Commit Graph

15793 Commits (e7260321e34e63740b314480a2e4d3fb0b533a4c)

Author SHA1 Message Date
Luke Kysow 7eb32cdb73
Remove Name/Namespace fields from upstream default (#11456)
The UpstreamConfig.Defaults field does not support setting Name or
Namespace because the purpose is to apply defaults to all upstreams.
I think this was just missed in the docs since those fields would
error if set under Defaults.

i.e. this is not supported:

```
UpstreamConfig {
  Defaults {
    Name = "foo"
    Namespace = "bar"
    # Defaults config here
  }
}
```
2021-11-02 14:21:15 -07:00
FFMMM 4ddf973a31
add root_cert_ttl option for consul connect, vault ca providers (#11428)
* add root_cert_ttl option for consul connect, vault ca providers

Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Chris S. Kim <ckim@hashicorp.com>

* add changelog, pr feedback

Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>

* Update .changelog/11428.txt, more docs

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* Update website/content/docs/agent/options.mdx

Co-authored-by: Kyle Havlovitz <kylehav@gmail.com>

Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
Co-authored-by: Kyle Havlovitz <kylehav@gmail.com>
2021-11-02 11:02:10 -07:00
Daniel Nephin 51d8417545
Merge pull request #10690 from tarat44/h2c-support-in-ping-checks
add support for h2c in h2 ping health checks
2021-11-02 13:53:06 -04:00
Freddy 39023fb296
Prevent running build workflows on all PRs (#11469) 2021-11-01 17:29:45 -06:00
Alessandro De Blasis 2238df6fa4 changelog
Signed-off-by: Alessandro De Blasis <alex@deblasis.net>
2021-11-01 22:47:20 +00:00
Alessandro De Blasis 2f970555d9 config: warn the user if client_addr is empty
if the provided value is empty string then the client services
(DNS, HTTP, HTTPS, GRPC) are not listening and the user is not notified
in any way about what's happening.
Also, since a not provided client_addr defaults to 127.0.0.1, we make sure
we are not getting unwanted warnings

Signed-off-by: Alessandro De Blasis <alex@deblasis.net>
2021-11-01 22:47:20 +00:00
Daniel Nephin b57cae94de
Merge pull request #10771 from hashicorp/dnephin/emit-telemetry-metrics-immediately
telemetry: improve cert expiry metrics
2021-11-01 18:31:03 -04:00
Freddy 3f30afd26b
Merge pull request #11450 from hashicorp/ap/best-addr
Ensure calls to BestAddress consider partition
2021-11-01 15:44:41 -06:00
freddygv 60066e5154 Exclude default partition from GatewayKey string
This will behave the way we handle SNI and SPIFFE IDs, where the default
partition is excluded.

Excluding the default ensures that don't attempt to compare default.dc2
to dc2 in OSS.
2021-11-01 14:45:52 -06:00
freddygv e3666b0bc4 Update GatewayKeys deduplication
Federation states data is only keyed on datacenter, so it cannot be
directly compared against keys for gateway groups.
2021-11-01 13:58:53 -06:00
freddygv 90ce897456 Store GatewayKey in proxycfg snapshot for re-use 2021-11-01 13:58:53 -06:00
freddygv bbe46e9522 Update locality check in xds 2021-11-01 13:58:53 -06:00
freddygv 4d4ccedb3a Update locality check in proxycfg 2021-11-01 13:58:53 -06:00
Peter M 697e97f57f
adding K8s page to subnav (#11467)
* adding K8s page to subnav

per request from HLT, updating use case tab to lead to K8s page instead of service mesh.

* Update subnav.js
2021-11-01 12:41:55 -07:00
Melissa Kam 867077c48b
Merge pull request #11466 from hashicorp/cts-tls-typo
docs/nia: Fix typo in TLS configs for CTS
2021-11-01 14:23:15 -05:00
Melissa Kam c8240101dc docs/nia: Fix typo in TLS configs for CTS 2021-11-01 14:03:19 -05:00
Daniel Nephin 7337cfd6dc
Merge pull request #11340 from hashicorp/dnephin/ca-manager-provider
ca: split the Provider interface into Primary/Secondary
2021-11-01 14:11:15 -04:00
Daniel Nephin eee598e91c
Merge pull request #11338 from hashicorp/dnephin/ca-manager-isolate-secondary
ca: clearly identify methods that are primary-only or secondary-only
2021-11-01 14:10:31 -04:00
99 8d914003e8
Merge pull request #11417 from hashicorp/crt-migration-1.11.0-betax
Crt migration 1.11.0 betax
2021-11-01 11:02:55 -07:00
Melissa Kam e7cf8226a1
Merge pull request #11463 from hashicorp/docs-cts-tls
docs/nia: Update TLS-related configurations for CTS
2021-11-01 12:39:39 -05:00
Daniel Upton d47b7311b8
Support Check-And-Set deletion of config entries (#11419)
Implements #11372
2021-11-01 16:42:01 +00:00
trujillo-adam 8ca5be47c8
Merge pull request #11441 from hashicorp/docs/admin-partitions-feedback-acl-policies
admin partitions feedback related to ACLs; additional improvements to ACL rule docs
2021-11-01 09:09:38 -07:00
trujillo-adam 78e59170fa
Update website/content/docs/security/acl/acl-rules.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2021-11-01 09:07:08 -07:00
Melissa Kam 0b744289b7 docs/nia: Update TLS-related configurations for CTS
- Clarify file types and uses of the configurations
- Update some wording to match between Consul and TFE TLS configs
2021-11-01 10:44:14 -05:00
Dhia Ayachi 2801785710
regenerate expired certs (#11462)
* regenerate expired certs

* add documentation to generate tests certificates
2021-11-01 11:40:16 -04:00
trujillo-adam 138f9f31e6
Apply suggestions from code review
fixed typos

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-11-01 08:08:04 -07:00
Jared Kirschner 0854e1d684
Merge pull request #11348 from kbabuadze/fix-answers-alt-domain
Fix answers for alt domain
2021-10-29 17:09:20 -04:00
David Yu 1dcb949306
docs: add -verbose flag for install command (#11447) 2021-10-29 12:08:23 -07:00
99 0402cc16bf PR fixes 2021-10-28 22:22:38 -07:00
R.B. Boyer 61361c2e5d
cli: update consul members output to display partitions and sort the results usefully (#11446) 2021-10-28 17:27:31 -05:00
R.B. Boyer c8cafb7654
agent: for various /v1/agent endpoints parse the partition parameter on the request (#11444)
Also update the corresponding CLI commands to send the parameter
appropriately.

NOTE: Behavioral changes are not happening in this PR.
2021-10-28 16:44:38 -05:00
R.B. Boyer af9ffc214d
agent: add a clone function for duplicating the serf lan configuration (#11443) 2021-10-28 16:11:26 -05:00
Mark Anderson 977be77493
Fix back compat issues with UDS config (#11318)
SocketPath needs to be omitted when empty to avoid confusing older versions of Consul

Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2021-10-28 13:31:10 -07:00
David Yu 823026e319
docs: revised Helm install to create namespace and install on dedicated namespace (#11440)
* docs: revised Helm install to create namespace and install on dedicated Consul namespace

* Update website/content/docs/k8s/installation/install.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update install.mdx

* changing to Helm 3.2+ as a pre-req to make it easier to follow
* might as well bump to latest version

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2021-10-28 12:27:00 -07:00
Daniel Nephin 367b664318 Add tests for cert expiry metrics 2021-10-28 14:38:57 -04:00
trujillo-adam bb18625219 applying admin partitions feedback related to ACLs; additional immprovments to ACL rule docs 2021-10-28 11:23:15 -07:00
99 26f53e82b5
Update .github/workflows/build.yml
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-10-28 11:07:55 -07:00
Daniel Nephin 210d37e4ab
Merge pull request #10671 from hashicorp/dnephin/fix-subscribe-test-flake
subscribe: improve TestSubscribeBackend_IntegrationWithServer_DeliversAllMessages
2021-10-28 12:57:09 -04:00
Daniel Nephin 96a31df5c8
Merge pull request #11255 from hashicorp/dnephin/fix-auth-verify-incoming
tlsutil: only AuthorizerServerConn when VerifyIncomingRPC is true
2021-10-28 12:56:58 -04:00
sidzi 29f192a130
Refactor requireHttpCodes for segregated error handling (#11287) 2021-10-28 12:24:23 -04:00
Kim Ngo 0c0460b53f
CTS document manual apply (#11426)
* CTS document manual apply
* Add Consul-Terraform-Sync parentheses to CTS acronym
* Add tf link for run notifications
2021-10-28 10:19:18 -05:00
Evan Culver 61be9371f5
connect: Remove support for Envoy 1.16 (#11354) 2021-10-27 18:51:35 -07:00
Evan Culver bec08f4ec3
connect: Add support for Envoy 1.20 (#11277) 2021-10-27 18:38:10 -07:00
Freddy ab425e3ca1
Merge pull request #11436 from hashicorp/api/exports-marshal
[OSS] Ensure partition-exports kind gets marshaled
2021-10-27 15:27:25 -06:00
99 1732861848 Update release branch to 1.11.x 2021-10-27 14:14:02 -07:00
freddygv 4c45cafce2 Update filename to match entry kind - mesh 2021-10-27 15:01:26 -06:00
freddygv ac96ce6552 Ensure partition-exports kind gets marshalled
The api module has decoding functions that rely on 'kind' being present
of payloads. This is so that we can decode into the appropriate api type
for the config entry.

This commit ensures that a static kind is marshalled in responses from
Consul's api endpoints so that the api module can decode them.
2021-10-27 15:01:26 -06:00
Daniel Nephin a8e2e1c365 agent: move agent tls metric monitor to a more appropriate place
And add a test for it
2021-10-27 16:26:09 -04:00
Daniel Nephin c92513ec16 telemetry: set cert expiry metrics to NaN on start
So that followers do not report 0, which would make alerting difficult.
2021-10-27 15:19:25 -04:00
Daniel Nephin 9264ce89d2 telemetry: fix cert expiry metrics by removing labels
These labels should be set by whatever process scrapes Consul (for
prometheus), or by the agent that receives them (for datadog/statsd).

We need to remove them here because the labels are part of the "metric
key", so we'd have to pre-declare the metrics with the labels. We could
do that, but that is extra work for labels that should be added from
elsewhere.

Also renames the closure to be more descriptive.
2021-10-27 15:19:25 -04:00