Commit Graph

14229 Commits

Author SHA1 Message Date
R.B. Boyer 600f61de91 dev: adding a make target to regenerate envoy golden files (#10158) 2021-04-30 16:27:50 +00:00
R.B. Boyer 145a83e436 connect: update supported envoy versions to 1.18.2, 1.17.2, 1.16.3, and 1.15.4 (#10101)
The only thing that needed fixing up pertained to this section of the 1.18.x release notes:

> grpc_stats: the default value for stats_for_all_methods is switched from true to false, in order to avoid possible memory exhaustion due to an untrusted downstream sending a large number of unique method names. The previous default value was deprecated in version 1.14.0. This only changes the behavior when the value is not set. The previous behavior can be used by setting the value to true. This behavior change by be overridden by setting runtime feature envoy.deprecated_features.grpc_stats_filter_enable_stats_for_all_methods_by_default.

For now to maintain status-quo I'm explicitly setting `stats_for_all_methods=true` in all versions to avoid relying upon the default.

Additionally the naming of the emitted metrics for these gRPC requests changed slightly so the integration test assertions for `case-grpc` needed adjusting.
2021-04-29 20:22:41 +00:00
R.B. Boyer df5e55fc50 xds: ensure that all envoyproxy/go-control-plane protobuf symbols are linked into the final binary (#10131)
This ensures that if someone does include some extension Consul does not currently make use of, that extension is actually usable. Without linking these envoy protobufs into the main binary it can't round trip the escape hatches to send them down to envoy.

Whenenver the go-control-plane library is upgraded next we just have to re-run 'make envoy-library'.
2021-04-29 19:58:58 +00:00
R.B. Boyer 6a39b47448 Support Incremental xDS mode (#9855)
This adds support for the Incremental xDS protocol when using xDS v3. This is best reviewed commit-by-commit and will not be squashed when merged.

Union of all commit messages follows to give an overarching summary:

xds: exclusively support incremental xDS when using xDS v3

Attempts to use SoTW via v3 will fail, much like attempts to use incremental via v2 will fail.
Work around a strange older envoy behavior involving empty CDS responses over incremental xDS.
xds: various cleanups and refactors that don't strictly concern the addition of incremental xDS support

Dissolve the connectionInfo struct in favor of per-connection ResourceGenerators instead.
Do a better job of ensuring the xds code uses a well configured logger that accurately describes the connected client.
xds: pull out checkStreamACLs method in advance of a later commit

xds: rewrite SoTW xDS protocol tests to use protobufs rather than hand-rolled json strings

In the test we very lightly reuse some of the more boring protobuf construction helper code that is also technically under test. The important thing of the protocol tests is testing the protocol. The actual inputs and outputs are largely already handled by the xds golden output tests now so these protocol tests don't have to do double-duty.

This also updates the SoTW protocol test to exclusively use xDS v2 which is the only variant of SoTW that will be supported in Consul 1.10.

xds: default xds.Server.AuthCheckFrequency at use-time instead of construction-time
2021-04-29 18:54:53 +00:00
Tara Tufano 368abd55f1 make h2ping changelog entry conform with changelog template (#10111)
LGTM!
2021-04-29 18:50:22 +00:00
Luigi Tagliamonte 9727c51d1c Improve doc: add note about address validation (#10123)
* Update website/content/docs/discovery/services.mdx with address field behavior.

Co-authored-by: Jono Sosulska <42216911+jsosulska@users.noreply.github.com>

Co-authored-by: Jono Sosulska <42216911+jsosulska@users.noreply.github.com>
2021-04-29 17:39:09 +00:00
Iryna Shustava f383452e87 Implement traffic redirection exclusion based on proxy config and user-provided values (#10134)
* Use proxy outbound port from TransparentProxyConfig if provided
* If -proxy-id is provided to the redirect-traffic command, exclude any listener ports
  from inbound traffic redirection. This includes envoy_prometheus_bind_addr,
  envoy_stats_bind_addr, and the ListenerPort from the Expose configuration.
* Allow users to provide additional inbound and outbound ports, outbound CIDRs
  and additional user IDs to be excluded from traffic redirection.
  This affects both the traffic-redirect command and the iptables SDK package.
2021-04-29 16:24:15 +00:00
John Cowen f79302d44a ui: Add a max height and scroll to the intention perm header lists (#10128) 2021-04-29 09:42:17 +00:00
Freddy 740613fcf1 Rename cluster config files to mesh as well (#10148) 2021-04-29 00:16:06 +00:00
Freddy c652580b5b Rename "cluster" config entry to "mesh" (#10127)
This config entry is being renamed primarily because in k8s the name
cluster could be confusing given that the config entry applies across
federated datacenters.

Additionally, this config entry will only apply to Consul as a service
mesh, so the more generic "cluster" name is not needed.
2021-04-28 22:14:03 +00:00
Jamie Finnigan d55c9fa0b3 remove Codecov from CI runs (#10145) 2021-04-28 22:09:55 +00:00
Daniel Nephin 798953f57d Merge pull request #10112 from hashicorp/dnephin/remove-streaming-from-cache
streaming: replace agent/cache with submatview.Store
2021-04-28 21:58:32 +00:00
Daniel Nephin 8cc2d3ec4f Merge pull request #10086 from hashicorp/dnephin/remove-goroutine-from-retry-run
sdk/retry: a few small debug improvements
2021-04-28 21:57:39 +00:00
John Cowen fed8b59b00 ui: Adds human formatting to nanosecond based session durations (#10062)
* ui: Adds human formatting to nanosecond based session durations
2021-04-28 11:14:09 +00:00
Zachary Shilton 9c905937b7 website: update readme (#10078)
* website: bump to latest nextjs-scripts prerelease

* website: run generate:readme to update readme blocks

* website: revert bump to nextjs-scripts, deferred
2021-04-26 16:39:16 +00:00
Matt Keeler 4a38e20e6f Add prometheus guage definitions for replication metrics. (#10109) 2021-04-23 21:06:17 +00:00
Matt Keeler d0495902c4
[Backport/1.10.x]: Backport #10073 (#10102)
* Merge pull request #10094 from hashicorp/update-fingerprint

updating fingerprint

* Add replication metrics (#10073)

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-04-23 16:16:37 -04:00
Paul Banks 54018da75f Fix panic bug in snapshot inspect (#10091)
* Fix panic bug in snapshot inspect

* Add changelog entry

* Update .changelog/10091.txt

* Undo bad GitHub UI merge

* Undo bad GitHub UI merge
2021-04-23 21:14:59 +01:00
Paul Banks 74c040498a CLI: Allow snapshot inspect to work on internal raft snapshots directly. (#10089)
* CLI: Add support for reading internal raft snapshots to snapshot inspect

* Add snapshot inspect test for raw state files

* Add changelog entry

* Update .changelog/10089.txt
2021-04-23 20:11:31 +00:00
Matt Keeler 9c20019e27 Update changelog and add telemetry docs (#10107) 2021-04-23 20:05:35 +00:00
R.B. Boyer faad1b5261 test: switch envoy integration tests to use pkill instead of ps+grep+awk+kill (#10097) 2021-04-23 18:24:07 +00:00
John Cowen 380d151201 ui: Vertically stack methods listing in the L7 intentions form (#10052)
* ui: Vertically stack methods listing in the L7 intentions form
2021-04-22 11:24:14 +00:00
John Cowen 3378e4b5ad ui: Add Admin Partition feature flag (#10051)
* ui: Add Admin Partition feature flag

This adds a `PartitionEnabled`/`CONSUL_PARTITIONS_ENABLED` feature flag
that can be set during production form the consul binary, or
additionally during development/testing via cookies.

* Add partitions bookmarklet and docs, and all eng docs from main README to the docs instead.

You probably already have the app running once you need these, and it reduces the amount of text/detail in the main README

* Add the env variable section back into the README with actual env vars
2021-04-22 11:23:11 +00:00
John Cowen d6667880d4 ui: Add information regarding Host header for ingress gateways (#10050)
* Add inline-code CSS component

* Add %inline-code to all the places where we need it

* Inject selected env variables into the translations file

* Add ingress gateway upstream 'host header' intro text

* Make sure we can use actual correct component casing for titles but still have nice consistent menu item casing in the side nav
2021-04-22 11:18:29 +00:00
Jeff Escalante 2ae163e467 add missing sentinel page to nav (#10082) 2021-04-21 16:55:52 +00:00
Daniel Nephin b26938e61e Merge pull request #9991 from hashicorp/dnephin/handle-raft-apply-errors
Handle FSM.Apply errors in raftApply
2021-04-20 18:01:14 +00:00
Mike Morris 169e7e35e0 Release v1.9.5 (#10063)
Co-authored-by: hashicorp-ci <hashicorp-ci@users.noreply.github.com>
2021-04-20 12:03:19 -04:00
Freddy 8314f17671 Disallow * as service-defaults name (#10069) 2021-04-19 20:23:41 +00:00
Sam Salisbury 1950aa7180 Merge pull request #10065 from hashicorp/ci/update-ssh-rw-key
ci: rotate the read/write SSH key fingerprint
2021-04-19 17:18:34 +00:00
Mike Morris 8a898814d0 website: add 1.10.0 beta callout (#10058) 2021-04-16 20:20:54 +00:00
Freddy 1de2694fe8 Add docs for transparent proxy mode and config (#10038)
Add docs for transparent proxy mode and config

Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Jeff Escalante <jescalan@users.noreply.github.com>
2021-04-16 19:50:41 +00:00
Iryna Shustava cba9642074 docs: update helm ref docs and connect docs (#10032)
All k8s connect-related docs now need to mention that we require a Kubernetes service
for all Connect services
2021-04-16 19:49:52 +00:00
hashicorp-ci 77957e1de7 Putting source back into Dev Mode 2021-04-16 02:49:46 +00:00
hashicorp-ci befde154c2
Release v1.10.0-beta1 2021-04-16 01:49:24 +00:00
hashicorp-ci c40609ae2c
update bindata_assetfs.go 2021-04-16 01:49:23 +00:00
Mike Morris 8db2b88e61 changelog: add unreleased entries for v1.10.0-beta1 2021-04-15 21:39:46 -04:00
Freddy a11ea6254e
Check for optionally prepended namespace in upstream assertion (#10049) 2021-04-15 18:31:28 -06:00
R.B. Boyer 70f1ba3a2b
fix test when run in enterprise (#10048) 2021-04-15 17:25:25 -05:00
Mike Morris f00d5e3a2a
ui: fix mismatched curly brace in mock-api (#10044)
* ui: fix mismatched curly brace in mock-api

* ui: add missing closing paren in mock-api
2021-04-15 18:24:52 -04:00
Freddy 928d3a6d30
Merge pull request #10046 from hashicorp/clone-panic
Don't panic on nil UpstreamConfiguration.Clone()
2021-04-15 15:58:16 -06:00
freddygv a0f3591aee Don't panic on nil UpstreamConfiguration.Clone() 2021-04-15 15:46:21 -06:00
Joel Watson b869067b76
Merge pull request #10043 from hashicorp/watsonian/update-upgrade-guide
docs: update upgrade guide to use 1.8.10
2021-04-15 16:44:46 -05:00
hashicorp-ci 131599bfab auto-updated agent/uiserver/bindata_assetfs.go from commit daf897f1a 2021-04-15 20:19:13 +00:00
Freddy daf897f1a9
Merge pull request #10002 from hashicorp/ui/feature/banners-and-labels-for-tproxy-changes 2021-04-15 14:14:20 -06:00
Freddy 3be304be16
Merge pull request #10016 from hashicorp/topology-update 2021-04-15 14:11:23 -06:00
freddygv dcd951d5be Add changelog entry 2021-04-15 13:58:28 -06:00
Freddy 439a7fce2d
Split Upstream.Identifier() so non-empty namespace is always prepended in ent (#10031) 2021-04-15 13:54:40 -06:00
R.B. Boyer 4db8b78854
connect: update centralized upstreams representation in service-defaults (#10015) 2021-04-15 14:21:44 -05:00
John Cowen f33feeeec4
ui: Never respond with empty gateway addresses (mock-api) (#10035)
We noticed that our mock API would sometimes respond with an empty array
of addresses - which resulted in an empty space in the gateway upstream
listing which looked as though it could be broken.

I checked with backend, and as this will never happen, I made the change
here also so the gateway upstream list is always fully populated with
addresses.
2021-04-15 19:18:37 +01:00
John Cowen 76b2122f38
ui: remove old nspace argument from the proxy instance repository (#10039)
The extra argument meant that the blocking query configuration wasn't
being read properly, and therefore the correct ?index wasn't being sent
with the request.
2021-04-15 19:18:07 +01:00