Sabeen Syed
cfbefc45f0
Update NIA architecture image ( #9180 )
2020-11-23 01:47:58 -06:00
Kit Patella
c6b29a8bba
Merge pull request #9245 from hashicorp/telemetry/fix-missing-and-stale-docs
...
Telemetry/fix missing and stale docs
2020-11-20 12:54:29 -08:00
Kit Patella
5c09dc322e
add telemetry and definition help entries for missing catalog and acl metrics
2020-11-19 13:29:44 -08:00
R.B. Boyer
7c7a3e5165
command: when generating envoy bootstrap configs use the datacenter returned from the agent services endpoint ( #9229 )
...
Fixes #9215
2020-11-19 15:27:31 -06:00
Kit Patella
9e54e897d7
remove stale entries and rename/define acl.resolveToken
2020-11-19 13:06:28 -08:00
Freddy
fd5928fa4e
Require operator:write to get Connect CA config ( #9240 )
...
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.
--
This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
2020-11-19 10:14:48 -07:00
Kit Patella
0cc8d8e0a1
Merge pull request #9091 from scellef/correct-upgrade-guide
...
Correcting text on when default was changed in Consul
2020-11-18 16:54:48 -08:00
Nitya Dhanushkodi
d24be614e5
Add docs for envoyExtraArgs ( #9206 )
2020-11-18 15:40:39 -08:00
Matt Keeler
66fd23d67f
Refactor to call non-voting servers read replicas ( #9191 )
...
Co-authored-by: Kit Patella <kit@jepsen.io>
2020-11-17 10:53:57 -05:00
Matt Keeler
946cc0b82a
[docs] Change links to the DNS information to the right place ( #8675 )
...
The redirects were working in many situations but some (INTERNALS.md) was not. This just flips everything over to using the real link.
2020-11-17 10:03:00 -05:00
Luke Kysow
11db2b37c3
Docs for upgrading to CRDs ( #9176 )
...
* Add Upgrading to CRDs docs
2020-11-13 15:19:21 -08:00
Kent 'picat' Gruber
53e0683ae6
Merge pull request #9106 from hashicorp/security-model-docs-revamp
...
Revamp Security Model Documentation
2020-11-13 17:30:24 -05:00
Mike Morris
96df6a7bf5
Merge pull request #9155 from hashicorp/release/1.9.0-beta3
...
merge: 1.9.0-beta3
2020-11-13 16:45:50 -05:00
Kyle Schochenmaier
a3653a7ae2
Docs: for consul-k8s health checks ( #8819 )
...
* docs for consul-k8s health checks
Co-authored-by: Derek Strickland <1111455+DerekStrickland@users.noreply.github.com>
Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2020-11-12 16:55:44 -06:00
Nitya Dhanushkodi
5d31e2d766
Update compatibility matrix
...
Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com>
2020-11-12 14:43:33 -08:00
R.B. Boyer
61eac21f1a
agent: return the default ACL policy to callers as a header ( #9101 )
...
Header is: X-Consul-Default-ACL-Policy=<allow|deny>
This is of particular utility when fetching matching intentions, as the
fallthrough for a request that doesn't match any intentions is to
enforce using the default acl policy.
2020-11-12 10:38:32 -06:00
Paul Banks
3f37a3132e
Update ui-visualization.mdx
2020-11-12 15:52:24 +00:00
Matt Keeler
7ef9b04f90
Add a CLI command for retrieving the autopilot configuration. ( #9142 )
2020-11-11 13:19:02 -05:00
Joel Watson
81fb937e4f
Merge pull request #9098 from hashicorp/watsonian/kv-size-breakdown
...
Add detailed key size breakdown to snapshot inspect
2020-11-11 11:34:45 -06:00
Joel Watson
2e654a1759
docs: add warning in 0.9.0 upgrade notes
2020-11-11 09:23:43 -05:00
Joel Watson
6957056911
Missed a spot with old params in docs
2020-11-10 11:22:45 -06:00
Joel Watson
1ef259b093
Rename params to better reflect their purpose
2020-11-10 10:44:09 -06:00
Joel Watson
5ad0db73c8
Make docs for params clearer
2020-11-10 10:35:24 -06:00
Matt Keeler
361fe3ad20
Add some autopilot docs and update the changelog ( #9139 )
2020-11-09 14:14:19 -05:00
Matt Keeler
c048e86bb2
Switch to using the external autopilot module
2020-11-09 09:22:11 -05:00
Mike Morris
75019baadd
chore: upgrade to gopsutil/v3 ( #9118 )
...
* deps: update golang.org/x/sys
* deps: update imports to gopsutil/v3
* chore: make update-vendor
2020-11-06 20:48:38 -05:00
Mike Morris
9875846509
website: update callout to 1.9.0-beta2 ( #9131 )
2020-11-06 20:39:25 -05:00
Kent 'picat' Gruber
81efada5c3
Adjust the ACLs requirement section wording and add link to ACL docs
...
It's better to avoid the ambiguous Vault statement that was not clarified and drop the loaded "roles" term in favor of "capabilities" since the ACL system is described as capability-based in previous ACL documentation.
2020-11-06 16:25:21 -05:00
Paul Banks
b5dbeff784
UI Metrics documentation ( #9048 )
...
* UI Metrics documentation
* Update website/pages/docs/connect/observability/ui-visualization.mdx
* Fix some review comments
* Fix review comments
* Apply suggestions from code review
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2020-11-06 20:32:28 +00:00
Kent 'picat' Gruber
facd48b486
Use the EnterpriseAlert inline widget
2020-11-06 10:47:22 -05:00
Kent 'picat' Gruber
fd29187499
Add mention of auto_encrypt to mTLS requirements
2020-11-06 10:15:26 -05:00
Kent 'picat' Gruber
c7c151f789
Fix sublist format for client agent threats
2020-11-05 16:41:15 -05:00
Kent 'picat' Gruber
05b34a3cf0
Add link to the keygen command
2020-11-05 16:34:32 -05:00
Kent 'picat' Gruber
a06768f582
Use short link to keyring command
2020-11-05 16:33:04 -05:00
Kent 'picat' Gruber
d0e4e7a6ff
Add link to default_policy with code format to ACLs requirement section
2020-11-05 16:30:00 -05:00
Kent 'picat' Gruber
cc58a73716
Cleanup verify_server_hostname mTLS requirement
2020-11-05 16:27:23 -05:00
Kent 'picat' Gruber
e0a9e329e5
Add extra clarification around verify_incoming_https for localhost
...
In many cases access to localhost is restricted to trusted/privellged actors only
2020-11-05 16:20:41 -05:00
Kent 'picat' Gruber
84a345324c
Fix inline links + format in mTLS requirements section
2020-11-05 16:09:07 -05:00
Kent 'picat' Gruber
7a7f0425a1
Capitalize enterprise and add link to enerprise docs
2020-11-05 16:03:14 -05:00
Kent 'picat' Gruber
e51dbbf529
Soften language by replacing utilize with use
2020-11-05 15:59:53 -05:00
Kim Ngo
52f3714c7a
Fix NIA doc links ( #9110 )
...
fix config link and anchor
2020-11-05 13:35:57 -06:00
Joel Watson
52ea53f95e
Update docs with new flags
2020-11-05 10:31:36 -06:00
Kent 'picat' Gruber
8c2f2ca806
Actually fix spelling of recommendations
...
I obviously have no idea how to spell this word
2020-11-05 11:13:14 -05:00
Kent 'picat' Gruber
2d0be0c7a0
Fix spelling of recomendations
...
Thank you @rboyer!
2020-11-04 17:44:51 -05:00
Kent 'picat' Gruber
961f475de2
Revamp security model documentation
2020-11-04 17:05:44 -05:00
Sean Ellefson
acc6cfaaf6
Correcting text on when default was changed in Consul
2020-11-02 15:10:34 -08:00
s-christoff
79ce24e9fc
cli: Add JSON and Pretty Print formatting for `consul snapshot inspect` ( #9006 )
2020-10-29 11:31:14 -05:00
Kim Ngo
a670f7a098
docs: Add links in CTS docs for the community to get involved ( #9060 )
2020-10-29 10:07:20 -05:00
Daniel Nephin
7b9ee25956
Merge pull request #9026 from hashicorp/dnephin/streaming-without-cache-query-param
...
streaming: rename config and remove requirement for cache=1
2020-10-28 12:33:25 -04:00
Daniel Nephin
62c9124011
docs: Add the new metrics to telemetry.mdx
2020-10-27 16:49:50 -04:00
Kevin Pruett
5637683f5d
Merge pull request #9021 from hashicorp/pruett.alertbanner-exp
...
Expose `expirationDate` prop in <AlertBanner/>
2020-10-26 16:08:23 -04:00
Kim Ngo
47009930a2
NIA: add Terraform version compatibility ( #9023 )
2020-10-26 09:46:34 -05:00
Daniel Nephin
853667e7d8
health: change the name of UseStreamingBackend config
...
Remove it from the cache section, and update the docs.
2020-10-23 17:47:01 -04:00
Kevin Pruett
6a946ec6e4
Expose `expirationDate` prop in <AlertBanner/>
2020-10-23 11:19:41 -04:00
James Light
5b10046418
Update managed-deprecated.mdx ( #9016 )
...
fix typo / spell checker replacing w/ wrong word
2020-10-23 10:54:16 -04:00
R.B. Boyer
a2c50d3303
connect: add support for envoy 1.16.0, drop support for 1.12.x, and bump point releases as well ( #8944 )
...
Supported versions will be: "1.16.0", "1.15.2", "1.14.5", "1.13.6"
2020-10-22 13:46:19 -05:00
Kim Ngo
8ffebeb793
NIA: document daemon exiting on task errors ( #8985 )
2020-10-22 13:22:55 -05:00
Blake Covarrubias
0c6d1ff3c9
Add extraEnvironmentVars and client.affinity to Helm values ( #8997 )
...
Document client.extraEnvironmentVars, server.extraEnvironmentVars, and
client.affinity Helm chart values.
Remove deprecated connectInject.imageEnvoy and meshGateway.imageEnvoy
values.
2020-10-21 23:28:39 -07:00
Blake Covarrubias
bdd5e1e2a8
docs: Remove sentence about pluggable CAs
...
Consul's Connect CA documentation mentions future releases will
support a pluggable CA system. This sentence has existed in the docs
for over two years, however there are currently no plans to develop
this feature on the near-term roadmap.
This commit removes this sentence to avoid giving the impression that
this feature will be available in an upcoming release.
2020-10-20 11:51:22 -07:00
Sabeen Syed
37cfa479d8
Update links ( #8949 )
2020-10-19 14:38:10 -05:00
Sabeen Syed
a3f8aa20dd
Add A10 and Checkpoint TF modules ( #8950 )
2020-10-15 16:11:09 -05:00
Luke Kysow
812fe06d6c
Update to CRD docs ( #8956 )
...
* Update to CRD docs
* Update website/pages/docs/k8s/crds.mdx
* Modify proxy default and service default protocols
Carry over from previous PR that I forgot to submit a review/suggestion to, TCP and HTTP are not valid protocols for Proxy Defaults and Service Defaults
kubectl apply -f sdefault.yml
Error from server: error when creating "sdefault.yml": admission webhook "mutate-servicedefaults.consul.hashicorp.com" denied the request: servicedefaults.consul.hashicorp.com "your-service-name" is invalid: spec.expose.paths[0].protocol: Invalid value: "tcp": must be one of "http", "http2"
kubectl apply -f sdefault.yml
Error from server: error when creating "sdefault.yml": admission webhook "mutate-servicedefaults.consul.hashicorp.com" denied the request: servicedefaults.consul.hashicorp.com "your-service-name" is invalid: spec.expose.paths[0].protocol: Invalid value: "tcp": must be one of "http", "http2"
Co-authored-by: David Yu <dyu@hashicorp.com>
2020-10-15 10:35:26 -07:00
Kit Patella
dc8beffb48
truncate jepsen.mdx log for length
2020-10-14 13:13:38 -07:00
R.B. Boyer
f0d47ded95
docs: all intention documentation updates ( #8869 )
2020-10-14 10:23:05 -05:00
Preetha
891c4026c1
Merge pull request #8920 from hashicorp/crd-docs
...
CRD Docs
2020-10-14 09:42:45 -05:00
Luke Kysow
3ba38fb4be
CRD docs
2020-10-13 17:00:24 -07:00
Luke Kysow
bfcd9a5ee3
Recommend using vault token auto-renew in 1.8.5 ( #8945 )
2020-10-13 16:18:19 -07:00
Peter M
05665e0b84
Add files via upload
...
updating logo grid image
2020-10-13 15:16:34 -07:00
Kyle Havlovitz
659c4fa941
Merge pull request #8943 from hashicorp/vault-renew-docs
...
docs: Add a note about auto-renewing the Vault token
2020-10-13 14:36:44 -07:00
Mike Morris
1b2518a358
website: add v1.9.0-beta1 download callout ( #8939 )
2020-10-13 17:33:49 -04:00
Kyle Havlovitz
2b0713b34d
docs: Add a note about auto-renewing the Vault token
2020-10-13 14:25:42 -07:00
Paul Banks
f1fd722b81
Add ui metrics config docs ( #8921 )
...
* Add ui metrics docs
* Update website/pages/docs/agent/options.mdx
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2020-10-13 22:11:12 +01:00
Sabeen Syed
52498e8d27
Remove email address ( #8931 )
2020-10-13 13:16:06 -05:00
Kim Ngo
fa76fb40f6
Add docs on what activates task execution ( #8936 )
2020-10-13 11:47:30 -05:00
Lorna Song
1b4d76da52
Update Requirements doc: Terraform module links
...
Update "Using Terraform Modules" with latest module links from partners
2020-10-13 09:26:39 -06:00
Brandon Romano
d39830a667
Plugs in proper links for NIA page
2020-10-12 20:39:34 -07:00
Brandon Romano
2f4f93a383
Fix failed build
2020-10-12 19:38:43 -07:00
Peter M
cb84904afb
Update network-infrastructure-automation.jsx
2020-10-12 19:20:48 -07:00
pcmccarron
61f62acc9a
updating use case pages
2020-10-12 19:20:48 -07:00
pcmccarron
3d3a29c72d
updating NIA use case page
2020-10-12 19:20:48 -07:00
Iryna Shustava
4ce6f918a9
Update compatibility matrix ( #8928 )
2020-10-12 18:03:54 -07:00
Iryna Shustava
482402c2de
docs: add Helm docs for openshift; also add other missing Helm docs ( #8833 )
2020-10-12 16:35:20 -07:00
Sabeen Syed
7339a13c30
Update a link and reword some sentences ( #8925 )
...
Update PANOS link
Update sentences
2020-10-12 17:40:01 -05:00
Ricardo Oliveira
a1cf7889e5
Update service-defaults.mdx ( #8780 )
2020-10-09 13:43:52 -07:00
s-christoff
9bb348c6c7
Enhance the output of consul snapshot inspect ( #8787 )
2020-10-09 14:57:29 -05:00
Ashwin Venkatesh
79fc29788a
Initial docs commit
2020-10-09 15:54:15 -04:00
Kit Patella
00fc6fbf6c
Merge pull request #8913 from hashicorp/mkcp/docs/add-missing-options
...
adds missing options.mdx entry for telemetry {disable_compat_1.9}
2020-10-09 12:35:46 -07:00
Kit Patella
3c45459302
adds missing options.mdx entry for telemetry {disable_compat_1.9}
2020-10-09 12:29:40 -07:00
Blake Covarrubias
4c83ad3e02
doc: Update acl-method command example ( #8845 )
...
* Update acl-method command example
* add tailing backtick
2020-10-09 12:26:14 -07:00
Kim Ngo
05485619fd
Minor updates to NIA partner docs ( #8912 )
...
* Renames Terraform module registry to its new name Terraform Registry
2020-10-09 14:16:45 -05:00
Sabeen Syed
bd7433c808
Docs: Nia/docs tech preview ( #8908 )
...
* Add outline and basic content for Tech Preview docs
* Add Tech Preview tag
* Add auto-labler for Consul Terrform Sync
* Add Consul Terraform Sync config docs (#8837 )
* CLI Docs for Consul Terraform Sync
* Task Docs for Consul Terraform Sync
* Add docs for NIA Terraform driver (#8871 )
* Update Installation Docs for Consul Terraform Sync
* Initial high level architecture overview (#8872 )
* Docs: compatible Terraform modules for Consul-Terraform-Sync (#8887 )
* Update Requirements Docs for Consul Terraform Sync
* Remove empty partner module sections
2020-10-09 13:37:20 -05:00
Daniel Nephin
ea77eccb14
Merge pull request #8825 from hashicorp/streaming/add-config
...
streaming: add config and docs
2020-10-09 14:33:58 -04:00
Sabeen Syed
650eefe81a
Docs: Nia/docs partner integration ( #8907 )
...
* Add NIA Integration Program page
* Update name to Consul-Terraform-Sync and add Tech Preview tags
* Update diagram to include sequence numbers
* Remove Tech Preview tags and Update Images
* Add TF module naming convention, update image and links
* Add a note, update PANW link, and working updates
* Update URLs to local path
2020-10-09 13:22:18 -05:00
Daniel Nephin
e7d505dc33
config: add field for enabling streaming in the client
...
agent: register the new streaming cache-type
2020-10-09 14:11:34 -04:00
Jimmy Merritello
c2c3bdb377
[Website] Add HashiStackMenu to website ( #8854 )
...
* Add new HashiStackMenu
* Add transpile option
* Bump version
* Bump HSM version and rm meganav styles
2020-10-09 10:48:21 -05:00
Matt Keeler
8f890bc027
Add capability for the v1/connect/ca/roots endpoint to return a PEM encoded certificate chain ( #8774 )
...
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2020-10-09 10:43:33 -04:00
R.B. Boyer
2ec7d09381
website: re-add forgotten updates ( #8890 )
2020-10-08 15:33:51 -05:00
Kit Patella
adeabf2399
Merge pull request #8877 from hashicorp/mkcp/telemetry/consul.api.http
...
Add flag for disabling 1.9 metrics backwards compatibility and warnings when set to default
2020-10-08 13:22:37 -07:00
Kit Patella
f916b72ee7
Update telemetry.mdx
...
Make `consul.http...` have an ellipsis rather than just two dots to denote that there's a lot of different metrics under that path.
2020-10-08 13:20:43 -07:00
Matt Keeler
38f5ddce2a
Add per-agent reconnect timeouts ( #8781 )
...
This allows for client agent to be run in a more stateless manner where they may be abruptly terminated and not expected to come back. If advertising a per-agent reconnect timeout using the advertise_reconnect_timeout configuration when that agent leaves, other agents will wait only that amount of time for the agent to come back before reaping it.
This has the advantageous side effect of causing servers to deregister the node/services/checks for that agent sooner than if the global reconnect_timeout was used.
2020-10-08 15:02:19 -04:00