Commit Graph

3328 Commits

Author SHA1 Message Date
kaitlincarter-hc a042b748f1 Filter API Docs (#9202)
* reorganize for clarity and update for value syntax

* fix quotes around value

* Apply suggestions from code review

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Apply suggestions from code review

Co-authored-by: Freddy <freddygv@users.noreply.github.com>

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2020-12-09 23:04:51 +00:00
Noel Quiles 5511e6bbbe [Website] Update alert banner (#9361)
* Update alert banner

* Update expiration date for banner
2020-12-09 21:19:29 +00:00
Kenia 0ee745c899 Create consul version metric with version label (#9350)
* create consul version metric with version label

* agent/agent.go: add pre-release Version as well as label

Co-Authored-By: Radha13 <kumari.radha3@gmail.com>

* verion and pre-release version labels.

* hyphen/- breaks prometheus

* Add Prometheus gauge defintion for version metric

* Add new metric to telemetry docs

Co-authored-by: Radha Kumari <kumari.radha3@gmail.com>
Co-authored-by: Aestek <thib.gilles@gmail.com>
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2020-12-09 14:17:51 +00:00
Sabeen Syed 4a2ae0e544 Update the NIA integration program diagram (#9349) 2020-12-09 00:04:49 +00:00
Blake Covarrubias e2262fb858 docs: Fix broken URLs in Helm docs
- Fix anchors for client.extraEnvironmentVars and
server.extraEnvironmentVars.
- Change extraEnvironmentVars data type to `map`.
- Fix external link to kubernetes.io under
connectInject.namespaceSelector.
2020-12-08 19:15:41 +00:00
Max G 1db9e76545 docs: reword lack of additional required files 2020-12-06 00:48:28 +00:00
Rob Taylor 7c1357efd2 Fix typo in explanation of connect command (#9295)
Change `Connect Connect` to `Consul Connect, which is consistent with the command output as shown on this page.
2020-11-30 15:56:12 +00:00
Hans Hasselberg b3a0b8edd9 fix serf_wan documentation (#9289)
WAN config is different than LAN config, source of truth is
f72d2042a8/config.go (L315-L326)
and now the docs are correct.
2020-11-27 19:51:04 +00:00
David Yu d118f7a0c7 Bump supported chart to 0.27.0 for Consul 1.9 (#9279)
* Bump supported chart to 0.27.0 for Consul 1.9
2020-11-26 00:33:54 +00:00
Mike Morris 632a4de943
Merge pull request #9270 from hashicorp/release/1.9.0
merge: release/1.9.0 back into 1.9.x
2020-11-24 17:33:00 -05:00
David Yu 2a0555407c Consul 1.9 GA Banner (#9272) 2020-11-24 21:40:59 +00:00
Mike Morris 3ee6d1c14f
Merge branch 'release/1.9.x' into release/1.9.0 2020-11-24 14:50:39 -05:00
Mike Morris a05909b3c3 website: remove prerelease banner 2020-11-24 14:46:16 -05:00
Mike Morris dbb1249f13 Merge branch 'stable-website' into release/1.9.0 2020-11-24 14:44:53 -05:00
hashicorp-ci a417fe5104
Release v1.9.0 2020-11-24 19:05:48 +00:00
David Yu 8d374fa9fa docs: adding Consul 1.9.x to compat matrix and link to Envoy compat matrix (#9263)
* Adding Consul 1.9.x to compat matrix and link to Envoy compat matrix

Adding 1.9.x and link to Envoy compat matrix
2020-11-24 18:51:06 +00:00
David Yu 687d504214 docs: adding Consul 1.9.x to compat matrix and link to Envoy compat matrix (#9263)
* Adding Consul 1.9.x to compat matrix and link to Envoy compat matrix

Adding 1.9.x and link to Envoy compat matrix
2020-11-24 18:51:01 +00:00
Kit Patella 727780140e Merge pull request #9261 from hashicorp/telemetry/fix-missing-and-stale-docs-2
Telemetry/fix missing and stale docs
2020-11-23 21:34:59 +00:00
Kit Patella 146466a708 Merge pull request #9261 from hashicorp/telemetry/fix-missing-and-stale-docs-2
Telemetry/fix missing and stale docs
2020-11-23 21:34:55 +00:00
Daniel Nephin aa07128f46 Merge pull request #9259 from hashicorp/dnephin/doc-streaming-experimental
docs: mark streaming as experimental
2020-11-23 21:14:12 +00:00
Daniel Nephin 39b2a30c56 Merge pull request #9259 from hashicorp/dnephin/doc-streaming-experimental
docs: mark streaming as experimental
2020-11-23 21:14:08 +00:00
Freddy ff5215d882 Require operator:write to get Connect CA config (#9240)
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.

--

This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
2020-11-23 06:27:20 -07:00
Sabeen Syed b82317d506 Update NIA architecture image (#9180) 2020-11-23 07:49:22 +00:00
Sabeen Syed 97b26f19c7 Update NIA architecture image (#9180) 2020-11-23 07:49:17 +00:00
Kit Patella fe6ef7e414 Merge pull request #9245 from hashicorp/telemetry/fix-missing-and-stale-docs
Telemetry/fix missing and stale docs
2020-11-20 20:55:51 +00:00
Kit Patella 6e607d7cd3 Merge pull request #9245 from hashicorp/telemetry/fix-missing-and-stale-docs
Telemetry/fix missing and stale docs
2020-11-20 20:55:45 +00:00
Freddy 3ffd1fdc8b Merge pull request #9246 from hashicorp/changelog-186 2020-11-20 00:41:05 +00:00
Freddy 25c17d7afe Merge pull request #9246 from hashicorp/changelog-186 2020-11-20 00:41:01 +00:00
Freddy 4e44341d36 Require operator:write to get Connect CA config (#9240)
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.

--

This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
2020-11-19 16:50:17 -07:00
R.B. Boyer 140c220131
[1.9.0] command: when generating envoy bootstrap configs use the datacenter returned from the agent services endpoint (#9230)
Manual backport of #9229 into 1.9.0 branch

Fixes #9215
2020-11-19 15:33:41 -06:00
R.B. Boyer 32f6d17e5d command: when generating envoy bootstrap configs use the datacenter returned from the agent services endpoint (#9229)
Fixes #9215
2020-11-19 21:28:09 +00:00
Freddy 5137e4501d Require operator:write to get Connect CA config (#9240)
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.

--

This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
2020-11-19 17:15:17 +00:00
Kit Patella b2a6b9d5c7 Merge pull request #9091 from scellef/correct-upgrade-guide
Correcting text on when default was changed in Consul
2020-11-19 00:55:56 +00:00
Kit Patella f3380b1c43 Merge pull request #9091 from scellef/correct-upgrade-guide
Correcting text on when default was changed in Consul
2020-11-19 00:55:51 +00:00
Mike Morris c2c8528073 website: update download callout for v1.9.0-rc1 2020-11-18 18:38:06 -05:00
Mike Morris 54fcfec78c Merge branch 'stable-website' into website/1.9.0-rc1 2020-11-18 18:35:01 -05:00
Matt Keeler dfaaa0b73a Refactor to call non-voting servers read replicas (#9191)
Co-authored-by: Kit Patella <kit@jepsen.io>
2020-11-17 15:54:38 +00:00
Matt Keeler aa45e343b5 [docs] Change links to the DNS information to the right place (#8675)
The redirects were working in many situations but some (INTERNALS.md) was not. This just flips everything over to using the real link.
2020-11-17 15:03:32 +00:00
Matt Keeler 1f0007d3f3 [docs] Change links to the DNS information to the right place (#8675)
The redirects were working in many situations but some (INTERNALS.md) was not. This just flips everything over to using the real link.
2020-11-17 15:03:27 +00:00
Luke Kysow 35191ac381 Docs for upgrading to CRDs (#9176)
* Add Upgrading to CRDs docs
2020-11-13 23:20:11 +00:00
Luke Kysow 9050263072 Docs for upgrading to CRDs (#9176)
* Add Upgrading to CRDs docs
2020-11-13 23:20:07 +00:00
Iryna Shustava 135e51c95f docs: add link to the OpenShift platform guide to k8s docs (#9177) 2020-11-12 23:07:10 +00:00
Iryna Shustava 251841b759 docs: add link to the OpenShift platform guide to k8s docs (#9177) 2020-11-12 23:07:06 +00:00
Kyle Schochenmaier 4142a8b86a Docs: for consul-k8s health checks (#8819)
* docs for consul-k8s health checks

Co-authored-by: Derek Strickland <1111455+DerekStrickland@users.noreply.github.com>
Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2020-11-12 22:57:09 +00:00
Kyle Schochenmaier ba82eab3fb Docs: for consul-k8s health checks (#8819)
* docs for consul-k8s health checks

Co-authored-by: Derek Strickland <1111455+DerekStrickland@users.noreply.github.com>
Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2020-11-12 22:57:05 +00:00
Nitya Dhanushkodi 246bb7123e Merge pull request #9179 from hashicorp/ndhanushkodi-patch-1
Update Helm compatibility matrix
2020-11-12 22:55:06 +00:00
Nitya Dhanushkodi b6459fe725 Merge pull request #9179 from hashicorp/ndhanushkodi-patch-1
Update Helm compatibility matrix
2020-11-12 22:55:02 +00:00
R.B. Boyer f815014432 agent: return the default ACL policy to callers as a header (#9101)
Header is: X-Consul-Default-ACL-Policy=<allow|deny>

This is of particular utility when fetching matching intentions, as the
fallthrough for a request that doesn't match any intentions is to
enforce using the default acl policy.
2020-11-12 16:39:16 +00:00
Paul Banks b4cb9155d8
Update ui-visualization.mdx 2020-11-12 15:53:51 +00:00
Matt Keeler 1f4da2ae9d Add a CLI command for retrieving the autopilot configuration. (#9142) 2020-11-11 18:19:32 +00:00