Commit Graph

20205 Commits

Author SHA1 Message Date
J.C. Jones 7689a5ef2d
Document that DNS lookups can target cluster peers (#17990)
Static DNS lookups, in addition to explicitly targeting a datacenter,
can target a cluster peer. This was added in 95dc0c7b30 but didn't make the documentation.

The driving function for the change is `parseLocality` here: 0b1299c28d/agent/dns_oss.go (L25)

The biggest change in this is to adjust the standard lookup syntax to tie
`.<datacenter>` to `.dc` as required-together, and to append in the similar `.<cluster-peer>.peer` optional argument, both to A record and SRV record lookups.

Co-authored-by: David Yu <dyu@hashicorp.com>
2023-07-05 15:03:42 -07:00
trujillo-adam 548829a72b
updated typo in tab heading (#18022)
* updated typo in tab heading

* updated tab group typo, too
2023-07-05 20:27:49 +00:00
Jeff Boruszak 7ef807df48
docs: Sameness "beta" warning (#18017)
* Warning updates

* .x
2023-07-05 19:56:25 +00:00
Michael Hofer 2c2e62852d
Fix removed service-to-service peering links (#17221)
* docs: fix removed service-to-service peering links

* docs: extend peering-via-mesh-gateways intro (thanks @trujillo-adam)

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-07-05 12:22:21 -07:00
Ranjandas 7f3446ecec
Fixes Traffic rate limitting docs (#17997) 2023-07-05 10:49:19 -07:00
Dan Stough b94095d92e
[OSS] Improve Gateway Test Coverage of Catalog Health (#18011)
* fix(cli): remove failing check from 'connect envoy' registration for api gateway

* test(integration): add tests to check catalog statsus of gateways on startup

* remove extra sleep comment

* Update test/integration/consul-container/libs/assert/service.go

* changelog
2023-07-05 11:30:48 -04:00
Poonam Jadhav 8af4ad178c
feat: include nodes count in operator usage endpoint and cli command (#17939)
* feat: update operator usage api endpoint to include nodes count

* feat: update operator usange cli command to includes nodes count
2023-07-05 11:23:29 -04:00
Derek Menteer 0094dbf312
Fix incorrect protocol for transparent proxy upstreams. (#17894)
This PR fixes a bug that was introduced in:
https://github.com/hashicorp/consul/pull/16021

A user setting a protocol in proxy-defaults would cause tproxy implicit
upstreams to not honor the upstream service's protocol set in its
`ServiceDefaults.Protocol` field, and would instead always use the
proxy-defaults value.

Due to the fact that upstreams configured with "tcp" can successfully contact
upstream "http" services, this issue was not recognized until recently (a
proxy-defaults with "tcp" and a listening service with "http" would make
successful requests, but not the opposite).

As a temporary work-around, users experiencing this issue can explicitly set
the protocol on the `ServiceDefaults.UpstreamConfig.Overrides`, which should
take precedence.

The fix in this PR removes the proxy-defaults protocol from the wildcard
upstream that tproxy uses to configure implicit upstreams. When the protocol
was included, it would always overwrite the value during discovery chain
compilation, which was not correct. The discovery chain compiler also consumes
proxy defaults to determine the protocol, so simply excluding it from the
wildcard upstream config map resolves the issue.
2023-07-05 09:32:10 -05:00
Chris Thain 4f0bdd35e6
Integration test for ext-authz Envoy extension (#17980) 2023-07-04 08:09:17 -07:00
Ronald 80394278b8
Expose JWKS cluster config through JWTProviderConfigEntry (#17978)
* Expose JWKS cluster config through JWTProviderConfigEntry

* fix typos, rename trustedCa to trustedCA
2023-07-04 09:12:06 -04:00
Evan Phoenix dc6ea1b644
Fix typo (#17198)
servcies => services
2023-07-01 01:55:28 +00:00
Nathan Coleman df85dd83a7
Add changelog entry for 1.16.0 (#17987) 2023-06-30 20:29:47 +00:00
Jeff Boruszak f096fc53ca
docs: samenessGroup YAML examples (#17984)
* configuration entry syntax

* Example config
2023-06-30 20:26:08 +00:00
Chris Thain 0b1299c28d
Remove duplicate and unused newDecodeConfigEntry func (#17979) 2023-06-30 09:39:54 -07:00
wangxinyi7 9ce89c497a
update doc (#17910)
* update doc

* update link
2023-06-30 08:13:24 -07:00
Chris S. Kim 50a9d1b696
Remove POC code (#17974) 2023-06-30 14:05:13 +00:00
Tu Nguyen 5b7f360e77
Fix formatting codeblocks on APIgw docs (#17970)
* fix formatting codeblocks

* remove unnecessary indents
2023-06-30 06:17:38 +00:00
Ashesh Vidyut 2af6bc434a
feature - [NET - 4005] - [Supportability] Reloadable Configuration - enable_debug (#17565)
* # This is a combination of 9 commits.
# This is the 1st commit message:

init without tests

# This is the commit message #2:

change log

# This is the commit message #3:

fix tests

# This is the commit message #4:

fix tests

# This is the commit message #5:

added tests

# This is the commit message #6:

change log breaking change

# This is the commit message #7:

removed breaking change

# This is the commit message #8:

fix test

# This is the commit message #9:

keeping the test behaviour same

* # This is a combination of 12 commits.
# This is the 1st commit message:

init without tests

# This is the commit message #2:

change log

# This is the commit message #3:

fix tests

# This is the commit message #4:

fix tests

# This is the commit message #5:

added tests

# This is the commit message #6:

change log breaking change

# This is the commit message #7:

removed breaking change

# This is the commit message #8:

fix test

# This is the commit message #9:

keeping the test behaviour same

# This is the commit message #10:

made enable debug atomic bool

# This is the commit message #11:

fix lint

# This is the commit message #12:

fix test true enable debug

* parent 10f500e895d92cc3691ade7b74a33db755d22039
author absolutelightning <ashesh.vidyut@hashicorp.com> 1687352587 +0530
committer absolutelightning <ashesh.vidyut@hashicorp.com> 1687352592 +0530

init without tests

change log

fix tests

fix tests

added tests

change log breaking change

removed breaking change

fix test

keeping the test behaviour same

made enable debug atomic bool

fix lint

fix test true enable debug

using enable debug in agent as atomic bool

test fixes

fix tests

fix tests

added update on correct locaiton

fix tests

fix reloadable config enable debug

fix tests

fix init and acl 403

* revert commit
2023-06-30 08:30:29 +05:30
Derek Menteer 2736e645d4
Fix missing BalanceOutboundConnections in v2 catalog. (#17964) 2023-06-29 16:04:21 -05:00
Dan Bond f7305b279c
website: remove deprecated agent rpc docs (#17962) 2023-06-29 20:43:32 +00:00
Ronald 1512ea307e
Dynamically create jwks clusters for jwt-providers (#17944) 2023-06-29 20:37:40 +00:00
David Yu 85b78fe186
Fix streaming backend link (#17958)
* Fix streaming backend link
* Update health.mdx
2023-06-29 12:19:03 -07:00
John Maguire a60b36394d
fixing typo in link to jwt-validations-with-intentions doc (#17955) 2023-06-29 16:35:13 +00:00
Ranjandas 1b1f33f224
Fixes Secondary ConnectCA update (#17846)
This fixes a bug that was identified which resulted in subsequent
ConnectCA configuration update not to persist in the cluster.
2023-06-29 14:24:24 +00:00
John Murret bdf4fad7c5
Revert "Add workflow to verify linux release packages (#17904)" (#17942)
This reverts commit 3368f14fab.
2023-06-28 14:18:53 -06:00
David Yu 6f660e5e25
docs: Deprecations for connect-native SDK and specific connect native APIs (#17937)
* Update v1_16_x.mdx
* Update connect native golang page

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-06-28 19:45:46 +00:00
Samantha f019457815
tlsutil: Fix check TLS configuration (#17481)
* tlsutil: Fix check TLS configuration
* Rewording docs.
* Update website/content/docs/services/configuration/checks-configuration-reference.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
* Fix typos and add changelog entry.
---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-06-28 09:24:51 -07:00
John Maguire 67a239a821
Ensure RSA keys are at least 2048 bits in length (#17911)
* Ensure RSA keys are at least 2048 bits in length

* Add changelog

* update key length check for FIPS compliance

* Fix no new variables error and failing to return when error exists from
validating

* clean up code for better readability

* actually return value
2023-06-28 15:34:09 +00:00
Dan Bond 7dbba6c94d
deps: coredns v1.10.1 (#17912) 2023-06-28 07:53:43 -07:00
David Yu b168132176
Update create-sameness-groups.mdx (#17927) 2023-06-27 20:23:03 -07:00
David Yu 6f5da97d66
Update sameness-group.mdx (#17915) 2023-06-28 01:45:23 +00:00
natemollica-dev 310bc68e65
Update Consul K8s Upgrade Doc Updates (#17921)
Updating upgrade procedures to encompass expected errors during upgrade process from v1.13.x to v1.14.x.
2023-06-27 23:41:53 +00:00
Nathan Coleman f7870881e0
Reference hashicorp/consul instead of consul for Docker image (#17914)
* Reference hashicorp/consul instead of consul for Docker image

* Update Make targets that pull consul directly
2023-06-27 23:17:20 +00:00
John Murret 3368f14fab
Add workflow to verify linux release packages (#17904)
* adding docker files to verify linux packages.

* add verifr-release-linux.yml

* updating name

* pass inputs directly into jobs

* add other linux package platforms

* remove on push

* fix TARGETARCH on debian and ubuntu so it can check arm64 and amd64

* fixing amazon to use the continue line

* add ubuntu i386

* fix comment lines

* working

* remove commented out workflow jobs

* Apply suggestions from code review

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>

* update fedora and ubuntu to use latest tag

---------

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2023-06-27 22:19:39 +00:00
Tu Nguyen b76c4d7bd5
Propose new changes to APIgw upgrade instructions (#17693)
* Propose new changes to APIgw upgrade instructions

* fix build error

* update callouts to render correctly

* Add hideClipboard to log messages

* Added clarification around consul k8s and crds
2023-06-27 19:35:58 +00:00
Tu Nguyen 1c819e6147
Create and update release notes for 1.16 and 1.2 (#17895)
* update release notes for 1.16 and 1.2

* update latest consul core release
2023-06-27 17:33:04 +00:00
Luke Kysow abeeea1621
Fix command from kg to kubectl get (#17903) 2023-06-27 17:26:05 +00:00
Joshua Timmons 55056be093
Add emit_tags_as_labels to envoy bootstrap config when using Consul Telemetry Collector (#17888) 2023-06-27 12:34:38 -04:00
mr-miles c8cfa605f8
Update docs (#17476)
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-06-27 09:16:40 -07:00
Ronald 767ef2dd4c
Allow service identity tokens the ability to read jwt-providers (#17893)
* Allow service identity tokens the ability to read jwt-providers

* more tests

* service_prefix tests
2023-06-27 16:03:43 +00:00
Chris S. Kim 601490b9ab
Update wording on WAN fed and intermediate_pki_path (#17850) 2023-06-27 15:22:10 +00:00
Gerard Nguyen 6bc222244f
docs: update config enable_debug (#17866)
* update doc for config enable_debug

* Update website/content/docs/agent/config/config-files.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-06-27 02:19:07 +00:00
John Murret a96a9e794a
Changelog - add 1.13.9, 1.14.8, and 1.15.4 (#17889) 2023-06-26 18:40:18 -06:00
Nathan Coleman 08c5048160
api-gateway: add step to upgrade instructions for creating intentions (#17875) 2023-06-26 13:29:17 -04:00
sarahalsmiller e552e3d27b
api-gateway: add operation cannot be fulfilled error to common errors (#17874)
* add error message

* Update website/content/docs/api-gateway/usage/errors.mdx

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>

* fix formating issues

---------

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2023-06-26 13:16:48 -04:00
Dan Bond 8e02a0e1ae
deps: aws-sdk-go v1.44.289 (#17876)
Signed-off-by: Dan Bond <danbond@protonmail.com>
2023-06-26 10:07:26 -07:00
Alex Simenduev 33a2d90852
Fix a bug that wrongly trims domains when there is an overlap with DC name (#17160)
* Fix a bug that wrongly trims domains when there is an overlap with DC name

Before this change, when DC name and domain/alt-domain overlap, the domain name incorrectly trimmed from the query.

Example:

Given: datacenter = dc-test, alt-domain = test.consul.
Querying for "test-node.node.dc-test.consul" will faile, because the
code was trimming "test.consul" instead of just ".consul"

This change, fixes the issue by adding dot (.) before trimming

* trimDomain: ensure domain trimmed without modyfing original domains

* update changelog

---------

Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2023-06-26 10:57:11 -04:00
Dan Upton ce24646d36
tooling: generate protoset file (#17364)
Extends the `proto` make target to generate a protoset file for use with
grpcurl etc.
2023-06-26 12:53:55 +00:00
Dan Upton b117eb0126
resource: enforce consistent naming of resource types (#17611)
For consistency, resource type names must follow these rules:

- `Group` must be snake case, and in most cases a single word.
- `GroupVersion` must be lowercase, start with a "v" and end with a number.
- `Kind` must be pascal case.

These were chosen because they map to our protobuf type naming
conventions.
2023-06-26 13:25:14 +01:00
Dan Upton 48445dfa55
resource: add `AuthorizerContext` helper method (#17393) 2023-06-26 13:23:05 +01:00