Commit Graph

18384 Commits

Author SHA1 Message Date
freddygv 650e48624d Allow terminated peerings to be deleted
Peerings are terminated when a peer decides to delete the peering from
their end. Deleting a peering sends a termination message to the peer
and triggers them to mark the peering as terminated but does NOT delete
the peering itself. This is to prevent peerings from disappearing from
both sides just because one side deleted them.

Previously the Delete endpoint was skipping the deletion if the peering
was not marked as active. However, terminated peerings are also
inactive.

This PR makes some updates so that peerings marked as terminated can be
deleted by users.
2022-08-26 10:52:47 -06:00
Thomas Eckert e64a28516d
Merge pull request #14347 from hashicorp/update-terminating-gateway-docs
Update Kubernetes Terminating Gateway Docs
2022-08-26 12:52:09 -04:00
smamindla57 eb0c5bb9a1
Updated consul monitoring with Newrelic APM (#14360)
* added newrelic consul quickstart link
* adding HCP Consul

Co-authored-by: David Yu <dyu@hashicorp.com>
2022-08-26 09:13:46 -07:00
Chris S. Kim 70cf9a610b
Merge pull request #11742 from dekimsey/catalog-service-list-filter
Add support for filtering the 'List Services' API
2022-08-26 11:35:20 -04:00
Chris S. Kim 87962b9713 Merge branch 'main' into catalog-service-list-filter 2022-08-26 11:16:06 -04:00
Chris S. Kim e2fe8b8d65 Fix tests for enterprise 2022-08-26 11:14:02 -04:00
Chris S. Kim 6ddcc04613
Replace ring buffer with async version (#14314)
We need to watch for changes to peerings and update the server addresses which get served by the ring buffer.

Also, if there is an active connection for a peer, we are getting up-to-date server addresses from the replication stream and can safely ignore the token's addresses which may be stale.
2022-08-26 10:27:13 -04:00
Tu Nguyen e00e0666ca Replace references to Learn 2022-08-25 23:05:08 -07:00
Tu Nguyen 6dcc2a2110 Update Learn links in prep for devdot 2022-08-25 22:49:29 -07:00
Tu Nguyen f1c6629fe8 Update redirects 2022-08-25 20:25:35 -07:00
Tu Nguyen 8efc8fa0a8
Merge pull request #14354 from hashicorp/main
Ensure that dev-portal reflects what's currently on main
2022-08-25 20:21:21 -07:00
alex 30ff2e9a35
peering: add peer health metric (#14004)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-08-25 16:32:59 -07:00
Dao Thanh Tung fead3c537b
Fix Consul KV CLI 'GET' flags 'keys' and 'recurse' to be set together (#13493)
allow flags -recurse and -keys to be run at the same time in consul kv get CLI
2022-08-25 18:21:49 -04:00
Jared Kirschner 21bc0add9a
Merge pull request #13932 from hashicorp/docs/crossref-maint-mode-from-health-checks
docs: improve health check related docs
2022-08-25 16:56:30 -04:00
Jared Kirschner 20f291fa06 docs: improve health check related docs
Includes:
- Improved scannability and organization of checks overview
- Checks overview includes more guidance on
  - How to register a health check
  - The options available for a health check definition
- Contextual cross-references to maintenance mode
2022-08-25 13:47:22 -07:00
Thomas Eckert 70a1cbd8ea Capitalize Helm 2022-08-25 14:44:45 -04:00
Thomas Eckert 5064fbc254 Add links to requirements 2022-08-25 14:44:33 -04:00
Thomas Eckert ed4a430b3e Use tabs for destinations 2022-08-25 14:40:18 -04:00
Thomas Eckert 77c9995a8e Lil' more cleanup 2022-08-25 14:04:33 -04:00
Thomas Eckert 6d9872388b Clean up copy in ACL role update 2022-08-25 14:03:43 -04:00
Thomas Eckert e990b03d5c Normalize table with nobrs 2022-08-25 13:56:13 -04:00
Thomas Eckert a2a7b56292 Format traffic behaviors table 2022-08-25 13:37:52 -04:00
Thomas Eckert 65dce3476f Clean up copy for registration 2022-08-25 13:27:43 -04:00
Thomas Eckert 884dda25c2 Use tabs for with and without TLS 2022-08-25 13:02:55 -04:00
Thomas Eckert ac129339f8 Instruct users to use the CLI 2022-08-25 12:49:54 -04:00
Thomas Eckert 4d40d02c73 Remove warning about 1.9 2022-08-25 12:45:57 -04:00
Chris S. Kim 181063cd23 Exit loop when context is cancelled 2022-08-25 11:48:25 -04:00
Evan Culver 8e6b6a49a2
docs: Update Envoy support matrix to match the code (#14338) 2022-08-24 17:04:26 -07:00
cskh 41aea65214
Fix: the inboundconnection limit filter should be placed in front of http co… (#14325)
* fix: the inboundconnection limit should be placed in front of http connection manager

Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-08-24 14:13:10 -04:00
Derek Menteer 8f27a077cb Add 14269 changelog entry. 2022-08-24 12:51:13 -05:00
skpratt 919da33331
no-op: refactor usagemetrics tests for clarity and DRY cases (#14313) 2022-08-24 12:00:09 -05:00
Pablo Ruiz García 1f293e5244
Added new auto_encrypt.grpc_server_tls config option to control AutoTLS enabling of GRPC Server's TLS usage
Fix for #14253

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-08-24 12:31:38 -04:00
DanStough ca228aad8d doc: tproxy destination fixes 2022-08-24 11:31:05 -04:00
Tyler Wendlandt cdc6fd89d3
ui: Replace file-mask with file-text icon usage on policy list (#14275) 2022-08-24 06:44:01 -06:00
Dan Upton 3b993f2da7
dataplane: update envoy bootstrap params for consul-dataplane (#14017)
Contains 2 changes to the GetEnvoyBootstrapParams response to support
consul-dataplane.

Exposing node_name and node_id:

consul-dataplane will support providing either the node_id or node_name in its
configuration. Unfortunately, supporting both in the xDS meta adds a fair amount
of complexity (partly because most tables are currently indexed on node_name)
so for now we're going to return them both from the bootstrap params endpoint,
allowing consul-dataplane to exchange a node_id for a node_name (which it will
supply in the xDS meta).

Properly setting service for gateways:

To avoid the need to special case gateways in consul-dataplane, service will now
either be the destination service name for connect proxies, or the gateway
service name. This means it can be used as-is in Envoy configuration (i.e. as a
cluster name or in metric tags).
2022-08-24 12:03:15 +01:00
twunderlich-grapl bb35a8303d
Clarify docs around using either Consul or Vault managed PKI paths (#13295)
* Clarify docs around using either Consul or Vault managed PKI paths

The current docs can be misread to indicate that you need both the
Consul and Vault managed PKI Paths policies. The [Learning Tutorial](https://learn.hashicorp.com/tutorials/consul/vault-pki-consul-connect-ca?in=consul/vault-secure#create-vault-policies)
is clearer. This tries to make the original docs as clear as the
learning tutorial

* Clarify that PKI secret engines are used to store certs

Co-authored-by: Blake Covarrubias <blake.covarrubias@gmail.com>
2022-08-23 17:06:00 -07:00
Rosemary Wang 8d6b73aed0
Clarify transparent proxy documentation (#14301)
* Clarify transparent proxy documentation

Some confusion over known limitations for transparent proxy, specifically over federation versus cluster peering.
Updated `KubeDNS` to Kubernetes DNS for consistency with Kubernetes documentation.

Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2022-08-23 14:52:03 -07:00
Tu Nguyen 4b06add255 more more reshuffling 2022-08-23 13:04:21 -07:00
Tu Nguyen 21d8358761 more reshuffling 2022-08-23 13:00:04 -07:00
Tu Nguyen c56802132c more reshuffling 2022-08-23 12:41:44 -07:00
Daniel Upton 13c04a13af proxycfg: terminate stream on irrecoverable errors
This is the OSS portion of enterprise PR 2339.

It improves our handling of "irrecoverable" errors in proxycfg data sources.

The canonical example of this is what happens when the ACL token presented by
Envoy is deleted/revoked. Previously, the stream would get "stuck" until the
xDS server re-checked the token (after 5 minutes) and terminated the stream.

Materializers would also sit burning resources retrying something that could
never succeed.

Now, it is possible for data sources to mark errors as "terminal" which causes
the xDS stream to be closed immediately. Similarly, the submatview.Store will
evict materializers when it observes they have encountered such an error.
2022-08-23 20:17:49 +01:00
Ashwin Venkatesh 24a3975494
Updates docs for CRDs (#14267)
Co-authored-by: NicoletaPopoviciu <nicoleta@hashicorp.com>
2022-08-23 15:14:36 -04:00
Tyler Wendlandt cb1043d8ac
ui: Update badge / pill icon sizing (#14282)
* Update badge icon sizing to be 16x16

* Update icon sizing in pill component
2022-08-23 13:02:40 -06:00
Jared Kirschner eb645453d6
Merge pull request #13999 from hashicorp/docs/improve-dns-lookup-variable-consistency
docs: improve consistency of DNS lookup variables
2022-08-23 09:53:04 -04:00
Jared Kirschner 589e7cfab4 docs: improve consistency of DNS lookup variables
Previously, some variables were wrapped in < > while others were not,
creating ambiguity in whether some labels were a string literal or a
variable.

Now, all variables are wrapped in < >.
2022-08-23 06:47:17 -07:00
Jared Kirschner 1200e83c3b
Merge pull request #14034 from hashicorp/make-proxy-sidecar-for-case-insensitive
Allow uppercase in proxy launch -sidecar-for arg
2022-08-23 09:37:39 -04:00
Jared Kirschner 3bbe803d7a
Merge pull request #13967 from hashicorp/jkirschner-hashicorp-patch-3
docs: link pq docs to relevant DNS lookup section
2022-08-23 09:23:49 -04:00
Eric Haberkorn 58901ad7df
Cluster peering failover disco chain changes (#14296) 2022-08-23 09:13:43 -04:00
Jared Kirschner b0ef7a6674 docs: link pq docs to relevant DNS lookup section 2022-08-23 06:02:47 -07:00
Jared Kirschner 888fbce828
Merge pull request #14221 from hashicorp/jkirschner-hashicorp-patch-1
docs: update k8s vault connect ca config docs
2022-08-23 09:02:16 -04:00