Commit Graph

16262 Commits

Author SHA1 Message Date
mrspanishviking 79170d9731
Merge pull request #11983 from hashicorp/resolver_examples
docs: added another resolver example for DC and namespace failover
2022-01-11 10:27:57 -07:00
Mike Morris 1b1a97e8f9
ingress: allow setting TLS min version and cipher suites in ingress gateway config entries (#11576)
* xds: refactor ingress listener SDS configuration

* xds: update resolveListenerSDS call args in listeners_test

* ingress: add TLS min, max and cipher suites to GatewayTLSConfig

* xds: implement envoyTLSVersions and envoyTLSCipherSuites

* xds: merge TLS config

* xds: configure TLS parameters with ingress TLS context from leaf

* xds: nil check in resolveListenerTLSConfig validation

* xds: nil check in makeTLSParameters* functions

* changelog: add entry for TLS params on ingress config entries

* xds: remove indirection for TLS params in TLSConfig structs

* xds: return tlsContext, nil instead of ambiguous err

Co-authored-by: Chris S. Kim <ckim@hashicorp.com>

* xds: switch zero checks to types.TLSVersionUnspecified

* ingress: add validation for ingress config entry TLS params

* ingress: validate listener TLS config

* xds: add basic ingress with TLS params tests

* xds: add ingress listeners mixed TLS min version defaults precedence test

* xds: add more explicit tests for ingress listeners inheriting gateway defaults

* xds: add test for single TLS listener on gateway without TLS defaults

* xds: regen golden files for TLSVersionInvalid zero value, add TLSVersionAuto listener test

* types/tls: change TLSVersion to string

* types/tls: update TLSCipherSuite to string type

* types/tls: implement validation functions for TLSVersion and TLSCipherSuites, make some maps private

* api: add TLS params to GatewayTLSConfig, add tests

* api: add TLSMinVersion to ingress gateway config entry test JSON

* xds: switch to Envoy TLS cipher suite encoding from types package

* xds: fixup validation for TLSv1_3 min version with cipher suites

* add some kitchen sink tests and add a missing struct tag

* xds: check if mergedCfg.TLSVersion is in TLSVersionsWithConfigurableCipherSuites

* xds: update connectTLSEnabled comment

* xds: remove unsued resolveGatewayServiceTLSConfig function

 * xds: add makeCommonTLSContextFromLeafWithoutParams

* types/tls: add LessThan comparator function for concrete values

* types/tls: change tlsVersions validation map from string to TLSVersion keys

* types/tls: remove unused envoyTLSCipherSuites

* types/tls: enable chacha20 cipher suites for Consul agent

* types/tls: remove insecure cipher suites from allowed config

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 are both explicitly listed as insecure and disabled in the Go source.

Refs https://cs.opensource.google/go/go/+/refs/tags/go1.17.3:src/crypto/tls/cipher_suites.go;l=329-330

* types/tls: add ValidateConsulAgentCipherSuites function, make direct lookup map private

* types/tls: return all unmatched cipher suites in validation errors

* xds: check that Envoy API value matching TLS version is found when building TlsParameters

* types/tls: check that value is found in map before appending to slice in MarshalEnvoyTLSCipherSuiteStrings

* types/tls: cast to string rather than fmt.Printf in TLSCihperSuite.String()

* xds: add TLSVersionUnspecified to list of configurable cipher suites

* structs: update note about config entry warning

* xds: remove TLS min version cipher suite unconfigurable test placeholder

* types/tls: update tests to remove assumption about private map values

Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2022-01-11 11:46:42 -05:00
Jasmine W a4af0a6bb0
Merge pull request #12002 from hashicorp/kubernetes-service-screenshot
added screenshot of k8s service
2022-01-11 11:34:00 -05:00
Jasmine W 665c9933ce
Merge pull request #11995 from hashicorp/l7-routing-screenshots
Adding UI screenshots to L7 overview
2022-01-11 11:33:20 -05:00
Hannah Hearth 9a4763bfbf Add CTS and API Gateway to docs on tools page 2022-01-11 10:22:30 -06:00
Jasmine W a5c63acb62
Update website/content/docs/connect/config-entries/service-splitter.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-11 11:18:49 -05:00
Jasmine W 88d752e41e
Update website/content/docs/connect/config-entries/service-router.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-11 11:18:43 -05:00
Jasmine W 8c440d181f
Update website/content/docs/connect/config-entries/service-resolver.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-11 11:18:36 -05:00
Jasmine W 4aeee82661 pushing for circleci 2022-01-11 11:16:24 -05:00
Kenia aaace559e2
ui: Adding Partition to topology card (#11805) 2022-01-11 10:04:06 -05:00
Dao Thanh Tung 88c7cfa578
URL-encode/decode resource names for HTTP API part 2 (#11957) 2022-01-11 08:52:45 -05:00
John Cowen 78e9c0d2d9
ui: Ensure the partition is passed through to the request for the SSO auth URL (#11979)
* Make sure the mocks reflect the requested partition/namespace

* Ensure partition is passed through to the HTTP adapter

* Pass AuthMethod object through to TokenSource in order to use Partition

* Change up docs and add potential improvements for future

* Pass the query partition back onto the response

* Make sure the OIDC callback mock returns a Partition

* Enable OIDC provider mock overwriting during acceptance testing

* Make sure we can enable partitions and SSO post bootup only required

...for now

* Wire up oidc provider mocking

* Add SSO full auth flow acceptance tests
2022-01-11 11:02:46 +00:00
Anthony 1ad3ed3a2b
docs: Add CodeBlockConfig to network coordinates page 2022-01-10 22:13:27 -08:00
Connor 7c3e8bd1c3
Add go-sockaddr examples for multiple interfaces (#11998)
* Add overview example for multiple interfaces with go-sockaddr

* Include go-sockaddr examples in agent configuration

* Add changelog entry

* Make suggested changes

* Simplify hcl comment

* Update link and fix gRPC

* Switch index.mdx from Tabs to CodeTabs

* Reformat new links for screen readers

* Apply suggestions from code review

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Fix spacing in code block

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-10 20:10:25 -06:00
mrspanishviking 66c5c8f2b5
Merge pull request #12016 from hashicorp/Screenshot-Updates
Consul UI Screenshot Updates
2022-01-10 18:05:02 -07:00
Xuan Luo 51a77533e4
Merge pull request #12017 from hashicorp/doc-changes
Doc changes
2022-01-10 16:33:47 -08:00
Xuan Luo cf8c005194 updated image 2022-01-10 16:29:32 -08:00
Jake Herschman 5460c0c0f6 fixed duplicated image path 2022-01-10 19:08:16 -05:00
Jake Herschman 28ca3503b8 Updated Consul UI Screenshots 2022-01-10 19:01:42 -05:00
Xuan Luo b5a046f5b0 docs: add gateway overview illustration 2022-01-10 15:47:57 -08:00
Luke Kysow 31a436bf82
Add distributed tracing docs (#12010)
* Add distributed tracing docs
2022-01-10 15:43:31 -08:00
Jake Herschman 60cb4a8d36 updated topology image 2022-01-10 18:39:35 -05:00
Jake Herschman 2994a78c97 updated datacenter dropdown image 2022-01-10 18:38:41 -05:00
Jake Herschman ee3efc0468 updated topology image 2022-01-10 18:37:51 -05:00
Xuan Luo a099c85db5 docs: added gateway overview illustration 2022-01-10 15:30:01 -08:00
Preetha 92cc690e0d
Updated health check docs page with HCL examples (#12000)
All healthcheck JSON examples now have HCL equivalents.
2022-01-10 17:19:39 -06:00
Amier Chery 17816d5cff Added images to respective pages
Added the images to each respective page on splitting/routing/resolving along with a brief description on how to navigate there.
2022-01-10 18:14:24 -05:00
mrspanishviking 3f4cf0e64a
Merge pull request #11997 from hashicorp/20sr20-patch-1
Adding texts in verify_leader metric
2022-01-10 15:59:20 -07:00
Sujata Roy c1db7de581
Update website/content/docs/agent/telemetry.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-10 14:57:14 -08:00
mrspanishviking e7009f52af
Merge pull request #12007 from hashicorp/Amier3-patch-1-1
docs: clarify hcl/cli differences
2022-01-10 15:45:46 -07:00
Matt Keeler 7b5d52257e
Document Consul enterprise 1.10.0-1.10.4 forwards incompatibility with 1.11 (#11978)
Also fixed a broken link in the 1.10.x upgrade instructions.

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-10 17:18:40 -05:00
Amier Chery 47fc7e5ad9
Create options.mdx
Adding a small little note to the top of the 'command line options' section of this page following community feedback in #10628
2022-01-10 17:15:33 -05:00
Jasmine W e94525c216 added screenshot of k8s service 2022-01-10 15:57:15 -05:00
Sujata Roy 1064333eb6
Adding texts in verify_leader metric
- Added description providing example case when the metric can go high
2022-01-10 12:01:27 -08:00
Jasmine W 0d61d70e3b Adding UI screenshots to L7 overview 2022-01-10 14:34:00 -05:00
Preetha 295ab0b3a5
Added HCL examples to service discovery page (#11989)
Improved HCL examples in the service discovery docs page
2022-01-10 13:12:42 -06:00
Chris S. Kim 65f97e6305
Add LastErrorMessage to /acl/replication docs (#11990) 2022-01-10 13:42:57 -05:00
Karl Cardenas 205d687d07
added additonal example for failover within DC and unique namespace 2022-01-10 11:41:43 -07:00
mrspanishviking b844d68c4b
Apply suggestions from code review
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2022-01-10 11:22:53 -07:00
mrspanishviking 506a423495
Merge pull request #11977 from hashicorp/boxofrad/kv-docs-examples
docs: kv doc improvements
2022-01-10 11:22:09 -07:00
Karl Cardenas 687f9340f7
removed empty {} 2022-01-10 10:51:00 -07:00
Karl Cardenas e992522c4c
added another example for DC and namespace failover 2022-01-10 10:45:54 -07:00
trujillo-adam 0ac96c7d23
Merge pull request #11930 from hashicorp/docs/admin-partition-updates-1.11.0-misc
added line about wildcard intentions not supported for admin partitions
2022-01-10 07:53:58 -08:00
Daniel Upton 0e5c1c349c Incorporate feedback from @jkirschner-hashicorp and @karl-cardenas-coding 2022-01-10 15:53:41 +00:00
Daniel Upton 8529a23e59 docs: clarify transaction usage and limitations in kv api docs 2022-01-10 13:59:43 +00:00
Daniel Upton 021537c837 docs: call out `kv export` and the transaction API 2022-01-10 13:51:35 +00:00
Daniel Upton 2dc05b4017 docs: improve kv get examples
- Split examples into sections with headers
- Hide the clipboard on examples as the copied text isn't useful
- Format inline flags as code using backticks
2022-01-10 13:40:24 +00:00
Daniel Upton ce55cb70b8 docs: call out `kv import` and the transaction API 2022-01-10 12:30:28 +00:00
Daniel Upton 8630f03130 docs: improve read/scanability of kv put examples
- Split examples into sections with headers
- Hide the clipboard on examples as the copied text isn't useful
- Add an example of supplying data in a heredoc
- Move the flags section to the bottom to clearly separate it from CAS
  which also mentions "flags" of a different kind
- Slight re-wording for clarity
2022-01-10 12:15:59 +00:00
Daniel Upton c9c34d0e76 docs: fix placement of warning in kv put example 2022-01-10 11:40:25 +00:00