Commit Graph

13007 Commits

Author SHA1 Message Date
Matt Keeler 7b49fc1529
Require enabling TLS to enable Auto Config (#8159)
On the servers they must have a certificate.

On the clients they just have to set verify_outgoing to true to attempt TLS connections for RPCs.

Eventually we may relax these restrictions but right now all of the settings we push down (acl tokens, acl related settings, certificates, gossip key) are sensitive and shouldn’t be transmitted over an unencrypted connection. Our guides and docs should recoommend verify_server_hostname on the clients as well.

Another reason to do this is weird things happen when making an insecure RPC when TLS is not enabled. Basically it tries TLS anyways. We should probably fix that to make it clearer what is going on.
2020-06-19 16:38:14 -04:00
Freddy c908f4f1d3
Update CHANGELOG.md 2020-06-19 13:36:37 -06:00
Freddy 3089b0e57a
Update CHANGELOG.md 2020-06-19 13:35:22 -06:00
Freddy 7e7c783c8f
Always return a gateway cluster (#8158) 2020-06-19 13:31:39 -06:00
Matt Keeler 9dc9f7df15
Allow cancelling startup when performing auto-config (#8157)
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2020-06-19 15:16:00 -04:00
Preetha c229af80ce
Merge pull request #8156 from hashicorp/docs-update-version
update version to 1.8.0
2020-06-18 20:05:53 -05:00
Preetha 0d4d807cb0
remove prerelease tag 2020-06-18 20:02:21 -05:00
Preetha 83241ec09e
update alert banner 2020-06-18 19:36:42 -05:00
Preetha 52dc72c24a
update version to 1.8.0 2020-06-18 19:32:11 -05:00
Freddy 4948cd403f
Finalize gateway documentation for 1.8.0 GA (#8121)
Co-authored-by: Derek Strickland <1111455+DerekStrickland@users.noreply.github.com>
2020-06-18 15:27:06 -06:00
Chris Piraino e7c0f3e79b
Remove ingress line items from UNRELEASED header
These all got squashed into the Ingress Gateway feature item in 1.8.0.
2020-06-18 15:54:36 -05:00
Chris Piraino 850f7b93d4
Update master CHANGELOG to release 1.8.0 (#8152) 2020-06-18 15:28:18 -05:00
Luke Kysow 61cd88d475
Merge pull request #8150 from hashicorp/18-wan-fed-docs
Remove consul:beta now that 1.8 is out.
2020-06-18 12:54:31 -07:00
Daniel Nephin 896b057a9f
Merge pull request #8147 from hashicorp/dnephin/remove-private-ip-2
Remove some dead code from agent/consul/util.go
2020-06-18 15:51:09 -04:00
Matt Keeler 7086a50353 Change auto config authorizer to allow for future extension
The envisioned changes would allow extra settings to enable dynamically defined auth methods to be used instead of  or in addition to the statically defined one in the configuration.
2020-06-18 15:22:24 -04:00
Luke Kysow c937cbd0cf
Remove consul:beta now that 1.8 is out. 2020-06-18 11:50:25 -07:00
Rebecca Zanzig b9ec0d310f
Merge pull request #8126 from hashicorp/k8s/gateway-docs
Add helm chart options for ingress and terminating gateways
2020-06-18 11:30:59 -07:00
Jono Sosulska 1f1eb0cb33
Fixing multiple document updates (#8135)
* Fixes #7663-ACL Token Reloadable#7432-Cipher Suites,#7385-KV Delete DC, raft list-peers docs

Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2020-06-18 14:10:45 -04:00
Rebecca Zanzig c1d37ddd6b Add helm chart options for ingress and terminating gateways 2020-06-18 11:04:19 -07:00
Dexter Lowe a27694d110
#8059 Improve Clarity on TTL docs (#8141) 2020-06-18 13:53:43 -04:00
Daniel Nephin b5ef9b7ea9 Remove bytesToUint64 from agent/consul 2020-06-18 12:45:43 -04:00
Daniel Nephin 81bc082b63 Remove unused private IP code from agent/consul 2020-06-18 12:40:38 -04:00
Chris Piraino d62cead958
Bump golang to 1.14.4 to avoid known runtime issue (#8146)
An issue where the golang runtime would hang and loop forever
2020-06-18 11:38:33 -05:00
Matt Keeler ecde16b562
Merge pull request #8086 from hashicorp/feature/auto-config/client-config-inject 2020-06-18 10:44:32 -04:00
John Cowen 6126f24acd
ui: Remove with-listeners mixin (#8142)
This mixin was a very thin mixin over the top of our listeners utility,
and we have been gradually preferring using the utility straight rather
than using the mixin. This commit removes the last places where we still
used the mixin, and also potentially the last few places where we
continued to use the old API for our listeners utility.
2020-06-18 14:54:31 +01:00
Kenia 15deb4bda1
ui: Refactor Upstreams and Exposed Paths icons (#8139)
* Update Ports to have copy-button to the left

* Update exposed paths use a description list
2020-06-18 09:23:42 -04:00
Matt Keeler 2c7844d220
Implement Client Agent Auto Config
There are a couple of things in here.

First, just like auto encrypt, any Cluster.AutoConfig RPC will implicitly use the less secure RPC mechanism.

This drastically modifies how the Consul Agent starts up and moves most of the responsibilities (other than signal handling) from the cli command and into the Agent.
2020-06-17 16:49:46 -04:00
Matt Keeler f5d57ccd48
Allow the Agent its its child Client/Server to share a connection pool
This is needed so that we can make an AutoConfig RPC at the Agent level prior to creating the Client/Server.
2020-06-17 16:19:33 -04:00
Matt Keeler 8c601ad8db
Merge pull request #8035 from hashicorp/feature/auto-config/server-rpc 2020-06-17 16:07:25 -04:00
Chris Piraino 79d003d395
Remove ACLEnforceVersion8 from tests (#8138)
The field had been deprecated for a while and was recently removed,
however a PR which added these tests prior to removal was merged.
2020-06-17 14:58:01 -05:00
Chris Piraino 03cc81ba18
Updates docs with ingress Host header clarifications (#8062)
* Updates docs with ingress Host header changes

Clarify that a Host header is required for L7 protocols, and specify
that the default is to use the Consul DNS ingress subdomain

* Add sentence about using '*' by itself for testing

* Add optional step for using L7 routing config

* Note that port numbers may need to be added in the Hosts field
2020-06-17 14:43:58 -05:00
Daniel Nephin 3d03d72727
Merge pull request #7762 from hashicorp/dnephin/warn-on-unknown-service-file
config: warn if a config file is being skipped because of its file extension
2020-06-17 15:14:40 -04:00
Daniel Nephin cb736b6947 config: warn when a config file is skipped
All commands which read config (agent, services, and validate) will now
print warnings when one of the config files is skipped because it did
not match an expected format.

Also ensures that config validate prints all warnings.
2020-06-17 13:08:54 -04:00
Kevin Pruett 479af3d9dd
Merge pull request #8136 from hashicorp/pruett.update-nextjs-scripts-dep
Update @hashicorp/nextjs-scripts dep
2020-06-17 12:16:45 -04:00
Daniel Nephin 1ef8279ac9
Merge pull request #8034 from hashicorp/dnephin/add-linter-staticcheck-4
ci: enable SA4006 staticcheck check and add ineffassign
2020-06-17 12:16:02 -04:00
Kevin Pruett 5d0bd935b0
Update @hashicorp/nextjs-scripts dep 2020-06-17 12:01:56 -04:00
Matt Keeler eda8cb39fd
Implement the insecure version of the Cluster.AutoConfig RPC endpoint
Right now this is only hooked into the insecure RPC server and requires JWT authorization. If no JWT authorizer is setup in the configuration then we inject a disabled “authorizer” to always report that JWT authorization is disabled.
2020-06-17 11:25:29 -04:00
wisp 9bad4aaf9a
Fixed a typo (#8132)
Fixed a little typo 🐰
2020-06-17 10:21:33 -04:00
John Cowen bb94b6a474
ui: Switch out WithResizingMixin for on-window helper (#8130)
* ui: Add ember-on-helper

* Switch out WithResizingMixin for {{on-window}} helper
2020-06-17 14:26:50 +01:00
John Cowen 52705125a1
ui: Remove WithEventSource mixin, use a component instead (#7953)
The WithEventSource mixin was responsible for catching EventSource
errors and cleaning up events sources then the user left a Controller.

As we are trying to avoid mixin usage, we moved this all to an
`EventSource` component, which can clean up when the component is
removed from the page, and also fires an onerror event.

Moving to a component firing an onerror event means we can also remove
all of our custom computed property work that we were using previously
to catch errors (thrown when a service etc. is removed)
2020-06-17 14:19:50 +01:00
John Cowen b5e08089ab
ui: Change code-editor tested to use querySelectorAll (#8087) (#8131) 2020-06-17 14:17:00 +01:00
John Cowen 84c977faf1
ui: Don't show duplicate services in the intentions form dropdown (#8133)
* Add uniq-by helper
* Pass unique services through to intentions form
* Add acceptance test
2020-06-17 14:11:40 +01:00
Pierre Souchay f7a1189dba
gossip: Ensure that metadata of Consul Service is updated (#7903)
While upgrading servers to a new version, I saw that metadata of
existing servers are not upgraded, so the version and raft meta
is not up to date in catalog.

The only way to do it was to:
 * update Consul server
 * make it leave the cluster, then metadata is accurate

That's because the optimization to avoid updating catalog does
not take into account metadata, so no update on catalog is performed.
2020-06-17 12:16:13 +02:00
John Cowen 9a539f0340
ui: Token listing redesign (#8117) 2020-06-17 10:25:54 +01:00
Daniel Nephin 8753d1f1ba ci: Add ineffsign linter
And fix an additional ineffective assignment that was not caught by staticcheck
2020-06-16 17:32:50 -04:00
Daniel Nephin 97342de262
Merge pull request #8070 from hashicorp/dnephin/add-gofmt-simplify
ci: Enable gofmt simplify
2020-06-16 17:18:38 -04:00
Matt Keeler f194dd619a
Add helper for generating better permission denied errors 2020-06-16 15:06:18 -04:00
Matt Keeler d994dc7b35
Agent Auto Configuration: Configuration Syntax Updates (#8003) 2020-06-16 15:03:22 -04:00
Daniel Nephin 98effaf69d
Merge pull request #8007 from hashicorp/streaming/add-hooks-to-memdb-txn
streaming: track changes to state
2020-06-16 14:32:36 -04:00
David Yu 818ce2eca6
Formatting spaces between keys in Config entries (#8116)
* Formatting spaces between keys in Config entries

* Service Router spacing

* Missing Camel Case proxy-defaults

* Remove extra spaces service-splitter

* Remove extra spsaces service-resolver

* More spaces a la hclfmt

* Nice!

* Oh joy!

* More spaces on proxy-defaults

* Update website/pages/docs/agent/config-entries/proxy-defaults.mdx

Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-06-16 11:28:21 -07:00