DanStough
2da8949d78
feat: convert destination address to slice
2022-07-25 12:31:58 -04:00
Luke Kysow
cf4af7c765
Re-document peering disabled ( #13879 )
...
Change wording because it does have effect on clients because it
disables peering in the UI served from that client.
2022-07-25 09:30:37 -07:00
Freddy
f03cca7576
[OSS] Add ACL enforcement to peering endpoints ( #13878 )
2022-07-25 10:04:10 -06:00
Matt Keeler
58e4d8235b
Enable/Disable Peering Support in the UI ( #13816 )
...
We enabled/disable based on the config flag.
2022-07-25 11:50:11 -04:00
freddygv
b544ce6485
Add ACL enforcement to peering endpoints
2022-07-25 09:34:29 -06:00
Kyle Havlovitz
016f963e7e
Remove excess debug log from ingress upstream shutdown
2022-07-22 17:29:38 -07:00
alex
279d458e6e
peering: use ShouldDial to validate peer role ( #13823 )
...
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-22 15:56:25 -07:00
Luke Kysow
a1e6d69454
peering: add config to enable/disable peering ( #13867 )
...
* peering: add config to enable/disable peering
Add config:
```
peering {
enabled = true
}
```
Defaults to true. When disabled:
1. All peering RPC endpoints will return an error
2. Leader won't start its peering establishment goroutines
3. Leader won't start its peering deletion goroutines
2022-07-22 15:20:21 -07:00
Kyle Havlovitz
0786517b56
Merge pull request #13847 from hashicorp/gateway-goroutine-leak
...
Fix goroutine leaks in proxycfg when using ingress gateway
2022-07-22 14:43:22 -07:00
Freddy
f99df57840
[OSS] Add new peering ACL rule ( #13848 )
...
This commit adds a new ACL rule named "peering" to authorize
actions taken against peering-related endpoints.
The "peering" rule has several key properties:
- It is scoped to a partition, and MUST be defined in the default
namespace.
- Its access level must be "read', "write", or "deny".
- Granting an access level will apply to all peerings. This ACL rule
cannot be used to selective grant access to some peerings but not
others.
- If the peering rule is not specified, we fall back to the "operator"
rule and then the default ACL rule.
2022-07-22 14:42:23 -06:00
NicoletaPopoviciu
a3cdcf0c86
docs: Updates k8s annotation docs ( #13809 )
...
* Updates k8s annotation docs
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2022-07-22 13:26:31 -07:00
Sarah Alsmiller
082ad42ff4
add redirects
2022-07-22 14:20:27 -05:00
alex
927cee692b
peering: emit exported services count metric ( #13811 )
...
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-22 12:05:08 -07:00
Matt Keeler
77917b6b5d
Rename some protobuf package names to be fqdn like ( #13861 )
...
These are used in various bits of the wire format (for gRPC) and internally with Go’s registry so we want to namespace things properly.
2022-07-22 14:59:34 -04:00
Kyle Havlovitz
6e1dd05a19
Add changelog note
2022-07-22 10:33:50 -07:00
A.J. Sanon
90ae5ffd16
Add ECS audit logging docs ( #13729 )
2022-07-22 13:30:25 -04:00
Michael Klein
bcbc36ecec
Improve peered service empty downstreams message ( #13854 )
2022-07-22 19:28:13 +02:00
sarahalsmiller
355f6dbd48
Update website/content/docs/api-gateway/usage/basic-usage.mdx
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-22 09:45:00 -05:00
Daniel Upton
a8df87f574
proxycfg-glue: server-local implementation of ExportedPeeredServices
...
This is the OSS portion of enterprise PR 2377.
Adds a server-local implementation of the proxycfg.ExportedPeeredServices
interface that sources data from a blocking query against the server's
state store.
2022-07-22 15:23:23 +01:00
Eric Haberkorn
501089292e
Add Cluster Peering Failover Support to Prepared Queries ( #13835 )
...
Add peering failover support to prepared queries
2022-07-22 09:14:43 -04:00
Sarah Alsmiller
2f8b0174b2
fix tabs
2022-07-21 17:38:57 -05:00
Sarah Alsmiller
596f421881
fix tabs
2022-07-21 17:21:22 -05:00
Sarah Alsmiller
7d66c77f9c
fix tabs
2022-07-21 17:11:07 -05:00
Nitya Dhanushkodi
f47319b7c6
update generate token endpoint to take external addresses ( #13844 )
...
Update generate token endpoint (rpc, http, and api module)
If ServerExternalAddresses are set, it will override any addresses gotten from the "consul" service, and be used in the token instead, and dialed by the dialer. This allows for setting up a load balancer for example, in front of the consul servers.
2022-07-21 14:56:11 -07:00
Sarah Alsmiller
add15bec2e
fix tabs
2022-07-21 16:54:03 -05:00
Sarah Alsmiller
b9501b5170
erge branch 'sa-restructure-documentation' of github.com:hashicorp/consul into sa-restructure-documentation
2022-07-21 15:13:00 -05:00
Sarah Alsmiller
e0d38ea01e
add consul k8s install instructions
2022-07-21 15:12:49 -05:00
sarahalsmiller
c9f622de38
Update website/content/docs/api-gateway/configuration/gatewayclassconfig.mdx
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:59:14 -05:00
Sarah Alsmiller
63e806f993
Merge branch 'sa-restructure-documentation' of github.com:hashicorp/consul into sa-restructure-documentation
2022-07-21 14:54:04 -05:00
Sarah Alsmiller
20e97a7729
merge back in mike's environment doc in install
2022-07-21 14:53:55 -05:00
sarahalsmiller
c54e0904de
Update website/content/docs/api-gateway/configuration/gateway.mdx
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:55 -05:00
sarahalsmiller
5d02480430
Update website/content/docs/api-gateway/configuration/gateway.mdx
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:47 -05:00
sarahalsmiller
dfc9ae4a60
Update website/content/docs/api-gateway/configuration/gateway.mdx
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:34 -05:00
sarahalsmiller
9feb465f62
Update website/content/docs/api-gateway/configuration/gateway.mdx
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:25 -05:00
alex
58d66a002e
Merge pull request #13845 from hashicorp/acpana/peering-rename-oss
...
[SYNC] Rename peering internal to ~
2022-07-21 11:20:38 -07:00
acpana
12b773ab02
Rename peering internal to ~
...
sync ENT to 5679392c81
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-21 10:51:05 -07:00
Luke Kysow
0c87be0845
peering: Add heartbeating to peering streams ( #13806 )
...
* Add heartbeating to peering streams
2022-07-21 10:03:27 -07:00
Chris Thain
af40b9b144
Add Consul Lambda integration tests ( #13770 )
2022-07-21 09:54:56 -07:00
John Cowen
c9898fb38e
ui: Change initiate > establish for peering the modal tab ( #13839 )
2022-07-21 17:39:15 +01:00
John Cowen
e2908679c6
ui: Allow searching for peerings by ID ( #13837 )
2022-07-21 17:38:57 +01:00
John Cowen
b960cb671f
ui: Remove peering detail page ( #13836 )
...
* ui: Remove links to the peering detail page
* 404 everything
2022-07-21 17:38:10 +01:00
Michael Klein
2f81c7b292
ui: peered services only show instance- and tags-tabs ( #13840 )
...
* Only show instances- and tags-tab peered services
* Adapt show-with-slashes test to peering changes
Tests always have the peering feature turned on and the default service
we load from the mock-api will be peered. This is why the topology
view of the service.show page will not be accessible in the updated
test it will show the instances instead. This change does not change
what the test is actually testing so just putting changing to the now
different url is fine.
2022-07-21 16:09:54 +01:00
Michael Klein
b1a39fc12f
ui: Surface peer info in nodes.show view ( #13832 )
2022-07-21 15:35:54 +01:00
Michael Klein
07f30687d5
ui: Update peerings empty state copy ( #13834 )
2022-07-21 14:59:38 +01:00
Daniel Upton
3655802fdc
proxycfg-glue: server-local implementation of PeeredUpstreams
...
This is the OSS portion of enterprise PR 2352.
It adds a server-local implementation of the proxycfg.PeeredUpstreams interface
based on a blocking query against the server's state store.
It also fixes an omission in the Virtual IP freeing logic where we were never
updating the max index (and therefore blocking queries against
VirtualIPsForAllImportedServices would not return on service deletion).
2022-07-21 13:51:59 +01:00
Krastin Krastev
8d4baafd84
Merge pull request #12592 from krastin/krastin/docs/sidecarservice-typo
...
docs: clean-up sidecar service expanded definition
2022-07-21 10:21:48 +02:00
Krastin Krastev
25b6148aa8
Merge branch 'main' into krastin/docs/sidecarservice-typo
2022-07-21 10:51:39 +03:00
Jared Kirschner
e0d9f07c28
Merge pull request #13682 from hashicorp/docs/deemphasize-token-query-param
...
docs: suggest using token header, not query param
2022-07-20 19:22:53 -04:00
Luke Kysow
c411e6b326
Add send mutex to protect against concurrent sends ( #13805 )
2022-07-20 15:48:18 -07:00
Jared Kirschner
443f4bc2a2
docs: suggest using token header, not query param
2022-07-20 15:16:27 -07:00