable
2022-10-12 10:41:59 +02:00
Michael Klein 63e40df307 Allow deleting terminated peers 2022-10-12 09:33:23 +02:00
Michael Klein 0afe8c14ee pass dc/partition when normalizing peerings 2022-10-12 09:29:24 +02:00
Michael Klein 6793f82d01 default to an empty array peering services 2022-10-12 09:29:24 +02:00
Michael Klein 454424145a Update peer repo with latest API changes 2022-10-12 09:29:24 +02:00
freddygv 7f9a5d0f58 Add basic nonce management
This commit adds a monotonically increasing nonce to include in peering
replication response messages. Every ack/nack from the peer handling a
response will include this nonce, allowing to correlate the ack/nack
with a specific resource.

At the moment nothing is done with the nonce when it is received. In the
future we may want to add functionality such as retries on NACKs,
depending on the class of error.
2022-10-11 19:02:04 -06:00
Paul Glass d17af23641
gRPC server metrics (#14922)
* Move stats.go from grpc-internal to grpc-middleware
* Update grpc server metrics with server type label
* Add stats test to grpc-external
* Remove global metrics instance from grpc server tests
2022-10-11 17:00:32 -05:00
Stuart e2a6028e8e
Fixed broken links referring to tutorials running as local agent (#14954) 2022-10-11 13:01:29 -07:00
Bryce Kalow eb6254c96d
docs: fix malformed yaml (#14952) 2022-10-11 12:25:19 -05:00
HashiBot 0d2d8c4d45
chore: Update Digital Team Files (#14945)
* Update generated scripts (website-build.sh)

* Update generated scripts (should-build.sh)

* Update generated scripts (website-start.sh)

* Update generated website Makefile
2022-10-11 12:39:47 -04:00
Kevin Wang 9dfff268de
chore: clear redirects (#14939) 2022-10-11 12:38:20 -04:00
John Murret d1f89458b3
[Docs] Add docs for memberlist metrics (#14753)
* Add metrics for consul.memberlist.node.instances, consul.memberlist.queue.broadcast, consul.memberlist.size.local, and consul.memberlist.size.remote

* Fixing last table on page that does not render properly

* fixing queue name
2022-10-11 10:02:51 -06:00
Tyler Wendlandt 06b67a9928
ui: hide node name and meta on agentless instances (#14921)
* [NET-950] hide node name and meta on agentless instances

* Fix linting issues and set synthetic-node value

* ui: changelog entry
2022-10-11 09:59:53 -06:00
Jeff Boruszak 335a3508a3
Merge pull request #14746 from hashicorp/docs/search-refresh06
docs: Search Description Refresh Batch 06
2022-10-11 10:34:02 -05:00
boruszak 1de7977a24 nav fix for deployment 2022-10-11 10:28:08 -05:00
boruszak 8293a2b97b Deployment issue fix 2022-10-11 10:22:41 -05:00
boruszak 212298fd5c Merge branch 'main' into docs/search-refresh06 2022-10-11 10:17:22 -05:00
boruszak 38b1a515f1 Mergimg 2022-10-11 10:10:00 -05:00
boruszak eea2f652ed Nav fix for deployment 2022-10-11 09:59:19 -05:00
Bryce Kalow 6a09b284c9
website: fix broken links (#14943) 2022-10-11 09:58:52 -05:00
cskh e0356e1502
fix(peering): add missing grpc_tls_port for server address reconciliation (#14944) 2022-10-11 10:56:29 -04:00
boruszak 9e1aecc73c Merge branch 'main' into docs/search-refresh06 2022-10-11 09:43:43 -05:00
Jeff Boruszak d31be1e949
Update website/content/docs/dynamic-app-config/watches.mdx
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2022-10-11 09:35:24 -05:00
Jeff Boruszak 9cd63ba543
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-10-11 09:34:36 -05:00
Jeff Boruszak 74f08b9667
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-10-11 09:34:17 -05:00
Mariano Asselborn 2bb2846790
Enable ironbank integration (#14931) 2022-10-11 10:27:06 -04:00
freddygv f4cc4577ca Fix alias check leak
Preivously when alias check was removed it would not be stopped nor
cleaned up from the associated aliasChecks map.

This means that any time an alias check was deregistered we would
leak a goroutine for CheckAlias.run() because the stopCh would never
be closed.

This issue mostly affects service mesh deployments on platforms where
the client agent is mostly static but proxy services come and go
regularly, since by default sidecars are registered with an alias check.
2022-10-10 16:42:29 -06:00
James Oulman b8bd7a3058
Configure Envoy alpn_protocols based on service protocol (#14356)
* Configure Envoy alpn_protocols based on service protocol

* define alpnProtocols in a more standard way

* http2 protocol should be h2 only

* formatting

* add test for getAlpnProtocol()

* create changelog entry

* change scope is connect-proxy

* ignore errors on ParseProxyConfig; fixes linter

* add tests for grpc and http2 public listeners

* remove newlines from PR

* Add alpn_protocol configuration for ingress gateway

* Guard against nil tlsContext

* add ingress gateway w/ TLS tests for gRPC and HTTP2

* getAlpnProtocols: add TCP protocol test

* add tests for ingress gateway with grpc/http2 and per-listener TLS config

* add tests for ingress gateway with grpc/http2 and per-listener TLS config

* add Gateway level TLS config with mixed protocol listeners to validate ALPN

* update changelog to include ingress-gateway

* add http/1.1 to http2 ALPN

* go fmt

* fix test on custom-trace-listener
2022-10-10 13:13:56 -07:00
Freddy a73c6a26c8
Merge pull request #14747 from hashicorp/kisunji/NET-801-add-peer-stream-status 2022-10-10 14:07:54 -06:00
freddygv b16a69d16f Add changelog entry 2022-10-10 13:35:12 -06:00
freddygv bf72df7b0e Fixup test 2022-10-10 13:20:14 -06:00
Chris S. Kim 4f4112662e Fix nil pointer 2022-10-10 13:20:14 -06:00
Chris S. Kim b0a4c5c563 Include stream-related information in peering endpoints 2022-10-10 13:20:14 -06:00
cskh 7770be3d57
docs: fix missing agent caching method (#14928) 2022-10-10 14:38:04 -04:00
Paul Glass c0c187f1c5
Merge central config for GetEnvoyBootstrapParams (#14869)
This fixes GetEnvoyBootstrapParams to merge in proxy-defaults and service-defaults.

Co-authored-by: Dan Upton <daniel@floppy.co>
2022-10-10 12:40:27 -05:00
Freddy b757624b59
Merge pull request #14918 from hashicorp/fix/metrics-checker 2022-10-10 11:12:37 -06:00
Geoffrey Grosenbach 58c8a10b98
Fix outdated support email address (#14907)
The software delivery support email address is no longer valid. This replaces it with a link to the official support website.
2022-10-07 16:29:38 -07:00
Kyle Schochenmaier 2f1845a4fa
update helm docs (#14912) 2022-10-07 16:07:57 -07:00
Freddy 4abad02abd
Merge pull request #14796 from hashicorp/peering/use-connect-ca 2022-10-07 10:37:37 -06:00
Freddy 56d4aba18c
Merge pull request #14917 from hashicorp/dans/NET-718/peering-outbound-mesh-gateway-xds 2022-10-07 10:20:38 -06:00
freddygv 7851b30aad Add changelog entry 2022-10-07 09:54:08 -06:00
freddygv 7d4da6eb22 Fixup test 2022-10-07 09:34:16 -06:00
freddygv 79da55a4b9 Ensure lines were modified
It's possible that the output of the diff contains surrounding lines
that were not modified. This change filters further to lines that were
added or removed.
2022-10-07 09:24:37 -06:00
freddygv 3034df6a5c Require Connect and TLS to generate peering tokens
By requiring Connect and a gRPC TLS listener we can automatically
configure TLS for all peering control-plane traffic.
2022-10-07 09:06:29 -06:00
freddygv fac3ddc857 Use internal server certificate for peering TLS
A previous commit introduced an internally-managed server certificate
to use for peering-related purposes.

Now the peering token has been updated to match that behavior:
- The server name matches the structure of the server cert
- The CA PEMs correspond to the Connect CA

Note that if Conect is disabled, and by extension the Connect CA, we
fall back to the previous behavior of returning the manually configured
certs and local server SNI.

Several tests were updated to use the gRPC TLS port since they enable
Connect by default. This means that the peering token will embed the
Connect CA, and the dialer will expect a TLS listener.
2022-10-07 09:05:32 -06:00