-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Backport of Docs for dataplane upgrade on k8s into release/1.14.x #18103
Closed
hc-github-team-consul-core
wants to merge
1,112
commits into
release/1.14.x
from
backport/docs/lkysow/prepare-dataplane-upgrade/deeply-joint-herring
Closed
Backport of Docs for dataplane upgrade on k8s into release/1.14.x #18103
hc-github-team-consul-core
wants to merge
1,112
commits into
release/1.14.x
from
backport/docs/lkysow/prepare-dataplane-upgrade/deeply-joint-herring
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This will aggregate all HealthStatus objects owned by the Node and update the status of the Node with an overall health.
#17317) * fix(connect envoy): set initial_fetch_timeout to wait for initial xDS indefinitely --------- Co-authored-by: Kiril Angov <[email protected]>
Signed-off-by: Dan Bond <[email protected]>
* Rename hcp-metrics-collector to consul-telemetry-collector * Fix docs * Fix doc comment --------- Co-authored-by: Ashvitha Sridharan <[email protected]>
* Add ACLs Enabled field to consul agent startup status message * Add changelog * Update startup messages to include default ACL policy configuration * Correct import groupings
* reformatted IGW conf ref * set up nav structure for IGW docs * added main usage IGW usage doc * added usage for serving custom tls certs * updated internal links * Update website/content/docs/connect/config-entries/ingress-gateway.mdx * Apply suggestions from code review Co-authored-by: Nathan Coleman <[email protected]> * changed filenames for IGW usage pages * Apply suggestions from code review Co-authored-by: Tu Nguyen <[email protected]> --------- Co-authored-by: Nathan Coleman <[email protected]> Co-authored-by: Tu Nguyen <[email protected]>
…entries (#17145) * service-resolve configuration entry reference * Updates * missing backtick * service router configuration entry reference * link fixes + tab fixes * link and tab fixes * link fixes * service resolver improvements * hierarchy fixes * spacing * links + formatting * proofing fixes * mmore fixes * Apply suggestions from code review suggestions from code review for service resolver Co-authored-by: trujillo-adam <[email protected]> * policy sections edits * service router code review * Tables to sections - service router HCL * YAML tables to sections * formatting fixes * converting tables to sections - service resolver * final tables to sections * Adjustments/alignments * nanosecond fix * Update website/content/docs/connect/config-entries/service-router.mdx Co-authored-by: trujillo-adam <[email protected]> * link to filter example config --------- Co-authored-by: trujillo-adam <[email protected]>
* endpoints xds cluster configuration * resources test fix * fix reversion in resources_test * Update agent/proxycfg/api_gateway.go Co-authored-by: John Maguire <[email protected]> * gofmt * Modify getReadyUpstreams to filter upstreams by listener (#17410) Each listener would previously have all upstreams from any route that bound to the listener. This is problematic when a route bound to one listener also binds to other listeners and so includes upstreams for multiple listeners. The list for a given listener would then wind up including upstreams for other listeners. * Update agent/proxycfg/api_gateway.go Co-authored-by: Nathan Coleman <[email protected]> * Restore import blocking * Skip to next route if route has no upstreams * cleanup * change set from bool to empty struct --------- Co-authored-by: John Maguire <[email protected]> Co-authored-by: Nathan Coleman <[email protected]>
* JWT Authentication with service intentions: update xds package to translate config to envoy
This change enables workflows where you are reapplying a resource that should have an owner ref to publish modifications to the resources data without performing a read to figure out the current owner resource incarnations UID. Basically we want workflows similar to `kubectl apply` or `consul config write` to be able to work seamlessly even for owned resources. In these cases the users intention is to have the resource owned by the “current” incarnation of the owner resource.
* endpoints xds cluster configuration * clusters xds native generation * resources test fix * fix reversion in resources_test * Update agent/proxycfg/api_gateway.go Co-authored-by: John Maguire <[email protected]> * gofmt * Modify getReadyUpstreams to filter upstreams by listener (#17410) Each listener would previously have all upstreams from any route that bound to the listener. This is problematic when a route bound to one listener also binds to other listeners and so includes upstreams for multiple listeners. The list for a given listener would then wind up including upstreams for other listeners. * Update agent/proxycfg/api_gateway.go Co-authored-by: Nathan Coleman <[email protected]> * Restore import blocking * Undo removal of unrelated code --------- Co-authored-by: John Maguire <[email protected]> Co-authored-by: Nathan Coleman <[email protected]>
* API Gateway XDS Primitives, endpoints and clusters (#17002) * XDS primitive generation for endpoints and clusters Co-authored-by: Nathan Coleman <[email protected]> * server_test * deleted extra file * add missing parents to test --------- Co-authored-by: Nathan Coleman <[email protected]> * Routes for API Gateway (#17158) * XDS primitive generation for endpoints and clusters Co-authored-by: Nathan Coleman <[email protected]> * server_test * deleted extra file * add missing parents to test * checkpoint * delete extra file * httproute flattening code * linting issue * so close on this, calling for tonight * unit test passing * add in header manip to virtual host * upstream rebuild commented out * Use consistent upstream name whether or not we're rebuilding * Start working through route naming logic * Fix typos in test descriptions * Simplify route naming logic * Simplify RebuildHTTPRouteUpstream * Merge additional compiled discovery chains instead of overwriting * Use correct chain for flattened route, clean up + add TODOs * Remove empty conditional branch * Restore previous variable declaration Limit the scope of this PR * Clean up, improve TODO * add logging, clean up todos * clean up function --------- Co-authored-by: Nathan Coleman <[email protected]> * checkpoint, skeleton, tests not passing * checkpoint * endpoints xds cluster configuration * resources test fix * fix reversion in resources_test * checkpoint * Update agent/proxycfg/api_gateway.go Co-authored-by: John Maguire <[email protected]> * unit tests passing * gofmt * add deterministic sorting to appease the unit test gods * remove panic * Find ready upstream matching listener instead of first in list * Clean up, improve TODO * Modify getReadyUpstreams to filter upstreams by listener (#17410) Each listener would previously have all upstreams from any route that bound to the listener. This is problematic when a route bound to one listener also binds to other listeners and so includes upstreams for multiple listeners. The list for a given listener would then wind up including upstreams for other listeners. * clean up todos, references to api gateway in listeners_ingress * merge in Nathan's fix * Update agent/consul/discoverychain/gateway.go * cleanup current todos, remove snapshot manipulation from generation code * Update agent/structs/config_entry_gateways.go Co-authored-by: Thomas Eckert <[email protected]> * Update agent/consul/discoverychain/gateway.go Co-authored-by: Nathan Coleman <[email protected]> * Update agent/consul/discoverychain/gateway.go Co-authored-by: Nathan Coleman <[email protected]> * Update agent/proxycfg/snapshot.go Co-authored-by: Nathan Coleman <[email protected]> * clarified header comment for FlattenHTTPRoute, changed RebuildHTTPRouteUpstream to BuildHTTPRouteUpstream * simplify cert logic * Delete scratch * revert route related changes in listener PR * Update agent/consul/discoverychain/gateway.go * Update agent/proxycfg/snapshot.go * clean up uneeded extra lines in endpoints --------- Co-authored-by: Nathan Coleman <[email protected]> Co-authored-by: John Maguire <[email protected]> Co-authored-by: Thomas Eckert <[email protected]>
To avoid unintended tampering with remote downstreams via service config, refactor BasicEnvoyExtender and RuntimeConfig to disallow typical Envoy extensions from being applied to non-local proxies. Continue to allow this behavior for AWS Lambda and the read-only Validate builtin extensions. Addresses CVE-2023-2816.
* Only synthesize anonymous token in primary DC * Add integration test for wan fed issue
* Integration test for permissive mTLS
hc-github-team-consul-core
force-pushed
the
backport/docs/lkysow/prepare-dataplane-upgrade/deeply-joint-herring
branch
from
July 12, 2023 16:55
614e5bf
to
99590f0
Compare
hc-github-team-consul-core
force-pushed
the
backport/docs/lkysow/prepare-dataplane-upgrade/deeply-joint-herring
branch
from
July 12, 2023 16:55
4a50a21
to
ef49077
Compare
github-team-consul-core-pr-approver
approved these changes
Jul 12, 2023
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Auto approved Consul Bot automated PR
github-actions
bot
added
type/docs
Documentation needs to be created/updated/clarified
theme/api
Relating to the HTTP API interface
theme/health-checks
Health Check functionality
theme/acls
ACL and token generation
theme/cli
Flags and documentation for the CLI interface
theme/config
Relating to Consul Agent configuration, including reloading
theme/ui
Anything related to the UI
theme/connect
Anything related to Consul Connect, Service Mesh, Side Car Proxies
theme/tls
Using TLS (Transport Layer Security) or mTLS (mutual TLS) to secure communication
theme/telemetry
Anything related to telemetry or observability
type/ci
Relating to continuous integration (CI) tooling for testing or releases
pr/dependencies
PR specifically updates dependencies of project
theme/envoy/xds
Related to Envoy support
theme/contributing
Additions and enhancements to community contributing materials
theme/internals
Serf, Raft, SWIM, Lifeguard, Anti-Entropy, locking topics
theme/certificates
Related to creating, distributing, and rotating certificates in Consul
theme/agent-cache
Agent Cache
theme/consul-terraform-sync
Relating to Consul Terraform Sync and Network Infrastructure Automation
labels
Jul 12, 2023
Disabling auto merge will need to do a manual cherry pick. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
pr/dependencies
PR specifically updates dependencies of project
theme/acls
ACL and token generation
theme/agent-cache
Agent Cache
theme/api
Relating to the HTTP API interface
theme/certificates
Related to creating, distributing, and rotating certificates in Consul
theme/cli
Flags and documentation for the CLI interface
theme/config
Relating to Consul Agent configuration, including reloading
theme/connect
Anything related to Consul Connect, Service Mesh, Side Car Proxies
theme/consul-terraform-sync
Relating to Consul Terraform Sync and Network Infrastructure Automation
theme/contributing
Additions and enhancements to community contributing materials
theme/envoy/xds
Related to Envoy support
theme/health-checks
Health Check functionality
theme/internals
Serf, Raft, SWIM, Lifeguard, Anti-Entropy, locking topics
theme/telemetry
Anything related to telemetry or observability
theme/tls
Using TLS (Transport Layer Security) or mTLS (mutual TLS) to secure communication
theme/ui
Anything related to the UI
type/ci
Relating to continuous integration (CI) tooling for testing or releases
type/docs
Documentation needs to be created/updated/clarified
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport
This PR is auto-generated from #18051 to be assessed for backporting due to the inclusion of the label backport/1.14.
The below text is copied from the body of the original PR.
note: will merge once consul-k8s 0.49.8 is released
Overview of commits