Commit graph

18340 commits

Author SHA1 Message Date
Luke Kysow 63df49b440
Run integration tests locally using amd64 (#14365)
Locally, always run integration tests using amd64, even if running
on an arm mac. This ensures the architecture locally always matches
the CI/CD environment.

In addition:
* Use consul:local for envoy integration and upgrade tests. Previously,
  consul:local was used for upgrade tests and consul-dev for integration
  tests. I didn't see a reason to use separate images as it's more
  confusing.
* By default, disable the requirement that aws credentials are set.
  These are only needed for the lambda tests and make it so you
  can't run any tests locally, even if you're not running the
  lambda tests. Now they'll only run if the LAMBDA_TESTS_ENABLED
  env var is set.
* Split out the building of the Docker image for integration
  tests into its own target from `dev-docker`. This allows us to always
  use an amd64 image without messing up the `dev-docker` target.
* Add support for passing GO_TEST_FLAGs to `test-envoy-integ` target.
* Add a wait_for_leader function because tests were failing locally
  without it.
2022-08-29 16:13:49 -07:00
Freddy f27a9effca
Merge pull request #13496 from maxb/fix-kv_entries-metric 2022-08-29 15:35:11 -06:00
Freddy 69d99aa8c0
Merge pull request #14364 from hashicorp/peering/term-delete 2022-08-29 15:33:18 -06:00
Max Bowsher 3aefc4123f Merge branch 'main' into fix-kv_entries-metric 2022-08-29 22:22:10 +01:00
Chris S. Kim 7b267f5c01
Merge pull request #14371 from hashicorp/kisunji/peering-metrics-update
Adjust metrics reporting for peering tracker
2022-08-29 17:16:19 -04:00
Eric Haberkorn 13f8839924
Fix a breaking change to the API package introduced in #13835 (#14378)
`QueryDatacenterOptions` was renamed to `QueryFailoverOptions` without creating
an alias. This adds `QueryDatacenterOptions` back as an alias to
`QueryFailoverOptions` and marks it is deprecated.
2022-08-29 16:59:27 -04:00
Chris S. Kim e4a154c88e Add heartbeat timeout grace period when accounting for peering health 2022-08-29 16:32:26 -04:00
David Yu f5139f0c17
docs: Cluster peering with Transparent Proxy updates (#14369)
* Update Cluster Peering docs to show example with Transparent Proxy 
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-08-29 13:07:08 -07:00
David Yu 91be64887e
docs: Update Consul K8s release notes (#14379) 2022-08-29 11:34:39 -07:00
freddygv 850dc52f4f Add changelog entry 2022-08-29 12:31:13 -06:00
freddygv f790d84c04 Add validation to prevent switching dialing mode
This prevents unexpected changes to the output of ShouldDial, which
should never change unless a peering is deleted and recreated.
2022-08-29 12:31:13 -06:00
Eric Haberkorn 13992d5dc8
Update max_ejection_percent on outlier detection for peered clusters to 100% (#14373)
We can't trust health checks on peered services when service resolvers,
splitters and routers are used.
2022-08-29 13:46:41 -04:00
DanStough 680ff580a3 chore: add multi-arch docker build for testing 2022-08-29 12:01:31 -04:00
Chris S. Kim a58e943502 Rename test 2022-08-29 10:34:50 -04:00
Chris S. Kim 78bf8437d8 Fix test 2022-08-29 10:20:30 -04:00
Eric Haberkorn 2a370d456b
Update the structs and discovery chain for service resolver redirects to cluster peers. (#14366) 2022-08-29 09:51:32 -04:00
Chris S. Kim b1025f2dd9 Adjust metrics reporting for peering tracker 2022-08-26 17:34:17 -04:00
David Yu 5d1b26e973
docs: Release notes for Consul 1.12, 1.13 and Consul K8s 0.47.0 (#14352)
* consul 1.12, consul 1.13, and consul-k8s release notes

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2022-08-26 13:37:41 -07:00
freddygv 19f25fc3a5 Allow terminated peerings to be deleted
Peerings are terminated when a peer decides to delete the peering from
their end. Deleting a peering sends a termination message to the peer
and triggers them to mark the peering as terminated but does NOT delete
the peering itself. This is to prevent peerings from disappearing from
both sides just because one side deleted them.

Previously the Delete endpoint was skipping the deletion if the peering
was not marked as active. However, terminated peerings are also
inactive.

This PR makes some updates so that peerings marked as terminated can be
deleted by users.
2022-08-26 10:52:47 -06:00
Thomas Eckert 91e1242b82
Merge pull request #14347 from hashicorp/update-terminating-gateway-docs
Update Kubernetes Terminating Gateway Docs
2022-08-26 12:52:09 -04:00
smamindla57 d649320c0d
Updated consul monitoring with Newrelic APM (#14360)
* added newrelic consul quickstart link
* adding HCP Consul

Co-authored-by: David Yu <dyu@hashicorp.com>
2022-08-26 09:13:46 -07:00
Chris S. Kim a8b2278968
Merge pull request #11742 from dekimsey/catalog-service-list-filter
Add support for filtering the 'List Services' API
2022-08-26 11:35:20 -04:00
Chris S. Kim 516a6daefa Merge branch 'main' into catalog-service-list-filter 2022-08-26 11:16:06 -04:00
Chris S. Kim a2c857df40 Fix tests for enterprise 2022-08-26 11:14:02 -04:00
Chris S. Kim a8090268d4
Replace ring buffer with async version (#14314)
We need to watch for changes to peerings and update the server addresses which get served by the ring buffer.

Also, if there is an active connection for a peer, we are getting up-to-date server addresses from the replication stream and can safely ignore the token's addresses which may be stale.
2022-08-26 10:27:13 -04:00
alex f64af3be24
peering: add peer health metric (#14004)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-08-25 16:32:59 -07:00
Dao Thanh Tung ca508de2e6
Fix Consul KV CLI 'GET' flags 'keys' and 'recurse' to be set together (#13493)
allow flags -recurse and -keys to be run at the same time in consul kv get CLI
2022-08-25 18:21:49 -04:00
Jared Kirschner d71e9f1b39
Merge pull request #13932 from hashicorp/docs/crossref-maint-mode-from-health-checks
docs: improve health check related docs
2022-08-25 16:56:30 -04:00
Jared Kirschner 99df4df057 docs: improve health check related docs
Includes:
- Improved scannability and organization of checks overview
- Checks overview includes more guidance on
  - How to register a health check
  - The options available for a health check definition
- Contextual cross-references to maintenance mode
2022-08-25 13:47:22 -07:00
Thomas Eckert 882a298856 Capitalize Helm 2022-08-25 14:44:45 -04:00
Thomas Eckert 112a3332c0 Add links to requirements 2022-08-25 14:44:33 -04:00
Thomas Eckert c61445615a Use tabs for destinations 2022-08-25 14:40:18 -04:00
Thomas Eckert 979179af45 Lil' more cleanup 2022-08-25 14:04:33 -04:00
Thomas Eckert b35b6beeb5 Clean up copy in ACL role update 2022-08-25 14:03:43 -04:00
Thomas Eckert c80c0376ae Normalize table with nobrs 2022-08-25 13:56:13 -04:00
Thomas Eckert e89b684d6b Format traffic behaviors table 2022-08-25 13:37:52 -04:00
Thomas Eckert 3417574017 Clean up copy for registration 2022-08-25 13:27:43 -04:00
Thomas Eckert ae72893587 Use tabs for with and without TLS 2022-08-25 13:02:55 -04:00
Thomas Eckert 60202c8d35 Instruct users to use the CLI 2022-08-25 12:49:54 -04:00
Thomas Eckert e2438ed742 Remove warning about 1.9 2022-08-25 12:45:57 -04:00
Chris S. Kim 2e75833133 Exit loop when context is cancelled 2022-08-25 11:48:25 -04:00
Evan Culver e14ab54131
docs: Update Envoy support matrix to match the code (#14338) 2022-08-24 17:04:26 -07:00
cskh 7ee1c857c3
Fix: the inboundconnection limit filter should be placed in front of http co… (#14325)
* fix: the inboundconnection limit should be placed in front of http connection manager

Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-08-24 14:13:10 -04:00
Derek Menteer 96d3005045 Add 14269 changelog entry. 2022-08-24 12:51:13 -05:00
skpratt c039028401
no-op: refactor usagemetrics tests for clarity and DRY cases (#14313) 2022-08-24 12:00:09 -05:00
Pablo Ruiz García 4188769c32
Added new auto_encrypt.grpc_server_tls config option to control AutoTLS enabling of GRPC Server's TLS usage
Fix for #14253

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-08-24 12:31:38 -04:00
DanStough bb56a3ee50 doc: tproxy destination fixes 2022-08-24 11:31:05 -04:00
Tyler Wendlandt f3e50ea5ee
ui: Replace file-mask with file-text icon usage on policy list (#14275) 2022-08-24 06:44:01 -06:00
Dan Upton 20c87d235f
dataplane: update envoy bootstrap params for consul-dataplane (#14017)
Contains 2 changes to the GetEnvoyBootstrapParams response to support
consul-dataplane.

Exposing node_name and node_id:

consul-dataplane will support providing either the node_id or node_name in its
configuration. Unfortunately, supporting both in the xDS meta adds a fair amount
of complexity (partly because most tables are currently indexed on node_name)
so for now we're going to return them both from the bootstrap params endpoint,
allowing consul-dataplane to exchange a node_id for a node_name (which it will
supply in the xDS meta).

Properly setting service for gateways:

To avoid the need to special case gateways in consul-dataplane, service will now
either be the destination service name for connect proxies, or the gateway
service name. This means it can be used as-is in Envoy configuration (i.e. as a
cluster name or in metric tags).
2022-08-24 12:03:15 +01:00
twunderlich-grapl 4b3a39c04d
Clarify docs around using either Consul or Vault managed PKI paths (#13295)
* Clarify docs around using either Consul or Vault managed PKI paths

The current docs can be misread to indicate that you need both the
Consul and Vault managed PKI Paths policies. The [Learning Tutorial](https://learn.hashicorp.com/tutorials/consul/vault-pki-consul-connect-ca?in=consul/vault-secure#create-vault-policies)
is clearer. This tries to make the original docs as clear as the
learning tutorial

* Clarify that PKI secret engines are used to store certs

Co-authored-by: Blake Covarrubias <blake.covarrubias@gmail.com>
2022-08-23 17:06:00 -07:00