16876 Commits

Author SHA1 Message Date
freddygv
5d882badcb Add changelog entry 2022-02-10 17:21:34 -07:00
freddygv
ceb52d649a Account for upstream targets in another DC.
Transparent proxies typically cannot dial upstreams in remote
datacenters. However, if their upstream configures a redirect to a
remote DC then the upstream targets will be in another datacenter.

In that sort of case we should use the WAN address for the passthrough.
2022-02-10 17:01:57 -07:00
freddygv
cbea3d203c Fix race of upstreams with same passthrough ip
Due to timing, a transparent proxy could have two upstreams to dial
directly with the same address.

For example:
- The orders service can dial upstreams shipping and payment directly.
- An instance of shipping at address 10.0.0.1 is deregistered.
- Payments is scaled up and scheduled to have address 10.0.0.1.
- The orders service receives the event for the new payments instance
before seeing the deregistration for the shipping instance. At this
point two upstreams have the same passthrough address and Envoy will
reject the listener configuration.

To disambiguate this commit considers the Raft index when storing
passthrough addresses. In the example above, 10.0.0.1 would only be
associated with the newer payments service instance.
2022-02-10 17:01:57 -07:00
freddygv
659ebc05a9 Ensure passthrough addresses get cleaned up
Transparent proxies can set up filter chains that allow direct
connections to upstream service instances. Services that can be dialed
directly are stored in the PassthroughUpstreams map of the proxycfg
snapshot.

Previously these addresses were not being cleaned up based on new
service health data. The list of addresses associated with an upstream
service would only ever grow.

As services scale up and down, eventually they will have instances
assigned to an IP that was previously assigned to a different service.
When IP addresses are duplicated across filter chain match rules the
listener config will be rejected by Envoy.

This commit updates the proxycfg snapshot management so that passthrough
addresses can get cleaned up when no longer associated with a given
upstream.

There is still the possibility of a race condition here where due to
timing an address is shared between multiple passthrough upstreams.
That concern is mitigated by #12195, but will be further addressed
in a follow-up.
2022-02-10 17:01:57 -07:00
Freddy
378a7258e3
Prevent xDS tight loop on cfg errors (#12195) 2022-02-10 15:37:36 -07:00
Jared Kirschner
ce478330f2
Merge pull request #12285 from hashicorp/readme-logo-dark-mode
Make README header look good in dark mode
2022-02-10 17:26:12 -05:00
Dhia Ayachi
4f0a71d7b4
fix race when starting a service while the agent serviceManager is … (#12302)
* fix race when starting a service while the agent `serviceManager` is stopping

* add changelog
2022-02-10 13:30:49 -05:00
Bryce Kalow
955ac1fc51
website: removes references to nextjs-scripts (#12299) 2022-02-10 11:07:41 -06:00
John Cowen
d49ee8e355
ui: Ensure proxy instance health is taken into account in Service Instance Listings (#12279)
We noticed that the Service Instance listing on both Node and Service views where not taking into account proxy instance health. This fixes that up so that the small health check information in each Service Instance row includes the proxy instances health checks when displaying Service Instance health (afterall if the proxy instance is unhealthy then so is the service instance that it should be proxying)

* Refactor Consul::InstanceChecks with docs

* Add to-hash helper, which will return an object keyed by a prop

* Stop using/relying on ember-data type things, just use a hash lookup

* For the moment add an equivalent "just give me proxies" model prop

* Start stitching things together, this one requires an extra HTTP request

..previously we weren't even requesting proxies instances here

* Finish up the stitching

* Document Consul::ServiceInstance::List while I'm here

* Fix up navigation mocks Name > Service
2022-02-10 15:28:26 +00:00
John Cowen
ed5204b6b5
ui: ShadowTemplate component (#12259) 2022-02-10 14:50:42 +00:00
Daniel Nephin
01784470f3
Merge pull request #12277 from hashicorp/dnephin/panic-in-service-register
catalog: initialize the refs map to prevent a nil panic
2022-02-09 19:48:22 -05:00
trujillo-adam
cb08988096 Refactored the ACL documentation 2022-02-09 16:07:49 -08:00
Daniel Nephin
82c264b2b3 config-entry: fix a panic when registering a service or ingress gateway 2022-02-09 18:49:48 -05:00
mrspanishviking
2c24924d5c
Merge pull request #12296 from hashicorp/admin-tutorial-add
adding new tutorial
2022-02-09 10:02:26 -07:00
Karl Cardenas
dc0525919c
adding new tutorial 2022-02-09 07:45:44 -07:00
mrspanishviking
0ef0dab8be
Merge pull request #12291 from hashicorp/mgw-improve
docs: update the wan mesh gateway page
2022-02-09 07:03:09 -07:00
John Cowen
b179f9fa91
ui: aria-menu modifier (#12262)
aria-menu modifier plus Menu component (#12266)
2022-02-09 09:47:45 +00:00
Evan Culver
1c71b407f6
Add stalebot policy for closing inactive PRs (#11286)
* Add stalebot policy for closing inactive issues and PRs

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2022-02-08 12:21:46 -08:00
John Cowen
69596a6433
ui: Disclosure Component (#12263) 2022-02-08 19:24:50 +00:00
Karl Cardenas
497e65426f
docs: updated per feedback 2022-02-08 11:02:36 -07:00
Karl Cardenas
52f1ed3c3b
docs: update the wan mesh gateway page 2022-02-08 10:25:27 -07:00
R.B. Boyer
89bd1f57b5
xds: allow only one outstanding delta request at a time (#12236)
Fixes #11876

This enforces that multiple xDS mutations are not issued on the same ADS connection at once, so that we can 100% control the order that they are applied. The original code made assumptions about the way multiple in-flight mutations were applied on the Envoy side that was incorrect.
2022-02-08 10:36:48 -06:00
mrspanishviking
d4f965e49d
Merge pull request #12282 from hashicorp/admin-fix
docs: updated admin partitions instructions
2022-02-08 07:19:50 -07:00
Jared Kirschner
d4d9b6e0e4 Adjust README header to work in light and dark modes 2022-02-07 16:46:46 -08:00
Jared Kirschner
e4b6487c8e Add Consul logomark (no text) asset 2022-02-07 16:46:46 -08:00
Daniel Nephin
e64e8d9d3b
Merge pull request #12283 from hashicorp/dnephin/fix-go-test-arm64
ci: fix arm64 build
2022-02-07 17:24:35 -05:00
Daniel Nephin
eede4a14ac ci: fix arm64 build
'make dev' is not enough, we need to move it into PATH as well.
2022-02-07 17:11:21 -05:00
mrspanishviking
4af649e1e7
Update website/content/docs/enterprise/admin-partitions.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-02-07 15:08:52 -07:00
Dylan Staley
519aff28e5
Merge pull request #12189 from hashicorp/ds.ie11-warning
website: display warning in IE 11
2022-02-07 13:59:27 -08:00
Karl Cardenas
0e19a1d7a0
skipping verification 2022-02-07 14:55:18 -07:00
Karl Cardenas
0415042d8a
more markdown styling fixes 2022-02-07 14:40:18 -07:00
Karl Cardenas
3afee272d4
git commit hooks are changing the markdown 2022-02-07 14:24:51 -07:00
Karl Cardenas
9e4039ab27
fixed markdown error 2022-02-07 14:20:23 -07:00
Daniel Nephin
8988807195
Merge pull request #11787 from odidev/arm64-testing
Add test jobs for arm64 in CircleCI
2022-02-07 16:19:54 -05:00
Daniel Nephin
7ec658b7ac
Merge pull request #12265 from hashicorp/dnephin/logging-in-tests
sdk: add TestLogLevel for setting log level in tests
2022-02-07 16:11:23 -05:00
Karl Cardenas
e7a94f87d6
updated admin partitions instructions 2022-02-07 13:59:10 -07:00
Michele Degges
862ca16301
Update security scanner (#12281) 2022-02-07 12:53:46 -08:00
Dylan Staley
a043e1835e feat: display warning in IE 11 2022-02-04 14:24:02 -08:00
Michele Degges
01e633ee79
Update docker image base to alpine:3.15 (#12276) 2022-02-04 13:56:39 -08:00
Michele Degges
ef46a66492
Adding proper targets to (Dockerfile #12097) 2022-02-04 12:47:51 -08:00
Michele Degges
d032fb52a2
Merge branch 'main' into fix-broken-dockerfile 2022-02-04 12:30:20 -08:00
claire labry
066cd06e2f
Merge pull request #12275 from hashicorp/fix-security-scan
Fix Security Scan
2022-02-04 15:23:52 -05:00
Claire Labry
12fc63d11c
clean up from testing 2022-02-04 14:59:30 -05:00
Claire Labry
092a27e84d
turning go modules to false due to jwt issue 2022-02-04 14:22:25 -05:00
Claire Labry
20e4f73649
reverting changes for the container + binary blocks 2022-02-04 14:05:28 -05:00
Daniel Nephin
437f769916 A test to reproduce the issue 2022-02-04 14:04:12 -05:00
claire labry
dc2a95e465
Merge pull request #11956 from hashicorp/enable-security-scan
Enable Security Scan for CRT
2022-02-04 13:13:24 -05:00
Daniel Nephin
74ee46e6f5
Merge pull request #12267 from hashicorp/dnephin/ca-relax-key-bit-validation
ca: change the PrivateKey type/bits validation
2022-02-04 12:44:08 -05:00
David Yu
bad0a6bfe3
docs: mention Consul API gateway in Ingress Controllers page (#12268)
* docs: mention Consul API gateway

* Remove Ambassador integration

* Update ingress-controllers.mdx

* Update website/content/docs/k8s/connect/ingress-controllers.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-02-04 09:23:55 -08:00
mrspanishviking
b09272f361
Merge pull request #11962 from hashicorp/what_service_mesh
docs: SEO improvements
2022-02-04 09:03:17 -07:00