Commit Graph

14823 Commits (c271308473dd04e13567b894867547d8d76fd670)

Author SHA1 Message Date
Iryna Shustava 5755c97bc7
cli: Add new `consul connect redirect-traffic` command for applying traffic redirection rules when Transparent Proxy is enabled. (#9910)
* Add new consul connect redirect-traffic command for applying traffic redirection rules when Transparent Proxy is enabled.
* Add new iptables package for applying traffic redirection rules with iptables.
2021-04-09 11:48:10 -07:00
Freddy a02245b75a
Merge pull request #9976 from hashicorp/centralized-upstream-fixups 2021-04-08 12:26:56 -06:00
freddygv d6db67ef86 Fixup test 2021-04-08 11:53:07 -06:00
Freddy e385e5992f
Merge pull request #9042 from lawliet89/tg-rewrite 2021-04-08 11:49:23 -06:00
freddygv c6d64a8078 Stable sort cidr ranges to match on 2021-04-08 11:27:57 -06:00
freddygv b21224a4c8 PR comments 2021-04-08 11:16:03 -06:00
Daniel Nephin 5d21d4d77f
Merge pull request #9925 from hashicorp/dnephin/update-memberlist
Update memberlist to v0.2.3
2021-04-08 12:17:29 -04:00
Daniel Nephin 27bbee2abd
Merge pull request #9988 from hashicorp/dnephin/lib-retry-fix-max-wait
lib/retry: allow jitter to exceed max wait
2021-04-08 12:16:52 -04:00
Daniel Nephin 34f1facebb
Merge pull request #9950 from hashicorp/dnephin/state-use-txn-everywhere
state: use Txn interface everywhere
2021-04-08 12:02:03 -04:00
Daniel Nephin c40e1a2ac6
Merge pull request #9880 from hashicorp/dnephin/catalog-events-test-pattern
state: use runCase pattern for large test
2021-04-08 11:54:41 -04:00
Paul Banks 1406671290
cache: Fix bug where connection errors can cause early cache expiry (#9979)
Fixes a cache bug where TTL is not updated while a value isn't changing or cache entry is returning fetch errors.
2021-04-08 11:11:15 +01:00
Paul Banks ee04d452be
cache: fix bug where TTLs were ignored leading to leaked memory in client agents (#9978)
* Fix bug in cache where TTLs are effectively ignored

This mostly affects streaming since streaming will immediately return from Fetch calls when the state is Closed on eviction which causes the race condition every time.

However this also affects all other cache types if the fetch call happens to return between the eviction and then next time around the Get loop by any client.

There is a separate bug that allows cache items to be evicted even when there are active clients which is the trigger here.

* Add changelog entry

* Update .changelog/9978.txt
2021-04-08 11:08:56 +01:00
Paul Banks 8e00e327b0
Merge pull request #9977 from hashicorp/grpc-tuning
streaming: Grpc tuning
2021-04-08 11:05:38 +01:00
Daniel Nephin f9cf2ec9ab lib/retry: allow jitter to exceed max wait.
I changed this in https://github.com/hashicorp/consul/pull/8802#pullrequestreview-500779357 because
exceeding the MaxWait seemed wrong, but as other have pointed out, that behaviour is probably correct.

When multiple waiters hit the max value, we don't want them to converge, so restore the behaviour of
allowing jitter to exceed max, and document it.
2021-04-07 18:33:11 -04:00
freddygv ab752c1c86 Avoid sending zero-value upstream defaults from api 2021-04-07 15:03:42 -06:00
freddygv a6388c7e2f Revert "Avoid accumulating synthetic upstreams"
This reverts commit 86672df4fa.
2021-04-07 14:30:30 -06:00
freddygv 02f6768cd2 Remove kube-dns resolution since clusterip will be a tagged addr 2021-04-07 14:15:21 -06:00
Zachary Shilton 8671762474
website: implement mktg 032 (#9953)
* website: migrate to new nav-data format

* website: clean up unused intro content

* website: remove deprecated sidebar_title from frontmatter

* website: add react-content to fix global style import issue
2021-04-07 15:50:38 -04:00
R.B. Boyer 5bcfe930c6
command: when generating envoy bootstrap configs to stdout do not mix informational logs into the json (#9980)
Fixes #9921
2021-04-07 14:22:52 -05:00
hashicorp-ci dedf2861be auto-updated agent/uiserver/bindata_assetfs.go from commit a0d12ff16 2021-04-07 16:48:59 +00:00
Kenia a0d12ff164
ui: Reformat MaxTokenTTL to sortBy as an integer (#9969)
* Install Duration JS

* Use Duration.js to sortBy reformatted MaxTokenTTL

* Remove @icholy/duration package

* Install parse-duration package

* Use parse-duration in auth-method model
2021-04-07 12:43:04 -04:00
Brandon Romano 56b8616a17
Merge pull request #9975 from hashicorp/br.stackmenu
Upgrades the Stackmenu to latest
2021-04-07 09:35:36 -07:00
freddygv 86672df4fa Avoid accumulating synthetic upstreams
Synthetic upstreams from service-defaults config are stored locally in
the Upstreams list. Since these come from service-defaults they should
be cleaned up locally when no longer present in the service config
response.
2021-04-07 09:32:48 -06:00
freddygv 49a4a78fd5 Ensure mesh gateway mode override is set for upstreams for intentions 2021-04-07 09:32:48 -06:00
freddygv 5140c3e51f Finish resolving upstream defaults in proxycfg 2021-04-07 09:32:48 -06:00
freddygv 986bcccbea Pass down upstream defaults to client proxies
This is needed in case the client proxy is in TransparentProxy mode.
Typically they won't have explicit configuration for every upstream, so
this ensures the settings can be applied to all of them when generating
xDS config.
2021-04-07 09:32:47 -06:00
freddygv 77ead5cca9 Prevent wildcard destinations for proxies and upstreams 2021-04-07 09:32:47 -06:00
freddygv 24ee8a0488 Prevent requests without UpstreamIDs from being flagged as legacy.
New clients in transparent proxy mode can send requests for service
config resolution without any upstream args because they do not have
explicitly defined upstreams.

Old clients on the other hand will never send requests without the
Upstreams args unless they don't have upstreams, in which case we do not
send back upstream config.
2021-04-07 09:32:47 -06:00
freddygv 2b49cc39ed Fixup doc phrasing 2021-04-07 09:32:47 -06:00
freddygv 458eb41be1 Prevent synthetic upstreams without addresses from failing duplicate ip/port validation 2021-04-07 09:32:47 -06:00
Paul Banks 5529cb7347 Tune streaming backoff on errors to retry a bit faster when TCP connections drop 2021-04-07 14:13:30 +01:00
Paul Banks 44718456b5 Set gRPC keepalives to mirror Yamux keepalive behaviour 2021-04-07 14:09:22 +01:00
Brandon Romano 17406b300d Upgrades the Stackmenu to latest 2021-04-06 11:30:35 -07:00
R.B. Boyer d4c401b350
missed build tag on this file (#9974) 2021-04-06 13:24:11 -05:00
R.B. Boyer 499fee73b3
connect: add toggle to globally disable wildcard outbound network access when transparent proxy is enabled (#9973)
This adds a new config entry kind "cluster" with a single special name "cluster" where this can be controlled.
2021-04-06 13:19:59 -05:00
Daniel Nephin f0ba6f858a
Merge pull request #9958 from hashicorp/dnephin/state-improve-indexer-tests
state: support additional test cases in indexer tests
2021-04-06 11:55:24 -04:00
John Cowen e4e85a8f83
ui: Move control of login modal to use JS rather than HTML (label/id) (#9883)
* Add before and after skip links portals

* Move EmptyState and ErrorState to use a @login action/function

* Move page title setting to the Route component

* Add Routes and Outlets everywhere, and use those to access login modal

* Add some aria-labels to the modals

* Docs

* Remove the label/input now we no longer need it, fixup pageobject

* Add basic modal docs

* Switch out old toggle names for ids

* Wrap nspace Route template in a Route component

* type > class
2021-04-06 13:40:40 +01:00
Yong Wen Chua 0df9aaf3de
Changelog 2021-04-06 17:12:10 +08:00
Yong Wen Chua 516335e415
Update assertion to not check for port 2021-04-06 17:10:38 +08:00
Yong Wen Chua 409768d6e5
Merge branch 'master' of github.com:hashicorp/consul into tg-rewrite 2021-04-06 17:05:26 +08:00
R.B. Boyer e494313e7b
api: ensure v1/health/ingress/:service endpoint works properly when streaming is enabled (#9967)
The streaming cache type for service health has no way to handle v1/health/ingress/:service queries as there is no equivalent topic that would return the appropriate data.

Ensure that attempts to use this endpoint will use the old cache-type for now so that they return appropriate data when streaming is enabled.
2021-04-05 13:23:00 -05:00
Daniel Nephin 63374bf4c1
Merge pull request #9964 from hashicorp/dnephin/streaming-docs-adding-a-topic
contributing: add a quick doc on adding new streaming topics.
2021-04-05 12:46:08 -04:00
eddie-rowe 5fe1cc48ff cross-linking for audit logging 2021-04-05 09:35:04 -05:00
R.B. Boyer 757251035b
changelog: fixup release-note formatting (#9966)
so these changelog entries will be parsed successfully
2021-04-02 14:59:47 -05:00
Daniel Nephin 6182bae1f6 contributing: add a quick doc on adding new streaming topics. 2021-04-01 17:19:59 -04:00
Mike Wickett f368f067b2
Merge pull request #9936 from hashicorp/asm.nq.k8s-service-mesh-focus
website: homepage changes
2021-04-01 13:02:43 -04:00
Noel Quiles 05f1218787 website: update homepage with focus on k8s 2021-04-01 12:32:59 -04:00
Kenia b9ff9b8c2d
changelog: Auth Method feature release (#9963) 2021-04-01 11:00:43 -04:00
Mike Morris 3569c8d8f7
changelog: fixup release-note formatting (#9960)
so these changelog entries will be parsed successfully
2021-04-01 10:31:48 -04:00
Daniel Nephin 6e69829edb state: support additional test cases in indexer tests
And add a few additional cases.
2021-03-31 14:39:33 -04:00