Commit Graph

99 Commits

Author SHA1 Message Date
Blake Covarrubias 08c92ba880
docs: Fix formatting issues on built-in proxy page (#8005)
Fix markdown formatting and display issues on built-in proxy page.
2020-07-02 12:39:50 -04:00
Rémi Lapeyre 421b9e8ef1
Fix typo in configuration documentation (#7997) 2020-07-02 12:39:23 -04:00
André d06d9ef29e
Update lock.mdx (#8217)
Remove duplicated `-timeout` value.
2020-07-01 14:59:07 +02:00
Fatih Sarhan f6eaf74de2 docs: Fix typo on openstack cloud-auto-join 2020-06-29 13:56:01 -07:00
R.B. Boyer 462f0f37ed
connect: various changes to make namespaces for intentions work more like for other subsystems (#8194)
Highlights:

- add new endpoint to query for intentions by exact match

- using this endpoint from the CLI instead of the dump+filter approach

- enforcing that OSS can only read/write intentions with a SourceNS or
  DestinationNS field of "default".

- preexisting OSS intentions with now-invalid namespace fields will
  delete those intentions on initial election or for wildcard namespaces
  an attempt will be made to downgrade them to "default" unless one
  exists.

- also allow the '-namespace' CLI arg on all of the intention subcommands

- update lots of docs
2020-06-26 16:59:15 -05:00
Freddy e10058bc3f
Update website/pages/docs/acl/auth-methods/jwt.mdx
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2020-06-25 11:43:42 -06:00
freddygv 166da8f710 Remove remaining beta tags 2020-06-24 16:12:24 -06:00
freddygv 3f01e08ae0 Remove stray instruction 2020-06-24 16:12:08 -06:00
freddygv 98c5eb8868 Add docs for upstream destination's namespace 2020-06-24 16:11:44 -06:00
freddygv 394b1f2e7f Add tabs to config entry examples 2020-06-24 16:10:46 -06:00
Mike Morris 49fc7eb4bb
Update dev.mdx (#8090)
Remove ref to "virtual service" to avoid confusion with L7 routing virtual services, replace with "debug service".
2020-06-24 14:26:01 +02:00
Valery V. Vorotyntsev 3098bc8593
Fix quorum formula in consensus.mdx (#8166)
[Add & Remove Servers](https://learn.hashicorp.com/consul/day-2-operations/servers)
guide uses `(N/2)+1` quorum formula.  So does the
[Raft implementation](5927dcda05/raft.go (L909)).

Consensus Protocol document uses `(n+1)/2` formula.
This formula is not only different, it conflicts with the
[Deployment Table](https://www.consul.io/docs/internals/consensus.html#deployment_table)
in the same document; e.g., (6+1)/2 = 3, not 4.

Replace `(n+1)/2` with `(N/2)+1` in Consensus Protocol document.
2020-06-24 14:23:36 +02:00
Chris Piraino 2904cdac36
docs: Specify port in host for example (#8167)
This example shows a TLS enabled ingress config on a non-https port.
Currently, that means we require the port to be specified in one of the
host entries to route traffic.
2020-06-23 14:41:51 -05:00
Freddy 28f22c8a90
Finalize gateway documentation for 1.8.0 GA (#8121)
Co-authored-by: Derek Strickland <1111455+DerekStrickland@users.noreply.github.com>
2020-06-18 15:27:06 -06:00
Luke Kysow fcbed6da44
Remove consul:beta now that 1.8 is out. 2020-06-18 11:50:25 -07:00
Rebecca Zanzig ea8fbdc68f
Merge pull request #8126 from hashicorp/k8s/gateway-docs
Add helm chart options for ingress and terminating gateways
2020-06-18 11:30:59 -07:00
Jono Sosulska c8bee5a934
Fixing multiple document updates (#8135)
* Fixes #7663-ACL Token Reloadable#7432-Cipher Suites,#7385-KV Delete DC, raft list-peers docs

Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2020-06-18 14:10:45 -04:00
Rebecca Zanzig 5c7e62169d Add helm chart options for ingress and terminating gateways 2020-06-18 11:04:19 -07:00
Chris Piraino bb103f22dd
Updates docs with ingress Host header clarifications (#8062)
* Updates docs with ingress Host header changes

Clarify that a Host header is required for L7 protocols, and specify
that the default is to use the Consul DNS ingress subdomain

* Add sentence about using '*' by itself for testing

* Add optional step for using L7 routing config

* Note that port numbers may need to be added in the Hosts field
2020-06-17 14:43:58 -05:00
David Yu fb1f043cdc
Formatting spaces between keys in Config entries (#8116)
* Formatting spaces between keys in Config entries

* Service Router spacing

* Missing Camel Case proxy-defaults

* Remove extra spaces service-splitter

* Remove extra spsaces service-resolver

* More spaces a la hclfmt

* Nice!

* Oh joy!

* More spaces on proxy-defaults

* Update website/pages/docs/agent/config-entries/proxy-defaults.mdx

Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-06-16 11:28:21 -07:00
Matt Keeler d3881dd754
ACL Node Identities (#7970)
A Node Identity is very similar to a service identity. Its main targeted use is to allow creating tokens for use by Consul agents that will grant the necessary permissions for all the typical agent operations (node registration, coordinate updates, anti-entropy).

Half of this commit is for golden file based tests of the acl token and role cli output. Another big updates was to refactor many of the tests in agent/consul/acl_endpoint_test.go to use the same style of tests and the same helpers. Besides being less boiler plate in the tests it also uses a common way of starting a test server with ACLs that should operate without any warnings regarding deprecated non-uuid master tokens etc.
2020-06-16 12:54:27 -04:00
David Yu fdac1d8add
Switching service-route, service-resolver, service-splitter examples to CamelCase (#8107)
* Switching service-route example to CamelCase

* Switch service-resovler examples to CamelCase

* Changing service-splitter examples to CamelCase
2020-06-15 14:14:36 -07:00
Spencer Owen 15b5142bca
docs: Fix ingress dns entry (#8072) 2020-06-15 15:15:33 -05:00
freddygv d97cff0966 Update telemetry for gateway-services endpoint 2020-06-12 14:44:36 -06:00
freddygv b2c66359ab Add docs 2020-06-12 13:47:43 -06:00
Hans Hasselberg e62a43c6cf
Support envoy 1.14.2, 1.13.2, 1.12.4 (#8057) 2020-06-10 23:20:17 +02:00
Kyle Havlovitz 0c8966220f
Merge pull request #8040 from hashicorp/ingress/expose-cli
Ingress expose CLI command
2020-06-09 12:11:23 -07:00
Kyle Havlovitz edab5588d8 Add -host flag to expose command 2020-06-08 16:59:47 -07:00
Blake Covarrubias dd1e4ffd0d docs: Fix rendering of markdown on performance page
Fix issue with markdown not being rendered on /docs/install/performance.mdx.

Resolves #8049
2020-06-08 10:29:47 -07:00
Hans Hasselberg 72f92ae7ca
agent: add option to disable agent cache for HTTP endpoints (#8023)
This allows the operator to disable agent caching for the http endpoint.
It is on by default for backwards compatibility and if disabled will
ignore the url parameter `cached`.
2020-06-08 10:08:12 +02:00
Krastin 9262d7a79a website: fix a link in docs/agent/options
fixing the link to gopsutil in the -disable-host-node-id option text body
2020-06-07 03:36:55 -07:00
Kyle Havlovitz acae044df4 Document the namespace format for expose CLI command 2020-06-05 15:47:03 -07:00
Kyle Havlovitz ada9e2b3ab Add docs for expose command 2020-06-05 14:54:45 -07:00
Freddy 9ed325ba8b
Enable gateways to resolve hostnames to IPv4 addresses (#7999)
The DNS resolution will be handled by Envoy and defaults to LOGICAL_DNS. This discovery type can be overridden on a per-gateway basis with the envoy_dns_discovery_type Gateway Option.

If a service contains an instance with a hostname as an address we set the Envoy cluster to use DNS as the discovery type rather than EDS. Since both mesh gateways and terminating gateways route to clusters using SNI, whenever there is a mix of hostnames and IP addresses associated with a service we use the hostname + CDS rather than the IPs + EDS.

Note that we detect hostnames by attempting to parse the service instance's address as an IP. If it is not a valid IP we assume it is a hostname.
2020-06-03 15:28:45 -06:00
Kevin Pruett 9b0d0de178
Merge pull request #8002 from pruett/pruett.quickfix-acl-docs
Add newline to fix rendering bug
2020-06-03 17:21:52 -04:00
Jono Sosulska 66ee9c3bb2
Updating Stopping Agent Section (#8016)
Fixes #6935 to clarify agent behavior.
2020-06-03 17:08:49 -04:00
Kevin Pruett bf0b5055f1
Add newline to fix rendering bug 2020-06-03 15:21:06 -04:00
Derek Strickland 9795b19e27
Added guideLinks prop for UseCaseLayout component and linked terminating gateways guide from documentation. (#7998) 2020-06-02 10:40:07 -04:00
R.B. Boyer 833211c14c
acl: allow auth methods created in the primary datacenter to optionally create global tokens (#7899) 2020-06-01 11:44:47 -05:00
R.B. Boyer ffb9c7d6f7
acl: remove the deprecated `acl_enforce_version_8` option (#7991)
Fixes #7292
2020-05-29 16:16:03 -05:00
Jono Sosulska c554ba9e10
Replace whitelist/blacklist terminology with allowlist/denylist (#7971)
* Replace whitelist/blacklist terminology with allowlist/denylist
2020-05-29 14:19:16 -04:00
Chris Piraino 6c444ba24c
Remove underscores from gateway URL paths (#7962) 2020-05-28 14:19:17 -05:00
Luke Kysow db6f876b59
Merge pull request #7936 from hashicorp/helm-k8s-mgw
Helm docs for k8s mesh gateways and federation
2020-05-28 10:51:03 -07:00
Luke Kysow 6409c488ee
Helm docs for k8s mesh gateways and federation 2020-05-28 10:49:59 -07:00
Luke Kysow 85b20d3713
Merge pull request #7944 from hashicorp/k8s-mgw-docs-update
Update for consul:1.8.0-beta2
2020-05-25 11:26:28 -07:00
Luke Kysow 56e2a98aea
Update for consul:1.8.0-beta2 2020-05-25 11:26:09 -07:00
Jeff Escalante 326ec30d68 update dependencies 2020-05-21 14:50:45 -04:00
Freddy 3dd8b66aa2
Update ingress/terminating gateway ACL docs (#7891) 2020-05-20 09:27:25 -06:00
Patrice Krakow 746bf9b7e2
docs: change "is" to "can be" in connect docs (#7902)
The doc says: "When the Connect injector is installed, the Connect sidecar is automatically added to all pods." But, it depends on the configuration, so I think it's better to say: "When the Connect injector is installed, the Connect sidecar can automatically added to all pods."
2020-05-20 12:40:24 +02:00
Pierre Souchay e9d176db2a
Allow to restrict servers that can join a given Serf Consul cluster. (#7628)
Based on work done in https://github.com/hashicorp/memberlist/pull/196
this allows to restrict the IP ranges that can join a given Serf cluster
and be a member of the cluster.

Restrictions on IPs can be done separatly using 2 new differents flags
and config options to restrict IPs for LAN and WAN Serf.
2020-05-20 11:31:19 +02:00