Commit Graph

18549 Commits

Author SHA1 Message Date
Freddy a7f38384ae
Add SpiffeID for Consul server agents (#14485)
Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com>

By adding a SpiffeID for server agents, servers can now request a leaf
certificate from the Connect CA.

This new Spiffe ID has a key property: servers are identified by their
datacenter name and trust domain. All servers that share these
attributes will share a ServerURI.

The aim is to use these certificates to verify the server name of ANY
server in a Consul datacenter.
2022-09-06 17:58:13 -06:00
David Yu b800f7e175
docs: small typos in single dc k8s clusters (#14484)
* docs: small typos in single dc k8s clusters

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-09-06 16:55:09 -07:00
trujillo-adam 53ca423be6 fixed bad links in status/cluster endpoint ref 2022-09-06 16:13:28 -07:00
trujillo-adam 7bf5ec9b5f applied AJs feedback and made a few additional improvements 2022-09-06 16:00:09 -07:00
Daniel Upton 128055c44c proxycfg-glue: server-local implementation of IntentionUpstreamsDestination
This is the OSS portion of enterprise PR 2463.

Generalises the serverIntentionUpstreams type to support matching on a
service or destination.
2022-09-06 23:27:25 +01:00
Daniel Upton 4b76d8a8ff proxycfg-glue: server-local implementation of InternalServiceDump
This is the OSS portion of enterprise PR 2489.

This PR introduces a server-local implementation of the
proxycfg.InternalServiceDump interface that sources data from a blocking query
against the server's state store.

For simplicity, it only implements the subset of the Internal.ServiceDump RPC
handler actually used by proxycfg - as such the result type has been changed
to IndexedCheckServiceNodes to avoid confusion.
2022-09-06 23:27:25 +01:00
Daniel Upton 8cd6c9f95e proxycfg-glue: server-local implementation of ResolvedServiceConfig
This is the OSS portion of enterprise PR 2460.

Introduces a server-local implementation of the proxycfg.ResolvedServiceConfig
interface that sources data from a blocking query against the server's state
store.

It moves the service config resolution logic into the agent/configentry package
so that it can be used in both the RPC handler and data source.

I've also done a little re-arranging and adding comments to call out data
sources for which there is to be no server-local equivalent.
2022-09-06 23:27:25 +01:00
trujillo-adam 6520ee70b8 udpated how to ID the leader in the usage docs 2022-09-06 12:09:03 -07:00
trujillo-adam bf989ecc8b added no-HA API status error message to EMs page 2022-09-06 11:59:21 -07:00
trujillo-adam 030998b17f added cluster endpoint to status API docs 2022-09-06 11:55:07 -07:00
Daniel Upton 3664ac54a5 Make proto-public a Go module
Our original intention was for projects to consume and generate their
own Go code for these protobuf packages using Buf. While this is still
the best route for many projects, it causes some headaches when using
a library (e.g. consul-server-connection-manager) that pulls in the
same protobuf package as your project, as Go's protobuf implementation
only allows for a package/namespace to be registered once.

In such cases, projects can depend on this Go module instead, as a
single place where these protobuf packages are registered.
2022-09-06 19:30:17 +01:00
Derek Menteer b50bc443f3 Merge branch 'main' of github.com:hashicorp/consul into derekm/split-grpc-ports 2022-09-06 10:51:04 -05:00
Derek Menteer d771725a14 Add kv txn get-not-exists operation. 2022-09-06 10:28:59 -05:00
Tu Nguyen 76bd0b2d04 Merge branch 'main' of ssh://github.com/hashicorp/consul 2022-09-06 07:49:07 -07:00
Chris S. Kim 0148263780 PR feedback on terminated state checking 2022-09-06 10:28:20 -04:00
Chris S. Kim 9ad8bf67a5 Add testcase for parsing grpc_port 2022-09-06 10:17:44 -04:00
John Cowen 9780aba54a
ui: Add support for prefixing the API path (#14342) 2022-09-06 11:13:51 +01:00
John Cowen 9d555e538e
ui: Additionally use message for displaying errors in DataWriter (#14074) 2022-09-05 19:17:33 +01:00
Kyle Havlovitz a484a759c8
Merge pull request #14429 from hashicorp/ca-prune-intermediates
Prune old expired intermediate certs when appending a new one
2022-09-02 15:34:33 -07:00
David Yu 07c5d4247f
docs: Update single dc multiple k8s clusters doc (#14476)
Co-authored-by: Jona Apelbaum <jona@hashicorp.com>
2022-09-02 15:34:15 -07:00
cskh 4641a78d27
fix(txn api): missing proxy config in registering proxy service (#14471)
* fix(txn api): missing proxy config in registering proxy service
2022-09-02 14:28:05 -04:00
alex 8de0aefea4
lint net/rpc usage (#12816)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2022-09-02 09:56:40 -07:00
DanStough 098cd512b2 fix(api): OSS<->ENT exported service incompatibility 2022-09-02 12:07:02 -04:00
Chris S. Kim 9390d71cc5
Fix early return in prototest.AssertElementsMatch (#14467) 2022-09-02 11:57:28 -04:00
Chris S. Kim cd51b2f400 Properly assert for ServerAddresses replication request 2022-09-02 11:44:54 -04:00
Chris S. Kim 258c0a1bc1 Fix terminate not returning early 2022-09-02 11:44:38 -04:00
Kyle Schochenmaier 14994212c5
update helm docs for release 0.48.0 (#14459) 2022-09-01 17:21:27 -07:00
trujillo-adam 58233f616b
Docs cni plugin (#14009)
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2022-09-01 16:22:11 -07:00
David Yu 6b6b538607
docs: Consul K8s 0.48.0 release notes (#14414)
Co-authored-by: Thomas Eckert <teckert@hashicorp.com>
2022-09-01 16:21:36 -07:00
Derek Menteer cb478b0e61 Address PR comments. 2022-09-01 16:54:24 -05:00
Kyle Havlovitz 90fa16c8b5 Prune intermediates before appending new one 2022-09-01 14:24:30 -07:00
DanStough 1fe98bbe0b feat(cli): add initial peering cli commands 2022-09-01 17:20:13 -04:00
Luke Kysow 3cfea70273
Use proxy address for default check (#14433)
When a sidecar proxy is registered, a check is automatically added.
Previously, the address this check used was the underlying service's
address instead of the proxy's address, even though the check is testing
if the proxy is up.

This worked in most cases because the proxy ran on the same IP as the
underlying service but it's not guaranteed and so the proper default
address should be the proxy's address.
2022-09-01 14:03:35 -07:00
malizz c5cbd45b7d
fix TestProxyConfigEntry (#14435) 2022-09-01 11:37:47 -07:00
Kyle Schochenmaier b9f0241d93
[docs] update docs for kube-1.24 support (#14339)
* update docs for kube-1.24 support.
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2022-09-01 13:33:37 -05:00
John Cowen a4a4383aa8
ui: Adds a HCP home link when in HCP (#14417) 2022-09-01 18:26:12 +01:00
John Cowen fc6b2ccb00
ui: Use credentials for all HTTP API requests (#14343)
Adds withCredentials/credentials to all HTTP API requests.
2022-09-01 18:15:06 +01:00
David Yu fd8b367dc0
docs: minor changes to cluster peering k8s docs and typos (#14442)
* docs: minor changes to cluster peering k8s docs and typos
2022-09-01 10:10:32 -07:00
malizz ef5f697121
Add additional parameters to envoy passive health check config (#14238)
* draft commit

* add changelog, update test

* remove extra param

* fix test

* update type to account for nil value

* add test for custom passive health check

* update comments and tests

* update description in docs

* fix missing commas
2022-09-01 09:59:11 -07:00
Michael Klein 7547f7535f
ui: chore upgrade to ember-qunit v5 (#14430)
* Refactor remaining `moduleFor`-tests

`moduleFor*` will be removed from ember-qunit v5

* Upgrade ember-qunit to v5

* Update how we use ember-sinon-qunit

With ember-qunit v5 we need to use ember-sinon-qunit differently.

* Fix submit-blank test

We can't click on disabled buttons with new test-helpers.
We need to adapt the test accordingly.

* Make sure we await fill-in with form yaml step

We need to await `fill-in`. This changes the reducer
function in the step to create a proper await
chain.

* Fix show-routing test

We need to await a tick before visiting again.

* Remove redundant `wait one tick`-step

* remove unneeded "next Tick" promise from form step

* Increase timeout show-routing feature

* Comment on pause hack for show-routing test
2022-09-01 17:37:37 +02:00
Chris S. Kim 1a8b290086
Merge pull request #14439 from hashicorp/NET-795-fix-ui-services-endpoint-to-return-all-imported-services-for-a-partition
Add Internal.ServiceDump support for querying by PeerName
2022-09-01 11:06:35 -04:00
Chris S. Kim e70ba97e45 Add Internal.ServiceDump support for querying by PeerName 2022-09-01 10:32:59 -04:00
Chris S. Kim 7b338c8d00
Merge pull request #13998 from jorgemarey/f-new-tracing-envoy
Add new envoy tracing configuration
2022-09-01 08:57:23 -04:00
Derek Menteer ab9d421ba2 Change serf-tag references to field references. 2022-08-31 16:38:42 -05:00
Jorge Marey 2110f1d0ff Fix typo on documentation 2022-08-31 23:14:25 +02:00
Luke Kysow 095934116e
Suppress "unbound variable" error. (#14424)
Without this change, you'd see this error:

```
./run-tests.sh: line 49: LAMBDA_TESTS_ENABLED: unbound variable
./run-tests.sh: line 49: LAMBDA_TESTS_ENABLED: unbound variable
```
2022-08-31 13:06:35 -07:00
malizz ad30192499
validate args before deleting proxy defaults (#14290)
* validate args before deleting proxy defaults

* add changelog

* validate name when normalizing proxy defaults

* add test for proxyConfigEntry

* add comments
2022-08-31 13:03:38 -07:00
Kyle Havlovitz 66b05b1081 Add changelog note 2022-08-31 11:43:21 -07:00
Kyle Havlovitz c5370d52e9 Prune old expired intermediate certs when appending a new one 2022-08-31 11:41:58 -07:00
Jared Kirschner 7ccf92c66b
Merge pull request #14426 from hashicorp/docs/fix-node-lookup-by-removing-tag
docs: node lookups don't support filtering on tag
2022-08-31 14:04:55 -04:00