R.B. Boyer
43193a35c6
xds: prevent LDS flaps in mesh gateways due to unstable datacenter lists ( #9651 )
...
Also fix a similar issue in Terminating Gateways that was masked by an overzealous test.
2021-02-08 10:19:57 -06:00
Mohammad Banikazemi
bcadd341eb
Correcting the changed function name in comment
...
Signed-off-by: Mohammad Banikazemi <mbanikazemi@gmail.com>
2021-02-06 20:23:40 -05:00
freddygv
6e443e5536
Retry send after timer fires, in case no updates occur
2021-02-05 18:00:59 -07:00
Daniel Nephin
30332ffb43
state: Use the tableIndex constant
2021-02-05 18:37:45 -05:00
Daniel Nephin
3ecbeda234
state: Document index table
...
And move the IndexEntry (which is stored in the table) next to the table
schema definition.
2021-02-05 18:37:45 -05:00
Daniel Nephin
ddf292caf6
Merge pull request #9722 from hashicorp/dnephin/fix-master-build
...
Fix main build failing
2021-02-05 18:13:13 -05:00
Shantanu Gadgil
d30509e82c
changleog: presense -> presence ( #9713 )
...
presense -> presence
2021-02-05 17:37:55 -05:00
R.B. Boyer
adff0c05a7
xds: deduplicate mesh gateway listeners in a stable way ( #9650 )
...
In a situation where the mesh gateway is configured to bind to multiple
network interfaces, we use a feature called 'tagged addresses'.
Sometimes an address is duplicated across multiple tags such as 'lan'
and 'lan_ipv4'.
There is code to deduplicate these things when creating envoy listeners,
but that code doesn't ensure that the same tag wins every time. If the
winning tag flaps between xDS discovery requests it will cause the
listener to be drained and replaced.
2021-02-05 16:28:07 -06:00
Daniel Nephin
f744e03c05
Fix main build failing
...
An old PR (#7623 ) was merged after #9585 . The old code was incompatible with the new
changes, but none of the lines caused a git conflict so the merge was allowed.
The incompatible changes caused the tests to fail. This fixes the old code to
work with the new changes.
2021-02-05 17:25:57 -05:00
freddygv
de0cb1af7f
Make xDS labeling consistent with proxycfg
2021-02-05 15:15:52 -07:00
freddygv
95e7641faa
Update proxycfg logging, labels were already attached
2021-02-05 15:14:49 -07:00
Daniel Nephin
a4690ac7d9
Merge pull request #9719 from hashicorp/oss/state-store-4
...
state: remove registerSchema
2021-02-05 14:02:38 -05:00
Daniel Nephin
1c4e0cfa2a
Merge pull request #9718 from hashicorp/oss/dnephin/ent-meta-in-state-store-3
...
state: convert all table name constants to the new prefix pattern
2021-02-05 14:02:07 -05:00
Daniel Nephin
0814f22715
Merge pull request #9665 from hashicorp/dnephin/state-store-indexes-2
...
state: move config-entries table definition to config_entries_schema.go
2021-02-05 14:01:08 -05:00
Alvin Huang
3c673418a7
ci: escape backticks in github comment for website/ change check ( #9711 )
2021-02-05 13:48:31 -05:00
Daniel Nephin
912dbb4cb4
Merge pull request #9664 from hashicorp/dnephin/state-store-indexes
...
state: move ACL schema and index definitions to acl_schema.go
2021-02-05 13:38:31 -05:00
Daniel Nephin
05d5ec4804
state: remove the need for registerSchema
...
registerSchema creates some indirection which is not necessary in this
case. newDBSchema can call each of the tables.
Enterprise tables can be added from the existing withEnterpriseSchema
shim.
2021-02-05 12:19:56 -05:00
Daniel Nephin
2cbf8b5fd0
state: rename table name constants to use pattern
...
the 'table' prefix is shorter, and also reads better in queries.
2021-02-05 12:12:19 -05:00
Daniel Nephin
8ac9d54ccc
state: rename connect constants
2021-02-05 12:12:19 -05:00
Daniel Nephin
0c34e474c5
state: rename table name constants to new pattern
...
Using Apps Hungarian Notation for these constants makes the memdb queries more readable.
2021-02-05 12:12:18 -05:00
Daniel Nephin
eed2f0b804
Merge pull request #9701 from hashicorp/dnephin/ent-meta-remove-extra-arg
...
state: Remove extra entMeta arg to EnsureConfigEntry
2021-02-05 11:43:35 -05:00
Kyle Havlovitz
3fd040be22
Merge pull request #7623 from FriedCircuits/patch-1
...
Add support for RSA private key to TLS utils.
2021-02-04 11:37:51 -08:00
David Yu
36db3b50e6
docs: fix another broken link to upgrading k8s servers from token rotation page ( #9707 )
...
fix another broken link to upgrading k8s servers from token rotation page
2021-02-04 09:44:04 -08:00
David Yu
94389f9619
docs: Small change to fix broken link to k8s upgrade from k8s tls certs page ( #9705 )
...
Broken link to k8s server upgrade from tls certs page
2021-02-04 09:13:32 -08:00
Pierre Souchay
7a024ed074
Streaming filter tags + case insensitive lookups for Service Names
...
Will fix:
* https://github.com/hashicorp/consul/issues/9695
* https://github.com/hashicorp/consul/issues/9702
2021-02-04 11:00:51 +01:00
Daniel Nephin
2d5b5afec1
state: Remove unnecessary entMeta arg to EnsureConfigEntry
2021-02-03 18:10:38 -05:00
Alvin Huang
0d1301c408
ci: add nightly load testing on master ( #9693 )
2021-02-03 15:59:37 -05:00
Alvin Huang
a4d5738a4e
ci: fix pr file checker ( #9694 )
...
* filter github pr file checker on the right labels object
* only check PR files when the PR is opened
2021-02-03 10:19:37 -05:00
Alvin Huang
7f455b9a42
ci:check that type/docs-cherrypick is attached to website PR changes ( #9690 )
2021-02-02 17:04:05 -05:00
Kim Ngo
6b92b778c5
docs/nia: recommend sensitive variables for module authoring ( #9692 )
2021-02-02 14:57:46 -06:00
Alvin Huang
27e80ce5be
ci: fix changelog check checkout ( #9688 )
...
* ci: fix changelog check checkout
* use fetch-depth 0 to get all commits to find a merge-base
2021-02-02 14:51:20 -05:00
freddygv
5ba14ad41d
Add trace logs to proxycfg state runner and xds srv
2021-02-02 12:26:38 -07:00
Kim Ngo
e48a96eac1
docs/nia: Update verbiage around securely configuring providers ( #9684 )
...
This reorganizes and flags where and when sensitive information may
be written in plain-text
2021-02-02 13:24:25 -06:00
freddygv
37190c0d0d
Avoid potential deadlock using non-blocking send
...
Deadlock scenario:
1. Due to scheduling, the state runner sends one snapshot into
snapCh and then attempts to send a second. The first send succeeds
because the channel is buffered, but the second blocks.
2. Separately, Manager.Watch is called by the xDS server after
getting a discovery request from Envoy. This function acquires the
manager lock and then blocks on receiving the CurrentSnapshot from
the state runner.
3. Separately, there is a Manager goroutine that reads the snapshots
from the channel in step 1. These reads are done to notify proxy
watchers, but they require holding the manager lock. This goroutine
goes to acquire that lock, but can't because it is held by step 2.
Now, the goroutine from step 3 is waiting on the one from step 2 to
release the lock. The goroutine from step 2 won't release the lock until
the goroutine in step 1 advances. But the goroutine in step 1 is waiting
for the one in step 3. Deadlock.
By making this send non-blocking step 1 above can proceed. The coalesce
timer will be reset and a new valid snapshot will be delivered after it
elapses or when one is requested by xDS.
2021-02-02 11:31:14 -07:00
Brandon Romano
cf9a14ab6a
Merge pull request #9677 from hashicorp/km.hcp
...
website: 2/2 Updates for HCP
2021-02-02 08:39:52 -08:00
Kyle MacDonald
d9bbf3d922
website: add utm params for all cloud.hashi links
2021-02-02 09:09:16 -05:00
hashicorp-ci
6fa9a6a1d9
auto-updated agent/uiserver/bindata_assetfs.go from commit e0ff7080a
2021-02-02 10:08:48 +00:00
John Cowen
e0ff7080ae
ui: Adds unique-id helper ( #9676 )
2021-02-02 10:03:46 +00:00
Kyle MacDonald
132e27436f
Website updates for HCP (2/2)
...
website: prep hcp ctas
Add in updated HCP section
Fix broken link
website: remove superflous heading
website: add new try cloud cta to nav
website: adjust homepage hero CTAs
Update HCP description to match latest
Clean up Hero CTAs
Updates banner
2021-02-01 19:09:38 -08:00
Alvin Huang
d94c3b9342
ci: add script to check for .changelog file in PRs ( #9641 )
...
* ci: add .changelog file check for PRs
* Update .github/workflows/changelog-check.yml
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
* add better disclaimer in changelog check script description
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-02-01 18:51:52 -05:00
Matt Keeler
f4dcb094a5
Release 1.9.3 ( #9680 )
2021-02-01 13:34:44 -05:00
hashicorp-ci
90917400c6
auto-updated agent/uiserver/bindata_assetfs.go from commit 0b7d676dc
2021-02-01 17:55:03 +00:00
John Cowen
0b7d676dcb
ui: Add 'Scenario' debug function for easy saving debug scenarios ( #9675 )
2021-02-01 17:50:11 +00:00
hashicorp-ci
a33ff40816
auto-updated agent/uiserver/bindata_assetfs.go from commit 3aef5cde2
2021-02-01 17:35:20 +00:00
John Cowen
3aef5cde20
ui: Adds the dump router dumping function only in dev mode ( #9666 )
2021-02-01 17:29:43 +00:00
Alvin Huang
e889f7dbcd
ci: fail cherrypick if git push fails ( #9673 )
2021-01-29 19:42:14 -05:00
Mike Morris
504aa7c5fe
website: add release notes for 1.9 ( #9189 )
...
* website: initial draft of release notes framework
* website: fixup ref to 1-9-0.mdx
* Update website/pages/docs/release-notes/1-9-0.mdx
* Update website/pages/docs/release-notes/1-9-0.mdx
* website: add draft of 1.9.0 release notes
* website: move release-notes directory from /pages to /content
* Update 1-9-0.mdx
* Update website/content/docs/release-notes/1-9-0.mdx
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
* Update website/content/docs/release-notes/1-9-0.mdx
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
* Update website/content/docs/release-notes/1-9-0.mdx
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
* Update website/content/docs/release-notes/1-9-0.mdx
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
* Update website/content/docs/release-notes/1-9-0.mdx
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
* Update website/content/docs/release-notes/1-9-0.mdx
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
* Update website/content/docs/release-notes/1-9-0.mdx
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
* Update website/content/docs/release-notes/1-9-0.mdx
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
* Update website/content/docs/release-notes/1-9-0.mdx
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-01-29 18:00:32 -05:00
Ashwin Venkatesh
3da918089d
Add docs for TLS Server Certificate rotation for K8S ( #9636 )
...
* Add docs for TLS Server Certificate rotation for K8s
2021-01-29 17:13:28 -05:00
Kyle Havlovitz
7dac583863
connect/ca: Allow ForceWithoutCrossSigning for all providers
...
This allows setting ForceWithoutCrossSigning when reconfiguring the CA
for any provider, in order to forcibly move to a new root in cases where
the old provider isn't reachable or able to cross-sign for whatever
reason.
2021-01-29 13:38:11 -08:00
Luke Kysow
b5212fbcc6
Add operations section to k8s notes ( #9625 )
...
* Add operations section to k8s notes
* Unify faq/troubleshooting
2021-01-29 11:15:40 -08:00