Commit Graph

4580 Commits

Author SHA1 Message Date
Dan Stough 76c03872b7 Fix spelling for secrurity/acl mdx. 2022-04-20 10:48:47 -04:00
Bryce Kalow 239c84a5c1
website: remove source code (#12806) 2022-04-19 12:32:02 -05:00
Paul Glass 90b2cb6128
Docs: IAM auth method (#12779)
* Docs: IAM auth method

Co-authored-by: Karl Cardenas <kcardenas@hashicorp.com>
2022-04-18 14:34:37 -05:00
Evan Culver 000d0621b4
connect: Add Envoy 1.22 to integration tests, remove Envoy 1.18 (#12805)
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2022-04-18 09:36:07 -07:00
Jeff-Apple d2c07a3dd3 Rename and re-title docs page for installing Consul API Gateway 2022-04-17 20:41:29 -07:00
Karl Cardenas 6c0846983c
docs: fixed redirect issue 2022-04-15 07:18:17 -07:00
Evan Culver 881e17fae1
connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
FFMMM d603af774d
Update latest version on website to 1.11.5
Per the latest release
2022-04-13 17:38:31 -07:00
Karl Cardenas 43b548d4c1
Merge pull request #12562 from hashicorp/docs/blake-agent-config
docs: Agent configuration hierarchy reorganization
2022-04-12 12:33:42 -07:00
FFMMM 59c25cf891
add docs for new labels (#12757) 2022-04-12 11:53:30 -07:00
John Murret 1006c8a94b
Correcting an uncapitalized word setup at the beginning of titles to be capitalized in vault section. (#12759) 2022-04-12 09:44:41 -07:00
Natalie Smith 0a51e145c1 docs: simplify agent docs slugs 2022-04-11 17:38:47 -07:00
Natalie Smith 0fcdddcd46 docs: pr feedback 2022-04-11 17:38:17 -07:00
Natalie Smith 1d8e89425e chore: rebase updates 2022-04-11 17:38:17 -07:00
Natalie Smith ddae7d18a2 docs: fix external links to agent config pages 2022-04-11 17:38:11 -07:00
Natalie Smith 83f9879b2d docs: fix agent config links 2022-04-11 16:07:09 -07:00
Natalie Smith 4d4c760190 docs: arrange agent configuration file parameters into logical groups 2022-04-11 16:06:54 -07:00
Blake Covarrubias f4c03d2340 docs: move configuration files content from agent/config/index to agent/config/agent-config-files 2022-04-11 16:06:20 -07:00
Blake Covarrubias c5220fd184 docs: move cli content from agent/config/index to agent/config/agent-config-cli
And add sections for logical groupings of options
2022-04-11 16:05:48 -07:00
Blake Covarrubias caf34daa39 docs: move agent/options.mdx into agent/config/index.mdx and add placeholder .mdx files for cli/files
Also update nav data
2022-04-11 16:05:21 -07:00
David Yu e1db4c04d8
redirect.js: fixing redirect to new compatibility matrix for k8s (#12755) 2022-04-11 15:45:18 -07:00
David Yu 3f9b31effe
website: redirect change consul k8s compatibility matrix link (#12751) 2022-04-11 13:51:21 -07:00
David Yu 140e4f5578
docs: Upgrade Consul K8s update link to combat matrix (#12744) 2022-04-11 11:41:35 -07:00
R.B. Boyer 25ba9c147a
xds: ensure that all connect timeout configs can apply equally to tproxy direct dial connections (#12711)
Just like standard upstreams the order of applicability in descending precedence:

1. caller's `service-defaults` upstream override for destination
2. caller's `service-defaults` upstream defaults
3. destination's `service-resolver` ConnectTimeout
4. system default of 5s

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-04-07 16:58:21 -05:00
John Murret 62476e25fb
docs: Updating Gossip EncryptionKey Rotation page with Vault use case (#12720)
* docs: Updating Gossip EncryptionKey Rotation page with Vault use case

* Adding a note to the vault instructions linking to the gossip key encryption using Vault page.

* Correcting Vault guide for storing the rotated gossip key.

* adding $ to shell sessions where it is missing on the gossip rotation page

* adding $ to more shell sessions where it is missing on the gossip rotation page
2022-04-07 13:41:42 -06:00
Chris Thain 1502936c12
Consul on ECS 0.4.0 (#12694)
Update website docs for Consul on ECS 0.4.0
2022-04-07 11:43:12 -07:00
Kyle Havlovitz 9780b672da
Merge pull request #12685 from hashicorp/http-check-redirect-option
Add a field to disable following redirects on http checks
2022-04-07 11:29:27 -07:00
John Murret fd08b6aaf6
Update k8s docs for Vault as a Secrets Backend (#12691)
* Updating k8s Vault as a Secrets Backend docs

* Moving files in data-integration folder

* Updating routes to moved files

* Removing known limitations since we have delivered them.

* Revise overview page to point towards the System Integration and Data Integration pages.

* Updating Systems Overview page

* Making corrections to Overview and Systems Integration page

* Updating Data Integration page

* Gossip page

* Enterprise Licensepage

* Bootstrap Token

* Replication Token

* Revisions to bootrap, replication, and enterprise license

* snapshot agent page.  revisiions to other data integration pages

* Consul Service Mesh TLS Provider page

* ServerTLS page

* Spelling, grammar errors

* Update website/content/docs/k8s/installation/vault/index.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/data-integration/index.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/data-integration/server-tls.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/data-integration/gossip.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Updating data center to datacenter

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* interim changes

* more formatting changes

* adding additional formatting changes

* more formatting on systems integration page

* remove TODO

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/index.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Update website/content/docs/k8s/installation/vault/index.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Adding partition token

* removing dangling word

* Adding missing navlink for partitions page

* Adding VAULT_TOKEN documentation and a note to VAULT_ADDR about https and the possible need for the VAULT_CACERT.

* Fixing broken links and ordering lists

* Fixing broken links.  Changing pre-requisites to prerequisites.

Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
2022-04-07 12:16:24 -06:00
Matt Keeler a553982506
Enable running autopilot state updates on all servers (#12617)
* Fixes a lint warning about t.Errorf not supporting %w

* Enable running autopilot on all servers

On the non-leader servers all they do is update the state and do not attempt any modifications.

* Fix the RPC conn limiting tests

Technically they were relying on racey behavior before. Now they should be reliable.
2022-04-07 10:48:48 -04:00
John Murret 25c32be517
k8s docs - ACLs refactor - Updating terminating gateway documentation to call out updating the role rather than the token with the policy (#12612)
* k8s docs - ACLs refactor - Updating terminating gateway documentation to call out updating the role rather than the token with the policy

* Modifying role and policy names based on naming convention change.
2022-04-06 15:54:27 -06:00
Kyle Havlovitz 3b44343276 Add a field to disable following redirects on http checks 2022-04-05 16:12:18 -07:00
Kyle Havlovitz 6cf22a5cef
Merge pull request #12672 from hashicorp/tgate-san-validation
Respect SNI with terminating gateways and log a warning if it isn't set alongside TLS
2022-04-05 11:15:59 -07:00
Bryce Kalow 82d3418642
website: fix usages of img tag (#12696) 2022-04-05 11:18:57 -05:00
David Yu d49ea7930a
docs: rename Connect Service Mesh Kubernetes to Consul Service Mesh on Kubernetes (#12690)
* docs:rename Connect Service Mesh Kubernetes to Consul Service Mesh on Kubernetes
2022-04-05 07:46:14 -07:00
Thomas Eckert f51c02a923
Update Helm docs to reflect 0.42.0 release (#12689)
* Update Helm docs to reflect 0.42.0 release

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-04-04 14:50:59 -07:00
Blake Covarrubias 79144dbac6
docs: Update links to K8s service mesh annotations (#12652)
The list of supported annotations for Consul service mesh were moved
from /docs/k8s/connect to /docs/k8s/annotations-and-labels in PR
#12323.

This commit updates various across the site to point to the new
URL for these annotations.
2022-04-04 14:35:07 -07:00
mrspanishviking 13fba7567f
Merge pull request #12687 from hashicorp/acl-fix
docs: fixes broken url in acl overview page
2022-04-04 14:06:09 -07:00
John Murret 2bc11a5db6
Updating helm docs with additionalVault and ACLs refactor functionality. (#12669)
* Updating helm docs with additionalVault and ACLs refactor funtionality.

* PR Feedback corrections.

- Fix indentation.
- Fix description of secretName and secretKey to be consistent
- Change description of manageACLsRole to be more clear.
- Make the added vault role field descriptions consistent

* PR Feedback - correcting description for adminPartitionsRole

* Fixing broken shell sessions

* Fixing broken shell sessions by changing shell-session tobecloser tocomment marker
2022-04-04 14:36:19 -06:00
Karl Cardenas 1db1905cb5
docs: fixes broken url in acl overview page 2022-04-04 09:47:15 -07:00
Dhia Ayachi 319fe48561
documentation for config auto reload feature (#12548)
* add config watcher to the config package

* add logging to watcher

* add test and refactor to add WatcherEvent.

* add all API calls and fix a bug with recreated files

* add tests for watcher

* remove the unnecessary use of context

* Add debug log and a test for file rename

* use inode to detect if the file is recreated/replaced and only listen to create events.

* tidy ups (#1535)

* tidy ups

* Add tests for inode reconcile

* fix linux vs windows syscall

* fix linux vs windows syscall

* fix windows compile error

* increase timeout

* use ctime ID

* remove remove/creation test as it's a use case that fail in linux

* fix linux/windows to use Ino/CreationTime

* fix the watcher to only overwrite current file id

* fix linter error

* fix remove/create test

* set reconcile loop to 200 Milliseconds

* fix watcher to not trigger event on remove, add more tests

* on a remove event try to add the file back to the watcher and trigger the handler if success

* fix race condition

* fix flaky test

* fix race conditions

* set level to info

* fix when file is removed and get an event for it after

* fix to trigger handler when we get a remove but re-add fail

* fix error message

* add tests for directory watch and fixes

* detect if a file is a symlink and return an error on Add

* rename Watcher to FileWatcher and remove symlink deref

* add fsnotify@v1.5.1

* fix go mod

* do not reset timer on errors, rename OS specific files

* rename New func

* events trigger on write and rename

* add missing test

* fix flaking tests

* fix flaky test

* check reconcile when removed

* delete invalid file

* fix test to create files with different mod time.

* back date file instead of sleeping

* add watching file in agent command.

* fix watcher call to use new API

* add configuration and stop watcher when server stop

* add certs as watched files

* move FileWatcher to the agent start instead of the command code

* stop watcher before replacing it

* save watched files in agent

* add add and remove interfaces to the file watcher

* fix remove to not return an error

* use `Add` and `Remove` to update certs files

* fix tests

* close events channel on the file watcher even when the context is done

* extract `NotAutoReloadableRuntimeConfig` is a separate struct

* fix linter errors

* add Ca configs and outgoing verify to the not auto reloadable config

* add some logs and fix to use background context

* add tests to auto-config reload

* remove stale test

* add tests to changes to config files

* add check to see if old cert files still trigger updates

* rename `NotAutoReloadableRuntimeConfig` to `StaticRuntimeConfig`

* fix to re add both key and cert file. Add test to cover this case.

* review suggestion

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>

* add check to static runtime config changes

* fix test

* add changelog file

* fix review comments

* Apply suggestions from code review

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>

* update flag description

Co-authored-by: FFMMM <FFMMM@users.noreply.github.com>

* fix compilation error

* add static runtime config support

* fix test

* fix review comments

* fix log test

* Update .changelog/12329.txt

Co-authored-by: Dan Upton <daniel@floppy.co>

* transfer tests to runtime_test.go

* fix filewatcher Replace to not deadlock.

* avoid having lingering locks

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>

* split ReloadConfig func

* fix warning message

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>

* convert `FileWatcher` into an interface

* fix compilation errors

* fix tests

* extract func for adding and removing files

* add a coalesceTimer with a very small timer

* extract coaelsce Timer and add a shim for testing

* add tests to coalesceTimer fix to send remaining events

* set `coalesceTimer` to 1 Second

* support symlink, fix a nil deref.

* fix compile error

* fix compile error

* refactor file watcher rate limiting to be a Watcher implementation

* fix linter issue

* fix runtime config

* fix runtime test

* fix flaky tests

* fix compile error

* Apply suggestions from code review

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>

* fix agent New to return an error if File watcher New return an error

* add a coalesceTimer with a very small timer

* extract coaelsce Timer and add a shim for testing

* set `coalesceTimer` to 1 Second

* add flag description to agent command docs

* fix link

* add Static runtime config docs

* fix links and alignment

* fix typo

* Revert "add a coalesceTimer with a very small timer"

This reverts commit d9db2fcb8213a81ac761f04b458091409c5fb1ee.

* Revert "extract coaelsce Timer and add a shim for testing"

This reverts commit 0ab86012a415ffeb452acf58e52c9f37c9f49254.

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com>
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
Co-authored-by: FFMMM <FFMMM@users.noreply.github.com>
Co-authored-by: Daniel Upton <daniel@floppy.co>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-04-04 12:01:38 -04:00
FFMMM 973d2d0f9a
mark disable_compat_1.9 to deprecate in 1.13, change default to true (#12675)
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
2022-04-01 10:35:56 -07:00
Eric Haberkorn a7d5aa94a3
Merge pull request #12680 from hashicorp/fix-k8s-dns-service-name
Fix the Kubernetes service name for DNS
2022-04-01 11:03:24 -04:00
Eric d7b4ed1597 Fix the Kubernetes service name for DNS 2022-04-01 10:38:56 -04:00
Kyle Havlovitz 763f728df4 Add doc examples for expanded token read CLI and API 2022-03-31 15:03:41 -07:00
Kyle Havlovitz 1a3b885027 Use the GatewayService SNI field for upstream SAN validation 2022-03-31 13:54:25 -07:00
FFMMM 64e35777e0
docs: new rpc metric (#12608) 2022-03-31 13:04:33 -07:00
Kyle Havlovitz 51527907ab Recommend SNI with TLS in the terminating gateway docs 2022-03-31 12:19:16 -07:00
Bryce Kalow 6bf67b7ef4
website: redirect /api to /api-docs (#12660) 2022-03-30 16:16:26 -05:00
Mike Morris 7cb9bfdfa9
website(api-gateway): add common errors page (#12643)
* Adding common errors page for API Gateway

* website(api-gateway): add missing CRDs common error message

* Update website/content/docs/api-gateway/common-errors.mdx

Co-authored-by: Nathan Coleman <nathandanielcoleman@gmail.com>

* Update website/content/docs/api-gateway/common-errors.mdx

Co-authored-by: Nathan Coleman <nathandanielcoleman@gmail.com>

* Update website/content/docs/api-gateway/common-errors.mdx

Co-authored-by: Nathan Coleman <nathandanielcoleman@gmail.com>

* Update website/content/docs/api-gateway/common-errors.mdx

* Additional page editing instructions and formating

* Update website/content/docs/api-gateway/common-errors.mdx

* Update website/content/docs/api-gateway/common-errors.mdx

* Update website/content/docs/api-gateway/common-errors.mdx

* Update website/content/docs/api-gateway/common-errors.mdx

* Update website/content/docs/api-gateway/common-errors.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Apply suggestions from code review

Co-authored-by: Jeff-Apple <79924108+Jeff-Apple@users.noreply.github.com>
Co-authored-by: Nathan Coleman <nathandanielcoleman@gmail.com>
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-03-30 16:05:00 -04:00
R.B. Boyer e79ce8ab03
xds: adding control of the mesh-wide min/max TLS versions and cipher suites from the mesh config entry (#12601)
- `tls.incoming`: applies to the inbound mTLS targeting the public
  listener on `connect-proxy` and `terminating-gateway` envoy instances

- `tls.outgoing`: applies to the outbound mTLS dialing upstreams from
  `connect-proxy` and `ingress-gateway` envoy instances

Fixes #11966
2022-03-30 13:43:59 -05:00