Commit Graph

3056 Commits

Author SHA1 Message Date
R.B. Boyer 462f0f37ed
connect: various changes to make namespaces for intentions work more like for other subsystems (#8194)
Highlights:

- add new endpoint to query for intentions by exact match

- using this endpoint from the CLI instead of the dump+filter approach

- enforcing that OSS can only read/write intentions with a SourceNS or
  DestinationNS field of "default".

- preexisting OSS intentions with now-invalid namespace fields will
  delete those intentions on initial election or for wildcard namespaces
  an attempt will be made to downgrade them to "default" unless one
  exists.

- also allow the '-namespace' CLI arg on all of the intention subcommands

- update lots of docs
2020-06-26 16:59:15 -05:00
Freddy e10058bc3f
Update website/pages/docs/acl/auth-methods/jwt.mdx
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2020-06-25 11:43:42 -06:00
freddygv 166da8f710 Remove remaining beta tags 2020-06-24 16:12:24 -06:00
freddygv 3f01e08ae0 Remove stray instruction 2020-06-24 16:12:08 -06:00
freddygv 98c5eb8868 Add docs for upstream destination's namespace 2020-06-24 16:11:44 -06:00
freddygv 394b1f2e7f Add tabs to config entry examples 2020-06-24 16:10:46 -06:00
Mike Morris 49fc7eb4bb
Update dev.mdx (#8090)
Remove ref to "virtual service" to avoid confusion with L7 routing virtual services, replace with "debug service".
2020-06-24 14:26:01 +02:00
Valery V. Vorotyntsev 3098bc8593
Fix quorum formula in consensus.mdx (#8166)
[Add & Remove Servers](https://learn.hashicorp.com/consul/day-2-operations/servers)
guide uses `(N/2)+1` quorum formula.  So does the
[Raft implementation](5927dcda05/raft.go (L909)).

Consensus Protocol document uses `(n+1)/2` formula.
This formula is not only different, it conflicts with the
[Deployment Table](https://www.consul.io/docs/internals/consensus.html#deployment_table)
in the same document; e.g., (6+1)/2 = 3, not 4.

Replace `(n+1)/2` with `(N/2)+1` in Consensus Protocol document.
2020-06-24 14:23:36 +02:00
Chris Piraino 2904cdac36
docs: Specify port in host for example (#8167)
This example shows a TLS enabled ingress config on a non-https port.
Currently, that means we require the port to be specified in one of the
host entries to route traffic.
2020-06-23 14:41:51 -05:00
freddygv c791fbc79c Update namespaces subject-verb agreement 2020-06-23 10:57:30 -06:00
Brandon Romano 2509e8d222 Update Nav 2020-06-21 19:35:34 -07:00
Preetha 8bf0432fae
remove prerelease tag 2020-06-18 20:02:21 -05:00
Preetha 3ca775a75e
update alert banner 2020-06-18 19:36:42 -05:00
Preetha e8da210b4b
update version to 1.8.0 2020-06-18 19:32:11 -05:00
Freddy 28f22c8a90
Finalize gateway documentation for 1.8.0 GA (#8121)
Co-authored-by: Derek Strickland <1111455+DerekStrickland@users.noreply.github.com>
2020-06-18 15:27:06 -06:00
Luke Kysow fcbed6da44
Remove consul:beta now that 1.8 is out. 2020-06-18 11:50:25 -07:00
Rebecca Zanzig ea8fbdc68f
Merge pull request #8126 from hashicorp/k8s/gateway-docs
Add helm chart options for ingress and terminating gateways
2020-06-18 11:30:59 -07:00
Jono Sosulska c8bee5a934
Fixing multiple document updates (#8135)
* Fixes #7663-ACL Token Reloadable#7432-Cipher Suites,#7385-KV Delete DC, raft list-peers docs

Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2020-06-18 14:10:45 -04:00
Rebecca Zanzig 5c7e62169d Add helm chart options for ingress and terminating gateways 2020-06-18 11:04:19 -07:00
Dexter Lowe 6e208a2120
#8059 Improve Clarity on TTL docs (#8141) 2020-06-18 13:53:43 -04:00
Chris Piraino bb103f22dd
Updates docs with ingress Host header clarifications (#8062)
* Updates docs with ingress Host header changes

Clarify that a Host header is required for L7 protocols, and specify
that the default is to use the Consul DNS ingress subdomain

* Add sentence about using '*' by itself for testing

* Add optional step for using L7 routing config

* Note that port numbers may need to be added in the Hosts field
2020-06-17 14:43:58 -05:00
Kevin Pruett d2aed50ba1
Update @hashicorp/nextjs-scripts dep 2020-06-17 12:01:56 -04:00
wisp b29da31f94
Fixed a typo (#8132)
Fixed a little typo 🐰
2020-06-17 10:21:33 -04:00
David Yu fb1f043cdc
Formatting spaces between keys in Config entries (#8116)
* Formatting spaces between keys in Config entries

* Service Router spacing

* Missing Camel Case proxy-defaults

* Remove extra spaces service-splitter

* Remove extra spsaces service-resolver

* More spaces a la hclfmt

* Nice!

* Oh joy!

* More spaces on proxy-defaults

* Update website/pages/docs/agent/config-entries/proxy-defaults.mdx

Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-06-16 11:28:21 -07:00
Matt Keeler d3881dd754
ACL Node Identities (#7970)
A Node Identity is very similar to a service identity. Its main targeted use is to allow creating tokens for use by Consul agents that will grant the necessary permissions for all the typical agent operations (node registration, coordinate updates, anti-entropy).

Half of this commit is for golden file based tests of the acl token and role cli output. Another big updates was to refactor many of the tests in agent/consul/acl_endpoint_test.go to use the same style of tests and the same helpers. Besides being less boiler plate in the tests it also uses a common way of starting a test server with ACLs that should operate without any warnings regarding deprecated non-uuid master tokens etc.
2020-06-16 12:54:27 -04:00
David Yu fdac1d8add
Switching service-route, service-resolver, service-splitter examples to CamelCase (#8107)
* Switching service-route example to CamelCase

* Switch service-resovler examples to CamelCase

* Changing service-splitter examples to CamelCase
2020-06-15 14:14:36 -07:00
Spencer Owen 15b5142bca
docs: Fix ingress dns entry (#8072) 2020-06-15 15:15:33 -05:00
freddygv d97cff0966 Update telemetry for gateway-services endpoint 2020-06-12 14:44:36 -06:00
freddygv cd927eed5e Remove unused method and fixup docs ref 2020-06-12 13:47:43 -06:00
freddygv b2c66359ab Add docs 2020-06-12 13:47:43 -06:00
Hans Hasselberg e62a43c6cf
Support envoy 1.14.2, 1.13.2, 1.12.4 (#8057) 2020-06-10 23:20:17 +02:00
Mike Wickett 8fab683389
Merge pull request #8076 from hashicorp/nq.basic-hero-tertiary-link-support
[Website] Support tertiary-styled third links
2020-06-10 10:47:40 -04:00
Noel Quiles 1dfbd384da Support tertiary-styled third links
Get the tertiary links to wrap below buttons

Adjust color/spacing of tertiary via override

Remove overrides, implement custom link

Extract arrow icon to file

Increase top margin for third link

Apply Brandon's fixes

Co-authored-by: Brandon Romano <BrandonRRomano@gmail.com>
2020-06-09 22:43:05 -07:00
Daniel Nephin 08f1ed16b4
Merge pull request #7900 from hashicorp/dnephin/add-linter-staticcheck-2
intentions: fix a bug in Intention.SetHash
2020-06-09 15:40:20 -04:00
Kyle Havlovitz 0c8966220f
Merge pull request #8040 from hashicorp/ingress/expose-cli
Ingress expose CLI command
2020-06-09 12:11:23 -07:00
Preetha 62b894a2d6
fix link 2020-06-08 19:47:33 -05:00
Kyle Havlovitz edab5588d8 Add -host flag to expose command 2020-06-08 16:59:47 -07:00
Preetha 7983ab0fce
Update banner.js to call out helm chart survey 2020-06-08 17:34:38 -05:00
Blake Covarrubias dd1e4ffd0d docs: Fix rendering of markdown on performance page
Fix issue with markdown not being rendered on /docs/install/performance.mdx.

Resolves #8049
2020-06-08 10:29:47 -07:00
Hans Hasselberg 72f92ae7ca
agent: add option to disable agent cache for HTTP endpoints (#8023)
This allows the operator to disable agent caching for the http endpoint.
It is on by default for backwards compatibility and if disabled will
ignore the url parameter `cached`.
2020-06-08 10:08:12 +02:00
Krastin 9262d7a79a website: fix a link in docs/agent/options
fixing the link to gopsutil in the -disable-host-node-id option text body
2020-06-07 03:36:55 -07:00
Jeff Escalante 9977c1df80 a few more naming adjustments 2020-06-06 15:45:29 -04:00
Jeff Escalante f9051298c8 change page path, add redirect 2020-06-06 15:45:29 -04:00
Peter M 45f43476e8 Update Homepage Use Case Name and Link
resubmitting this PR to include a link change.
2020-06-06 15:45:29 -04:00
Peter M 8df640401b Updating NMA use case to reflect new name
Recently changed Network Middleware Automation use case to Network Infrastructure Automation, adding changes to the site to reflect this.
2020-06-06 15:00:03 -04:00
Kyle Havlovitz acae044df4 Document the namespace format for expose CLI command 2020-06-05 15:47:03 -07:00
Kyle Havlovitz ada9e2b3ab Add docs for expose command 2020-06-05 14:54:45 -07:00
Daniel Nephin ce6cc094a1 intentions: fix a bug in Intention.SetHash
Found using staticcheck.

binary.Write does not accept int types without a size. The error from binary.Write was ignored, so we never saw this error. Casting the data to uint64 produces a correct hash.

Also deprecate the Default{Addr,Port} fields, and prevent them from being encoded. These fields will always be empty and are not used.
Removing these would break backwards compatibility, so they are left in place for now.

Co-authored-by: Hans Hasselberg <me@hans.io>
2020-06-05 14:51:43 -04:00
Freddy 9ed325ba8b
Enable gateways to resolve hostnames to IPv4 addresses (#7999)
The DNS resolution will be handled by Envoy and defaults to LOGICAL_DNS. This discovery type can be overridden on a per-gateway basis with the envoy_dns_discovery_type Gateway Option.

If a service contains an instance with a hostname as an address we set the Envoy cluster to use DNS as the discovery type rather than EDS. Since both mesh gateways and terminating gateways route to clusters using SNI, whenever there is a mix of hostnames and IP addresses associated with a service we use the hostname + CDS rather than the IPs + EDS.

Note that we detect hostnames by attempting to parse the service instance's address as an IP. If it is not a valid IP we assume it is a hostname.
2020-06-03 15:28:45 -06:00
Kevin Pruett 9b0d0de178
Merge pull request #8002 from pruett/pruett.quickfix-acl-docs
Add newline to fix rendering bug
2020-06-03 17:21:52 -04:00