John Murret
11bcf521ae
dns v2 - both empty string and default should be allowed for namespace and partition in CE ( #21230 )
...
* dns v2 - both empty string and default should be allowed for namespace and partition in Ce
* add changelog
* use default partition constant
* use constants in validation.
---------
Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
2024-05-28 16:20:59 -06:00
Nathan Coleman
ad9ada883c
[NET-9510] Document known OpenShift issue for consul-k8s 1.2.x, 1.3.x and 1.4.x ( #21224 )
...
* Add OpenShift networking issue to Known Issues for 1.2.x, 1.3.x and 1.4.x
* Update website/content/docs/release-notes/consul-k8s/v1_2_x.mdx
2024-05-28 15:59:04 -04:00
Michael Zalimeni
9fb50fa769
Fix Consul versions in nightly 1.19 int tests ( #21226 )
...
We should be testing against n-2 + LTS, so we need to replace 1.16 with 1.18.
2024-05-28 12:55:52 -04:00
Jeff Boruszak
5f129ad5b2
docs: Fix heading errors in security models ( #21227 )
...
fixes
2024-05-28 09:54:38 -07:00
Michael Zalimeni
c1a7221406
[NET-9445] Re-enable 1.18 backports during 1.19 RC ( #21223 )
...
Re-enable 1.18 backports during 1.19 RC
Follow-up to #21219 .
2024-05-28 15:43:36 +00:00
Dan Stough
54a545d0db
build: prepare for 1.20.0 dev ( #21219 )
2024-05-24 22:00:14 -04:00
Dan Stough
f3d1a8bc78
build: set go-build reproducible to false ( #21218 )
2024-05-24 15:32:59 -04:00
Dan Stough
f70fcab2ab
build: bandaid for action-go-build clean flag ( #21217 )
2024-05-24 18:54:54 +00:00
Michael Zalimeni
d2b107ffe5
ci: update BPA to disable inactive CE backports ( #21214 )
...
Follow-up to #21094 , which temporarily downgraded BPA to allow for old
CE backport labels to be used during Consul's most recent patch release.
Upgrading fully enforces the version manifest and prevents accidental
backports to no-longer-active CE versions.
2024-05-24 13:52:38 -04:00
Dan Stough
cf1c030043
feat: update supported envoy to 1.29 ( #21142 )
2024-05-24 13:26:07 -04:00
Krastin Krastev
912c5f5a3c
docs: relocate Consul capacity planning page from waf/ to docs/ ( #21088 )
...
* moving tutorials/waf/capacity-planning to docs/
* Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* add metrics bullet links
---------
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2024-05-24 15:29:22 +03:00
Deniz Onur Duzgun
574f53d176
security: enable go stdlib scans ( #20905 )
...
* security: enable go stdlib scans
* security: enable go stdlib binary scan
* Fix formating
2024-05-23 13:40:59 -04:00
Blake Covarrubias
6f02144a14
docs: Fix spelling errors ( #21204 )
...
Fix spelling errors across docs site.
2024-05-22 22:36:57 +00:00
Ranjandas
b2a618ba8a
Fixes annotation and introduce tabs for static-client spec ( #21199 )
...
The upstream annotation is not required for external services defined
using the ServiceDefaults Destinations.
2024-05-23 07:27:26 +10:00
NicoletaPopoviciu
d5e92da8af
Update Vault/Nomad versions. ( #21193 )
...
* Update Vault/Nomad versions.
* Update test-integrations.yml
amend vault versions
* add nomad binary path to GITHUB_PATH
---------
Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2024-05-22 14:43:04 -04:00
R.B. Boyer
50b26aa56a
deployer: remove catalog/mesh v2 support ( #21194 )
...
- Low level plumbing for resources is still retained for now.
- Retain "Workload" terminology over "Service".
- Revert "Destination" terminology back to "Upstream".
- Remove TPROXY support as it only worked for v2.
2024-05-21 14:52:19 -05:00
Dhia Ayachi
6d088db52b
set go toolchain to go1.22.3 ( #21195 )
2024-05-21 14:38:48 -04:00
Sujata Roy
943f0072c0
Doc added for Version specific upgrade Consul on Kubernetes components ( #21101 )
...
* Added upgrade instruction - NET-4882
* Update website/content/docs/k8s/upgrade/index.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update index.mdx
Fixed the link of grpc ports
---------
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2024-05-20 16:05:32 -07:00
Jeff Boruszak
1c0f6e5597
docs: Well Architected Framework content migration ( #21099 )
...
* Migration
* move page
2024-05-20 14:04:10 -07:00
Dan Stough
f12ba3f2a5
chore: fix PR Labeler config ( #21141 )
...
chore: fix PR labeler config format
2024-05-20 16:25:59 -04:00
Jeff Boruszak
b9e84375a4
docs: FIPS certification ( #21131 )
...
* FIPS section
* small updates
* remove month
* backticks
2024-05-20 08:42:58 -07:00
Dhia Ayachi
1f4caaedf2
upgrade deep-copy version, upgrade go to 1.22.3 ( #21113 )
...
* upgrade deep-copy version, upgrade go to 1.22.3
* add changelog
2024-05-16 13:40:15 -04:00
John Murret
9b9c836915
latest ui files in main ( #21119 )
2024-05-15 23:52:11 +00:00
Becki Lee
3c24c4918d
docs: Fix two small typos in "What is Consul?" introduction ( #21110 )
...
docs: Fix two typos in Consul introduction
2024-05-15 18:40:32 +00:00
wangxinyi7
8c54eae705
Xw/update changelog main ( #21108 )
...
* update changelog
2024-05-15 17:19:29 +00:00
John Murret
04940e2c78
additional changes to ensure sameness groups without DefaultForFailover can be used for DNS ( #21107 )
2024-05-14 15:33:34 -06:00
Dan Stough
94791f76b5
build: update gha to latest approved tsccr ( #21061 )
...
* build: update gha to latest approved tsccr
* chore: update hashicorp gha versions
* fix: update upload artifact workload to have unique ids
2024-05-14 15:49:03 -04:00
John Murret
9b2c1be053
NET-5879 - expose sameness group param on service health endpoint and move sameness group health fallback logic into HealthService RPC layer ( #21096 )
...
* NET-5879 - move the filter for non-passing to occur in the health RPC layer rather than the callers of the RPC
* fix import of slices
* NET-5879 - expose sameness group param on service health endpoint and move sameness group health fallback logic into HealthService RPC layer
* fixing deepcopy
* fix license headers
2024-05-14 13:32:49 +00:00
John Murret
a975b04302
NET-5879 - move the filter for non-passing to occur in the health RPC layer rather than the callers of the RPC ( #21098 )
...
* NET-5879 - move the filter for non-passing to occur in the health RPC layer rather than the callers of the RPC
* fix import of slices
* fix test
2024-05-14 07:05:54 -06:00
Blake Covarrubias
48df56f7d2
docs: Add fault injection to Envoy extensions list ( #21087 )
...
Add fault injection to Envoy extensions list
2024-05-13 16:38:36 -07:00
Blake Covarrubias
d0ebc85765
docs: Fix docs for `-ui-content-path` CLI flag ( #21095 )
...
Fix the rendering of the documentation for the `-ui-content-path` CLI
flag.
2024-05-13 15:05:23 -07:00
Michael Zalimeni
d312d0461b
ci: temporarily re-enable retired CE backport labels ( #21094 )
...
To ease migration during this week's patch releases, temporarily use the
more permissive version of BPA to allow old + new backport labels to be
used simultaneously.
2024-05-13 18:01:16 +00:00
Michael Zalimeni
6bf42140ce
ci: test BPA 0.4.1 with no-op doc change ( #21091 )
...
Add a newline to docs/README.md to test a backport without functional
changes.
2024-05-13 16:43:17 +00:00
Jeanne Angeles Franco
0b03a9251e
Roll bpa version and cleanup ( #21090 )
2024-05-13 16:35:00 +00:00
nicoche
794e73080d
docs: fix typo in security/acl ( #21003 )
2024-05-10 16:25:50 -07:00
John Murret
dc19ce36ef
NET-9143 - sameness group queries in DNS do not respect DefaultForFailover setting and always assume failover behavior ( #21029 )
...
* NET-9143 - sameness group queries in DNS do not respect DefaultForFailover setting and always assume failover behavior
* update config entry docs for sameness groups
* Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
---------
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2024-05-10 09:17:56 -06:00
John Murret
17df32e5cb
NET-9084 - add tests to peering endpoint and blockingquery package to assert blocking works properly. ( #21078 )
2024-05-09 14:55:13 -04:00
Michael Zalimeni
8d4525ae50
doc: add clarifying note to versions.hcl ( #21071 )
...
Make it obvious that this file is only consumed from the default branch.
2024-05-09 14:29:18 -04:00
Michael Zalimeni
f56405e745
security: Upgrade Go to 1.21.10 ( #21074 )
...
This resolves CVE-2024-24787 and CVE-2024-24788.
2024-05-09 11:11:01 -04:00
Jeanne Angeles Franco
f51d08052b
Backport assistant onboarding with LTS support #9224 ( #21058 )
...
* Config changes to use backport-assistant with lts support
Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
---------
Co-authored-by: claire labry <claire@hashicorp.com>
Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
2024-05-08 10:55:28 -07:00
Michael Zalimeni
093618d923
[NET-9141] ci: skip LICENSE copy for Ent linux packages ( #21060 )
...
ci: skip LICENSE copy for Ent linux packages
2024-05-07 12:02:02 -04:00
R.B. Boyer
1535844c62
gossip: refactor some gossip related libraries into a central place ( #21036 )
...
This refactors and relocates the following packages to live under internal/gossip instead of either in the toplevel lib or agent/consul:
- librtt : related to serf coordinates
- libserf : random serf stuff
2024-05-07 10:30:49 -05:00
R.B. Boyer
502346029d
test: remove v2 integration tests ( #21056 )
...
This removes any references to v2 integration tests from:
- envoy integration tests (test/integration/connect)
- container tests (test/integration/consul-container)
- deployer tests (test-integ)
2024-05-07 10:24:50 -05:00
Nathan Coleman
b5b3a63183
[NET-9098] Narrow scope of peering config on terminating gw filter chain to TCP services ( #21054 )
2024-05-06 16:21:09 -04:00
Michael Zalimeni
86b0818c1f
[NET-8601] security: upgrade vault/api to remove go-jose.v2 ( #20910 )
...
security: upgrade vault/api to remove go-jose.v2
This dependency has an open vulnerability (GO-2024-2631), and is no
longer needed by the latest `vault/api`. This is a follow-up to the
upgrade of `go-jose/v3` in this repository to make all our dependencies
consolidate on v3.
Also remove the recently added security scan triage block for
GO-2024-2631, which was added due to incorrect reports that
`go-jose/v3@3.0.3` was impacted; in reality, is was this indirect
client dependency (not impacted by CVE) that the scanner was flagging. A
bug report has been filed to address the incorrect reporting.
2024-05-04 00:18:51 +00:00
wangxinyi7
4ad1757dfe
add license file ( #21035 )
2024-05-03 15:10:04 -07:00
R.B. Boyer
8bea6cd82a
deployer: ensure the proxy/dns/pause containers do not continually get replaced due to a change in a docker default ( #21043 )
2024-05-03 15:21:43 -05:00
Deniz Onur Duzgun
8209b3ff86
security: fine-tune release scanner and bump coredns ( #21038 )
...
* security: bump coredns
* add changelog
* Revert "security: bump coredns"
This reverts commit dcca09d83e89b6d5a4f03106e86d72a2b791001d.
* security: bump coredns
* fine-tune security scanner on release
* dismiss changelog
2024-05-03 15:09:40 -04:00
Dan Stough
1793b506d5
chore: fix JIRA workflow ( #21037 )
...
fix JIRA workflow
2024-05-03 14:07:12 -04:00
natemollica-dev
126784ee9a
Update snapshot CLI command addition of Decode subcommand from PR#20824 ( #21005 )
...
docs: update snapshot for subcommand decode add by PR#20824
2024-05-02 14:43:51 -07:00