Commit Graph

11961 Commits

Author SHA1 Message Date
Freddy 66e2def461
Only pass one hostname via EDS and prefer healthy ones (#8084)
Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>

Currently when passing hostname clusters to Envoy, we set each service instance registered with Consul as an LbEndpoint for the cluster.

However, Envoy can only handle one per cluster:
[2020-06-04 18:32:34.094][1][warning][config] [source/common/config/grpc_subscription_impl.cc:87] gRPC config for type.googleapis.com/envoy.api.v2.Cluster rejected: Error adding/updating cluster(s) dc2.internal.ddd90499-9b47-91c5-4616-c0cbf0fc358a.consul: LOGICAL_DNS clusters must have a single locality_lb_endpoint and a single lb_endpoint, server.dc2.consul: LOGICAL_DNS clusters must have a single locality_lb_endpoint and a single lb_endpoint

Envoy is currently handling this gracefully by only picking one of the endpoints. However, we should avoid passing multiple to avoid these warning logs.

This PR:

* Ensures we only pass one endpoint, which is tied to one service instance.
* We prefer sending an endpoint which is marked as Healthy by Consul.
* If no endpoints are healthy we emit a warning and skip the cluster.
* If multiple unique hostnames are spread across service instances we emit a warning and let the user know which will be resolved.
2020-06-12 13:46:17 -06:00
John Cowen 79029404df
ui: Colocate pageobject components with their components (#8098) 2020-06-12 16:50:09 +01:00
Kenia 2afc032b24
ui: Add health check icon to Ingress Upstreams and add Tooltips in additional areas (#8091)
* Add Health Checks and update Tooltips in Ingress Upstreams

* Update Tooltip in Proxy Info tab Upstreams

* Add Tooltips to Proxy Info tab Exposed Paths

* Add Health Checks with Tooltips to Service List page
2020-06-12 09:35:52 -04:00
John Cowen c92e8ebc7c
ui: Ensure encoder.js polyfill is available (#8094) 2020-06-12 14:28:36 +01:00
John Cowen e22aee73a8
ui: Exclude any component/pageobject.js files from being included (#7978)
This excludes any /components/**/pageobject.js files from our production
builds which means we can co-locate all of our component page objects
(and selectors) along with the components themselves.
2020-06-12 13:06:59 +01:00
John Cowen 256695ac3e
ui: Upgrade consul-api-double to use intention response w/o old fields (#8089) 2020-06-12 09:51:07 +01:00
Chris Piraino cd93e0cd99
Allow users to set hosts to the wildcard specifier when TLS is disabled (#8083)
This allows easier demoing/testing of ingress gateways, while still
preserving the validation we have for DNSSANs
2020-06-11 10:03:06 -05:00
Hans Hasselberg f908fd0731
Adding 1.7.4 and 1.6.6 2020-06-11 00:01:49 +02:00
Hans Hasselberg 26494286c7
Support envoy 1.14.2, 1.13.2, 1.12.4 (#8057) 2020-06-10 23:20:17 +02:00
Chris Piraino cba863af84
Move ingress param to a new endpoint (#8081)
In discussion with team, it was pointed out that query parameters tend
to be filter mechanism, and that semantically the "/v1/health/connect"
endpoint should return "all healthy connect-enabled endpoints (e.g.
could be side car proxies or native instances) for this service so I can
connect with mTLS".

That does not fit an ingress gateway, so we remove the query parameter
and add a new endpoint "/v1/health/ingress" that semantically means
"all the healthy ingress gateway instances that I can connect to
to access this connect-enabled service without mTLS"
2020-06-10 13:07:15 -05:00
John Cowen 64ba8177e0
Merge pull request #8080 from hashicorp/ui-staging
ui: UI Release Merge (1.8-beta-3: ui-staging merge)
2020-06-10 17:40:22 +01:00
John Cowen 2dec484724
ui: Reduce discovery-chain log errors (#8065)
* ui: Reduce discovery-chain log spam

Currently the only way that the UI can know whether connect is enabled
or not is whether we get 500 errors from certain endpoints.

One of these endpoints we already use, so aswell as recovering from a
500 error, we also remember that connect is disabled for the rest of the
page 'session' (so until the page is refreshed), and make no further
http requests to the endpoint for that specific datacenter.

This means that log spam is reduced to only 1 log per page refresh/dc
instead of 1 log per service navigation.

Longer term we'll need some way to dynamically discover whether connect
is enabled per datacenter without relying on something that will add
error logs to consul.
2020-06-10 16:07:06 +01:00
Mike Wickett 61848c6187
Merge pull request #8076 from hashicorp/nq.basic-hero-tertiary-link-support
[Website] Support tertiary-styled third links
2020-06-10 10:47:40 -04:00
John Cowen 7c0db7f8b4
ui: remove sort-control component (#8077)
This was never actually used
2020-06-10 14:27:21 +01:00
Noel Quiles f696738875 Support tertiary-styled third links
Get the tertiary links to wrap below buttons

Adjust color/spacing of tertiary via override

Remove overrides, implement custom link

Extract arrow icon to file

Increase top margin for third link

Apply Brandon's fixes

Co-authored-by: Brandon Romano <BrandonRRomano@gmail.com>
2020-06-09 22:43:05 -07:00
Kyle Havlovitz ea720c0724
Merge pull request #8075 from hashicorp/expose-cli-testfix
Fix a CLI test failure with namespaces in enterprise
2020-06-09 15:25:45 -07:00
Kyle Havlovitz 11486ac2a1 Fix a CLI test failure with namespaces in enterprise 2020-06-09 15:13:23 -07:00
Daniel Nephin 0c23eaf943
Merge pull request #8071 from hashicorp/dnephin/update-vendor-2
Update google.golang.org/api and stretchr/testify
2020-06-09 17:56:03 -04:00
Daniel Nephin af063a5692 Update comments that reference PatchSliceOfMaps
To reference decode.HookWeakDecodeFromSlice instead.

Also removes a step from the adding config fields checklist which is
no longer necessary.
2020-06-09 17:43:05 -04:00
Chris Piraino b8a43e164a
Merge pull request #8064 from hashicorp/ingress/health-query-param
Add API query parameter ?ingress to allow users to find ingress gateways associated to a service
2020-06-09 16:08:28 -05:00
Daniel Nephin f9a4bb5c2d Update google.golang.org/api and stretchr/testify
To match the versions used in enterprise, should slightly reduce the
chances of getting a merge conflict when using `go.mod`.
2020-06-09 16:03:05 -04:00
Chris Piraino 4fe1f5fdb9 Remove TODO note about ingress API, it is done! 2020-06-09 14:58:30 -05:00
Chris Piraino 1ed8732d34 Remove unnecessary defer from api.health_test.go
We do not need to deregister services because every test gets its own
instance of the client agent and the tmp directories are all deleted at
the end.
2020-06-09 14:45:57 -05:00
Chris Piraino 0e72da76db Set connect or ingress boolean after checking for query param 2020-06-09 14:45:21 -05:00
Daniel Nephin 6719f1a6fa
Merge pull request #7900 from hashicorp/dnephin/add-linter-staticcheck-2
intentions: fix a bug in Intention.SetHash
2020-06-09 15:40:20 -04:00
Daniel Nephin 5f14eb124c
Merge pull request #8037 from hashicorp/dnephin/add-linter-staticcheck-5
ci: Enabled SA2002 staticcheck check
2020-06-09 15:31:24 -04:00
Daniel Nephin a392ffb2cc
Merge pull request #8067 from hashicorp/dnephin/update-vendor-1
Update protobuf and golang.org/x/... vendor
2020-06-09 15:25:13 -04:00
Hans Hasselberg 7404712854
acl: do not resolve local tokens from remote dcs (#8068) 2020-06-09 21:13:09 +02:00
Kyle Havlovitz b7cf5139dd
Merge pull request #8040 from hashicorp/ingress/expose-cli
Ingress expose CLI command
2020-06-09 12:11:23 -07:00
Daniel Nephin 221a49f430 Update protobuf and golang.org/x/... vendor
Partially extracted from #7547

Updates protobuf to the most recent in the 1.3.x series, and updates
golang.org/x/sys to a7d97aace0b0 because of https://github.com/shirou/gopsutil/issues/853
prevents updating to a more recent version.

This breaking change in x/sys also prevents us from getting a newer
version of x/net. In the future, if gopsutil is not patched,  we may want to run a fork version of
gopsutil so that we can update both x/net and x/sys.
2020-06-09 14:46:41 -04:00
Kyle Havlovitz 1a561b78ca Always allow updating the exposed service and differentiate by namespace 2020-06-09 11:09:53 -07:00
Chris Piraino 470f099cce api: update api module with health.Ingress() method 2020-06-09 12:11:47 -05:00
Chris Piraino 5f28de5654 Add ?ingress query parameter on /v1/health/connect
Refactor boolean query parameter logic from ?passing value to re-use
with ingress
2020-06-09 11:44:31 -05:00
Kenia 1449ea8e46
ui: Reorder items in the Proxy Info tab (#8061) 2020-06-09 11:36:04 -04:00
Preetha efb7bec8f8
Merge pull request #8056 from hashicorp/docs-helm-survey
Update banner.js to call out helm chart survey
2020-06-09 10:33:09 -05:00
Kenia f2864358d8
ui: Reorder the tabs for Ingress/Terminating Gateway Service Detail page (#8060) 2020-06-09 11:02:13 -04:00
John Cowen 0b9647c3b9
ui: ConsulKind explanatory tooltip panels (#8048)
* ui: Add tooltip panels to ConsulKind
2020-06-09 11:10:14 +01:00
Preetha a4b2f657c4
fix link 2020-06-08 19:47:33 -05:00
Kyle Havlovitz c466551ec1 Add -host flag to expose command 2020-06-08 16:59:47 -07:00
Daniel Nephin c1feec176f
Merge pull request #7964 from hashicorp/dnephin/remove-patch-slice-of-maps-forward-compat
config: Use HookWeakDecodeFromSlice in place of PatchSliceOfMaps
2020-06-08 19:53:04 -04:00
Kyle Havlovitz c992b01200 Allow multiple listeners per service via expose command 2020-06-08 16:44:20 -07:00
Preetha 0252a79322
Update banner.js to call out helm chart survey 2020-06-08 17:34:38 -05:00
Daniel Nephin 7b99d9a25d config: add HookWeakDecodeFromSlice
Currently opaque config blocks (config entries, and CA provider config) are
modified by PatchSliceOfMaps, making it impossible for these opaque
config sections to contain slices of maps.

In order to fix this problem, any lazy-decoding of these blocks needs to support
weak decoding of []map[string]interface{} to a struct type before
PatchSliceOfMaps is replaces. This is necessary because these config
blobs are persisted, and during an upgrade an older version of Consul
could read one of the new configuration values, which would cause an error.

To support the upgrade path, this commit first introduces the new hooks
for weak decoding of []map[string]interface{} and uses them only in the
lazy-decode paths. That way, in a future release, new style
configuration will be supported by the older version of Consul.

This decode hook has a number of advantages:

1. It no longer panics. It allows mapstructure to report the error
2. It no longer requires the user to declare which fields are slices of
   structs. It can deduce that information from the 'to' value.
3. It will make it possible to preserve opaque configuration, allowing
   for structured opaque config.
2020-06-08 17:05:09 -04:00
Hans Hasselberg bec21c849d
Tokens converted from legacy ACLs get their Hash computed (#8047)
* Fixes #5606: Tokens converted from legacy ACLs get their Hash computed

This allows new style token replication to work for legacy tokens as well when they change.

* tests: fix timestamp comparison

Co-authored-by: Matt Keeler <mjkeeler7@gmail.com>
2020-06-08 21:44:06 +02:00
Chris Piraino 5d0cb00ec3
Always require Host header values for http services (#7990)
Previously, we did not require the 'service-name.*' host header value
when on a single http service was exposed. However, this allows a user
to get into a situation where, if they add another service to the
listener, suddenly the previous service's traffic might not be routed
correctly. Thus, we always require the Host header, even if there is
only 1 service.

Also, we add the make the default domain matching more restrictive by
matching "service-name.ingress.*" by default. This lines up better with
the namespace case and more accurately matches the Consul DNS value we
expect people to use in this case.
2020-06-08 13:16:24 -05:00
Blake Covarrubias 5d2f18fc3d docs: Fix rendering of markdown on performance page
Fix issue with markdown not being rendered on /docs/install/performance.mdx.

Resolves #8049
2020-06-08 10:29:47 -07:00
Hans Hasselberg 4790f97bb6
http: use default minsize for gzip handler. (#7354)
Fixes #6306
2020-06-08 10:10:08 +02:00
Hans Hasselberg 532e14fdc4
agent: add option to disable agent cache for HTTP endpoints (#8023)
This allows the operator to disable agent caching for the http endpoint.
It is on by default for backwards compatibility and if disabled will
ignore the url parameter `cached`.
2020-06-08 10:08:12 +02:00
Krastin 0f0c8a29fe website: fix a link in docs/agent/options
fixing the link to gopsutil in the -disable-host-node-id option text body
2020-06-07 03:36:55 -07:00
Jeff Escalante 37c7090d1a a few more naming adjustments 2020-06-06 15:45:29 -04:00