freddygv
5bbc0cc615
Add ACL enforcement to peering endpoints
2022-07-25 09:34:29 -06:00
Kyle Havlovitz
75efc0649b
Remove excess debug log from ingress upstream shutdown
2022-07-22 17:29:38 -07:00
alex
b60ebc022e
peering: use ShouldDial to validate peer role ( #13823 )
...
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-22 15:56:25 -07:00
Luke Kysow
d21f793b74
peering: add config to enable/disable peering ( #13867 )
...
* peering: add config to enable/disable peering
Add config:
```
peering {
enabled = true
}
```
Defaults to true. When disabled:
1. All peering RPC endpoints will return an error
2. Leader won't start its peering establishment goroutines
3. Leader won't start its peering deletion goroutines
2022-07-22 15:20:21 -07:00
Kyle Havlovitz
3cbcfd4b13
Merge pull request #13847 from hashicorp/gateway-goroutine-leak
...
Fix goroutine leaks in proxycfg when using ingress gateway
2022-07-22 14:43:22 -07:00
Freddy
922592d6bb
[OSS] Add new peering ACL rule ( #13848 )
...
This commit adds a new ACL rule named "peering" to authorize
actions taken against peering-related endpoints.
The "peering" rule has several key properties:
- It is scoped to a partition, and MUST be defined in the default
namespace.
- Its access level must be "read', "write", or "deny".
- Granting an access level will apply to all peerings. This ACL rule
cannot be used to selective grant access to some peerings but not
others.
- If the peering rule is not specified, we fall back to the "operator"
rule and then the default ACL rule.
2022-07-22 14:42:23 -06:00
NicoletaPopoviciu
12858f4f90
docs: Updates k8s annotation docs ( #13809 )
...
* Updates k8s annotation docs
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2022-07-22 13:26:31 -07:00
Sarah Alsmiller
ed8b2fe19e
add redirects
2022-07-22 14:20:27 -05:00
alex
7bd55578cc
peering: emit exported services count metric ( #13811 )
...
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-22 12:05:08 -07:00
Matt Keeler
a253d7e49b
Rename some protobuf package names to be fqdn like ( #13861 )
...
These are used in various bits of the wire format (for gRPC) and internally with Go’s registry so we want to namespace things properly.
2022-07-22 14:59:34 -04:00
Thomas Eckert
9cb569b44e
Add options and examples to proxy read
2022-07-22 13:43:38 -04:00
Kyle Havlovitz
55b7eb6838
Add changelog note
2022-07-22 10:33:50 -07:00
A.J. Sanon
9f9ac78243
Add ECS audit logging docs ( #13729 )
2022-07-22 13:30:25 -04:00
Michael Klein
b8131704ea
Improve peered service empty downstreams message ( #13854 )
2022-07-22 19:28:13 +02:00
Thomas Eckert
a1ca68a632
Add descriptions to the subjects
2022-07-22 12:14:01 -04:00
sarahalsmiller
3ba839f288
Update website/content/docs/api-gateway/usage/basic-usage.mdx
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-22 09:45:00 -05:00
Daniel Upton
f018bd6e09
proxycfg-glue: server-local implementation of `ExportedPeeredServices`
...
This is the OSS portion of enterprise PR 2377.
Adds a server-local implementation of the proxycfg.ExportedPeeredServices
interface that sources data from a blocking query against the server's
state store.
2022-07-22 15:23:23 +01:00
Eric Haberkorn
e044343105
Add Cluster Peering Failover Support to Prepared Queries ( #13835 )
...
Add peering failover support to prepared queries
2022-07-22 09:14:43 -04:00
Sarah Alsmiller
ccd120725b
fix tabs
2022-07-21 17:38:57 -05:00
Sarah Alsmiller
e9c67f8cb7
fix tabs
2022-07-21 17:21:22 -05:00
Sarah Alsmiller
c76be552bc
fix tabs
2022-07-21 17:11:07 -05:00
Nitya Dhanushkodi
cbafabde16
update generate token endpoint to take external addresses ( #13844 )
...
Update generate token endpoint (rpc, http, and api module)
If ServerExternalAddresses are set, it will override any addresses gotten from the "consul" service, and be used in the token instead, and dialed by the dialer. This allows for setting up a load balancer for example, in front of the consul servers.
2022-07-21 14:56:11 -07:00
Sarah Alsmiller
0107e80bed
fix tabs
2022-07-21 16:54:03 -05:00
Thomas Eckert
a339080641
Add proxy list docs
2022-07-21 17:47:39 -04:00
Sarah Alsmiller
878c9091d8
erge branch 'sa-restructure-documentation' of github.com:hashicorp/consul into sa-restructure-documentation
2022-07-21 15:13:00 -05:00
Sarah Alsmiller
c2fdd172ae
add consul k8s install instructions
2022-07-21 15:12:49 -05:00
sarahalsmiller
41c6fcbfd5
Update website/content/docs/api-gateway/configuration/gatewayclassconfig.mdx
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:59:14 -05:00
Sarah Alsmiller
111877a86d
Merge branch 'sa-restructure-documentation' of github.com:hashicorp/consul into sa-restructure-documentation
2022-07-21 14:54:04 -05:00
Sarah Alsmiller
1b32cba878
merge back in mike's environment doc in install
2022-07-21 14:53:55 -05:00
sarahalsmiller
ccee2fd834
Update website/content/docs/api-gateway/configuration/gateway.mdx
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:55 -05:00
sarahalsmiller
6e92dbb6cf
Update website/content/docs/api-gateway/configuration/gateway.mdx
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:47 -05:00
sarahalsmiller
e860f368fd
Update website/content/docs/api-gateway/configuration/gateway.mdx
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:34 -05:00
sarahalsmiller
711bc7724b
Update website/content/docs/api-gateway/configuration/gateway.mdx
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:25 -05:00
alex
275eea2599
Merge pull request #13845 from hashicorp/acpana/peering-rename-oss
...
[SYNC] Rename peering internal to ~
2022-07-21 11:20:38 -07:00
acpana
b847f656a8
Rename peering internal to ~
...
sync ENT to 5679392c81
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-21 10:51:05 -07:00
Luke Kysow
ba7f3fbebc
peering: Add heartbeating to peering streams ( #13806 )
...
* Add heartbeating to peering streams
2022-07-21 10:03:27 -07:00
Chris Thain
00f9dc2a70
Add Consul Lambda integration tests ( #13770 )
2022-07-21 09:54:56 -07:00
John Cowen
2875cbe856
ui: Change initiate > establish for peering the modal tab ( #13839 )
2022-07-21 17:39:15 +01:00
John Cowen
83d2204c7c
ui: Allow searching for peerings by ID ( #13837 )
2022-07-21 17:38:57 +01:00
John Cowen
a7b8f7738b
ui: Remove peering detail page ( #13836 )
...
* ui: Remove links to the peering detail page
* 404 everything
2022-07-21 17:38:10 +01:00
Michael Klein
fdddf7af48
ui: peered services only show instance- and tags-tabs ( #13840 )
...
* Only show instances- and tags-tab peered services
* Adapt show-with-slashes test to peering changes
Tests always have the peering feature turned on and the default service
we load from the mock-api will be peered. This is why the topology
view of the service.show page will not be accessible in the updated
test it will show the instances instead. This change does not change
what the test is actually testing so just putting changing to the now
different url is fine.
2022-07-21 16:09:54 +01:00
Michael Klein
7863a00e2c
ui: Surface peer info in nodes.show view ( #13832 )
2022-07-21 15:35:54 +01:00
Michael Klein
1475ec0349
ui: Update peerings empty state copy ( #13834 )
2022-07-21 14:59:38 +01:00
Daniel Upton
e3bff8fb39
proxycfg-glue: server-local implementation of `PeeredUpstreams`
...
This is the OSS portion of enterprise PR 2352.
It adds a server-local implementation of the proxycfg.PeeredUpstreams interface
based on a blocking query against the server's state store.
It also fixes an omission in the Virtual IP freeing logic where we were never
updating the max index (and therefore blocking queries against
VirtualIPsForAllImportedServices would not return on service deletion).
2022-07-21 13:51:59 +01:00
Krastin Krastev
1baf4d13d6
Merge pull request #12592 from krastin/krastin/docs/sidecarservice-typo
...
docs: clean-up sidecar service expanded definition
2022-07-21 10:21:48 +02:00
Krastin Krastev
7f2eea5be3
Merge branch 'main' into krastin/docs/sidecarservice-typo
2022-07-21 10:51:39 +03:00
Jared Kirschner
706e0def2e
Merge pull request #13682 from hashicorp/docs/deemphasize-token-query-param
...
docs: suggest using token header, not query param
2022-07-20 19:22:53 -04:00
Luke Kysow
4cec3bd9db
Add send mutex to protect against concurrent sends ( #13805 )
2022-07-20 15:48:18 -07:00
Jared Kirschner
7a58a4df96
docs: suggest using token header, not query param
2022-07-20 15:16:27 -07:00
Jared Kirschner
53ab2bd9d2
Merge pull request #13405 from hashicorp/jkirschner-hashicorp-patch-3
...
docs: correct Vault CA multiple namespace support
2022-07-20 17:52:32 -04:00