Commit graph

17836 commits

Author SHA1 Message Date
Sarah Alsmiller c76be552bc fix tabs 2022-07-21 17:11:07 -05:00
Sarah Alsmiller 0107e80bed fix tabs 2022-07-21 16:54:03 -05:00
Sarah Alsmiller 878c9091d8 erge branch 'sa-restructure-documentation' of github.com:hashicorp/consul into sa-restructure-documentation 2022-07-21 15:13:00 -05:00
Sarah Alsmiller c2fdd172ae add consul k8s install instructions 2022-07-21 15:12:49 -05:00
sarahalsmiller 41c6fcbfd5
Update website/content/docs/api-gateway/configuration/gatewayclassconfig.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:59:14 -05:00
Sarah Alsmiller 111877a86d Merge branch 'sa-restructure-documentation' of github.com:hashicorp/consul into sa-restructure-documentation 2022-07-21 14:54:04 -05:00
Sarah Alsmiller 1b32cba878 merge back in mike's environment doc in install 2022-07-21 14:53:55 -05:00
sarahalsmiller ccee2fd834
Update website/content/docs/api-gateway/configuration/gateway.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:55 -05:00
sarahalsmiller 6e92dbb6cf
Update website/content/docs/api-gateway/configuration/gateway.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:47 -05:00
sarahalsmiller e860f368fd
Update website/content/docs/api-gateway/configuration/gateway.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:34 -05:00
sarahalsmiller 711bc7724b
Update website/content/docs/api-gateway/configuration/gateway.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:25 -05:00
Sarah Alsmiller 8c8dee189f fix indent issue 2022-07-20 16:21:14 -05:00
sarahalsmiller b06d56d4ed
Update website/content/docs/api-gateway/install.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-20 16:04:53 -05:00
sarahalsmiller bc4bccabc9
Update website/data/docs-nav-data.json
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-20 16:03:56 -05:00
sarahalsmiller 8c156d6d26
Update website/content/docs/api-gateway/usage/basic-usage.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-20 16:02:20 -05:00
sarahalsmiller b3ecc774de
Update website/content/docs/api-gateway/usage/basic-usage.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-20 16:02:09 -05:00
sarahalsmiller f672098930
Update website/content/docs/api-gateway/usage/basic-usage.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-20 16:00:04 -05:00
Sarah Alsmiller 8435f95e68 fix rendering issue 2022-07-14 12:54:40 -05:00
Sarah Alsmiller 74fb4593eb restore tech specs 2022-07-14 12:49:58 -05:00
Sarah Alsmiller 1698dea913 seperate technical specs back out 2022-07-14 12:42:22 -05:00
Sarah Alsmiller 1fb91206fd fix formating issue 2022-07-14 11:31:18 -05:00
Sarah Alsmiller 8058178bbb merge 2022-07-14 11:24:39 -05:00
Sarah Alsmiller 81cc956d88 change file name 2022-07-14 11:22:05 -05:00
Sarah Alsmiller 216dbaf829 add links 2022-07-14 11:15:01 -05:00
Sarah Alsmiller 1d88a1ea14 content 2022-07-14 11:07:27 -05:00
Sarah Alsmiller 5a1aca8cbb fix identation 2022-07-14 11:06:16 -05:00
John Cowen e29a43dc20
ui: Add additional API requests for peering establishment (#13734) 2022-07-14 11:23:16 +01:00
John Cowen 2b9250b00b
ui: Move peers to a subapplication (#13725) 2022-07-14 11:22:45 +01:00
John Cowen 6fce197908
ui: Thread through data-source invalidate method (#13710)
* ui: Thread through data-source invalidate method

* Remove old invalidating state
2022-07-14 09:30:35 +01:00
John Cowen 65eccb33ce
ui: Make our old TabNav component easily usable with a state machine (#13705)
* ui: Make our old TabNav component easily usable with a state machine

* Add an event handler that receives an object
2022-07-14 09:30:07 +01:00
Evan Culver 276c834c6a
Add changelog entries from latest releases (#13746) 2022-07-13 18:23:53 -07:00
sarahalsmiller 53c91a9a04
Update website/content/docs/api-gateway/usage/basic-usage.mdx
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2022-07-13 16:21:13 -05:00
sarahalsmiller ad1efde9c3
Update website/content/docs/api-gateway/usage/basic-usage.mdx
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2022-07-13 16:18:39 -05:00
sarahalsmiller f658781e44
Update website/content/docs/api-gateway/configuration/gatewayclassconfig.mdx
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2022-07-13 16:01:53 -05:00
sarahalsmiller f163bb89d4
Update website/content/docs/api-gateway/configuration/gatewayclass.mdx
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2022-07-13 16:01:45 -05:00
Chris S. Kim d12b3d286e Check if an upstream is implicit from either intentions or peered services 2022-07-13 16:53:20 -04:00
Chris S. Kim 5d890cdbb2 Use new maps for proxycfg peered data 2022-07-13 16:05:10 -04:00
Chris S. Kim 34c0093d44 Add new watch.Map type to refactor proxycfg 2022-07-13 16:05:10 -04:00
Chris S. Kim 0936942b2d Scrub VirtualIPs before exporting 2022-07-13 16:05:10 -04:00
Kyle Havlovitz a7ea6cb771
Merge pull request #13699 from hashicorp/tgate-http2-upstream
Respect http2 protocol for upstreams of terminating gateways
2022-07-13 09:41:15 -07:00
R.B. Boyer c8c6484905
proto: add package prefixes for all proto files where it is safe (#13735)
We cannot do this for "subscribe" and "partition" this easily without
breakage so those are omitted.

Any protobuf message passed around via an Any construct will have the
fully qualified package name embedded in the protobuf as a string. Also
RPC method dispatch will include the package of the service during
serialization.

- We will be passing pbservice and pbpeering through an Any as part of
  peer stream replication.

- We will be exposing two new gRPC services via pbpeering and
  pbpeerstream.
2022-07-13 11:03:27 -05:00
Dan Upton 34140ff3e0
grpc: rename public/private directories to external/internal (#13721)
Previously, public referred to gRPC services that are both exposed on
the dedicated gRPC port and have their definitions in the proto-public
directory (so were considered usable by 3rd parties). Whereas private
referred to services on the multiplexed server port that are only usable
by agents and other servers.

Now, we're splitting these definitions, such that external/internal
refers to the port and public/private refers to whether they can be used
by 3rd parties.

This is necessary because the peering replication API needs to be
exposed on the dedicated port, but is not (yet) suitable for use by 3rd
parties.
2022-07-13 16:33:48 +01:00
R.B. Boyer c880728ab4
peerstream: some cosmetic refactors to make this easier to follow (#13732)
- Use some protobuf construction helper methods for brevity.
- Rename a local variable to avoid later shadowing.
- Rename the Nonce field to be more like xDS's naming.
- Be more explicit about which PeerID fields are empty.
2022-07-13 10:00:35 -05:00
John Cowen dc4302e23f
ui: Remove UNDEFINED state from being undeleteable (#13702)
* ui: Remove UNDEFINED state from being undeleteable

* Fixup node tests
2022-07-13 12:06:16 +01:00
John Cowen 51a8955103
ui: Remove horizontal scrollbar from peering list rows (#13701) 2022-07-13 11:22:49 +01:00
Kyle Havlovitz 0ac7de3bae Use protocol from resolved config entry, not gateway service 2022-07-12 16:23:40 -07:00
Kyle Havlovitz 54d8fe9032 Enable http2 options for grpc protocol 2022-07-12 14:38:44 -07:00
R.B. Boyer 81764a5650
peering: always send the mesh gateway SpiffeID even for tcp services (#13728)
If someone were to switch a peer-exported service from L4 to L7 there
would be a brief SAN validation hiccup as traffic shifted to the mesh
gateway for termination.

This PR sends the mesh gateway SpiffeID down all the time so the clients
always expect a switch.
2022-07-12 11:38:13 -05:00
R.B. Boyer ee5eb5a960
state: prohibit changing an exported tcp discovery chain in a way that would break SAN validation (#13727)
For L4/tcp exported services the mesh gateways will not be terminating
TLS. A caller in one peer will be directly establishing TLS connections
to the ultimate exported service in the other peer.

The caller will be doing SAN validation using the replicated SpiffeID
values shipped from the exporting side. There are a class of discovery
chain edits that could be done on the exporting side that would cause
the introduction of a new SpiffeID value. In between the time of the
config entry update on the exporting side and the importing side getting
updated peer stream data requests to the exported service would fail due
to SAN validation errors.

This is unacceptable so instead prohibit the exporting peer from making
changes that would break peering in this way.
2022-07-12 11:17:33 -05:00
R.B. Boyer 2c329475ce
state: prohibit exported discovery chains to have cross-datacenter or cross-partition references (#13726)
Because peerings are pairwise, between two tuples of (datacenter,
partition) having any exported reference via a discovery chain that
crosses out of the peered datacenter or partition will ultimately not be
able to work for various reasons. The biggest one is that there is no
way in the ultimate destination to configure an intention that can allow
an external SpiffeID to access a service.

This PR ensures that a user simply cannot do this, so they won't run
into weird situations like this.
2022-07-12 11:03:41 -05:00