Commit Graph

17948 Commits

Author SHA1 Message Date
Michael Klein 07f30687d5
ui: Update peerings empty state copy (#13834) 2022-07-21 14:59:38 +01:00
Daniel Upton 3655802fdc proxycfg-glue: server-local implementation of `PeeredUpstreams`
This is the OSS portion of enterprise PR 2352.

It adds a server-local implementation of the proxycfg.PeeredUpstreams interface
based on a blocking query against the server's state store.

It also fixes an omission in the Virtual IP freeing logic where we were never
updating the max index (and therefore blocking queries against
VirtualIPsForAllImportedServices would not return on service deletion).
2022-07-21 13:51:59 +01:00
Krastin Krastev 8d4baafd84
Merge pull request #12592 from krastin/krastin/docs/sidecarservice-typo
docs: clean-up sidecar service expanded definition
2022-07-21 10:21:48 +02:00
Krastin Krastev 25b6148aa8 Merge branch 'main' into krastin/docs/sidecarservice-typo 2022-07-21 10:51:39 +03:00
Jared Kirschner e0d9f07c28
Merge pull request #13682 from hashicorp/docs/deemphasize-token-query-param
docs: suggest using token header, not query param
2022-07-20 19:22:53 -04:00
Luke Kysow c411e6b326
Add send mutex to protect against concurrent sends (#13805) 2022-07-20 15:48:18 -07:00
Jared Kirschner 443f4bc2a2 docs: suggest using token header, not query param 2022-07-20 15:16:27 -07:00
Jared Kirschner 281892ab7c
Merge pull request #13405 from hashicorp/jkirschner-hashicorp-patch-3
docs: correct Vault CA multiple namespace support
2022-07-20 17:52:32 -04:00
Kyle Havlovitz 0be7d923dc Cancel upstream watches when the discovery chain has been removed 2022-07-20 14:26:52 -07:00
Kyle Havlovitz 31318d7049 Fix duplicate Notify calls for discovery chains in ingress gateways 2022-07-20 14:25:20 -07:00
Luke Kysow 741c906b0d
Add heartbeat proto to peer stream (#13804) 2022-07-20 11:31:02 -07:00
Michael Klein cab88bcd1e
ui: no partition and peer in bucket-list at the same time (#13812)
* don't show partition / peer at the same time in bucket-list

* use bucket-list in intentions table

* add bucket-list tests

* Simplify bucket list - match old behavior

Refactor the bucket-list component to be easier to grok and match
how the old template based approach worked. I.e. do not surface
partition or namespace when it matches the passed nspace or partition
property.

* Update docs for bucket-list

* fix linting
2022-07-20 16:07:52 +01:00
John Cowen 6be4a0629a
ui: Add Peer Form (#13794) 2022-07-20 12:58:47 +01:00
John Cowen 854b5a93e7
ui: Peer token use form (#13792) 2022-07-20 12:38:39 +01:00
Evan Culver 4116537b83
connect: Add support for Envoy 1.23, remove 1.19 (#13807) 2022-07-19 14:51:04 -07:00
Paul Glass 77afe0e76e
Extract AWS auth implementation out of Consul (#13760) 2022-07-19 16:26:44 -05:00
Chris S. Kim 495936300e
Make envoy resources for inferred peered upstreams (#13758)
Peered upstreams has a separate loop in xds from discovery chain upstreams. This PR adds similar but slightly modified code to add filters for peered upstream listeners, clusters, and endpoints in the case of transparent proxy.
2022-07-19 14:56:28 -04:00
alex de5a991d8c
peering: refactor reconcile, cleanup (#13795)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-19 11:43:29 -07:00
Ranjandas eb4f479e7e
Update Single DC Multi K8S doc (#13278)
* Updated note with details of various K8S CNI options

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-19 09:45:41 -07:00
Luke Kysow bb943bc77c
makefile: give better error for tool installed by wrong package (#13797)
I had protoc-gen-go installed through `google.golang.org/protobuf` instead of
`github.com/golang/protobuf` and `make proto` was failing silently.
This change will ensure you get an error:

```
protoc-gen-go is already installed by module "google.golang.org/protobuf" but
should be installed by module "github.com/golang/protobuf".
Delete it and re-run to re-install.
```
2022-07-19 09:16:24 -07:00
Michael Klein dc84ea9f85
ui: chore - fix CI test-suite (#13799)
* fix linting issue

* Update datacenter selector page-object to not include separator.

* change non-valid li to div for singe dc name
2022-07-19 14:06:11 +01:00
Jared Kirschner 067272b53f
Merge pull request #13787 from hashicorp/fix-acl-read-token-self-expanded-panic
Fix panic on acl token read with -self and -expanded
2022-07-18 20:34:50 -04:00
Luke Kysow e8d965e56f
peerstream: set keepalive enforcement to 15s (#13796)
The client is set to send keepalive pings every 30s. The server
keepalive enforcement must be set to a number less than that,
otherwise it will disconnect clients for sending pings too often.
MinTime governs the minimum amount of time between pings.
2022-07-18 16:12:03 -07:00
Jared Kirschner 927033e672 Fix panic on acl token read with -self and -expanded 2022-07-18 15:52:05 -07:00
alex 7c0daeade8
fix leader annotation (#13786)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-18 10:34:59 -07:00
alex a9ae2ff4fa
peering: track exported services (#13784)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-18 10:20:04 -07:00
John Cowen d6dcef18c8
ui: Add peer token generation form (#13755)
* ui: Add peer token generation form
2022-07-18 17:39:52 +01:00
John Cowen 56446d540a
ui: Adds Peer initiation form (#13754) 2022-07-18 17:39:22 +01:00
John Cowen 24417d94ed
ui: Add a modal.opened property for inspecting whether the modal is open (#13723)
* ui: Add a modal.opened property for inspecting whether the modal is open

* merge isOpen setting into the exiting event handler

* Revert to multiple listeners, plus comment to explain

* Wrap close in an afterRender
2022-07-18 15:30:37 +01:00
Michael Klein cdf40a6ae6
ui: wan federation message dc-dropdown (#13753)
* Only display dc dropdown when more than one dc is available

* Add wan federation message to dc dropdown

* Add test for conditionally displaying dc dropdown

* Move single datacenter indicator into datacenter selector

* Add `DATACENTERS` seperator dc dropdown

* "fix" unnecessary margin-top in dc dropdown
2022-07-18 13:22:17 +01:00
Krastin Krastev 49ac06a51e docs: clean-up expanded service def 2022-07-18 13:45:59 +03:00
R.B. Boyer cd513aeead
peerstream: require a resource subscription to receive updates of that type (#13767)
This mimics xDS's discovery protocol where you must request a resource
explicitly for the exporting side to send those events to you.

As part of this I aligned the overall ResourceURL with the TypeURL that
gets embedded into the encoded protobuf Any construct. The
CheckServiceNodes is now wrapped in a better named "ExportedService"
struct now.
2022-07-15 15:03:40 -05:00
R.B. Boyer c737301093
peerstream: fix test assertions (#13780) 2022-07-15 14:43:24 -05:00
Luke Kysow 46381b1a7f
Add docs for peerStreamServer vs peeringServer. (#13781) 2022-07-15 12:23:05 -07:00
Luke Kysow ca3d7c964c
peerstream: dialer should reconnect when stream closes (#13745)
* peerstream: dialer should reconnect when stream closes

If the stream is closed unexpectedly (i.e. when we haven't received
a terminated message), the dialer should attempt to re-establish the
stream.

Previously, the `HandleStream` would return `nil` when the stream
was closed. The caller then assumed the stream was terminated on purpose
and so didn't reconnect when instead it was stopped unexpectedly and
the dialer should have attempted to reconnect.
2022-07-15 11:58:33 -07:00
R.B. Boyer 0678bf91a7
test: fix flaky test TestAPI_CatalogNodes (#13779) 2022-07-15 13:24:22 -05:00
R.B. Boyer bb4d4040fb
server: ensure peer replication can successfully use TLS over external gRPC (#13733)
Ensure that the peer stream replication rpc can successfully be used with TLS activated.

Also:

- If key material is configured for the gRPC port but HTTPS is not
  enabled now TLS will still be activated for the gRPC port.

- peerstream replication stream opened by the establishing-side will now
  ignore grpc.WithBlock so that TLS errors will bubble up instead of
  being awkwardly delayed or suppressed
2022-07-15 13:15:50 -05:00
alex adb5ffa1a6
peering: track imported services (#13718) 2022-07-15 10:20:43 -07:00
Evan Culver d523d005d9
Latest submodule versions (#13750) 2022-07-15 09:58:21 -07:00
alex b7043f7150
peering: add warning about AllowStaleRead (#13768) 2022-07-15 09:56:33 -07:00
John Murret 304d79b358
Made changes based on Adams suggestions (#13490)
* Made changes based on Adams suggestions

* updating list layout in systems integration guide.  updating wan federation docs.

* fixing env vars on systems integration page

* fixing h3 to h2 on enterprise license page

* Changed `The following steps will be performed` to `Complete the following steps`

* Replaced `These steps will be repeated for each datacenter` with `Repeat the following steps for each datacenter in the cluster`

* Emphasizing that kv2 secrets only need to be stored once.

* Move the sentence indicating where the vault path maps to the helm chart out of the -> Note callout

* remaining suggestions

* Removing store the secret in Vault from server-tls page

* Making the Bootstrapping the Server PKI Engine sections the same on server-tls and webhook-cert pages

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Updating VAULT_ADDR on systems-integration to get it out of the shell.

* Updating intro paragraph of Overview on systems-integration.mdx to what Adamsuggested.

* Putting the GKE, AKS, AKS info into tabs on the systems integration page.

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-15 10:35:42 -06:00
Matt Keeler 257f88d4df
Use Node Name for peering healthSnapshot instead of ID (#13773)
A Node ID is not a required field with Consul’s data model. Therefore we cannot reliably expect all uses to have it. However the node name is required and must be unique so its equally as good of a key for the internal healthSnapshot node tracking.
2022-07-15 10:51:38 -04:00
Matt Keeler 05b5e7e2ca
Enable partition support for peering establishment (#13772)
Prior to this the dialing side of the peering would only ever work within the default partition. This commit allows properly parsing the partition field out of the API struct request body, query param and header.
2022-07-15 10:07:07 -04:00
Michele Degges c4e45bc6c8
[CI-only] Support fossa scanning (#13694) 2022-07-14 13:02:13 -07:00
Dan Stough 49f3dadb8f feat: connect proxy xDS for destinations
Signed-off-by: Dhia Ayachi <dhia@hashicorp.com>
2022-07-14 15:27:02 -04:00
Michael Klein 74ccbc5706
ui: remove with-peers query param (#13756)
* Don't request nodes/services `with-peers` anymore

This will be automatic - no need for the query-param anymore.

* Return peering data based on feature flag mock-api services/nodes

* Update tests to reflect removed with-peers query-param

* setup cookie for turning peer feature flag on in mock-api in testing

* Add missing `S` for renamed PEERING feature-flag cookie
2022-07-14 19:32:53 +01:00
Daniel Upton 363d855e87 Changelog entry 2022-07-14 18:22:12 +01:00
Daniel Upton 3d74efa8ad proxycfg-glue: server-local implementation of `FederationStateListMeshGateways`
This is the OSS portion of enterprise PR 2265.

This PR provides a server-local implementation of the
proxycfg.FederationStateListMeshGateways interface based on blocking queries.
2022-07-14 18:22:12 +01:00
Daniel Upton ccc672013e proxycfg-glue: server-local implementation of `GatewayServices`
This is the OSS portion of enterprise PR 2259.

This PR provides a server-local implementation of the proxycfg.GatewayServices
interface based on blocking queries.
2022-07-14 18:22:12 +01:00
Daniel Upton 15a319dbfe proxycfg-glue: server-local implementation of `TrustBundle` and `TrustBundleList`
This is the OSS portion of enterprise PR 2250.

This PR provides server-local implementations of the proxycfg.TrustBundle and
proxycfg.TrustBundleList interfaces, based on local blocking queries.
2022-07-14 18:22:12 +01:00