Commit Graph

11406 Commits

Author SHA1 Message Date
Preetha Appan c32de785a0 Add Beta super script to page title
also moves version availability to below feature title
2020-05-11 14:59:17 -05:00
Preetha Appan a4ec82102e Add beta superscript to docs title for wan federation over mesh gateways 2020-05-08 18:25:41 -05:00
Preetha Appan cf56325196 Redo PR #7430 for new website
Still has todos and diagrams to be added
2020-05-08 18:07:45 -05:00
Daniel Nephin c4ad84302d
Merge pull request #7713 from hashicorp/dnephin/connect-proxy-passive-healthcheck
xds: Add passive health check config for upstreams (aka envoy outlier detection)
2020-05-08 15:48:50 -04:00
Daniel Nephin 5655d7f34e Add outlier_detection check to integration test
Fix decoding of time.Duration types.
2020-05-08 14:56:57 -04:00
Daniel Nephin eaa05d623a xds: Add passive health check config for upstreams 2020-05-08 14:56:57 -04:00
Chris Piraino 429d0cedd2
Restoring config entries updates the gateway-services table (#7811)
- Adds a new validateConfigEntryEnterprise function
- Also fixes some state store tests that were failing in enterprise
2020-05-08 13:24:33 -05:00
Freddy c32a4f1ece
Fix up enterprise compatibility for gateways (#7813) 2020-05-08 09:44:34 -06:00
Jono Sosulska 9b363e9f23
Fix spelling of deregister (#7804) 2020-05-08 10:03:45 -04:00
Denislav Denov f04966d69c
Merge pull request #7815 from hashicorp/denislavdenov-patch-1
Update license.mdx
2020-05-08 16:04:39 +03:00
Denislav Denov 6cb782708f
Update website/pages/docs/commands/license.mdx
Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com>
2020-05-08 15:51:52 +03:00
Denislav Denov 2b39b21f0f
Update license.mdx
Hello team,

I noticed that the reset part of the consul license command was missing in the documentation so I added it and created this PR.
2020-05-08 11:13:41 +03:00
R.B. Boyer 82379779a2
cli: oss refactors to support making the auth method CLI aware of namespace rules in enterprise (#7812) 2020-05-07 17:08:42 -05:00
Chris Piraino f55e20a2f7
Allow ingress gateways to send empty clusters, routes, and listeners (#7795)
This is useful when updating an config entry with no services, and the
expected behavior is that envoy closes all listeners and clusters.

We also allow empty routes because ingress gateways name route
configurations based on the port of the listener, so it is important we
remove any stale routes. Then, if a new listener with an old port is
added, we will not have to deal with stale routes hanging around routing
to the wrong place.

Endpoints are associated with clusters, and thus by deleting the
clusters we don't have to care about sending empty endpoint responses.
2020-05-07 16:19:25 -05:00
Jeff Escalante f0df674e07 add alert banner to website 2020-05-06 20:06:39 -04:00
Chris Piraino 5105bf3d67
Require individual services in ingress entry to match protocols (#7774)
We require any non-wildcard services to match the protocol defined in
the listener on write, so that we can maintain a consistent experience
through ingress gateways. This also helps guard against accidental
misconfiguration by a user.

- Update tests that require an updated protocol for ingress gateways
2020-05-06 16:09:24 -05:00
Freddy b069887b2a
Remove timeout and call to Fatal from goroutine (#7797) 2020-05-06 14:33:17 -06:00
R.B. Boyer 59b03b18d0 update changelog 2020-05-06 15:32:27 -05:00
R.B. Boyer 56ea112908
test: make auth method cli crud test work in both oss and ent (#7800) 2020-05-06 15:16:50 -05:00
R.B. Boyer db870ba92b
test: make auth method cli crud test helper ignore the default namespace (#7799) 2020-05-06 15:09:47 -05:00
Chris Piraino 01e89f03ea
Merge pull request #7678 from hashicorp/ingress/host-header-routing
Allow ingress gateways to route traffic based on Host header
2020-05-06 15:07:36 -05:00
Chris Piraino 905279f5d1 A proxy-default config entry only exists in the default namespace 2020-05-06 15:06:14 -05:00
Chris Piraino d498a0afc9 Correctly set a namespace label in the required domain for xds routes
If an upstream is not in the default namespace, we expect DNS requests
to be served over "<service-name>.ingress.<namespace>.*"
2020-05-06 15:06:14 -05:00
Chris Piraino 114a18e890 Remove outdated comment 2020-05-06 15:06:14 -05:00
Chris Piraino d8517bd6fd Better document wildcard specifier interactions 2020-05-06 15:06:14 -05:00
Chris Piraino 45e635286a Re-add comment on connect-proxy virtual hosts 2020-05-06 15:06:14 -05:00
Kyle Havlovitz f9672f9bf1 Make sure IngressHosts isn't parsed during JSON decode 2020-05-06 15:06:14 -05:00
Chris Piraino c44f877758 Comment why it is ok to expect upstreams slice to not be empty 2020-05-06 15:06:13 -05:00
Chris Piraino 881760f701 xds: Use only the port number as the configured route name
This removes duplication of protocol from the stats_prefix
2020-05-06 15:06:13 -05:00
Kyle Havlovitz 89e6b16815 Filter wildcard gateway services to match listener protocol
This now requires some type of protocol setting in ingress gateway tests
to ensure the services are not filtered out.

- small refactor to add a max(x, y) function
- Use internal configEntryTxn function and add MaxUint64 to lib
2020-05-06 15:06:13 -05:00
Chris Piraino f40833d094 Allow Hosts field to be set on an ingress config entry
- Validate that this cannot be set on a 'tcp' listener nor on a wildcard
service.
- Add Hosts field to api and test in consul config write CLI
- xds: Configure envoy with user-provided hosts from ingress gateways
2020-05-06 15:06:13 -05:00
Chris Piraino b73a13fc9e Remove service_subset field from ingress config entry
We decided that this was not a useful MVP feature, and just added
unnecessary complexity
2020-05-06 15:06:13 -05:00
Kyle Havlovitz 711d1389aa Support multiple listeners referencing the same service in gateway definitions 2020-05-06 15:06:13 -05:00
Kyle Havlovitz 247f9eaf13 Allow ingress gateways to route traffic based on Host header
This commit adds the necessary changes to allow an ingress gateway to
route traffic from a single defined port to multiple different upstream
services in the Consul mesh.

To do this, we now require all HTTP requests coming into the ingress
gateway to specify a Host header that matches "<service-name>.*" in
order to correctly route traffic to the correct service.

- Differentiate multiple listener's route names by port
- Adds a case in xds for allowing default discovery chains to create a
  route configuration when on an ingress gateway. This allows default
  services to easily use host header routing
- ingress-gateways have a single route config for each listener
  that utilizes domain matching to route to different services.
2020-05-06 15:06:13 -05:00
R.B. Boyer a854e4d9c5
acl: oss plumbing to support auth method namespace rules in enterprise (#7794)
This includes website docs updates.
2020-05-06 13:48:04 -05:00
Preetha 760368bf1b
Merge pull request #7792 from hashicorp/changelog-fixup
Remove duplicated entries in CHANGELOG.md
2020-05-06 13:31:03 -05:00
Preetha 1d5f2fe9b0
Remove duplicated entries in CHANGELOG.md
Remove some duplicated entries in the unreleased section of the changelog that were released in  1.7.3
2020-05-06 08:56:41 -05:00
Hans Hasselberg 1d5f12e823
Update CHANGELOG.md 2020-05-06 01:38:59 +02:00
Luke Kysow c33a241438
Merge pull request #7724 from hashicorp/helm-repo
Update k8s instructions for new helm repo
2020-05-05 16:17:53 -07:00
R.B. Boyer 3242d0816d
test: make the kube auth method test helper use freeport (#7788) 2020-05-05 16:55:21 -05:00
Hans Hasselberg aa121bc8d2
segments: oss changes for enterprise network area changes (#7786)
OSS code changes for network segments
2020-05-05 21:41:19 +02:00
Hans Hasselberg 096a2f2f02 network_segments: stop advertising segment tags 2020-05-05 21:32:05 +02:00
Hans Hasselberg 995a24b8e4 agent: refactor to use a single addrFn 2020-05-05 21:08:10 +02:00
Hans Hasselberg 6994c0d47f agent: rename local/global to src/dst 2020-05-05 21:07:34 +02:00
Chris Piraino 7361e11bc5
Update CHANGELOG.md 2020-05-05 10:56:50 -05:00
Chris Piraino 69b44fb942
Construct a default destination if one does not exist for service-router (#7783) 2020-05-05 10:49:50 -05:00
Matt Keeler 9eafa36fa9
Update CHANGELOG.md 2020-05-05 09:56:56 -04:00
Matt Keeler 50c2297aaa
Update CHANGELOG.md 2020-05-05 09:53:46 -04:00
Mike Morris 291e6af33a
vendor: revert golang.org/x/sys bump to avoid FreeBSD regression (#7780) 2020-05-05 09:26:17 +02:00
Iryna Shustava 543568fd9a
docs: add Helm docs for external servers and bootstrapToken (#7725) 2020-05-04 18:09:59 -07:00