Jared Kirschner
a9c3eebd00
docs: correct Vault CA multiple namespace support
2022-06-08 17:50:56 -04:00
Mark Anderson
ce75f486ed
yUpdate website/content/docs/connect/ca/vault.mdx
...
Port some changes that were made to the backport branch but not in the original PR.
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-31 20:22:12 -07:00
Blake Covarrubias
9378880c42
docs: Remove unnecessary use of CodeBlockConfig ( #12974 )
...
Remove empty CodeBlockConfig elements. These elements are not
providing any benefit for the enclosed code blocks. This PR removes
the elements so so that the source is easier to read.
2022-05-11 15:37:02 -07:00
Blake Covarrubias
8edee753d1
docs: Fix spelling errors across site ( #12973 )
2022-05-10 07:28:33 -07:00
Mark Anderson
7eda81d00d
Update website/content/docs/connect/config-entries/mesh.mdx ( #12943 )
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-05-05 10:39:53 -07:00
Mark Anderson
c6ff4ba7d8
Support vault namespaces in connect CA ( #12904 )
...
* Support vault namespaces in connect CA
Follow on to some missed items from #12655
From an internal ticket "Support standard "Vault namespace in the
path" semantics for Connect Vault CA Provider"
Vault allows the namespace to be specified as a prefix in the path of
a PKI definition, but our usage of the Vault API includes calls that
don't support a namespaced key. In particular the sys.* family of
calls simply appends the key, instead of prefixing the namespace in
front of the path.
Unfortunately it is difficult to reliably parse a path with a
namespace; only vault knows what namespaces are present, and the '/'
separator can be inside a key name, as well as separating path
elements. This is in use in the wild; for example
'dc1/intermediate-key' is a relatively common naming schema.
Instead we add two new fields: RootPKINamespace and
IntermediatePKINamespace, which are the absolute namespace paths
'prefixed' in front of the respective PKI Paths.
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-04 19:41:55 -07:00
Mark Anderson
05dc5a26b7
Docs and changelog edits
...
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-04 08:50:59 -07:00
Mark Anderson
d7e7cb09dc
Add some docs
...
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-04 08:50:58 -07:00
Blake Covarrubias
54119f3225
docs: Add example Envoy escape hatch configs ( #12764 )
...
Add example escape hatch configurations for all supported override
types.
2022-05-02 11:25:59 -07:00
Karl Cardenas
142c0ac419
Apply suggestions from code review
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-04-26 13:12:53 -07:00
Karl Cardenas
e0e2b7b547
docs: updated connect docs and re-deploying missed changes
2022-04-25 10:04:06 -07:00
David Yu
d08b5a1832
docs: remove 1.9.x row in Envoy compatibility matrix ( #12828 )
2022-04-20 19:35:06 -07:00
Evan Culver
000d0621b4
connect: Add Envoy 1.22 to integration tests, remove Envoy 1.18 ( #12805 )
...
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2022-04-18 09:36:07 -07:00
Evan Culver
881e17fae1
connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 ( #12777 )
2022-04-14 10:44:42 -07:00
Natalie Smith
0a51e145c1
docs: simplify agent docs slugs
2022-04-11 17:38:47 -07:00
Natalie Smith
ddae7d18a2
docs: fix external links to agent config pages
2022-04-11 17:38:11 -07:00
R.B. Boyer
25ba9c147a
xds: ensure that all connect timeout configs can apply equally to tproxy direct dial connections ( #12711 )
...
Just like standard upstreams the order of applicability in descending precedence:
1. caller's `service-defaults` upstream override for destination
2. caller's `service-defaults` upstream defaults
3. destination's `service-resolver` ConnectTimeout
4. system default of 5s
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-04-07 16:58:21 -05:00
Kyle Havlovitz
6cf22a5cef
Merge pull request #12672 from hashicorp/tgate-san-validation
...
Respect SNI with terminating gateways and log a warning if it isn't set alongside TLS
2022-04-05 11:15:59 -07:00
Blake Covarrubias
79144dbac6
docs: Update links to K8s service mesh annotations ( #12652 )
...
The list of supported annotations for Consul service mesh were moved
from /docs/k8s/connect to /docs/k8s/annotations-and-labels in PR
#12323 .
This commit updates various across the site to point to the new
URL for these annotations.
2022-04-04 14:35:07 -07:00
Kyle Havlovitz
1a3b885027
Use the GatewayService SNI field for upstream SAN validation
2022-03-31 13:54:25 -07:00
Kyle Havlovitz
51527907ab
Recommend SNI with TLS in the terminating gateway docs
2022-03-31 12:19:16 -07:00
Bryce Kalow
6bf67b7ef4
website: redirect /api to /api-docs ( #12660 )
2022-03-30 16:16:26 -05:00
R.B. Boyer
e79ce8ab03
xds: adding control of the mesh-wide min/max TLS versions and cipher suites from the mesh config entry ( #12601 )
...
- `tls.incoming`: applies to the inbound mTLS targeting the public
listener on `connect-proxy` and `terminating-gateway` envoy instances
- `tls.outgoing`: applies to the outbound mTLS dialing upstreams from
`connect-proxy` and `ingress-gateway` envoy instances
Fixes #11966
2022-03-30 13:43:59 -05:00
R.B. Boyer
ac5bea862a
server: ensure that service-defaults meta is incorporated into the discovery chain response ( #12511 )
...
Also add a new "Default" field to the discovery chain response to clients
2022-03-30 10:04:18 -05:00
Krastin Krastev
6682a0d4be
docs: fix a trailing comma in JSON body
...
removing a comma after a last element in JSON body
2022-03-22 20:36:59 +01:00
David Yu
858e05e7d7
docs: Consul Service Mesh overview - rename of title and K8s getting started ( #12574 )
...
* Consul Service Mesh overview - rename of title and K8s getting started
* reformat lines
2022-03-18 08:55:57 -07:00
Dan Upton
b36d4e16b6
Support per-listener TLS configuration ⚙️ ( #12504 )
...
Introduces the capability to configure TLS differently for Consul's
listeners/ports (i.e. HTTPS, gRPC, and the internal multiplexed RPC
port) which is useful in scenarios where you may want the HTTPS or
gRPC interfaces to present a certificate signed by a well-known/public
CA, rather than the certificate used for internal communication which
must have a SAN in the form `server.<dc>.consul`.
2022-03-18 10:46:58 +00:00
Jacob
ee78b5a380
Update ui-visualization.mdx
2022-03-16 10:08:22 -04:00
mrspanishviking
7180c99960
Revert "[Docs] Agent configuration hierarchy "
2022-03-15 16:13:58 -07:00
trujillo-adam
4151dc097a
fixing merge conflicts part 3
2022-03-15 15:25:03 -07:00
trujillo-adam
9cc9122be8
fixed merge conflicts pt2
2022-03-15 14:01:24 -07:00
trujillo-adam
76d55ac2b4
merging new hierarchy for agent configuration
2022-03-14 15:44:41 -07:00
Kyle Schochenmaier
d6792f14a3
update docs ( #12543 )
2022-03-09 13:24:20 -06:00
Blake Covarrubias
9a0c2dee60
docs: Update Kubernetes YAML examples in UI visualization ( #12419 )
...
* Update Kubernetes related YAML config examples to document supported
syntax in the latest version of the Helm chart.
* Fix syntax in JSON example configs.
Resolves #12403
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-03-03 21:31:57 -08:00
David Yu
e6e168b3e6
docs: Envoy 'compatibility' typo ( #12513 )
2022-03-03 10:50:56 -08:00
David Yu
fb18aa5529
docs: bump Envoy for 1.10.x ( #12472 )
...
* docs: bump Envoy for 1.10.x
* update security notes and remove previous versions older than n-2
Envoy 1.9.0 and older have last vulnerability.
* Update envoy.mdx
* Update envoy.mdx
* Update envoy.mdx
* Update envoy.mdx
* formatting
* Update website/content/docs/connect/proxies/envoy.mdx
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
* Update website/content/docs/connect/proxies/envoy.mdx
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2022-03-03 10:34:30 -08:00
Luke Kysow
16085d7eee
Update exported-services.mdx ( #12499 )
2022-03-02 15:57:58 -08:00
Eddie Rowe
28c78c52a2
Remove deprecated built-in proxy tutorial reference
2022-03-01 14:35:28 -06:00
Evan Culver
522676ed8d
connect: Update supported Envoy versions to include 1.19.3 and 1.18.6
2022-02-24 16:59:33 -08:00
Evan Culver
b95f010ac0
connect: Upgrade Envoy 1.20 to 1.20.2 ( #12443 )
2022-02-24 16:19:39 -08:00
Karl Cardenas
48c60946f9
docs: added example for service-router retry
2022-02-24 10:52:41 -07:00
Daniel Nephin
12f12d577a
docs: add docs for using an external CA
2022-02-17 18:21:30 -05:00
Karl Cardenas
497e65426f
docs: updated per feedback
2022-02-08 11:02:36 -07:00
Karl Cardenas
52f1ed3c3b
docs: update the wan mesh gateway page
2022-02-08 10:25:27 -07:00
Luke Kysow
ecc5dae06f
docs: update for k8s support for igw and header manip ( #12264 )
...
Add docs now that k8s supports these new config entry fields
2022-02-03 14:03:21 -08:00
Blake Covarrubias
a6f51d8c1b
docs: Fix discrepancy with sidecar min/max port range
...
Remove incorrect sidecar port range on docs for built-in proxy.
Updates the bind_port/port fields on the built-in proxy and sidecar
service registration pages to link to the `sidecar_min_port` and
`sidecar_max_port` configuration options for the defined port range.
Fixes #12253
2022-02-02 20:12:00 -08:00
Dan Upton
c1cb58bdcb
docs: add transparent proxy visual aid ( #12211 )
...
Co-authored-by: Paul Banks <banks@banksco.de>
2022-01-28 10:57:37 +00:00
Luke Kysow
4df488b1d3
Update distributed-tracing.mdx with caveat on 128 bit IDs ( #12196 )
...
* Update distributed-tracing.mdx
2022-01-26 10:39:33 -08:00
David Yu
f4df4c25f2
docs: iptables for TProxy requirement ( #12180 )
...
* docs: iptables
Add iptables requirement
* Update website/content/docs/connect/transparent-proxy.mdx
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
2022-01-26 10:18:31 -08:00
Blake Covarrubias
a3ad4be429
docs: Add ingress TLS cipher and version documentation ( #12163 )
...
Document the new TLS cipher and version parameters that were added to
ingress gateways in #11576 .
Co-authored-by: Mike Morris <mikemorris@users.noreply.github.com>
2022-01-26 08:12:12 -08:00
mrspanishviking
f3514d802b
Merge pull request #11980 from krastin/krastin/docsday-ui-viz
...
adding JSON examples to /docs/connect/observability/ui-visualization
2022-01-24 08:42:46 -07:00
Krastin Krastev
8abf4088c1
fixing K8s notes placement in /docs/connect/observability/ui-visualization
2022-01-24 16:35:18 +01:00
Krastin Krastev
65d750a84d
migrating <Tabs> to <CodeTabs> in /docs/connect/observability/ui-visualization
2022-01-24 16:10:03 +01:00
R.B. Boyer
b9e9f1106b
docs: update config entry docs for proxy-defaults to follow new template ( #12011 )
2022-01-20 15:35:27 -06:00
Blake Covarrubias
f09aea524f
Fix spelling errors
2022-01-20 08:54:23 -08:00
Blake Covarrubias
26401c5c26
Convert absolute URLs to relative URLs for consul.io
2022-01-20 08:52:51 -08:00
Blake Covarrubias
59394e4aa2
docs: Avoid redirects by pointing links to new URLs
...
Avoid HTTP redirects for internal site links by updating old URLs to
point to the new location for the target content.
2022-01-20 08:52:51 -08:00
Blake Covarrubias
17f8c311be
docs: Fix typo in service resolver's RingHashConfig
...
Fix typo in documentation for service resolver's RingHashConfig. The
correct child parameters are `MinimumRingSize` and `MaximumRingSize`.
2022-01-19 15:17:53 -08:00
Jared Kirschner
1a615f63a5
Merge pull request #12100 from hashicorp/update-gateway-overview-visual
...
docs: clarify gateways don't connect to public internet
2022-01-18 19:03:32 -05:00
trujillo-adam
9b00acec40
Merge pull request #11898 from hashicorp/docs/service-mesh-config-entries-add-partitions--1.11.0
...
updated configuration entry params for admin partitions 1.11
2022-01-18 15:46:15 -08:00
trujillo-adam
7573b80454
applied final feedback
2022-01-18 15:40:43 -08:00
trujillo-adam
727dbbd817
Apply suggestions from code review
...
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-01-18 15:31:58 -08:00
Jared Kirschner
3fc42a2f1f
docs: clarify gateways don't connect to internet
...
Consul's ingress and terminating gateways are meant to enable connectivity
within your organizational network between services outside the Consul service
mesh and those within. They are not meant to connect to the public internet.
2022-01-18 13:28:26 -08:00
Evan Culver
e35dd08a63
connect: Upgrade Envoy 1.20 to 1.20.1 ( #11895 )
2022-01-18 14:35:27 -05:00
Jared Kirschner
1ec3a8524f
Merge pull request #12101 from hashicorp/wan-federation-with-mesh-gateways-networking-visual
...
docs: show WAN fed with/without mesh gateways
2022-01-18 09:22:13 -05:00
Jared Kirschner
a0d48e17c0
docs: show WAN fed with/without mesh gateways
2022-01-16 16:55:12 -08:00
Thomas Kula
ae0fe19d2f
docs: Minor grammar change to ingress-gateway.mdx ( #11365 )
...
Use plural form of "listeners", not possessive form of "listener's"
2022-01-14 16:36:02 -08:00
trujillo-adam
ea4bd71fa3
Merge branch 'docs/service-mesh-config-entries-add-partitions--1.11.0' of github.com:hashicorp/consul into docs/service-mesh-config-entries-add-partitions--1.11.0
...
pre and post docs day merge
2022-01-14 11:34:36 -08:00
trujillo-adam
8edc6547df
applying latest round of feedback
2022-01-14 09:51:57 -08:00
Blake Covarrubias
f273cfdc67
docs: Use long form of CLI flags ( #12030 )
...
Use long form of CLI flags in all example commands.
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2022-01-12 15:05:01 -08:00
Dhia Ayachi
73dd4e66d6
CA certificates relationship HL diagram ( #12022 )
...
* add diagram and text to explain certificates in consul
* use bullet points instead of enumeration
* Apply suggestions from code review
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
* remove non needed text and improve image
* fix cert naming
* move section to the right place
* rename DC
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-12 16:10:00 -05:00
Blake Covarrubias
e3f36ad45c
docs: Fix spelling errors
2022-01-11 09:37:09 -08:00
mrspanishviking
79170d9731
Merge pull request #11983 from hashicorp/resolver_examples
...
docs: added another resolver example for DC and namespace failover
2022-01-11 10:27:57 -07:00
Jasmine W
665c9933ce
Merge pull request #11995 from hashicorp/l7-routing-screenshots
...
Adding UI screenshots to L7 overview
2022-01-11 11:33:20 -05:00
Jasmine W
a5c63acb62
Update website/content/docs/connect/config-entries/service-splitter.mdx
...
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-11 11:18:49 -05:00
Jasmine W
88d752e41e
Update website/content/docs/connect/config-entries/service-router.mdx
...
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-11 11:18:43 -05:00
Jasmine W
8c440d181f
Update website/content/docs/connect/config-entries/service-resolver.mdx
...
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-11 11:18:36 -05:00
Natalie Smith
24c67f2dfa
docs: simplify agent docs slugs
2022-01-10 17:37:18 -08:00
Natalie Smith
00c2444cfc
docs: fix external links to agent config pages
2022-01-10 17:11:50 -08:00
mrspanishviking
66c5c8f2b5
Merge pull request #12016 from hashicorp/Screenshot-Updates
...
Consul UI Screenshot Updates
2022-01-10 18:05:02 -07:00
Xuan Luo
51a77533e4
Merge pull request #12017 from hashicorp/doc-changes
...
Doc changes
2022-01-10 16:33:47 -08:00
Xuan Luo
cf8c005194
updated image
2022-01-10 16:29:32 -08:00
Xuan Luo
b5a046f5b0
docs: add gateway overview illustration
2022-01-10 15:47:57 -08:00
Luke Kysow
31a436bf82
Add distributed tracing docs ( #12010 )
...
* Add distributed tracing docs
2022-01-10 15:43:31 -08:00
Jake Herschman
60cb4a8d36
updated topology image
2022-01-10 18:39:35 -05:00
Amier Chery
17816d5cff
Added images to respective pages
...
Added the images to each respective page on splitting/routing/resolving along with a brief description on how to navigate there.
2022-01-10 18:14:24 -05:00
Jasmine W
0d61d70e3b
Adding UI screenshots to L7 overview
2022-01-10 14:34:00 -05:00
Karl Cardenas
205d687d07
added additonal example for failover within DC and unique namespace
2022-01-10 11:41:43 -07:00
mrspanishviking
b844d68c4b
Apply suggestions from code review
...
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2022-01-10 11:22:53 -07:00
Karl Cardenas
687f9340f7
removed empty {}
2022-01-10 10:51:00 -07:00
Karl Cardenas
e992522c4c
added another example for DC and namespace failover
2022-01-10 10:45:54 -07:00
Krastin Krastev
d893c9261e
adding JSON examples to /docs/connect/observability/ui-visualization
2022-01-10 17:47:51 +01:00
trujillo-adam
0ac96c7d23
Merge pull request #11930 from hashicorp/docs/admin-partition-updates-1.11.0-misc
...
added line about wildcard intentions not supported for admin partitions
2022-01-10 07:53:58 -08:00
trujillo-adam
d4f9a30927
applied feedback
2022-01-07 15:43:51 -08:00
trujillo-adam
994ef3dfb3
Update website/content/docs/connect/config-entries/mesh.mdx
...
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-01-07 14:20:43 -08:00
trujillo-adam
2ff5f50e8c
tweaks to the language used in the requirements section
2022-01-05 12:01:10 -08:00
Noel Quiles
1ff6da7cdd
website: Update copy ( #11853 )
2022-01-04 15:29:46 -05:00
trujillo-adam
8852810eb5
added line about wildcard intentions not supported for admin partitions
2022-01-03 15:31:58 -08:00
trujillo-adam
65cb869c5b
proposed language about why there is no <CE>.meta.partition field
2022-01-03 14:40:03 -08:00
trujillo-adam
2f4fae73d1
Merge branch 'docs/service-mesh-config-entries-add-partitions--1.11.0' of github.com:hashicorp/consul into docs/service-mesh-config-entries-add-partitions--1.11.0
...
updating local with GH comments
2022-01-03 11:32:34 -08:00
trujillo-adam
5a25979d0b
Apply suggestions from code review
...
typos and minor corrections
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-01-03 11:32:14 -08:00
saurabh-sp-tripathi
69c19ca9fc
Fix typo, Layer 7 is application layer not network
2021-12-22 15:13:56 -08:00
trujillo-adam
885937c14c
Merge branch 'main' of github.com:hashicorp/consul into docs/service-mesh-config-entries-add-partitions--1.11.0
...
pulling main into the this branch
2021-12-22 13:12:08 -08:00
trujillo-adam
a08f294602
Merge pull request #11859 from hashicorp/docs/service-mesh-gateways-clarification-for-1.11.0
...
clarify mesh gateway docs use cases; include admin partition flow
2021-12-22 11:56:11 -08:00
trujillo-adam
52f429db26
fixed bad md syntax
2021-12-22 11:40:26 -08:00
trujillo-adam
e5b3be0597
applied feedback
2021-12-22 11:18:06 -08:00
trujillo-adam
85e86bd316
updated configuration entry params for admin partitions 1.11
2021-12-20 16:30:39 -08:00
David Yu
bd011ab7b6
docs: ExportedServices YAML correction ( #11883 )
...
* docs: ExportedServices YAML correction
* Add enterprise alert to CRD index
2021-12-17 11:29:10 -08:00
trujillo-adam
300daff089
additional clarification on upstream configurations for x-dc and x-partition traffic
2021-12-17 09:46:50 -08:00
David Yu
40d97ca926
docs: fix ExportedServices typo on example
...
Fix typlo
2021-12-17 09:39:55 -08:00
David Yu
b272e8517d
add enterprise inline
2021-12-16 20:23:03 -08:00
David Yu
72412ca910
docs: add exported services to overview
2021-12-16 20:20:11 -08:00
David Yu
8bcdb6dfa2
docs: ExportedServices CRD typo and change heading for services ( #11845 )
2021-12-15 15:51:24 -08:00
trujillo-adam
bcfff8fde4
clarify mesh gateway docs use cases; include admin partition flow
2021-12-15 13:11:52 -08:00
Chris S. Kim
f76fc6cabe
docs: Update discovery chain compilation results with partition fields ( #11835 )
2021-12-14 15:37:34 -05:00
Kyle Havlovitz
f4010065a7
docs: Update exported-services page to include required Name field
2021-12-14 12:10:30 -08:00
Paul Banks
131897bff6
Merge pull request #11164 from hashicorp/docs/ingress-sds
...
Document SDS for ingress gateways
2021-12-14 17:32:40 +00:00
freddygv
e91509383f
Clean up additional refs to partition exports
2021-12-04 15:16:40 -07:00
freddygv
09cdeae13c
Move exported-services docs based on new name
2021-12-03 17:47:32 -07:00
freddygv
ed6076db26
Rename partition-exports to exported-services
...
Using a name less tied to partitions gives us more flexibility to use
this config entry in OSS for exports between datacenters/meshes.
2021-12-03 17:47:31 -07:00
Paul Banks
1d85afeed4
Reformatting suggestions from review
2021-12-01 15:35:24 +00:00
Paul Banks
d5a93d6b88
Apply suggestions from code review
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2021-12-01 15:13:40 +00:00
Paul Banks
46849a63f9
Apply suggestions from code review
...
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2021-12-01 15:13:40 +00:00
Paul Banks
fcfedfdb5d
Add documentation for SDS support in ingress gateways.
2021-12-01 15:13:40 +00:00
John Cowen
b5c8af4580
ui: Add `Service.Partition` as available variable for dashboard urls ( #11654 )
2021-12-01 11:05:57 +00:00
trujillo-adam
cef938e620
Merge pull request #11558 from hashicorp/docs/admin-partitions-service-exports-configuration-entry
...
Admin partition docs: cross-partition support beta2/3
2021-11-30 11:22:30 -08:00
trujillo-adam
0fb360211a
addtional feedback; added PartitionExports to CRDs section
2021-11-30 11:18:12 -08:00
trujillo-adam
632e4bd35c
applied additional feedback
2021-11-29 13:28:05 -08:00
David Yu
29c791c90e
docs: Notes about WAN Federation when using Vault as Connect CA ( #11143 )
...
* docs: Notes about WAN Federation when using Vault as Connect CA
* Apply suggestions from code review
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
* Update website/content/docs/connect/ca/vault.mdx
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
* Update website/content/docs/connect/ca/vault.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
* Update website/content/docs/connect/ca/vault.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
* Update vault.mdx
* Update vault.mdx
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2021-11-29 12:37:14 -08:00
Karl Cardenas
d4cbe68913
docs: updated proxy page to use new codeblock
2021-11-18 18:17:38 -07:00
Iryna Shustava
0ee456649f
connect: Support auth methods for the vault connect CA provider ( #11573 )
...
* Support vault auth methods for the Vault connect CA provider
* Rotate the token (re-authenticate to vault using auth method) when the token can no longer be renewed
2021-11-18 13:15:28 -07:00
trujillo-adam
e4d89b4214
fixed typo and added link from partition exports to admin partitions section
2021-11-17 08:50:07 -08:00
trujillo-adam
6b8225c6f1
fixed bad links
2021-11-16 12:05:18 -08:00
trujillo-adam
e2ac4c8a30
added link to agent configuration from partition exports in usage section
2021-11-16 10:53:07 -08:00
trujillo-adam
756e65cbcb
applied freddy's feedback
2021-11-16 10:44:21 -08:00
trujillo-adam
91e44f488d
Adding partition exports configuraiton entry details, upstream config, acl impact
2021-11-13 18:52:58 -08:00
trujillo-adam
caf850e135
first commit for cross-partition support - partition exports section
2021-11-11 18:43:57 -08:00
mrspanishviking
b8e11507b1
Merge pull request #11543 from hashicorp/envoy-token
...
docs: added more information to help endusers with proxies and ACL
2021-11-11 08:37:12 -08:00
mrspanishviking
f1b4a10c83
Update website/content/docs/connect/proxies/integrate.mdx
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2021-11-11 08:05:45 -08:00
mrspanishviking
42ab9e8aa4
Update website/content/docs/connect/ca/vault.mdx
...
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-11-10 13:03:28 -08:00
Karl Cardenas
50ff9e8a6e
docs: added more information to help endusers with proxies and ACL tokens
2021-11-10 08:52:44 -07:00
Karl Cardenas
5644edae5c
docs: added link to the Learn tutorial in Vault CA integration page
2021-11-10 07:30:12 -07:00
Freddy
5e7eb85f2a
Fix caveat about resolvers operating at L4 ( #11497 )
...
Service resolvers can specify L4 rules such as redirects, or L7 rules such as
hash-based load balancing policies.
2021-11-08 07:11:36 -07:00
Connor
efe4b21287
Support Vault Namespaces explicitly in CA config ( #11477 )
...
* Support Vault Namespaces explicitly in CA config
If there is a Namespace entry included in the Vault CA configuration,
set it as the Vault Namespace on the Vault client
Currently the only way to support Vault namespaces in the Consul CA
config is by doing one of the following:
1) Set the VAULT_NAMESPACE environment variable which will be picked up
by the Vault API client
2) Prefix all Vault paths with the namespace
Neither of these are super pleasant. The first requires direct access
and modification to the Consul runtime environment. It's possible and
expected, not super pleasant.
The second requires more indepth knowledge of Vault and how it uses
Namespaces and could be confusing for anyone without that context. It
also infers that it is not supported
* Add changelog
* Remove fmt.Fprint calls
* Make comment clearer
* Add next consul version to website docs
* Add new test for default configuration
* go mod tidy
* Add skip if vault not present
* Tweak changelog text
2021-11-05 11:42:28 -05:00
FFMMM
fdb0ee6093
change vault ca docs to mention root cert ttl config ( #11488 )
...
Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>
2021-11-04 15:44:22 -07:00
Luke Kysow
9b680b3f81
Add quick-link for users coming from UI ( #11403 )
...
The Consul UI topology view has an icon with the text
"Configure metrics dashboard" that links to this page. Add a notice at
the top of the page that links them directly to the relevant section.
2021-11-03 09:37:30 -07:00
Luke Kysow
7eb32cdb73
Remove Name/Namespace fields from upstream default ( #11456 )
...
The UpstreamConfig.Defaults field does not support setting Name or
Namespace because the purpose is to apply defaults to all upstreams.
I think this was just missed in the docs since those fields would
error if set under Defaults.
i.e. this is not supported:
```
UpstreamConfig {
Defaults {
Name = "foo"
Namespace = "bar"
# Defaults config here
}
}
```
2021-11-02 14:21:15 -07:00
Evan Culver
bec08f4ec3
connect: Add support for Envoy 1.20 ( #11277 )
2021-10-27 18:38:10 -07:00
Andy Assareh
99ab4f98d4
docs: Mesh gateway requires 1.6.0 *or newer* ( #11333 )
...
* 1.6.0 or newer
* Update website/content/docs/connect/gateways/mesh-gateway/index.mdx
Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: mrspanishviking <cardenas88karl@gmail.com>
2021-10-18 17:11:00 -07:00
Paul Banks
6c6c75707c
Merge pull request #11037 from hashicorp/docs/mesh-header-manip
...
Document HTTP Header manipulation options added in #10613
2021-10-08 13:11:44 +01:00
Paul Banks
3da2fbdc63
Wording improvements from review
2021-10-08 12:26:11 +01:00
Evan Culver
9b73e7319d
Merge branch 'main' into eculver/envoy-1.19.1
2021-09-28 15:58:20 -07:00
Jared Kirschner
d9e78cd3e8
Merge pull request #11167 from hashicorp/add-cross-dc-comm-model-visual
...
Improve mesh gateway diagram
2021-09-28 13:19:18 -04:00
Jared Kirschner
98f53e913f
Improve mesh gateway diagram
...
Diagram now shows all possible cross-DC communication models supported by mesh
gateways for both the control and data planes.
2021-09-28 09:56:05 -07:00
Paul Banks
1a611f0c1b
Apply suggestions from code review
...
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-09-28 17:19:13 +01:00
Chris S. Kim
e3248c20c9
agent: Clean up unused built-in proxy config ( #11165 )
2021-09-28 11:29:10 -04:00
Paul Banks
020e2692da
Merge pull request #10725 from hashicorp/banks-patch-3
...
Call out the incompatibility of wildcards and L7 permissions
2021-09-28 13:51:41 +01:00
Paul Banks
fe92cf7cb6
Document HTTP Header manipulation options added in #10613
2021-09-27 14:46:15 +01:00
Evan Culver
f7380461c7
update docs to indicate support for envoy 1.19.1 in Consul 1.11.x
2021-09-22 10:57:22 -07:00
Kyle MacDonald
4b966094ff
website: fixup incorrect markdown syntax ( #11015 )
2021-09-13 10:36:34 -04:00
Paul Banks
c118e51d5c
Apply suggestions from code review
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2021-09-10 21:29:43 +01:00
Paul Banks
fd259db9fb
Document how to make namespace wildcard intentions. ( #10724 )
...
* Update intentions.mdx
* Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-09-10 21:25:09 +01:00
Freddy
8d83d27674
connect: update envoy supported versions to latest patch release
...
(#10961 )
Relevant advisory:
https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h
2021-08-31 10:39:18 -06:00
Nitya Dhanushkodi
329ec62582
doc: remove sentence that tproxy works cross-DC with config entries. ( #10885 )
...
It can only work if there is a running service instance in the local DC,
so this is a bit misleading, since failover and redirects are typically
used when there is not an instance in the local DC.
2021-08-23 12:14:28 -07:00
Blake Covarrubias
e62b1d05d8
docs: Add common CA config options to provider doc pages ( #10842 )
...
Add the list of common Connect CA configuration options to the
provider-specific CA docs.
Previously these options were only documented under the agent
configuration options. This change makes it so that all supported CA
provider configuration options are available from a single location.
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-08-19 11:18:55 -07:00
Blake Covarrubias
97b4fdff0d
Document possible risk w.r.t exposing the admin API in Envoy ( #10817 )
...
Add a section to the Connect Security page which highlights the risks
of exposing Envoy's administration interface outside of localhost.
Resolves #5692
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Kent 'picat' Gruber <kent@hashicorp.com>
2021-08-13 10:05:29 -07:00
Blake Covarrubias
8aa89c2c12
docs: Clarify ingress gateway's -address flag ( #10810 )
...
Clarify the function of `-address` flag when instantiating an ingress
gateway.
Resolves #9849
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2021-08-12 14:56:07 -07:00
Chris Piraino
8f5e2a440b
docs: remove note on ingress gateway hosts field needing a port number ( #10827 )
...
This was necessary in older versions of Consul, but was obsoleted by
making Consul add the port number itself when constructing the Envoy
configuration.
2021-08-11 16:36:57 -05:00
Blake Covarrubias
99b1d8ed8c
docs: Update code blocks across website
...
* Use CodeTabs for examples in multiple formats.
* Ensure correct language on code fences.
* Use CodeBlockConfig for examples with filenames, or which need
highlighted content.
2021-08-11 13:20:03 -07:00
Blake Covarrubias
3363da7d35
docs: Add JSON examples to all config entries
...
This commit adds example JSON configs for several config entry
resources were missing examples in this language.
The examples have been updated to use the new CodeTabs resource
instead of the Tab component.
2021-08-10 15:34:28 -07:00
trujillo-adam
9e348edfaf
Merge branch 'main' into docs-envoy-proxy-breaks-when-enabling-tls
2021-08-09 14:57:29 -07:00
trujillo-adam
ec7526caaa
Update website/content/docs/connect/proxies/envoy.mdx
...
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-08-09 13:36:28 -07:00
trujillo-adam
7d00adb824
Update website/content/docs/connect/proxies/envoy.mdx
...
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-08-09 13:36:07 -07:00
trujillo-adam
3fabe18acd
docs: adding env var info, resolves #7926
2021-08-09 13:14:02 -07:00
trujillo-adam
c5824a834b
Merge pull request #10763 from hashicorp/docs-proxy-integration-improvements
...
general language and readability improvements to proxy integration docs
2021-08-04 14:36:47 -07:00
trujillo-adam
5913aca502
Applying more feedback from @black and @karl-cardenas-coding
2021-08-04 14:02:42 -07:00
trujillo-adam
8ec29432d2
Applying feedback from @blake
2021-08-04 11:29:21 -07:00
trujillo-adam
ee1de179ed
Update website/content/docs/connect/proxies/integrate.mdx
...
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-08-04 10:44:06 -07:00
trujillo-adam
31b9058602
general language and readability improvements to proxy integration docs
2021-08-03 15:56:56 -07:00
Blake Covarrubias
734fd1949f
docs: Note proxy-defaults can globally set service protocol ( #10649 )
...
Add a note to the docs for the service defaults config entry which
informs users that the service protocol can be configured for all
services using the proxy defaults config entry.
Resolves #8279
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2021-08-02 13:23:58 -07:00
Paul Banks
260364bb04
Call out the incompatibility of wildcards and L7 permissions
2021-07-29 11:58:21 +01:00
Fabio Lichinchi
b408bcfa39
Update vault.mdx ( #10679 )
2021-07-26 09:16:00 -07:00
Blake Covarrubias
832896ed11
docs: Fix spelling errors across website
2021-07-19 14:29:54 -07:00
David Yu
fc411b2313
docs: Update docs to reflect limitation in TProxy when using single Consul DC deployment with multiple k8s clusters ( #10549 )
...
* docs: Update to reflect single Consul DC deployment with multiple k8s clusters
2021-07-08 10:44:29 -07:00
Daniel Nephin
2c4f22a9f0
Merge pull request #10552 from hashicorp/dnephin/ca-remove-rotation-period
...
ca: remove unused RotationPeriod field
2021-07-06 18:49:33 -04:00
jkirschner-hashicorp
5f73de6fbc
Merge pull request #10560 from jkirschner-hashicorp/change-sane-to-reasonable
...
Replace use of 'sane' where appropriate
2021-07-06 11:46:04 -04:00
Daniel Nephin
3a045cca8d
ca: remove unused RotationPeriod field
...
This field was never used. Since it is persisted as part of a map[string]interface{} it
is pretty easy to remove it.
2021-07-05 19:15:44 -04:00
Jared Kirschner
bd536151e1
Replace use of 'sane' where appropriate
...
HashiCorp voice, style, and language guidelines recommend avoiding ableist
language unless its reference to ability is accurate in a particular use.
2021-07-02 12:18:46 -04:00
Daniel Nephin
fa5d627014
Merge pull request #10527 from hashicorp/rename-main-branch
...
Update references to the main branch
2021-06-30 13:07:09 -04:00
Luke Kysow
68c4c232a1
docs: Document setting dashboard_url on k8s ( #10510 )
...
It's tricky because the `{{` needs to be escaped with Helm.
2021-06-30 09:16:38 -07:00
Daniel Nephin
4d741531b4
Update references to the main branch
...
The main branch is being renamed from master->main. This commit should
update all references to the main branch to the new name.
Co-Authored-By: Mike Morris <mikemorris@users.noreply.github.com>
2021-06-29 17:17:38 -04:00
Jared Kirschner
8dae08e30e
Fix service splitter example weight sum
...
Weight sum must be equal to 100.
2021-06-29 07:01:55 -04:00
David Yu
7962dd82f1
docs - Adding Mesh as CRD in Consul K8s ( #10459 )
...
* docs - Adding Mesh as CRD in Consul K8s
* Removing extra left brace in ServiceDefaults
2021-06-22 19:18:13 -07:00
Luke Kysow
1dcdd2516c
Update config entry docs for CRDs ( #10407 )
...
* Update mesh, proxy-defaults and service-defaults docs to properly
document Kubernetes YAML.
Co-authored-by: David Yu <dyu@hashicorp.com>
2021-06-22 16:56:53 -07:00
Nitya Dhanushkodi
b72ad40286
docs: upgrading to tproxy (/docs/upgrades/upgrade-specific) ( #10416 )
...
* docs: update tproxy docs
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2021-06-22 16:41:08 -07:00
Nitya Dhanushkodi
7494b25c1e
docs: update tproxy docs (/docs/connect/transparent-proxy) ( #10415 )
...
* docs: update tproxy docs
* add examples
* links
2021-06-22 16:29:52 -07:00
Blake Covarrubias
d9add7c2c3
docs: Remove beta tag for 1.10 features
...
Remove beta tag for 1.10 features which are now GA.
2021-06-22 16:22:50 -07:00
R.B. Boyer
24a9402390
docs: mention that service defaults upstream config sections should not contain wildcards ( #10451 )
2021-06-22 10:57:03 -05:00
Blake Covarrubias
64d122b0a2
docs: Add example of escaping tracing JSON using jq
2021-06-14 16:23:44 -07:00
Freddy
ffb13f35f1
Rename CatalogDestinationsOnly ( #10397 )
...
CatalogDestinationsOnly is a passthrough that would enable dialing
addresses outside of Consul's catalog. However, when this flag is set to
true only _connect_ endpoints for services can be dialed.
This flag is being renamed to signal that non-Connect endpoints can't be
dialed by transparent proxies when the value is set to true.
2021-06-14 14:15:09 -06:00