Freddy
a31d65b914
Prevent running build workflows on all PRs ( #11469 )
2021-11-01 17:29:45 -06:00
Alessandro De Blasis
a3287935c0
changelog
...
Signed-off-by: Alessandro De Blasis <alex@deblasis.net>
2021-11-01 22:47:20 +00:00
Alessandro De Blasis
2b3f4efbab
config: warn the user if client_addr is empty
...
if the provided value is empty string then the client services
(DNS, HTTP, HTTPS, GRPC) are not listening and the user is not notified
in any way about what's happening.
Also, since a not provided client_addr defaults to 127.0.0.1, we make sure
we are not getting unwanted warnings
Signed-off-by: Alessandro De Blasis <alex@deblasis.net>
2021-11-01 22:47:20 +00:00
Daniel Nephin
00ed2b243f
Merge pull request #10771 from hashicorp/dnephin/emit-telemetry-metrics-immediately
...
telemetry: improve cert expiry metrics
2021-11-01 18:31:03 -04:00
Freddy
80e2aef31c
Merge pull request #11450 from hashicorp/ap/best-addr
...
Ensure calls to BestAddress consider partition
2021-11-01 15:44:41 -06:00
freddygv
ecccf22fd7
Exclude default partition from GatewayKey string
...
This will behave the way we handle SNI and SPIFFE IDs, where the default
partition is excluded.
Excluding the default ensures that don't attempt to compare default.dc2
to dc2 in OSS.
2021-11-01 14:45:52 -06:00
freddygv
d944e6ae3a
Update GatewayKeys deduplication
...
Federation states data is only keyed on datacenter, so it cannot be
directly compared against keys for gateway groups.
2021-11-01 13:58:53 -06:00
freddygv
ce43e8cf99
Store GatewayKey in proxycfg snapshot for re-use
2021-11-01 13:58:53 -06:00
freddygv
51c888a41a
Update locality check in xds
2021-11-01 13:58:53 -06:00
freddygv
6657c88296
Update locality check in proxycfg
2021-11-01 13:58:53 -06:00
Peter M
632904ff41
adding K8s page to subnav ( #11467 )
...
* adding K8s page to subnav
per request from HLT, updating use case tab to lead to K8s page instead of service mesh.
* Update subnav.js
2021-11-01 12:41:55 -07:00
Melissa Kam
36ebca63ed
Merge pull request #11466 from hashicorp/cts-tls-typo
...
docs/nia: Fix typo in TLS configs for CTS
2021-11-01 14:23:15 -05:00
Melissa Kam
f7297a712d
docs/nia: Fix typo in TLS configs for CTS
2021-11-01 14:03:19 -05:00
Daniel Nephin
c706bf135c
Merge pull request #11340 from hashicorp/dnephin/ca-manager-provider
...
ca: split the Provider interface into Primary/Secondary
2021-11-01 14:11:15 -04:00
Daniel Nephin
eaaceedf31
Merge pull request #11338 from hashicorp/dnephin/ca-manager-isolate-secondary
...
ca: clearly identify methods that are primary-only or secondary-only
2021-11-01 14:10:31 -04:00
99
411e59c440
Merge pull request #11417 from hashicorp/crt-migration-1.11.0-betax
...
Crt migration 1.11.0 betax
2021-11-01 11:02:55 -07:00
Melissa Kam
89c89657d5
Merge pull request #11463 from hashicorp/docs-cts-tls
...
docs/nia: Update TLS-related configurations for CTS
2021-11-01 12:39:39 -05:00
Daniel Upton
a620b6be2e
Support Check-And-Set deletion of config entries ( #11419 )
...
Implements #11372
2021-11-01 16:42:01 +00:00
trujillo-adam
2bcd5c42b9
Merge pull request #11441 from hashicorp/docs/admin-partitions-feedback-acl-policies
...
admin partitions feedback related to ACLs; additional improvements to ACL rule docs
2021-11-01 09:09:38 -07:00
trujillo-adam
5050867956
Update website/content/docs/security/acl/acl-rules.mdx
...
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2021-11-01 09:07:08 -07:00
Melissa Kam
afac305b54
docs/nia: Update TLS-related configurations for CTS
...
- Clarify file types and uses of the configurations
- Update some wording to match between Consul and TFE TLS configs
2021-11-01 10:44:14 -05:00
Dhia Ayachi
4d763ef9e6
regenerate expired certs ( #11462 )
...
* regenerate expired certs
* add documentation to generate tests certificates
2021-11-01 11:40:16 -04:00
trujillo-adam
c68b3491c7
Apply suggestions from code review
...
fixed typos
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-11-01 08:08:04 -07:00
Konstantine
5ca3fc61b8
added Alternative Domain section to dns page in docs
2021-10-30 16:45:58 +03:00
Jared Kirschner
6dfcbeceec
Merge pull request #11348 from kbabuadze/fix-answers-alt-domain
...
Fix answers for alt domain
2021-10-29 17:09:20 -04:00
David Yu
571cff9dc9
docs: add -verbose flag for install command ( #11447 )
2021-10-29 12:08:23 -07:00
99
324fa75d25
PR fixes
2021-10-28 22:22:38 -07:00
R.B. Boyer
2353d59413
cli: update consul members output to display partitions and sort the results usefully ( #11446 )
2021-10-28 17:27:31 -05:00
R.B. Boyer
d40d098321
agent: for various /v1/agent endpoints parse the partition parameter on the request ( #11444 )
...
Also update the corresponding CLI commands to send the parameter
appropriately.
NOTE: Behavioral changes are not happening in this PR.
2021-10-28 16:44:38 -05:00
R.B. Boyer
017e9d5ae4
agent: add a clone function for duplicating the serf lan configuration ( #11443 )
2021-10-28 16:11:26 -05:00
Mark Anderson
a749a41d07
Fix back compat issues with UDS config ( #11318 )
...
SocketPath needs to be omitted when empty to avoid confusing older versions of Consul
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2021-10-28 13:31:10 -07:00
David Yu
c3a1895f2e
docs: revised Helm install to create namespace and install on dedicated namespace ( #11440 )
...
* docs: revised Helm install to create namespace and install on dedicated Consul namespace
* Update website/content/docs/k8s/installation/install.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
* Update install.mdx
* changing to Helm 3.2+ as a pre-req to make it easier to follow
* might as well bump to latest version
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2021-10-28 12:27:00 -07:00
Daniel Nephin
a8d6392ab5
Add tests for cert expiry metrics
2021-10-28 14:38:57 -04:00
trujillo-adam
e70cff6ee8
applying admin partitions feedback related to ACLs; additional immprovments to ACL rule docs
2021-10-28 11:23:15 -07:00
99
daf4208341
Update .github/workflows/build.yml
...
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-10-28 11:07:55 -07:00
Daniel Nephin
503dee2d80
Merge pull request #10671 from hashicorp/dnephin/fix-subscribe-test-flake
...
subscribe: improve TestSubscribeBackend_IntegrationWithServer_DeliversAllMessages
2021-10-28 12:57:09 -04:00
Daniel Nephin
b02b324c9d
Merge pull request #11255 from hashicorp/dnephin/fix-auth-verify-incoming
...
tlsutil: only AuthorizerServerConn when VerifyIncomingRPC is true
2021-10-28 12:56:58 -04:00
sidzi
ec65c6b3c5
Refactor requireHttpCodes for segregated error handling ( #11287 )
2021-10-28 12:24:23 -04:00
Kim Ngo
0ac20e556a
CTS document manual apply ( #11426 )
...
* CTS document manual apply
* Add Consul-Terraform-Sync parentheses to CTS acronym
* Add tf link for run notifications
2021-10-28 10:19:18 -05:00
Evan Culver
b3c92f22b1
connect: Remove support for Envoy 1.16 ( #11354 )
2021-10-27 18:51:35 -07:00
Evan Culver
98acbfa79c
connect: Add support for Envoy 1.20 ( #11277 )
2021-10-27 18:38:10 -07:00
Freddy
d6b2a22fd0
Merge pull request #11436 from hashicorp/api/exports-marshal
...
[OSS] Ensure partition-exports kind gets marshaled
2021-10-27 15:27:25 -06:00
99
6195b55dac
Update release branch to 1.11.x
2021-10-27 14:14:02 -07:00
freddygv
35c5ff5011
Update filename to match entry kind - mesh
2021-10-27 15:01:26 -06:00
freddygv
3dd21023bc
Ensure partition-exports kind gets marshalled
...
The api module has decoding functions that rely on 'kind' being present
of payloads. This is so that we can decode into the appropriate api type
for the config entry.
This commit ensures that a static kind is marshalled in responses from
Consul's api endpoints so that the api module can decode them.
2021-10-27 15:01:26 -06:00
Daniel Nephin
0a19d7fd76
agent: move agent tls metric monitor to a more appropriate place
...
And add a test for it
2021-10-27 16:26:09 -04:00
Daniel Nephin
1b2144c982
telemetry: set cert expiry metrics to NaN on start
...
So that followers do not report 0, which would make alerting difficult.
2021-10-27 15:19:25 -04:00
Daniel Nephin
a7fcf14c5c
telemetry: fix cert expiry metrics by removing labels
...
These labels should be set by whatever process scrapes Consul (for
prometheus), or by the agent that receives them (for datadog/statsd).
We need to remove them here because the labels are part of the "metric
key", so we'd have to pre-declare the metrics with the labels. We could
do that, but that is extra work for labels that should be added from
elsewhere.
Also renames the closure to be more descriptive.
2021-10-27 15:19:25 -04:00
Daniel Nephin
4300daa2e6
telemetry: only emit leader cert expiry metrics on the servers
2021-10-27 15:19:25 -04:00
Daniel Nephin
9de725c17d
telemetry: prevent stale values from cert monitors
...
Prometheus scrapes metrics from each process, so when leadership transfers to a different node
the previous leader would still be reporting the old cached value.
By setting NaN, I believe we should zero-out the value, so that prometheus should only consider the
value from the new leader.
2021-10-27 15:19:25 -04:00