Downgrading node on CI to support v1.15.X#19240
Closed
chris-hut wants to merge 1116 commits intorelease/1.15.xfrom
Closed
Downgrading node on CI to support v1.15.X#19240chris-hut wants to merge 1116 commits intorelease/1.15.xfrom
chris-hut wants to merge 1116 commits intorelease/1.15.xfrom
Conversation
* change log for audit log * fix file name * breaking change
* Begin adding TCPUseTLS * More TCP with TLS plumbing * Making forward progress * Keep on adding TCP+TLS support for healthchecks * Removed too many lines * Unit tests for TCP+TLS * Update tlsutil/config.go Co-authored-by: Samantha <hello@entropy.cat> * Working on the tcp+tls unit test * Updated the runtime integration tests * Progress * Revert this file back to HEAD * Remove debugging lines * Implement TLS enabled TCP socket server and make a successful TCP+TLS healthcheck on it * Update docs * Update agent/agent_test.go Co-authored-by: Samantha <hello@entropy.cat> * Update website/content/docs/ecs/configuration-reference.mdx Co-authored-by: Samantha <hello@entropy.cat> * Update website/content/docs/ecs/configuration-reference.mdx Co-authored-by: Samantha <hello@entropy.cat> * Update agent/checks/check.go Co-authored-by: Samantha <hello@entropy.cat> * Address comments * Remove extraneous bracket * Update agent/agent_test.go Co-authored-by: Samantha <hello@entropy.cat> * Update agent/agent_test.go Co-authored-by: Samantha <hello@entropy.cat> * Update website/content/docs/ecs/configuration-reference.mdx Co-authored-by: Samantha <hello@entropy.cat> * Update the mockTLSServer * Remove trailing newline * Address comments * Fix merge problem * Add changelog entry --------- Co-authored-by: Samantha <hello@entropy.cat>
* fix windows image for enterprise * added quotesT
…e command and using leader version in version (#18680) * init * fix tests * fix tests lint * fix api call inside dc * updated doc * address comments
* update guide to reflect tenancy and scope * Apply suggestions from code review Co-authored-by: Semir Patel <semir.patel@hashicorp.com> * update ACLHooks signature * Update docs/resources/guide.md Co-authored-by: Semir Patel <semir.patel@hashicorp.com> --------- Co-authored-by: Semir Patel <semir.patel@hashicorp.com>
Add support for querying tokens by service name The consul-k8s endpoints controller has a workflow where it fetches all tokens. This is not performant for large clusters, where there may be a sizable number of tokens. This commit attempts to alleviate that problem and introduces a new way to query by the token's service name.
) This PR enables the GetEnvoyBootstrapParams endpoint to construct envoy bootstrap parameters from v2 catalog and mesh resources. * Make bootstrap request and response parameters less specific to services so that we can re-use them for workloads or service instances. * Remove ServiceKind from bootstrap params response. This value was unused previously and is not needed for V2. * Make access logs generation generic so that we can generate them using v1 or v2 resources.
* first commit; reformat PD conf entry * updated proxies overview page * added Deploy SM proxy usage and removed reg index * moved sidecar proxy usage to main proxy folder * recast sidecar reg page as Deploy sidecar services * fix typos * recast SM reg as conf reference- set the sidebar * add redirects * fix links * add PD conf entry usage to appropro pages * edits to proxy conf ref * fix links on index page * example command to write PD conf entry * updated links to old SM proxy reg page * updated links to sidecar service reg page * tryna fix front matter issues * Apply suggestions from code review Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com> * added paragraph about SM proxies to overivew * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> --------- Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
…3988) (#18352) * This controller generates and saves ProxyStateTemplate for sidecar proxies. * It currently supports single-port L4 ports only. * It keeps a cache of all destinations to make it easier to compute and retrieve destinations. * It will update the status of the pbmesh.Upstreams resource if anything is invalid. * This commit also changes service endpoints to include workload identity. This made the implementation a bit easier as we don't need to look up as many workloads and instead rely on endpoints data.
* Fixes issues in setting status * Update golden files for changes to xds generation to not use deprecated methods * Fixed default for validation of JWT for route
* fix: NET-1521 show latest config in /v1/agent/self
using 4x large for ent
* [NET-5325] ACL templated policies support in tokens and roles - Add API support for creating tokens/roles with templated-policies - Add CLI support for creating tokens/roles with templated-policies * adding changelog
…18532) Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
…18605) Co-authored-by: Matt Keeler <mjkeeler7@gmail.com>
* feat: implement apply command * fix: resolve lint issues * refactor: use fixed types * fix: ci lint failures after main rebase
…#18646) * Add response header filters to http-route config entry definitions * Map response header filters from config entry when constructing route destination * Support response header modifiers at the service level as well * Update protobuf definitions * Update existing unit tests * Add response filters to route consolidation logic * Make existing unit tests more robust * Add missing docstring * Add changelog entry * Add response filter modifiers to existing integration test * Add more robust testing for response header modifiers in the discovery chain * Add more robust testing for request header modifiers in the discovery chain * Modify test to verify that service filter modifiers take precedence over rule filter modifiers
* [NET-5330] Support templated policies in Binding rules * changelog for templated policy support in binding rules
* Generate deep-copy code * Undo license header removal
#18458) This commit adds support for transparent proxy to the sidecar proxy controller. As we do not yet support inferring destinations from intentions, this assumes that all services in the cluster are destinations.
* mesh-controller: handle L4 protocols for a proxy without upstreams * sidecar-controller: Support explicit destinations for L4 protocols and single ports. * This controller generates and saves ProxyStateTemplate for sidecar proxies. * It currently supports single-port L4 ports only. * It keeps a cache of all destinations to make it easier to compute and retrieve destinations. * It will update the status of the pbmesh.Upstreams resource if anything is invalid. * endpoints-controller: add workload identity to the service endpoints resource * small fixes * review comments * Address PR comments * sidecar-proxy controller: Add support for transparent proxy This currently does not support inferring destinations from intentions. * PR review comments * mesh-controller: handle L4 protocols for a proxy without upstreams * sidecar-controller: Support explicit destinations for L4 protocols and single ports. * This controller generates and saves ProxyStateTemplate for sidecar proxies. * It currently supports single-port L4 ports only. * It keeps a cache of all destinations to make it easier to compute and retrieve destinations. * It will update the status of the pbmesh.Upstreams resource if anything is invalid. * endpoints-controller: add workload identity to the service endpoints resource * small fixes * review comments * Make sure endpoint refs route to mesh port instead of an app port * Address PR comments * fixing copyright * tidy imports * sidecar-proxy controller: Add support for transparent proxy This currently does not support inferring destinations from intentions. * tidy imports * add copyright headers * Prefix sidecar proxy test files with source and destination. * Update controller_test.go --------- Co-authored-by: Iryna Shustava <iryna@hashicorp.com> Co-authored-by: R.B. Boyer <rb@hashicorp.com> Co-authored-by: github-team-consul-core <github-team-consul-core@hashicorp.com>
Update audit-logging.mdx
fix windows integrations tests machine size
…to the enclosing resource (#19176) We don't want an xRoute controlling traffic for a Service in another tenancy.
This implements the Filter field on pbcatalog.WorkloadSelector to be a post-fetch in-memory filter using the https://github.com/hashicorp/go-bexpr expression language to filter resources based on their envelope metadata fields. All existing usages of WorkloadSelector should be able to make use of the filter.
Update version file to 1.18-dev, and replace 1.13 nightly test with 1.17.
This change adds ACL hooks to the remaining catalog and mesh resources, excluding any computed ones. Those will for now continue using the default operator:x permissions. It refactors a lot of the common testing functions so that they can be re-used between resources. There are also some types that we don't yet support (e.g. virtual IPs) that this change adds ACL hooks to for future-proofing.
…19187) * NET-5073 - ProxyConfiguration: implement various connection options * PR feedback - LocalConnection and InboundConnection do not affect exposed routes. configure L7 route destinations. fix connection proto sequence numbers. * add timeout to L7 Route Destinations
Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
Enhance the xRoute ACL hook tests to cover tenanted situations. These tests will only execute in enterprise.
Enhance the DestinationPolicy ACL hook tests to cover tenanted situations. These tests will only execute in enterprise.
* typo fixes and instruction corrections * typo * link path correction
* Update dns-configuration.mdx * Update website/content/docs/services/discovery/dns-configuration.mdx Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
….0 (#19225) * Bump golang.org/x/net to 0.17.0 This resolves [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) / [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). * Update Go version to 1.20.10 This resolves [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) / [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) (`net/http`).
github-actions
bot
added
type/ci
chris-hut
added
backport/1.15
Contributor
Author
|
Closing in favor of #19248 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
CI has been failing for V1.15.X, which isn't good!
We're planning on just downgrading the node version on CI until next quarter when v1.15.X is no longer supported!
Testing & Reproduction steps
Links
PR Checklist
References