Commit Graph

18945 Commits

Author SHA1 Message Date
freddygv 3034df6a5c Require Connect and TLS to generate peering tokens
By requiring Connect and a gRPC TLS listener we can automatically
configure TLS for all peering control-plane traffic.
2022-10-07 09:06:29 -06:00
freddygv fac3ddc857 Use internal server certificate for peering TLS
A previous commit introduced an internally-managed server certificate
to use for peering-related purposes.

Now the peering token has been updated to match that behavior:
- The server name matches the structure of the server cert
- The CA PEMs correspond to the Connect CA

Note that if Conect is disabled, and by extension the Connect CA, we
fall back to the previous behavior of returning the manually configured
certs and local server SNI.

Several tests were updated to use the gRPC TLS port since they enable
Connect by default. This means that the peering token will embed the
Connect CA, and the dialer will expect a TLS listener.
2022-10-07 09:05:32 -06:00
freddygv 5f97223822 Simplify mgw watch mgmt 2022-10-07 08:54:37 -06:00
freddygv d54db25421 Use existing query options to build ctx 2022-10-07 08:46:53 -06:00
DanStough 77ab28c5c7 feat: xDS updates for peerings control plane through mesh gw 2022-10-07 08:46:42 -06:00
Tyler Wendlandt 2c349bb126
ui: Remove node name from agentless service instance (#14903)
* [NET-949]: Remove node name from agentless instance

* Add changelog entry
2022-10-07 04:01:34 -06:00
Tim Rosenblatt 97ad73ad24
Fixes broken URLs in Dataplane docs (#14910) 2022-10-06 19:23:02 -07:00
Jared Kirschner 8c3376d1e5
Merge pull request #14898 from hashicorp/docs/new-vault-connect-ca-permissions-needed
docs: vault ca provider patch upgrade guidance
2022-10-06 19:11:50 -04:00
Jared Kirschner 2603c0da52 docs: vault ca provider patch upgrade guidance 2022-10-06 16:04:43 -07:00
HashiBot 1ade1de38b
website: upgrade next version (#14906)
Co-authored-by: Bryce Kalow <bkalow@hashicorp.com>
2022-10-06 14:15:47 -05:00
Tyler Wendlandt f0be55df86
ui: Update empty-state copy throughout app (#14721)
* Update empty-state copy throughout app

Update empty-states throughout the app to only include mentions of ACLs if the user has ACLs enabled.

* Update peers empty state copy
Flip the empty state copy logic for peers. Small typo fixes on other empty states.

* Update Node empty state with docs

* Update intentions empty state
Make ACL copy dependent on if acls are enabled.

* Update Nodes empty state learn copy

* Fix binding rule copy key
2022-10-06 11:01:49 -06:00
Michael Klein 62a66a32d7
ui: Setup Hashicorp Design System for usage in consul-ui (#14394)
* Use postcss instead of ember-cli-sass

This will make it possible to work with tailwindcss.

* configure postcss to compile sass
* add "sub-app" css into app/styles tree

* pin node@14 via volta

Only used by people that use volta

* Install tailwind and autoprefixer

* Create tailwind config

* Use tailwind via postcss

* Fix: tailwind changes current styling

When adding tailwind to the bottom of app.scss we apparently
change the way the application looks. We will import
it first to make sure we don't change the current styling
of the application right now.

* Automatic import of HDS colors in tailwind

* Install @hashicorp/design-system-components

* install add-on
* setup postcss scss pipeline to include tokens css
* import add-on css

* Install ember-auto-import v2

HDS depends on v2 of ember-auto-import so we need to upgrade.

* Upgrade ember-cli-yadda

v0.6.0 of ember-cli-yadda adds configuration for webpack.
This configuration is incompatible with webpack v5
which ember-auto-import v2 is using.
We need to upgrade ember-cli-yadda to the latest
version that fixes this incompatability with auto-import v2

* Install ember-flight-icons

HDS components are using the addon internally.

* Document HDS usage in engineering docs

* Upgrade ember-cli-api-double

* fix new linting errors
2022-10-06 17:17:20 +02:00
Eric Haberkorn 1633cf20ea
Make the mesh gateway changes to allow `local` mode for cluster peering data plane traffic (#14817)
Make the mesh gateway changes to allow `local` mode for cluster peering data plane traffic
2022-10-06 09:54:14 -04:00
cskh c1b5f34fb7
fix: missing UDP field in checkType (#14885)
* fix: missing UDP field in checkType

* Add changelog

* Update doc
2022-10-05 15:57:21 -04:00
Derek Menteer a279d2d329
Fix explicit tproxy listeners with discovery chains. (#14751)
Fix explicit tproxy listeners with discovery chains.
2022-10-05 14:38:25 -05:00
Tyler Wendlandt 3638dc13fb
ui: Wrap service names on show and instance routes (#14771)
* Wrap service names on show and instance routes
Moves the trailing type/kind/actions to the second row of the header
no matter what length the service name is. Wraps service name text.

* Change grid format of AppView globally

* Add tooltips to the last element of breadcrumbs
2022-10-05 13:21:34 -06:00
Matt Keeler 2811925417
Add changelog entry for #12890 2022-10-05 13:35:07 -04:00
Alex Oskotsky 13da2c5fad
Add the ability to retry on reset connection to service-routers (#12890) 2022-10-05 13:06:44 -04:00
Tu Nguyen f650aa0044
fix broken links (#14892) 2022-10-05 09:54:49 -07:00
cskh 995671ff6f
fix(api): missing peer name in query option (#14835) 2022-10-05 10:04:08 -04:00
Michael Klein 6fbe799178
Allow managed-runtime badge to be dynamic (#14853) 2022-10-05 11:48:03 +02:00
Nathan Coleman 78b437760b
Merge pull request #14880 from hashicorp/nathancoleman-patch-1
Update CAPIGW comparison docs
2022-10-04 20:14:23 -04:00
Ashlee M Boyer c6ace151dc
Merge pull request #14878 from hashicorp/docs/amb.fix-broken-links
[docs] Fix broken Learn link
2022-10-04 19:11:06 -05:00
Ashlee Boyer b5a468aa6e empty commit 2022-10-04 20:09:33 -04:00
John Murret 79a541fd7d
Upgrade serf to v0.10.1 and memberlist to v0.5.0 to get memberlist size metrics and broadcast queue depth metric (#14873)
* updating to serf v0.10.1 and memberlist v0.5.0 to get memberlist size metrics and memberlist broadcast queue depth metric

* update changelog

* update changelog

* correcting changelog

* adding "QueueCheckInterval" for memberlist to test

* updating integration test containers to grab latest api
2022-10-04 17:51:37 -06:00
Nathan Coleman 90db6f4fd0
Update website/content/docs/consul-vs-other/api-gateway-compare.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-10-04 19:41:16 -04:00
Nathan Coleman 86722af89f
Update website/content/docs/consul-vs-other/api-gateway-compare.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2022-10-04 18:05:03 -04:00
Nathan Coleman e22d575240
Use consistent casing for "Consul API Gateway" vs. "API gateway" 2022-10-04 17:35:58 -04:00
Nathan Coleman 710e010594
Update documentation link to improve readability 2022-10-04 17:34:32 -04:00
Ashlee Boyer d42831e6c5 Empty-Commit 2022-10-04 16:39:56 -04:00
Evan Culver a3be5a5a82
connect: Bump Envoy 1.20 to 1.20.7, 1.21 to 1.21.5 and 1.22 to 1.22.5 (#14831) 2022-10-04 13:15:01 -07:00
Paul Glass 23e52a1040
docs: Consul Dataplane Version Compatibility (#14710)
Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2022-10-04 15:02:28 -05:00
Kyle Schochenmaier f64ff29d43
update helm docs for consul-k8s 1.0.0-beta1 (#14875) 2022-10-04 12:59:53 -07:00
Derek Menteer 678adb3154
Add peering integration tests (#14836)
Add peering integration tests.
2022-10-04 13:51:04 -05:00
Eric Haberkorn 1b565444be
Rename `PeerName` to `Peer` on prepared queries and exported services (#14854) 2022-10-04 14:46:15 -04:00
Jeff Boruszak f2d42f97d5
Merge pull request #14870 from hashicorp/docs/hyperlink-fixes
docs: Windows tutorial hyperlink fix #2
2022-10-04 13:16:14 -05:00
Ashlee M Boyer bf2edc4414
Remove unneeded in params 2022-10-04 14:13:57 -04:00
Ashlee M Boyer c9236128bf
Fixing broken links 2022-10-04 14:00:32 -04:00
boruszak 904ab64a57 Link fix 2022-10-04 12:42:59 -05:00
Jeff Boruszak 31436b66e0
Merge pull request #14867 from hashicorp/docs/hyperlink-fixes
docs: Windows VM tutorial link fix
2022-10-04 12:26:21 -05:00
boruszak 213b50b170 Tutorial link fix 2022-10-04 12:19:24 -05:00
Jeff Boruszak 87d7bd8a40
Merge pull request #14794 from hashicorp/docs/cluster-peering
docs: Cluster peering 1.14 beta release
2022-10-04 10:46:57 -05:00
Jeff Boruszak 9b99795530
Merge pull request #14770 from hashicorp/docs/agentless-beta
docs: Consul Dataplane (Agentless) Beta
2022-10-04 10:41:43 -05:00
Jeff Boruszak eedfca25c8
Merge pull request #14769 from hashicorp/docs/consul-on-windows-vms
docs: Consul on Windows VMs Envoy bootstrapping
2022-10-04 10:41:11 -05:00
trujillo-adam 6f1d7fcd02
Merge pull request #14779 from hashicorp/docs/invoke-services-from-lambda
Docs/invoke services from lambda
2022-10-04 08:37:48 -07:00
boruszak c1f71e3ef8 list 2022-10-04 10:37:39 -05:00
boruszak 9792f9ea26 Reverts + fix 2022-10-04 10:37:39 -05:00
Luke Kysow 960c42854b
Remove terminal colouring from test output so it is (#14810)
more readable in CI.

```
Running primary verification step for case-ingress-gateway-multiple-services...
�[34;1mverify.bats
�[0m�[1G   ingress proxy admin is up on :20000�[K�[75G 1/12�[2G�[1G ✓ ingress proxy admin is up on :20000�[K
�[0m�[1G   s1 proxy admin is up on :19000�[K�[75G 2/12�[2G�[1G ✓ s1 proxy admin is up on :19000�[K
�[0m�[1G   s2 proxy admin is up on :19001�[K�[75G 3/12�[2G�[1G ✓ s2 proxy admin is up on :19001�[K
�[0m�[1G   s1 proxy listener should be up and have right cert�[K�[75G 4/12�[2G�[1G ✓ s1 proxy listener should be up and have right cert�[K
�[0m�[1G   s2 proxy listener should be up and have right cert�[K�[75G 5/12�[2G�[1G ✓ s2 proxy listener should be up and have right cert�[K
�[0m�[1G   ingress-gateway should have healthy endpoints for s1�[K�[75G 6/12�[2G�[31;1m�[1G ✗ ingress-gateway should have healthy endpoints for s1�[K
�[0m�[31;22m   (from function `assert_upstream_has_endpoints_in_status' in file /workdir/primary/bats/helpers.bash, line 385,
```

versus

```
Running primary verification step for case-ingress-gateway-multiple-services...
1..12
ok 1 ingress proxy admin is up on :20000
ok 2 s1 proxy admin is up on :19000
ok 3 s2 proxy admin is up on :19001
ok 4 s1 proxy listener should be up and have right cert
ok 5 s2 proxy listener should be up and have right cert
not ok 6 ingress-gateway should have healthy endpoints for s1
not ok 7 s1 proxy should have been configured with max_connections in services
ok 8 ingress-gateway should have healthy endpoints for s2
```
2022-10-04 08:35:19 -07:00
boruszak cf796ce330 More group fix attempts 2022-10-04 10:20:14 -05:00
boruszak b455e0d5c8 Tabs fix again 2022-10-04 10:00:53 -05:00