Commit Graph

16510 Commits

Author SHA1 Message Date
freddygv 7fba7456ec Fix race of upstreams with same passthrough ip
Due to timing, a transparent proxy could have two upstreams to dial
directly with the same address.

For example:
- The orders service can dial upstreams shipping and payment directly.
- An instance of shipping at address 10.0.0.1 is deregistered.
- Payments is scaled up and scheduled to have address 10.0.0.1.
- The orders service receives the event for the new payments instance
before seeing the deregistration for the shipping instance. At this
point two upstreams have the same passthrough address and Envoy will
reject the listener configuration.

To disambiguate this commit considers the Raft index when storing
passthrough addresses. In the example above, 10.0.0.1 would only be
associated with the newer payments service instance.
2022-02-10 17:01:57 -07:00
freddygv d5a2eb677f Ensure passthrough addresses get cleaned up
Transparent proxies can set up filter chains that allow direct
connections to upstream service instances. Services that can be dialed
directly are stored in the PassthroughUpstreams map of the proxycfg
snapshot.

Previously these addresses were not being cleaned up based on new
service health data. The list of addresses associated with an upstream
service would only ever grow.

As services scale up and down, eventually they will have instances
assigned to an IP that was previously assigned to a different service.
When IP addresses are duplicated across filter chain match rules the
listener config will be rejected by Envoy.

This commit updates the proxycfg snapshot management so that passthrough
addresses can get cleaned up when no longer associated with a given
upstream.

There is still the possibility of a race condition here where due to
timing an address is shared between multiple passthrough upstreams.
That concern is mitigated by #12195, but will be further addressed
in a follow-up.
2022-02-10 17:01:57 -07:00
freddygv 68dea758dd Add failing test
The updated test fails because passthrough upstream addresses are not
being cleaned up.
2022-01-27 18:56:47 -07:00
trujillo-adam 93cff86480
Merge pull request #11951 from hashicorp/docs/api-gateway-beta
API gateway docs going live for beta
2022-01-27 13:38:08 -08:00
trujillo-adam 0b016e50fd added min supported kubectl 2022-01-27 13:31:03 -08:00
Iryna Shustava 0c8b82b29d
docs: Add annotations for consul-sidecar resource overrides (#12142) 2022-01-27 14:25:06 -07:00
trujillo-adam 8f9224369b more feedback about helm chart from Jeff 2022-01-27 13:02:21 -08:00
trujillo-adam f2404748d7 added link to tutorial 2022-01-27 12:21:19 -08:00
trujillo-adam 3d57557eae formatting 2022-01-27 12:02:48 -08:00
trujillo-adam 9e086459a3 fixed formatting, applied Jeff's feedback 2022-01-27 11:46:14 -08:00
Daniel Nephin d061a02bca
Merge pull request #11706 from hashicorp/dnephin/ca-remove-provider-active-root
ca: remove Provider.ActiveRoot, return the root from Provider.GenerateRoot
2022-01-27 14:34:02 -05:00
Thomas Kula 88bab31f22 Fix #service-rules link in reference table 2022-01-27 11:32:53 -08:00
trujillo-adam e0b02b844e still trying to fix formatting 2022-01-27 10:55:13 -08:00
trujillo-adam 9193f4ad3a removed extra quotation mark typo 2022-01-27 10:44:14 -08:00
trujillo-adam 85703e022d fixed formatting 2022-01-27 10:33:39 -08:00
trujillo-adam 03e952d896 reordered the installation steps 2022-01-27 10:31:02 -08:00
Daniel Nephin fa8ff28a63 ca/provider: remove ActiveRoot from Provider 2022-01-27 13:07:37 -05:00
trujillo-adam 565c66f203 applying additional feedback 2022-01-27 10:01:29 -08:00
Paul Glass 5bd733c9a7
Merge pull request #11825 from hashicorp/pglass/ecs-merge-arch-into-overview
docs: ECS 0.3.0 Updates
2022-01-27 11:57:41 -06:00
Daniel Nephin 722e3a6ac4 ca: update MockProvider for new interface 2022-01-27 12:51:35 -05:00
Daniel Nephin 80f215675c ca: update GenerateRoot godoc 2022-01-27 12:51:35 -05:00
Daniel Nephin d56a1dfb2c
Merge pull request #11663 from hashicorp/dnephin/ca-remove-one-call-to-active-root-2
ca: remove second call to Provider.ActiveRoot
2022-01-27 12:41:05 -05:00
Paul Glass 750d3e645b docs: Add configuration reference for ECS 2022-01-27 11:34:49 -06:00
Paul Glass 44c69395bc docs: Fixes to ECS manual secure configuration
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-01-27 11:34:49 -06:00
Paul Glass 558967c767 docs: Manual secure configuration for ECS 2022-01-27 11:34:49 -06:00
Paul Glass 270b8255cd docs: Refine ECS installation docs
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-01-27 11:34:49 -06:00
Paul Glass 2d5b7b03aa docs: Improving ECS installation docs 2022-01-27 11:34:49 -06:00
Paul Glass 69de9c4d2e docs: Apply suggestions to ECS docs from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-01-27 11:34:48 -06:00
Paul Glass 35b37345be docs: Correct ECS filename -> manual-installation.mdx 2022-01-27 11:34:48 -06:00
Paul Glass 2682a99a78 docs: Improving ECS manual installation page 2022-01-27 11:34:48 -06:00
Paul Glass d0230d8f60 docs: Apply suggestions for manual ECS installation
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2022-01-27 11:34:48 -06:00
Paul Glass 5a98efcf56 docs: Manual installation of Consul on ECS 2022-01-27 11:34:48 -06:00
Paul Glass 446355ff69 docs: Unmerge ECS architecture from overview 2022-01-27 11:34:48 -06:00
Paul Glass fbbe71415a docs: Flatten ECS "Getting Started" navigation 2022-01-27 11:34:48 -06:00
Paul Glass 29bd32c9ce docs: Merge ECS Architecture into overview 2022-01-27 11:34:48 -06:00
Mike Morris 2d7dd2e3f3 website: fix ordering of list with nested code blocks 2022-01-27 11:34:11 -05:00
Mike Morris 152fed138b website: fix indentation to resolve CodeBlockConfig syntax error 2022-01-27 11:12:32 -05:00
trujillo-adam 8b4d9c3b65
Apply suggestions from code review
Thanks for catching my typos!

Co-authored-by: Nathan Coleman <nathandanielcoleman@gmail.com>
2022-01-27 08:06:54 -08:00
Chris S. Kim f7285ed35b
ci: Update CI to stash changes before checkout (#12210) 2022-01-27 10:59:05 -05:00
John Cowen 79b9254c1a
ui: css-prop modifier (#12205)
Get the value for a single specific CSS Property from the modified element.
returns can be specified either as a second parameter or an option.
2022-01-27 11:27:38 +00:00
John Cowen a8466a874c
ui: class-map helper (#12202)
{{class-map}} is used to easily add a list of classes, conditionally, and
have them all formatted nicely ready to be printed in a DOM class attribute.

For ease, as well as using entries, you can also just provide a simple string
without the boolean and that class will always be added.
2022-01-27 11:21:12 +00:00
trujillo-adam 465f3c7cfd integrated TLS info 2022-01-26 16:04:24 -08:00
trujillo-adam 6c9470c478
Apply suggestions from code review
Adding content and feedback from @mikemorris

Co-authored-by: Mike Morris <mikemorris@users.noreply.github.com>
2022-01-26 15:16:22 -08:00
Daniel Nephin d3324d0d27
Merge pull request #12109 from hashicorp/dnephin/blocking-query-1
rpc: make blockingQuery easier to read
2022-01-26 18:13:55 -05:00
trujillo-adam dd7f0b7273 added more complete spec info and applied feedback 2022-01-26 15:11:40 -08:00
Luke Kysow b7f8213492
Update docs for new client daemonset name (#12200) 2022-01-26 14:22:12 -08:00
Daniel Nephin 14a40fab1a
Merge pull request #11221 from hashicorp/dnephin/acl-resolver-5
acl: extract a backend type for the ACLResolverBackend
2022-01-26 16:57:03 -05:00
Blake Covarrubias d221bc7767 docs: Clarify docs for providing multiple join addresses
Rephrase the comment about specifying multiple join addresses to
clarify that it pertains to joining a single cluster by attempting to
contact one or more nodes.
2022-01-26 13:11:51 -08:00
Daniel Nephin a7f0ff5989
Merge pull request #11686 from hashicorp/dnephin/remove-demo
Remove demo directory
2022-01-26 13:58:56 -05:00
Luke Kysow 0eb453ce17
Update distributed-tracing.mdx with caveat on 128 bit IDs (#12196)
* Update distributed-tracing.mdx
2022-01-26 10:39:33 -08:00