Peter M
697e97f57f
adding K8s page to subnav ( #11467 )
...
* adding K8s page to subnav
per request from HLT, updating use case tab to lead to K8s page instead of service mesh.
* Update subnav.js
2021-11-01 12:41:55 -07:00
Melissa Kam
867077c48b
Merge pull request #11466 from hashicorp/cts-tls-typo
...
docs/nia: Fix typo in TLS configs for CTS
2021-11-01 14:23:15 -05:00
Melissa Kam
c8240101dc
docs/nia: Fix typo in TLS configs for CTS
2021-11-01 14:03:19 -05:00
Daniel Nephin
7337cfd6dc
Merge pull request #11340 from hashicorp/dnephin/ca-manager-provider
...
ca: split the Provider interface into Primary/Secondary
2021-11-01 14:11:15 -04:00
Daniel Nephin
eee598e91c
Merge pull request #11338 from hashicorp/dnephin/ca-manager-isolate-secondary
...
ca: clearly identify methods that are primary-only or secondary-only
2021-11-01 14:10:31 -04:00
99
8d914003e8
Merge pull request #11417 from hashicorp/crt-migration-1.11.0-betax
...
Crt migration 1.11.0 betax
2021-11-01 11:02:55 -07:00
Melissa Kam
e7cf8226a1
Merge pull request #11463 from hashicorp/docs-cts-tls
...
docs/nia: Update TLS-related configurations for CTS
2021-11-01 12:39:39 -05:00
Daniel Upton
d47b7311b8
Support Check-And-Set deletion of config entries ( #11419 )
...
Implements #11372
2021-11-01 16:42:01 +00:00
trujillo-adam
8ca5be47c8
Merge pull request #11441 from hashicorp/docs/admin-partitions-feedback-acl-policies
...
admin partitions feedback related to ACLs; additional improvements to ACL rule docs
2021-11-01 09:09:38 -07:00
trujillo-adam
78e59170fa
Update website/content/docs/security/acl/acl-rules.mdx
...
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2021-11-01 09:07:08 -07:00
Melissa Kam
0b744289b7
docs/nia: Update TLS-related configurations for CTS
...
- Clarify file types and uses of the configurations
- Update some wording to match between Consul and TFE TLS configs
2021-11-01 10:44:14 -05:00
Dhia Ayachi
2801785710
regenerate expired certs ( #11462 )
...
* regenerate expired certs
* add documentation to generate tests certificates
2021-11-01 11:40:16 -04:00
trujillo-adam
138f9f31e6
Apply suggestions from code review
...
fixed typos
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-11-01 08:08:04 -07:00
Konstantine
adaaa225e8
added Alternative Domain section to dns page in docs
2021-10-30 16:45:58 +03:00
Jared Kirschner
0854e1d684
Merge pull request #11348 from kbabuadze/fix-answers-alt-domain
...
Fix answers for alt domain
2021-10-29 17:09:20 -04:00
David Yu
1dcb949306
docs: add -verbose flag for install command ( #11447 )
2021-10-29 12:08:23 -07:00
99
0402cc16bf
PR fixes
2021-10-28 22:22:38 -07:00
R.B. Boyer
61361c2e5d
cli: update consul members output to display partitions and sort the results usefully ( #11446 )
2021-10-28 17:27:31 -05:00
R.B. Boyer
c8cafb7654
agent: for various /v1/agent endpoints parse the partition parameter on the request ( #11444 )
...
Also update the corresponding CLI commands to send the parameter
appropriately.
NOTE: Behavioral changes are not happening in this PR.
2021-10-28 16:44:38 -05:00
R.B. Boyer
af9ffc214d
agent: add a clone function for duplicating the serf lan configuration ( #11443 )
2021-10-28 16:11:26 -05:00
Mark Anderson
977be77493
Fix back compat issues with UDS config ( #11318 )
...
SocketPath needs to be omitted when empty to avoid confusing older versions of Consul
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2021-10-28 13:31:10 -07:00
David Yu
823026e319
docs: revised Helm install to create namespace and install on dedicated namespace ( #11440 )
...
* docs: revised Helm install to create namespace and install on dedicated Consul namespace
* Update website/content/docs/k8s/installation/install.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
* Update install.mdx
* changing to Helm 3.2+ as a pre-req to make it easier to follow
* might as well bump to latest version
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2021-10-28 12:27:00 -07:00
Daniel Nephin
367b664318
Add tests for cert expiry metrics
2021-10-28 14:38:57 -04:00
trujillo-adam
bb18625219
applying admin partitions feedback related to ACLs; additional immprovments to ACL rule docs
2021-10-28 11:23:15 -07:00
99
26f53e82b5
Update .github/workflows/build.yml
...
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-10-28 11:07:55 -07:00
Daniel Nephin
210d37e4ab
Merge pull request #10671 from hashicorp/dnephin/fix-subscribe-test-flake
...
subscribe: improve TestSubscribeBackend_IntegrationWithServer_DeliversAllMessages
2021-10-28 12:57:09 -04:00
Daniel Nephin
96a31df5c8
Merge pull request #11255 from hashicorp/dnephin/fix-auth-verify-incoming
...
tlsutil: only AuthorizerServerConn when VerifyIncomingRPC is true
2021-10-28 12:56:58 -04:00
sidzi
29f192a130
Refactor requireHttpCodes for segregated error handling ( #11287 )
2021-10-28 12:24:23 -04:00
Kim Ngo
0c0460b53f
CTS document manual apply ( #11426 )
...
* CTS document manual apply
* Add Consul-Terraform-Sync parentheses to CTS acronym
* Add tf link for run notifications
2021-10-28 10:19:18 -05:00
Evan Culver
61be9371f5
connect: Remove support for Envoy 1.16 ( #11354 )
2021-10-27 18:51:35 -07:00
Evan Culver
bec08f4ec3
connect: Add support for Envoy 1.20 ( #11277 )
2021-10-27 18:38:10 -07:00
Freddy
ab425e3ca1
Merge pull request #11436 from hashicorp/api/exports-marshal
...
[OSS] Ensure partition-exports kind gets marshaled
2021-10-27 15:27:25 -06:00
99
1732861848
Update release branch to 1.11.x
2021-10-27 14:14:02 -07:00
freddygv
4c45cafce2
Update filename to match entry kind - mesh
2021-10-27 15:01:26 -06:00
freddygv
ac96ce6552
Ensure partition-exports kind gets marshalled
...
The api module has decoding functions that rely on 'kind' being present
of payloads. This is so that we can decode into the appropriate api type
for the config entry.
This commit ensures that a static kind is marshalled in responses from
Consul's api endpoints so that the api module can decode them.
2021-10-27 15:01:26 -06:00
Daniel Nephin
a8e2e1c365
agent: move agent tls metric monitor to a more appropriate place
...
And add a test for it
2021-10-27 16:26:09 -04:00
Daniel Nephin
c92513ec16
telemetry: set cert expiry metrics to NaN on start
...
So that followers do not report 0, which would make alerting difficult.
2021-10-27 15:19:25 -04:00
Daniel Nephin
9264ce89d2
telemetry: fix cert expiry metrics by removing labels
...
These labels should be set by whatever process scrapes Consul (for
prometheus), or by the agent that receives them (for datadog/statsd).
We need to remove them here because the labels are part of the "metric
key", so we'd have to pre-declare the metrics with the labels. We could
do that, but that is extra work for labels that should be added from
elsewhere.
Also renames the closure to be more descriptive.
2021-10-27 15:19:25 -04:00
Daniel Nephin
7948720bbb
telemetry: only emit leader cert expiry metrics on the servers
2021-10-27 15:19:25 -04:00
Daniel Nephin
7fe60e5989
telemetry: prevent stale values from cert monitors
...
Prometheus scrapes metrics from each process, so when leadership transfers to a different node
the previous leader would still be reporting the old cached value.
By setting NaN, I believe we should zero-out the value, so that prometheus should only consider the
value from the new leader.
2021-10-27 15:19:25 -04:00
Daniel Nephin
0cc58f54de
telemetry: improve cert expiry metrics
...
Emit the metric immediately so that after restarting an agent, the new expiry time will be
emitted. This is particularly important when this metric is being monitored, because we want
the alert to resovle itself immediately.
Also fixed a bug that was exposed in one of these metrics. The CARoot can be nil, so we have
to handle that case.
2021-10-27 15:19:25 -04:00
Daniel Nephin
a3c781682d
subscribe: attempt to fix a flaky test
...
TestSubscribeBackend_IntegrationWithServer_DeliversAllMessages has been
flaking a few times. This commit cleans up the test a bit, and improves
the failure output.
I don't believe this actually fixes the flake, but I'm not able to
reproduce it reliably.
The failure appears to be that the event with Port=0 is being sent in
both the snapshot and as the first event after the EndOfSnapshot event.
Hopefully the improved logging will show us if these are really
duplicate events, or actually different events with different indexes.
2021-10-27 15:09:09 -04:00
Freddy
fbcf9f3f6c
Merge pull request #11435 from hashicorp/ent-authorizer-refactor
...
[OSS] Export ACLs refactor
2021-10-27 13:04:40 -06:00
Freddy
303532825f
Merge pull request #11432 from hashicorp/ap/exports-mgw
...
[OSS] Update mesh gateways to handle partitions
2021-10-27 12:54:53 -06:00
freddygv
43360eb216
Rework acl exports interface
2021-10-27 12:50:39 -06:00
freddygv
0a4ff4bb91
Prefer concrete policyAuthorizer type
...
There will only ever be policyAuthorizers embedded in
namespaceAuthorizers, this commit swaps out the interface in favor of
the concrete type.
2021-10-27 12:50:19 -06:00
Freddy
ec7e94d129
Merge pull request #11433 from hashicorp/exported-service-acls
...
[OSS] acl: Expand ServiceRead and NodeRead to account for partition exports
2021-10-27 12:48:08 -06:00
freddygv
e93c144d2f
Update comments
2021-10-27 12:36:44 -06:00
Daniel Nephin
4afc24268d
tlsutil: only AuthorizerServerConn when VerifyIncomingRPC is true
...
See github.com/hashicorp/consul/issues/11207
When VerifyIncomingRPC is false the TLS conn will not have the required certificates.
2021-10-27 13:43:25 -04:00
Freddy
a8762be529
Merge pull request #11431 from hashicorp/ap/exports-proxycfg
...
[OSS] Update partitioned mesh gw handling for connect proxies
2021-10-27 11:27:43 -06:00