17853 Commits

Author SHA1 Message Date
Luke Kysow
0c87be0845
peering: Add heartbeating to peering streams (#13806)
* Add heartbeating to peering streams
2022-07-21 10:03:27 -07:00
Chris Thain
af40b9b144
Add Consul Lambda integration tests (#13770) 2022-07-21 09:54:56 -07:00
John Cowen
c9898fb38e
ui: Change initiate > establish for peering the modal tab (#13839) 2022-07-21 17:39:15 +01:00
John Cowen
e2908679c6
ui: Allow searching for peerings by ID (#13837) 2022-07-21 17:38:57 +01:00
John Cowen
b960cb671f
ui: Remove peering detail page (#13836)
* ui: Remove links to the peering detail page

* 404 everything
2022-07-21 17:38:10 +01:00
Michael Klein
2f81c7b292
ui: peered services only show instance- and tags-tabs (#13840)
* Only show instances- and tags-tab peered services

* Adapt show-with-slashes test to peering changes

Tests always have the peering feature turned on and the default service
we load from the mock-api will be peered. This is why the topology
view of the service.show page will not be accessible in the updated
test it will show the instances instead. This change does not change
what the test is actually testing so just putting changing to the now
different url is fine.
2022-07-21 16:09:54 +01:00
Michael Klein
b1a39fc12f
ui: Surface peer info in nodes.show view (#13832) 2022-07-21 15:35:54 +01:00
Michael Klein
07f30687d5
ui: Update peerings empty state copy (#13834) 2022-07-21 14:59:38 +01:00
Daniel Upton
3655802fdc proxycfg-glue: server-local implementation of PeeredUpstreams
This is the OSS portion of enterprise PR 2352.

It adds a server-local implementation of the proxycfg.PeeredUpstreams interface
based on a blocking query against the server's state store.

It also fixes an omission in the Virtual IP freeing logic where we were never
updating the max index (and therefore blocking queries against
VirtualIPsForAllImportedServices would not return on service deletion).
2022-07-21 13:51:59 +01:00
Krastin Krastev
8d4baafd84
Merge pull request #12592 from krastin/krastin/docs/sidecarservice-typo
docs: clean-up sidecar service expanded definition
2022-07-21 10:21:48 +02:00
Krastin Krastev
25b6148aa8 Merge branch 'main' into krastin/docs/sidecarservice-typo 2022-07-21 10:51:39 +03:00
Jared Kirschner
e0d9f07c28
Merge pull request #13682 from hashicorp/docs/deemphasize-token-query-param
docs: suggest using token header, not query param
2022-07-20 19:22:53 -04:00
Luke Kysow
c411e6b326
Add send mutex to protect against concurrent sends (#13805) 2022-07-20 15:48:18 -07:00
Jared Kirschner
443f4bc2a2 docs: suggest using token header, not query param 2022-07-20 15:16:27 -07:00
Jared Kirschner
281892ab7c
Merge pull request #13405 from hashicorp/jkirschner-hashicorp-patch-3
docs: correct Vault CA multiple namespace support
2022-07-20 17:52:32 -04:00
Luke Kysow
741c906b0d
Add heartbeat proto to peer stream (#13804) 2022-07-20 11:31:02 -07:00
Michael Klein
cab88bcd1e
ui: no partition and peer in bucket-list at the same time (#13812)
* don't show partition / peer at the same time in bucket-list

* use bucket-list in intentions table

* add bucket-list tests

* Simplify bucket list - match old behavior

Refactor the bucket-list component to be easier to grok and match
how the old template based approach worked. I.e. do not surface
partition or namespace when it matches the passed nspace or partition
property.

* Update docs for bucket-list

* fix linting
2022-07-20 16:07:52 +01:00
John Cowen
6be4a0629a
ui: Add Peer Form (#13794) 2022-07-20 12:58:47 +01:00
John Cowen
854b5a93e7
ui: Peer token use form (#13792) 2022-07-20 12:38:39 +01:00
Evan Culver
4116537b83
connect: Add support for Envoy 1.23, remove 1.19 (#13807) 2022-07-19 14:51:04 -07:00
Paul Glass
77afe0e76e
Extract AWS auth implementation out of Consul (#13760) 2022-07-19 16:26:44 -05:00
Chris S. Kim
495936300e
Make envoy resources for inferred peered upstreams (#13758)
Peered upstreams has a separate loop in xds from discovery chain upstreams. This PR adds similar but slightly modified code to add filters for peered upstream listeners, clusters, and endpoints in the case of transparent proxy.
2022-07-19 14:56:28 -04:00
alex
de5a991d8c
peering: refactor reconcile, cleanup (#13795)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-19 11:43:29 -07:00
Ranjandas
eb4f479e7e
Update Single DC Multi K8S doc (#13278)
* Updated note with details of various K8S CNI options

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-19 09:45:41 -07:00
Luke Kysow
bb943bc77c
makefile: give better error for tool installed by wrong package (#13797)
I had protoc-gen-go installed through `google.golang.org/protobuf` instead of
`github.com/golang/protobuf` and `make proto` was failing silently.
This change will ensure you get an error:

```
protoc-gen-go is already installed by module "google.golang.org/protobuf" but
should be installed by module "github.com/golang/protobuf".
Delete it and re-run to re-install.
```
2022-07-19 09:16:24 -07:00
Michael Klein
dc84ea9f85
ui: chore - fix CI test-suite (#13799)
* fix linting issue

* Update datacenter selector page-object to not include separator.

* change non-valid li to div for singe dc name
2022-07-19 14:06:11 +01:00
Jared Kirschner
067272b53f
Merge pull request #13787 from hashicorp/fix-acl-read-token-self-expanded-panic
Fix panic on acl token read with -self and -expanded
2022-07-18 20:34:50 -04:00
Luke Kysow
e8d965e56f
peerstream: set keepalive enforcement to 15s (#13796)
The client is set to send keepalive pings every 30s. The server
keepalive enforcement must be set to a number less than that,
otherwise it will disconnect clients for sending pings too often.
MinTime governs the minimum amount of time between pings.
2022-07-18 16:12:03 -07:00
Jared Kirschner
927033e672 Fix panic on acl token read with -self and -expanded 2022-07-18 15:52:05 -07:00
alex
7c0daeade8
fix leader annotation (#13786)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-18 10:34:59 -07:00
alex
a9ae2ff4fa
peering: track exported services (#13784)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-18 10:20:04 -07:00
John Cowen
d6dcef18c8
ui: Add peer token generation form (#13755)
* ui: Add peer token generation form
2022-07-18 17:39:52 +01:00
John Cowen
56446d540a
ui: Adds Peer initiation form (#13754) 2022-07-18 17:39:22 +01:00
John Cowen
24417d94ed
ui: Add a modal.opened property for inspecting whether the modal is open (#13723)
* ui: Add a modal.opened property for inspecting whether the modal is open

* merge isOpen setting into the exiting event handler

* Revert to multiple listeners, plus comment to explain

* Wrap close in an afterRender
2022-07-18 15:30:37 +01:00
Michael Klein
cdf40a6ae6
ui: wan federation message dc-dropdown (#13753)
* Only display dc dropdown when more than one dc is available

* Add wan federation message to dc dropdown

* Add test for conditionally displaying dc dropdown

* Move single datacenter indicator into datacenter selector

* Add `DATACENTERS` seperator dc dropdown

* "fix" unnecessary margin-top in dc dropdown
2022-07-18 13:22:17 +01:00
Krastin Krastev
49ac06a51e docs: clean-up expanded service def 2022-07-18 13:45:59 +03:00
R.B. Boyer
cd513aeead
peerstream: require a resource subscription to receive updates of that type (#13767)
This mimics xDS's discovery protocol where you must request a resource
explicitly for the exporting side to send those events to you.

As part of this I aligned the overall ResourceURL with the TypeURL that
gets embedded into the encoded protobuf Any construct. The
CheckServiceNodes is now wrapped in a better named "ExportedService"
struct now.
2022-07-15 15:03:40 -05:00
R.B. Boyer
c737301093
peerstream: fix test assertions (#13780) 2022-07-15 14:43:24 -05:00
Luke Kysow
46381b1a7f
Add docs for peerStreamServer vs peeringServer. (#13781) 2022-07-15 12:23:05 -07:00
Luke Kysow
ca3d7c964c
peerstream: dialer should reconnect when stream closes (#13745)
* peerstream: dialer should reconnect when stream closes

If the stream is closed unexpectedly (i.e. when we haven't received
a terminated message), the dialer should attempt to re-establish the
stream.

Previously, the `HandleStream` would return `nil` when the stream
was closed. The caller then assumed the stream was terminated on purpose
and so didn't reconnect when instead it was stopped unexpectedly and
the dialer should have attempted to reconnect.
2022-07-15 11:58:33 -07:00
R.B. Boyer
0678bf91a7
test: fix flaky test TestAPI_CatalogNodes (#13779) 2022-07-15 13:24:22 -05:00
R.B. Boyer
bb4d4040fb
server: ensure peer replication can successfully use TLS over external gRPC (#13733)
Ensure that the peer stream replication rpc can successfully be used with TLS activated.

Also:

- If key material is configured for the gRPC port but HTTPS is not
  enabled now TLS will still be activated for the gRPC port.

- peerstream replication stream opened by the establishing-side will now
  ignore grpc.WithBlock so that TLS errors will bubble up instead of
  being awkwardly delayed or suppressed
2022-07-15 13:15:50 -05:00
alex
adb5ffa1a6
peering: track imported services (#13718) 2022-07-15 10:20:43 -07:00
Evan Culver
d523d005d9
Latest submodule versions (#13750) 2022-07-15 09:58:21 -07:00
alex
b7043f7150
peering: add warning about AllowStaleRead (#13768) 2022-07-15 09:56:33 -07:00
John Murret
304d79b358
Made changes based on Adams suggestions (#13490)
* Made changes based on Adams suggestions

* updating list layout in systems integration guide.  updating wan federation docs.

* fixing env vars on systems integration page

* fixing h3 to h2 on enterprise license page

* Changed `The following steps will be performed` to `Complete the following steps`

* Replaced `These steps will be repeated for each datacenter` with `Repeat the following steps for each datacenter in the cluster`

* Emphasizing that kv2 secrets only need to be stored once.

* Move the sentence indicating where the vault path maps to the helm chart out of the -> Note callout

* remaining suggestions

* Removing store the secret in Vault from server-tls page

* Making the Bootstrapping the Server PKI Engine sections the same on server-tls and webhook-cert pages

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Updating VAULT_ADDR on systems-integration to get it out of the shell.

* Updating intro paragraph of Overview on systems-integration.mdx to what Adamsuggested.

* Putting the GKE, AKS, AKS info into tabs on the systems integration page.

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-15 10:35:42 -06:00
Matt Keeler
257f88d4df
Use Node Name for peering healthSnapshot instead of ID (#13773)
A Node ID is not a required field with Consul’s data model. Therefore we cannot reliably expect all uses to have it. However the node name is required and must be unique so its equally as good of a key for the internal healthSnapshot node tracking.
2022-07-15 10:51:38 -04:00
Matt Keeler
05b5e7e2ca
Enable partition support for peering establishment (#13772)
Prior to this the dialing side of the peering would only ever work within the default partition. This commit allows properly parsing the partition field out of the API struct request body, query param and header.
2022-07-15 10:07:07 -04:00
Michele Degges
c4e45bc6c8
[CI-only] Support fossa scanning (#13694) 2022-07-14 13:02:13 -07:00
Dan Stough
49f3dadb8f feat: connect proxy xDS for destinations
Signed-off-by: Dhia Ayachi <dhia@hashicorp.com>
2022-07-14 15:27:02 -04:00