Commit Graph

18029 Commits

Author SHA1 Message Date
Chris S. Kim 8ed49ea4d0
Update envoy metrics label extraction for peered clusters and listeners (#13818)
Now that peered upstreams can generate envoy resources (#13758), we need a way to disambiguate local from peered resources in our metrics. The key difference is that datacenter and partition will be replaced with peer, since in the context of peered resources partition is ambiguous (could refer to the partition in a remote cluster or one that exists locally). The partition and datacenter of the proxy will always be that of the source service.

Regexes were updated to make emitting datacenter and partition labels mutually exclusive with peer labels.

Listener filter names were updated to better match the existing regex.

Cluster names assigned to peered upstreams were updated to be synthesized from local peer name (it previously used the externally provided primary SNI, which contained the peer name from the other side of the peering). Integration tests were updated to assert for the new peer labels.
2022-07-25 13:49:00 -04:00
Michael Klein f7f26220ba
ui: add peers to node search (#13875)
* Make nodes searchable by peer

* fix only surface peer filter on service search when feature is on
2022-07-25 18:46:47 +02:00
DanStough dfd50d68ed chore: ignore vscode files 2022-07-25 12:31:58 -04:00
DanStough 2da8949d78 feat: convert destination address to slice 2022-07-25 12:31:58 -04:00
Luke Kysow cf4af7c765
Re-document peering disabled (#13879)
Change wording because it does have effect on clients because it
disables peering in the UI served from that client.
2022-07-25 09:30:37 -07:00
Freddy f03cca7576
[OSS] Add ACL enforcement to peering endpoints (#13878) 2022-07-25 10:04:10 -06:00
Matt Keeler 58e4d8235b
Enable/Disable Peering Support in the UI (#13816)
We enabled/disable based on the config flag.
2022-07-25 11:50:11 -04:00
freddygv b544ce6485 Add ACL enforcement to peering endpoints 2022-07-25 09:34:29 -06:00
Kyle Havlovitz 016f963e7e Remove excess debug log from ingress upstream shutdown 2022-07-22 17:29:38 -07:00
alex 279d458e6e
peering: use ShouldDial to validate peer role (#13823)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-22 15:56:25 -07:00
Luke Kysow a1e6d69454
peering: add config to enable/disable peering (#13867)
* peering: add config to enable/disable peering

Add config:

```
peering {
  enabled = true
}
```

Defaults to true. When disabled:
1. All peering RPC endpoints will return an error
2. Leader won't start its peering establishment goroutines
3. Leader won't start its peering deletion goroutines
2022-07-22 15:20:21 -07:00
Kyle Havlovitz 0786517b56
Merge pull request #13847 from hashicorp/gateway-goroutine-leak
Fix goroutine leaks in proxycfg when using ingress gateway
2022-07-22 14:43:22 -07:00
Freddy f99df57840
[OSS] Add new peering ACL rule (#13848)
This commit adds a new ACL rule named "peering" to authorize
actions taken against peering-related endpoints.

The "peering" rule has several key properties:
- It is scoped to a partition, and MUST be defined in the default
  namespace.

- Its access level must be "read', "write", or "deny".

- Granting an access level will apply to all peerings. This ACL rule
  cannot be used to selective grant access to some peerings but not
  others.

- If the peering rule is not specified, we fall back to the "operator"
  rule and then the default ACL rule.
2022-07-22 14:42:23 -06:00
NicoletaPopoviciu a3cdcf0c86
docs: Updates k8s annotation docs (#13809)
* Updates k8s annotation docs
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2022-07-22 13:26:31 -07:00
Sarah Alsmiller 082ad42ff4 add redirects 2022-07-22 14:20:27 -05:00
alex 927cee692b
peering: emit exported services count metric (#13811)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-22 12:05:08 -07:00
Matt Keeler 77917b6b5d
Rename some protobuf package names to be fqdn like (#13861)
These are used in various bits of the wire format (for gRPC) and internally with Go’s registry so we want to namespace things properly.
2022-07-22 14:59:34 -04:00
Kyle Havlovitz 6e1dd05a19 Add changelog note 2022-07-22 10:33:50 -07:00
A.J. Sanon 90ae5ffd16
Add ECS audit logging docs (#13729) 2022-07-22 13:30:25 -04:00
Michael Klein bcbc36ecec
Improve peered service empty downstreams message (#13854) 2022-07-22 19:28:13 +02:00
sarahalsmiller 355f6dbd48
Update website/content/docs/api-gateway/usage/basic-usage.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-22 09:45:00 -05:00
Daniel Upton a8df87f574 proxycfg-glue: server-local implementation of `ExportedPeeredServices`
This is the OSS portion of enterprise PR 2377.

Adds a server-local implementation of the proxycfg.ExportedPeeredServices
interface that sources data from a blocking query against the server's
state store.
2022-07-22 15:23:23 +01:00
Eric Haberkorn 501089292e
Add Cluster Peering Failover Support to Prepared Queries (#13835)
Add peering failover support to prepared queries
2022-07-22 09:14:43 -04:00
Sarah Alsmiller 2f8b0174b2 fix tabs 2022-07-21 17:38:57 -05:00
Sarah Alsmiller 596f421881 fix tabs 2022-07-21 17:21:22 -05:00
Sarah Alsmiller 7d66c77f9c fix tabs 2022-07-21 17:11:07 -05:00
Nitya Dhanushkodi f47319b7c6
update generate token endpoint to take external addresses (#13844)
Update generate token endpoint (rpc, http, and api module)

If ServerExternalAddresses are set, it will override any addresses gotten from the "consul" service, and be used in the token instead, and dialed by the dialer. This allows for setting up a load balancer for example, in front of the consul servers.
2022-07-21 14:56:11 -07:00
Sarah Alsmiller add15bec2e fix tabs 2022-07-21 16:54:03 -05:00
Sarah Alsmiller b9501b5170 erge branch 'sa-restructure-documentation' of github.com:hashicorp/consul into sa-restructure-documentation 2022-07-21 15:13:00 -05:00
Sarah Alsmiller e0d38ea01e add consul k8s install instructions 2022-07-21 15:12:49 -05:00
sarahalsmiller c9f622de38
Update website/content/docs/api-gateway/configuration/gatewayclassconfig.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:59:14 -05:00
Sarah Alsmiller 63e806f993 Merge branch 'sa-restructure-documentation' of github.com:hashicorp/consul into sa-restructure-documentation 2022-07-21 14:54:04 -05:00
Sarah Alsmiller 20e97a7729 merge back in mike's environment doc in install 2022-07-21 14:53:55 -05:00
sarahalsmiller c54e0904de
Update website/content/docs/api-gateway/configuration/gateway.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:55 -05:00
sarahalsmiller 5d02480430
Update website/content/docs/api-gateway/configuration/gateway.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:47 -05:00
sarahalsmiller dfc9ae4a60
Update website/content/docs/api-gateway/configuration/gateway.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:34 -05:00
sarahalsmiller 9feb465f62
Update website/content/docs/api-gateway/configuration/gateway.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:25 -05:00
alex 58d66a002e
Merge pull request #13845 from hashicorp/acpana/peering-rename-oss
[SYNC] Rename peering internal to ~
2022-07-21 11:20:38 -07:00
acpana 12b773ab02
Rename peering internal to ~
sync ENT to 5679392c81

Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-21 10:51:05 -07:00
Luke Kysow 0c87be0845
peering: Add heartbeating to peering streams (#13806)
* Add heartbeating to peering streams
2022-07-21 10:03:27 -07:00
Chris Thain af40b9b144
Add Consul Lambda integration tests (#13770) 2022-07-21 09:54:56 -07:00
John Cowen c9898fb38e
ui: Change initiate > establish for peering the modal tab (#13839) 2022-07-21 17:39:15 +01:00
John Cowen e2908679c6
ui: Allow searching for peerings by ID (#13837) 2022-07-21 17:38:57 +01:00
John Cowen b960cb671f
ui: Remove peering detail page (#13836)
* ui: Remove links to the peering detail page

* 404 everything
2022-07-21 17:38:10 +01:00
Michael Klein 2f81c7b292
ui: peered services only show instance- and tags-tabs (#13840)
* Only show instances- and tags-tab peered services

* Adapt show-with-slashes test to peering changes

Tests always have the peering feature turned on and the default service
we load from the mock-api will be peered. This is why the topology
view of the service.show page will not be accessible in the updated
test it will show the instances instead. This change does not change
what the test is actually testing so just putting changing to the now
different url is fine.
2022-07-21 16:09:54 +01:00
Michael Klein b1a39fc12f
ui: Surface peer info in nodes.show view (#13832) 2022-07-21 15:35:54 +01:00
Michael Klein 07f30687d5
ui: Update peerings empty state copy (#13834) 2022-07-21 14:59:38 +01:00
Daniel Upton 3655802fdc proxycfg-glue: server-local implementation of `PeeredUpstreams`
This is the OSS portion of enterprise PR 2352.

It adds a server-local implementation of the proxycfg.PeeredUpstreams interface
based on a blocking query against the server's state store.

It also fixes an omission in the Virtual IP freeing logic where we were never
updating the max index (and therefore blocking queries against
VirtualIPsForAllImportedServices would not return on service deletion).
2022-07-21 13:51:59 +01:00
Krastin Krastev 8d4baafd84
Merge pull request #12592 from krastin/krastin/docs/sidecarservice-typo
docs: clean-up sidecar service expanded definition
2022-07-21 10:21:48 +02:00
Krastin Krastev 25b6148aa8 Merge branch 'main' into krastin/docs/sidecarservice-typo 2022-07-21 10:51:39 +03:00