19531 Commits

Author SHA1 Message Date
Dan Upton
328e3ff563
proxycfg: rate-limit delivery of config snapshots (#14960)
Adds a user-configurable rate limiter to proxycfg snapshot delivery,
with a default limit of 250 updates per second.

This addresses a problem observed in our load testing of Consul
Dataplane where updating a "global" resource such as a wildcard
intention or the proxy-defaults config entry could starve the Raft or
Memberlist goroutines of CPU time, causing general cluster instability.
2022-10-14 15:52:00 +01:00
Derek Menteer
29ebcf5ff0 Add tests for peering state snapshots / restores. 2022-10-14 09:48:04 -05:00
Derek Menteer
e3ff9912d0 Add test for ExportedServicesForAllPeersByName 2022-10-14 09:48:04 -05:00
Alessandro De Blasis
5f99f578a9
Update website/content/api-docs/agent/check.mdx 2022-10-14 12:32:55 +01:00
Dan Upton
e6b55d1d81
perf: remove expensive reflection from xDS hot path (#14934)
Replaces the reflection-based implementation of proxycfg's
ConfigSnapshot.Clone with code generated by deep-copy.

While load testing server-based xDS (for consul-dataplane) we discovered
this method is extremely expensive. The ConfigSnapshot struct, directly
or indirectly, contains a copy of many of the structs in the agent/structs
package, which creates a large graph for copystructure.Copy to traverse
at runtime, on every proxy reconfiguration.
2022-10-14 10:26:42 +01:00
Michael Klein
03734a1bac
Merge pull request #14977 from hashicorp/ui/fix/scrollbar-bento-box
ui: Bento-Box show scrollbars only when necessary
2022-10-14 09:07:57 +02:00
wenincode
c85d70e80d Address linting errors 2022-10-13 19:05:19 -06:00
wenincode
363db8c849 Add changelog entry 2022-10-13 18:54:39 -06:00
wenincode
9355d0d4f6 Add tests for filtering node health checks 2022-10-13 18:45:15 -06:00
freddygv
c77123a2aa Use split var in tests 2022-10-13 17:12:47 -06:00
freddygv
bf51021c07 Use split wildcard partition name
This way OSS avoids passing a non-empty label, which will be rejected in
OSS consul.
2022-10-13 16:55:28 -06:00
Freddy
ee4cdc4985
Merge pull request #14935 from hashicorp/fix/alias-leak 2022-10-13 16:31:15 -06:00
freddygv
da68ed70c1 Add changelog entry 2022-10-13 16:09:32 -06:00
freddygv
f48d7fbe04 Add changelog entry 2022-10-13 16:03:15 -06:00
freddygv
573aa408a1 Lint 2022-10-13 15:55:55 -06:00
wenincode
4530e2e547 Format healthchecks template 2022-10-13 15:48:18 -06:00
wenincode
0eb250d3a0 Filter healthchecks for synthetic-nodes 2022-10-13 15:47:47 -06:00
David Yu
2c5f6a4678
1.14 dataplane docs beta: Bump to beta3 (#14979)
Bump to beta
2022-10-13 14:40:40 -07:00
Derek Menteer
0f424e3cdf Reset wait on ensureServerAddrSubscription 2022-10-13 15:58:26 -05:00
freddygv
96fdd3728a Fix CA init error code 2022-10-13 14:58:11 -06:00
freddygv
472a8e82dc Add integ test for peering through gateways 2022-10-13 14:58:05 -06:00
freddygv
2c99a21596 Update leader routine to maybe use gateways 2022-10-13 14:58:00 -06:00
freddygv
e69bc727ec Update peering establishment to maybe use gateways
When peering through mesh gateways we expect outbound dials to peer
servers to flow through the local mesh gateway addresses.

Now when establishing a peering we get a list of dial addresses as a
ring buffer that includes local mesh gateway addresses if the local DC
is configured to peer through mesh gateways. The ring buffer includes
the mesh gateway addresses first, but also includes the remote server
addresses as a fallback.

This fallback is present because it's possible that direct egress from
the servers may be allowed. If not allowed then the leader will cycle
back to a mesh gateway address through the ring.

When attempting to dial the remote servers we retry up to a fixed
timeout. If using mesh gateways we also have an initial wait in
order to allow for the mesh gateways to configure themselves.

Note that if we encounter a permission denied error we do not retry
since that error indicates that the secret in the peering token is
invalid.
2022-10-13 14:57:55 -06:00
malizz
b0b0cbb8ee
increase protobuf size limit for cluster peering (#14976) 2022-10-13 13:46:51 -07:00
Jasmine W
e04c56a3a1
Merge pull request #14975 from hashicorp/ui/bugfix/peering-misspelling
UI: Copy changes for peering detail page
2022-10-13 15:28:21 -04:00
Derek Menteer
4e140c98bc Address PR comments. 2022-10-13 14:11:02 -05:00
Derek Menteer
1e394da400 Disallow peering to the same cluster. 2022-10-13 14:11:02 -05:00
wenincode
12a24a6d8c Update peers show tests to look for serverAddresses tab 2022-10-13 13:06:11 -06:00
Jasmine W
09513e7ef2 Update index.js 2022-10-13 14:42:13 -04:00
Michael Klein
8a1609f6da Bento-Box show scrollbars only when necessary 2022-10-13 20:27:19 +02:00
Derek Menteer
8742fbe14f Prevent consul peer-exports by discovery chain. 2022-10-13 12:45:09 -05:00
Derek Menteer
f366edcb8d Prevent the "consul" service from being exported. 2022-10-13 12:45:09 -05:00
Jasmine W
56e3c0884e UI: Copy changes for peering detail page 2022-10-13 13:45:03 -04:00
wenincode
e6134761be Fix linting error 2022-10-13 10:59:48 -06:00
wenincode
f9575be4c7 Add changelog 2022-10-13 10:43:57 -06:00
wenincode
09514daf0c Move agentless-notice banner css to it's own file 2022-10-13 10:38:26 -06:00
Michael Klein
3872a36d93
Merge pull request #14973 from hashicorp/ui/chore/consol-api-gateway-bottom-sources-filter
ui: Always sort consul-gateway to bottom sources list
2022-10-13 18:34:45 +02:00
wenincode
d12a6c5e1a Add tests for agentless-notice-banner 2022-10-13 10:29:03 -06:00
wenincode
8254f243ca Move banner to component and make it dismissable 2022-10-13 10:29:03 -06:00
wenincode
4845b90c8e Add banner for agentless node notice 2022-10-13 10:29:03 -06:00
Derek Menteer
caa1396255 Add remote peer partition and datacenter info. 2022-10-13 10:37:41 -05:00
Michael Klein
f06001352a Always sort consul-gateway to bottom sources list 2022-10-13 17:13:00 +02:00
Tyler Wendlandt
e8748503c3
Merge pull request #14970 from hashicorp/ui/feature/filter-synthetic-nodes
ui: Filter synthetic nodes on nodes list page
2022-10-13 09:12:03 -06:00
Michael Klein
5ac1bc9cc0
Merge pull request #14947 from hashicorp/ui/feat/peer-detail-page
ui: peer detail view
2022-10-13 17:03:57 +02:00
Michael Klein
ceeb823d01 Add changelog for peers detail page 2022-10-13 16:45:03 +02:00
Michael Klein
54409c9ac4 Add tests peers.show 2022-10-13 16:45:03 +02:00
Michael Klein
38fed7d2b6 Fix href-to persists hash
Copy passed hash before manipulating it.

Assigning to the same hash object will break href-to
because in certain scenarios href-to-helper will
not create a new object that gets passed to
`fsm-with-optional`-hrefTo method.

This is problematic for optional route-params, and lead
to a situation where links to peered services would
create the wrong url for their href-attribute.
2022-10-13 16:45:03 +02:00
Michael Klein
0653bb57ac Update peering mocks 2022-10-13 16:45:03 +02:00
Michael Klein
19fbdb7a0b Fix linting error dimension service 2022-10-13 16:45:03 +02:00
Michael Klein
6b34e3e91a Fix peering regenerate test
* only dialers will show a regenerate token action
* add test that receivers won't show regenerate action
2022-10-13 16:45:03 +02:00