Commit graph

19755 commits

Author SHA1 Message Date
Eric Haberkorn d7c81a3b1d
fix bug where pqs that failover to a cluster peer dont un-fail over (#16729) 2023-03-22 09:24:13 -04:00
Ronald 91528b9d62
Copyright headers for config files git + circleci (#16703)
* Copyright headers for config files git + circleci

* Release folder copyright headers
2023-03-22 09:17:19 -04:00
cskh 3a4835e258
fix: gracefully fail on invalid port number (#16721) 2023-03-21 22:29:21 -04:00
Dhia Ayachi 8a5fec715d
add extra resiliency to snapshot restore test (#16712) 2023-03-21 14:27:00 -04:00
Luke Kysow 58173f6465
Helm docs without developer.hashicorp.com prefix (#16711)
This was causing linter errors
2023-03-21 18:26:40 +00:00
Dan Bond cff9c1da72
fix build workflow (#16719)
Signed-off-by: Dan Bond <danbond@protonmail.com>
2023-03-21 18:16:37 +00:00
Tu Nguyen c3017fa5eb
Update envoy extension docs, service-defaults, add multi-config example for lua (#16710) 2023-03-21 10:44:02 -07:00
Dan Bond 756985de4f
[NET-3029] Migrate build-distros to GHA (#16669)
* migrate build distros to GHA

Signed-off-by: Dan Bond <danbond@protonmail.com>

* build-arm

Signed-off-by: Dan Bond <danbond@protonmail.com>

* don't use matrix

Signed-off-by: Dan Bond <danbond@protonmail.com>

* check-go-mod

Signed-off-by: Dan Bond <danbond@protonmail.com>

* add notify slack script

Signed-off-by: Dan Bond <danbond@protonmail.com>

* notify slack if failure

Signed-off-by: Dan Bond <danbond@protonmail.com>

* rm notify slack script

Signed-off-by: Dan Bond <danbond@protonmail.com>

* fix check-go-mod job

Signed-off-by: Dan Bond <danbond@protonmail.com>

---------

Signed-off-by: Dan Bond <danbond@protonmail.com>
2023-03-21 10:37:32 -07:00
John Maguire b97ff15b4c
Remove unused are hosts set check (#16691)
* Remove unused are hosts set check

* Remove all traces of unused 'AreHostsSet' parameter

* Remove unused Hosts attribute

* Remove commented out use of snap.APIGateway.Hosts
2023-03-21 16:23:23 +00:00
Luke Kysow e84b8909fe
Regen helm docs (#16701) 2023-03-21 09:15:53 -07:00
Valeriia Ruban 6e75bebd8c
UI: update Ember to 3.28.6 (#16616)
---------

Co-authored-by: wenincode <tyler.wendlandt@hashicorp.com>
2023-03-20 15:41:47 -07:00
Paul Banks 7724363f19
Update WAL Known issues (#16676) 2023-03-20 21:44:00 +00:00
Tu Nguyen d8640b9508
Fix broken links from api docs (#16695) 2023-03-20 13:53:09 -07:00
cskh c23de0633f
chore: replace hardcoded node name with a constant (#16692) 2023-03-20 16:18:59 -04:00
Anita Akaeze c423a0c7c5
NET-2397: Add readme.md to upgrade test subdirectory (#16610)
* NET-2397: Add readme.md to upgrade test subdirectory

* remove test code

* fix link and update  steps of adding new test cases (#16654)

* fix link and update  steps of adding new test cases

* Apply suggestions from code review

Co-authored-by: Nick Irvine <115657443+nfi-hashicorp@users.noreply.github.com>

---------

Co-authored-by: Nick Irvine <115657443+nfi-hashicorp@users.noreply.github.com>

---------

Co-authored-by: cskh <hui.kang@hashicorp.com>
Co-authored-by: Nick Irvine <115657443+nfi-hashicorp@users.noreply.github.com>
2023-03-20 14:26:43 -04:00
dependabot[bot] 037fca9488
build(deps): bump tomhjp/gh-action-jira-comment from 0.1.0 to 0.2.0 (#16684)
Bumps [tomhjp/gh-action-jira-comment](https://github.com/tomhjp/gh-action-jira-comment) from 0.1.0 to 0.2.0.
- [Release notes](https://github.com/tomhjp/gh-action-jira-comment/releases)
- [Commits](https://github.com/tomhjp/gh-action-jira-comment/compare/v0.1.0...v0.2.0)

---
updated-dependencies:
- dependency-name: tomhjp/gh-action-jira-comment
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2023-03-20 18:24:18 +00:00
dependabot[bot] cee8dbc82c
build(deps): bump tomhjp/gh-action-jira-create from 0.2.0 to 0.2.1 (#16685)
Bumps [tomhjp/gh-action-jira-create](https://github.com/tomhjp/gh-action-jira-create) from 0.2.0 to 0.2.1.
- [Release notes](https://github.com/tomhjp/gh-action-jira-create/releases)
- [Commits](https://github.com/tomhjp/gh-action-jira-create/compare/v0.2.0...v0.2.1)

---
updated-dependencies:
- dependency-name: tomhjp/gh-action-jira-create
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2023-03-20 18:19:00 +00:00
Tu Nguyen 2eb188d74d
Docs: Jira sync Update issuetype to bug (#16689)
* update issuetype to bug

* fix conditional for pr edu
2023-03-20 17:40:27 +00:00
Tu Nguyen 6a006447e1
Docs/update jira sync pr issue (#16688)
* fix jira sync actions, remove custom fields

* remove more additional fields, debug
2023-03-20 10:19:43 -07:00
Tu Nguyen aaeca69561
fix jira sync actions, remove custom fields (#16686) 2023-03-20 17:01:56 +00:00
Nitya Dhanushkodi 69bd62f9c3
peering: peering partition failover fixes (#16673)
add local source partition for peered upstreams
2023-03-20 10:00:29 -07:00
John Maguire 2e07180662
Fix route subscription when using namespaces (#16677)
* Fix route subscription when using namespaces

* Update changelog

* Fix changelog entry to reference that the bug was enterprise only
2023-03-20 12:42:30 -04:00
Melisa Griffin fa1b6e7450
Adds check to verify that the API Gateway is being created with at least one listener 2023-03-20 12:37:30 -04:00
Tu Nguyen 578eeeb653
Update GH actions to create Jira issue automatically (#16656) 2023-03-20 16:27:29 +00:00
Poonam Jadhav 3be683fcc1
feat: add category annotation to RPC and gRPC methods (#16646) 2023-03-20 11:24:29 -04:00
Eric Haberkorn 2bf2e81a6b
add sameness groups to discovery chains (#16671) 2023-03-20 09:12:37 -04:00
Dhia Ayachi 5a9948fab7
Snapshot restore tests (#16647)
* add snapshot restore test

* add logstore as test parameter

* Use the correct image version

* make sure we read the logs from a followers to test the follower snapshot install path.

* update to raf-wal v0.3.0

* add changelog.

* updating changelog for bug description and removed integration test.

* setting up test container builder to only set logStore for 1.15 and higher

---------

Co-authored-by: Paul Banks <pbanks@hashicorp.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-03-18 14:43:22 -06:00
dependabot[bot] adbd0626af
build(deps): bump atlassian/gajira-transition from 2.0.1 to 3.0.1 (#15921)
Bumps [atlassian/gajira-transition](https://github.com/atlassian/gajira-transition) from 2.0.1 to 3.0.1.
- [Release notes](https://github.com/atlassian/gajira-transition/releases)
- [Commits](https://github.com/atlassian/gajira-transition/compare/v2.0.1...v3.0.1)

---
updated-dependencies:
- dependency-name: atlassian/gajira-transition
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2023-03-18 17:50:06 +00:00
dependabot[bot] cff8c999b8
Bump tomhjp/gh-action-jira-search from 0.2.1 to 0.2.2 (#16667)
Bumps [tomhjp/gh-action-jira-search](https://github.com/tomhjp/gh-action-jira-search) from 0.2.1 to 0.2.2.
- [Release notes](https://github.com/tomhjp/gh-action-jira-search/releases)
- [Commits](https://github.com/tomhjp/gh-action-jira-search/compare/v0.2.1...v0.2.2)

---
updated-dependencies:
- dependency-name: tomhjp/gh-action-jira-search
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-18 04:07:00 +00:00
Andrew Stucki a597cb3d57
[API Gateway] Fix invalid cluster causing gateway programming delay (#16661)
* Add test for http routes

* Add fix

* Fix tests

* Add changelog entry

* Refactor and fix flaky tests
2023-03-17 13:31:04 -04:00
Rosemary Wang 7ff42ea796
Fix incorrect links on Envoy extensions documentation (#16666) 2023-03-17 08:29:58 -07:00
Eric Haberkorn 68046060ea
add sameness group support to service resolver failover and redirects (#16664) 2023-03-17 10:48:06 -04:00
Valeriia Ruban 64f5e20793
fix: add AccessorID property to PUT token request (#16660) 2023-03-16 18:57:59 -07:00
John Maguire 6b7045e3f4
Add in query options for catalog service existing in a specific (#16652)
namespace when creating service for tests
2023-03-16 18:11:24 +00:00
Vipin John Wilson e766b74a8b
First cluster grpc service should be NodePort for the second cluster to connect (#16430)
* First cluster grpc service should be NodePort

This is based on the issue opened here https://github.com/hashicorp/consul-k8s/issues/1903

If you follow the documentation https://developer.hashicorp.com/consul/docs/k8s/deployment-configurations/single-dc-multi-k8s exactly as it is, the first cluster will only create the consul UI service on NodePort but not the rest of the services (including for grpc). By default, from the helm chart, they are created as headless services by setting clusterIP None. This will cause an issue for the second cluster to discover consul server on the first cluster over gRPC as it cannot simply cannot through gRPC default port 8502 and it ends up in an error as shown in the issue https://github.com/hashicorp/consul-k8s/issues/1903

As a solution, the grpc service should be exposed using NodePort (or LoadBalancer). I added those changes required in both cluster1-values.yaml and cluster2-values.yaml, and also a description for those changes for the normal users to understand. Kindly review and I hope this PR will be accepted.

* Update website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-03-16 16:43:19 +00:00
Eric Haberkorn 65bfef6df1
fix confusing spiffe ids in golden tests (#16643) 2023-03-15 14:30:36 -04:00
wangxinyi7 4aa1b5ee01
net 2731 ip config entry OSS version (#16642)
* ip config entry

* name changing

* move to ent

* ent version

* renaming

* change format

* renaming

* refactor

* add default values
2023-03-15 11:21:24 -07:00
John Maguire 7fca314579
Update e2e tests for namespaces (#16627)
* Refactored "NewGatewayService" to handle namespaces, fixed
TestHTTPRouteFlattening test

* Fixed existing http_route tests for namespacing

* Squash aclEnterpriseMeta for ResourceRefs and HTTPServices, accept
namespace for creating connect services and regular services

* Use require instead of assert after creating namespaces in
http_route_tests

* Refactor NewConnectService and NewGatewayService functions to use cfg
objects to reduce number of method args

* Rename field on SidecarConfig in tests from `SidecarServiceName` to
`Name` to avoid stutter
2023-03-15 17:51:36 +00:00
Eddie Rowe 9b64b3a5bb
Tune 404 checker to exclude false-positives and use intended file path (#16636) 2023-03-15 15:27:43 +00:00
Paul Banks 12a07c98e7
Add known issues to Raft WAL docs. (#16600)
* Add known issues to Raft WAL docs.

* Refactor update based on review feedback
2023-03-15 04:21:31 +00:00
Valeriia Ruban f404d3eb13
feat: update typography to consume hds styles (#16577) 2023-03-14 19:49:14 -07:00
Freddy a5bd98ae3e
Backport ENT-4704 (#16612) 2023-03-14 14:55:11 -06:00
Semir Patel f0c36029b8
Basic resource type registry (#16622) 2023-03-14 13:30:25 -05:00
Derek Menteer f3be5d9b80
Fix issue with trust bundle read ACL check. (#16630)
This commit fixes an issue where trust bundles could not be read
by services in a non-default namespace, unless they had excessive
ACL permissions given to them.

Prior to this change, `service:write` was required in the default
namespace in order to read the trust bundle. Now, `service:write`
to a service in any namespace is sufficient.
2023-03-14 12:24:33 -05:00
Bastien Dronneau 0ad653b5bb
Docs discovery typo (#16628)
* docs(discovery): typo

* docs(discovery): EOF and trim lines

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-03-14 08:49:48 -07:00
Ronald 6bcb98ea71
Add UI copyright headers files (#16614)
* Add copyright headers to UI files

* Ensure copywrite file ignores external libs
2023-03-14 09:18:55 -04:00
Chris S. Kim bb4baeba95
Preserve CARoots when updating Vault CA configuration (#16592)
If a CA config update did not cause a root change, the codepath would return early and skip some steps which preserve its intermediate certificates and signing key ID. This commit re-orders some code and prevents updates from generating new intermediate certificates.
2023-03-13 17:32:59 -04:00
Derek Menteer 5d17b2c90b
Add sameness-group configuration entry. (#16608)
This commit adds a sameness-group config entry to the API and structs packages. It includes some validation logic and a new memdb index that tracks the default sameness-group for each partition. Sameness groups will simplify the effort of managing failovers / intentions / exports for peers and partitions.

Note that this change purely to introduce the configuration entry and does not include the full functionality of sameness-groups.
2023-03-13 16:19:11 -05:00
Ronald 9872eeaffe
Add copywrite setup file (#16602) 2023-03-13 08:24:00 -04:00
Ashvitha f514182f3e
Allow HCP metrics collection for Envoy proxies
Co-authored-by: Ashvitha Sridharan <ashvitha.sridharan@hashicorp.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>

Add a new envoy flag: "envoy_hcp_metrics_bind_socket_dir", a directory
where a unix socket will be created with the name
`<namespace>_<proxy_id>.sock` to forward Envoy metrics.

If set, this will configure:
- In bootstrap configuration a local stats_sink and static cluster.
  These will forward metrics to a loopback listener sent over xDS.

- A dynamic listener listening at the socket path that the previously
  defined static cluster is sending metrics to.

- A dynamic cluster that will forward traffic received at this listener
  to the hcp-metrics-collector service.


Reasons for having a static cluster pointing at a dynamic listener:
- We want to secure the metrics stream using TLS, but the stats sink can
  only be defined in bootstrap config. With dynamic listeners/clusters
  we can use the proxy's leaf certificate issued by the Connect CA,
  which isn't available at bootstrap time.

- We want to intelligently route to the HCP collector. Configuring its
  addreess at bootstrap time limits our flexibility routing-wise. More
  on this below.

Reasons for defining the collector as an upstream in `proxycfg`:
- The HCP collector will be deployed as a mesh service.

- Certificate management is taken care of, as mentioned above.

- Service discovery and routing logic is automatically taken care of,
  meaning that no code changes are required in the xds package.

- Custom routing rules can be added for the collector using discovery
  chain config entries. Initially the collector is expected to be
  deployed to each admin partition, but in the future could be deployed
  centrally in the default partition. These config entries could even be
  managed by HCP itself.
2023-03-10 13:52:54 -07:00