luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
10,218 Commits 1 Branch 1 Tag 358 MiB
Go 62%
MDX 17.7%
SCSS 11%
JavaScript 4.7%
Handlebars 2%
Other 2.4%
Go to file
R.B. Boyer 4666599e18
connect: reconcile how upstream configuration works with discovery chains (#6225) 
* connect: reconcile how upstream configuration works with discovery chains

The following upstream config fields for connect sidecars sanely
integrate into discovery chain resolution:

- Destination Namespace/Datacenter: Compilation occurs locally but using
different default values for namespaces and datacenters. The xDS
clusters that are created are named as they normally would be.

- Mesh Gateway Mode (single upstream): If set this value overrides any
value computed for any resolver for the entire discovery chain. The xDS
clusters that are created may be named differently (see below).

- Mesh Gateway Mode (whole sidecar): If set this value overrides any
value computed for any resolver for the entire discovery chain. If this
is specifically overridden for a single upstream this value is ignored
in that case. The xDS clusters that are created may be named differently
(see below).

- Protocol (in opaque config): If set this value overrides the value
computed when evaluating the entire discovery chain. If the normal chain
would be TCP or if this override is set to TCP then the result is that
we explicitly disable L7 Routing and Splitting. The xDS clusters that
are created may be named differently (see below).

- Connect Timeout (in opaque config): If set this value overrides the
value for any resolver in the entire discovery chain. The xDS clusters
that are created may be named differently (see below).

If any of the above overrides affect the actual result of compiling the
discovery chain (i.e. "tcp" becomes "grpc" instead of being a no-op
override to "tcp") then the relevant parameters are hashed and provided
to the xDS layer as a prefix for use in naming the Clusters. This is to
ensure that if one Upstream discovery chain has no overrides and
tangentially needs a cluster named "api.default.XXX", and another
Upstream does have overrides for "api.default.XXX" that they won't
cross-pollinate against the operator's wishes.

Fixes #6159
 		2019-08-01 22:03:34 -05:00
.circleci Merge Consul OSS branch master at commit b3541c4f34d43ab92fe52256420759f17ea0ed73 2019-07-26 10:34:24 -05:00
.github Update questions issue template directing q's to the forum (#5957) 2019-06-12 09:07:44 -05:00
acl Fix to prevent allowing recursive KV deletions when we shouldn’t 2019-05-22 20:13:30 +00:00
agent connect: reconcile how upstream configuration works with discovery chains (#6225) 2019-08-01 22:03:34 -05:00
api connect: allow L7 routers to match on http methods (#6164) 2019-07-23 20:56:39 -05:00
bench
build-support ui: modify content path (#5950) 2019-06-26 11:43:30 -05:00
command Update default gossip encryption key size to 32 bytes 2019-07-30 09:45:41 -06:00
connect connect: Support RSA keys in addition to ECDSA (#6055) 2019-07-30 17:47:39 -04:00
demo
ipaddr Ensure Consul is IPv6 compliant (#5468) 2019-06-04 10:02:38 -04:00
lib resolve circleci config conflicts 2019-07-23 20:18:36 -04:00
logger log rotation: limit count of rotated log files (#5831) 2019-07-19 15:36:34 -06:00
sdk resolve circleci config conflicts 2019-07-23 20:18:36 -04:00
sentinel Update to use a consulent build tag instead of just ent (#5759) 2019-05-01 11:11:27 -04:00
service_os Changes made : 2018-06-28 21:18:14 -04:00
snapshot Move internal/ to sdk/ (#5568) 2019-03-27 08:54:56 -04:00
terraform terraform: remove modules in repo (#5085) 2019-04-04 16:31:43 -07:00
test connect: reconcile how upstream configuration works with discovery chains (#6225) 2019-08-01 22:03:34 -05:00
testrpc Move internal/ to sdk/ (#5568) 2019-03-27 08:54:56 -04:00
tlsutil connect: Support RSA keys in addition to ECDSA (#6055) 2019-07-30 17:47:39 -04:00
types
ui-v2 Merge remote-tracking branch 'origin/master' into release/1-6 2019-07-15 10:02:34 -07:00
vendor Revert "connect: support AWS PCA as a CA provider" (#6251) 2019-07-31 09:08:10 -04:00
version Release v1.6.0-beta3 2019-07-26 23:15:20 +00:00
website Update default gossip encryption key size to 32 bytes 2019-07-30 09:45:41 -06:00
.dockerignore
.gitattributes
.gitignore connect: Support RSA keys in addition to ECDSA (#6055) 2019-07-30 17:47:39 -04:00
CHANGELOG.md update changelog 2019-08-01 13:27:14 -05:00
GNUmakefile Revert "connect: support AWS PCA as a CA provider" (#6251) 2019-07-31 09:08:10 -04:00
INTERNALS.md docs: correct link to top level agent package (#4750) 2018-10-04 09:15:55 -05:00
LICENSE
NOTICE.md add copyright notice file 2018-07-09 10:58:26 -07:00
README.md Contribution guide (#4704) 2018-10-05 09:06:40 -07:00
Vagrantfile
go.mod Revert "connect: support AWS PCA as a CA provider" (#6251) 2019-07-31 09:08:10 -04:00
go.sum Revert "connect: support AWS PCA as a CA provider" (#6251) 2019-07-31 09:08:10 -04:00
main.go Added Side Effect import for Windows Service 2018-06-18 14:55:11 -04:00
main_test.go

README.md

Consul Build Status Join the chat at https://gitter.im/hashicorp-consul/Lobby

Consul is a tool for service discovery and configuration. Consul is distributed, highly available, and extremely scalable.

Consul provides several key features:

  • Service Discovery - Consul makes it simple for services to register themselves and to discover other services via a DNS or HTTP interface. External services such as SaaS providers can be registered as well.

  • Health Checking - Health Checking enables Consul to quickly alert operators about any issues in a cluster. The integration with service discovery prevents routing traffic to unhealthy hosts and enables service level circuit breakers.

  • Key/Value Storage - A flexible key/value store enables storing dynamic configuration, feature flagging, coordination, leader election and more. The simple HTTP API makes it easy to use anywhere.

  • Multi-Datacenter - Consul is built to be datacenter aware, and can support any number of regions without complex configuration.

  • Service Segmentation - Consul Connect enables secure service-to-service communication with automatic TLS encryption and identity-based authorization.

Consul runs on Linux, Mac OS X, FreeBSD, Solaris, and Windows. A commercial version called Consul Enterprise is also available.

Please note: We take Consul's security and our users' trust very seriously. If you believe you have found a security issue in Consul, please responsibly disclose by contacting us at security@hashicorp.com.

Quick Start

An extensive quick start is viewable on the Consul website:

https://www.consul.io/intro/getting-started/install.html

Documentation

Full, comprehensive documentation is viewable on the Consul website:

https://www.consul.io/docs

Contributing

Thank you for your interest in contributing! Please refer to CONTRIBUTING.md for guidance.