Commit Graph

20506 Commits

Author SHA1 Message Date
David Yu 24d031d1ed
k8s: Update audit-logging docs to include K8s examples (#18721)
Update audit-logging.mdx
2023-09-10 11:10:28 -07:00
John Murret 3e78b4cf34
Prefix sidecar proxy test files with source and destination. (#18620)
* mesh-controller: handle L4 protocols for a proxy without upstreams

* sidecar-controller: Support explicit destinations for L4 protocols and single ports.

* This controller generates and saves ProxyStateTemplate for sidecar proxies.
* It currently supports single-port L4 ports only.
* It keeps a cache of all destinations to make it easier to compute and retrieve destinations.
* It will update the status of the pbmesh.Upstreams resource if anything is invalid.

* endpoints-controller: add workload identity to the service endpoints resource

* small fixes

* review comments

* Address PR comments

* sidecar-proxy controller: Add support for transparent proxy

This currently does not support inferring destinations from intentions.

* PR review comments

* mesh-controller: handle L4 protocols for a proxy without upstreams

* sidecar-controller: Support explicit destinations for L4 protocols and single ports.

* This controller generates and saves ProxyStateTemplate for sidecar proxies.
* It currently supports single-port L4 ports only.
* It keeps a cache of all destinations to make it easier to compute and retrieve destinations.
* It will update the status of the pbmesh.Upstreams resource if anything is invalid.

* endpoints-controller: add workload identity to the service endpoints resource

* small fixes

* review comments

* Make sure endpoint refs route to mesh port instead of an app port

* Address PR comments

* fixing copyright

* tidy imports

* sidecar-proxy controller: Add support for transparent proxy

This currently does not support inferring destinations from intentions.

* tidy imports

* add copyright headers

* Prefix sidecar proxy test files with source and destination.

* Update controller_test.go

---------

Co-authored-by: Iryna Shustava <iryna@hashicorp.com>
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: github-team-consul-core <github-team-consul-core@hashicorp.com>
2023-09-08 17:28:55 -06:00
Iryna Shustava 1557e1d6a3
sidecar-proxy controller: Add support for transparent proxy (NET-5069) (#18458)
This commit adds support for transparent proxy to the sidecar proxy controller. As we do not yet support inferring destinations from intentions, this assumes that all services in the cluster are destinations.
2023-09-08 16:18:01 -06:00
Nathan Coleman ed79c60e78
NET-5530 Generate deep-copy code (#18730)
* Generate deep-copy code

* Undo license header removal
2023-09-08 20:09:44 +00:00
Ronald 40d7ebc318
[NET-5330] Support templated policies in Binding rules (#18719)
* [NET-5330] Support templated policies in Binding rules

* changelog for templated policy support in binding rules
2023-09-08 14:39:09 -04:00
Semir Patel 576ffdf705
fix: emit consul version metric on a regular interval (#18724) 2023-09-08 13:09:07 -05:00
Nathan Coleman e5d26a13cd
NET-5530 Support response header modifiers on http-route config entry (#18646)
* Add response header filters to http-route config entry definitions

* Map response header filters from config entry when constructing route destination

* Support response header modifiers at the service level as well

* Update protobuf definitions

* Update existing unit tests

* Add response filters to route consolidation logic

* Make existing unit tests more robust

* Add missing docstring

* Add changelog entry

* Add response filter modifiers to existing integration test

* Add more robust testing for response header modifiers in the discovery chain

* Add more robust testing for request header modifiers in the discovery chain

* Modify test to verify that service filter modifiers take precedence over rule filter modifiers
2023-09-08 14:04:56 -04:00
Poonam Jadhav 235988b3bc
Net-2713/resource apply command (#18610)
* feat: implement apply command

* fix: resolve lint issues

* refactor: use fixed types

* fix: ci lint failures after main rebase
2023-09-08 12:20:14 -04:00
Jeremy Jacobson 876c662e36
[CC-6039] Update builtin policy descriptions (#18705) 2023-09-08 09:16:22 -07:00
Nick Irvine 3569d702d5
ENT port: test-integ/peering: peer through mesh gateway [NET-4609] (#18605)
Co-authored-by: Matt Keeler <mjkeeler7@gmail.com>
2023-09-08 12:04:56 -04:00
Iryna Shustava bbc2763b9f
Instantiate secure resource service client after the grpc server (#18712) 2023-09-08 09:48:49 -06:00
Melisa Griffin 9adb617695
Adds PassiveHealthCheck Fields to ServiceDefaults and IngressGateway (#18532)
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-09-08 10:02:04 -04:00
Ronald bbef879f85
[NET-5325] ACL templated policies support in tokens and roles (#18708)
* [NET-5325] ACL templated policies support in tokens and roles
- Add API support for creating tokens/roles with templated-policies
- Add CLI support for creating tokens/roles with templated-policies

* adding changelog
2023-09-08 12:45:24 +00:00
Ashesh Vidyut 993fe9a6a6
Using larger machine for Enterprise (#18713)
using 4x large for ent
2023-09-08 05:43:46 +00:00
Gerard Nguyen 56d6e54ac7
fix: NET-1521 show latest config in /v1/agent/self (#18681)
* fix: NET-1521 show latest config in /v1/agent/self
2023-09-08 09:47:31 +10:00
John Maguire 2e7d951086
Added changelog for jwt features (#18709) 2023-09-07 16:30:49 -04:00
John Maguire 2c244b6f42
[APIGW] NET-5017 JWT Cleanup/Status Conditions (#18700)
* Fixes issues in setting status

* Update golden files for changes to xds generation to not use deprecated
methods

* Fixed default for validation of JWT for route
2023-09-07 19:03:09 +00:00
R.B. Boyer acd9b3d1c4
test: update sidecarproxy/builder golden tests to use determinstic golden data (#18703) 2023-09-07 13:04:17 -05:00
Iryna Shustava 3c70e14713
sidecar-proxy controller: L4 controller with explicit upstreams (NET-3988) (#18352)
* This controller generates and saves ProxyStateTemplate for sidecar proxies.
* It currently supports single-port L4 ports only.
* It keeps a cache of all destinations to make it easier to compute and retrieve destinations.
* It will update the status of the pbmesh.Upstreams resource if anything is invalid.
* This commit also changes service endpoints to include workload identity. This made the implementation a bit easier as we don't need to look up as many workloads and instead rely on endpoints data.
2023-09-07 09:37:15 -06:00
trujillo-adam a17f4a0b89
Reformat proxy docs refresh (#18623)
* first commit; reformat PD conf entry

* updated proxies overview page

* added Deploy SM proxy usage and removed reg index

* moved sidecar proxy usage to main proxy folder

* recast sidecar reg page as Deploy sidecar services

* fix typos

* recast SM reg as conf reference- set the sidebar

* add redirects

* fix links

* add PD conf entry usage to appropro pages

* edits to proxy conf ref

* fix links on index page

* example command to write PD conf entry

* updated links to old SM proxy reg page

* updated links to sidecar service reg page

* tryna fix front matter issues

* Apply suggestions from code review

Co-authored-by: Ronald  <roncodingenthusiast@users.noreply.github.com>

* added paragraph about SM proxies to overivew

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-09-06 16:55:18 -07:00
Nick Irvine 373c7dc144
switch all client nodes in dc2 to dataplane [NET-4299] (#18608) 2023-09-06 23:46:34 +00:00
Iryna Shustava 4eb2197e82
dataplane: Allow getting bootstrap parameters when using V2 APIs (#18504)
This PR enables the GetEnvoyBootstrapParams endpoint to construct envoy bootstrap parameters from v2 catalog and mesh resources.

   * Make bootstrap request and response parameters less specific to services so that we can re-use them for workloads or service instances.
   * Remove ServiceKind from bootstrap params response. This value was unused previously and is not needed for V2.
   * Make access logs generation generic so that we can generate them using v1 or v2 resources.
2023-09-06 16:46:25 -06:00
Nick Irvine 80d72e71c1
restore common-topo peering integration tests, but nightly [NET-5476] (#18673) 2023-09-06 22:45:46 +00:00
Derek Menteer 56917eb4c9
Add support for querying tokens by service name. (#18667)
Add support for querying tokens by service name

The consul-k8s endpoints controller has a workflow where it fetches all tokens.
This is not performant for large clusters, where there may be a sizable number
of tokens. This commit attempts to alleviate that problem and introduces a new
way to query by the token's service name.
2023-09-06 10:52:45 -05:00
Dhia Ayachi ec507fe4a8
update guide to reflect tenancy and scope (#18687)
* update guide to reflect tenancy and scope

* Apply suggestions from code review

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>

* update ACLHooks signature

* Update docs/resources/guide.md

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>

---------

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>
2023-09-06 11:11:43 -04:00
Ashesh Vidyut 60b0485497
Removed nodename and status from consul snapshot save -append-filename command and using leader version in version (#18680)
* init

* fix tests

* fix tests lint

* fix api call inside dc

* updated doc

* address comments
2023-09-06 15:49:25 +05:30
Ashesh Vidyut ac27585dd4
Fix windows Ent runner (#18683)
* fix windows image for enterprise

* added quotesT
2023-09-06 15:23:09 +05:30
Phil Porada 7ea986783d
Add TCP+TLS Healthchecks (#18381)
* Begin adding TCPUseTLS

* More TCP with TLS plumbing

* Making forward progress

* Keep on adding TCP+TLS support for healthchecks

* Removed too many lines

* Unit tests for TCP+TLS

* Update tlsutil/config.go

Co-authored-by: Samantha <hello@entropy.cat>

* Working on the tcp+tls unit test

* Updated the runtime integration tests

* Progress

* Revert this file back to HEAD

* Remove debugging lines

* Implement TLS enabled TCP socket server and make a successful TCP+TLS healthcheck on it

* Update docs

* Update agent/agent_test.go

Co-authored-by: Samantha <hello@entropy.cat>

* Update website/content/docs/ecs/configuration-reference.mdx

Co-authored-by: Samantha <hello@entropy.cat>

* Update website/content/docs/ecs/configuration-reference.mdx

Co-authored-by: Samantha <hello@entropy.cat>

* Update agent/checks/check.go

Co-authored-by: Samantha <hello@entropy.cat>

* Address comments

* Remove extraneous bracket

* Update agent/agent_test.go

Co-authored-by: Samantha <hello@entropy.cat>

* Update agent/agent_test.go

Co-authored-by: Samantha <hello@entropy.cat>

* Update website/content/docs/ecs/configuration-reference.mdx

Co-authored-by: Samantha <hello@entropy.cat>

* Update the mockTLSServer

* Remove trailing newline

* Address comments

* Fix merge problem

* Add changelog entry

---------

Co-authored-by: Samantha <hello@entropy.cat>
2023-09-05 13:34:44 -07:00
Ashesh Vidyut 0c184042c5
change log for audit log (#18668)
* change log for audit log

* fix file name

* breaking change
2023-09-05 19:39:06 +00:00
wangxinyi7 df9d12a56a
Net 2714/xw cli read command (#18462)
enable `consul resource read` command in cli
2023-09-05 09:17:19 -07:00
Dan Stough ac867d67e8
test: fix snapshot save w/ append test for ENT (#18656) 2023-09-01 22:22:09 +00:00
Valeriia Ruban a2f3d1362a
feat: copy edits for built-in policy alert (#18655) 2023-09-01 13:58:03 -07:00
Dan Stough 22df51f18f
fix: add telemetry bind socket to proxyConfiguration proto (#18652) 2023-09-01 16:48:06 -04:00
Valeriia Ruban 99845ebb9d
fix: remove Intention test with latency to make consul-enterprise rep… (#18654)
fix: remove Intention test with latency to make consul-enterprise repo tests work
2023-09-01 13:44:44 -07:00
Derek Menteer 9915b47898
Add known issue notice for #18636. (#18650) 2023-09-01 15:30:52 -05:00
skpratt cd3bfc5508
remove stray FIPS file (#18651) 2023-09-01 15:12:10 -05:00
Valeriia Ruban 82c2281cef
feat: Change global-read-only policy to non editable (#18602) 2023-09-01 11:05:32 -07:00
Derek Menteer a698142325
Add extra logging for mesh health endpoints. (#18647) 2023-09-01 12:29:09 -05:00
Derek Menteer b56fbc7a62
[NET-4958] Fix issue where envoy endpoints would fail to populate after snapshot restore (#18636)
Fix issue where agentless endpoints would fail to populate after snapshot restore.

Fixes an issue that was introduced in #17775. This issue happens because
a long-lived pointer to the state store is held, which is unsafe to do.
Snapshot restorations will swap out this state store, meaning that the
proxycfg watches would break for agentless.
2023-09-01 10:18:10 -05:00
Semir Patel b96cff7436
resource: Require scope for resource registration (#18635) 2023-09-01 09:44:53 -05:00
Ashesh Vidyut 13eefbb840
Net 3181 consul gh issue 15709 allow log file naming like nomad - fix bug (#18631)
* fixes file name for consul

* added log file

* added tests for rename method

* append instead of trunc

* fix file truncate issue

* added changelog

* fix for build destros ci

* removed changelog

* solaris
2023-09-01 14:53:31 +05:30
Ashesh Vidyut 78e3cbe156
NET 1594 - Snapshot Agent Filename Should Include Consul Version / Datacenter (#18625)
* init

* tests added and few fixes

* revert arg message

* changelog added

* removed var declaration

* fix CI

* fix test

* added node name and status

* updated save.mdx

* added example

* fix tense

* fix description
2023-09-01 10:23:44 +05:30
Michael Zalimeni 699aa47416
fix: make UNSPECIFIED protocol pass validation (#18634)
We explicitly enumerate the allowed protocols in validation, so this
change is necessary to use the new enum value.

Also add tests for enum validators to ensure they stay aligned to
protos unless we explicitly want them to diverge.
2023-08-31 19:59:29 +00:00
Jared Kirschner 892ba52c56
docs: admin partition and DNS clarification (#18613) 2023-08-31 19:05:08 +00:00
John Maguire 9876923e23
Add the plumbing for APIGW JWT work (#18609)
* Add the plumbing for APIGW JWT work

* Remove unneeded import

* Add deep equal function for HTTPMatch

* Added plumbing for status conditions

* Remove unneeded comment

* Fix comments

* Add calls in xds listener for apigateway to setup listener jwt auth
2023-08-31 12:23:59 -04:00
Ashesh Vidyut d45c3c2755
NET-3181 - Allow log file naming like Nomad (#18617)
* fixes file name for consul

* added log file

* added tests for rename method
2023-08-31 21:51:09 +05:30
Curt Bushko f2ce472ae1
PLAT-1192 - Run CI on smaller instances (#18624)
Use smaller runners
2023-08-31 10:56:59 -04:00
Semir Patel 7b9e243297
resource: Allow nil tenancy (#18618) 2023-08-31 09:24:09 -05:00
Dhia Ayachi f8d77f027a
delete all v2 resources type when deleting a namespace (CE) (#18621)
* add namespace scope to ServiceV1Alpha1Type

* add CE portion of namespace deletion
2023-08-31 10:18:25 -04:00
John Murret 255aa158db
update comments and docs about running envoy integration tests with the ENVOY_VERSION set. (#18614)
update ENVOY_VERSION and documentation of it used in the bats envoy tests.

Co-authored-by: github-team-consul-core <github-team-consul-core@hashicorp.com>
2023-08-30 17:31:40 +00:00