Commit Graph

17727 Commits

Author SHA1 Message Date
R.B. Boyer 9c5d818546
xds: begin refactor to always pass test snapshots through all xDS types (#13461) 2022-06-15 14:58:28 -05:00
Nathan Coleman 521e040356 Add note about expected status for invalid CertificateRef 2022-06-15 15:46:46 -04:00
R.B. Boyer 93611819e2
xds: mesh gateways now have their own leaf certificate when involved in a peering (#13460)
This is only configured in xDS when a service with an L7 protocol is
exported.

They also load any relevant trust bundles for the peered services to
eventually use for L7 SPIFFE validation during mTLS termination.
2022-06-15 14:36:18 -05:00
Jeff Boruszak 3b85a9dda2
Update website/data/docs-nav-data.json
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-06-15 14:26:54 -05:00
Jeff Boruszak 627173110b
Update website/content/docs/connect/cluster-peering/index.mdx 2022-06-15 14:26:40 -05:00
Jeff Boruszak 1a6eea4fc3
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-06-15 14:23:18 -05:00
boruszak b00262381b Limitations -> Constraints 2022-06-15 14:21:58 -05:00
Jeff Boruszak 08716c5279
Apply suggestions from code review
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-06-15 14:19:03 -05:00
boruszak 37acf49357 typo fix 2022-06-15 14:08:34 -05:00
boruszak 80f779a528 Switch fronend-service and backend-service 2022-06-15 14:07:56 -05:00
Jeff Boruszak e8d34bab68
Apply suggestions from code review 2022-06-15 14:04:52 -05:00
Jeff Boruszak c23ab4259e
Apply suggestions from code review
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-06-15 14:01:34 -05:00
Jeff Boruszak 199e9a900a
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2022-06-15 13:56:55 -05:00
boruszak 1c7d51f9d9 peering_token.json addition 2022-06-15 13:55:53 -05:00
Daniel Upton 8d39e1fd7e docs: instructions for interacting with the private gRPC server locally 2022-06-15 18:26:58 +01:00
Riddhi Shah 414bb7e34e
[OSS] Support merge-central-config option in node services list API (#13450)
Adds the merge-central-config query param option to the /catalog/node-services/:node-name API,
to get a service definition in the response that is merged with central defaults (proxy-defaults/service-defaults).

Updated the consul connect envoy command to use this option when
retrieving the proxy service details so as to render the bootstrap configuration correctly.
2022-06-15 08:30:31 -07:00
Eric Haberkorn eb9c341f5e
Lambda Beta Documentation (#13426)
* Document the `enable_serverless_plugin` Agent Configuration Option (#13372)
* Initial AWS Lambda documentation (#13245)
2022-06-15 11:14:16 -04:00
cskh 340a194894
Load test, upgrade packer version, fix k6s installation (#13382)
- fix sg: need remote access to test server
- Give the load generator a name
- Update loadtest hcl filename in readme
- Add terraform init
- Disable access to the server machine by default
2022-06-15 09:29:38 -04:00
Jared Kirschner a01acbae1b
Merge pull request #13353 from hashicorp/jkirschner-hashicorp-patch-1
docs: show HCP Consul supports CTS enterprise
2022-06-15 00:05:30 -04:00
Jeff Boruszak caa2dc5bfb
Apply suggestions from code review
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-06-14 17:34:21 -05:00
Evan Culver ca7acd2970
connect: Use Envoy 1.22.2 instead of 1.22.1 (#13444) 2022-06-14 15:29:41 -07:00
Jeff Boruszak 687c16b9e0
Update website/content/docs/connect/cluster-peering/create-manage-peering.mdx
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-06-14 17:29:30 -05:00
Jeff Boruszak 9a8235993a
Update website/content/docs/connect/cluster-peering/create-manage-peering.mdx 2022-06-14 17:28:06 -05:00
Jeff Boruszak fe0a5491d2
Update website/content/docs/connect/cluster-peering/create-manage-peering.mdx
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2022-06-14 17:27:03 -05:00
Jeff Boruszak 24409fa40b
Update website/content/docs/connect/cluster-peering/index.mdx
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2022-06-14 17:23:07 -05:00
boruszak e22171cdbf Cluster Peering on Kubernetes page creation 2022-06-14 17:15:14 -05:00
boruszak 72b91c3481 Nav.json updates 2022-06-14 17:14:34 -05:00
boruszak 703ce412c7 Removing k8s updates on this branch 2022-06-14 17:12:45 -05:00
boruszak b9a4ff73ce Updated nav.json 2022-06-14 17:01:48 -05:00
Freddy 81fff23841
Merge pull request #13445 from hashicorp/peering/finalize-deletions 2022-06-14 15:58:44 -06:00
boruszak 8687f1511e <CodeBlockConfig> fixes 2022-06-14 16:58:07 -05:00
boruszak 0b60e6b539 Code Block fixes 2022-06-14 16:55:25 -05:00
freddygv a288d0c388 Avoid deleting peerings marked as terminated.
When our peer deletes the peering it is locally marked as terminated.
This termination should kick off deleting all imported data, but should
not delete the peering object itself.

Keeping peerings marked as terminated acts as a signal that the action
took place.
2022-06-14 15:37:09 -06:00
freddygv a5283e4361 Add leader routine to clean up peerings
Once a peering is marked for deletion a new leader routine will now
clean up all imported resources and then the peering itself.

A lot of the logic was grabbed from the namespace/partitions deferred
deletions but with a handful of simplifications:
- The rate limiting is not configurable.

- Deleting imported nodes/services/checks is done by deleting nodes with
  the Txn API. The services and checks are deleted as a side-effect.

- There is no "round rate limiter" like with namespaces and partitions.
  This is because peerings are purely local, and deleting a peering in
  the datacenter does not depend on deleting data from other DCs like
  with WAN-federated namespaces. All rate limiting is handled by the
  Raft rate limiter.
2022-06-14 15:36:50 -06:00
boruszak c901667dd4 Cluster Peering on Kubernetes initial draft 2022-06-14 16:33:29 -05:00
Nathan Coleman a768fb8e80 Indent points specific to xRoute backend references 2022-06-14 17:27:02 -04:00
boruszak 0bffbc429c Cluster Peering on Kubernetes page creation 2022-06-14 16:15:57 -05:00
Evan Culver 2adb9f7c8a
connect: Update Envoy support matrix to latest patch releases (#13431) 2022-06-14 13:19:09 -07:00
Nathan Coleman ac0be8644a Add docs for ReferencePolicy as it applies to Gateways 2022-06-14 15:11:28 -04:00
alex 6dbcb1d88e
peering: intentions list test (#13435) 2022-06-14 10:59:53 -07:00
Kyle Schochenmaier df468af991
[docs] update terminating gateway docs for trust store path (#13432)
* update terminating gateway docs for trust store
* Update website/content/docs/k8s/connect/terminating-gateways.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-06-14 12:29:33 -05:00
Jeff Boruszak 2e5163dfdc
Fixing double-ticks ` 2022-06-14 10:00:22 -05:00
Jeff Boruszak 3097f4d00f
Added nav data 2022-06-13 17:27:11 -05:00
boruszak 0c1b6d77d8 Removing Kubernetes page - will submit separate PR for timing reason 2022-06-13 16:47:47 -05:00
boruszak ad4712334d Typo fix 2022-06-13 16:42:29 -05:00
boruszak 00e648ab89 Create and Manage Peering Connections additional fixes 2022-06-13 16:38:44 -05:00
Sarah Alsmiller 0428a2ef99 light restructureing/fixed some copypasta 2022-06-13 16:16:45 -05:00
boruszak ecdb4cda96 What is Cluster Peering? additional fixes 2022-06-13 16:06:29 -05:00
Sarah Alsmiller 42b840b684 updated referencepolicy to referencegrant, added v0.3.0 upgrade instructions 2022-06-13 16:05:21 -05:00
boruszak fb573f7801 Create and Manage Peering Connections page 2022-06-13 14:24:02 -05:00