Commit Graph

18509 Commits

Author SHA1 Message Date
Sarah Alsmiller 9d165e8ce8 updated all pages to follow cm/s specification 2022-07-25 21:57:30 -05:00
Sarah Alsmiller 02d441f625 left align table 2022-07-25 20:30:51 -05:00
alex 0a66d0188d
peering: prevent peering in same partition (#13851)
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
2022-07-25 18:00:48 -07:00
trujillo-adam 0a4dff1763
Merge pull request #13897 from hashicorp/peering-metrics-docs-typo
fixed typo
2022-07-25 16:36:49 -07:00
Nitya Dhanushkodi 03ea6517c9
peering: remove validation that forces peering token server addresses to be an IP, allow hostname based addresses (#13874) 2022-07-25 16:33:47 -07:00
Jared Kirschner 5faa515c91
Merge pull request #12045 from hashicorp/partition-cli-acl-info-and-api-crossref
Partitions: Include ACL Info and API cross-ref for CLI Commands
2022-07-25 19:10:55 -04:00
Luke Kysow 5d4209eaf8
Rename receive to recv in tracker (#13896)
Because it's shorter
2022-07-25 16:08:03 -07:00
Iryna Shustava 2a8280a518
build: add a build job to build and push UBI images to DockerHub (#13808) 2022-07-25 15:43:24 -07:00
Jared Kirschner 641bf837b5 docs: remove unnecessary partition CLI cmd info 2022-07-25 15:31:39 -07:00
Jared Kirschner dd81f6a76f docs: adjust HTTP API/CLI characteristics tables 2022-07-25 15:31:39 -07:00
Jared Kirschner dd12584981 docs: restructure partition API characteristics
The existing characteristics were restructured into a list.
The corresponding CLI command characteristic was added.
2022-07-25 15:31:38 -07:00
Jared Kirschner 44de9aaf4b docs: remove partition subcommand usage headings 2022-07-25 15:31:38 -07:00
Jared Kirschner 13c91ddbdc docs: add partition command characteristics
Characteristics include:
- Required ACL permissions
- Corresponding HTTP API endpoint
- (Lack of) support for blocking queries and agent caching
2022-07-25 15:31:38 -07:00
Jared Kirschner d9d29ad0ed docs: add partial for api/cli characteristics links 2022-07-25 15:31:38 -07:00
trujillo-adam fb461995c0 fixed typo 2022-07-25 14:32:33 -07:00
Luke Kysow a8ae88ec59
peering: read endpoints can now return failing status (#13849)
Track streams that have been disconnected due to an error and
set their statuses to failing.
2022-07-25 14:27:53 -07:00
Kyle Havlovitz ec70713dd3
Merge pull request #13872 from hashicorp/remove-upstream-log
Remove extra logging from ingress upstream watch shutdown
2022-07-25 12:55:30 -07:00
David Yu 56a25ab6cc
docs: followup on grammar and typo for latency requirements (#13888) 2022-07-25 12:50:11 -07:00
alex 79bd7d1817
docs: add peering metric doc (#13862)
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-25 12:43:06 -07:00
Chris S. Kim 1f8ae56951
Preserve PeeringState on upsert (#13666)
Fixes a bug where if the generate token is called twice, the second call upserts the zero-value (undefined) of PeeringState.
2022-07-25 14:37:56 -04:00
David Yu 706808dd84
docs: add details around Consul latency requirements (#13881)
* docs: add details around Consul latency requirements
2022-07-25 11:02:31 -07:00
Chris S. Kim c752c5bff2
Update envoy metrics label extraction for peered clusters and listeners (#13818)
Now that peered upstreams can generate envoy resources (#13758), we need a way to disambiguate local from peered resources in our metrics. The key difference is that datacenter and partition will be replaced with peer, since in the context of peered resources partition is ambiguous (could refer to the partition in a remote cluster or one that exists locally). The partition and datacenter of the proxy will always be that of the source service.

Regexes were updated to make emitting datacenter and partition labels mutually exclusive with peer labels.

Listener filter names were updated to better match the existing regex.

Cluster names assigned to peered upstreams were updated to be synthesized from local peer name (it previously used the externally provided primary SNI, which contained the peer name from the other side of the peering). Integration tests were updated to assert for the new peer labels.
2022-07-25 13:49:00 -04:00
Michael Klein 27a55683d5
ui: add peers to node search (#13875)
* Make nodes searchable by peer

* fix only surface peer filter on service search when feature is on
2022-07-25 18:46:47 +02:00
DanStough adc810563f chore: ignore vscode files 2022-07-25 12:31:58 -04:00
DanStough f690d299c9 feat: convert destination address to slice 2022-07-25 12:31:58 -04:00
Luke Kysow 5263980884
Re-document peering disabled (#13879)
Change wording because it does have effect on clients because it
disables peering in the UI served from that client.
2022-07-25 09:30:37 -07:00
Freddy e6f997ac5b
[OSS] Add ACL enforcement to peering endpoints (#13878) 2022-07-25 10:04:10 -06:00
Matt Keeler 6a47c44755
Enable/Disable Peering Support in the UI (#13816)
We enabled/disable based on the config flag.
2022-07-25 11:50:11 -04:00
freddygv 5bbc0cc615 Add ACL enforcement to peering endpoints 2022-07-25 09:34:29 -06:00
Kyle Havlovitz 75efc0649b Remove excess debug log from ingress upstream shutdown 2022-07-22 17:29:38 -07:00
alex b60ebc022e
peering: use ShouldDial to validate peer role (#13823)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-22 15:56:25 -07:00
Luke Kysow d21f793b74
peering: add config to enable/disable peering (#13867)
* peering: add config to enable/disable peering

Add config:

```
peering {
  enabled = true
}
```

Defaults to true. When disabled:
1. All peering RPC endpoints will return an error
2. Leader won't start its peering establishment goroutines
3. Leader won't start its peering deletion goroutines
2022-07-22 15:20:21 -07:00
Kyle Havlovitz 3cbcfd4b13
Merge pull request #13847 from hashicorp/gateway-goroutine-leak
Fix goroutine leaks in proxycfg when using ingress gateway
2022-07-22 14:43:22 -07:00
Freddy 922592d6bb
[OSS] Add new peering ACL rule (#13848)
This commit adds a new ACL rule named "peering" to authorize
actions taken against peering-related endpoints.

The "peering" rule has several key properties:
- It is scoped to a partition, and MUST be defined in the default
  namespace.

- Its access level must be "read', "write", or "deny".

- Granting an access level will apply to all peerings. This ACL rule
  cannot be used to selective grant access to some peerings but not
  others.

- If the peering rule is not specified, we fall back to the "operator"
  rule and then the default ACL rule.
2022-07-22 14:42:23 -06:00
NicoletaPopoviciu 12858f4f90
docs: Updates k8s annotation docs (#13809)
* Updates k8s annotation docs
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2022-07-22 13:26:31 -07:00
Sarah Alsmiller ed8b2fe19e add redirects 2022-07-22 14:20:27 -05:00
alex 7bd55578cc
peering: emit exported services count metric (#13811)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-22 12:05:08 -07:00
Matt Keeler a253d7e49b
Rename some protobuf package names to be fqdn like (#13861)
These are used in various bits of the wire format (for gRPC) and internally with Go’s registry so we want to namespace things properly.
2022-07-22 14:59:34 -04:00
Thomas Eckert 9cb569b44e Add options and examples to proxy read 2022-07-22 13:43:38 -04:00
Kyle Havlovitz 55b7eb6838 Add changelog note 2022-07-22 10:33:50 -07:00
A.J. Sanon 9f9ac78243
Add ECS audit logging docs (#13729) 2022-07-22 13:30:25 -04:00
Michael Klein b8131704ea
Improve peered service empty downstreams message (#13854) 2022-07-22 19:28:13 +02:00
Thomas Eckert a1ca68a632 Add descriptions to the subjects 2022-07-22 12:14:01 -04:00
sarahalsmiller 3ba839f288
Update website/content/docs/api-gateway/usage/basic-usage.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-22 09:45:00 -05:00
Daniel Upton f018bd6e09 proxycfg-glue: server-local implementation of `ExportedPeeredServices`
This is the OSS portion of enterprise PR 2377.

Adds a server-local implementation of the proxycfg.ExportedPeeredServices
interface that sources data from a blocking query against the server's
state store.
2022-07-22 15:23:23 +01:00
Eric Haberkorn e044343105
Add Cluster Peering Failover Support to Prepared Queries (#13835)
Add peering failover support to prepared queries
2022-07-22 09:14:43 -04:00
Sarah Alsmiller ccd120725b fix tabs 2022-07-21 17:38:57 -05:00
Sarah Alsmiller e9c67f8cb7 fix tabs 2022-07-21 17:21:22 -05:00
Sarah Alsmiller c76be552bc fix tabs 2022-07-21 17:11:07 -05:00
Nitya Dhanushkodi cbafabde16
update generate token endpoint to take external addresses (#13844)
Update generate token endpoint (rpc, http, and api module)

If ServerExternalAddresses are set, it will override any addresses gotten from the "consul" service, and be used in the token instead, and dialed by the dialer. This allows for setting up a load balancer for example, in front of the consul servers.
2022-07-21 14:56:11 -07:00