Preetha
89c2b9c97d
Add docs section on regenerating expired CA certificates ( #9709 )
...
* Updated docs on regenerating built in CA
* review feedback
* Add sentence about expected behavior after update CA endpoint is used.
2021-02-11 15:38:12 -06:00
Daniel Nephin
d8f10deda3
Merge pull request #9727 from mbanikazemi/typos
...
Correcting the changed function name in comment
2021-02-11 14:46:10 -05:00
hashicorp-ci
3b442c77f4
auto-updated agent/uiserver/bindata_assetfs.go from commit 96204a21d
2021-02-11 11:42:07 +00:00
John Cowen
08cf0f18a6
ui: [BUGFIX] Ensure we show the correct count of instances for each node ( #9749 )
...
* Add MeshServiceInstances property to node model
* Use MeshServiceInstances property
* Make sure we show the 'No * checks' if Checks.length is zero
2021-02-11 11:36:36 +00:00
hashicorp-ci
7c29524b95
auto-updated agent/uiserver/bindata_assetfs.go from commit 369637aff
2021-02-11 10:10:21 +00:00
John Cowen
631ddff031
ui: Update browser targets to ~2016 browsers ( #9729 )
...
* ui: Reduce range of browsers in targets.js `'Chrome 55', 'Firefox 53', 'Safari 13', 'Edge 15'`
* ui: Remove auto-prefixer
2021-02-11 10:03:13 +00:00
hashicorp-ci
cd87ee21f8
auto-updated agent/uiserver/bindata_assetfs.go from commit eda38a0ba
2021-02-11 09:54:29 +00:00
John Cowen
551ac7b794
ui: [BUGFIX] Replace all replaceAll with split.join for older browsers without replaceAll ( #9715 )
...
* ui: replace all `replaceAll` with split.join
* Use a div instead of fieldset for flex-box reasons
2021-02-11 09:49:39 +00:00
R.B. Boyer
194fb0d144
connect: update supported envoy point releases to 1.16.2, 1.15.3, 1.14.6, 1.13.7 ( #9737 )
2021-02-10 13:11:15 -06:00
Daniel Nephin
e51a8eed09
Merge pull request #9745 from hashicorp/dnephin/fix-streaming-bugs
...
streaming: fix a couple bugs
2021-02-09 18:30:12 -05:00
Daniel Nephin
bd122bb9f5
streaming: double the cache TTL
...
10 minutes is the default blocking query timeout. Using the same value results in us hitting
the expired cache entry bug frequently. By extending this TTL we at least mitigate the problem.
The underlying bug still needs to be fixed.
2021-02-09 14:36:26 -05:00
Daniel Nephin
3ab546623f
submatview: do not reset retry waiter when materializer is reset
...
The materializer is often reset when an error is received. By resetting
the retryWaiter we effectively never wait. The retryWaiter should only
be reset when we get an event without error. This is done in
Materializer.updateView().
2021-02-09 13:56:50 -05:00
Daniel Nephin
041f96639d
api: Use blocking query for health when near is set
...
Streaming can not be used for these queries because the near query
paramter indicates a specific sort of the results, and that sort
requires data that is not available to the client from the streaming
API.
2021-02-09 13:55:33 -05:00
Bryce Kalow
5b54842e44
website: update next and nextjs-scripts ( #9698 )
...
Co-authored-by: Jeff Escalante <jescalan@users.noreply.github.com>
Co-authored-by: Kendall Strautman <36613477+kendallstrautman@users.noreply.github.com>
2021-02-09 09:26:17 -06:00
Matt Keeler
19c99dc104
Stop background refresh of cached data for requests that result in ACL not found errors ( #9738 )
2021-02-09 10:15:53 -05:00
Freddy
5a50b26767
Avoid potential proxycfg/xDS deadlock using non-blocking send
2021-02-08 16:14:06 -07:00
R.B. Boyer
91d9544803
connect: connect CA Roots in the primary datacenter should use a SigningKeyID derived from their local intermediate ( #9428 )
...
This fixes an issue where leaf certificates issued in primary
datacenters using Vault as a Connect CA would be reissued very
frequently (every ~20 seconds) because the logic meant to detect root
rotation was errantly triggering.
The hash of the rootCA was being compared against a hash of the
intermediateCA and always failing. This doesn't apply to the Consul
built-in CA provider because there is no intermediate in use in the
primary DC.
This is reminiscent of #6513
2021-02-08 13:18:51 -06:00
Derek Strickland
8b91cae80f
Crosslink new microservices collection. ( #9704 )
2021-02-08 13:27:20 -05:00
freddygv
87d4b1911c
Add changelog entry
2021-02-08 09:45:58 -07:00
freddygv
a417f88e44
Update comments on avoiding proxycfg deadlock
2021-02-08 09:45:45 -07:00
R.B. Boyer
77424e179a
xds: prevent LDS flaps in mesh gateways due to unstable datacenter lists ( #9651 )
...
Also fix a similar issue in Terminating Gateways that was masked by an overzealous test.
2021-02-08 10:19:57 -06:00
Mohammad Banikazemi
45b11c713a
Correcting the changed function name in comment
...
Signed-off-by: Mohammad Banikazemi <mbanikazemi@gmail.com>
2021-02-06 20:23:40 -05:00
freddygv
0a8f2f2105
Retry send after timer fires, in case no updates occur
2021-02-05 18:00:59 -07:00
Daniel Nephin
df0f93f850
Merge pull request #9722 from hashicorp/dnephin/fix-master-build
...
Fix main build failing
2021-02-05 18:13:13 -05:00
Shantanu Gadgil
3ed3380101
changleog: presense -> presence ( #9713 )
...
presense -> presence
2021-02-05 17:37:55 -05:00
R.B. Boyer
05d767b8d6
xds: deduplicate mesh gateway listeners in a stable way ( #9650 )
...
In a situation where the mesh gateway is configured to bind to multiple
network interfaces, we use a feature called 'tagged addresses'.
Sometimes an address is duplicated across multiple tags such as 'lan'
and 'lan_ipv4'.
There is code to deduplicate these things when creating envoy listeners,
but that code doesn't ensure that the same tag wins every time. If the
winning tag flaps between xDS discovery requests it will cause the
listener to be drained and replaced.
2021-02-05 16:28:07 -06:00
Daniel Nephin
c312e0fd35
Fix main build failing
...
An old PR (#7623 ) was merged after #9585 . The old code was incompatible with the new
changes, but none of the lines caused a git conflict so the merge was allowed.
The incompatible changes caused the tests to fail. This fixes the old code to
work with the new changes.
2021-02-05 17:25:57 -05:00
freddygv
8de6b2590c
Make xDS labeling consistent with proxycfg
2021-02-05 15:15:52 -07:00
freddygv
57c29aba5d
Update proxycfg logging, labels were already attached
2021-02-05 15:14:49 -07:00
Daniel Nephin
23cfbc8f8d
Merge pull request #9719 from hashicorp/oss/state-store-4
...
state: remove registerSchema
2021-02-05 14:02:38 -05:00
Daniel Nephin
dc70f583d4
Merge pull request #9718 from hashicorp/oss/dnephin/ent-meta-in-state-store-3
...
state: convert all table name constants to the new prefix pattern
2021-02-05 14:02:07 -05:00
Daniel Nephin
eb5d71fd19
Merge pull request #9665 from hashicorp/dnephin/state-store-indexes-2
...
state: move config-entries table definition to config_entries_schema.go
2021-02-05 14:01:08 -05:00
Alvin Huang
e056a9147e
ci: escape backticks in github comment for website/ change check ( #9711 )
2021-02-05 13:48:31 -05:00
Daniel Nephin
9beadc578b
Merge pull request #9664 from hashicorp/dnephin/state-store-indexes
...
state: move ACL schema and index definitions to acl_schema.go
2021-02-05 13:38:31 -05:00
Daniel Nephin
b747b27afd
state: remove the need for registerSchema
...
registerSchema creates some indirection which is not necessary in this
case. newDBSchema can call each of the tables.
Enterprise tables can be added from the existing withEnterpriseSchema
shim.
2021-02-05 12:19:56 -05:00
Daniel Nephin
33621706ac
state: rename table name constants to use pattern
...
the 'table' prefix is shorter, and also reads better in queries.
2021-02-05 12:12:19 -05:00
Daniel Nephin
8569295116
state: rename connect constants
2021-02-05 12:12:19 -05:00
Daniel Nephin
afdbf2a8ef
state: rename table name constants to new pattern
...
Using Apps Hungarian Notation for these constants makes the memdb queries more readable.
2021-02-05 12:12:18 -05:00
Daniel Nephin
573f8eb2b4
Merge pull request #9701 from hashicorp/dnephin/ent-meta-remove-extra-arg
...
state: Remove extra entMeta arg to EnsureConfigEntry
2021-02-05 11:43:35 -05:00
Kyle Havlovitz
b299e30db6
Merge pull request #7623 from FriedCircuits/patch-1
...
Add support for RSA private key to TLS utils.
2021-02-04 11:37:51 -08:00
David Yu
7247d9c0cb
docs: fix another broken link to upgrading k8s servers from token rotation page ( #9707 )
...
fix another broken link to upgrading k8s servers from token rotation page
2021-02-04 09:44:04 -08:00
David Yu
5c749d32f8
docs: Small change to fix broken link to k8s upgrade from k8s tls certs page ( #9705 )
...
Broken link to k8s server upgrade from tls certs page
2021-02-04 09:13:32 -08:00
Daniel Nephin
f929a7117e
state: Remove unnecessary entMeta arg to EnsureConfigEntry
2021-02-03 18:10:38 -05:00
Alvin Huang
a0842ce955
ci: add nightly load testing on master ( #9693 )
2021-02-03 15:59:37 -05:00
Alvin Huang
c030c632a2
ci: fix pr file checker ( #9694 )
...
* filter github pr file checker on the right labels object
* only check PR files when the PR is opened
2021-02-03 10:19:37 -05:00
Alvin Huang
d2939d1c9a
ci:check that type/docs-cherrypick is attached to website PR changes ( #9690 )
2021-02-02 17:04:05 -05:00
Kim Ngo
44a5f9057b
docs/nia: recommend sensitive variables for module authoring ( #9692 )
2021-02-02 14:57:46 -06:00
Alvin Huang
ff60cdac89
ci: fix changelog check checkout ( #9688 )
...
* ci: fix changelog check checkout
* use fetch-depth 0 to get all commits to find a merge-base
2021-02-02 14:51:20 -05:00
freddygv
a0be7dcc1d
Add trace logs to proxycfg state runner and xds srv
2021-02-02 12:26:38 -07:00
Kim Ngo
cf5d9c5d55
docs/nia: Update verbiage around securely configuring providers ( #9684 )
...
This reorganizes and flags where and when sensitive information may
be written in plain-text
2021-02-02 13:24:25 -06:00