* added usage folder to organize use case docs for CAPIgw
* Add peer field to MeshService configuration page
* Add first pass at guide for routing to peered services
* Add exception to same-datacenter restriction for referenced Consul service
* Add example HTTPRoute referencing the MeshService as backendRef
* Add example ServiceResolver
* Add note about current ServiceResolver requirement
ServiceResolver may eventually be created implicitly by the API gateway controller, but that decision is pending.
* tweaks to the usage page for routing to peered services
* tweaks to the description in the configuration reference
* resolved TO-DOs from previous iteration
* Remove datacenter federation from limited support matrix
* added tolerations doc
* Remove note excluding k8s 1.24 since we now support it
* Reorder sections to maintain alphabetical sort
* Add example configuration for MeshService resource
* Adjust wording + indentation of other docs
* Use consistent "example-" prefix for resource names in example code
* reframed the tolerations documentation; STILL A WIP
* add helm chart documentation
* removed tolerations from gwcconfig configuration model reference
* Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* update version to 0.5.0
* Update install.mdx
* added release notes for v.0.5.x
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>
* Consul Architecture update
* Consul on Kubernetes architecture
* Install Consul on Kubernetes with Helm updates
* Vault as the Secrets Backend Data Integration
* Kubernetes Service Mesh Overview
* Terminating Gateways
* Fully updated
* Join external service to k8s
* Consul on Kubernetes
* Configure metrics for Consul on Kubernetes
* Service Sync for Consul on Kubernetes
* Custom Resource Definitions for Consul on k8s
* Upgrading Consul on Kubernetes Components
* Rolling Updates to TLS
* Dataplanes diagram
* Upgrade instructions
* k8s architecture page updates
* Update website/content/docs/k8s/connect/observability/metrics.mdx
Co-authored-by: Riddhi Shah <riddhi@hashicorp.com>
* Update website/content/docs/architecture/index.mdx
* Update website/content/docs/k8s/connect/terminating-gateways.mdx
* CRDs
* updating version numbers
* Updated example config
* Image clean up
* Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
* Update website/content/docs/k8s/architecture.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: Riddhi Shah <riddhi@hashicorp.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
* Update guidance for vault PKI CA provider
* clarify workarounds if already using vault 1.11+
* Update website/content/docs/connect/ca/vault.mdx
* Update website/content/docs/k8s/connect/connect-ca-provider.mdx
* Update website/content/docs/k8s/deployment-configurations/vault/data-integration/connect-ca.mdx
* Apply suggestions from code review
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
* add suggestion from Matt
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
* fix: clarifying error message when acquiring a lock in remote dc
* Update website/content/commands/lock.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
* auto-config: relax node name validation for JWT authorization
This changes the JWT authorization logic to allow all non-whitespace,
non-quote characters when validating node names. Consul had previously
allowed these characters in node names, until this validation was added
to fix a security vulnerability with whitespace/quotes being passed to
the `bexpr` library. This unintentionally broke node names with
characters like `.` which aren't related to this vulnerability.
* Update website/content/docs/agent/config/cli-flags.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
* add leadership transfer command
* add RPC call test (flaky)
* add missing import
* add changelog
* add command registration
* Apply suggestions from code review
Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
* add the possibility of providing an id to raft leadership transfer. Add few tests.
* delete old file from cherry pick
* rename changelog filename to PR #
* rename changelog and fix import
* fix failing test
* check for OperatorWrite
Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
* rename from leader-transfer to transfer-leader
* remove version check and add test for operator read
* move struct to operator.go
* first pass
* add code for leader transfer in the grpc backend and tests
* wire the http endpoint to the new grpc endpoint
* remove the RPC endpoint
* remove non needed struct
* fix naming
* add mog glue to API
* fix comment
* remove dead code
* fix linter error
* change package name for proto file
* remove error wrapping
* fix failing test
* add command registration
* add grpc service mock tests
* fix receiver to be pointer
* use defined values
Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
* reuse MockAclAuthorizer
* add documentation
* remove usage of external.TokenFromContext
* fix failing tests
* fix proto generation
* Apply suggestions from code review
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
* Apply suggestions from code review
* add more context in doc for the reason
* Apply suggestions from docs code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* regenerate proto
* fix linter errors
Co-authored-by: github-team-consul-core <github-team-consul-core@hashicorp.com>
Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Prevent serving TLS via ports.grpc
We remove the ability to run the ports.grpc in TLS mode to avoid
confusion and to simplify configuration. This breaking change
ensures that any user currently using ports.grpc in an encrypted
mode will receive an error message indicating that ports.grpc_tls
must be explicitly used.
The suggested action for these users is to simply swap their ports.grpc
to ports.grpc_tls in the configuration file. If both ports are defined,
or if the user has not configured TLS for grpc, then the error message
will not be printed.
Re-add ServerExternalAddresses parameter in GenerateToken endpoint
This reverts commit 5e156772f6a7fba5324eb6804ae4e93c091229a6
and adds extra functionality to support newer peering behaviors.
