Commit graph

11222 commits

Author SHA1 Message Date
Kyle Havlovitz 6a5eba63ab
Ingress Gateways for TCP services (#7509)
* Implements a simple, tcp ingress gateway workflow

This adds a new type of gateway for allowing Ingress traffic into Connect from external services.

Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-04-16 14:00:48 -07:00
Daniel Nephin 12b026db62
Merge pull request #7650 from hashicorp/dnephin/remove-id-init-methods
agent/structs: Remove ServiceID.Init and CheckID.Init
2020-04-16 16:37:04 -04:00
danielehc 11ed4207fc
Adding links to new GS track in learn (#7649)
* Adding links to new GS track in learn
2020-04-16 19:56:31 +02:00
Daniel Nephin dc3df311a4
Merge pull request #7652 from hashicorp/dnephin/update-joyent-dep
Update github.com/joyent/triton-go to latest
2020-04-16 13:26:02 -04:00
Daniel Nephin 7237eb67ed Update github.com/joyent/triton-go to latest
There was an RSA private key used for testing included in the old
version. This commit updates it to a version that does not include the
key so that the key is not detected by tools which scan the Consul
binary for private keys.

Commands run:

go get github.com/joyent/triton-go@6801d15b779f042cfd821c8a41ef80fc33af9d47
make update-vendor
2020-04-16 12:34:29 -04:00
Daniel Nephin 6ade136abf agent/structs: Remove ServiceID.Init and CheckID.Init
The Init method provided the same functionality as the New constructor.
The constructor is both more widely used, and more idiomatic, so remove
the Init method.

This change is in preparation for fixing printing of these IDs.
2020-04-15 12:09:56 -04:00
sasha 8afa406177
add DNSSAN and IPSAN to cache key (#7597) 2020-04-15 10:11:11 -05:00
John Cowen 310d35e69c
ui: Lazily detect HTTP protocol (#7644)
This commit includes 2 things:

1. Sometimes (seemingly due to client caching), performance entries
aren't available, even for the currently executing script. This waits
until the first retrieval of 'CONSUL_HTTP_PROTOCOL' before using the
performance entries to decide this. This means that the entries aren't
inspected until ember has initialized, which means that the entries are
always available.

2. getCurrentResource/getResourceFor could potentially return undefined
if the correct entry could not be found. This adds a default {} return
value if the resource cannot be found. This means that if for whatever
reason the correct resource cannot be found at least we don't fail with
an error and just drop back to HTTP/1 functionality.
2020-04-15 14:42:55 +01:00
Hans Hasselberg 2746a1272d
Update CHANGELOG.md 2020-04-14 23:32:40 +02:00
Hans Hasselberg 40ca3bc610
Add 1.6.5 2020-04-14 23:10:54 +02:00
Daniel Nephin 4abc8b57ee
Merge pull request #7638 from pierresouchay/fix_unstable_assert_alive_wan_member_count
More tolerant assert_alive_wan_member_count to fix unstable tests
2020-04-14 12:30:43 -04:00
Matt Keeler 984ebb8f20
Update CHANGELOG.md 2020-04-14 12:05:17 -04:00
Matt Keeler a8c4925502
Update CHANGELOG.md 2020-04-14 11:58:04 -04:00
Matt Keeler 1e70ffee76
Update the Client code to use the common version checking infra… (#7558)
Also reduce the log level of some version checking messages on the server as they can be pretty noisy during upgrades and really are more for debugging purposes.
2020-04-14 11:54:27 -04:00
Matt Keeler 1332628b67
Allow the bootstrap endpoint to be disabled in enterprise. (#7614) 2020-04-14 11:45:39 -04:00
David Yu 8d76671947
Consul on Kubernetes Learn Guide Links (#7642)
* Adding EKS Learn Guide to Docs
2020-04-14 07:53:17 -07:00
Chris Piraino 0ab9aa9489
Add support for ingress-gateway in CLI command (#7618)
* Add support for ingress-gateway in CLI command

- Supports -register command
- Creates a static Envoy listener that exposes only the /ready API so
that we can register a TCP healthcheck against the ingress gateway
itself
- Updates ServiceAddressValue.String() to be more in line with Value()
2020-04-14 09:48:02 -05:00
danielehc 778ba5310a
docs: Link to compatibility matrix for imageEnvoy (#7387)
* docs: Link to compatibility matrix for imageEnvoy

Added a link to the Envoy supported version in the documentation for `imageEnvoy` parameter.

* Update website/source/docs/platform/k8s/helm.html.md
2020-04-14 14:13:14 +02:00
Daniel Nephin 3237a55e32
Merge pull request #7585 from hashicorp/dnephin/agent-cache
agent/cache: Small changes to hopefully improve readability
2020-04-13 15:47:52 -04:00
Daniel Nephin fb31212de7 Remove TTL from cacheEntryExpiry
This should very slightly reduce the amount of memory required to store each item in
the cache.

It will also enable setting different TTLs based on the type of result. For example
we may want to use a shorter TTL when the result indicates the resource does not exist,
as storing these types of records could easily lead to a DOS caused by
OOM.
2020-04-13 13:10:38 -04:00
Daniel Nephin 371cf05340 agent/cache: Reduce differences between notify implementations
These two notify functions are very similar. There appear to be just
enough differences that trying to parameterize the differences may not
improve things.

For now, reduce some of the cosmetic differences so that the material
differences are more obvious.
2020-04-13 13:10:38 -04:00
Daniel Nephin 4d398d26ae agent/cache: Inline the refresh function to make recursion more obvious
fetch is already an exceptionally long function, but hiding the
recrusion in a function call likely does not help.
2020-04-13 13:10:38 -04:00
Daniel Nephin 98ef66e70a agent/cache: Make the return values of getEntryLocked more obvious
Use named returned so that the caller has a better idea of what these
bools mean.

Return early to reduce the scope, and make it more obvious what values
are returned in which cases. Also reduces the number of conditional
expressions in each case.
2020-04-13 13:10:38 -04:00
Daniel Nephin eff825345e
Merge pull request #7639 from hashicorp/dnephin/fix-master
Fix test failing on master
2020-04-13 13:09:48 -04:00
Daniel Nephin bdbb704c5c Fix golden file for envoy tests
The envoy version was updated after the PR which added this test was opened, and
merged before the test was merged, so it ended up with the wrong version.
2020-04-13 12:58:02 -04:00
Daniel Nephin cef60d1547 agent/cache: Small formatting improvements to improve readability
Remove Cache.entryKey which called a single function.
Format multiline struct creation one field per line.
2020-04-13 12:34:11 -04:00
Daniel Nephin 85411d6b54 Remove SnapshotRPC passthrough
The caller has access to the delegate, so we do not gain anything by
wrapping the call in Agent.
2020-04-13 12:32:57 -04:00
Daniel Nephin a2135d012b
Merge pull request #7608 from hashicorp/dnephin/grpc-default-scheme
command/envoy: enable TLS when CONSUL_HTTP_ADDR=https://...
2020-04-13 12:30:26 -04:00
Daniel Nephin bf2a6452f1
Merge pull request #7596 from hashicorp/dnephin/agent-cache-type-entry
agent/cache: move typeEntry lookup to the edge
2020-04-13 12:24:07 -04:00
Matt Keeler 2adcdec11e
Update CHANGELOG.md 2020-04-13 11:21:18 -04:00
Pierre Souchay a3da31c86a More tolerant assert_alive_wan_member_count to fix unstable tests
Example of failure (very frequent):
https://circleci.com/gh/hashicorp/consul/157985
2020-04-13 16:02:45 +02:00
Pierre Souchay 2e6cd9e11a
fix flaky TestReplication_FederationStates test due to race conditions (#7612)
The test had two racy bugs related to memdb references.

The first was when we initially populated data and retained the FederationState objects in a slice. Due to how the `inmemCodec` works these were actually the identical objects passed into memdb.

The second was that the `checkSame` assertion function was reading from memdb and setting the RaftIndexes to zeros to aid in equality checks. This was mutating the contents of memdb which is a no-no.

With this fix, the command:
```
i=0; while /usr/local/bin/go test -count=1 -timeout 30s github.com/hashicorp/consul/agent/consul -run '^(TestReplication_FederationStates)$'; do i=$((i + 1)); printf "$i "; done
```
That used to break on my machine in less than 20 runs is now running 150+ times without any issue.

Might also fix #7575
2020-04-09 15:42:41 -05:00
Andrea Scarpino 2757510e84
docs: document consulPrefix properly (#7603) 2020-04-09 22:02:23 +02:00
danielehc 8174c2c0e7
Adding API version for example call (#7626) 2020-04-09 21:25:22 +02:00
Hans Hasselberg b78220981c
connect: support envoy 1.14.1 (#7624) 2020-04-09 20:58:22 +02:00
Pierre Souchay 071d4ee395
tests: change default http_max_conns_per_client to 250 to ease tests (#7625)
On recent Mac OS versions, the ulimit defaults to 256 by default, but many
systems (eg: some Linux distributions) often limit this value to 1024.

On validation of configuration, Consul now validates that the number of
allowed files descriptors is bigger than http_max_conns_per_client.

This make some unit tests failing on Mac OS.
Use a less important value in unit test, so tests runs well by default
on Mac OS without need for tuning the OS.
2020-04-09 11:11:42 +02:00
Blake Covarrubias a088d12a20 docs: Fix broken link to Nomad Consul Connect guide 2020-04-08 14:59:36 -07:00
Freddy c1f79c6b3c
Terminating gateway discovery (#7571)
* Enable discovering terminating gateways

* Add TerminatingGatewayServices to state store

* Use GatewayServices RPC endpoint for ingress/terminating
2020-04-08 12:37:24 -06:00
Freddy f5b9688336
Add decode rules for Expose cfg in service-defaults (#7611) 2020-04-07 19:37:47 -06:00
Daniel Nephin 575ad5c39f Fix CONSUL_HTTP_ADDR=https not enabling TLS
Use the config instead of attempting to reparse the env var.
2020-04-07 18:16:53 -04:00
Daniel Nephin 97c9f73261 Step 3: fix a bug in api.NewClient and fix the tests
The api client should never rever to HTTP if the user explicitly
requested TLS. This change broke some tests because the tests always use
an non-TLS http server, but some tests explicitly enable TLS.
2020-04-07 18:02:56 -04:00
Iryna Shustava 1b5cff80f2
docs: Add Helm docs for auto-encrypt and external servers (#7595)
* docs: Add Helm docs for auto-encrypt and external servers
2020-04-07 14:41:16 -07:00
Luke Kysow 812aedce48
Merge pull request #7586 from hashicorp/helm-docs
Document bootstrapACLs deprecation
2020-04-07 14:02:12 -07:00
Daniel Nephin ae42dea2d5 Step 2: extract the grpc address logic and a new type
The new grpcAddress function contains all of the logic to translate the
command line options into the values used in the template.

The new type has two advantages.

1. It introduces a logical grouping of values in the BootstrapTplArgs
   struct which is exceptionally large. This grouping makes the struct
   easier to understand because each set of nested values can be seen
   as a single entity.
2. It gives us a reasonable return value for this new function.
2020-04-07 16:36:51 -04:00
Daniel Nephin 5092aaf9b8 Step 1: move all the grpcAddr logic into the same spot
There is no reason a reader should have to jump around to find this value. It is only
used in 1 place
2020-04-07 15:53:12 -04:00
Alvin Huang c5f5cfddf6
filter out non go branches from the 'go-tests' workflow (#7606) 2020-04-07 15:39:23 -04:00
Matt Keeler 5851ea4f64
Update CHANGELOG.md 2020-04-07 11:49:36 -04:00
Matt Keeler 42f02e80c3
Enable filtering language support for the v1/connect/intentions… (#7593)
* Enable filtering language support for the v1/connect/intentions listing API

* Update website for filtering of Intentions

* Update website/source/api/connect/intentions.html.md
2020-04-07 11:48:44 -04:00
Daniel Nephin 72e2695986
Merge pull request #7598 from pierresouchay/preallocation_of_dns_meta
Pre-allocations of DNS meta to avoid several allocations
2020-04-06 14:00:32 -04:00
Luke Kysow 1cef40b6a4
Update website/source/docs/platform/k8s/helm.html.md
Co-Authored-By: Iryna Shustava <ishustava@users.noreply.github.com>
2020-04-06 09:16:49 -07:00