Commit Graph

20808 Commits

Author SHA1 Message Date
Derek Menteer 48c4a5b736
Add grpc keepalive configuration. (#19339)
Prior to the introduction of this configuration, grpc keepalive messages were
sent after 2 hours of inactivity on the stream. This posed issues in various
scenarios where the server-side xds connection balancing was unaware that envoy
instances were uncleanly killed / force-closed, since the connections would
only be cleaned up after ~5 minutes of TCP timeouts occurred. Setting this
config to a 30 second interval with a 20 second timeout ensures that at most,
it should take up to 50 seconds for a dead xds connection to be closed.
2023-10-24 08:05:31 -05:00
Semir Patel 96606d114c
resource: default peername to local in list endpoints (#19340) 2023-10-23 16:30:47 -05:00
Chris Hut ee2f046383
Upgrade Consul UI to Node 18 (#19252)
* Upgrading node to node 18

* Ensure we're on latest version of yarn as well

* add comma to make frontend tests run

* Use Node 18 Alpine image in UI build dockerfile

* delete package-lock.json

---------

Co-authored-by: wenincode <tyler.wendlandt@hashicorp.com>
Co-authored-by: Ella Cai <ella.y.cai@gmail.com>
Co-authored-by: Ella Cai <ella@hashicorp.com>
2023-10-23 12:29:04 -06:00
Ronald 62dec7ee17
Fixing docs to add more templated policies references (#19335) 2023-10-23 11:46:14 -04:00
Ronald fea35e61fa
More templated policies docs (#19312)
[NET-5327]More templated policies docs
2023-10-23 12:05:42 +00:00
Ronald 46804c061c
[NET-5327] Templated policies api/cli docs (#19270) 2023-10-23 11:41:24 +00:00
Iryna Shustava 809bf1deb8
mesh: ensure route configs are named uniquely per port (#19323) 2023-10-20 16:59:18 -06:00
Anita Akaeze 27f649c4ba
remove branch name causing conflicts (#19319) 2023-10-20 19:50:56 +00:00
Dhia Ayachi d5c9f11b59
Tenancy Bridge v2 (#19220)
* tenancy bridge v2 for v2 resources

* add missing copywrite headers
2023-10-20 14:49:54 -04:00
Anita Akaeze b962d91056
skip envoy version check in ci (#19315) 2023-10-20 18:09:31 +00:00
aahel 1280f45485
added ent to ce downgrade changes (#19311)
* added ent to ce downgrade changes

* added changelog

* added busl headers
2023-10-20 22:34:25 +05:30
Chris Thain b1871fd08c
Backout Envoy 1.28.0 (#19306) 2023-10-20 17:03:54 +00:00
Chris S. Kim 9d00b13140
Vault CA bugfixes (#19285)
* Re-add retry logic to Vault token renewal

* Fix goroutine leak

* Add test for detecting goroutine leak

* Add changelog

* Rename tests

* Add comment
2023-10-20 15:03:27 +00:00
Anita Akaeze 6ffcf28df0
enable verify envoy script (#19303) 2023-10-19 16:47:57 -07:00
Nitya Dhanushkodi def66ddf0e
mesh: provide missing domain to route configurations in ProxyStateTemplate (#19298)
* add empty domains

* update unit tests
2023-10-19 17:14:16 -04:00
Chris Thain 681aef31e9
Update supported Envoy versions (#19276) 2023-10-19 21:08:20 +00:00
Anita Akaeze ef27bc2fd6
NET-6239: Temporarily disable verify envoy check (#19299)
* skip verify envoy version

* cleanup
2023-10-19 13:24:17 -07:00
Iryna Shustava dfea3a0efe
acls,catalog,mesh: properly authorize workload selectors on writes (#19260)
To properly enforce writes on resources that have workload selectors with prefixes, we need another service authorization rule that allows us to check whether read is allowed within a given prefix. Specifically we need to only allow writes if the policy prefix allows for a wider set of names than the prefix selector on the resource. We should also not allow policies with exact names for prefix matches.

Part of [NET-3993]
2023-10-19 11:09:41 -06:00
trujillo-adam e5a49bf56f
reformatted the JSON schema server conf ref (#19288) 2023-10-19 08:24:17 -07:00
Poonam Jadhav 2bd38d8806
fix: allow snake case keys for ip based rate limit config entry (#19277)
* fix: allow snake case keys for ip based rate limit config entry

* chore: add changelog
2023-10-19 10:54:00 -04:00
Michael Zalimeni 5e517c5980
[NET-6221] Ensure LB policy set for locality-aware routing (CE) (#19283)
Ensure LB policy set for locality-aware routing (CE)

`overprovisioningFactor` should be overridden with the expected value
(100,000) when there are multiple endpoint groups. Update code and
tests to enforce this.

This is an Enterprise feature. This commit represents the CE portions of
the change; tests are added in the corresponding `consul-enterprise`
change.
2023-10-19 10:13:27 -04:00
cskh d52ee6a222
fix nightly integration test: envoy version and n-2 version (#19286) 2023-10-18 21:18:57 +00:00
Dan Stough a94c013c8d
build(docker): always publish full and minor version tags for dev images (#19278) 2023-10-18 19:39:52 +00:00
Eric Haberkorn f45be222bb
Prevent circular dependencies between v2 resources and generate a mermaid diagram with their dependencies (#19230) 2023-10-18 10:55:32 -04:00
David Yu 16f0a24ff5
docs: Fix multi-port install (#19262)
* Update configure.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-10-17 16:59:31 -07:00
Jeff Boruszak c4d6d4d307
docs: Multiport HCP constraint update (#19261)
* Add sentence

* link text adjustment
2023-10-17 16:35:17 -07:00
Nitya Dhanushkodi 51b58cd910
fix expose paths (#19257)
When testing adding http probes to apps, I ran into some issues which I fixed here:
- The listener should be listening on the exposed listener port, updated that.
- The listener and route names were pointing to the path of the exposed path. In my test, the path was "/" resulting in an empty string path. Also, the path may not be unique across exposed path listeners, so I decided to use the path+exposed port as the unique identifier.
2023-10-17 14:47:21 -07:00
Dan Stough 9b719e6dec
test: add 1.17 nightly integrations test (#19253) 2023-10-17 16:45:40 -04:00
Blake Covarrubias 9976e08505
docs: Fix example control-plane-request-limit HCL and JSON (#19105)
The control-plane-request-limit config entry does not support
specifying parameter names in snake case format.

This commit updates the HCL and JSON examples to use the supported
camel case key format.
2023-10-17 19:50:12 +00:00
Sophie Gairo 61bd08c8b9
Net 4893- Ensure we're testing all the latest versions of Vault/Nomad (#19119)
* NET-5592 - update Nomad integration testing

* NET-4893: Ensure we're testing all the latest versions of Vault/Nomad
2023-10-17 12:55:16 -05:00
John Maguire b78465b491
[NET-5810] CE changes for multiple virtual hosts (#19246)
CE changes for multiple virtual hosts
2023-10-17 15:08:04 +00:00
Chris Hut a6c990c6fe
Cc 5545: Upgrade HDS packages and modifiers (#19226)
* Upgrade @hashicorp/design-system-tokens to 1.9.0

* Upgrade @hashicorp/design-system-components to 1.8.1

* Upgrade @hashicorp/design-system-components and ember-in-viewport

* Explicitly install ember-modifier@4.1.0

* rename copy-button

* Fix how cleanup is done in with-copyable

* Update aria-menu modifier for new structure

* Update css-prop modifier to new structure

* Convert did-upsert to regular class modifier

* Update notification modifier for new structure

* Update on-oustside modifier for new structure

* Move destroy handler registration in with-copyable

* Update style modifier for new structure

* Update validate modifier for new structure

* Guard against setting on destroyed object

* Upgrade @hashicorp/design-system-components to 2.14.1

* Remove debugger

* Guard against null in aria-menu

* Fix undefined hash in validate addon

* Upgrade ember-on-resize-modifier

* Fix copy button import, missing import and array destructuring

---------

Co-authored-by: wenincode <tyler.wendlandt@hashicorp.com>
2023-10-17 07:27:42 -06:00
John Murret 9f4f99c626
NET-6097 - sidecar proxy controller - give name to first failover policy target (#19239) 2023-10-17 01:45:54 +00:00
Michael Zalimeni 8eb074e7c1
[NET-5944] security: Update Go version to 1.20.10 and `x/net` to 0.17.0 (#19225)
* Bump golang.org/x/net to 0.17.0

This resolves [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325)
/ [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487).

* Update Go version to 1.20.10

This resolves [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325)
/ [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)
(`net/http`).
2023-10-16 17:49:04 -04:00
Semir Patel 4c5a46e5e1
v2tenancy: rename v1alpha1 -> v2beta1 (#19227) 2023-10-16 21:43:47 +00:00
David Yu b81c8627db
Add reason why port 53 is not used by default (#19222)
* Update dns-configuration.mdx

* Update website/content/docs/services/discovery/dns-configuration.mdx

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2023-10-16 14:21:58 -07:00
Jeff Boruszak dcd593004e
docs: Multi-port corrections (#19224)
* typo fixes and instruction corrections

* typo

* link path correction
2023-10-16 13:52:30 -07:00
R.B. Boyer 6741392a4f
catalog: add FailoverPolicy ACL hook tenancy test (#19179) 2023-10-16 14:05:39 -05:00
R.B. Boyer df8ea430c6
mesh: add DestinationPolicy ACL hook tenancy tests (#19178)
Enhance the DestinationPolicy ACL hook tests to cover tenanted situations.
These tests will only execute in enterprise.
2023-10-16 13:44:24 -05:00
Semir Patel ad177698f7
resource: enforce lowercase v2 resource names (#19218) 2023-10-16 12:55:30 -05:00
R.B. Boyer 6c7d0759e4
mesh: add xRoute ACL hook tenancy tests (#19177)
Enhance the xRoute ACL hook tests to cover tenanted situations.
These tests will only execute in enterprise.
2023-10-16 12:18:56 -05:00
modrake 3716b69792
Relplat 897 copywrite bot workarounds (#19200)
Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
2023-10-16 08:53:31 -07:00
John Murret a7fbd00865
NET-5073 - ProxyConfiguration: implement various connection options (#19187)
* NET-5073 - ProxyConfiguration: implement various connection options

* PR feedback - LocalConnection and InboundConnection do not affect exposed routes. configure L7 route destinations. fix connection proto sequence numbers.

* add timeout to L7 Route Destinations
2023-10-14 13:54:08 +00:00
Iryna Shustava 105ebfdd00
catalog, mesh: implement missing ACL hooks (#19143)
This change adds ACL hooks to the remaining catalog and mesh resources, excluding any computed ones. Those will for now continue using the default operator:x permissions.

It refactors a lot of the common testing functions so that they can be re-used between resources.

There are also some types that we don't yet support (e.g. virtual IPs) that this change adds ACL hooks to for future-proofing.
2023-10-13 23:16:26 +00:00
Iryna Shustava 2ea33e9b86
mesh: add more validations to Destinations resource (#19202) 2023-10-13 16:52:20 -06:00
Iryna Shustava e94d6ceca6
mesh: add validation hook to proxy configuration (#19186) 2023-10-13 15:21:39 -06:00
Michael Zalimeni 9b0f4b7fc5
chore: update version and nightly CI for 1.17 (#19208)
Update version file to 1.18-dev, and replace 1.13 nightly test with
1.17.
2023-10-13 21:12:36 +00:00
Ashwin Venkatesh 3d1a606c3b
Clone proto into deepcopy correctly (#19204) 2023-10-13 16:41:22 -04:00
R.B. Boyer 20d1fb8c78
server: run the api checks against the path without params (#19205) 2023-10-13 15:32:06 -05:00
R.B. Boyer 99f7a1219e
catalog: add metadata filtering to refine workload selectors (#19198)
This implements the Filter field on pbcatalog.WorkloadSelector to be
a post-fetch in-memory filter using the https://github.com/hashicorp/go-bexpr
expression language to filter resources based on their envelope metadata fields.

All existing usages of WorkloadSelector should be able to make use of the filter.
2023-10-13 13:37:42 -05:00