20773 Commits

Author SHA1 Message Date
R.B. Boyer
4d7754ad25
test: update makefile to include ways to trigger deployer integration tests (#19553) 2023-11-07 12:41:14 -06:00
Tyler Wendlandt
1f5aa83a9e
ui: clear peer on home link (#19549)
Clear peer on home link
2023-11-07 10:27:20 -07:00
Nathan Coleman
028f1d8c50
NET-6390 Initialize MeshGateway proto (#19548) 2023-11-07 12:24:54 -05:00
Derek Menteer
393f7a429b
Fix more test flakes (#19533)
Fix flaky snapshot and metrics tests.
2023-11-07 10:15:50 -06:00
R.B. Boyer
a66cb58e71
test: fix some of the peering topology tests to safely run without tenancy in CE (#19540) 2023-11-07 10:11:42 -06:00
Ashwin Venkatesh
64db2d9c58
Add kubebuilder annotations to enums (#19454) 2023-11-07 11:02:38 -05:00
John Murret
f115cdb1d5
NET-6385 - Static routes that are inlined in listener filters are also created as a resource. (#19459)
* cover all protocols in local_app golden tests

* fix xds tests

* updating latest

* fix broken test

* add sorting of routers to TestBuildLocalApp to get rid of the flaking

* cover all protocols in local_app golden tests

* cover all protocols in local_app golden tests

* cover all protocols in local_app golden tests

* process envoy resource by walking the map.  use a map rather than array for envoy resource to prevent duplication.

* cleanup.  doc strings.

* update to latest

* fix broken test

* update tests after adding sorting of routers in local_app builder tests

* do not make endpoints for local_app

* fix catalog destinations only by creating clusters for any cluster not already created by walking the graph.

* Configure TestAllResourcesFromSnapshot to run V2 tests

* wip

* fix processing of failover groups

* add endpoints and clusters for any clusters that were not created from walking the listener -> path

* fix xds v2 golden files for clusters to include failover group clusters
2023-11-07 08:00:08 -07:00
Semir Patel
2da7dd077a
v2tenancy: register tenancy controller deps (#19531) 2023-11-07 08:06:10 -06:00
Ganesh S
5352ff945c
Added tenancy tests for WorkloadHealth controller (#19530) 2023-11-07 09:09:15 +05:30
trujillo-adam
24df835aff
added 1.17 features to enterprise overview (#19514)
* added 1.17 features to enterprise overview

* added features to runtime tables

* Apply suggestions from code review

Co-authored-by: David Yu <dyu@hashicorp.com>

* add ecs release notes

* add draft of 1.3.x consul-k8s release notes

* update nav with new release notes

* Apply suggestions from code review

Co-authored-by: Jeff Apple <79924108+Jeff-Apple@users.noreply.github.com>

---------

Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: Tu Nguyen <im2nguyen@gmail.com>
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
Co-authored-by: Jeff Apple <79924108+Jeff-Apple@users.noreply.github.com>
2023-11-06 13:55:14 -08:00
cskh
38d94282ca
Ci upgrade test 1 17 (#19536)
CI: upgrade test from 1.17
2023-11-06 21:35:59 +00:00
Michael Zalimeni
90aa83fb0f
[NET-5916] docs: Remove locality proxy startup section (#19534)
docs: Remove locality proxy startup section

This section is not necessary as it is not unique to the feature. The
instructions for starting proxies are available in other pages.
2023-11-06 21:02:44 +00:00
Michael Zalimeni
c9f2a6add4
[NET-5916] Update locality-aware routing docs (#19529)
* docs: Update locality-aware routing docs

- Align locality-aware routing documentation to the recommended use of the
feature and incorporate engineer feedback.
- Remove docs for unreleased multi-cluster failover feature.
- Fix minor typos and formatting in examples.

* docs: Fix rate limit docs typo
2023-11-06 15:03:47 -05:00
trujillo-adam
28b1469cb8
fixed typos in redirect for api gateways (#19526)
* fixed typos in redirect for api gateways

* one more typo

* final typo
2023-11-06 09:08:25 -08:00
Tyler Wendlandt
e5948e8eb4
CC-5545: Side Nav (#19342)
* Initial work for sidenav

* Use HDS::Text

* Add resolution for ember-element-helper

* WIP dc selector

* Update HCP Home link

* DC selector

* Hook up remaining selectors

* Fix settings and tutorial links

* Remove comments

* Remove skip-links

* Replace auth with new dropdown

* Use href-to helper for sidenav links

* Changelog

* Add description to NavSelector

* Wrap version in footer and role

* Fix login tests

* Add data-test selectors for namespaces

* Fix datacenter disclosure menu test

* Stop rendering auth dialog if acls are disabled

* Update disabled selector state and token selector

* Fix logic in ACL selector

* Fix HCP Home integration test

* Remove toggling the sidenav in tests

* Add sidenav to eng docs

* Re-add debug navigation for eng docs

* Remove ember-in-viewport

* Remove unused styles

* Upgrade @hashicorp/design-system-componentseee

* Add translations for side-nav

* Only show back to hcp link if url is present

* Disable responsive due to a11y-dialog issue
2023-11-06 08:18:48 -07:00
Derek Menteer
6baf695cd9
[NET-6459] Fix issue with wanfed lan ip conflicts. (#19503)
Fix issue with wanfed lan ip conflicts.

Prior to this commit, the connection pools were unaware which datacenter the
connection was associated with. This meant that any time servers with
overlapping LAN IP addresses and node shortnames existed, they would be
incorrectly co-located in the same pool. Whenever this occurred, the servers
would get stuck in an infinite loop of forwarding RPCs to themselves (rather
than the intended remote DC) until they eventually run out of memory.

Most notably, this issue can occur whenever wan federation through mesh
gateways is enabled.

This fix adds extra metadata to specify which DC the connection is associated
with in the pool.
2023-11-06 08:47:12 -06:00
Derek Menteer
395d32e5ad
Shuffle CICD tests to spread worker load. (#19501) 2023-11-06 08:23:34 -06:00
R.B. Boyer
6f4e037621
testing: disable v2 linkage to nodes in integration tests (#19509) 2023-11-03 21:00:48 +00:00
John Murret
74daaa5043
XDS V1 should not make runs for TCP Disco Chains. (#19496)
* XDS V1 should not make runs for TCP Disco Chains.

* update TestEnvoyExtenderWithSnapshot
2023-11-03 14:53:17 -06:00
Poonam Jadhav
c3c836edae
Net-6291/fix/watch resources (#19467)
* fix: update watch endpoint to default based on scope

* test: additional test

* refactor: rename list validate function

* refactor: rename validate<Op>Request() -> ensure<Op>RequestValid() for consistency
2023-11-03 16:03:07 -04:00
R.B. Boyer
65592d91a8
chore: apply enterprise changes that were missed to some testing files (#19504)
This should align between CE ef35525 and ENT 7f95226dbe40151c8f17dd4464784b60cf358dc1 in:

- testing/integration/consul-container
- test-integ
- testing/deployer
2023-11-03 11:43:43 -05:00
Dan Stough
fd128f4947
build: dependency updates for 1.17.0 (#19453) 2023-11-03 12:29:59 -04:00
Semir Patel
ef35525cf1
resource: finalizer aware delete endpoint (2 of 5) (#19493)
resource: make delete endpoint finalizer aware
2023-11-03 10:10:58 -04:00
John Murret
d94d316204
NET-6319 - L7 routes have statePrefix of upstream. and should have a full path (#19473) 2023-11-02 19:58:54 -06:00
Nitya Dhanushkodi
2bc0bc30b9
update v2 changelog (#19446) 2023-11-02 14:59:55 -07:00
R.B. Boyer
4b85aa5a97
testing/deployer: support tproxy in v2 for dataplane (#19094)
This updates the testing/deployer (aka "topology test") framework to allow for a 
v2-oriented topology to opt services into enabling TransparentProxy. The restrictions 
are similar to that of #19046

The multiport Ports map that was added in #19046 was changed to allow for the 
protocol to be specified at this time, but for now the only supported protocol is TCP 
as only L4 functions currently on main.

As part of making transparent proxy work, the DNS server needed a new zonefile 
for responding to virtual.consul requests, since there is no Kubernetes DNS and 
the Consul DNS work for v2 has not happened yet. Once Consul DNS supports v2 we should switch over. For now the format of queries is:

<service>--<namespace>--<partition>.virtual.consul

Additionally:

- All transparent proxy enabled services are assigned a virtual ip in the 10.244.0/24
  range. This is something Consul will do in v2 at a later date, likely during 1.18.
- All services with exposed ports (non-mesh) are assigned a virtual port number for use
  with tproxy
- The consul-dataplane image has been made un-distroless, and gotten the necessary
  tools to execute consul connect redirect-traffic before running dataplane, thus simulating
  a kubernetes init container in plain docker.
2023-11-02 16:13:16 -05:00
Semir Patel
aaac20f4a8
resource: misc finalizer apis (#19474) 2023-11-02 15:56:02 -05:00
R.B. Boyer
a72f868218
testing/deployer: update deployer to use v2 catalog constructs when requested (#19046)
This updates the testing/deployer (aka "topology test") framework to conditionally 
configure and launch catalog constructs using v2 resources. This is controlled via a 
Version field on the Node construct in a topology.Config. This only functions for a 
dataplane type and has other restrictions that match the rest of v2 (no peering, no 
wanfed, no mesh gateways).

Like config entries, you can statically provide a set of initial resources to be synced 
when bringing up the cluster (beyond those that are generated for you such as 
workloads, services, etc).

If you want to author a test that can be freely converted between v1 and v2 then that 
is possible. If you switch to the multi-port definition on a topology.Service (aka 
"workload/instance") then that makes v1 ineligible.

This also adds a starter set of "on every PR" integration tests for single and multiport 
under test-integ/catalogv2
2023-11-02 14:25:48 -05:00
Derek Menteer
8f4c43727d
[NET-5916] Fix locality-aware routing config and tests (CE) (#19483)
Fix locality-aware routing config and tests
2023-11-02 14:05:06 -05:00
John Murret
77e9a50f8b
Source / local_app golden tests to include all protocols. (#19436)
* cover all protocols in local_app golden tests

* fix xds tests

* updating latest

* fix broken test

* add sorting of routers to TestBuildLocalApp to get rid of the flaking
2023-11-02 18:31:06 +00:00
skpratt
896d8f5ec5
temporarily disallow L7 traffic permissions (#19322) 2023-11-02 13:16:08 -05:00
R.B. Boyer
bb3d5a16c5
build: ensure we pull through the hashicorp proxy instead of going directly to the docker hub (#19482) 2023-11-02 12:58:54 -05:00
Semir Patel
815c52ac0d
Regen expired test certs (#19476) 2023-11-02 10:25:32 -05:00
John Maguire
413e2a7600
Update docs for service splitter example typo (#19469) 2023-11-01 14:59:40 -04:00
trujillo-adam
65605c554a
added redirect for conf entries 1.8.x (#19460) 2023-11-01 10:40:51 -07:00
Nathan Coleman
ca655ca7db
NET-5186 Add NET_BIND_SERVICE capability to consul-dataplane requirements (#18512)
* Add NET_BIND_SERVICE capability to list of consul-dataplane requirements

* Add link to related Kubernetes documentation

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-10-31 18:12:30 +00:00
Nathan Coleman
97d92add08
Fix typo in kind for JWT config on API Gateway (#19441) 2023-10-31 14:04:52 -04:00
David Yu
54717e683b
Update README.md (#19413) 2023-10-31 08:45:47 -07:00
David Yu
7a5d0a62dd
docs - Update k8s compat matrix (#19378)
* Update compatibility.mdx
2023-10-31 08:40:12 -07:00
cskh
4b26ed8eba
integ test: snapshot mesh frozen bug test (#19435)
* integ test: snapshot mesh frozen bug test
2023-10-30 18:20:23 -04:00
Tu Nguyen
e18901ba88
Update multi-port examples to remove spec.template.metadata.name (#19430) 2023-10-30 10:56:10 -07:00
Michael Zalimeni
42647de35d
[NET-6138] security: Bump google.golang.org/grpc to 1.56.3 (CVE-2023-44487) (#19414)
Bump google.golang.org/grpc to 1.56.3

This resolves [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487).

Co-authored-by: Chris Thain <chris.m.thain@gmail.com>
2023-10-30 08:44:22 -04:00
John Murret
3350a91fa0
increasing unit tests timeout from 10m to 30m (#19423) 2023-10-27 16:33:54 -07:00
John Murret
f0cf8f2f40
NET-6294 - v1 Agentless proxycfg datasource errors after v2 changes (#19365) 2023-10-27 14:06:38 -06:00
Chris S. Kim
1a6225ade2
Delete unused files (#19402) 2023-10-27 14:26:23 +00:00
Nathan Coleman
01bfa2ce24
Fix casing in example yaml config (#19369) 2023-10-27 09:14:47 -05:00
Semir Patel
0abd96c0d9
resource: resource service now checks for v2tenancy feature flag (#19400) 2023-10-27 08:55:02 -05:00
Matt Keeler
5698353652
Resource Hook Pre-Decode Utilities (#18548)
Add some generic type hook wrappers to first decode the data

There seems to be a pattern for Validation, Mutation and Write Authorization hooks where they first need to decode the Any data before doing the domain specific work.

This PR introduces 3 new functions to generate wrappers around the other hooks to pre-decode the data into a DecodedResource and pass that in instead of the original pbresource.Resource.

This PR also updates the various catalog data types to use the new hook generators.
2023-10-26 16:39:06 -04:00
Ronald
ea91e58045
Stop use of templated-policy and templated-policy-file simultaneously (#19389) 2023-10-26 18:15:12 +00:00
cskh
3b806d41c0
test deployer: fix a bug when deploying cluster with various ent images (#19381) 2023-10-26 13:12:20 -04:00