R.B. Boyer
900584ca82
connect: ensure all vault connect CA tests use limited privilege tokens ( #15669 )
...
All of the current integration tests where Vault is the Connect CA now use non-root tokens for the test. This helps us detect privilege changes in the vault model so we can keep our guides up to date.
One larger change was that the RenewIntermediate function got refactored slightly so it could be used from a test, rather than the large duplicated function we were testing in a test which seemed error prone.
2022-12-06 10:06:36 -06:00
R.B. Boyer
4940a728ab
Detect Vault 1.11+ import in secondary datacenters and update default issuer ( #15661 )
...
The fix outlined and merged in #15253 fixed the issue as it occurs in the primary
DC. There is a similar issue that arises when vault is used as the Connect CA in a
secondary datacenter that is fixed by this PR.
Additionally: this PR adds support to run the existing suite of vault related integration
tests against the last 4 versions of vault (1.9, 1.10, 1.11, 1.12)
2022-12-05 15:39:21 -06:00
Curt Bushko
95bcfd207d
Update consul-k8s docs based on the consul-k8s release/1.0.x branch ( #15678 )
2022-12-05 13:20:14 -08:00
David Yu
98cbf341ae
docs: Update Consul K8s CRDs ( #15675 )
2022-12-05 13:06:02 -08:00
Jeff Boruszak
d16a9dc409
docs: Agentless performance clarifications ( #15671 )
...
* Requested changes
2022-12-05 12:43:15 -08:00
Chris S. Kim
c046d1a4d8
Add warn log when all ACL policies are filtered out ( #15632 )
2022-12-05 11:26:10 -05:00
Evan Culver
692a6fdecf
Fix broken link to Consul Dataplane index ( #15660 )
...
The `/index` appears to result in a 404.
2022-12-03 10:17:06 -08:00
Jared Kirschner
66e28f35f1
docs: clarify Vault CA provider permissions needed ( #15478 )
2022-12-03 09:17:33 -05:00
Jared Kirschner
5efdd8bb91
Clarify Vault CA changelog entry ( #15662 )
2022-12-02 20:16:49 -05:00
James Oulman
2da843818c
docs: fix agent catalog-services caching method ( #15645 )
...
* docs: fix agent catalog-services caching method
2022-12-02 18:42:49 +00:00
Dao Thanh Tung
b890c40ce4
Fixing CLI ACL token processing unexpected precedence ( #15274 )
...
* Fixing CLI ACL token processing unexpected precedence
* Minor flow format and add Changelog
* Fixed failed tests and improve error logging message
* Add unit test cases and minor changes from code review
* Unset env var once the test case finishes running
* remove label FINISH
2022-12-02 12:19:52 -05:00
am-ak
d73871b5a2
docs: Correct a typo in checks.mdx ( #15426 )
...
* Update checks.mdx
Correcting a typo under `UDP + Interval`
* Update website/content/docs/discovery/checks.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-12-02 08:22:32 -08:00
skpratt
06880bd51f
update docs for exp v2 licensing changes ( #15563 )
2022-12-01 11:30:29 -06:00
Chris S. Kim
10349bd84b
clean up go.mod ( #15638 )
2022-12-01 16:24:35 +00:00
cskh
36f05bc8fb
integ-test: test consul upgrade from the snapshot of a running cluster ( #15595 )
...
* integ-test: test consul upgrade from the snapshot of a running cluster
* use Target version as default
Co-authored-by: Dan Stough <dan.stough@hashicorp.com>
2022-12-01 10:39:09 -05:00
Dan Stough
227fd14287
chore: updates from 1.14.2 release ( #15633 )
...
* chore: updates from 1.14.2 release
2022-11-30 22:15:58 -05:00
David Yu
7a1ce08861
CHANGELOG: add alpn config for ingress and connect proxy ( #15613 )
2022-11-30 15:47:52 -08:00
David Yu
62e5c65e59
docs: fix typos helm install ( #15625 )
...
* fix typos helm install and small compat matrix change related to host ports not required any longer
2022-11-30 12:36:40 -08:00
Michael Wilkerson
ae9a1e681e
added changelog for enterprise only change ( #15621 )
2022-11-30 11:39:20 -08:00
Tyler Wendlandt
b8347ae8c6
ui: Add ServerExternalAddresses to peer token create form ( #15555 )
...
* ui: Add ServerExternalAddresses field to token generation
* Add test for ServerExternalAddresses on peer token create
* Add changelog entry
* Update translations
* Format hbs files
* Update translations
2022-11-30 11:42:36 -07:00
R.B. Boyer
11a277f372
peering: better represent non-passing states during peer check flattening ( #15615 )
...
During peer stream replication we flatten checks from the source cluster and build one thin overall check to hide the irrelevant details from the consuming cluster. This flattening logic did correctly flip to non-passing if there were any non-passing checks, but WHICH status it got during that was random (warn/error).
Also it didn't represent "maintenance" operations. There is an api package call AggregatedStatus which more correctly flattened check statuses.
This PR replicated the more complete logic into the peer stream package.
2022-11-30 11:29:21 -06:00
Freddy
941f6da202
Remove log line about server mgmt token init ( #15610 )
...
* Remove log line about server mgmt token init
Currently the server management token is only being bootstrapped in the
primary datacenter. That means that servers on the secondary datacenter
will never have this token available, and would log this line any time a
token is resolved.
Bootstrapping the token in secondary datacenters will be done in a
follow-up.
* Add changelog entry
2022-11-29 17:56:03 -05:00
James Oulman
7e78fb7818
Add support for configuring Envoys route idle_timeout ( #14340 )
...
* Add idleTimeout
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2022-11-29 17:43:15 -05:00
Chris S. Kim
31d58014fd
docs: Update acl-tokens.mdx ( #15607 )
2022-11-29 16:20:39 -05:00
Conrad Kleinespel
b168b5c353
Fix AWS IAM trusted identity entity_tags.<key> ( #14727 )
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-11-29 12:34:28 -08:00
David Yu
1b0e20a681
docs: typo on cluster peering k8s ( #15602 )
2022-11-29 11:49:54 -08:00
David Yu
54a3714543
docs: Clean up k8s cluster peering instructions ( #15592 )
2022-11-29 10:58:13 -08:00
Derek Menteer
95dc0c7b30
Add peering `.service` and `.node` DNS lookups. ( #15596 )
...
Add peering `.service` and `.node` DNS lookups.
2022-11-29 12:23:18 -06:00
cskh
7561303855
docs: clarify envoy proxy configuration ( #15562 )
...
- Specify using the service config entry to configure
service's envoy proxy
- add missing fields in proxy.config
2022-11-28 20:33:54 -05:00
David Yu
25c4ed6ea0
docs: Fix language to describe clients previously ran on each node ( #15580 )
2022-11-28 14:50:48 -08:00
cskh
97c9432843
fix(peering): increase the gRPC limit to 8MB ( #15503 )
...
* fix(peering): increase the gRPC limit to 50MB
* changelog
* update gRPC limit to 8MB
2022-11-28 17:48:43 -05:00
Jeff Boruszak
73e2b96f9f
Load Balancer addition ( #15583 )
2022-11-28 16:48:01 -06:00
David Yu
62205d60cc
docs: Update Consul K8s Release Notes to mention updates to Cluster Peering ( #15573 )
2022-11-28 13:26:56 -08:00
Chris S. Kim
c9ec9fa320
Fix Vault managed intermediate PKI bug ( #15525 )
2022-11-28 16:17:58 -05:00
Jeff Boruszak
b856a17cbf
docs: Dataplane performance impact ( #15566 )
...
* New image + performance considerations
* Image related updates
* Update website/content/docs/connect/dataplane/index.mdx
Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2022-11-28 14:33:22 -06:00
Dan Stough
95204f4f93
chore(ci): update backport-assistant to use gh automerge ( #14839 )
2022-11-28 13:21:04 -05:00
Dan Stough
f9dc083b6d
[OSS] chore(ci): add auto-approve workflow for consul bot ( #15533 )
2022-11-28 12:29:46 -05:00
Jared Kirschner
1a68dfc668
docs: add peering control plane diagrams ( #15498 )
2022-11-26 09:37:56 -05:00
Chris S. Kim
cc819ad83b
[OSS] Add boilerplate for proto files implementing BlockableQuery ( #15554 )
2022-11-25 15:46:56 -05:00
Nitya Dhanushkodi
d4ca1b5316
update docs with mesh and proxydefaults config ( #15526 )
2022-11-24 10:02:47 -08:00
Chris S. Kim
27c53f6c82
Use backport-compatible assertion ( #15546 )
...
* Use backport-compatible assertion
* Add workaround for broken apt-get
2022-11-24 11:44:20 -05:00
Chris S. Kim
386da5439a
Use rpcHoldTimeout to calculate blocking timeout ( #15541 )
...
Adds buffer to clients so that servers have time to respond to blocking queries.
2022-11-24 10:13:02 -05:00
Chris Thain
6b477ceff8
Snapshot agent docs updates ( #15504 )
2022-11-22 06:13:13 -08:00
Chris Thain
b030a3ee99
Add changelog for snapshot agent updates ( #15516 )
2022-11-22 06:11:46 -08:00
Tu Nguyen
5ea70d7d83
fix typo in cluster peering docs ( #15519 )
2022-11-21 13:51:40 -08:00
Jared Kirschner
d3dede5f8b
docs: add retry_max agent config option ( #15487 )
2022-11-21 16:16:56 -05:00
Derek Menteer
8079686bf0
Add 1.14.1 release updates. ( #15514 )
...
Add post-release changes for 1.14.1 updates.
2022-11-21 13:35:30 -06:00
Jeff Boruszak
ef235c7c36
ServerExternalAddresses parameter clarification ( #15506 )
2022-11-21 11:51:09 -06:00
Dan Stough
44097c1154
docs: revert peering API changes ( #15505 )
2022-11-21 12:45:51 -05:00
Derek Menteer
2703545331
Add -grpc-ca-file and -grpc-ca-path CLI info on upgrade notes. ( #15500 )
...
* Add -grpc-ca-file and -grpc-ca-path CLI info on upgrade notes.
2022-11-21 09:41:29 -06:00