Commit graph

19069 commits

Author SHA1 Message Date
freddygv 6ef8d329d2 Require Connect and TLS to generate peering tokens
By requiring Connect and a gRPC TLS listener we can automatically
configure TLS for all peering control-plane traffic.
2022-10-07 09:06:29 -06:00
freddygv a21e5799f7 Use internal server certificate for peering TLS
A previous commit introduced an internally-managed server certificate
to use for peering-related purposes.

Now the peering token has been updated to match that behavior:
- The server name matches the structure of the server cert
- The CA PEMs correspond to the Connect CA

Note that if Conect is disabled, and by extension the Connect CA, we
fall back to the previous behavior of returning the manually configured
certs and local server SNI.

Several tests were updated to use the gRPC TLS port since they enable
Connect by default. This means that the peering token will embed the
Connect CA, and the dialer will expect a TLS listener.
2022-10-07 09:05:32 -06:00
freddygv 1c696922fe Simplify mgw watch mgmt 2022-10-07 08:54:37 -06:00
freddygv b67d001b2c Use existing query options to build ctx 2022-10-07 08:46:53 -06:00
DanStough df94470e76 feat: xDS updates for peerings control plane through mesh gw 2022-10-07 08:46:42 -06:00
Tyler Wendlandt 11fe7dc8c5
ui: Remove node name from agentless service instance (#14903)
* [NET-949]: Remove node name from agentless instance

* Add changelog entry
2022-10-07 04:01:34 -06:00
Tim Rosenblatt 9335a5e2e1
Fixes broken URLs in Dataplane docs (#14910) 2022-10-06 19:23:02 -07:00
Jared Kirschner 4ad6e435b8
Merge pull request #14898 from hashicorp/docs/new-vault-connect-ca-permissions-needed
docs: vault ca provider patch upgrade guidance
2022-10-06 19:11:50 -04:00
Jared Kirschner 4ffa54d8b7 docs: vault ca provider patch upgrade guidance 2022-10-06 16:04:43 -07:00
HashiBot 68bc1bc559
website: upgrade next version (#14906)
Co-authored-by: Bryce Kalow <bkalow@hashicorp.com>
2022-10-06 14:15:47 -05:00
Tyler Wendlandt d64b9d9722
ui: Update empty-state copy throughout app (#14721)
* Update empty-state copy throughout app

Update empty-states throughout the app to only include mentions of ACLs if the user has ACLs enabled.

* Update peers empty state copy
Flip the empty state copy logic for peers. Small typo fixes on other empty states.

* Update Node empty state with docs

* Update intentions empty state
Make ACL copy dependent on if acls are enabled.

* Update Nodes empty state learn copy

* Fix binding rule copy key
2022-10-06 11:01:49 -06:00
Michael Klein 4df01dd6a1
ui: Setup Hashicorp Design System for usage in consul-ui (#14394)
* Use postcss instead of ember-cli-sass

This will make it possible to work with tailwindcss.

* configure postcss to compile sass
* add "sub-app" css into app/styles tree

* pin node@14 via volta

Only used by people that use volta

* Install tailwind and autoprefixer

* Create tailwind config

* Use tailwind via postcss

* Fix: tailwind changes current styling

When adding tailwind to the bottom of app.scss we apparently
change the way the application looks. We will import
it first to make sure we don't change the current styling
of the application right now.

* Automatic import of HDS colors in tailwind

* Install @hashicorp/design-system-components

* install add-on
* setup postcss scss pipeline to include tokens css
* import add-on css

* Install ember-auto-import v2

HDS depends on v2 of ember-auto-import so we need to upgrade.

* Upgrade ember-cli-yadda

v0.6.0 of ember-cli-yadda adds configuration for webpack.
This configuration is incompatible with webpack v5
which ember-auto-import v2 is using.
We need to upgrade ember-cli-yadda to the latest
version that fixes this incompatability with auto-import v2

* Install ember-flight-icons

HDS components are using the addon internally.

* Document HDS usage in engineering docs

* Upgrade ember-cli-api-double

* fix new linting errors
2022-10-06 17:17:20 +02:00
Eric Haberkorn 2f08fab317
Make the mesh gateway changes to allow local mode for cluster peering data plane traffic (#14817)
Make the mesh gateway changes to allow `local` mode for cluster peering data plane traffic
2022-10-06 09:54:14 -04:00
cskh 53ff317b01
fix: missing UDP field in checkType (#14885)
* fix: missing UDP field in checkType

* Add changelog

* Update doc
2022-10-05 15:57:21 -04:00
Derek Menteer fbee1272e7
Fix explicit tproxy listeners with discovery chains. (#14751)
Fix explicit tproxy listeners with discovery chains.
2022-10-05 14:38:25 -05:00
Tyler Wendlandt 734be3fa11
ui: Wrap service names on show and instance routes (#14771)
* Wrap service names on show and instance routes
Moves the trailing type/kind/actions to the second row of the header
no matter what length the service name is. Wraps service name text.

* Change grid format of AppView globally

* Add tooltips to the last element of breadcrumbs
2022-10-05 13:21:34 -06:00
Matt Keeler bca6f8ae4a
Add changelog entry for #12890 2022-10-05 13:35:07 -04:00
Alex Oskotsky 4d9309327f
Add the ability to retry on reset connection to service-routers (#12890) 2022-10-05 13:06:44 -04:00
Tu Nguyen 71a4c5cce4
fix broken links (#14892) 2022-10-05 09:54:49 -07:00
cskh 2a4d420c96
fix(api): missing peer name in query option (#14835) 2022-10-05 10:04:08 -04:00
Michael Klein 1f62594deb
Allow managed-runtime badge to be dynamic (#14853) 2022-10-05 11:48:03 +02:00
Nathan Coleman 4f4ad4ce2f
Merge pull request #14880 from hashicorp/nathancoleman-patch-1
Update CAPIGW comparison docs
2022-10-04 20:14:23 -04:00
Ashlee M Boyer 16dca09a62
Merge pull request #14878 from hashicorp/docs/amb.fix-broken-links
[docs] Fix broken Learn link
2022-10-04 19:11:06 -05:00
Ashlee Boyer dbcbebdb5d empty commit 2022-10-04 20:09:33 -04:00
John Murret 08203ace4a
Upgrade serf to v0.10.1 and memberlist to v0.5.0 to get memberlist size metrics and broadcast queue depth metric (#14873)
* updating to serf v0.10.1 and memberlist v0.5.0 to get memberlist size metrics and memberlist broadcast queue depth metric

* update changelog

* update changelog

* correcting changelog

* adding "QueueCheckInterval" for memberlist to test

* updating integration test containers to grab latest api
2022-10-04 17:51:37 -06:00
Nathan Coleman a93b1b510c
Update website/content/docs/consul-vs-other/api-gateway-compare.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-10-04 19:41:16 -04:00
Nathan Coleman 5bdfbf2c21
Update website/content/docs/consul-vs-other/api-gateway-compare.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2022-10-04 18:05:03 -04:00
Nathan Coleman 7ac4fca0b9
Use consistent casing for "Consul API Gateway" vs. "API gateway" 2022-10-04 17:35:58 -04:00
Nathan Coleman 94963f90b6
Update documentation link to improve readability 2022-10-04 17:34:32 -04:00
Ashlee Boyer 0a6ad4169f Empty-Commit 2022-10-04 16:39:56 -04:00
Evan Culver 42423ffce2
connect: Bump Envoy 1.20 to 1.20.7, 1.21 to 1.21.5 and 1.22 to 1.22.5 (#14831) 2022-10-04 13:15:01 -07:00
Paul Glass d54966effc
docs: Consul Dataplane Version Compatibility (#14710)
Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2022-10-04 15:02:28 -05:00
Kyle Schochenmaier 25c0d6951b
update helm docs for consul-k8s 1.0.0-beta1 (#14875) 2022-10-04 12:59:53 -07:00
Derek Menteer 77d640c322
Add peering integration tests (#14836)
Add peering integration tests.
2022-10-04 13:51:04 -05:00
Eric Haberkorn 2178e38204
Rename PeerName to Peer on prepared queries and exported services (#14854) 2022-10-04 14:46:15 -04:00
Jeff Boruszak f5c8fe75e3
Merge pull request #14870 from hashicorp/docs/hyperlink-fixes
docs: Windows tutorial hyperlink fix #2
2022-10-04 13:16:14 -05:00
Ashlee M Boyer d6149eaeb2
Remove unneeded in params 2022-10-04 14:13:57 -04:00
Ashlee M Boyer b821755bf3
Fixing broken links 2022-10-04 14:00:32 -04:00
boruszak d4bf900032 Link fix 2022-10-04 12:42:59 -05:00
Jeff Boruszak 5d69df6a42
Merge pull request #14867 from hashicorp/docs/hyperlink-fixes
docs: Windows VM tutorial link fix
2022-10-04 12:26:21 -05:00
boruszak 89d986d2c4 Tutorial link fix 2022-10-04 12:19:24 -05:00
Jeff Boruszak 2a56d02992
Merge pull request #14794 from hashicorp/docs/cluster-peering
docs: Cluster peering 1.14 beta release
2022-10-04 10:46:57 -05:00
Jeff Boruszak 0ec726a959
Merge pull request #14770 from hashicorp/docs/agentless-beta
docs: Consul Dataplane (Agentless) Beta
2022-10-04 10:41:43 -05:00
Jeff Boruszak 1761c31fab
Merge pull request #14769 from hashicorp/docs/consul-on-windows-vms
docs: Consul on Windows VMs Envoy bootstrapping
2022-10-04 10:41:11 -05:00
trujillo-adam f3299a0c55
Merge pull request #14779 from hashicorp/docs/invoke-services-from-lambda
Docs/invoke services from lambda
2022-10-04 08:37:48 -07:00
boruszak 673935d55c list 2022-10-04 10:37:39 -05:00
boruszak eeb3c45a6c Reverts + fix 2022-10-04 10:37:39 -05:00
Luke Kysow 12ac96c356
Remove terminal colouring from test output so it is (#14810)
more readable in CI.

```
Running primary verification step for case-ingress-gateway-multiple-services...
�[34;1mverify.bats
�[0m�[1G   ingress proxy admin is up on :20000�[K�[75G 1/12�[2G�[1G ✓ ingress proxy admin is up on :20000�[K
�[0m�[1G   s1 proxy admin is up on :19000�[K�[75G 2/12�[2G�[1G ✓ s1 proxy admin is up on :19000�[K
�[0m�[1G   s2 proxy admin is up on :19001�[K�[75G 3/12�[2G�[1G ✓ s2 proxy admin is up on :19001�[K
�[0m�[1G   s1 proxy listener should be up and have right cert�[K�[75G 4/12�[2G�[1G ✓ s1 proxy listener should be up and have right cert�[K
�[0m�[1G   s2 proxy listener should be up and have right cert�[K�[75G 5/12�[2G�[1G ✓ s2 proxy listener should be up and have right cert�[K
�[0m�[1G   ingress-gateway should have healthy endpoints for s1�[K�[75G 6/12�[2G�[31;1m�[1G ✗ ingress-gateway should have healthy endpoints for s1�[K
�[0m�[31;22m   (from function `assert_upstream_has_endpoints_in_status' in file /workdir/primary/bats/helpers.bash, line 385,
```

versus

```
Running primary verification step for case-ingress-gateway-multiple-services...
1..12
ok 1 ingress proxy admin is up on :20000
ok 2 s1 proxy admin is up on :19000
ok 3 s2 proxy admin is up on :19001
ok 4 s1 proxy listener should be up and have right cert
ok 5 s2 proxy listener should be up and have right cert
not ok 6 ingress-gateway should have healthy endpoints for s1
not ok 7 s1 proxy should have been configured with max_connections in services
ok 8 ingress-gateway should have healthy endpoints for s2
```
2022-10-04 08:35:19 -07:00
boruszak 8321c88480 More group fix attempts 2022-10-04 10:20:14 -05:00
boruszak 40f1070271 Tabs fix again 2022-10-04 10:00:53 -05:00