e6f997ac5b
[OSS] Add ACL enforcement to peering endpoints ( #13878 )
2022-07-25 10:04:10 -06:00
6a47c44755
Enable/Disable Peering Support in the UI ( #13816 )
...
We enabled/disable based on the config flag.
2022-07-25 11:50:11 -04:00
5bbc0cc615
Add ACL enforcement to peering endpoints
2022-07-25 09:34:29 -06:00
75efc0649b
Remove excess debug log from ingress upstream shutdown
2022-07-22 17:29:38 -07:00
b60ebc022e
peering: use ShouldDial to validate peer role ( #13823 )
...
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-22 15:56:25 -07:00
d21f793b74
peering: add config to enable/disable peering ( #13867 )
...
* peering: add config to enable/disable peering
Add config:
```
peering {
enabled = true
}
```
Defaults to true. When disabled:
1. All peering RPC endpoints will return an error
2. Leader won't start its peering establishment goroutines
3. Leader won't start its peering deletion goroutines
2022-07-22 15:20:21 -07:00
3cbcfd4b13
Merge pull request #13847 from hashicorp/gateway-goroutine-leak
...
Fix goroutine leaks in proxycfg when using ingress gateway
2022-07-22 14:43:22 -07:00
922592d6bb
[OSS] Add new peering ACL rule ( #13848 )
...
This commit adds a new ACL rule named "peering" to authorize
actions taken against peering-related endpoints.
The "peering" rule has several key properties:
- It is scoped to a partition, and MUST be defined in the default
namespace.
- Its access level must be "read', "write", or "deny".
- Granting an access level will apply to all peerings. This ACL rule
cannot be used to selective grant access to some peerings but not
others.
- If the peering rule is not specified, we fall back to the "operator"
rule and then the default ACL rule.
2022-07-22 14:42:23 -06:00
12858f4f90
docs: Updates k8s annotation docs ( #13809 )
...
* Updates k8s annotation docs
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2022-07-22 13:26:31 -07:00
ed8b2fe19e
add redirects
2022-07-22 14:20:27 -05:00
7bd55578cc
peering: emit exported services count metric ( #13811 )
...
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-22 12:05:08 -07:00
a253d7e49b
Rename some protobuf package names to be fqdn like ( #13861 )
...
These are used in various bits of the wire format (for gRPC) and internally with Go’s registry so we want to namespace things properly.
2022-07-22 14:59:34 -04:00
9cb569b44e
Add options and examples to proxy read
2022-07-22 13:43:38 -04:00
55b7eb6838
Add changelog note
2022-07-22 10:33:50 -07:00
9f9ac78243
Add ECS audit logging docs ( #13729 )
2022-07-22 13:30:25 -04:00
b8131704ea
Improve peered service empty downstreams message ( #13854 )
2022-07-22 19:28:13 +02:00
a1ca68a632
Add descriptions to the subjects
2022-07-22 12:14:01 -04:00
3ba839f288
Update website/content/docs/api-gateway/usage/basic-usage.mdx
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-22 09:45:00 -05:00
f018bd6e09
proxycfg-glue: server-local implementation of `ExportedPeeredServices`
...
This is the OSS portion of enterprise PR 2377.
Adds a server-local implementation of the proxycfg.ExportedPeeredServices
interface that sources data from a blocking query against the server's
state store.
2022-07-22 15:23:23 +01:00
e044343105
Add Cluster Peering Failover Support to Prepared Queries ( #13835 )
...
Add peering failover support to prepared queries
2022-07-22 09:14:43 -04:00
ccd120725b
fix tabs
2022-07-21 17:38:57 -05:00
e9c67f8cb7
fix tabs
2022-07-21 17:21:22 -05:00
c76be552bc
fix tabs
2022-07-21 17:11:07 -05:00
cbafabde16
update generate token endpoint to take external addresses ( #13844 )
...
Update generate token endpoint (rpc, http, and api module)
If ServerExternalAddresses are set, it will override any addresses gotten from the "consul" service, and be used in the token instead, and dialed by the dialer. This allows for setting up a load balancer for example, in front of the consul servers.
2022-07-21 14:56:11 -07:00
0107e80bed
fix tabs
2022-07-21 16:54:03 -05:00
a339080641
Add proxy list docs
2022-07-21 17:47:39 -04:00
878c9091d8
erge branch 'sa-restructure-documentation' of github.com:hashicorp/consul into sa-restructure-documentation
2022-07-21 15:13:00 -05:00
c2fdd172ae
add consul k8s install instructions
2022-07-21 15:12:49 -05:00
41c6fcbfd5
Update website/content/docs/api-gateway/configuration/gatewayclassconfig.mdx
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:59:14 -05:00
111877a86d
Merge branch 'sa-restructure-documentation' of github.com:hashicorp/consul into sa-restructure-documentation
2022-07-21 14:54:04 -05:00
1b32cba878
merge back in mike's environment doc in install
2022-07-21 14:53:55 -05:00
ccee2fd834
Update website/content/docs/api-gateway/configuration/gateway.mdx
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:55 -05:00
6e92dbb6cf
Update website/content/docs/api-gateway/configuration/gateway.mdx
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:47 -05:00
e860f368fd
Update website/content/docs/api-gateway/configuration/gateway.mdx
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:34 -05:00
711bc7724b
Update website/content/docs/api-gateway/configuration/gateway.mdx
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:25 -05:00
275eea2599
Merge pull request #13845 from hashicorp/acpana/peering-rename-oss
...
[SYNC] Rename peering internal to ~
2022-07-21 11:20:38 -07:00
b847f656a8
Rename peering internal to ~
...
sync ENT to 5679392c81
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-21 10:51:05 -07:00
ba7f3fbebc
peering: Add heartbeating to peering streams ( #13806 )
...
* Add heartbeating to peering streams
2022-07-21 10:03:27 -07:00
00f9dc2a70
Add Consul Lambda integration tests ( #13770 )
2022-07-21 09:54:56 -07:00
2875cbe856
ui: Change initiate > establish for peering the modal tab ( #13839 )
2022-07-21 17:39:15 +01:00
83d2204c7c
ui: Allow searching for peerings by ID ( #13837 )
2022-07-21 17:38:57 +01:00
a7b8f7738b
ui: Remove peering detail page ( #13836 )
...
* ui: Remove links to the peering detail page
* 404 everything
2022-07-21 17:38:10 +01:00
fdddf7af48
ui: peered services only show instance- and tags-tabs ( #13840 )
...
* Only show instances- and tags-tab peered services
* Adapt show-with-slashes test to peering changes
Tests always have the peering feature turned on and the default service
we load from the mock-api will be peered. This is why the topology
view of the service.show page will not be accessible in the updated
test it will show the instances instead. This change does not change
what the test is actually testing so just putting changing to the now
different url is fine.
2022-07-21 16:09:54 +01:00
7863a00e2c
ui: Surface peer info in nodes.show view ( #13832 )
2022-07-21 15:35:54 +01:00
1475ec0349
ui: Update peerings empty state copy ( #13834 )
2022-07-21 14:59:38 +01:00
e3bff8fb39
proxycfg-glue: server-local implementation of `PeeredUpstreams`
...
This is the OSS portion of enterprise PR 2352.
It adds a server-local implementation of the proxycfg.PeeredUpstreams interface
based on a blocking query against the server's state store.
It also fixes an omission in the Virtual IP freeing logic where we were never
updating the max index (and therefore blocking queries against
VirtualIPsForAllImportedServices would not return on service deletion).
2022-07-21 13:51:59 +01:00
1baf4d13d6
Merge pull request #12592 from krastin/krastin/docs/sidecarservice-typo
...
docs: clean-up sidecar service expanded definition
2022-07-21 10:21:48 +02:00
7f2eea5be3
Merge branch 'main' into krastin/docs/sidecarservice-typo
2022-07-21 10:51:39 +03:00
706e0def2e
Merge pull request #13682 from hashicorp/docs/deemphasize-token-query-param
...
docs: suggest using token header, not query param
2022-07-20 19:22:53 -04:00
4cec3bd9db
Add send mutex to protect against concurrent sends ( #13805 )
2022-07-20 15:48:18 -07:00
Freddy