Commit Graph

478 Commits

Author SHA1 Message Date
trujillo-adam 32f1463901 updated server and client example yamls in usage section 2021-11-22 15:35:31 -08:00
trujillo-adam 0808e27bd4 removed 'flat network' requirements 2021-11-19 16:27:07 -08:00
trujillo-adam e4d89b4214 fixed typo and added link from partition exports to admin partitions section 2021-11-17 08:50:07 -08:00
trujillo-adam 96535cb8b7 fixed more bad links 2021-11-17 08:08:52 -08:00
trujillo-adam 6b8225c6f1 fixed bad links 2021-11-16 12:05:18 -08:00
trujillo-adam e2ac4c8a30 added link to agent configuration from partition exports in usage section 2021-11-16 10:53:07 -08:00
trujillo-adam 756e65cbcb applied freddy's feedback 2021-11-16 10:44:21 -08:00
trujillo-adam 91e44f488d Adding partition exports configuraiton entry details, upstream config, acl impact 2021-11-13 18:52:58 -08:00
trujillo-adam caf850e135 first commit for cross-partition support - partition exports section 2021-11-11 18:43:57 -08:00
mrspanishviking b8e11507b1
Merge pull request #11543 from hashicorp/envoy-token
docs: added more information to help endusers with proxies and ACL
2021-11-11 08:37:12 -08:00
mrspanishviking f1b4a10c83
Update website/content/docs/connect/proxies/integrate.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2021-11-11 08:05:45 -08:00
Freddy 3e486cae86
Merge pull request #11546 from hashicorp/ui/bug/revert-11328
ui: Revert #11328 allow-${}-style-interpolation due, to browser support
2021-11-10 14:53:23 -07:00
mrspanishviking 34e1c2b8d2
Merge pull request #11542 from hashicorp/vault-ca
docs: added link to the Learn tutorial in Vault CA integration page
2021-11-10 13:10:01 -08:00
mrspanishviking 42ab9e8aa4
Update website/content/docs/connect/ca/vault.mdx
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-11-10 13:03:28 -08:00
David Yu f1d1c12ad5
docs: provide more example CLI commands and reference Vault (#11528)
* docs: provide more example CLI commands and reference Vault

* Extra formatting

* Update website/content/docs/k8s/operations/gossip-encryption-key-rotation.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/operations/gossip-encryption-key-rotation.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/operations/gossip-encryption-key-rotation.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/operations/gossip-encryption-key-rotation.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/operations/gossip-encryption-key-rotation.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/operations/gossip-encryption-key-rotation.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* adding more detail around gossip encryption rotation precautions

* Update website/content/docs/k8s/operations/gossip-encryption-key-rotation.mdx

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
2021-11-10 12:05:20 -08:00
John Cowen 537c4f32f7 Revert "Merge pull request #11328 from radiantly/ui/feature/allow-${}-style-interpolation"
This reverts commit cd55c0cda3, reversing
changes made to 14af8cb7a9.
2021-11-10 17:54:33 +00:00
trujillo-adam 17ccead352
Merge pull request #11487 from hashicorp/docs/admin-partitions-feedback-acl-policies-redux
changed 'segments' in this page to 'resource labels' to disambiguate from 'network segments
updated the code snippets to use CodeBlock component and to include JSON
2021-11-10 07:56:54 -08:00
Karl Cardenas 50ff9e8a6e
docs: added more information to help endusers with proxies and ACL tokens 2021-11-10 08:52:44 -07:00
Karl Cardenas 5644edae5c
docs: added link to the Learn tutorial in Vault CA integration page 2021-11-10 07:30:12 -07:00
trujillo-adam 9333fad1e3 added json versions for all hcl examples 2021-11-09 18:19:04 -08:00
Freddy 5e7eb85f2a
Fix caveat about resolvers operating at L4 (#11497)
Service resolvers can specify L4 rules such as redirects, or L7 rules such as
hash-based load balancing policies.
2021-11-08 07:11:36 -07:00
David Yu 6defa9ddb8
docs: add `brew install hashicorp/tap/consul-k8s` and re-order install and uninstall workflows (#11489)
* docs: add `brew install hashicorp/tap/consul-k8s`

* add consul k8s cli brew install to reference

* Update k8s-cli.mdx

* split home-brew commands into two steps

* Update k8s-cli.mdx

* slight changes on recommended way of installing Consul K8s for CLI or multi-DC

* Update install.mdx

* reorder cli and helm uninstall

* Update website/content/docs/k8s/installation/install.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/installation/install.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/installation/install.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/k8s-cli.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/installation/install.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/k8s-cli.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2021-11-05 16:33:11 -07:00
Luke Kysow 5caee36a76
Document default storage class requirements (#11492) 2021-11-05 11:27:49 -07:00
Connor efe4b21287
Support Vault Namespaces explicitly in CA config (#11477)
* Support Vault Namespaces explicitly in CA config

If there is a Namespace entry included in the Vault CA configuration,
set it as the Vault Namespace on the Vault client

Currently the only way to support Vault namespaces in the Consul CA
config is by doing one of the following:
1) Set the VAULT_NAMESPACE environment variable which will be picked up
by the Vault API client
2) Prefix all Vault paths with the namespace

Neither of these are super pleasant. The first requires direct access
and modification to the Consul runtime environment. It's possible and
expected, not super pleasant.

The second requires more indepth knowledge of Vault and how it uses
Namespaces and could be confusing for anyone without that context. It
also infers that it is not supported

* Add changelog

* Remove fmt.Fprint calls

* Make comment clearer

* Add next consul version to website docs

* Add new test for default configuration

* go mod tidy

* Add skip if vault not present

* Tweak changelog text
2021-11-05 11:42:28 -05:00
trujillo-adam b4abd242e8 applied feedback 2021-11-05 09:30:28 -07:00
FFMMM fdb0ee6093
change vault ca docs to mention root cert ttl config (#11488)
Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>
2021-11-04 15:44:22 -07:00
FFMMM 61bd417a82
plumb thru root cert tll to the aws ca provider (#11449)
* plumb thru root cert ttl to the aws ca provider

Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>

* Update .changelog/11449.txt

Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>

Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2021-11-04 12:19:08 -07:00
David Yu 8f8055352d
docs: consul-k8s uninstall with namespace (#11478)
* docs:  consul-k8s uninstall with namespace

Uninstall with namespace

* change release name to consul in uninstall

* Update website/content/docs/k8s/operations/uninstall.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* add --create-namespace command to install for custom values file

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2021-11-03 16:48:48 -07:00
trujillo-adam e09744adde changed 'segments' in this page to 'resource labels' to disambiguate from 'network segments' 2021-11-03 15:16:42 -07:00
Kyle Rarey a775e9a274 Update namespaced replication token example 2021-11-03 15:33:30 -04:00
Thomas Eckert 875fa920c9
Update Helm Docs for v0.36.0 Consul K8s release (#11483)
Co-authored-by: David Yu <dyu@hashicorp.com>
2021-11-03 10:04:16 -07:00
Luke Kysow 9b680b3f81
Add quick-link for users coming from UI (#11403)
The Consul UI topology view has an icon with the text
"Configure metrics dashboard" that links to this page. Add a notice at
the top of the page that links them directly to the relevant section.
2021-11-03 09:37:30 -07:00
Luke Kysow 7eb32cdb73
Remove Name/Namespace fields from upstream default (#11456)
The UpstreamConfig.Defaults field does not support setting Name or
Namespace because the purpose is to apply defaults to all upstreams.
I think this was just missed in the docs since those fields would
error if set under Defaults.

i.e. this is not supported:

```
UpstreamConfig {
  Defaults {
    Name = "foo"
    Namespace = "bar"
    # Defaults config here
  }
}
```
2021-11-02 14:21:15 -07:00
FFMMM 4ddf973a31
add root_cert_ttl option for consul connect, vault ca providers (#11428)
* add root_cert_ttl option for consul connect, vault ca providers

Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Chris S. Kim <ckim@hashicorp.com>

* add changelog, pr feedback

Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>

* Update .changelog/11428.txt, more docs

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* Update website/content/docs/agent/options.mdx

Co-authored-by: Kyle Havlovitz <kylehav@gmail.com>

Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
Co-authored-by: Kyle Havlovitz <kylehav@gmail.com>
2021-11-02 11:02:10 -07:00
Daniel Nephin 51d8417545
Merge pull request #10690 from tarat44/h2c-support-in-ping-checks
add support for h2c in h2 ping health checks
2021-11-02 13:53:06 -04:00
Melissa Kam c8240101dc docs/nia: Fix typo in TLS configs for CTS 2021-11-01 14:03:19 -05:00
Melissa Kam e7cf8226a1
Merge pull request #11463 from hashicorp/docs-cts-tls
docs/nia: Update TLS-related configurations for CTS
2021-11-01 12:39:39 -05:00
trujillo-adam 8ca5be47c8
Merge pull request #11441 from hashicorp/docs/admin-partitions-feedback-acl-policies
admin partitions feedback related to ACLs; additional improvements to ACL rule docs
2021-11-01 09:09:38 -07:00
trujillo-adam 78e59170fa
Update website/content/docs/security/acl/acl-rules.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2021-11-01 09:07:08 -07:00
Melissa Kam 0b744289b7 docs/nia: Update TLS-related configurations for CTS
- Clarify file types and uses of the configurations
- Update some wording to match between Consul and TFE TLS configs
2021-11-01 10:44:14 -05:00
Jared Kirschner 0854e1d684
Merge pull request #11348 from kbabuadze/fix-answers-alt-domain
Fix answers for alt domain
2021-10-29 17:09:20 -04:00
David Yu 1dcb949306
docs: add -verbose flag for install command (#11447) 2021-10-29 12:08:23 -07:00
David Yu 823026e319
docs: revised Helm install to create namespace and install on dedicated namespace (#11440)
* docs: revised Helm install to create namespace and install on dedicated Consul namespace

* Update website/content/docs/k8s/installation/install.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update install.mdx

* changing to Helm 3.2+ as a pre-req to make it easier to follow
* might as well bump to latest version

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2021-10-28 12:27:00 -07:00
trujillo-adam bb18625219 applying admin partitions feedback related to ACLs; additional immprovments to ACL rule docs 2021-10-28 11:23:15 -07:00
Daniel Nephin 96a31df5c8
Merge pull request #11255 from hashicorp/dnephin/fix-auth-verify-incoming
tlsutil: only AuthorizerServerConn when VerifyIncomingRPC is true
2021-10-28 12:56:58 -04:00
Kim Ngo 0c0460b53f
CTS document manual apply (#11426)
* CTS document manual apply
* Add Consul-Terraform-Sync parentheses to CTS acronym
* Add tf link for run notifications
2021-10-28 10:19:18 -05:00
Evan Culver 61be9371f5
connect: Remove support for Envoy 1.16 (#11354) 2021-10-27 18:51:35 -07:00
Evan Culver bec08f4ec3
connect: Add support for Envoy 1.20 (#11277) 2021-10-27 18:38:10 -07:00
Daniel Nephin 4afc24268d tlsutil: only AuthorizerServerConn when VerifyIncomingRPC is true
See github.com/hashicorp/consul/issues/11207

When VerifyIncomingRPC is false the TLS conn will not have the required certificates.
2021-10-27 13:43:25 -04:00
Konstantine ec98e33140 fixed configurations options order in dns.mdx 2021-10-27 02:33:36 +03:00