Commit graph

20421 commits

Author SHA1 Message Date
hc-github-team-consul-core 3c3e2c48fa
Backport of Hash based config entry replication into release/1.16.x (#19915)
add hash based config entry replication

Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2023-12-12 13:35:57 -05:00
hc-github-team-consul-core b83af6b165
Backport of Remove warning for consul 1.17 deprecation into release/1.16.x (#19904)
backport of commit 8d43647ed95f04ed0e8a27dd45d680aa7f6e7339

Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
2023-12-12 09:43:23 -05:00
hc-github-team-consul-core 5126fe18d4
Backport of fix: remove test to unblock CI into release/1.16.x (#19910)
backport of commit de839085b9782478aa758de495a121ccd57c7384

Co-authored-by: valeriia-ruban <valeriia.ruban@hashicorp.com>
2023-12-11 20:21:03 -08:00
hc-github-team-consul-core d1e691873a
Backport of Add documentation for proxy-config-map and xds_fetch_timeout_ms. into release/1.16.x (#19895)
backport of commit 85e942475a32843a7bc5b29597569212a91cedeb

Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
2023-12-11 15:57:38 -06:00
hc-github-team-consul-core 68b74c9cc6
Backport of [NET-6842] splitting go version on different lines into release/1.16.x (#19890)
backport of commit 2e594e15a989124657ad2ca902dc5f631bf9fb0c

Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
2023-12-11 16:32:08 +00:00
Derek Menteer 609762077f
Backport of: Fix ClusterLoadAssignment timeouts dropping endpoints. into 1.16 (#19885)
Fix ClusterLoadAssignment timeouts dropping endpoints.

When a large number of upstreams are configured on a single envoy
proxy, there was a chance that it would timeout when waiting for
ClusterLoadAssignments. While this doesn't always immediately cause
issues, consul-dataplane instances appear to consistently drop
endpoints from their configurations after an xDS connection is
re-established (the server dies, random disconnect, etc).

This commit adds an `xds_fetch_timeout_ms` config to service registrations
so that users can set the value higher for large instances that have
many upstreams. The timeout can be disabled by setting a value of `0`.

This configuration was introduced to reduce the risk of causing a
breaking change for users if there is ever a scenario where endpoints
would never be received. Rather than just always blocking indefinitely
or for a significantly longer period of time, this config will affect
only the service instance associated with it.
2023-12-11 10:31:59 -06:00
trujillo-adam 6ccf49ceea
added redirect for conf entries 1.8.x (#19460) (#19880)
fixed merge conflicts
2023-12-08 12:44:17 -08:00
hc-github-team-consul-core 48b9a0ff8c
Backport of Fix xDS missing endpoint race condition. into release/1.16.x (#19873)
Fix xDS missing endpoint race condition.

This fixes the following race condition:
- Send update endpoints
- Send update cluster
- Recv ACK endpoints
- Recv ACK cluster

Prior to this fix, it would have resulted in the endpoints NOT existing in
Envoy. This occurred because the cluster update implicitly clears the endpoints
in Envoy, but we would never re-send the endpoint data to compensate for the
loss, because we would incorrectly ACK the invalid old endpoint hash. Since the
endpoint's hash did not actually change, they would not be resent.

The fix for this is to effectively clear out the invalid pending ACKs for child
resources whenever the parent changes. This ensures that we do not store the
child's hash as accepted when the race occurs.

An escape-hatch environment variable `XDS_PROTOCOL_LEGACY_CHILD_RESEND` was
added so that users can revert back to the old legacy behavior in the event
that this produces unknown side-effects.

This bug report and fix was mostly implemented by @ksmiley with some minor
tweaks.

Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
Co-authored-by: Keith Smiley <ksmiley@salesforce.com>
2023-12-08 12:16:43 -06:00
Andrew Stucki 0fafa010bc
[Backport 1.16.x] Add CE version of Gateway Upstream Disambiguation (#19867)
Add CE version of Gateway Upstream Disambiguation

Co-authored-by: Thomas Eckert <teckert@hashicorp.com>
2023-12-08 11:46:23 -05:00
hc-github-team-consul-core b2a57ae0fd
Backport of parse config protocol on write to optimize disco-chain compilation into release/1.16.x (#19858)
* parse config protocol on write to optimize disco-chain compilation (#19829)

* parse config protocol on write to optimize disco-chain compilation

* add changelog

* add test fixes from PR

* add missing config field

---------

Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2023-12-07 15:37:52 -05:00
hc-github-team-consul-core c279233d2b
Backport of [NET-6650] Bump go version to 1.20.12 into release/1.16.x (#19845)
backport of commit af6045cdf1bfe8589d4ff5f03ffd327a39b62ced

Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com>
2023-12-07 14:00:25 -05:00
Michael Zalimeni 3a0b34b59e
chore: update version and changelog post-1.16.3 (#19853)
chore: update version to 1.16.4-dev
2023-12-07 17:35:07 +00:00
John Buonassisi 1a9f2944eb
Backport stats flush interval 1.16.x (#19849)
* Default "stats_flush_interval" to 1 minute for Consul Telemetry Collector (#19663)

* Set default of 1m for StatsFlushInterval when the collector is setup

* Add documentation on the stats_flush_interval value

* Do not default in two conditions 1) preconfigured sinks exist 2) preconfigured flush interval exists

* Fix wording of docs

* Add changelog

* Fix docs

(cherry picked from commit bfb3a43648634e117c8405d6a6e3cc837fb8e3dc)

* fix pr labeller

---------

Co-authored-by: Ashvitha <ashvitha.sridharan@hashicorp.com>
2023-12-06 13:18:36 -08:00
hc-github-team-consul-core 236ceb3b40
Backport of improve client RPC metrics consistency into release/1.16.x (#19842)
* backport of commit 06507fe053f8777b12c8a0a54e062df1fb111a52

* backport of commit 14e160573dbc9d644cb045af7eda5da0d03447d0

* backport of commit 088ec70f902e79a101669fbb76830fe356b23982

---------

Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2023-12-06 14:05:34 -05:00
lornasong fa9de6f8b4
Manual Backport of [Cloud][CC-6925] Updates to pushing server state into release/1.16.x (#19818)
* [Cloud][CC-6925] Updates to pushing server state (#19682)

* Upgrade hcp-sdk-go to latest version v0.73

Changes:
- go get github.com/hashicorp/hcp-sdk-go
- go mod tidy

* From upgrade: regenerate protobufs for upgrade from 1.30 to 1.31

Ran: `make proto`

Slack: https://hashicorp.slack.com/archives/C0253EQ5B40/p1701105418579429

* From upgrade: fix mock interface implementation

After upgrading, there is the following compile error:

cannot use &mockHCPCfg{} (value of type *mockHCPCfg) as "github.com/hashicorp/hcp-sdk-go/config".HCPConfig value in return statement: *mockHCPCfg does not implement "github.com/hashicorp/hcp-sdk-go/config".HCPConfig (missing method Logout)

Solution: update the mock to have the missing Logout method

* From upgrade: Lint: remove usage of deprecated req.ServerState.TLS

Due to upgrade, linting is erroring due to usage of a newly deprecated field

22:47:56 [consul]: make lint
--> Running golangci-lint (.)
agent/hcp/testing.go:157:24: SA1019: req.ServerState.TLS is deprecated: use server_tls.internal_rpc instead. (staticcheck)
                time.Until(time.Time(req.ServerState.TLS.CertExpiry)).Hours()/24,
                                     ^

* From upgrade: adjust oidc error message

From the upgrade, this test started failing:

=== FAIL: internal/go-sso/oidcauth TestOIDC_ClaimsFromAuthCode/failed_code_exchange (re-run 2) (0.01s)
    oidc_test.go:393: unexpected error: Provider login failed: Error exchanging oidc code: oauth2: "invalid_grant" "unexpected auth code"

Prior to the upgrade, the error returned was:
```
Provider login failed: Error exchanging oidc code: oauth2: cannot fetch token: 401 Unauthorized\nResponse: {\"error\":\"invalid_grant\",\"error_description\":\"unexpected auth code\"}\n
```

Now the error returned is as below and does not contain "cannot fetch token"
```
Provider login failed: Error exchanging oidc code: oauth2: "invalid_grant" "unexpected auth code"

```

* Update AgentPushServerState structs with new fields

HCP-side changes for the new fields are in:
https://github.com/hashicorp/cloud-global-network-manager-service/pull/1195/files

* Minor refactor for hcpServerStatus to abstract tlsInfo into struct

This will make it easier to set the same tls-info information to both
 - status.TLS (deprecated field)
 - status.ServerTLSMetadata (new field to use instead)

* Update hcpServerStatus to parse out information for new fields

Changes:
 - Improve error message and handling (encountered some issues and was confused)
 - Set new field TLSInfo.CertIssuer
 - Collect certificate authority metadata and set on TLSInfo.CertificateAuthorities
 - Set TLSInfo on both server.TLS and server.ServerTLSMetadata.InternalRPC

* Update serverStatusToHCP to convert new fields to GNM rpc

* Add changelog

* Feedback: connect.ParseCert, caCerts

* Feedback: refactor and unit test server status

* Feedback: test to use expected struct

* Feedback: certificate with intermediate

* Feedback: catch no leaf, remove expectedErr

* Feedback: update todos with jira ticket

* Feedback: mock tlsConfigurator

* Run make proto for files in 1.16 not in main

* update licensing per 1.16 licensing
2023-12-06 13:35:03 -05:00
Ashesh Vidyut 5e640ac499
NET-3860 - [Supportability] consul troubleshoot CLI for verifying ports (#19836)
* NET-3860

* fix go mod

* remove license

* dummy commit to trigger ci

* fix go mod

* fix go mod tidy
2023-12-06 15:27:26 +05:30
Matt Keeler 8b3f1dcbdb
Pin lint-consul-retry to v1.3.0 (#19777)
The latest version finds more issues which are fixed on main and not being backported.
2023-11-29 21:37:51 +00:00
hc-github-team-consul-core 5507e9d798
Backport of Docs: FIPS - add cluster peering info into release/1.16.x (#19778)
* backport of commit 854ccee4d4f50852980468e6617dc7fc40ad3208

* backport of commit 812cf288bdb115fbfa2a8f84e7347d76e86a0c4c

* backport of commit af8aef88a50a09ef4462a7d7745162d29ecc26d3

* backport of commit 5111c406ecd0e12309bfc775c504258f085843ae

---------

Co-authored-by: Jeff-Apple <79924108+Jeff-Apple@users.noreply.github.com>
2023-11-29 13:16:59 -08:00
John Maguire 0cd190f8d9
[NET-5688] APIGateway UI Topology Fixes (#19657) Backport (#19763)
* [NET-5688] APIGateway UI Topology Fixes (#19657)

* Update catalog and ui endpoints to show APIGateway in gateway service
topology view

* Added initial implementation for service view

* updated ui

* Fix topology view for gateways

* Adding tests for gw controller

* remove unused args

* Undo formatting changes

* Fix call sites for upstream/downstream gw changes

* Add config entry tests

* Fix function calls again

* Move from ServiceKey to ServiceName, cleanup from PR review

* Add additional check for length of services in bound apigateway for
IsSame comparison

* fix formatting for proto

* gofmt

* Add DeepCopy for retrieved BoundAPIGateway

* gofmt

* gofmt

* Rename function to be more consistent

* Remove busl license
2023-11-29 11:22:56 -05:00
Michael Zalimeni 86cf809a62
[NET-6232] docs: Update consul-k8s Helm chart docs (1.2.x) (#19698)
docs: Update consul-k8s Helm chart docs (1.2.x)

Sync changes not yet represented in docs and relevant before the next
patch release.
2023-11-27 15:15:51 -08:00
hc-github-team-consul-core b3d1dd1493
Backport of ci: Run go mod tidy check on submodules into release/1.16.x (#19747)
backport of commit 5316676bb671a973d4a04a9d0fd1db7b922cea86

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
2023-11-27 21:41:53 +00:00
hc-github-team-consul-core 9192970c5d
Backport of [NET-6617] security: Bump github.com/golang-jwt/jwt/v4 to 4.5.0 into release/1.16.x (#19740)
backport of commit fbb8be55f53f5930663fafd2ba2268717ef2edf2

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
2023-11-27 16:20:00 +00:00
Valeriia Ruban dae785fe3e
chore: add suffix to consul version in sidenav (#19711) 2023-11-21 21:16:47 -07:00
hc-github-team-consul-core 0846916941
Backport of fix a panic in the CLI when deleting an acl policy with an unknown name into release/1.16.x (#19691)
* backport of commit e07f4da212b2957e90550b7de11f6a783e0c374b

* backport of commit eecf61b67f4bfe14007d3057ed174fe7c185fac9

---------

Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2023-11-20 15:01:28 +00:00
hc-github-team-consul-core 6ccc8319c4
Backport of [Docs] Update admin-partitions.mdx into release/1.16.x (#19631)
* backport of commit 54ecfa6b93c4f66a05e87819cea6e6291dae1fd7

* backport of commit a5bc545f95b47c4c910e35ec21175cb443c2dd5d

---------

Co-authored-by: am-ak <114914687+am-ak@users.noreply.github.com>
2023-11-14 09:28:24 -08:00
hc-github-team-consul-core 4c10c7ef58
Backport of Fix parts of admin-partitions guide into release/1.16.x (#19625)
backport of commit d4ba678e656107cb568af968adccd3755b35681b

Co-authored-by: Joshua Timmons <joshua.timmons1@gmail.com>
2023-11-14 14:49:31 +00:00
hc-github-team-consul-core 2a7a87e67e
Backport of increasing unit tests timeout from 10m to 30m into release/1.16.x (#19425)
backport of commit 26cb1f6acfab3c3e35d06ae27683a2ac3399aa1f

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
2023-11-09 19:37:17 +00:00
hc-github-team-consul-core 7c080d5fa1
Backport of Fix typo in GatewayClassConfig docs into release/1.16.x (#19565)
* Fix typo in GatewayClassConfig docs

* Fix broken links

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2023-11-08 20:52:22 +00:00
hc-github-team-consul-core 8c6005a245
Backport of test: update certs for 10 year expiry into release/1.16.x (#19560)
backport of commit d6283a9352fe46e20206a4ab9ed76ff0c04bde53

Co-authored-by: DanStough <dan.stough@hashicorp.com>
2023-11-07 20:12:16 +00:00
hc-github-team-consul-core fa78010b04
Backport of Fix more test flakes into release/1.16.x (#19545)
* backport of commit 5cb614ed7323303a5e55a2648410cbd9ec5099bd

* Fix flaky metrics tests.

---------

Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
2023-11-07 10:46:58 -06:00
hc-github-team-consul-core d7a81cb144
Backport of [NET-6459] Fix issue with wanfed lan ip conflicts. into release/1.16.x (#19522)
backport of commit a47995f72dba14020cc50e69eaffdf6b131159ae

Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
2023-11-06 15:14:59 +00:00
hc-github-team-consul-core de28b7fdce
Backport of Shuffle CICD tests to spread worker load. into release/1.16.x (#19519)
backport of commit b8a18c4fac7778028dd01c03783e7abf63d0e7c2

Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
2023-11-06 14:41:13 +00:00
Tyler Wendlandt 9860f68703
ui: 1.16.x Back to HCP link conditions (#19443)
Only show back to hcp link if CONSUL_HCP_URL is present
2023-11-03 15:51:59 -06:00
Ronald 6eca67fa81
changelog for consul-k8s 1.2.3 (#19497) 2023-11-02 19:03:08 -04:00
hc-github-team-consul-core 9569beb73d
Backport of build: ensure we pull through the hashicorp proxy instead of going directly to the docker hub into release/1.16.x (#19485)
backport of commit 5ab1e9888e96c8f0af46d5145031456e3a3dd461

Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2023-11-02 18:13:25 +00:00
hc-github-team-consul-core 566b7c105a
Backport of Regen expired test certs into release/1.16.x (#19478)
backport of commit d399654096b534615ae6bdb62a13eae69107c9cc

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>
2023-11-02 15:44:39 +00:00
John Maguire 3c3084d345
Update typo in l7-traffic service splitting example (#19468) 2023-11-01 15:22:52 -04:00
hc-github-team-consul-core 1a977a1439
Backport of NET-5186 Add NET_BIND_SERVICE capability to consul-dataplane requirements into release/1.16.x (#19451)
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2023-11-01 14:07:55 -04:00
Blake Covarrubias 588e108c51
Backport of docs: Fix Kubernetes CRD example configs into release/1.16.x (#19438)
docs: Fix Kubernetes CRD example configs (#18878)

Fixes configuration examples for several Consul Kubernetes CRDs. The
CRDs were missing required fields such as `apiVersion`, `metadata`,
and `spec`.

Co-authored-by: Tu Nguyen <im2nguyen@gmail.com>
2023-10-31 09:07:06 -04:00
hc-github-team-consul-core f0c23587e0
Backport of Golden File Tests for TermGW w/ Cluster Peering into release/1.16.x (#19192)
backport of commit 1fffd233b3eba4e1d85be58808e73f1daa412e4f

Co-authored-by: Thomas Eckert <teckert@hashicorp.com>
2023-10-30 11:04:47 -04:00
Michael Zalimeni 57265a06f0
Backport of [NET-6138] security: Bump google.golang.org/grpc to 1.56.3 (CVE-2023-44487) to release/1.16.x (#19420)
Bump google.golang.org/grpc to 1.56.3

This resolves [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487).

Co-authored-by: Chris Thain <chris.m.thain@gmail.com>
2023-10-30 08:58:11 -04:00
hc-github-team-consul-core 4c4677f24e
Backport of Use strict DNS for mesh gateways with hostnames into release/1.16.x (#19395)
Use strict DNS for mesh gateways with hostnames

Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com>
2023-10-27 12:30:08 -04:00
hc-github-team-consul-core 3d7dc247fa
Backport of Fix casing in example yaml config into release/1.16.x (#19407)
backport of commit 2da2736c3c9df2b1888894d3d441768abe288efb

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2023-10-27 14:22:30 +00:00
hc-github-team-consul-core f77d61aafc
Backport of Add note about service upstream env var dot broken into release/1.16.x (#19398)
backport of commit 8a0896d379abf684e82a8a1f436a5758402e94f6

Co-authored-by: Tu Nguyen <im2nguyen@gmail.com>
2023-10-26 20:52:45 +00:00
hc-github-team-consul-core 09bc2c41b7
Backport of chor: update rule to run frontend github tasks when changes are made … into release/1.16.x (#19065) 2023-10-26 12:36:52 -07:00
Derek Menteer 19f9de2224
Backport of Add grpc keepalive configuration into release/1.16.x (#19339) (#19346)
Add grpc keepalive configuration. (#19339)

Prior to the introduction of this configuration, grpc keepalive messages were
sent after 2 hours of inactivity on the stream. This posed issues in various
scenarios where the server-side xds connection balancing was unaware that envoy
instances were uncleanly killed / force-closed, since the connections would
only be cleaned up after ~5 minutes of TCP timeouts occurred. Setting this
config to a 30 second interval with a 20 second timeout ensures that at most,
it should take up to 50 seconds for a dead xds connection to be closed.
2023-10-24 08:52:05 -05:00
Chris S. Kim d547958f2c
[1.16.x] Vault CA bugfixes (#19285) (#19336)
Vault CA bugfixes (#19285)

* Re-add retry logic to Vault token renewal

* Fix goroutine leak

* Add test for detecting goroutine leak

* Add changelog

* Rename tests

* Add comment
2023-10-23 14:14:05 +00:00
hc-github-team-consul-core 11ee74d054
Backport of skip envoy version check in ci into release/1.16.x (#19316)
* no-op commit due to failed cherry-picking

* Update verify-envoy-version.yml

* Update verify-envoy-version.yml

---------

Co-authored-by: temp <temp@hashicorp.com>
Co-authored-by: Anita Akaeze <anita.akaeze@hashicorp.com>
2023-10-20 11:47:23 -07:00
Chris Thain 963f609b6d
release/1.16.x - Update supported Envoy versions (#19273) 2023-10-19 14:45:33 -07:00
hc-github-team-consul-core abb6ce3bc9
Backport of fix: allow snake case keys for ip based rate limit config entry into release/1.16.x (#19292)
* backport of commit 5c2deeb4c6b4b3bb1a1e5eadef52fd9ee7dda99a

* backport of commit e91fd9c7d7916db49c4976d29b42b29ba3ab2311

---------

Co-authored-by: Poonam Jadhav <poonam.jadhav@hashicorp.com>
2023-10-19 16:28:53 +00:00