Commit Graph

19723 Commits

Author SHA1 Message Date
Valeriia Ruban 64f5e20793
fix: add AccessorID property to PUT token request (#16660) 2023-03-16 18:57:59 -07:00
John Maguire 6b7045e3f4
Add in query options for catalog service existing in a specific (#16652)
namespace when creating service for tests
2023-03-16 18:11:24 +00:00
Vipin John Wilson e766b74a8b
First cluster grpc service should be NodePort for the second cluster to connect (#16430)
* First cluster grpc service should be NodePort

This is based on the issue opened here https://github.com/hashicorp/consul-k8s/issues/1903

If you follow the documentation https://developer.hashicorp.com/consul/docs/k8s/deployment-configurations/single-dc-multi-k8s exactly as it is, the first cluster will only create the consul UI service on NodePort but not the rest of the services (including for grpc). By default, from the helm chart, they are created as headless services by setting clusterIP None. This will cause an issue for the second cluster to discover consul server on the first cluster over gRPC as it cannot simply cannot through gRPC default port 8502 and it ends up in an error as shown in the issue https://github.com/hashicorp/consul-k8s/issues/1903

As a solution, the grpc service should be exposed using NodePort (or LoadBalancer). I added those changes required in both cluster1-values.yaml and cluster2-values.yaml, and also a description for those changes for the normal users to understand. Kindly review and I hope this PR will be accepted.

* Update website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-03-16 16:43:19 +00:00
Eric Haberkorn 65bfef6df1
fix confusing spiffe ids in golden tests (#16643) 2023-03-15 14:30:36 -04:00
wangxinyi7 4aa1b5ee01
net 2731 ip config entry OSS version (#16642)
* ip config entry

* name changing

* move to ent

* ent version

* renaming

* change format

* renaming

* refactor

* add default values
2023-03-15 11:21:24 -07:00
John Maguire 7fca314579
Update e2e tests for namespaces (#16627)
* Refactored "NewGatewayService" to handle namespaces, fixed
TestHTTPRouteFlattening test

* Fixed existing http_route tests for namespacing

* Squash aclEnterpriseMeta for ResourceRefs and HTTPServices, accept
namespace for creating connect services and regular services

* Use require instead of assert after creating namespaces in
http_route_tests

* Refactor NewConnectService and NewGatewayService functions to use cfg
objects to reduce number of method args

* Rename field on SidecarConfig in tests from `SidecarServiceName` to
`Name` to avoid stutter
2023-03-15 17:51:36 +00:00
Eddie Rowe 9b64b3a5bb
Tune 404 checker to exclude false-positives and use intended file path (#16636) 2023-03-15 15:27:43 +00:00
Paul Banks 12a07c98e7
Add known issues to Raft WAL docs. (#16600)
* Add known issues to Raft WAL docs.

* Refactor update based on review feedback
2023-03-15 04:21:31 +00:00
Valeriia Ruban f404d3eb13
feat: update typography to consume hds styles (#16577) 2023-03-14 19:49:14 -07:00
Freddy a5bd98ae3e
Backport ENT-4704 (#16612) 2023-03-14 14:55:11 -06:00
Semir Patel f0c36029b8
Basic resource type registry (#16622) 2023-03-14 13:30:25 -05:00
Derek Menteer f3be5d9b80
Fix issue with trust bundle read ACL check. (#16630)
This commit fixes an issue where trust bundles could not be read
by services in a non-default namespace, unless they had excessive
ACL permissions given to them.

Prior to this change, `service:write` was required in the default
namespace in order to read the trust bundle. Now, `service:write`
to a service in any namespace is sufficient.
2023-03-14 12:24:33 -05:00
Bastien Dronneau 0ad653b5bb
Docs discovery typo (#16628)
* docs(discovery): typo

* docs(discovery): EOF and trim lines

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-03-14 08:49:48 -07:00
Ronald 6bcb98ea71
Add UI copyright headers files (#16614)
* Add copyright headers to UI files

* Ensure copywrite file ignores external libs
2023-03-14 09:18:55 -04:00
Chris S. Kim bb4baeba95
Preserve CARoots when updating Vault CA configuration (#16592)
If a CA config update did not cause a root change, the codepath would return early and skip some steps which preserve its intermediate certificates and signing key ID. This commit re-orders some code and prevents updates from generating new intermediate certificates.
2023-03-13 17:32:59 -04:00
Derek Menteer 5d17b2c90b
Add sameness-group configuration entry. (#16608)
This commit adds a sameness-group config entry to the API and structs packages. It includes some validation logic and a new memdb index that tracks the default sameness-group for each partition. Sameness groups will simplify the effort of managing failovers / intentions / exports for peers and partitions.

Note that this change purely to introduce the configuration entry and does not include the full functionality of sameness-groups.
2023-03-13 16:19:11 -05:00
Ronald 9872eeaffe
Add copywrite setup file (#16602) 2023-03-13 08:24:00 -04:00
Ashvitha f514182f3e
Allow HCP metrics collection for Envoy proxies
Co-authored-by: Ashvitha Sridharan <ashvitha.sridharan@hashicorp.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>

Add a new envoy flag: "envoy_hcp_metrics_bind_socket_dir", a directory
where a unix socket will be created with the name
`<namespace>_<proxy_id>.sock` to forward Envoy metrics.

If set, this will configure:
- In bootstrap configuration a local stats_sink and static cluster.
  These will forward metrics to a loopback listener sent over xDS.

- A dynamic listener listening at the socket path that the previously
  defined static cluster is sending metrics to.

- A dynamic cluster that will forward traffic received at this listener
  to the hcp-metrics-collector service.


Reasons for having a static cluster pointing at a dynamic listener:
- We want to secure the metrics stream using TLS, but the stats sink can
  only be defined in bootstrap config. With dynamic listeners/clusters
  we can use the proxy's leaf certificate issued by the Connect CA,
  which isn't available at bootstrap time.

- We want to intelligently route to the HCP collector. Configuring its
  addreess at bootstrap time limits our flexibility routing-wise. More
  on this below.

Reasons for defining the collector as an upstream in `proxycfg`:
- The HCP collector will be deployed as a mesh service.

- Certificate management is taken care of, as mentioned above.

- Service discovery and routing logic is automatically taken care of,
  meaning that no code changes are required in the xds package.

- Custom routing rules can be added for the collector using discovery
  chain config entries. Initially the collector is expected to be
  deployed to each admin partition, but in the future could be deployed
  centrally in the default partition. These config entries could even be
  managed by HCP itself.
2023-03-10 13:52:54 -07:00
natemollica-dev c76598234c
Consul WAN Fed with Vault Secrets Backend document updates (#16597)
* Consul WAN Fed with Vault Secrets Backend document updates

* Corrected dc1-consul.yaml and dc2-consul.yaml file highlights

* Update website/content/docs/k8s/deployment-configurations/vault/wan-federation.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/deployment-configurations/vault/wan-federation.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-03-10 12:45:32 -08:00
Eddie Rowe 7f7f28e69c
Create a weekly 404 checker for all Consul docs content (#16603) 2023-03-10 14:13:14 -06:00
trujillo-adam eeae2812d6
fixes for unsupported partitions field in CRD metadata block (#16604)
* fixes for unsupported partitions field in CRD metadata block

* Apply suggestions from code review

Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>

---------

Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2023-03-10 19:33:42 +00:00
Eric Haberkorn d449096190
Add Peer Locality to Discovery Chains (#16588)
Add peer locality to discovery chains
2023-03-10 12:59:47 -05:00
Eric Haberkorn 0351f48bfd
allow setting locality on services and nodes (#16581) 2023-03-10 09:36:15 -05:00
David Yu e625b7dc34
JIRA pr check: Filter out OSS/ENT merges (#16593)
* jira pr check filter out dependabot and oss/ent merges
2023-03-09 14:29:39 -08:00
John Maguire 7bd248d432
Add namespace file with build tag for OSS gateway tests (#16590)
* Add namespace file with build tag for OSS tests

* Remove TODO comment
2023-03-09 20:46:02 +00:00
Tyler Wendlandt 00caa78594
UI: Fix htmlsafe errors throughout the app (#16574)
* Upgrade ember-intl

* Add changelog

* Add yarn lock
2023-03-09 12:43:35 -07:00
Semir Patel a4780c60b8
GRPC stub for the ResourceService (#16528) 2023-03-09 13:40:23 -06:00
Andrew Stucki 28869784e1
auto-updated agent/uiserver/dist/ from commit 63204b518 (#16587)
Co-authored-by: hc-github-team-consul-core <github-team-consul-core@hashicorp.com>
2023-03-09 13:56:53 -05:00
Michael Wilkerson d914841a3d
added a backport-checker GitHub action (#16567)
* added a backport-checker GitHub action

* Update .github/workflows/backport-checker.yml
2023-03-09 08:41:14 -08:00
Bryce Kalow 0c38ade8dd
website: adds content-check command and README update (#16579) 2023-03-08 15:30:38 -06:00
Semir Patel ef2070442d
Bump submodules from latest 1.15.1 patch release (#16578)
* Update changelog with Consul patch releases 1.13.7, 1.14.5, 1.15.1

* Bump submodules from latest patch release

* Forgot one
2023-03-08 14:37:50 -06:00
Semir Patel 7e34fdfed7
Update changelog with patch releases (#16576) 2023-03-08 19:32:22 +00:00
Eric Haberkorn a66433e527
fix bug that can lead to peering service deletes impacting the state of local services (#16570) 2023-03-08 11:24:03 -05:00
Anita Akaeze 36bee0a996
NET-2954: Improve integration tests CI execution time (#16565)
* NET-2954: Improve integration tests CI execution time

* fix ci

* remove comments and modify config file
2023-03-08 11:00:23 -05:00
Eddie Rowe dacac022ad
Broken link fixes (#16566) 2023-03-07 23:27:11 +00:00
Paul Glass 5c5663455c
docs: Document config entry permissions (#16556) 2023-03-07 14:05:23 -06:00
Eric Haberkorn 1d9a09f276
add agent locality and replicate it across peer streams (#16522) 2023-03-07 14:05:23 -05:00
cskh 082ba48809
upgrade test: use retry with ModifyIndex and remove ent test file (#16553) 2023-03-07 13:27:47 -05:00
Tu Nguyen 9a800c9c91
Update docs to reflect functionality (#16549)
* Update docs to reflect functionality

* make consistent with other client runtimes
2023-03-07 08:21:23 -08:00
John Eikenberry 25ed13261b
support vault auth config for alicloud ca provider
Add support for using existing vault auto-auth configurations as the
provider configuration when using Vault's CA provider with AliCloud.

AliCloud requires 2 extra fields to enable it to use STS (it's preferred
auth setup). Our vault-plugin-auth-alicloud package contained a method
to help generate them as they require you to make an http call to
a faked endpoint proxy to get them (url and headers base64 encoded).
2023-03-07 03:02:05 +00:00
Ronald 0558cbc5ee
Fix flakey tests related to ACL token updates (#16545)
* Fix flakey tests related to ACL token updates

* update all acl token update tests

* extra create_token function to its own thing
2023-03-06 23:14:06 +00:00
Valeriia Ruban d40fc3cc9e
feat: update notification to use hds toast component (#16519) 2023-03-06 14:10:09 -08:00
Ashlee M Boyer a673767fe9
Delete test-link-rewrites.yml (#16546) 2023-03-06 17:07:25 -05:00
John Maguire c81bcb424e
Update the consul-k8s cli docs for the new `proxy log` subcommand (#16458)
* Update the consul-k8s cli docs for the new `proxy log` subcommand

* Updated consul-k8s docs from PR feedback

* Added proxy log command to release notes
2023-03-06 20:43:36 +00:00
cskh b8a6f7c3ab
upgrade test: discovery chain across partition (#16543) 2023-03-06 13:28:02 -05:00
Anita Akaeze 210ea1da42
Merge pull request #4573 from hashicorp/NET-2841 (#16544)
* Merge pull request #4573 from hashicorp/NET-2841

NET-2841: PART 2 refactor upgrade tests to include version 1.15

* update upgrade versions
2023-03-06 11:40:33 -05:00
Chris S. Kim 39dc305143
Follow-up fixes to consul connect envoy command (#16530) 2023-03-06 10:32:06 -05:00
Ronald 7f6f12089f
Improve ux around ACL token to help users avoid overwriting node/service identities (#16506)
* Deprecate merge-node-identities and merge-service-identities flags

* added tests for node identities changes

* added changelog file and docs
2023-03-06 15:00:39 +00:00
Melisa Griffin dac0cc90ed
NET-2904 Fixes API Gateway Route Service Weight Division Error 2023-03-06 08:41:57 -05:00
trujillo-adam 24502e4568
fixes empty link in DNS usage page (#16534) 2023-03-03 15:04:05 -08:00