21091 Commits

Author SHA1 Message Date
Nick Cellino
37a5fddffa
Create HCP management token in HCP manager (#19830)
* Create HCP management token in HCP manager

* Change InitializeManagementToken to ManagementTokenUpserter

* Implement and use management token upsert function

* Fix race condition in test

* Add idea for improvement as comment

* Return early in upsertManagementToken if token exists
2024-01-19 13:58:49 -05:00
Melissa Kam
98c9702ba3
[CC-7031] Add initialization support to resource controllers (#20138)
* Add Initializer to the controller

The Initializer adds support for running any required initialization
steps when the controller is first started.

* Implement HCP Link initializer

The link initializer will create a Link resource if the
cloud configuration has been set.

* Simplify retry logic and testing

* Remove internal retry, replace with logging logic
2024-01-19 11:47:48 -06:00
Matt Keeler
0a261682cd
Migrate the node health controller to use the cache (#20248)
Some edge case error testing had to be removed because it was no longer possible to force errors when going through the cache layer as opposed to the resource service itself.
2024-01-19 12:22:45 -05:00
Michael Zalimeni
f942f2dc18
security: fix syntax for release scan config (#20279)
Correct syntax errors introduced in #20264.
2024-01-19 17:08:54 +00:00
Matt Keeler
cee9df574d
Deflake the catalog v2beta1 integration tests (#20278) 2024-01-19 10:49:47 -05:00
Nick Cellino
fe678e9da1
Sync cluster attributes from GNM to Link resource (#20158)
* Add 'GetCluster' function to HCP client

* Sync cluster data inside Link controller

* Add access mode to HCP Link

* Sync AccessLevel property

* Fix imports and remove outdated comments

* Switch accessMode to access level

* Add comment around HCPClientFn

* Fix spacing in link.proto

* Add helper for writing status. Fix reconciliation loop
2024-01-19 10:02:55 -05:00
Matt Keeler
f9c04881f9
Failover policy cache (#20244)
* Migrate the Failover controller to use the controller cache
* Remove the Catalog FailoverMapper and its usage in the mesh routes controller.
2024-01-19 09:35:34 -05:00
Michael Zalimeni
b03d770dc3
security: disable Vault secret scans due to false positives (#20264)
This was recently shown to have issues with false positives that blocked
a preview release build, so disabling for now.
2024-01-19 04:00:54 +00:00
Nathan Coleman
c40b59823a
[NET-6431] Remove explicit endpoints function from PST builder (#20262)
This isn't needed since we just populate RequiredEndpoints, which is already done for the base case
2024-01-18 19:13:37 -05:00
Dan Stough
0edfa74d15
feat(v2dns): recursor support (#20249)
* feat(v2dns): recursor support

* test: fix leaking test agent in dns svc test
2024-01-18 18:30:04 -05:00
Luke Kysow
0cb64ccfc8
docs: update k8s upgrade instructions (#20263)
* docs: update k8s upgrade instructions

With https://github.com/hashicorp/consul-k8s/pull/3000 merged, users can
upgrade their k8s installs using a regular helm upgrade since the
upgrade is now stable.

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2024-01-18 23:18:50 +00:00
Matt Keeler
59cb12c798
Migrate the Endpoints controller to use the controller cache (#20241)
* Add cache resource decoding helpers

* Implement a common package for workload selection facilities. This includes:

   * Controller cache Index
   * ACL hooks
   * Dependency Mapper to go from workload to list of resources which select it
   * Dependency Mapper to go from a resource which selects workloads to all the workloads it selects.

* Update the endpoints controller to use the cache instead of custom mappers.

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
2024-01-18 17:52:52 -05:00
Dhia Ayachi
d641998641
Fix to not create a watch to Internal.ServiceDump when mesh gateway is not used (#20168)
This add a fix to properly verify the gateway mode before creating a watch specific to mesh gateways. This watch have a high performance cost and when mesh gateways are not used is not used.

This also adds an optimization to only return the nodes when watching the Internal.ServiceDump RPC to avoid unnecessary disco chain compilation. As watches in proxy config only need the nodes.
2024-01-18 16:44:53 -06:00
cskh
539659508a
upgrade test: call validation func during upgrade (#20258) 2024-01-18 17:04:06 -05:00
Matt Keeler
9897be76ad
Update workload health controller to use the controller cache (#20240) 2024-01-18 16:30:11 -05:00
John Maguire
7888d00e49
[NET6429] Add listeners for mesh-gateway v2 (#20253)
Add listeners for mesh-gateway v2
2024-01-18 17:52:06 +00:00
Dan Stough
15ab80c832
feat(v2dns): move DNSPolicy to workload/endpoints (#20246) 2024-01-18 11:37:42 -05:00
John Murret
938d2315e0
DNS v2 - add virtual ip questions (#20245) 2024-01-17 23:46:18 +00:00
Nathan Coleman
d2e991ddfc
Remove unnecessary fetching of gateway (#20172)
The fetched gateway isn't currently used anywhere
2024-01-17 14:13:13 -05:00
Ganesh S
4d20e54273
Add additional rules to iptables SDK (#20232)
* Add additional rules to iptables SDK

* Add comments
2024-01-17 21:59:21 +05:30
John Murret
bc4da5f5d6
check error in TestDNSCycleRecursorCheckAllFail before asserting response to stop panic in CI. (#20231) 2024-01-17 07:25:35 -07:00
Dan Stough
cb384ac068
feat(v2dns): addr. query support (#20224) 2024-01-16 22:36:02 -05:00
Anita Akaeze
6a85543175
NET-7178: add workload selector to MeshGateway protobuf definition (#20159)
NET-7178: Add workload selector to MeshGateway proto
2024-01-16 21:48:18 +00:00
Derek Menteer
1d396ba9f1
Add docs for k8s liveness / startup probes. (#20213)
* Add docs for k8s liveness / startup probes.

* Update website/content/docs/k8s/helm.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2024-01-16 15:09:16 -06:00
Michael Zalimeni
a317064764
ci: Use Consul Go version for Vault int tests (#20219)
Unlike the Nomad tests (where Nomad is compiled from source and provides
the tests), Vault is installed as a binary, and local Consul tests are
run.

Fixes incorrect version change introduced in #20058.
2024-01-16 19:24:06 +00:00
wangxinyi7
74b737d4a3
Xw/net 6307 grpc client apply (#20107)
* add acl token

* apply commmand works

* add info to error message

* add tests to apply method

* add more description to flag

* code refactor

* update the error message

* fix the failing test
2024-01-16 10:39:55 -08:00
Melissa Kam
c112a6632d
[CC-7042] Update and enable the HCP metrics sink in the HCP manager (#20072)
* Option to set HCP client at runtime

Allows us to initially set a nil HCP client for the
telemetry provider and update it later.

* Set telemetry provider HCP client in HCP manager

Set the telemetry provider as a dependency and pass it to
the manager. Update the telemetry provider's HCP client
when the HCP manager starts.

* Add a provider interface for the metrics client

This provider will allow us to configure and reconfigure the
retryable HTTP client and the headers for the metrics client.

* Move HTTP retryable client to separate file

Copied directly from the metrics client.

* Abstract HCP specific values in HTTP client

Remove HCP specific references and instead initiate with
a generic TLS configuration and authentication source.

* Set up HTTP client and headers in the provider

Move setup from the metrics client to the HCP telemetry
provider.

* Update the telemetry provider in the HCP manager

Initialize the provider without the HCP configs and then update
it in the HCP manager to enable it.

* Improve test assertion, fix method comment

* Move client provider to metrics client

* Stop the manager on setup error

* Add separate lock for http configuration

* Start telemetry provider in HCP manager

* Update HCP client and config as part of Run

* Remove option to set config at initialization

* Simplify and clean up setting HCP configs

* Add test for telemetry provider Run method

* Fix race condition

* Use clone of HTTP headers

* Only allow initial update and run once
2024-01-16 10:46:12 -06:00
Manoj Srinivasamurthy
6bcc5c148c
NET-6862: adding disk-io and disk usage metrics to k8s grafana dashboard (#20169) 2024-01-16 22:14:17 +05:30
wangxinyi7
a879dea377
add acl token (#20086) 2024-01-16 08:25:50 -08:00
Derek Menteer
b8b8ad46fc
Various race condition and test fixes. (#20212)
* Increase timeouts for flakey peering test.

* Various test fixes.

* Fix race condition in reconcilePeering.

This resolves an issue where a peering object in the state store was
incorrectly mutated by a function, resulting in the test being flagged as
failing when the -race flag was used.
2024-01-16 08:57:43 -06:00
Krastin Krastev
dcba25f118
docs: fix partition target in samenessgroups (#20192) 2024-01-15 18:23:42 +02:00
cskh
748458a07b
upgrade test (LTS): utility functions to support ent users (#20186)
* upgrade test (LTS): utility functions to support ent users

* go mod tidy

* add comment
2024-01-12 18:35:44 -05:00
John Murret
93e06b799e
v1 dns - add doc strings for functions and update function names to be consistent and more descriptive. (#20194)
v1 dns - add doc strings for functions and update function names to be consistent and mre descriptive.
2024-01-12 22:07:42 +00:00
R.B. Boyer
7f9ed032fd
agent: remove data race in agent config (#20200)
To fix an issue displaying the current reloaded config in the 
v1/agent/self endpoint #18681 caused the agent's internal 
config struct member to be deepcopied and replaced on reload.

This is not safe because the field is not protected by a lock, nor 
should it be due to how it is accessed by the rest of the system.

This PR does the same deepcopy, but into a new field solely for 
the point of capturing the current reloaded values for display 
purposes. If there has been no reload then the original config is used.
2024-01-12 15:11:21 -06:00
John Murret
d4b67677c6
always run agent tests alone on their own runner (#20199)
* always run agent tests alone on their own runner

* deal with runner count = 1

* prevent runners less than 2
2024-01-12 13:40:31 -07:00
Jeff Boruszak
80ed31acac
docs: Remove ACLs section from k8s cluster peering page (#20176)
* Remove ACLs section

* Tech specs removal
2024-01-12 11:28:35 -08:00
cskh
cba3b25196
integ test: import missing changes from ent (#20187) 2024-01-12 13:27:36 -05:00
Matt Keeler
326c0ecfbe
In-Memory gRPC (#19942)
* Implement In-Process gRPC for use by controller caching/indexing

This replaces the pipe base listener implementation we were previously using. The new style CAN avoid cloning resources which our controller caching/indexing is taking advantage of to not duplicate resource objects in memory.

To maintain safety for controllers and for them to be able to modify data they get back from the cache and the resource service, the client they are presented in their runtime will be wrapped with an autogenerated client which clones request and response messages as they pass through the client.

Another sizable change in this PR is to consolidate how server specific gRPC services get registered and managed. Before this was in a bunch of different methods and it was difficult to track down how gRPC services were registered. Now its all in one place.

* Fix race in tests

* Ensure the resource service is registered to the multiplexed handler for forwarding from client agents

* Expose peer streaming on the internal handler
2024-01-12 11:54:07 -05:00
Semir Patel
98dcfaf783
compliance: license checker to enforce MPL pre-EOY 2023 no longer necessary (#20175) 2024-01-12 09:35:38 -06:00
Michael Zalimeni
76b5de5039
[NET-4968] Upgrade Go to 1.21 (#20062)
* Upgrade Go to 1.21

* ci: detect Go backwards compatibility test version automatically

For our submodules and other places we choose to test against previous
Go versions, detect this version automatically from the current one
rather than hard-coding it.
2024-01-12 09:57:38 -05:00
sarahalsmiller
1e351e286e
NET-7189 Add Protocol to MeshGatewayListeners (#20171)
add protocol to listeners struct
2024-01-11 13:12:32 -06:00
Ganesh S
10baf87421
Sort peer list in expander (#20167) 2024-01-11 12:51:07 +05:30
John Murret
3fa4a21edd
remove the skipping of slow tests in go-tests-ce and go-test-enterprise (#20139)
* remove the skipping of slow tests in go-tests-ce and go-test-enterprise

* add license header
2024-01-10 20:39:34 -07:00
sarahalsmiller
7d92a5dfd6
Add min/max kubetags to meshgatewaylistener (#20149)
* add kubetags

* generate proto
2024-01-10 19:12:29 +00:00
Nathan Coleman
cff5f0ce3b
Fix broken link (#20147) 2024-01-10 13:43:46 -05:00
Semir Patel
25b37d75b0
license: MPL'ify proto-public (#20143) 2024-01-10 11:05:12 -06:00
Dan Stough
d52e80b619
[OSS] feat: add experiments flag for v2 dns and skeleton interfaces (#20115)
feat: add experiments flag for v2 dns and skeleton interfaces
2024-01-10 11:19:20 -05:00
Manoj Srinivasamurthy
fa6eb61f70
NET-6813: adding resolver default subset test in agentless upgrade test (#20046) 2024-01-10 21:25:50 +05:30
loshz
7724bb88d5
[NET-6593] agent: check for minimum RSA key size (#20112)
* agent: check for minimum RSA key size

* add changelog

* agent: add test for RSA generated key sizes

* use constants in generating priv key func

* update key size error message
2024-01-10 12:15:36 +00:00
Nathan Coleman
670b140d87
[NET-7106] Add kubebuilder validation annotations to ExportedServicesConsumer proto (#20126)
* Add kubebuilder annotations for validation of ExportedServicesConsumer

* Generate proto
2024-01-09 17:27:54 -05:00