David Yu
347d759343
Consul 1.9 GA Banner ( #9272 )
2020-11-24 13:40:14 -08:00
David Yu
fc4e115380
docs: adding Consul 1.9.x to compat matrix and link to Envoy compat matrix ( #9263 )
...
* Adding Consul 1.9.x to compat matrix and link to Envoy compat matrix
Adding 1.9.x and link to Envoy compat matrix
2020-11-24 10:49:53 -08:00
Kit Patella
0ba7f4ce39
Merge pull request #9261 from hashicorp/telemetry/fix-missing-and-stale-docs-2
...
Telemetry/fix missing and stale docs
2020-11-23 13:34:19 -08:00
Hans Hasselberg
57701695c3
add missing descriptions for metrics
2020-11-23 22:06:30 +01:00
Daniel Nephin
6751d51aa3
docs: mark streaming as experimental
2020-11-23 15:59:47 -05:00
Kit Patella
fcec25de40
add entries for missing fsm operations and mark duplicated metrics prefixes as deprecated
2020-11-23 12:42:51 -08:00
Sabeen Syed
cfbefc45f0
Update NIA architecture image ( #9180 )
2020-11-23 01:47:58 -06:00
Kit Patella
c6b29a8bba
Merge pull request #9245 from hashicorp/telemetry/fix-missing-and-stale-docs
...
Telemetry/fix missing and stale docs
2020-11-20 12:54:29 -08:00
freddygv
b4ab1e11b9
Update latest version
2020-11-19 16:45:54 -07:00
Kit Patella
5c09dc322e
add telemetry and definition help entries for missing catalog and acl metrics
2020-11-19 13:29:44 -08:00
R.B. Boyer
7c7a3e5165
command: when generating envoy bootstrap configs use the datacenter returned from the agent services endpoint ( #9229 )
...
Fixes #9215
2020-11-19 15:27:31 -06:00
Kit Patella
9e54e897d7
remove stale entries and rename/define acl.resolveToken
2020-11-19 13:06:28 -08:00
Freddy
fd5928fa4e
Require operator:write to get Connect CA config ( #9240 )
...
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.
--
This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
2020-11-19 10:14:48 -07:00
Kit Patella
0cc8d8e0a1
Merge pull request #9091 from scellef/correct-upgrade-guide
...
Correcting text on when default was changed in Consul
2020-11-18 16:54:48 -08:00
Nitya Dhanushkodi
d24be614e5
Add docs for envoyExtraArgs ( #9206 )
2020-11-18 15:40:39 -08:00
Matt Keeler
66fd23d67f
Refactor to call non-voting servers read replicas ( #9191 )
...
Co-authored-by: Kit Patella <kit@jepsen.io>
2020-11-17 10:53:57 -05:00
Matt Keeler
946cc0b82a
[docs] Change links to the DNS information to the right place ( #8675 )
...
The redirects were working in many situations but some (INTERNALS.md) was not. This just flips everything over to using the real link.
2020-11-17 10:03:00 -05:00
Luke Kysow
11db2b37c3
Docs for upgrading to CRDs ( #9176 )
...
* Add Upgrading to CRDs docs
2020-11-13 15:19:21 -08:00
Kent 'picat' Gruber
53e0683ae6
Merge pull request #9106 from hashicorp/security-model-docs-revamp
...
Revamp Security Model Documentation
2020-11-13 17:30:24 -05:00
Mike Morris
96df6a7bf5
Merge pull request #9155 from hashicorp/release/1.9.0-beta3
...
merge: 1.9.0-beta3
2020-11-13 16:45:50 -05:00
Iryna Shustava
491a1ab877
docs: add link to the OpenShift platform guide to k8s docs ( #9177 )
2020-11-12 15:06:25 -08:00
Kyle Schochenmaier
a3653a7ae2
Docs: for consul-k8s health checks ( #8819 )
...
* docs for consul-k8s health checks
Co-authored-by: Derek Strickland <1111455+DerekStrickland@users.noreply.github.com>
Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2020-11-12 16:55:44 -06:00
Nitya Dhanushkodi
5d31e2d766
Update compatibility matrix
...
Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com>
2020-11-12 14:43:33 -08:00
R.B. Boyer
61eac21f1a
agent: return the default ACL policy to callers as a header ( #9101 )
...
Header is: X-Consul-Default-ACL-Policy=<allow|deny>
This is of particular utility when fetching matching intentions, as the
fallthrough for a request that doesn't match any intentions is to
enforce using the default acl policy.
2020-11-12 10:38:32 -06:00
Paul Banks
3f37a3132e
Update ui-visualization.mdx
2020-11-12 15:52:24 +00:00
Matt Keeler
7ef9b04f90
Add a CLI command for retrieving the autopilot configuration. ( #9142 )
2020-11-11 13:19:02 -05:00
Joel Watson
81fb937e4f
Merge pull request #9098 from hashicorp/watsonian/kv-size-breakdown
...
Add detailed key size breakdown to snapshot inspect
2020-11-11 11:34:45 -06:00
Joel Watson
2e654a1759
docs: add warning in 0.9.0 upgrade notes
2020-11-11 09:23:43 -05:00
Joel Watson
6957056911
Missed a spot with old params in docs
2020-11-10 11:22:45 -06:00
Joel Watson
1ef259b093
Rename params to better reflect their purpose
2020-11-10 10:44:09 -06:00
Joel Watson
5ad0db73c8
Make docs for params clearer
2020-11-10 10:35:24 -06:00
Matt Keeler
361fe3ad20
Add some autopilot docs and update the changelog ( #9139 )
2020-11-09 14:14:19 -05:00
Matt Keeler
c048e86bb2
Switch to using the external autopilot module
2020-11-09 09:22:11 -05:00
Mike Morris
75019baadd
chore: upgrade to gopsutil/v3 ( #9118 )
...
* deps: update golang.org/x/sys
* deps: update imports to gopsutil/v3
* chore: make update-vendor
2020-11-06 20:48:38 -05:00
Mike Morris
9875846509
website: update callout to 1.9.0-beta2 ( #9131 )
2020-11-06 20:39:25 -05:00
Kent 'picat' Gruber
81efada5c3
Adjust the ACLs requirement section wording and add link to ACL docs
...
It's better to avoid the ambiguous Vault statement that was not clarified and drop the loaded "roles" term in favor of "capabilities" since the ACL system is described as capability-based in previous ACL documentation.
2020-11-06 16:25:21 -05:00
Paul Banks
b5dbeff784
UI Metrics documentation ( #9048 )
...
* UI Metrics documentation
* Update website/pages/docs/connect/observability/ui-visualization.mdx
* Fix some review comments
* Fix review comments
* Apply suggestions from code review
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2020-11-06 20:32:28 +00:00
Kent 'picat' Gruber
facd48b486
Use the EnterpriseAlert inline widget
2020-11-06 10:47:22 -05:00
Kent 'picat' Gruber
fd29187499
Add mention of auto_encrypt to mTLS requirements
2020-11-06 10:15:26 -05:00
Kent 'picat' Gruber
c7c151f789
Fix sublist format for client agent threats
2020-11-05 16:41:15 -05:00
Kent 'picat' Gruber
05b34a3cf0
Add link to the keygen command
2020-11-05 16:34:32 -05:00
Kent 'picat' Gruber
a06768f582
Use short link to keyring command
2020-11-05 16:33:04 -05:00
Kent 'picat' Gruber
d0e4e7a6ff
Add link to default_policy with code format to ACLs requirement section
2020-11-05 16:30:00 -05:00
Kent 'picat' Gruber
cc58a73716
Cleanup verify_server_hostname mTLS requirement
2020-11-05 16:27:23 -05:00
Kent 'picat' Gruber
e0a9e329e5
Add extra clarification around verify_incoming_https for localhost
...
In many cases access to localhost is restricted to trusted/privellged actors only
2020-11-05 16:20:41 -05:00
Kent 'picat' Gruber
84a345324c
Fix inline links + format in mTLS requirements section
2020-11-05 16:09:07 -05:00
Kent 'picat' Gruber
7a7f0425a1
Capitalize enterprise and add link to enerprise docs
2020-11-05 16:03:14 -05:00
Kent 'picat' Gruber
e51dbbf529
Soften language by replacing utilize with use
2020-11-05 15:59:53 -05:00
Kim Ngo
52f3714c7a
Fix NIA doc links ( #9110 )
...
fix config link and anchor
2020-11-05 13:35:57 -06:00
Jimmy Merritello
80c9f54bbc
Bump HSM version ( #9102 )
2020-11-05 11:48:12 -06:00