Sarah Alsmiller
9d165e8ce8
updated all pages to follow cm/s specification
2022-07-25 21:57:30 -05:00
Sarah Alsmiller
02d441f625
left align table
2022-07-25 20:30:51 -05:00
alex
0a66d0188d
peering: prevent peering in same partition ( #13851 )
...
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
2022-07-25 18:00:48 -07:00
trujillo-adam
0a4dff1763
Merge pull request #13897 from hashicorp/peering-metrics-docs-typo
...
fixed typo
2022-07-25 16:36:49 -07:00
Nitya Dhanushkodi
03ea6517c9
peering: remove validation that forces peering token server addresses to be an IP, allow hostname based addresses ( #13874 )
2022-07-25 16:33:47 -07:00
Jared Kirschner
5faa515c91
Merge pull request #12045 from hashicorp/partition-cli-acl-info-and-api-crossref
...
Partitions: Include ACL Info and API cross-ref for CLI Commands
2022-07-25 19:10:55 -04:00
Luke Kysow
5d4209eaf8
Rename receive to recv in tracker ( #13896 )
...
Because it's shorter
2022-07-25 16:08:03 -07:00
Iryna Shustava
2a8280a518
build: add a build job to build and push UBI images to DockerHub ( #13808 )
2022-07-25 15:43:24 -07:00
Jared Kirschner
641bf837b5
docs: remove unnecessary partition CLI cmd info
2022-07-25 15:31:39 -07:00
Jared Kirschner
dd81f6a76f
docs: adjust HTTP API/CLI characteristics tables
2022-07-25 15:31:39 -07:00
Jared Kirschner
dd12584981
docs: restructure partition API characteristics
...
The existing characteristics were restructured into a list.
The corresponding CLI command characteristic was added.
2022-07-25 15:31:38 -07:00
Jared Kirschner
44de9aaf4b
docs: remove partition subcommand usage headings
2022-07-25 15:31:38 -07:00
Jared Kirschner
13c91ddbdc
docs: add partition command characteristics
...
Characteristics include:
- Required ACL permissions
- Corresponding HTTP API endpoint
- (Lack of) support for blocking queries and agent caching
2022-07-25 15:31:38 -07:00
Jared Kirschner
d9d29ad0ed
docs: add partial for api/cli characteristics links
2022-07-25 15:31:38 -07:00
trujillo-adam
fb461995c0
fixed typo
2022-07-25 14:32:33 -07:00
Luke Kysow
a8ae88ec59
peering: read endpoints can now return failing status ( #13849 )
...
Track streams that have been disconnected due to an error and
set their statuses to failing.
2022-07-25 14:27:53 -07:00
Kyle Havlovitz
ec70713dd3
Merge pull request #13872 from hashicorp/remove-upstream-log
...
Remove extra logging from ingress upstream watch shutdown
2022-07-25 12:55:30 -07:00
David Yu
56a25ab6cc
docs: followup on grammar and typo for latency requirements ( #13888 )
2022-07-25 12:50:11 -07:00
alex
79bd7d1817
docs: add peering metric doc ( #13862 )
...
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-25 12:43:06 -07:00
Chris S. Kim
1f8ae56951
Preserve PeeringState on upsert ( #13666 )
...
Fixes a bug where if the generate token is called twice, the second call upserts the zero-value (undefined) of PeeringState.
2022-07-25 14:37:56 -04:00
David Yu
706808dd84
docs: add details around Consul latency requirements ( #13881 )
...
* docs: add details around Consul latency requirements
2022-07-25 11:02:31 -07:00
Chris S. Kim
c752c5bff2
Update envoy metrics label extraction for peered clusters and listeners ( #13818 )
...
Now that peered upstreams can generate envoy resources (#13758 ), we need a way to disambiguate local from peered resources in our metrics. The key difference is that datacenter and partition will be replaced with peer, since in the context of peered resources partition is ambiguous (could refer to the partition in a remote cluster or one that exists locally). The partition and datacenter of the proxy will always be that of the source service.
Regexes were updated to make emitting datacenter and partition labels mutually exclusive with peer labels.
Listener filter names were updated to better match the existing regex.
Cluster names assigned to peered upstreams were updated to be synthesized from local peer name (it previously used the externally provided primary SNI, which contained the peer name from the other side of the peering). Integration tests were updated to assert for the new peer labels.
2022-07-25 13:49:00 -04:00
Michael Klein
27a55683d5
ui: add peers to node search ( #13875 )
...
* Make nodes searchable by peer
* fix only surface peer filter on service search when feature is on
2022-07-25 18:46:47 +02:00
DanStough
adc810563f
chore: ignore vscode files
2022-07-25 12:31:58 -04:00
DanStough
f690d299c9
feat: convert destination address to slice
2022-07-25 12:31:58 -04:00
Luke Kysow
5263980884
Re-document peering disabled ( #13879 )
...
Change wording because it does have effect on clients because it
disables peering in the UI served from that client.
2022-07-25 09:30:37 -07:00
Freddy
e6f997ac5b
[OSS] Add ACL enforcement to peering endpoints ( #13878 )
2022-07-25 10:04:10 -06:00
Matt Keeler
6a47c44755
Enable/Disable Peering Support in the UI ( #13816 )
...
We enabled/disable based on the config flag.
2022-07-25 11:50:11 -04:00
freddygv
5bbc0cc615
Add ACL enforcement to peering endpoints
2022-07-25 09:34:29 -06:00
Kyle Havlovitz
75efc0649b
Remove excess debug log from ingress upstream shutdown
2022-07-22 17:29:38 -07:00
alex
b60ebc022e
peering: use ShouldDial to validate peer role ( #13823 )
...
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-22 15:56:25 -07:00
Luke Kysow
d21f793b74
peering: add config to enable/disable peering ( #13867 )
...
* peering: add config to enable/disable peering
Add config:
```
peering {
enabled = true
}
```
Defaults to true. When disabled:
1. All peering RPC endpoints will return an error
2. Leader won't start its peering establishment goroutines
3. Leader won't start its peering deletion goroutines
2022-07-22 15:20:21 -07:00
Kyle Havlovitz
3cbcfd4b13
Merge pull request #13847 from hashicorp/gateway-goroutine-leak
...
Fix goroutine leaks in proxycfg when using ingress gateway
2022-07-22 14:43:22 -07:00
Freddy
922592d6bb
[OSS] Add new peering ACL rule ( #13848 )
...
This commit adds a new ACL rule named "peering" to authorize
actions taken against peering-related endpoints.
The "peering" rule has several key properties:
- It is scoped to a partition, and MUST be defined in the default
namespace.
- Its access level must be "read', "write", or "deny".
- Granting an access level will apply to all peerings. This ACL rule
cannot be used to selective grant access to some peerings but not
others.
- If the peering rule is not specified, we fall back to the "operator"
rule and then the default ACL rule.
2022-07-22 14:42:23 -06:00
NicoletaPopoviciu
12858f4f90
docs: Updates k8s annotation docs ( #13809 )
...
* Updates k8s annotation docs
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2022-07-22 13:26:31 -07:00
Sarah Alsmiller
ed8b2fe19e
add redirects
2022-07-22 14:20:27 -05:00
alex
7bd55578cc
peering: emit exported services count metric ( #13811 )
...
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-22 12:05:08 -07:00
Matt Keeler
a253d7e49b
Rename some protobuf package names to be fqdn like ( #13861 )
...
These are used in various bits of the wire format (for gRPC) and internally with Go’s registry so we want to namespace things properly.
2022-07-22 14:59:34 -04:00
Thomas Eckert
9cb569b44e
Add options and examples to proxy read
2022-07-22 13:43:38 -04:00
Kyle Havlovitz
55b7eb6838
Add changelog note
2022-07-22 10:33:50 -07:00
A.J. Sanon
9f9ac78243
Add ECS audit logging docs ( #13729 )
2022-07-22 13:30:25 -04:00
Michael Klein
b8131704ea
Improve peered service empty downstreams message ( #13854 )
2022-07-22 19:28:13 +02:00
Thomas Eckert
a1ca68a632
Add descriptions to the subjects
2022-07-22 12:14:01 -04:00
sarahalsmiller
3ba839f288
Update website/content/docs/api-gateway/usage/basic-usage.mdx
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-22 09:45:00 -05:00
Daniel Upton
f018bd6e09
proxycfg-glue: server-local implementation of `ExportedPeeredServices`
...
This is the OSS portion of enterprise PR 2377.
Adds a server-local implementation of the proxycfg.ExportedPeeredServices
interface that sources data from a blocking query against the server's
state store.
2022-07-22 15:23:23 +01:00
Eric Haberkorn
e044343105
Add Cluster Peering Failover Support to Prepared Queries ( #13835 )
...
Add peering failover support to prepared queries
2022-07-22 09:14:43 -04:00
Sarah Alsmiller
ccd120725b
fix tabs
2022-07-21 17:38:57 -05:00
Sarah Alsmiller
e9c67f8cb7
fix tabs
2022-07-21 17:21:22 -05:00
Sarah Alsmiller
c76be552bc
fix tabs
2022-07-21 17:11:07 -05:00
Nitya Dhanushkodi
cbafabde16
update generate token endpoint to take external addresses ( #13844 )
...
Update generate token endpoint (rpc, http, and api module)
If ServerExternalAddresses are set, it will override any addresses gotten from the "consul" service, and be used in the token instead, and dialed by the dialer. This allows for setting up a load balancer for example, in front of the consul servers.
2022-07-21 14:56:11 -07:00