Commit Graph

345 Commits

Author SHA1 Message Date
boruszak 6c5d4df590 Proofing edits 2022-08-02 16:01:22 -05:00
boruszak 0e349ad6aa New features/functions list 2022-08-02 15:17:09 -05:00
boruszak 8f45d8347f New "Mesh Gateways for Peered Clusters" page 2022-08-02 15:09:00 -05:00
boruszak c798db392d Initial new features commit 2022-08-02 14:26:20 -05:00
boruszak 0d62ad8923 Proofing updates & adjustments 2022-08-01 14:43:10 -05:00
boruszak 3ada8ac95b Updated functionality + task instructions 2022-08-01 14:28:50 -05:00
boruszak 6aaf674396 Beta release constraints updated 2022-08-01 10:43:38 -05:00
boruszak 4fcfea8be2 Update "technical preview" to "beta" 2022-08-01 10:30:36 -05:00
Krastin Krastev 25b6148aa8 Merge branch 'main' into krastin/docs/sidecarservice-typo 2022-07-21 10:51:39 +03:00
Jared Kirschner 281892ab7c
Merge pull request #13405 from hashicorp/jkirschner-hashicorp-patch-3
docs: correct Vault CA multiple namespace support
2022-07-20 17:52:32 -04:00
Krastin Krastev 49ac06a51e docs: clean-up expanded service def 2022-07-18 13:45:59 +03:00
boruszak 9ba349de8c Clarification around "peering_token.json" and adding Partition names 2022-07-07 16:10:21 -05:00
boruszak 759f5a2bf5 "<service-name" fix - added brackets 2022-07-07 10:08:53 -05:00
David Yu 8552d875ae
docs: add controller to cluster peering docs (#13639)
* docs: add controller to cluster peering docs
2022-06-29 11:08:37 -07:00
Tu Nguyen 214495f2a2
Fix typo in cluster peering docs (#13574)
* Fix typo in cluster peering docs
* Remove highlight, update curly quotes
2022-06-28 15:54:57 -07:00
Matt Keeler a3a4495e78
Clarify the wording of the peering limitations in the preview (#13590) 2022-06-24 09:58:31 -04:00
David Yu 4d9922c1e4
docs: add indent to code block config tab to align with other branches (#13573) 2022-06-23 08:38:36 -07:00
David Yu a0b94d9a3a
docs: add Core requirements to cluster peering k8s docs (#13569)
* docs: add Core requirements to cluster peering k8s docs

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-06-22 19:12:08 -07:00
Tu Nguyen 81c1092531
Merge pull request #13433 from hashicorp/docs-cluster-peering-technical-preview
docs: Cluster Peering for OSS Technical Preview
2022-06-22 00:10:11 -07:00
David Yu 5469fa6d3f
Update website/content/docs/connect/cluster-peering/k8s.mdx 2022-06-21 16:34:45 -07:00
Tu Nguyen 3c6a20f436
Apply suggestions from code review 2022-06-21 16:31:49 -07:00
David Yu 3124a9245b adding fixes 2022-06-21 16:27:06 -07:00
Tu Nguyen 63d5f90832
Update website/content/docs/connect/cluster-peering/k8s.mdx
Co-authored-by: David Yu <dyu@hashicorp.com>
2022-06-21 16:21:29 -07:00
Tu Nguyen 5936a61de4
Update website/content/docs/connect/cluster-peering/create-manage-peering.mdx 2022-06-21 16:15:34 -07:00
Tu Nguyen 58c7197e58
Apply suggestions from code review
Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-06-21 16:13:39 -07:00
Tu Nguyen 1ead8fac2c
Merge pull request #13448 from hashicorp/docs-cluster-peering-k8s-technical-preview
docs: Cluster Peering for Kubernetes Technical Preview
2022-06-21 10:18:13 -07:00
Jeff Boruszak e2497a3f5a
Apply suggestions from code review
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-06-20 15:28:50 -05:00
Freddy 1b2df5388c
Additional service mesh docs updates for peering (#13464)
This PR covers two sets of changes:
- Documenting the new `destination_peer` for proxy upstream definitions.
- Updating the exported-services config entry documentation.

Updates to the `exported-services` config entry include:
- As of 1.13.0 it is no longer only for Consul Enterprise
- A `PeerName` is now a possible consumer for an exported service.
- Added examples for OSS and Enterprise
- Linked to peering docs
2022-06-17 18:40:38 -06:00
Jeff Boruszak ccbe00e469
Update website/content/docs/connect/cluster-peering/create-manage-peering.mdx 2022-06-17 12:35:35 -05:00
Jeff Boruszak 5062e89651
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-06-17 12:31:11 -05:00
Chris S. Kim c66edb8af5
Update docs with Source.Peer field (#13463) 2022-06-16 09:30:05 -04:00
Jeff Boruszak da72911ba7
Additional consistency edits 2022-06-15 16:25:57 -05:00
Jeff Boruszak b9917285ea
Apply suggestions from code review
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2022-06-15 16:15:03 -05:00
Jeff Boruszak 611ad5016e
Update website/content/docs/connect/cluster-peering/index.mdx 2022-06-15 14:26:40 -05:00
Jeff Boruszak 40e5d8b0ae
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-06-15 14:23:18 -05:00
boruszak 3e21f554ef Limitations -> Constraints 2022-06-15 14:21:58 -05:00
Jeff Boruszak e79aa5474f
Apply suggestions from code review
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-06-15 14:19:03 -05:00
boruszak 2bc2f08d1d typo fix 2022-06-15 14:08:34 -05:00
boruszak ef4d603972 Switch fronend-service and backend-service 2022-06-15 14:07:56 -05:00
Jeff Boruszak 96fb08ef61
Apply suggestions from code review 2022-06-15 14:04:52 -05:00
Jeff Boruszak e1277973aa
Apply suggestions from code review
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-06-15 14:01:34 -05:00
Jeff Boruszak fd81c4a412
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2022-06-15 13:56:55 -05:00
boruszak e1b3cfc9a9 peering_token.json addition 2022-06-15 13:55:53 -05:00
Jared Kirschner 2743c1b950
Merge branch 'main' into jkirschner-hashicorp-patch-3 2022-06-15 00:06:40 -04:00
Jeff Boruszak 993cd2f3bc
Apply suggestions from code review
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-06-14 17:34:21 -05:00
Evan Culver 7f8c650d61
connect: Use Envoy 1.22.2 instead of 1.22.1 (#13444) 2022-06-14 15:29:41 -07:00
Jeff Boruszak 034861119a
Update website/content/docs/connect/cluster-peering/create-manage-peering.mdx
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-06-14 17:29:30 -05:00
Jeff Boruszak 811674d526
Update website/content/docs/connect/cluster-peering/create-manage-peering.mdx 2022-06-14 17:28:06 -05:00
Jeff Boruszak 92d655e83d
Update website/content/docs/connect/cluster-peering/create-manage-peering.mdx
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2022-06-14 17:27:03 -05:00
Jeff Boruszak f0737c97dd
Update website/content/docs/connect/cluster-peering/index.mdx
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2022-06-14 17:23:07 -05:00
boruszak 3141469ef7 Cluster Peering on Kubernetes page creation 2022-06-14 17:15:14 -05:00
boruszak b8ad96b516 Removing k8s updates on this branch 2022-06-14 17:12:45 -05:00
boruszak 740246797b <CodeBlockConfig> fixes 2022-06-14 16:58:07 -05:00
boruszak c5b5a6ee76 Code Block fixes 2022-06-14 16:55:25 -05:00
boruszak 923b7d0db6 Cluster Peering on Kubernetes initial draft 2022-06-14 16:33:29 -05:00
boruszak be152b25c4 Cluster Peering on Kubernetes page creation 2022-06-14 16:15:57 -05:00
Evan Culver ba6136eb42
connect: Update Envoy support matrix to latest patch releases (#13431) 2022-06-14 13:19:09 -07:00
Jeff Boruszak fb916e999b
Fixing double-ticks ` 2022-06-14 10:00:22 -05:00
boruszak 084dc1c6e5 Removing Kubernetes page - will submit separate PR for timing reason 2022-06-13 16:47:47 -05:00
boruszak b0430df680 Typo fix 2022-06-13 16:42:29 -05:00
boruszak 61f60ceb4f Create and Manage Peering Connections additional fixes 2022-06-13 16:38:44 -05:00
boruszak ebe0f5408d What is Cluster Peering? additional fixes 2022-06-13 16:06:29 -05:00
boruszak 0ddcd78ec1 Create and Manage Peering Connections page 2022-06-13 14:24:02 -05:00
boruszak de4f9bcf4a What is Cluster Peering? additional fixes 2022-06-13 13:41:57 -05:00
boruszak 4fd06dff17 What is Cluster Peering? page 2022-06-13 13:31:13 -05:00
boruszak bb972974cb Initial page creation 2022-06-13 12:58:16 -05:00
Jared Kirschner a9c3eebd00
docs: correct Vault CA multiple namespace support 2022-06-08 17:50:56 -04:00
Mark Anderson ce75f486ed yUpdate website/content/docs/connect/ca/vault.mdx
Port some changes that were made to the backport branch but not in the original PR.

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-31 20:22:12 -07:00
Blake Covarrubias 9378880c42
docs: Remove unnecessary use of CodeBlockConfig (#12974)
Remove empty CodeBlockConfig elements. These elements are not
providing any benefit for the enclosed code blocks. This PR removes
the elements so so that the source is easier to read.
2022-05-11 15:37:02 -07:00
Blake Covarrubias 8edee753d1
docs: Fix spelling errors across site (#12973) 2022-05-10 07:28:33 -07:00
Mark Anderson 7eda81d00d
Update website/content/docs/connect/config-entries/mesh.mdx (#12943)
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Signed-off-by: Mark Anderson <manderson@hashicorp.com>

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-05-05 10:39:53 -07:00
Mark Anderson c6ff4ba7d8
Support vault namespaces in connect CA (#12904)
* Support vault namespaces in connect CA

Follow on to some missed items from #12655

From an internal ticket "Support standard "Vault namespace in the
path" semantics for Connect Vault CA Provider"

Vault allows the namespace to be specified as a prefix in the path of
a PKI definition, but our usage of the Vault API includes calls that
don't support a namespaced key. In particular the sys.* family of
calls simply appends the key, instead of prefixing the namespace in
front of the path.

Unfortunately it is difficult to reliably parse a path with a
namespace; only vault knows what namespaces are present, and the '/'
separator can be inside a key name, as well as separating path
elements. This is in use in the wild; for example
'dc1/intermediate-key' is a relatively common naming schema.

Instead we add two new fields: RootPKINamespace and
IntermediatePKINamespace, which are the absolute namespace paths
'prefixed' in front of the respective PKI Paths.

Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-04 19:41:55 -07:00
Mark Anderson 05dc5a26b7 Docs and changelog edits
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-04 08:50:59 -07:00
Mark Anderson d7e7cb09dc Add some docs
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-04 08:50:58 -07:00
Blake Covarrubias 54119f3225
docs: Add example Envoy escape hatch configs (#12764)
Add example escape hatch configurations for all supported override
types.
2022-05-02 11:25:59 -07:00
Karl Cardenas 142c0ac419
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-04-26 13:12:53 -07:00
Karl Cardenas e0e2b7b547
docs: updated connect docs and re-deploying missed changes 2022-04-25 10:04:06 -07:00
David Yu d08b5a1832
docs: remove 1.9.x row in Envoy compatibility matrix (#12828) 2022-04-20 19:35:06 -07:00
Evan Culver 000d0621b4
connect: Add Envoy 1.22 to integration tests, remove Envoy 1.18 (#12805)
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2022-04-18 09:36:07 -07:00
Evan Culver 881e17fae1
connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
Natalie Smith 0a51e145c1 docs: simplify agent docs slugs 2022-04-11 17:38:47 -07:00
Natalie Smith ddae7d18a2 docs: fix external links to agent config pages 2022-04-11 17:38:11 -07:00
R.B. Boyer 25ba9c147a
xds: ensure that all connect timeout configs can apply equally to tproxy direct dial connections (#12711)
Just like standard upstreams the order of applicability in descending precedence:

1. caller's `service-defaults` upstream override for destination
2. caller's `service-defaults` upstream defaults
3. destination's `service-resolver` ConnectTimeout
4. system default of 5s

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-04-07 16:58:21 -05:00
Kyle Havlovitz 6cf22a5cef
Merge pull request #12672 from hashicorp/tgate-san-validation
Respect SNI with terminating gateways and log a warning if it isn't set alongside TLS
2022-04-05 11:15:59 -07:00
Blake Covarrubias 79144dbac6
docs: Update links to K8s service mesh annotations (#12652)
The list of supported annotations for Consul service mesh were moved
from /docs/k8s/connect to /docs/k8s/annotations-and-labels in PR
#12323.

This commit updates various across the site to point to the new
URL for these annotations.
2022-04-04 14:35:07 -07:00
Kyle Havlovitz 1a3b885027 Use the GatewayService SNI field for upstream SAN validation 2022-03-31 13:54:25 -07:00
Kyle Havlovitz 51527907ab Recommend SNI with TLS in the terminating gateway docs 2022-03-31 12:19:16 -07:00
Bryce Kalow 6bf67b7ef4
website: redirect /api to /api-docs (#12660) 2022-03-30 16:16:26 -05:00
R.B. Boyer e79ce8ab03
xds: adding control of the mesh-wide min/max TLS versions and cipher suites from the mesh config entry (#12601)
- `tls.incoming`: applies to the inbound mTLS targeting the public
  listener on `connect-proxy` and `terminating-gateway` envoy instances

- `tls.outgoing`: applies to the outbound mTLS dialing upstreams from
  `connect-proxy` and `ingress-gateway` envoy instances

Fixes #11966
2022-03-30 13:43:59 -05:00
R.B. Boyer ac5bea862a
server: ensure that service-defaults meta is incorporated into the discovery chain response (#12511)
Also add a new "Default" field to the discovery chain response to clients
2022-03-30 10:04:18 -05:00
Krastin Krastev 6682a0d4be
docs: fix a trailing comma in JSON body
removing a comma after a last element in JSON body
2022-03-22 20:36:59 +01:00
David Yu 858e05e7d7
docs: Consul Service Mesh overview - rename of title and K8s getting started (#12574)
* Consul Service Mesh overview - rename of title and K8s getting started

* reformat lines
2022-03-18 08:55:57 -07:00
Dan Upton b36d4e16b6
Support per-listener TLS configuration ⚙️ (#12504)
Introduces the capability to configure TLS differently for Consul's
listeners/ports (i.e. HTTPS, gRPC, and the internal multiplexed RPC
port) which is useful in scenarios where you may want the HTTPS or
gRPC interfaces to present a certificate signed by a well-known/public
CA, rather than the certificate used for internal communication which
must have a SAN in the form `server.<dc>.consul`.
2022-03-18 10:46:58 +00:00
Jacob ee78b5a380
Update ui-visualization.mdx 2022-03-16 10:08:22 -04:00
mrspanishviking 7180c99960
Revert "[Docs] Agent configuration hierarchy " 2022-03-15 16:13:58 -07:00
trujillo-adam 4151dc097a fixing merge conflicts part 3 2022-03-15 15:25:03 -07:00
trujillo-adam 9cc9122be8 fixed merge conflicts pt2 2022-03-15 14:01:24 -07:00
trujillo-adam 76d55ac2b4 merging new hierarchy for agent configuration 2022-03-14 15:44:41 -07:00
Kyle Schochenmaier d6792f14a3
update docs (#12543) 2022-03-09 13:24:20 -06:00
Blake Covarrubias 9a0c2dee60
docs: Update Kubernetes YAML examples in UI visualization (#12419)
* Update Kubernetes related YAML config examples to document supported
syntax in the latest version of the Helm chart.
* Fix syntax in JSON example configs.

Resolves #12403

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-03-03 21:31:57 -08:00