consul

Commit Graph

Author	SHA1	Message	Date
Kyle Havlovitz	f14c54e25e	Add TLS option and DNS SAN support to ingress config xds: Only set TLS context for ingress listener when requested	5 years ago
Chris Piraino	905279f5d1	A proxy-default config entry only exists in the default namespace	5 years ago
Chris Piraino	d498a0afc9	Correctly set a namespace label in the required domain for xds routes If an upstream is not in the default namespace, we expect DNS requests to be served over "<service-name>.ingress.<namespace>.*"	5 years ago
Chris Piraino	114a18e890	Remove outdated comment	5 years ago
Chris Piraino	d8517bd6fd	Better document wildcard specifier interactions	5 years ago
Chris Piraino	45e635286a	Re-add comment on connect-proxy virtual hosts	5 years ago
Kyle Havlovitz	f9672f9bf1	Make sure IngressHosts isn't parsed during JSON decode	5 years ago
Chris Piraino	c44f877758	Comment why it is ok to expect upstreams slice to not be empty	5 years ago
Chris Piraino	881760f701	xds: Use only the port number as the configured route name This removes duplication of protocol from the stats_prefix	5 years ago
Kyle Havlovitz	89e6b16815	Filter wildcard gateway services to match listener protocol This now requires some type of protocol setting in ingress gateway tests to ensure the services are not filtered out. - small refactor to add a max(x, y) function - Use internal configEntryTxn function and add MaxUint64 to lib	5 years ago
Chris Piraino	f40833d094	Allow Hosts field to be set on an ingress config entry - Validate that this cannot be set on a 'tcp' listener nor on a wildcard service. - Add Hosts field to api and test in consul config write CLI - xds: Configure envoy with user-provided hosts from ingress gateways	5 years ago
Chris Piraino	b73a13fc9e	Remove service_subset field from ingress config entry We decided that this was not a useful MVP feature, and just added unnecessary complexity	5 years ago
Kyle Havlovitz	711d1389aa	Support multiple listeners referencing the same service in gateway definitions	5 years ago
Kyle Havlovitz	247f9eaf13	Allow ingress gateways to route traffic based on Host header This commit adds the necessary changes to allow an ingress gateway to route traffic from a single defined port to multiple different upstream services in the Consul mesh. To do this, we now require all HTTP requests coming into the ingress gateway to specify a Host header that matches "<service-name>.*" in order to correctly route traffic to the correct service. - Differentiate multiple listener's route names by port - Adds a case in xds for allowing default discovery chains to create a route configuration when on an ingress gateway. This allows default services to easily use host header routing - ingress-gateways have a single route config for each listener that utilizes domain matching to route to different services.	5 years ago
R.B. Boyer	a854e4d9c5	acl: oss plumbing to support auth method namespace rules in enterprise (#7794 ) This includes website docs updates.	5 years ago
R.B. Boyer	3242d0816d	test: make the kube auth method test helper use freeport (#7788 )	5 years ago
Hans Hasselberg	096a2f2f02	network_segments: stop advertising segment tags	5 years ago
Hans Hasselberg	995a24b8e4	agent: refactor to use a single addrFn	5 years ago
Hans Hasselberg	6994c0d47f	agent: rename local/global to src/dst	5 years ago
Chris Piraino	69b44fb942	Construct a default destination if one does not exist for service-router (#7783 )	5 years ago
R.B. Boyer	22eb016153	acl: add MaxTokenTTL field to auth methods (#7779 ) When set to a non zero value it will limit the ExpirationTime of all tokens created via the auth method.	5 years ago
R.B. Boyer	ca52ba7068	acl: add DisplayName field to auth methods (#7769 ) Also add a few missing acl fields in the api.	5 years ago
Hans Hasselberg	c4093c87cc	agent: don't let left nodes hold onto their node-id (#7747 )	5 years ago
Matt Keeler	daec810e34	Merge pull request #7714 from hashicorp/oss-sync/msp-agent-token	5 years ago
Matt Keeler	cbe3a70f56	Update enterprise configurations to be in OSS This will emit warnings about the configs not doing anything but still allow them to be parsed. This also added the warnings for enterprise fields that we already had in OSS but didn’t change their enforcement behavior. For example, attempting to use a network segment will cause a hard error in OSS.	5 years ago
R.B. Boyer	9533451a63	acl: refactor the authmethod.Validator interface (#7760 ) This is a collection of refactors that make upcoming PRs easier to digest. The main change is the introduction of the authmethod.Identity struct. In the one and only current auth method (type=kubernetes) all of the trusted identity attributes are both selectable and projectable, so they were just passed around as a map[string]string. When namespaces were added, this was slightly changed so that the enterprise metadata can also come back from the login operation, so login now returned two fields. Now with some upcoming auth methods it won't be true that all identity attributes will be both selectable and projectable, so rather than update the login function to return 3 pieces of data it seemed worth it to wrap those fields up and give them a proper name.	5 years ago
R.B. Boyer	54ba8e3868	acl: change authmethod.Validator to take a logger (#7758 )	5 years ago
R.B. Boyer	8927b54121	test: move some test helpers over from enterprise (#7754 )	5 years ago
R.B. Boyer	b282268408	sdk: extracting testutil.RequireErrorContains from various places it was duplicated (#7753 )	5 years ago
Hans Hasselberg	51549bd232	rpc: oss changes for network area connection pooling (#7735 )	5 years ago
Freddy	021f0ee36e	Watch fallback channel for gateways that do not exist (#7715 ) Also ensure that WatchSets in tests are reset between calls to watchFired. Any time a watch fires, subsequent calls to watchFired on the same WatchSet will also return true even if there were no changes.	5 years ago
Matt Keeler	7a4c73acaf	Updates to allow for using an enterprise specific token as the agents token This is needed to allow for managed Consul instances to register themselves in the catalog with one of the managed service provider tokens.	5 years ago
Matt Keeler	bec3fb7c18	Some boilerplate to allow for ACL Bootstrap disabling configurability	5 years ago
Freddy	137a2c32c6	TLS Origination for Terminating Gateways (#7671 )	5 years ago
freddygv	4710410cb5	Remove fallthrough	5 years ago
freddygv	d1e6d668c2	Add authz filter when creating filterchain	5 years ago
freddygv	034d7d83d4	Fix snapshot IsEmpty	5 years ago
freddygv	3afe816a94	Clean up dead code, issue addressed by passing ws to serviceGatewayNodes	5 years ago
Freddy	3b1b24c2ce	Update agent/proxycfg/state_test.go	5 years ago
freddygv	eddd5bd73b	PR comments	5 years ago
freddygv	77bb2f1002	Fix internal endpoint test	5 years ago
freddygv	d82e7e8c2a	Fix listener error handling	5 years ago
freddygv	6abc71f915	Skip filter chain creation if no client cert	5 years ago
freddygv	915db10903	Avoid deleting mappings for services linked to other gateways on dereg	5 years ago
freddygv	cd28d4125d	Re-fix bug in CheckConnectServiceNodes	5 years ago
freddygv	09a8e5f36d	Use golden files for gateway certs and fix listener test flakiness	5 years ago
freddygv	840d27a9d5	Un-nest switch in gateway update handler	5 years ago
freddygv	c0e1751878	Allow terminating-gateway to setup listener before servicegroups are known	5 years ago
freddygv	913b13f31f	Add subset support	5 years ago
freddygv	9f233dece2	Fix ConnectQueryBlocking test	5 years ago

1 2 3 4 5 ...

1969 Commits (f14c54e25eabad3417d31c8bb624d72ca18cfe1b)