Commit Graph

281 Commits

Author SHA1 Message Date
boruszak 0ddcd78ec1 Create and Manage Peering Connections page 2022-06-13 14:24:02 -05:00
boruszak de4f9bcf4a What is Cluster Peering? additional fixes 2022-06-13 13:41:57 -05:00
boruszak 4fd06dff17 What is Cluster Peering? page 2022-06-13 13:31:13 -05:00
boruszak bb972974cb Initial page creation 2022-06-13 12:58:16 -05:00
Mark Anderson ce75f486ed yUpdate website/content/docs/connect/ca/vault.mdx
Port some changes that were made to the backport branch but not in the original PR.

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-31 20:22:12 -07:00
Blake Covarrubias 9378880c42
docs: Remove unnecessary use of CodeBlockConfig (#12974)
Remove empty CodeBlockConfig elements. These elements are not
providing any benefit for the enclosed code blocks. This PR removes
the elements so so that the source is easier to read.
2022-05-11 15:37:02 -07:00
Blake Covarrubias 8edee753d1
docs: Fix spelling errors across site (#12973) 2022-05-10 07:28:33 -07:00
Mark Anderson 7eda81d00d
Update website/content/docs/connect/config-entries/mesh.mdx (#12943)
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Signed-off-by: Mark Anderson <manderson@hashicorp.com>

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-05-05 10:39:53 -07:00
Mark Anderson c6ff4ba7d8
Support vault namespaces in connect CA (#12904)
* Support vault namespaces in connect CA

Follow on to some missed items from #12655

From an internal ticket "Support standard "Vault namespace in the
path" semantics for Connect Vault CA Provider"

Vault allows the namespace to be specified as a prefix in the path of
a PKI definition, but our usage of the Vault API includes calls that
don't support a namespaced key. In particular the sys.* family of
calls simply appends the key, instead of prefixing the namespace in
front of the path.

Unfortunately it is difficult to reliably parse a path with a
namespace; only vault knows what namespaces are present, and the '/'
separator can be inside a key name, as well as separating path
elements. This is in use in the wild; for example
'dc1/intermediate-key' is a relatively common naming schema.

Instead we add two new fields: RootPKINamespace and
IntermediatePKINamespace, which are the absolute namespace paths
'prefixed' in front of the respective PKI Paths.

Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-04 19:41:55 -07:00
Mark Anderson 05dc5a26b7 Docs and changelog edits
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-04 08:50:59 -07:00
Mark Anderson d7e7cb09dc Add some docs
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-04 08:50:58 -07:00
Blake Covarrubias 54119f3225
docs: Add example Envoy escape hatch configs (#12764)
Add example escape hatch configurations for all supported override
types.
2022-05-02 11:25:59 -07:00
Karl Cardenas 142c0ac419
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-04-26 13:12:53 -07:00
Karl Cardenas e0e2b7b547
docs: updated connect docs and re-deploying missed changes 2022-04-25 10:04:06 -07:00
David Yu d08b5a1832
docs: remove 1.9.x row in Envoy compatibility matrix (#12828) 2022-04-20 19:35:06 -07:00
Evan Culver 000d0621b4
connect: Add Envoy 1.22 to integration tests, remove Envoy 1.18 (#12805)
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2022-04-18 09:36:07 -07:00
Evan Culver 881e17fae1
connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
Natalie Smith 0a51e145c1 docs: simplify agent docs slugs 2022-04-11 17:38:47 -07:00
Natalie Smith ddae7d18a2 docs: fix external links to agent config pages 2022-04-11 17:38:11 -07:00
R.B. Boyer 25ba9c147a
xds: ensure that all connect timeout configs can apply equally to tproxy direct dial connections (#12711)
Just like standard upstreams the order of applicability in descending precedence:

1. caller's `service-defaults` upstream override for destination
2. caller's `service-defaults` upstream defaults
3. destination's `service-resolver` ConnectTimeout
4. system default of 5s

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-04-07 16:58:21 -05:00
Kyle Havlovitz 6cf22a5cef
Merge pull request #12672 from hashicorp/tgate-san-validation
Respect SNI with terminating gateways and log a warning if it isn't set alongside TLS
2022-04-05 11:15:59 -07:00
Blake Covarrubias 79144dbac6
docs: Update links to K8s service mesh annotations (#12652)
The list of supported annotations for Consul service mesh were moved
from /docs/k8s/connect to /docs/k8s/annotations-and-labels in PR
#12323.

This commit updates various across the site to point to the new
URL for these annotations.
2022-04-04 14:35:07 -07:00
Kyle Havlovitz 1a3b885027 Use the GatewayService SNI field for upstream SAN validation 2022-03-31 13:54:25 -07:00
Kyle Havlovitz 51527907ab Recommend SNI with TLS in the terminating gateway docs 2022-03-31 12:19:16 -07:00
Bryce Kalow 6bf67b7ef4
website: redirect /api to /api-docs (#12660) 2022-03-30 16:16:26 -05:00
R.B. Boyer e79ce8ab03
xds: adding control of the mesh-wide min/max TLS versions and cipher suites from the mesh config entry (#12601)
- `tls.incoming`: applies to the inbound mTLS targeting the public
  listener on `connect-proxy` and `terminating-gateway` envoy instances

- `tls.outgoing`: applies to the outbound mTLS dialing upstreams from
  `connect-proxy` and `ingress-gateway` envoy instances

Fixes #11966
2022-03-30 13:43:59 -05:00
R.B. Boyer ac5bea862a
server: ensure that service-defaults meta is incorporated into the discovery chain response (#12511)
Also add a new "Default" field to the discovery chain response to clients
2022-03-30 10:04:18 -05:00
David Yu 858e05e7d7
docs: Consul Service Mesh overview - rename of title and K8s getting started (#12574)
* Consul Service Mesh overview - rename of title and K8s getting started

* reformat lines
2022-03-18 08:55:57 -07:00
Dan Upton b36d4e16b6
Support per-listener TLS configuration ⚙️ (#12504)
Introduces the capability to configure TLS differently for Consul's
listeners/ports (i.e. HTTPS, gRPC, and the internal multiplexed RPC
port) which is useful in scenarios where you may want the HTTPS or
gRPC interfaces to present a certificate signed by a well-known/public
CA, rather than the certificate used for internal communication which
must have a SAN in the form `server.<dc>.consul`.
2022-03-18 10:46:58 +00:00
Jacob ee78b5a380
Update ui-visualization.mdx 2022-03-16 10:08:22 -04:00
mrspanishviking 7180c99960
Revert "[Docs] Agent configuration hierarchy " 2022-03-15 16:13:58 -07:00
trujillo-adam 4151dc097a fixing merge conflicts part 3 2022-03-15 15:25:03 -07:00
trujillo-adam 9cc9122be8 fixed merge conflicts pt2 2022-03-15 14:01:24 -07:00
trujillo-adam 76d55ac2b4 merging new hierarchy for agent configuration 2022-03-14 15:44:41 -07:00
Kyle Schochenmaier d6792f14a3
update docs (#12543) 2022-03-09 13:24:20 -06:00
Blake Covarrubias 9a0c2dee60
docs: Update Kubernetes YAML examples in UI visualization (#12419)
* Update Kubernetes related YAML config examples to document supported
syntax in the latest version of the Helm chart.
* Fix syntax in JSON example configs.

Resolves #12403

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-03-03 21:31:57 -08:00
David Yu e6e168b3e6
docs: Envoy 'compatibility' typo (#12513) 2022-03-03 10:50:56 -08:00
David Yu fb18aa5529
docs: bump Envoy for 1.10.x (#12472)
* docs: bump Envoy for 1.10.x

* update security notes and remove previous versions older than n-2

Envoy 1.9.0 and older have last vulnerability.

* Update envoy.mdx

* Update envoy.mdx

* Update envoy.mdx

* Update envoy.mdx

* formatting

* Update website/content/docs/connect/proxies/envoy.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/connect/proxies/envoy.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2022-03-03 10:34:30 -08:00
Luke Kysow 16085d7eee
Update exported-services.mdx (#12499) 2022-03-02 15:57:58 -08:00
Eddie Rowe 28c78c52a2 Remove deprecated built-in proxy tutorial reference 2022-03-01 14:35:28 -06:00
Evan Culver 522676ed8d
connect: Update supported Envoy versions to include 1.19.3 and 1.18.6 2022-02-24 16:59:33 -08:00
Evan Culver b95f010ac0
connect: Upgrade Envoy 1.20 to 1.20.2 (#12443) 2022-02-24 16:19:39 -08:00
Karl Cardenas 48c60946f9
docs: added example for service-router retry 2022-02-24 10:52:41 -07:00
Daniel Nephin 12f12d577a docs: add docs for using an external CA 2022-02-17 18:21:30 -05:00
Karl Cardenas 497e65426f
docs: updated per feedback 2022-02-08 11:02:36 -07:00
Karl Cardenas 52f1ed3c3b
docs: update the wan mesh gateway page 2022-02-08 10:25:27 -07:00
Luke Kysow ecc5dae06f
docs: update for k8s support for igw and header manip (#12264)
Add docs now that k8s supports these new config entry fields
2022-02-03 14:03:21 -08:00
Blake Covarrubias a6f51d8c1b docs: Fix discrepancy with sidecar min/max port range
Remove incorrect sidecar port range on docs for built-in proxy.

Updates the bind_port/port fields on the built-in proxy and sidecar
service registration pages to link to the `sidecar_min_port` and
`sidecar_max_port` configuration options for the defined port range.

Fixes #12253
2022-02-02 20:12:00 -08:00
Dan Upton c1cb58bdcb
docs: add transparent proxy visual aid (#12211)
Co-authored-by: Paul Banks <banks@banksco.de>
2022-01-28 10:57:37 +00:00
Luke Kysow 4df488b1d3
Update distributed-tracing.mdx with caveat on 128 bit IDs (#12196)
* Update distributed-tracing.mdx
2022-01-26 10:39:33 -08:00
David Yu f4df4c25f2
docs: iptables for TProxy requirement (#12180)
* docs: iptables

Add iptables requirement

* Update website/content/docs/connect/transparent-proxy.mdx

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
2022-01-26 10:18:31 -08:00
Blake Covarrubias a3ad4be429
docs: Add ingress TLS cipher and version documentation (#12163)
Document the new TLS cipher and version parameters that were added to
ingress gateways in #11576.

Co-authored-by: Mike Morris <mikemorris@users.noreply.github.com>
2022-01-26 08:12:12 -08:00
mrspanishviking f3514d802b
Merge pull request #11980 from krastin/krastin/docsday-ui-viz
adding JSON examples to /docs/connect/observability/ui-visualization
2022-01-24 08:42:46 -07:00
Krastin Krastev 8abf4088c1 fixing K8s notes placement in /docs/connect/observability/ui-visualization 2022-01-24 16:35:18 +01:00
Krastin Krastev 65d750a84d migrating <Tabs> to <CodeTabs> in /docs/connect/observability/ui-visualization 2022-01-24 16:10:03 +01:00
R.B. Boyer b9e9f1106b
docs: update config entry docs for proxy-defaults to follow new template (#12011) 2022-01-20 15:35:27 -06:00
Blake Covarrubias f09aea524f Fix spelling errors 2022-01-20 08:54:23 -08:00
Blake Covarrubias 26401c5c26 Convert absolute URLs to relative URLs for consul.io 2022-01-20 08:52:51 -08:00
Blake Covarrubias 59394e4aa2 docs: Avoid redirects by pointing links to new URLs
Avoid HTTP redirects for internal site links by updating old URLs to
point to the new location for the target content.
2022-01-20 08:52:51 -08:00
Blake Covarrubias 17f8c311be docs: Fix typo in service resolver's RingHashConfig
Fix typo in documentation for service resolver's RingHashConfig. The
correct child parameters are `MinimumRingSize` and `MaximumRingSize`.
2022-01-19 15:17:53 -08:00
Jared Kirschner 1a615f63a5
Merge pull request #12100 from hashicorp/update-gateway-overview-visual
docs: clarify gateways don't connect to public internet
2022-01-18 19:03:32 -05:00
trujillo-adam 9b00acec40
Merge pull request #11898 from hashicorp/docs/service-mesh-config-entries-add-partitions--1.11.0
updated configuration entry params for admin partitions 1.11
2022-01-18 15:46:15 -08:00
trujillo-adam 7573b80454 applied final feedback 2022-01-18 15:40:43 -08:00
trujillo-adam 727dbbd817
Apply suggestions from code review
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-01-18 15:31:58 -08:00
Jared Kirschner 3fc42a2f1f docs: clarify gateways don't connect to internet
Consul's ingress and terminating gateways are meant to enable connectivity
within your organizational network between services outside the Consul service
mesh and those within. They are not meant to connect to the public internet.
2022-01-18 13:28:26 -08:00
Evan Culver e35dd08a63
connect: Upgrade Envoy 1.20 to 1.20.1 (#11895) 2022-01-18 14:35:27 -05:00
Jared Kirschner 1ec3a8524f
Merge pull request #12101 from hashicorp/wan-federation-with-mesh-gateways-networking-visual
docs: show WAN fed with/without mesh gateways
2022-01-18 09:22:13 -05:00
Jared Kirschner a0d48e17c0 docs: show WAN fed with/without mesh gateways 2022-01-16 16:55:12 -08:00
Thomas Kula ae0fe19d2f
docs: Minor grammar change to ingress-gateway.mdx (#11365)
Use plural form of "listeners", not possessive form of "listener's"
2022-01-14 16:36:02 -08:00
trujillo-adam ea4bd71fa3 Merge branch 'docs/service-mesh-config-entries-add-partitions--1.11.0' of github.com:hashicorp/consul into docs/service-mesh-config-entries-add-partitions--1.11.0
pre and post docs day merge
2022-01-14 11:34:36 -08:00
trujillo-adam 8edc6547df applying latest round of feedback 2022-01-14 09:51:57 -08:00
Blake Covarrubias f273cfdc67
docs: Use long form of CLI flags (#12030)
Use long form of CLI flags in all example commands.

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2022-01-12 15:05:01 -08:00
Dhia Ayachi 73dd4e66d6
CA certificates relationship HL diagram (#12022)
* add diagram and text to explain certificates in consul

* use bullet points instead of enumeration

* Apply suggestions from code review

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* remove non needed text and improve image

* fix cert naming

* move section to the right place

* rename DC

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-12 16:10:00 -05:00
Blake Covarrubias e3f36ad45c docs: Fix spelling errors 2022-01-11 09:37:09 -08:00
mrspanishviking 79170d9731
Merge pull request #11983 from hashicorp/resolver_examples
docs: added another resolver example for DC and namespace failover
2022-01-11 10:27:57 -07:00
Jasmine W 665c9933ce
Merge pull request #11995 from hashicorp/l7-routing-screenshots
Adding UI screenshots to L7 overview
2022-01-11 11:33:20 -05:00
Jasmine W a5c63acb62
Update website/content/docs/connect/config-entries/service-splitter.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-11 11:18:49 -05:00
Jasmine W 88d752e41e
Update website/content/docs/connect/config-entries/service-router.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-11 11:18:43 -05:00
Jasmine W 8c440d181f
Update website/content/docs/connect/config-entries/service-resolver.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-11 11:18:36 -05:00
Natalie Smith 24c67f2dfa docs: simplify agent docs slugs 2022-01-10 17:37:18 -08:00
Natalie Smith 00c2444cfc docs: fix external links to agent config pages 2022-01-10 17:11:50 -08:00
mrspanishviking 66c5c8f2b5
Merge pull request #12016 from hashicorp/Screenshot-Updates
Consul UI Screenshot Updates
2022-01-10 18:05:02 -07:00
Xuan Luo 51a77533e4
Merge pull request #12017 from hashicorp/doc-changes
Doc changes
2022-01-10 16:33:47 -08:00
Xuan Luo cf8c005194 updated image 2022-01-10 16:29:32 -08:00
Xuan Luo b5a046f5b0 docs: add gateway overview illustration 2022-01-10 15:47:57 -08:00
Luke Kysow 31a436bf82
Add distributed tracing docs (#12010)
* Add distributed tracing docs
2022-01-10 15:43:31 -08:00
Jake Herschman 60cb4a8d36 updated topology image 2022-01-10 18:39:35 -05:00
Amier Chery 17816d5cff Added images to respective pages
Added the images to each respective page on splitting/routing/resolving along with a brief description on how to navigate there.
2022-01-10 18:14:24 -05:00
Jasmine W 0d61d70e3b Adding UI screenshots to L7 overview 2022-01-10 14:34:00 -05:00
Karl Cardenas 205d687d07
added additonal example for failover within DC and unique namespace 2022-01-10 11:41:43 -07:00
mrspanishviking b844d68c4b
Apply suggestions from code review
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2022-01-10 11:22:53 -07:00
Karl Cardenas 687f9340f7
removed empty {} 2022-01-10 10:51:00 -07:00
Karl Cardenas e992522c4c
added another example for DC and namespace failover 2022-01-10 10:45:54 -07:00
Krastin Krastev d893c9261e adding JSON examples to /docs/connect/observability/ui-visualization 2022-01-10 17:47:51 +01:00
trujillo-adam 0ac96c7d23
Merge pull request #11930 from hashicorp/docs/admin-partition-updates-1.11.0-misc
added line about wildcard intentions not supported for admin partitions
2022-01-10 07:53:58 -08:00
trujillo-adam d4f9a30927 applied feedback 2022-01-07 15:43:51 -08:00
trujillo-adam 994ef3dfb3
Update website/content/docs/connect/config-entries/mesh.mdx
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-01-07 14:20:43 -08:00
trujillo-adam 2ff5f50e8c tweaks to the language used in the requirements section 2022-01-05 12:01:10 -08:00
Noel Quiles 1ff6da7cdd
website: Update copy (#11853) 2022-01-04 15:29:46 -05:00
trujillo-adam 8852810eb5 added line about wildcard intentions not supported for admin partitions 2022-01-03 15:31:58 -08:00