Commit Graph

19812 Commits

Author SHA1 Message Date
cskh e1110bbb1d
upgrade test: peering with resolver and failover (#16391) 2023-02-23 12:53:56 -05:00
Tu Nguyen d0fcec53b7
Add envoy extension docs (#16376)
* Add envoy extension docs

* Update message about envoy extensions with proxy defaults

* fix tab error

* Update website/content/docs/connect/proxies/envoy-extensions/usage/lua.mdx

* fix operator prerender issue

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* update envoyextension warning in proxy defaults so its inline

* Update website/content/docs/connect/proxies/envoy-extensions/index.mdx

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-02-23 09:41:30 -08:00
Eric Haberkorn be0eda24c9
Refactor the disco chain -> xds logic (#16392) 2023-02-23 11:32:32 -05:00
Dan Stough 4b704fcd89
chore: remove stable-website (#16386) 2023-02-23 10:39:15 -05:00
Paul Banks bc344e81da
Correct WAL metrics registrations (#16388) 2023-02-23 14:07:17 +00:00
Valeriia Ruban d01ee172ea
[UI] CC-4031: change from Action, a and button to hds::Button (#16251) 2023-02-22 13:05:15 -08:00
trujillo-adam 2d75b88eb3
Docs/rate limiting 1.15 (#16345)
* Added rate limit section to agent overview, updated headings per style guide

* added GTRL section and overview

* added usage docs for rate limiting 1.15

* added file for initializing rate limits

* added steps for initializing rate limits

* updated descriptions for rate_limits in agent conf

* updated rate limiter-related metrics

* tweaks to agent index

* Apply suggestions from code review

Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
Co-authored-by: Krastin Krastev <krastin@hashicorp.com>

* Apply suggestions from code review

Co-authored-by: Krastin Krastev <krastin@hashicorp.com>

* Apply suggestions from code review

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
Co-authored-by: Krastin Krastev <krastin@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-02-22 13:02:51 -08:00
Curt Bushko a90d789a13
set BRANCH_NAME to release-1.15.x (#16374) 2023-02-22 15:59:56 -05:00
Anita Akaeze 518974934f
NET-2285: Assert total number of expected instances by Consul (#16371) 2023-02-22 15:43:20 -05:00
Kyle Havlovitz f0b2b16ef6
Add docs for usage endpoint and command (#16258)
* Add docs for usage endpoint and command
2023-02-22 12:36:25 -08:00
Ranjandas f5fae302d4
Documentation update: Adding K8S clusters to external Consul servers (#16285)
* Remove Consul Client installation option

With Consul-K8S 1.0 and introduction of Consul-Dataplane, K8S has
the option to run without running Consul Client agents.

* remove note referring to the same documentation

* Added instructions on the use of httpsPort when servers are not running TLS enabled

* Modified titile and description
2023-02-22 12:27:02 -08:00
Dhia Ayachi fa95f65aab
Rate limiter/add ip prefix (#16342)
* add support for prefixes in the config tree

* fix to use default config when the prefix have no config
2023-02-22 15:15:51 -05:00
Andrew Stucki 5e939ae527
[API Gateway] Fix infinite loop in controller and binding non-accepted routes and gateways (#16377) 2023-02-22 14:55:40 -05:00
Nathan Coleman 1832998d7d
Add changelog entry for API Gateway (Beta) (#16369)
* Placeholder commit for changelog entry

* Add changelog entry announcing support for API Gateway on VMs

* Adjust casing
2023-02-22 13:10:05 -06:00
Anita Akaeze 29c56a1b5e
initial code (#16296) 2023-02-22 12:52:14 -05:00
Nathan Coleman df1106e1fb
Update existing docs from Consul API Gateway -> API Gateway for Kubernetes (#16360)
* Update existing docs from Consul API Gateway -> API Gateway for Kubernetes

* Update page header to reflect page title change

* Update nav title to match new page title
2023-02-22 17:34:27 +00:00
Derek Menteer b0a97756bf
Upgrade Alpine image to 3.17 (#16358) 2023-02-22 10:09:41 -06:00
cskh d500380169
upgrade test: splitter and resolver config entry in peered cluster (#16356) 2023-02-22 10:22:25 -05:00
Andrew Stucki cf760309d1
[API Gateway] Various fixes for Config Entry fields (#16347)
* [API Gateway] Various fixes for Config Entry fields

* simplify logic per PR review
2023-02-22 04:02:04 +00:00
Andrew Stucki 4a6e879ba5
[API Gateway] Fix targeting service splitters in HTTPRoutes (#16350)
* [API Gateway] Fix targeting service splitters in HTTPRoutes

* Fix test description
2023-02-22 03:48:26 +00:00
Andrew Stucki 8937c821b2
[API Gateway] Turn down controller log levels (#16348) 2023-02-21 20:42:01 -06:00
Derek Menteer 1c4640f0df
Fix issue with peer services incorrectly appearing as connect-enabled. (#16339)
Prior to this commit, all peer services were transmitted as connect-enabled
as long as a one or more mesh-gateways were healthy. With this change, there
is now a difference between typical services and connect services transmitted
via peering.

A service will be reported as "connect-enabled" as long as any of these
conditions are met:

1. a connect-proxy sidecar is registered for the service name.
2. a connect-native instance of the service is registered.
3. a service resolver / splitter / router is registered for the service name.
4. a terminating gateway has registered the service.
2023-02-21 13:59:36 -06:00
Andrew Stucki 7685c14885
[API Gateway] Validate listener name is not empty (#16340)
* [API Gateway] Validate listener name is not empty

* Update docstrings and test
2023-02-21 14:12:19 -05:00
Nick Irvine 69890bf5df
chore: document and unit test sdk/testutil/retry (#16049) 2023-02-21 10:48:25 -08:00
wangxinyi7 588c5a3ddf
fix flakieness (#16338) 2023-02-21 08:47:11 -08:00
cskh 806d63e7fc
fix: add tls config to unix socket when https is used (#16301)
* fix: add tls config to unix socket when https is used

* unit test and changelog
2023-02-21 08:28:13 -05:00
Dan Stough 133271ea69
fix: revert go mod compat for sdk,api to 1.19 (#16323) 2023-02-18 14:58:39 -05:00
David Yu d4aed3e753
ISSUE_TEMPLATE: formatting for comments (#16325)
* Update all templates.
2023-02-17 15:01:31 -08:00
Andrew Stucki c430f45973
Fix HTTPRoute and TCPRoute expectation for enterprise metadata (#16322) 2023-02-17 17:28:49 -05:00
Andrew Stucki 7552e84718
Normalize all API Gateway references (#16316) 2023-02-17 21:37:34 +00:00
malizz 89113f4877
new docs for consul and consul-k8s troubleshoot command (#16284)
* new docs for consul and consul-k8s troubleshoot command

* add changelog

* add troubleshoot command

* address comments, and update cli output to match

* revert changes to troubleshoot upstreams, changes will happen in separate pr

* Update .changelog/16284.txt

Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>

* address comments

* update trouble proxy output

* add missing s, add required fields in usage

---------

Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2023-02-17 13:25:49 -08:00
Matt Keeler f3c80c4eef
Protobuf Refactoring for Multi-Module Cleanliness (#16302)
Protobuf Refactoring for Multi-Module Cleanliness

This commit includes the following:

Moves all packages that were within proto/ to proto/private
Rewrites imports to account for the packages being moved
Adds in buf.work.yaml to enable buf workspaces
Names the proto-public buf module so that we can override the Go package imports within proto/buf.yaml
Bumps the buf version dependency to 1.14.0 (I was trying out the version to see if it would get around an issue - it didn't but it also doesn't break things and it seemed best to keep up with the toolchain changes)

Why:

In the future we will need to consume other protobuf dependencies such as the Google HTTP annotations for openapi generation or grpc-gateway usage.
There were some recent changes to have our own ratelimiting annotations.
The two combined were not working when I was trying to use them together (attempting to rebase another branch)
Buf workspaces should be the solution to the problem
Buf workspaces means that each module will have generated Go code that embeds proto file names relative to the proto dir and not the top level repo root.
This resulted in proto file name conflicts in the Go global protobuf type registry.
The solution to that was to add in a private/ directory into the path within the proto/ directory.
That then required rewriting all the imports.

Is this safe?

AFAICT yes
The gRPC wire protocol doesn't seem to care about the proto file names (although the Go grpc code does tack on the proto file name as Metadata in the ServiceDesc)
Other than imports, there were no changes to any generated code as a result of this.
2023-02-17 16:14:46 -05:00
Dan Stough 29497be7e8
[OSS] security: update go to 1.20.1 (#16263)
* security: update go to 1.20.1
2023-02-17 15:04:12 -05:00
David Yu 9027a9629d
ISSUE TEMPLATE: update issue templates to include comments instead of inline text for instructions (#16313)
* Update bug_report.md
* Update feature_request.md
* Update ui_issues.md
* Update pull_request_template.md
2023-02-17 11:46:31 -08:00
Andrew Stucki b3c26ebcf7
Add stricter validation and some normalization code for API Gateway ConfigEntries (#16304)
* Add stricter validation and some normalization code for API Gateway ConfigEntries
2023-02-17 19:22:01 +00:00
Andrew Stucki 311602b95d
Fix panicky xDS test flakes (#16305)
* Add defensive guard to make some tests less flaky and panic less

* Do the actual fix
2023-02-17 14:07:49 -05:00
Andrew Stucki 3a5981ab98
Fix hostname alignment checks for HTTPRoutes (#16300)
* Fix hostname alignment checks for HTTPRoutes
2023-02-17 18:18:11 +00:00
David Yu a958fb0376
ISSUE_TEMPLATE: Update issue template to include ask for HCL config files for bugs (#16307)
* Update bug_report.md
2023-02-17 10:13:43 -08:00
Andrew Stucki c8e5a1a684
Inline API Gateway TLS cert code (#16295)
* Include secret type when building resources from config snapshot

* First pass at generating envoy secrets from api-gateway snapshot

* Update comments for xDS update order

* Add secret type + corresponding golden files to existing tests

* Initialize test helpers for testing api-gateway resource generation

* Generate golden files for new api-gateway xDS resource test

* Support ADS for TLS certificates on api-gateway

* Configure TLS on api-gateway listeners

* Inline TLS cert code

* update tests

* Add SNI support so we can have multiple certificates

* Remove commented out section from helper

* regen deep-copy

* Add tcp tls test

---------

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2023-02-17 12:46:03 -05:00
Nitya Dhanushkodi 9d255fe057
troubleshoot: fixes and updated messages (#16294) 2023-02-17 07:43:05 -08:00
Thomas Eckert c66f9ebf39
API Gateway Envoy Golden Listener Tests (#16221)
* Simple API Gateway e2e test for tcp routes

* Drop DNSSans since we don't front the Gateway with a leaf cert

* WIP listener tests for api-gateway

* Return early if no routes

* Add back in leaf cert to testing

* Fix merge conflicts

* Re-add kind to setup

* Fix iteration over listener upstreams

* New tcp listener test

* Add tests for API Gateway with TCP and HTTP routes

* Move zero-route check back

* Drop generateIngressDNSSANs

* Check for chains not routes

---------

Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com>
2023-02-16 14:42:36 -05:00
Dhia Ayachi fd99cee9ac
add server side rate-limiter changelog entry (#16292) 2023-02-16 19:21:50 +00:00
Derek Menteer d87e4acb4d
Fix mesh gateways incorrectly matching peer locality. (#16257)
Fix mesh gateways incorrectly matching peer locality.

This fixes an issue where local mesh gateways use an
incorrect address when attempting to forward traffic to a
peered datacenter. Prior to this change it would use the
lan address instead of the wan if the locality matched. This
should never be done for peering, since we must route all
traffic through the remote mesh gateway.
2023-02-16 09:22:41 -06:00
trujillo-adam 9b7fc8cdf7
Docs/reformat service splitters conf entry (#16264)
* for tab testing

* updates

* Update

* adding sandbox to test conf ref types

* testing tweaks to the conf ref template

* reintroduce tabbed specification

* applied feedback from MKO session

* applied feedback on format from luke and jared

* Apply suggestions from code review

Co-authored-by: Dan Upton <daniel@floppy.co>

* fixed some minor HCL formatting in complete conf

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* fixed bad link

* resolving conflicts

---------

Co-authored-by: boruszak <jeffrey.boruszak@hashicorp.com>
Co-authored-by: Dan Upton <daniel@floppy.co>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-02-15 14:37:32 -08:00
Nathan Coleman 8ea5b575d9
Fix infinite recursion in inline-certificate config entry (#16276)
* Fix infinite recursion on InlineCertificateConfigEntry

GetNamespace() + GetMeta() were calling themselves. This change also simplifies by removing nil-checking to match pre-existing config entries

Co-Authored-By: Andrew Stucki <3577250+andrewstucki@users.noreply.github.com>

* Add tests for inline-certificate

* Add alias for private key field on inline-certificate

* Use valid certificate + private key for inline-certificate tests

---------

Co-authored-by: Andrew Stucki <3577250+andrewstucki@users.noreply.github.com>
2023-02-15 13:49:34 -06:00
Derek Menteer f661437c8a
Fix nil-pointer panics from proxycfg package. (#16277)
Prior to this PR, servers / agents would panic and crash if an ingress
or api gateway were configured to use a discovery chain that both:

1. Referenced a peered service
2. Had a mesh gateway mode of local

This could occur, because code for handling upstream watches was shared
between both connect-proxy and the gateways. As a short-term fix, this
PR ensures that the maps are always initialized for these gateway services.

This PR also wraps the proxycfg execution and service
registration calls with recover statements to ensure that future issues
like this do not put the server into an unrecoverable state.
2023-02-15 11:54:44 -06:00
Curt Bushko 966163cae1
[OSS] connect: Bump Envoy 1.22.5 to 1.22.7, 1.23.2 to 1.23.4, 1.24.0 to 1.24.2, add 1.25.1, remove 1.21.5 (#16274)
* Bump Envoy 1.22.5 to 1.22.7, 1.23.2 to 1.23.4, 1.24.0 to 1.24.2, add 1.25.1, remove 1.21.5
2023-02-15 11:45:43 -05:00
Nathan Coleman 859182c1c3
Add inline-certificate as possible payload of config-entry wrapper (#16254)
Co-authored-by: Andrew Stucki <3577250+andrewstucki@users.noreply.github.com>
2023-02-15 10:06:44 -06:00
cskh 4b5c8d7edc
upgrade test: fix flaky peering through mesh gateway (#16271) 2023-02-15 10:26:43 -05:00
malizz f482e41f0d
add integration tests for troubleshoot (#16223)
* draft

* expose internal admin port and add proxy test

* update tests

* move comment

* add failure case, fix lint issues

* cleanup

* handle error

* revert changes to service interface

* address review comments

* fix merge conflict

* merge the tests so cluster is created once

* fix other test
2023-02-14 14:22:09 -08:00