2511 Commits

Author SHA1 Message Date
Michael Wilkerson
001d540afc
Add sameness group field to prepared queries (#17089)
* added method for converting SamenessGroupConfigEntry
- added new method `ToQueryFailoverTargets` for converting a SamenessGroupConfigEntry's members to a list of QueryFailoverTargets
- renamed `ToFailoverTargets` ToServiceResolverFailoverTargets to distinguish it from `ToQueryFailoverTargets`

* Added SamenessGroup to PreparedQuery
- exposed Service.Partition to API when defining a prepared query
- added a method for determining if a QueryFailoverOptions is empty
- This will be useful for validation
- added unit tests

* added method for retrieving a SamenessGroup to state store

* added logic for using PQ with SamenessGroup
- added branching path for SamenessGroup handling in execute. It will be handled separate from the normal PQ case
- added a new interface so that the `GetSamenessGroupFailoverTargets` can be properly tested
- separated the execute logic into a `targetSelector` function so that it can be used for both failover and sameness group PQs
- split OSS only methods into new PQ OSS files
- added validation that `samenessGroup` is an enterprise only feature

* added documentation for PQ SamenessGroup
2023-04-24 13:21:28 -07:00
Eddie Rowe
863cd57117
fix broken links (#17032)
* fix broken links

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-04-20 16:12:11 +00:00
Jared Kirschner
0c846fa19b
docs: update docs related to GH-16779 (#17020) 2023-04-17 23:41:31 +00:00
trujillo-adam
f5725b414e
added an intro statement for the SI conf entry confiration model (#17017)
* added an intro statement for the SI conf entry confiration model

* caught a few more typos
2023-04-17 11:29:32 -07:00
trujillo-adam
b7b3e6eb6e
fixed bad link (#17009) 2023-04-14 13:51:56 -07:00
trujillo-adam
04b881a854
added missing error message content to troubleshooting (#17005) 2023-04-14 13:04:12 -07:00
Nathan Coleman
5410139575
Update list of Envoy versions (#16889)
* Update list of Envoy versions

* Update docs + CI + tests

* Add changelog entry

* Add newly-released Envoy versions 1.23.8 and 1.24.6

* Add newly-released Envoy version 1.22.11
2023-04-12 17:43:15 -04:00
Luke Kysow
d3d7847ca1
Remove global.name requirement for APs (#16964)
This is not a requirement when using APs because each AP has its own
auth method so it's okay if the names overlap.
2023-04-11 11:41:33 -07:00
Derek Menteer
2ef812f68b
Update docs for service-defaults overrides. (#16960)
Update docs for service-defaults overrides.

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-04-11 11:40:55 -05:00
Thomas Eckert
380d74ca95
Fix the indentation of the copyAnnotations example (#16873) 2023-04-11 15:34:52 +00:00
Derek Menteer
1bcaeabfc3
Remove deprecated service-defaults upstream behavior. (#16957)
Prior to this change, peer services would be targeted by service-default
overrides as long as the new `peer` field was not found in the config entry.
This commit removes that deprecated backwards-compatibility behavior. Now
it is necessary to specify the `peer` field in order for upstream overrides
to apply to a peer upstream.
2023-04-11 10:20:33 -05:00
Andrea Scarpino
a1404d6dcf
docs: fix typo in LocalRequestTimeoutMs (#16917) 2023-04-10 09:56:49 -07:00
Jared Kirschner
e5be4b4550
docs: improve upgrade path guidance (#16925) 2023-04-07 20:47:15 +00:00
John Eikenberry
eccd2f9871
highlight the agent.tls cert metric with CA ones
Include server agent certificate with list of cert metrics that need monitoring.
2023-04-07 20:41:14 +00:00
Eddie Rowe
5bdf795f2b
Fix API GW broken link (#16885)
* Fix API GW broken link

* Update website/content/docs/api-gateway/upgrades.mdx

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

---------

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2023-04-06 22:29:09 +00:00
Eddie Rowe
25f9da48d7
Omit false positives from 404 checker (#16881)
* Remove false positives from 404 checker

* fix remaining 404s
2023-04-05 17:58:29 +00:00
Dao Thanh Tung
0582f137c5
Fix broken doc in consul-k8s upgrade (#16852)
Signed-off-by: dttung2905 <ttdao.2015@accountancy.smu.edu.sg>
Co-authored-by: David Yu <dyu@hashicorp.com>
2023-04-03 21:21:51 +00:00
John Eikenberry
40854125a5
CA mesh CA expiration to it's own section
This is part of an effort to raise awareness that you need to monitor
your mesh CA if coming from an external source as you'll need to manage
the rotation.
2023-04-03 20:02:08 +00:00
Hariram Sankaran
71c32b4607
Fix typo on cli-flags.mdx (#16843)
Change "segements" to segments
2023-04-03 10:28:18 -07:00
Jared Kirschner
cc23b0e4dc
docs: raise awareness of GH-16779 (#16823) 2023-03-30 17:23:19 -04:00
Jeff Boruszak
4c038df0ab
docs: Updates to support HCP Consul cluster peering release (#16774)
* New HCP Consul documentation section + links

* Establish cluster peering usage cross-link

* unrelated fix to backport to v1.15

* nav correction + fixes

* Tech specs fixes

* specifications for headers

* Tech specs fixes + alignments

* sprawl edits

* Tip -> note
2023-03-29 09:27:41 -07:00
Michael Wilkerson
e5d58c59c9
changes to support new PQ enterprise fields (#16793) 2023-03-27 15:40:49 -07:00
trujillo-adam
90bbae5d75
Docs/intentions refactor docs day 2022 (#16758)
* converted intentions conf entry to ref CT format

* set up intentions nav

* add page for intentions usage

* final intentions usage page

* final intentions overview page

* fixed old relative links

* updated diagram for overview

* updated links to intentions content

* fixed typo in updated links

* rename intentions overview page file to index

* rollback link updates to intentions overview

* fixed nav

* Updated custom HTML in API and CLI pages to MD

* applied suggestions from review to index page

* moved conf examples from usage to conf ref

* missed custom HTML section

* applied additional feedback

* Apply suggestions from code review

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

* updated headings in usage page

* renamed files and udpated nav

* updated links to new file names

* added redirects and final tweaks

* typo

---------

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2023-03-24 15:16:06 -07:00
Eddie Rowe
ce6e278d9b
Fix broken links in Consul docs (#16640)
* Fix broken links in Consul docs

* more broken link fixes

* more 404 fixes

* 404 fixes

* broken link fix

---------

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2023-03-24 19:35:34 +00:00
malizz
a168d0e667
add failover policy to ProxyConfigEntry in api (#16759)
* add failover policy to ProxyConfigEntry in api

* update docs
2023-03-24 12:03:00 -07:00
Tu Nguyen
e3fd7d32da
Use GH issues type for edu board (#16750) 2023-03-23 09:00:38 -07:00
Luke Kysow
8f7e4d4a7c
Helm docs without developer.hashicorp.com prefix (#16711)
This was causing linter errors
2023-03-21 18:26:40 +00:00
Tu Nguyen
93a3a76de7
Update envoy extension docs, service-defaults, add multi-config example for lua (#16710) 2023-03-21 10:44:02 -07:00
Luke Kysow
1f4c590f2c
Regen helm docs (#16701) 2023-03-21 09:15:53 -07:00
Paul Banks
7eb3dcb65f
Update WAL Known issues (#16676) 2023-03-20 21:44:00 +00:00
Tu Nguyen
c8d9cadd56
Fix broken links from api docs (#16695) 2023-03-20 13:53:09 -07:00
Melisa Griffin
606f8fbbab
Adds check to verify that the API Gateway is being created with at least one listener 2023-03-20 12:37:30 -04:00
Rosemary Wang
33a205877e
Fix incorrect links on Envoy extensions documentation (#16666) 2023-03-17 08:29:58 -07:00
Vipin John Wilson
c26b6bc037
First cluster grpc service should be NodePort for the second cluster to connect (#16430)
* First cluster grpc service should be NodePort

This is based on the issue opened here https://github.com/hashicorp/consul-k8s/issues/1903

If you follow the documentation https://developer.hashicorp.com/consul/docs/k8s/deployment-configurations/single-dc-multi-k8s exactly as it is, the first cluster will only create the consul UI service on NodePort but not the rest of the services (including for grpc). By default, from the helm chart, they are created as headless services by setting clusterIP None. This will cause an issue for the second cluster to discover consul server on the first cluster over gRPC as it cannot simply cannot through gRPC default port 8502 and it ends up in an error as shown in the issue https://github.com/hashicorp/consul-k8s/issues/1903

As a solution, the grpc service should be exposed using NodePort (or LoadBalancer). I added those changes required in both cluster1-values.yaml and cluster2-values.yaml, and also a description for those changes for the normal users to understand. Kindly review and I hope this PR will be accepted.

* Update website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-03-16 16:43:19 +00:00
Paul Banks
e557fb4e8c
Add known issues to Raft WAL docs. (#16600)
* Add known issues to Raft WAL docs.

* Refactor update based on review feedback
2023-03-15 04:21:31 +00:00
Bastien Dronneau
a915d0ca87
Docs discovery typo (#16628)
* docs(discovery): typo

* docs(discovery): EOF and trim lines

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-03-14 08:49:48 -07:00
Ashvitha
f95ffe0355
Allow HCP metrics collection for Envoy proxies
Co-authored-by: Ashvitha Sridharan <ashvitha.sridharan@hashicorp.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>

Add a new envoy flag: "envoy_hcp_metrics_bind_socket_dir", a directory
where a unix socket will be created with the name
`<namespace>_<proxy_id>.sock` to forward Envoy metrics.

If set, this will configure:
- In bootstrap configuration a local stats_sink and static cluster.
  These will forward metrics to a loopback listener sent over xDS.

- A dynamic listener listening at the socket path that the previously
  defined static cluster is sending metrics to.

- A dynamic cluster that will forward traffic received at this listener
  to the hcp-metrics-collector service.


Reasons for having a static cluster pointing at a dynamic listener:
- We want to secure the metrics stream using TLS, but the stats sink can
  only be defined in bootstrap config. With dynamic listeners/clusters
  we can use the proxy's leaf certificate issued by the Connect CA,
  which isn't available at bootstrap time.

- We want to intelligently route to the HCP collector. Configuring its
  addreess at bootstrap time limits our flexibility routing-wise. More
  on this below.

Reasons for defining the collector as an upstream in `proxycfg`:
- The HCP collector will be deployed as a mesh service.

- Certificate management is taken care of, as mentioned above.

- Service discovery and routing logic is automatically taken care of,
  meaning that no code changes are required in the xds package.

- Custom routing rules can be added for the collector using discovery
  chain config entries. Initially the collector is expected to be
  deployed to each admin partition, but in the future could be deployed
  centrally in the default partition. These config entries could even be
  managed by HCP itself.
2023-03-10 13:52:54 -07:00
natemollica-dev
726c97b2bd
Consul WAN Fed with Vault Secrets Backend document updates (#16597)
* Consul WAN Fed with Vault Secrets Backend document updates

* Corrected dc1-consul.yaml and dc2-consul.yaml file highlights

* Update website/content/docs/k8s/deployment-configurations/vault/wan-federation.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/deployment-configurations/vault/wan-federation.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-03-10 12:45:32 -08:00
trujillo-adam
51902695de
fixes for unsupported partitions field in CRD metadata block (#16604)
* fixes for unsupported partitions field in CRD metadata block

* Apply suggestions from code review

Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>

---------

Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2023-03-10 19:33:42 +00:00
Eddie Rowe
3d75ab8a41
Broken link fixes (#16566) 2023-03-07 23:27:11 +00:00
Paul Glass
58016d1aa2
docs: Document config entry permissions (#16556) 2023-03-07 14:05:23 -06:00
Tu Nguyen
a5b8256111
Update docs to reflect functionality (#16549)
* Update docs to reflect functionality

* make consistent with other client runtimes
2023-03-07 08:21:23 -08:00
John Maguire
6166889d44
Update the consul-k8s cli docs for the new proxy log subcommand (#16458)
* Update the consul-k8s cli docs for the new `proxy log` subcommand

* Updated consul-k8s docs from PR feedback

* Added proxy log command to release notes
2023-03-06 20:43:36 +00:00
Ronald
bf501a337b
Improve ux around ACL token to help users avoid overwriting node/service identities (#16506)
* Deprecate merge-node-identities and merge-service-identities flags

* added tests for node identities changes

* added changelog file and docs
2023-03-06 15:00:39 +00:00
trujillo-adam
9e93a30f4d
fixes empty link in DNS usage page (#16534) 2023-03-03 15:04:05 -08:00
Melisa Griffin
129eca8fdb
NET-2903 Normalize weight for http routes (#16512)
* NET-2903 Normalize weight for http routes

* Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-03-03 16:39:59 -05:00
John Eikenberry
8910002e8f
update connect/ca's vault AuthMethod conf section (#16346)
Updated Params field to re-frame as supporting arguments specific to the
supported vault-agent auth-auth methods with links to each methods
"#configuration" section.
Included a call out limits on parameters supported.
2023-03-03 19:32:21 +00:00
trujillo-adam
43bd3512f0
fixed broken links associated with cluster peering updates (#16523)
* fixed broken links associated with cluster peering updates

* additional links to fix

* typos

* fixed redirect file
2023-03-03 11:17:26 -08:00
Andrew Stucki
4b661d1e0c
Add ServiceResolver RequestTimeout for route timeouts to make TerminatingGateway upstream timeouts configurable (#16495)
* Leverage ServiceResolver ConnectTimeout for route timeouts to make TerminatingGateway upstream timeouts configurable

* Regenerate golden files

* Add RequestTimeout field

* Add changelog entry
2023-03-03 09:37:12 -05:00
Michael Hofer
bbbdc5f4e5
docs(architecture): remove merge conflict leftovers (#16507) 2023-03-02 21:02:52 +00:00