Commit Graph

20130 Commits

Author SHA1 Message Date
Ronald 5f95f5f6d8
Stop referenced jwt providers from being deleted (#17755)
* Stop referenced jwt providers from being deleted
2023-06-16 10:31:53 -04:00
Michael Zalimeni 265c003033
Add Patch index to Prop Override validation errors (#17777)
When a patch is found invalid, include its index for easier debugging
when multiple patches are provided.
2023-06-16 09:37:47 -04:00
Mark Campbell-Vincent 730c599adc
Update license get explanation (#17782)
This PR is to clarify what happens if the license get command is run on a follower if the leader hasn't been updated with a newer license.
2023-06-15 21:25:07 +00:00
Jeff Boruszak 414a61da28
Fixes (#17765) 2023-06-15 11:24:40 -07:00
Michael Zalimeni f9aa7aebb3
Property Override validation improvements (#17759)
* Reject inbound Prop Override patch with Services

Services filtering is only supported for outbound TrafficDirection patches.

* Improve Prop Override unexpected type validation

- Guard against additional invalid parent and target types
- Add specific error handling for Any fields (unsupported)
2023-06-15 13:51:47 -04:00
Derek Menteer 04edace1de
Fix issue with streaming service health watches. (#17775)
Fix issue with streaming service health watches.

This commit fixes an issue where the health streams were unaware of service
export changes. Whenever an exported-services config entry is modified, it is
effectively an ACL change.

The bug would be triggered by the following situation:

- no services are exported
- an upstream watch to service X is spawned
- the streaming backend filters out data for service X (due to lack of exports)
- service X is finally exported

In the situation above, the streaming backend does not trigger a refresh of its
data.  This means that any events that were supposed to have been received prior
to the export are NOT backfilled, and the watches never see service X spawning.

We currently have decided to not trigger a stream refresh in this situation due
to the potential for a thundering herd effect (touching exports would cause a
re-fetch of all watches for that partition, potentially).  Therefore, a local
blocking-query approach was added by this commit for agentless.

It's also worth noting that the streaming subscription is currently bypassed
most of the time with agentful, because proxycfg has a `req.Source.Node != ""`
which prevents the `streamingEnabled` check from passing.  This means that while
agents should technically have this same issue, they don't experience it with
mesh health watches.

Note that this is a temporary fix that solves the issue for proxycfg, but not
service-discovery use cases.
2023-06-15 12:46:58 -05:00
John Murret ad0a277e09
docs - remove use of consul leave during upgrade instructions (#17758) 2023-06-15 11:06:23 -06:00
Derek Menteer 8c74a1d33e
Add transparent proxy enhancements changelog (#17757) 2023-06-15 11:48:39 -05:00
trujillo-adam 7dec75f8a6
added redirects and updated links (#17764) 2023-06-15 16:43:02 +00:00
Luke Kysow 0e9a0121a5
Update index.mdx (#17749) 2023-06-15 08:59:29 -07:00
Ashesh Vidyut fdde92c8c2
Updated docs added explanation. (#17751)
* init

* fix tests

* added -detailed in docs

* added change log

* fix doc

* checking for entry in map

* fix tests

* removed detailed flag

* removed detailed flag

* revert unwanted changes

* removed unwanted changes

* updated change log

* pr review comment changes

* pr comment changes single API instead of two

* fix change log

* fix tests

* fix tests

* fix test operator raft endpoint test

* Update .changelog/17582.txt

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>

* nits

* updated docs

* explanation added

---------

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>
2023-06-15 09:41:04 -05:00
Eric Haberkorn 0994ccf162
validate localities on agent configs and registration endpoints (#17712) 2023-06-15 10:01:04 -04:00
David Yu 37bd0e1b40
docs - update Envoy and Dataplane compat matrix (#17752)
* Update envoy.mdx

added more detail around default versus other compatible versions
2023-06-15 06:33:48 +00:00
Jeff Boruszak a6333471d4
docs: Failover overview minor fix (#17743)
* Incorrect symbol

* Clarification

* slight edit for clarity
2023-06-14 13:46:22 -07:00
chappie 7ab287c1d5
Add truncation to body (#17723) 2023-06-14 11:17:13 -07:00
dependabot[bot] abb05deeed
Bump atlassian/gajira-transition from 3.0.0 to 3.0.1 (#17741)
Bumps [atlassian/gajira-transition](https://github.com/atlassian/gajira-transition) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/atlassian/gajira-transition/releases)
- [Commits](4749176faf...38fc9cd61b)

---
updated-dependencies:
- dependency-name: atlassian/gajira-transition
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-14 17:39:48 +00:00
Chris Thain 9289e680d6
OSS merge: Update error handling login when applying extensions (#17740) 2023-06-14 10:04:40 -07:00
Ashesh Vidyut fa40654885
[NET-3865] [Supportability] Additional Information in the output of 'consul operator raft list-peers' (#17582)
* init

* fix tests

* added -detailed in docs

* added change log

* fix doc

* checking for entry in map

* fix tests

* removed detailed flag

* removed detailed flag

* revert unwanted changes

* removed unwanted changes

* updated change log

* pr review comment changes

* pr comment changes single API instead of two

* fix change log

* fix tests

* fix tests

* fix test operator raft endpoint test

* Update .changelog/17582.txt

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>

* nits

* updated docs

---------

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>
2023-06-14 15:12:50 +00:00
Paul Glass 6a90c2343b
NET-1825: New ACL token creation docs (#16465)
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2023-06-14 09:17:30 -05:00
David Yu 212e0902fb
Bump Alpine to 3.18 (#17719)
* Update Dockerfile

* Create 17719.txt
2023-06-14 01:02:05 +00:00
Tobias Birkefeld 8d9f2eb410
fix: typo in link to section (#17527)
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-06-13 17:41:34 -07:00
David Yu 9acbe76ee9
Remove extraneous version info for Config entries (#17716)
* Update terminating-gateway.mdx
* Update exported-services.mdx
* Update mesh.mdx
2023-06-13 22:50:28 +00:00
David Yu 28647ef086
Update compatibility.mdx (#17713) 2023-06-13 21:51:26 +00:00
trujillo-adam ab909b4dae
add enterprise notes for IP-based rate limits (#17711)
* add enterprise notes for IP-based rate limits

* Apply suggestions from code review

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>

* added bolded 'Enterprise' in list items.

---------

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2023-06-13 21:28:54 +00:00
Dan Stough d497623266
docs: missing changelog for _5517 (#17706) 2023-06-13 15:11:33 -04:00
Curt Bushko 0c15748c5a
[core]: Pin github action workflows (#17695) 2023-06-13 13:00:55 -04:00
R.B. Boyer 72f991d8d3
agent: remove agent cache dependency from service mesh leaf certificate management (#17075)
* agent: remove agent cache dependency from service mesh leaf certificate management

This extracts the leaf cert management from within the agent cache.

This code was produced by the following process:

1. All tests in agent/cache, agent/cache-types, agent/auto-config,
   agent/consul/servercert were run at each stage.

    - The tests in agent matching .*Leaf were run at each stage.

    - The tests in agent/leafcert were run at each stage after they
      existed.

2. The former leaf cert Fetch implementation was extracted into a new
   package behind a "fake RPC" endpoint to make it look almost like all
   other cache type internals.

3. The old cache type was shimmed to use the fake RPC endpoint and
   generally cleaned up.

4. I selectively duplicated all of Get/Notify/NotifyCallback/Prepopulate
   from the agent/cache.Cache implementation over into the new package.
   This was renamed as leafcert.Manager.

    - Code that was irrelevant to the leaf cert type was deleted
      (inlining blocking=true, refresh=false)

5. Everything that used the leaf cert cache type (including proxycfg
   stuff) was shifted to use the leafcert.Manager instead.

6. agent/cache-types tests were moved and gently replumbed to execute
   as-is against a leafcert.Manager.

7. Inspired by some of the locking changes from derek's branch I split
   the fat lock into N+1 locks.

8. The waiter chan struct{} was eventually replaced with a
   singleflight.Group around cache updates, which was likely the biggest
   net structural change.

9. The awkward two layers or logic produced as a byproduct of marrying
   the agent cache management code with the leaf cert type code was
   slowly coalesced and flattened to remove confusion.

10. The .*Leaf tests from the agent package were copied and made to work
    directly against a leafcert.Manager to increase direct coverage.

I have done a best effort attempt to port the previous leaf-cert cache
type's tests over in spirit, as well as to take the e2e-ish tests in the
agent package with Leaf in the test name and copy those into the
agent/leafcert package to get more direct coverage, rather than coverage
tangled up in the agent logic.

There is no net-new test coverage, just coverage that was pushed around
from elsewhere.
2023-06-13 10:54:45 -05:00
Eric Haberkorn 0a1efe73f3
Refactor disco chain prioritize by locality structs (#17696)
This includes prioritize by localities on disco chain targets rather than
resolvers, allowing different targets within the same partition to have
different policies.
2023-06-13 11:03:30 -04:00
Dan Stough bba5cd8455
fix: stop peering delete routine on leader loss (#17483) 2023-06-13 10:20:56 -04:00
Chris Thain ddce431bd7
docs: Update default values for Envoy extension proxy types (#17676) 2023-06-13 07:04:01 -07:00
Chris Thain a8f1350835
ENT merge of ext-authz extension updates (#17684) 2023-06-13 06:57:11 -07:00
Ashesh Vidyut d54d5fb85c
[NET-4107][Supportability] Log Level set to TRACE and duration set to 5m for consul-debug (#17596)
* changed duration to 5 mins and log level to trace

* documentation update

* change log
2023-06-13 11:07:46 +05:30
Tu Nguyen 4b843ae1b7
Fix FIPS copy (#17691)
* fix release notes links

* fix typos on fips docs
2023-06-13 03:35:47 +00:00
trujillo-adam 11764a4558
adding redirects for tproxy and envoy extensions (#17688)
* adding redirects

* Apply suggestions from code review
2023-06-12 20:12:03 -07:00
Tu Nguyen 421e9d8306
fix release notes links (#17687) 2023-06-12 19:49:10 -07:00
Tu Nguyen 3a8fc610f2
Add release notes 1.16 rc (#17665)
* Merge pull request #5773 from hashicorp/docs/rate-limiting-from-ip-addresses-1.16

updated docs for rate limiting for IP addresses - 1.16

* Merge pull request #5609 from hashicorp/docs/enterprise-utilization-reporting

Add docs for enterprise utilization reporting

* Merge pull request #5734 from hashicorp/docs/envoy-ext-1.16

Docs/envoy ext 1.16

* Add release notes for 1.16-rc

* Add consul-e license utlization reporting

* Update with rc absolute links

* Update with rc absolute links

* fix typo

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update to use callout component

* address typo

* docs: FIPS 140-2 Compliance (#17668)

* Page + nav + formatting

* link fix

* Update website/content/docs/enterprise/fips.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/fips.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/fips.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/fips.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/fips.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/fips.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/fips.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/fips.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/fips.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/fips.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* link fix

* Apply suggestions from code review

Co-authored-by: Jeff Apple <79924108+Jeff-Apple@users.noreply.github.com>

* Update website/content/docs/enterprise/fips.mdx

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Jeff Apple <79924108+Jeff-Apple@users.noreply.github.com>

* fix apigw install values file

* fix typos in release notes

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Jeff Apple <79924108+Jeff-Apple@users.noreply.github.com>
2023-06-12 18:53:40 -07:00
trujillo-adam 0ddafcf924
updated failover for k8s w-tproxy page title (#17683) 2023-06-12 17:30:17 -07:00
Joshua Timmons 28d81ec79f
Fix two WAL metrics in docs/agent/telemetry.mdx (#17593) 2023-06-12 18:50:59 -04:00
Jeff Boruszak 37a13dcf82
docs: minor fixes to JWT auth docs (#17680)
* Fixes

* service intentions fixes
2023-06-12 22:46:25 +00:00
Jeff Boruszak 66704e5cb9
docs: JWT Authorization for intentions (#17643)
* Initial page/nav creation

* configuration entry reference page

* Usage + fixes

* service intentions page

* usage

* description

* config entry updates

* formatting fixes

* Update website/content/docs/connect/config-entries/service-intentions.mdx

Co-authored-by: Paul Glass <pglass@hashicorp.com>

* service intentions review fixes

* Overview page review fixes

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: Paul Glass <pglass@hashicorp.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-06-12 22:13:44 +00:00
trujillo-adam b678742c68
additional feedback on API gateway upgrades (#17677)
* additional feedback

* Update website/content/docs/api-gateway/upgrades.mdx

Co-authored-by: Jeff Apple <79924108+Jeff-Apple@users.noreply.github.com>

---------

Co-authored-by: Jeff Apple <79924108+Jeff-Apple@users.noreply.github.com>
2023-06-12 22:09:35 +00:00
trujillo-adam 27206d9202
CAPIgw for K8s installation updates for 1.16 (#17627)
* trimmed CRD step and reqs from installation

* updated tech specs

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Jeff Apple <79924108+Jeff-Apple@users.noreply.github.com>

* added upgrade instruction

* removed tcp port req

* described downtime and DT-less upgrades

* applied additional review feedback

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Jeff Apple <79924108+Jeff-Apple@users.noreply.github.com>
2023-06-12 13:41:16 -07:00
Thomas Eckert c384f24460
Remove "BETA" marker from config entries (#17670) 2023-06-12 16:36:33 -04:00
Jeff Boruszak ef77f9abd4
docs: Sameness Groups (#17628)
* port from enterprise branch

* Apply suggestions from code review

Co-authored-by: shanafarkas <105076572+shanafarkas@users.noreply.github.com>

* Update website/content/docs/connect/cluster-peering/usage/create-sameness-groups.mdx

* next steps

* Update website/content/docs/connect/cluster-peering/usage/create-sameness-groups.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/connect/cluster-peering/usage/create-sameness-groups.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: shanafarkas <105076572+shanafarkas@users.noreply.github.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-06-12 20:06:57 +00:00
Hariram Sankaran 290ba0e288
Update service-defaults.mdx (#17656) 2023-06-12 19:18:09 +00:00
Michael Zalimeni 446a640323
Post 1.16.0-rc1 updates (#17663)
- Update changelog to include new entries from release
- Update submodule versions to latest published
2023-06-12 14:28:51 -04:00
Chris Thain c04c122ef3
Default `ProxyType` for builtin extensions (#17657) 2023-06-12 10:47:31 -07:00
Tu Nguyen 862e78f063
Add new Consul 1.16 docs (#17651)
* Merge pull request #5773 from hashicorp/docs/rate-limiting-from-ip-addresses-1.16

updated docs for rate limiting for IP addresses - 1.16

* Merge pull request #5609 from hashicorp/docs/enterprise-utilization-reporting

Add docs for enterprise utilization reporting

* Merge pull request #5734 from hashicorp/docs/envoy-ext-1.16

Docs/envoy ext 1.16

* Merge pull request #5773 from hashicorp/docs/rate-limiting-from-ip-addresses-1.16

updated docs for rate limiting for IP addresses - 1.16

* Merge pull request #5609 from hashicorp/docs/enterprise-utilization-reporting

Add docs for enterprise utilization reporting

* Merge pull request #5734 from hashicorp/docs/envoy-ext-1.16

Docs/envoy ext 1.16

* fix build errors

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-06-12 10:30:04 -07:00
Poonam Jadhav f8d3721885
fix: add agent info reporting log (#17654) 2023-06-12 12:07:43 -04:00
Nathan Coleman 1074252361
api-gateway: stop adding all header filters to virtual host when generating xDS (#17644)
* Add header filter to api-gateway xDS golden test

* Stop adding all header filters to virtual host when generating xDS for api-gateway

* Regenerate xDS golden file for api-gateway w/ header filter
2023-06-12 12:06:04 -04:00