Commit Graph

21162 Commits

Author SHA1 Message Date
John Murret 90cd56c5c3
NET-4774 - replace usage of deprecated Envoy field match_subject_alt_names (#19954) 2023-12-22 18:34:44 +00:00
John Murret 21ea5c92fd
NET-6944 - Replace usage of deprecated Envoy field envoy.extensions.filters.http.lua.v3.Lua.inline_code (#20012) 2023-12-22 17:20:41 +00:00
John Murret b9ad0dfa41
NET-7025 - ci: test-integrations failures in compatibility tests. panics occuring in selectionTracker.TrackIDForSelection (#20040)
* ci: test-integrations failures in compatibility tests. panics occuring in selectionTracker.TrackIDForSelection

* Update selection_tracker.go
2023-12-22 16:32:40 +00:00
John Murret 62a07b4204
update makefile, compatibility tests, and nightlies to use latest envoy. (#20048) 2023-12-22 15:56:48 +00:00
John Murret 0f3cc3d631
fix formatting issue in envoy bootstrapping. (#20036) 2023-12-21 15:18:11 -07:00
Nathan Coleman ab60fec15a
[NET-6426] Add gateway proxy controller that generates empty proxy state template (#19901)
* NET-6426 Create ProxyStateTemplate when reconciling MeshGateway resource

* Add TODO for switching fetch method based on gateway type

* Use gateway-kind in workload metadata instead of owner reference

* Create ProxyStateTemplate builder for gatewayproxy controller

* Update to use new controller interface

* Add copyright headers

* Set correct name for ProxyStateTemplate identity reference

* Generate empty ProxyStateTemplate by fetching MeshGateway

This cheats and looks up the MeshGateway directly. In the future, we will need a Workload => xGateway mapper

* Specify owner reference when writing ProxyStateTemplate

* Update dependency mapper to account for multiple controllers per resource type

* Regenerate v2 resource dependencies map

* Add helpful trace logs, tag TODOs with ticket identifiers
2023-12-21 16:37:47 -05:00
John Murret a19df32fa5
NET-6942 - Replace usage of deprecated Envoy field envoy.config.cluster.v3.Cluster.http_protocol_options. (#20010)
* NET-6942 - Replace usage of deprecated Envoy field envoy.config.cluster.v3.Cluster.http_protocol_options.

* add changelog
2023-12-21 15:41:05 -05:00
Michael Zalimeni fe10339caa
[NET-7009] security: update x/crypto to 0.17.0 (#20023)
security: update x/crypto to 0.17.0

This addresses CVE-2023-48795 (x/crypto/ssh).
2023-12-21 20:11:19 +00:00
David Yu e7c7bc74c4
Dockerfile: bump up to `ubi-minimal:9.3` (#20014)
* Update Dockerfile
2023-12-21 11:55:20 -08:00
Nathan Coleman 874e68f1eb
[NET-6899] Create name-aligned Service when reconciling MeshGateway resource (#19900)
* NET-6899 Create name-aligned Service when reconciling MeshGateway resource

The Service has an owner reference added to it indicating that it belongs to a MeshGateway

* Specify port list when creating Service

* Use constants, add TODO w/ ticket reference

* Include gateway-kind in metadata of Service resource
2023-12-21 13:26:25 -05:00
Michael Zalimeni d0bc091a60
[NET-6969] security: Re-enable Go Module + secrets security scans for release branches (#19978)
* security: re-enable security scan release block

This was previously disabled due to an unresolved false-positive CVE.
Re-enabling both secrets and OSV + Go Modules scanning, which per our
current scan results should not be a blocker to future releases.

* security: run security scans on main and release branches
2023-12-21 15:11:05 +00:00
Valeriia Ruban a87ab8b093
feat: updated github checks with frontend-test-ce end frontend-test-e… (#19995) 2023-12-20 12:47:24 -08:00
Nitya Dhanushkodi 9975b8bd73
[NET-5455] Allow disabling request and idle timeouts with negative values in service router and service resolver (#19992)
* add coverage for testing these timeouts
2023-12-19 15:36:07 -08:00
wangxinyi7 013bcefe5c
grpc client in tls mode (#19680)
* client in tls mode
2023-12-19 10:04:55 -08:00
cskh cff872749d
agent: prevent empty server_metadata.json (#19935) 2023-12-19 10:01:56 -05:00
Ashesh Vidyut 4e451f2358
NET 6409 (#19515)
* Update website/content/docs/k8s/k8s-cli.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/k8s-cli.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* fix doc

* Update website/content/docs/k8s/k8s-cli.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

---------

Co-authored-by: David Yu <dyu@hashicorp.com>
2023-12-18 14:28:16 -08:00
David Yu a3fa683ba5
docs: Update network segments in compat matrix for Enterprise features (#19933)
Update index.mdx
2023-12-18 14:27:43 -08:00
Ashesh Vidyut f1dee1a718
Net 6603 (#19718)
* Update docs for NET-6603

* json format

* json caps

* Update website/content/docs/k8s/k8s-cli.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-12-18 14:27:23 -08:00
Nathan Coleman 010bf533d1
NET-6663 Modify sidecarproxy controller to skip xGateway resources (#19902)
* NET-6663 Modify sidecarproxy controller to skip xGateway resources

* Check workload metadata after nil-check for workload

* Add test asserting that workloads with meta gateway-kind are ignored

* Use more common pattern for map access to increase readability
2023-12-18 21:54:41 +00:00
David Yu de86ba76ee
docs: typo formatting consul-k8s docs (#19973)
Update install-cli.mdx
2023-12-18 12:14:53 -08:00
aahel ae998a698a
added computed failover policy resource (#19975) 2023-12-18 05:52:24 +00:00
wangxinyi7 cae23821dc
update changelog (#19966) 2023-12-15 10:03:01 -08:00
Derek Menteer bbdbf3e4f8
Fix bug with prepared queries using sameness-groups. (#19970)
This commit fixes an issue where the partition was not properly set
on the peering query failover target created from sameness-groups.
Before this change, it was always empty, meaning that the data
would be queried with respect to the default partition always. This
resulted in a situation where a PQ that was attempting to use a
sameness-group for failover would select peers from the default
partition, rather than the partition of the sameness-group itself.
2023-12-15 11:42:13 -06:00
Michael Zalimeni 79e02f8a89
ci: upload test results to DataDog on test failure (#19956)
Due to the unintuitive behavior of GHA w.r.t. implicit status check
`success()`, test results were only being uploaded on success (failures
presumably came from retried tests that passed).
2023-12-14 23:13:04 +00:00
Nathan Coleman 02d4520235
Fix typo in service-defaults documentation (#19957) 2023-12-14 22:12:28 +00:00
John Murret 83cbe15b44
cli: Deprecate the `-admin-access-log-path` flag from `consul connect envoy` command in favor of: `-admin-access-log-config`. (#19943)
* cli: Deprecate the `-admin-access-log-path` flag from `consul connect envoy` command in favor of: `-admin-access-log-config`.

* fix changelog

* add in documentation change.
2023-12-14 20:36:47 +00:00
John Murret a995505976
NET-6317 - update usage of deprecated fields: http2_protocol_options and access_log_path (#19940)
* updating usage of http2_protocol_options and access_log_path

* add changelog

* update template for AdminAccessLogConfig

* remove mucking with AdminAccessLogConfig
2023-12-14 13:08:53 -07:00
natemollica-dev afc6fe8308
Update telemetry.mdx RPC Metrics (#19593)
* Update telemetry.mdx RPC Metrics

Update Server Workload telemetry section to demonstrate explicitly enabling metric emission as they're [default disabled](f5bf256425/agent/config/builder.go (L2763C1-L2763C1)).

* Update telemetry.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update telemetry.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-12-14 10:52:45 -08:00
Tauhid Anjum 0250e230a3
NET-6785: updating peering docs to include stream status and remote data (#19929)
Updating peering docs to include stream status and remote data
2023-12-14 12:07:35 +05:30
aahel a6496898de
added tenancy to TestBuildL4TrafficPermissions (#19932) 2023-12-14 10:41:24 +05:30
cskh 33a90edfab
Upgrade test(LTS): use network area to federate cluster (#19934)
- Join areas
- wait for members alive and validate cross area service discovery
2023-12-13 20:15:55 -05:00
Ashesh Vidyut 3443db7885
NET 6762 (#19931)
NET-6762
2023-12-14 06:37:01 +05:30
Matt Keeler 123bc95e1a
Add Common Controller Caching Infrastructure (#19767)
* Add Common Controller Caching Infrastructure
2023-12-13 10:06:39 -05:00
Jeff Boruszak c870c00e70
docs: service rate limiting examples (#19925)
* Include examples on usage page.

* Description/example alignment
2023-12-12 15:58:14 -08:00
Semir Patel 69e3f93ee8
resource: add partition resource to proto-public to keep ENT and CE in sync (#19920) 2023-12-12 14:50:19 -05:00
John Murret a5d5fd348b
fix actions to no longer use envoy 1.24.x to match supported versions. (#19918) 2023-12-12 12:37:07 -05:00
Valeriia Ruban d7e0fca28b
fix: token list in Role details page is updated with tokens linked to… (#19912) 2023-12-12 09:36:50 -08:00
Tyler Wendlandt e8164c7c04
NET-6900: stop reconciling services when peering is enabled (#19907)
stop reconciling services when peering is enabled
2023-12-12 07:36:35 -07:00
Dhia Ayachi f2b26ac194
Hash based config entry replication (#19795)
* add a hash to config entries when normalizing

* add GetHash and implement comparing hashes

* only update if the Hash is different

* only update if the Hash is different and not 0

* fix proto to include the Hash

* fix proto gen

* buf format

* add SetHash and fix tests

* fix config load tests

* fix state test and config test

* recalculate hash when restoring config entries

* fix snapshot restore test

* add changelog

* fix missing normalize, fix proto indexes and add normalize test
2023-12-12 08:29:13 -05:00
Ganesh S 90010587f0
Move enterprise multicluster types to Register function (#19913)
* Move enterprise types to Register function

* Fix function name

* Address comments
2023-12-12 17:05:10 +05:30
Ganesh S 173fe11c2b
Refactor exported services controller tests (#19906) 2023-12-12 10:57:27 +05:30
Tauhid Anjum 1484c6db47
NET-6771 - Adding sameness group protobuff in consul CE (#19883)
Adding sameness group protobuff in consul CE
2023-12-12 10:43:20 +05:30
Ashesh Vidyut c5cce63777
NET 6761 (#19837)
NET-6761 explicit destinations tests updated
2023-12-12 10:38:00 +05:30
Valeriia Ruban a6d6164ba0
fix: remove test to unblock CI (#19908) 2023-12-11 20:11:36 -08:00
Ronald e13fbc743e
Remove warning for consul 1.17 deprecation (#19897) 2023-12-11 23:28:04 +00:00
Jeff Boruszak 659868ee73
docs: Updates to required ports (#19755)
* improvements

* Anchor link fixes

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Explicit list of six ports

* Apply suggestions from code review

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-12-11 14:42:57 -08:00
Derek Menteer ccb2bf6170
Add documentation for proxy-config-map and xds_fetch_timeout_ms. (#19893)
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-12-11 15:53:35 -06:00
Ronald 195e3aab8c
[NET-6842] splitting go version on different lines (#19887) 2023-12-11 11:15:32 -05:00
Derek Menteer dfab5ade50
Fix ClusterLoadAssignment timeouts dropping endpoints. (#19871)
When a large number of upstreams are configured on a single envoy
proxy, there was a chance that it would timeout when waiting for
ClusterLoadAssignments. While this doesn't always immediately cause
issues, consul-dataplane instances appear to consistently drop
endpoints from their configurations after an xDS connection is
re-established (the server dies, random disconnect, etc).

This commit adds an `xds_fetch_timeout_ms` config to service registrations
so that users can set the value higher for large instances that have
many upstreams. The timeout can be disabled by setting a value of `0`.

This configuration was introduced to reduce the risk of causing a
breaking change for users if there is ever a scenario where endpoints
would never be received. Rather than just always blocking indefinitely
or for a significantly longer period of time, this config will affect
only the service instance associated with it.
2023-12-11 09:25:11 -06:00
John Murret 5ec84dbfd8
security: update supported envoy version 1.28.0 in addition to 1.25.11, 1.26.6, 1.27.2, 1.28.0 to address CVE-2023-44487 (#19879)
* update too support envoy 1.28.0

* add changelog

* update docs
2023-12-08 14:42:04 -07:00