a8adcf2a96
Merge pull request #7713 from hashicorp/dnephin/connect-proxy-passive-healthcheck
...
xds: Add passive health check config for upstreams (aka envoy outlier detection)
2020-05-08 15:48:50 -04:00
ce3aeb85f5
Add outlier_detection check to integration test
...
Fix decoding of time.Duration types.
2020-05-08 14:56:57 -04:00
987875524a
xds: Add passive health check config for upstreams
2020-05-08 14:56:57 -04:00
a635e23f86
Restoring config entries updates the gateway-services table ( #7811 )
...
- Adds a new validateConfigEntryEnterprise function
- Also fixes some state store tests that were failing in enterprise
2020-05-08 13:24:33 -05:00
a37d7a42c9
Fix up enterprise compatibility for gateways ( #7813 )
2020-05-08 09:44:34 -06:00
44011c81f2
Fix spelling of deregister ( #7804 )
2020-05-08 10:03:45 -04:00
7d9ac06f83
Merge pull request #7815 from hashicorp/denislavdenov-patch-1
...
Update license.mdx
2020-05-08 16:04:39 +03:00
3932b5b907
Update website/pages/docs/commands/license.mdx
...
Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com>
2020-05-08 15:51:52 +03:00
aa5527303b
Update license.mdx
...
Hello team,
I noticed that the reset part of the consul license command was missing in the documentation so I added it and created this PR.
2020-05-08 11:13:41 +03:00
bf70ad1802
cli: oss refactors to support making the auth method CLI aware of namespace rules in enterprise ( #7812 )
2020-05-07 17:08:42 -05:00
2d657c3c0f
Allow ingress gateways to send empty clusters, routes, and listeners ( #7795 )
...
This is useful when updating an config entry with no services, and the
expected behavior is that envoy closes all listeners and clusters.
We also allow empty routes because ingress gateways name route
configurations based on the port of the listener, so it is important we
remove any stale routes. Then, if a new listener with an old port is
added, we will not have to deal with stale routes hanging around routing
to the wrong place.
Endpoints are associated with clusters, and thus by deleting the
clusters we don't have to care about sending empty endpoint responses.
2020-05-07 16:19:25 -05:00
55e5c1b9ef
add alert banner to website
2020-05-06 20:06:39 -04:00
ad8a0544f2
Require individual services in ingress entry to match protocols ( #7774 )
...
We require any non-wildcard services to match the protocol defined in
the listener on write, so that we can maintain a consistent experience
through ingress gateways. This also helps guard against accidental
misconfiguration by a user.
- Update tests that require an updated protocol for ingress gateways
2020-05-06 16:09:24 -05:00
a749f46316
Remove timeout and call to Fatal from goroutine ( #7797 )
2020-05-06 14:33:17 -06:00
65af2a323c
update changelog
2020-05-06 15:32:27 -05:00
095f0503e8
test: make auth method cli crud test work in both oss and ent ( #7800 )
2020-05-06 15:16:50 -05:00
ea21280636
test: make auth method cli crud test helper ignore the default namespace ( #7799 )
2020-05-06 15:09:47 -05:00
cf03f3df31
Merge pull request #7678 from hashicorp/ingress/host-header-routing
...
Allow ingress gateways to route traffic based on Host header
2020-05-06 15:07:36 -05:00
ac115e39b2
A proxy-default config entry only exists in the default namespace
2020-05-06 15:06:14 -05:00
ff501ffb40
Correctly set a namespace label in the required domain for xds routes
...
If an upstream is not in the default namespace, we expect DNS requests
to be served over "<service-name>.ingress.<namespace>.*"
2020-05-06 15:06:14 -05:00
9a130f2ccc
Remove outdated comment
2020-05-06 15:06:14 -05:00
21e0ed8f8d
Better document wildcard specifier interactions
2020-05-06 15:06:14 -05:00
d8ac79041d
Re-add comment on connect-proxy virtual hosts
2020-05-06 15:06:14 -05:00
26533dcb09
Make sure IngressHosts isn't parsed during JSON decode
2020-05-06 15:06:14 -05:00
c30a7bfdfe
Comment why it is ok to expect upstreams slice to not be empty
2020-05-06 15:06:13 -05:00
9b9dfa8eeb
xds: Use only the port number as the configured route name
...
This removes duplication of protocol from the stats_prefix
2020-05-06 15:06:13 -05:00
04b6bd637a
Filter wildcard gateway services to match listener protocol
...
This now requires some type of protocol setting in ingress gateway tests
to ensure the services are not filtered out.
- small refactor to add a max(x, y) function
- Use internal configEntryTxn function and add MaxUint64 to lib
2020-05-06 15:06:13 -05:00
210dda5682
Allow Hosts field to be set on an ingress config entry
...
- Validate that this cannot be set on a 'tcp' listener nor on a wildcard
service.
- Add Hosts field to api and test in consul config write CLI
- xds: Configure envoy with user-provided hosts from ingress gateways
2020-05-06 15:06:13 -05:00
837d2aa7d2
Remove service_subset field from ingress config entry
...
We decided that this was not a useful MVP feature, and just added
unnecessary complexity
2020-05-06 15:06:13 -05:00
e4268c8b7f
Support multiple listeners referencing the same service in gateway definitions
2020-05-06 15:06:13 -05:00
b21cd112e5
Allow ingress gateways to route traffic based on Host header
...
This commit adds the necessary changes to allow an ingress gateway to
route traffic from a single defined port to multiple different upstream
services in the Consul mesh.
To do this, we now require all HTTP requests coming into the ingress
gateway to specify a Host header that matches "<service-name>.*" in
order to correctly route traffic to the correct service.
- Differentiate multiple listener's route names by port
- Adds a case in xds for allowing default discovery chains to create a
route configuration when on an ingress gateway. This allows default
services to easily use host header routing
- ingress-gateways have a single route config for each listener
that utilizes domain matching to route to different services.
2020-05-06 15:06:13 -05:00
1187d7288e
acl: oss plumbing to support auth method namespace rules in enterprise ( #7794 )
...
This includes website docs updates.
2020-05-06 13:48:04 -05:00
b730590c82
Merge pull request #7792 from hashicorp/changelog-fixup
...
Remove duplicated entries in CHANGELOG.md
2020-05-06 13:31:03 -05:00
859496157d
Remove duplicated entries in CHANGELOG.md
...
Remove some duplicated entries in the unreleased section of the changelog that were released in 1.7.3
2020-05-06 08:56:41 -05:00
1817748157
Update CHANGELOG.md
2020-05-06 01:38:59 +02:00
3b9e53e290
Merge pull request #7724 from hashicorp/helm-repo
...
Update k8s instructions for new helm repo
2020-05-05 16:17:53 -07:00
b6cc92020d
test: make the kube auth method test helper use freeport ( #7788 )
2020-05-05 16:55:21 -05:00
5d2b10e862
segments: oss changes for enterprise network area changes ( #7786 )
...
OSS code changes for network segments
2020-05-05 21:41:19 +02:00
e3e2b82a00
network_segments: stop advertising segment tags
2020-05-05 21:32:05 +02:00
854aac510f
agent: refactor to use a single addrFn
2020-05-05 21:08:10 +02:00
0f2e189012
agent: rename local/global to src/dst
2020-05-05 21:07:34 +02:00
3cb54b0c1a
Update CHANGELOG.md
2020-05-05 10:56:50 -05:00
837bd6f558
Construct a default destination if one does not exist for service-router ( #7783 )
2020-05-05 10:49:50 -05:00
930af9168d
Update CHANGELOG.md
2020-05-05 09:56:56 -04:00
53d44a67d2
Update CHANGELOG.md
2020-05-05 09:53:46 -04:00
f39bd26a7c
vendor: revert golang.org/x/sys bump to avoid FreeBSD regression ( #7780 )
2020-05-05 09:26:17 +02:00
a61329c747
docs: add Helm docs for external servers and bootstrapToken ( #7725 )
2020-05-04 18:09:59 -07:00
3f521de377
update changelog
2020-05-04 17:03:59 -05:00
c9c557477b
acl: add MaxTokenTTL field to auth methods ( #7779 )
...
When set to a non zero value it will limit the ExpirationTime of all
tokens created via the auth method.
2020-05-04 17:02:57 -05:00
75cb0715b1
Update CHANGELOG.md
2020-05-04 16:24:40 -05:00
Daniel Nephin