Commit Graph

17813 Commits

Author SHA1 Message Date
Chris Thain 21f8ad591c Add mesh gateway configuration examples. 2022-06-20 09:07:44 -07:00
Freddy 1b2df5388c
Additional service mesh docs updates for peering (#13464)
This PR covers two sets of changes:
- Documenting the new `destination_peer` for proxy upstream definitions.
- Updating the exported-services config entry documentation.

Updates to the `exported-services` config entry include:
- As of 1.13.0 it is no longer only for Consul Enterprise
- A `PeerName` is now a possible consumer for an exported service.
- Added examples for OSS and Enterprise
- Linked to peering docs
2022-06-17 18:40:38 -06:00
trujillo-adam ba52ae5ac7 tweaks to the enterprise section for ecs mesh gateways 2022-06-17 15:17:48 -07:00
trujillo-adam c59889a86f tweaks to the secure configuration for manually installing consul ecs 2022-06-17 15:13:48 -07:00
trujillo-adam 8ea55cc439 Added note about manually creating mesh gw not being supported 2022-06-17 14:57:37 -07:00
trujillo-adam f0e3bce6e0 tweaks to the secure TF install section 2022-06-17 14:42:51 -07:00
trujillo-adam d651218538 minor tweaks to TF install 2022-06-17 14:15:29 -07:00
trujillo-adam be04910680 updates to ECS Terraform install 2022-06-17 12:58:47 -07:00
Jeff Boruszak 95aa915b42
Apply suggestions from code review 2022-06-17 13:36:20 -05:00
trujillo-adam 77898e4071 Merge branch 'main' of github.com:hashicorp/consul into docs-ecs-mesh-gw 2022-06-17 11:32:05 -07:00
Kyle Schochenmaier a407d378af
update helm values docs and annotations (#13487) 2022-06-17 12:47:47 -05:00
Jeff Boruszak ccbe00e469
Update website/content/docs/connect/cluster-peering/create-manage-peering.mdx 2022-06-17 12:35:35 -05:00
Jeff Boruszak 5062e89651
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-06-17 12:31:11 -05:00
John Murret 567662f0fe
Docs - k8s - Webhook Certs on Vault (#13441)
* Docs - k8s - Webhook Certs on Vault

* Adding webhook certs to data-integration overview page

* marking items as code

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Updating prerequisites intro

* Updating prerequisites intro

* Updating `Create a Vault auth roles that link the policy to each Consul on Kubernetes service account that requires access` to `Link the Vault policy to Consul workloads`

* changing `Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart` to `Update the Consul on Kubernetes helm chart`.

* Changed `Create a Vault PKI role that establishes the domains that it is allowed to issue certificates for` to `Configure allowed domains for PKI certificates`

* Moved `Create a Vault policy that authorizes the desired level of access to the secret` to the Set up per Consul Datacenter section

* Update website/content/docs/k8s/installation/vault/data-integration/webhook-certs.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Moving Overview above Prerequisites.  Adding sentence where missing after page title.

* Moving Overview above Prerequisites for webhook certs page.

* fixing the end of the overview section that was not moved.

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-06-17 10:23:54 -06:00
trujillo-adam b91fadcde5 referred to mesh gateway functionality in ECS overview 2022-06-17 09:04:52 -07:00
Tu Nguyen 5759046edc
Merge pull request #13466 from hashicorp/consul-lambda-broken-link
Fix broken link in lambda docs
2022-06-17 08:31:10 -07:00
Dan Upton e00e3a0bc3
Move ACLResolveResult into acl/resolver package (#13467)
Having this type live in the agent/consul package makes it difficult to
put anything that relies on token resolution (e.g. the new gRPC services)
in separate packages without introducing import cycles.

For example, if package foo imports agent/consul for the ACLResolveResult
type it means that agent/consul cannot import foo to register its service.

We've previously worked around this by wrapping the ACLResolver to
"downgrade" its return type to an acl.Authorizer - aside from the
added complexity, this also loses the resolved identity information.

In the future, we may want to move the whole ACLResolver into the
acl/resolver package. For now, putting the result type there at least,
fixes the immediate import cycle issues.
2022-06-17 10:24:43 +01:00
Kyle Havlovitz 08288ce10c Add changelog note 2022-06-16 18:26:25 -07:00
Kyle Havlovitz 55109eb9f6 command: Add TLS support for envoy prometheus endpoint 2022-06-16 17:53:05 -07:00
sarahalsmiller 3c6cbb51b5
Update upgrade-specific-versions.mdx 2022-06-16 15:36:27 -05:00
Chris S. Kim a4c28d1aea
Update docs with peer query parameter (#13462)
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2022-06-16 16:25:44 -04:00
DanStough 4b402e3119 feat: tgtwy xDS generation for destinations
Signed-off-by: Dhia Ayachi <dhia@hashicorp.com>
2022-06-16 16:17:49 -04:00
alex bd4ddb3720
peering: block Intention.Apply ops (#13451)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-06-16 12:07:28 -07:00
alex b3e99784a6
peering, state: account for peer intentions (#13443)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-06-16 10:27:31 -07:00
Luke Kysow ee032e9869
Add type info to options (#13477) 2022-06-16 10:09:39 -07:00
Luke Kysow 27dbb3e87d
Update index.mdx (#13476) 2022-06-16 09:59:49 -07:00
Sam Salisbury ceb1fdd80f
Merge pull request #13469 from hashicorp/correct-redhat-tags
Correct redhat tags
2022-06-16 17:13:37 +01:00
Chris S. Kim c66edb8af5
Update docs with Source.Peer field (#13463) 2022-06-16 09:30:05 -04:00
Eric Haberkorn 130151bdf1
Lambda documentation tweaks (#13459)
Lambda documentation tweaks
2022-06-16 09:00:21 -04:00
Sam Salisbury 2070d41fe9 correct redgat_tag ospid 2022-06-16 13:28:36 +01:00
Sam Salisbury 49a89e2b5a strip trailing whitespace 2022-06-16 13:27:37 +01:00
John Cowen 7761d0abe4
ui: Fix intl keys in order to render correct messages for empty states (#13409)
* ui: Fix intl keys in order to render correct messages for empty states

* Add a debug only debug log to warn about missing keys
2022-06-16 12:07:04 +01:00
Tu Nguyen 2460925566
Fix broken link in lambda docs 2022-06-15 21:23:56 -07:00
Jeff Boruszak da72911ba7
Additional consistency edits 2022-06-15 16:25:57 -05:00
Jeff Boruszak b9917285ea
Apply suggestions from code review
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2022-06-15 16:15:03 -05:00
Freddy 7e30357c17
Add peering endpoint API docs (#13454) 2022-06-15 14:18:14 -06:00
R.B. Boyer da8cea58c9
xds: begin refactor to always pass test snapshots through all xDS types (#13461) 2022-06-15 14:58:28 -05:00
Nathan Coleman f42f0fbe5f Add note about expected status for invalid CertificateRef 2022-06-15 15:46:46 -04:00
R.B. Boyer 201d1458c3
xds: mesh gateways now have their own leaf certificate when involved in a peering (#13460)
This is only configured in xDS when a service with an L7 protocol is
exported.

They also load any relevant trust bundles for the peered services to
eventually use for L7 SPIFFE validation during mTLS termination.
2022-06-15 14:36:18 -05:00
Jeff Boruszak 343586e847
Update website/data/docs-nav-data.json
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-06-15 14:26:54 -05:00
Jeff Boruszak 611ad5016e
Update website/content/docs/connect/cluster-peering/index.mdx 2022-06-15 14:26:40 -05:00
Jeff Boruszak 40e5d8b0ae
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-06-15 14:23:18 -05:00
boruszak 3e21f554ef Limitations -> Constraints 2022-06-15 14:21:58 -05:00
Jeff Boruszak e79aa5474f
Apply suggestions from code review
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-06-15 14:19:03 -05:00
boruszak 2bc2f08d1d typo fix 2022-06-15 14:08:34 -05:00
boruszak ef4d603972 Switch fronend-service and backend-service 2022-06-15 14:07:56 -05:00
Jeff Boruszak 96fb08ef61
Apply suggestions from code review 2022-06-15 14:04:52 -05:00
Jeff Boruszak e1277973aa
Apply suggestions from code review
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-06-15 14:01:34 -05:00
Jeff Boruszak fd81c4a412
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2022-06-15 13:56:55 -05:00
boruszak e1b3cfc9a9 peering_token.json addition 2022-06-15 13:55:53 -05:00