Commit Graph

4656 Commits

Author SHA1 Message Date
Jeff Apple 9a228d2e62
Update website/content/docs/release-notes/consul-ecs/v0_4_x.mdx
Co-authored-by: Karl Cardenas <kcardenas@hashicorp.com>
2022-04-26 08:01:07 -07:00
Jeff Apple f9a695286e
Merge branch 'main' into japple-rel-notes-reorg 2022-04-25 21:33:50 -07:00
Jeff-Apple d56a695be7 Docs: Release Notes reorg - adding ECS and NIA 2022-04-25 20:59:18 -07:00
Luke Kysow 0ae269637a
Update annotations-and-labels.mdx (#12768) 2022-04-25 10:09:07 -07:00
Karl Cardenas e0e2b7b547
docs: updated connect docs and re-deploying missed changes 2022-04-25 10:04:06 -07:00
Jeff Apple 132a54ba14
Update v0_4_x.mdx 2022-04-22 14:38:33 -07:00
Jeff-Apple b3126e1190 Adding Rel Notes for ECS and moved CTS one. 2022-04-22 12:15:09 -07:00
Jeff Boruszak 1bfaf7a7d9
Update to sentinel.mdx
Removed references to modules in callout box at the top of the page.

Edit requested by Neena Pemmaraju via Slack on 4/21/22
2022-04-22 13:20:08 -05:00
Jeff Boruszak 5c7c333f6a
Update to redundancy.mdx
Removed references to modules in callout box at the top of the page.

Edit requested by Neena Pemmaraju via Slack on 4/21/22
2022-04-22 13:19:34 -05:00
Jeff Boruszak c1aaa8ac35
Update to read-scale.mdx
Removed references to modules in callout box at the top of the page.

Edit requested by Neena Pemmaraju via Slack on 4/21/22
2022-04-22 13:19:06 -05:00
Jeff Boruszak 7ed98f23fa
Update to network-segments.mdx
Removed references to modules in callout box at the top of the page.

Edit requested by Neena Pemmaraju via Slack on 4/21/22
2022-04-22 13:18:35 -05:00
Jeff Boruszak 6256a7a468
Update to namespaces.mdx
Removed references to modules in callout box at the top of the page.

Edit requested by Neena Pemmaraju via Slack on 4/21/22
2022-04-22 13:17:47 -05:00
Jeff Boruszak bd134d0d60
Update to federation.mdx
Removed references to modules in callout box at the top of the page.

Edit requested by Neena Pemmaraju via Slack on 4/21/22
2022-04-22 13:17:05 -05:00
Jeff Boruszak 6b062ed7ad
Update to audit-logging.mdx
Removed references to modules in callout box at the top of the page.

Edit requested by Neena Pemmaraju via Slack on 4/21/22
2022-04-22 13:15:28 -05:00
Jeff Boruszak 84bf170ca3
Update to admin-partitions.mdx
Removed references to modules in callout box at the top of the page. 

Edit requested by Neena Pemmaraju via Slack on 4/21/22
2022-04-22 12:01:48 -05:00
Andrew Stucki d12b16a5fd
Add doc for proposed annotation (#12716) 2022-04-22 09:13:18 -07:00
Jeff-Apple 280b8bddf9 Add template for consul-k8s release notes. 2022-04-21 16:49:01 -07:00
David Yu 406b7e12b7
docs: small spelling typo on consul k8s compat matrix (#12840) 2022-04-21 10:51:34 -07:00
Kyle Schochenmaier 636ecf7eed
docs: update acl token generation with uuidgen (#12821)
* update acl token generation with uuidgen
2022-04-21 10:17:24 -07:00
David Yu 5016ccb51e
docs: Update Consul K8s compatibility matrix (#12829)
* docs: Update Consul K8s compatibility matrix

Co-authored-by: Karl Cardenas <kcardenas@hashicorp.com>
2022-04-21 10:10:56 -07:00
John Murret cffddab0f4
Adding documentation for WAN Federation with Vault as a secrets backend (#12802)
* Adding documentation for WAN Federation with Vault as a secrets backend

* Reformatting systems integration

* fixing spacing and typos

* Fixing link to createFederactionSecret helm chart value

* More revisions in the Systems Integration section

* Systems Integration - fixing brok shell-session and adding paragraph.

* More formatting in data integration section

* Formatting consul config sections

* Fixing verbiage near helm installations.

* Changing refence to dc1 and dc2 to be primary datacenter(dc1) and secondary dataceneter (dc2)

* Apply suggestions from code review

Co-authored-by: Karl Cardenas <kcardenas@hashicorp.com>
Co-authored-by: David Yu <dyu@hashicorp.com>

* fixing missing s in Kubernetes

* Providing reason in Usage section as to why someone would look at the Systems and Data Integration sections of the vault docs

* fixing highlighted linenumbers that got through off by deleting the comment line at the beginning.

* fixing indentation within order lists

* Add a validation step to the next steps section.

* making the data integration sections for dc1 and dc2 symmetrical

* PR Feedback

* Adding images

* Remove confusing references to Systems Integration and Data Integration pages.

* Updating images to be centered

* Removed confusing reference to federation secret.

Co-authored-by: Karl Cardenas <kcardenas@hashicorp.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2022-04-21 11:07:04 -06:00
Karl Cardenas 0b14c17c16
docs: fixed broken url 2022-04-21 09:37:36 -07:00
Bryce Kalow 380db67b14
website: remove unnecessary files (#12833) 2022-04-20 23:11:32 -05:00
David Yu d08b5a1832
docs: remove 1.9.x row in Envoy compatibility matrix (#12828) 2022-04-20 19:35:06 -07:00
Dan Stough 76c03872b7 Fix spelling for secrurity/acl mdx. 2022-04-20 10:48:47 -04:00
Jared Kirschner 1da37d87b2 docs: use correct previous name of recovery token 2022-04-19 20:26:06 -07:00
Bryce Kalow 239c84a5c1
website: remove source code (#12806) 2022-04-19 12:32:02 -05:00
Paul Glass 90b2cb6128
Docs: IAM auth method (#12779)
* Docs: IAM auth method

Co-authored-by: Karl Cardenas <kcardenas@hashicorp.com>
2022-04-18 14:34:37 -05:00
Evan Culver 000d0621b4
connect: Add Envoy 1.22 to integration tests, remove Envoy 1.18 (#12805)
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2022-04-18 09:36:07 -07:00
Jeff-Apple d2c07a3dd3 Rename and re-title docs page for installing Consul API Gateway 2022-04-17 20:41:29 -07:00
Jeff-Apple bc9bb1c5ce Initial changes for reoranizing the Release Notes 2022-04-17 16:57:32 -07:00
Karl Cardenas 6c0846983c
docs: fixed redirect issue 2022-04-15 07:18:17 -07:00
Evan Culver 881e17fae1
connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
FFMMM d603af774d
Update latest version on website to 1.11.5
Per the latest release
2022-04-13 17:38:31 -07:00
Karl Cardenas 43b548d4c1
Merge pull request #12562 from hashicorp/docs/blake-agent-config
docs: Agent configuration hierarchy reorganization
2022-04-12 12:33:42 -07:00
FFMMM 59c25cf891
add docs for new labels (#12757) 2022-04-12 11:53:30 -07:00
John Murret 1006c8a94b
Correcting an uncapitalized word setup at the beginning of titles to be capitalized in vault section. (#12759) 2022-04-12 09:44:41 -07:00
Natalie Smith 0a51e145c1 docs: simplify agent docs slugs 2022-04-11 17:38:47 -07:00
Natalie Smith 0fcdddcd46 docs: pr feedback 2022-04-11 17:38:17 -07:00
Natalie Smith 1d8e89425e chore: rebase updates 2022-04-11 17:38:17 -07:00
Natalie Smith ddae7d18a2 docs: fix external links to agent config pages 2022-04-11 17:38:11 -07:00
Natalie Smith 83f9879b2d docs: fix agent config links 2022-04-11 16:07:09 -07:00
Natalie Smith 4d4c760190 docs: arrange agent configuration file parameters into logical groups 2022-04-11 16:06:54 -07:00
Blake Covarrubias f4c03d2340 docs: move configuration files content from agent/config/index to agent/config/agent-config-files 2022-04-11 16:06:20 -07:00
Blake Covarrubias c5220fd184 docs: move cli content from agent/config/index to agent/config/agent-config-cli
And add sections for logical groupings of options
2022-04-11 16:05:48 -07:00
Blake Covarrubias caf34daa39 docs: move agent/options.mdx into agent/config/index.mdx and add placeholder .mdx files for cli/files
Also update nav data
2022-04-11 16:05:21 -07:00
David Yu e1db4c04d8
redirect.js: fixing redirect to new compatibility matrix for k8s (#12755) 2022-04-11 15:45:18 -07:00
David Yu 3f9b31effe
website: redirect change consul k8s compatibility matrix link (#12751) 2022-04-11 13:51:21 -07:00
David Yu 140e4f5578
docs: Upgrade Consul K8s update link to combat matrix (#12744) 2022-04-11 11:41:35 -07:00
R.B. Boyer 25ba9c147a
xds: ensure that all connect timeout configs can apply equally to tproxy direct dial connections (#12711)
Just like standard upstreams the order of applicability in descending precedence:

1. caller's `service-defaults` upstream override for destination
2. caller's `service-defaults` upstream defaults
3. destination's `service-resolver` ConnectTimeout
4. system default of 5s

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-04-07 16:58:21 -05:00
John Murret 62476e25fb
docs: Updating Gossip EncryptionKey Rotation page with Vault use case (#12720)
* docs: Updating Gossip EncryptionKey Rotation page with Vault use case

* Adding a note to the vault instructions linking to the gossip key encryption using Vault page.

* Correcting Vault guide for storing the rotated gossip key.

* adding $ to shell sessions where it is missing on the gossip rotation page

* adding $ to more shell sessions where it is missing on the gossip rotation page
2022-04-07 13:41:42 -06:00
Chris Thain 1502936c12
Consul on ECS 0.4.0 (#12694)
Update website docs for Consul on ECS 0.4.0
2022-04-07 11:43:12 -07:00
Kyle Havlovitz 9780b672da
Merge pull request #12685 from hashicorp/http-check-redirect-option
Add a field to disable following redirects on http checks
2022-04-07 11:29:27 -07:00
John Murret fd08b6aaf6
Update k8s docs for Vault as a Secrets Backend (#12691)
* Updating k8s Vault as a Secrets Backend docs

* Moving files in data-integration folder

* Updating routes to moved files

* Removing known limitations since we have delivered them.

* Revise overview page to point towards the System Integration and Data Integration pages.

* Updating Systems Overview page

* Making corrections to Overview and Systems Integration page

* Updating Data Integration page

* Gossip page

* Enterprise Licensepage

* Bootstrap Token

* Replication Token

* Revisions to bootrap, replication, and enterprise license

* snapshot agent page.  revisiions to other data integration pages

* Consul Service Mesh TLS Provider page

* ServerTLS page

* Spelling, grammar errors

* Update website/content/docs/k8s/installation/vault/index.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/data-integration/index.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/data-integration/server-tls.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/data-integration/gossip.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Updating data center to datacenter

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* interim changes

* more formatting changes

* adding additional formatting changes

* more formatting on systems integration page

* remove TODO

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/index.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Update website/content/docs/k8s/installation/vault/index.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Update website/content/docs/k8s/installation/vault/systems-integration.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* Adding partition token

* removing dangling word

* Adding missing navlink for partitions page

* Adding VAULT_TOKEN documentation and a note to VAULT_ADDR about https and the possible need for the VAULT_CACERT.

* Fixing broken links and ordering lists

* Fixing broken links.  Changing pre-requisites to prerequisites.

Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
2022-04-07 12:16:24 -06:00
Matt Keeler a553982506
Enable running autopilot state updates on all servers (#12617)
* Fixes a lint warning about t.Errorf not supporting %w

* Enable running autopilot on all servers

On the non-leader servers all they do is update the state and do not attempt any modifications.

* Fix the RPC conn limiting tests

Technically they were relying on racey behavior before. Now they should be reliable.
2022-04-07 10:48:48 -04:00
John Murret 25c32be517
k8s docs - ACLs refactor - Updating terminating gateway documentation to call out updating the role rather than the token with the policy (#12612)
* k8s docs - ACLs refactor - Updating terminating gateway documentation to call out updating the role rather than the token with the policy

* Modifying role and policy names based on naming convention change.
2022-04-06 15:54:27 -06:00
Kyle Havlovitz 3b44343276 Add a field to disable following redirects on http checks 2022-04-05 16:12:18 -07:00
Kyle Havlovitz 6cf22a5cef
Merge pull request #12672 from hashicorp/tgate-san-validation
Respect SNI with terminating gateways and log a warning if it isn't set alongside TLS
2022-04-05 11:15:59 -07:00
Bryce Kalow 82d3418642
website: fix usages of img tag (#12696) 2022-04-05 11:18:57 -05:00
David Yu d49ea7930a
docs: rename Connect Service Mesh Kubernetes to Consul Service Mesh on Kubernetes (#12690)
* docs:rename Connect Service Mesh Kubernetes to Consul Service Mesh on Kubernetes
2022-04-05 07:46:14 -07:00
Thomas Eckert f51c02a923
Update Helm docs to reflect 0.42.0 release (#12689)
* Update Helm docs to reflect 0.42.0 release

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-04-04 14:50:59 -07:00
Blake Covarrubias 79144dbac6
docs: Update links to K8s service mesh annotations (#12652)
The list of supported annotations for Consul service mesh were moved
from /docs/k8s/connect to /docs/k8s/annotations-and-labels in PR
#12323.

This commit updates various across the site to point to the new
URL for these annotations.
2022-04-04 14:35:07 -07:00
mrspanishviking 13fba7567f
Merge pull request #12687 from hashicorp/acl-fix
docs: fixes broken url in acl overview page
2022-04-04 14:06:09 -07:00
John Murret 2bc11a5db6
Updating helm docs with additionalVault and ACLs refactor functionality. (#12669)
* Updating helm docs with additionalVault and ACLs refactor funtionality.

* PR Feedback corrections.

- Fix indentation.
- Fix description of secretName and secretKey to be consistent
- Change description of manageACLsRole to be more clear.
- Make the added vault role field descriptions consistent

* PR Feedback - correcting description for adminPartitionsRole

* Fixing broken shell sessions

* Fixing broken shell sessions by changing shell-session tobecloser tocomment marker
2022-04-04 14:36:19 -06:00
Karl Cardenas 1db1905cb5
docs: fixes broken url in acl overview page 2022-04-04 09:47:15 -07:00
Dhia Ayachi 319fe48561
documentation for config auto reload feature (#12548)
* add config watcher to the config package

* add logging to watcher

* add test and refactor to add WatcherEvent.

* add all API calls and fix a bug with recreated files

* add tests for watcher

* remove the unnecessary use of context

* Add debug log and a test for file rename

* use inode to detect if the file is recreated/replaced and only listen to create events.

* tidy ups (#1535)

* tidy ups

* Add tests for inode reconcile

* fix linux vs windows syscall

* fix linux vs windows syscall

* fix windows compile error

* increase timeout

* use ctime ID

* remove remove/creation test as it's a use case that fail in linux

* fix linux/windows to use Ino/CreationTime

* fix the watcher to only overwrite current file id

* fix linter error

* fix remove/create test

* set reconcile loop to 200 Milliseconds

* fix watcher to not trigger event on remove, add more tests

* on a remove event try to add the file back to the watcher and trigger the handler if success

* fix race condition

* fix flaky test

* fix race conditions

* set level to info

* fix when file is removed and get an event for it after

* fix to trigger handler when we get a remove but re-add fail

* fix error message

* add tests for directory watch and fixes

* detect if a file is a symlink and return an error on Add

* rename Watcher to FileWatcher and remove symlink deref

* add fsnotify@v1.5.1

* fix go mod

* do not reset timer on errors, rename OS specific files

* rename New func

* events trigger on write and rename

* add missing test

* fix flaking tests

* fix flaky test

* check reconcile when removed

* delete invalid file

* fix test to create files with different mod time.

* back date file instead of sleeping

* add watching file in agent command.

* fix watcher call to use new API

* add configuration and stop watcher when server stop

* add certs as watched files

* move FileWatcher to the agent start instead of the command code

* stop watcher before replacing it

* save watched files in agent

* add add and remove interfaces to the file watcher

* fix remove to not return an error

* use `Add` and `Remove` to update certs files

* fix tests

* close events channel on the file watcher even when the context is done

* extract `NotAutoReloadableRuntimeConfig` is a separate struct

* fix linter errors

* add Ca configs and outgoing verify to the not auto reloadable config

* add some logs and fix to use background context

* add tests to auto-config reload

* remove stale test

* add tests to changes to config files

* add check to see if old cert files still trigger updates

* rename `NotAutoReloadableRuntimeConfig` to `StaticRuntimeConfig`

* fix to re add both key and cert file. Add test to cover this case.

* review suggestion

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>

* add check to static runtime config changes

* fix test

* add changelog file

* fix review comments

* Apply suggestions from code review

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>

* update flag description

Co-authored-by: FFMMM <FFMMM@users.noreply.github.com>

* fix compilation error

* add static runtime config support

* fix test

* fix review comments

* fix log test

* Update .changelog/12329.txt

Co-authored-by: Dan Upton <daniel@floppy.co>

* transfer tests to runtime_test.go

* fix filewatcher Replace to not deadlock.

* avoid having lingering locks

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>

* split ReloadConfig func

* fix warning message

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>

* convert `FileWatcher` into an interface

* fix compilation errors

* fix tests

* extract func for adding and removing files

* add a coalesceTimer with a very small timer

* extract coaelsce Timer and add a shim for testing

* add tests to coalesceTimer fix to send remaining events

* set `coalesceTimer` to 1 Second

* support symlink, fix a nil deref.

* fix compile error

* fix compile error

* refactor file watcher rate limiting to be a Watcher implementation

* fix linter issue

* fix runtime config

* fix runtime test

* fix flaky tests

* fix compile error

* Apply suggestions from code review

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>

* fix agent New to return an error if File watcher New return an error

* add a coalesceTimer with a very small timer

* extract coaelsce Timer and add a shim for testing

* set `coalesceTimer` to 1 Second

* add flag description to agent command docs

* fix link

* add Static runtime config docs

* fix links and alignment

* fix typo

* Revert "add a coalesceTimer with a very small timer"

This reverts commit d9db2fcb8213a81ac761f04b458091409c5fb1ee.

* Revert "extract coaelsce Timer and add a shim for testing"

This reverts commit 0ab86012a415ffeb452acf58e52c9f37c9f49254.

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com>
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
Co-authored-by: FFMMM <FFMMM@users.noreply.github.com>
Co-authored-by: Daniel Upton <daniel@floppy.co>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-04-04 12:01:38 -04:00
FFMMM 973d2d0f9a
mark disable_compat_1.9 to deprecate in 1.13, change default to true (#12675)
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
2022-04-01 10:35:56 -07:00
Eric Haberkorn a7d5aa94a3
Merge pull request #12680 from hashicorp/fix-k8s-dns-service-name
Fix the Kubernetes service name for DNS
2022-04-01 11:03:24 -04:00
Eric d7b4ed1597 Fix the Kubernetes service name for DNS 2022-04-01 10:38:56 -04:00
Kyle Havlovitz 763f728df4 Add doc examples for expanded token read CLI and API 2022-03-31 15:03:41 -07:00
Kyle Havlovitz 1a3b885027 Use the GatewayService SNI field for upstream SAN validation 2022-03-31 13:54:25 -07:00
FFMMM 64e35777e0
docs: new rpc metric (#12608) 2022-03-31 13:04:33 -07:00
Kyle Havlovitz 51527907ab Recommend SNI with TLS in the terminating gateway docs 2022-03-31 12:19:16 -07:00
Bryce Kalow 6bf67b7ef4
website: redirect /api to /api-docs (#12660) 2022-03-30 16:16:26 -05:00
Mike Morris 7cb9bfdfa9
website(api-gateway): add common errors page (#12643)
* Adding common errors page for API Gateway

* website(api-gateway): add missing CRDs common error message

* Update website/content/docs/api-gateway/common-errors.mdx

Co-authored-by: Nathan Coleman <nathandanielcoleman@gmail.com>

* Update website/content/docs/api-gateway/common-errors.mdx

Co-authored-by: Nathan Coleman <nathandanielcoleman@gmail.com>

* Update website/content/docs/api-gateway/common-errors.mdx

Co-authored-by: Nathan Coleman <nathandanielcoleman@gmail.com>

* Update website/content/docs/api-gateway/common-errors.mdx

* Additional page editing instructions and formating

* Update website/content/docs/api-gateway/common-errors.mdx

* Update website/content/docs/api-gateway/common-errors.mdx

* Update website/content/docs/api-gateway/common-errors.mdx

* Update website/content/docs/api-gateway/common-errors.mdx

* Update website/content/docs/api-gateway/common-errors.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Apply suggestions from code review

Co-authored-by: Jeff-Apple <79924108+Jeff-Apple@users.noreply.github.com>
Co-authored-by: Nathan Coleman <nathandanielcoleman@gmail.com>
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-03-30 16:05:00 -04:00
R.B. Boyer e79ce8ab03
xds: adding control of the mesh-wide min/max TLS versions and cipher suites from the mesh config entry (#12601)
- `tls.incoming`: applies to the inbound mTLS targeting the public
  listener on `connect-proxy` and `terminating-gateway` envoy instances

- `tls.outgoing`: applies to the outbound mTLS dialing upstreams from
  `connect-proxy` and `ingress-gateway` envoy instances

Fixes #11966
2022-03-30 13:43:59 -05:00
Matt Keeler 15ddbbc686
Update raft-boltdb to pull in new writeCapacity metric (#12646) 2022-03-30 11:38:44 -04:00
R.B. Boyer ac5bea862a
server: ensure that service-defaults meta is incorporated into the discovery chain response (#12511)
Also add a new "Default" field to the discovery chain response to clients
2022-03-30 10:04:18 -05:00
Mike Morris 885edde8c1
website(api-gateway): add consul namespace to helm install (#12644)
* website: api-gateway helm install consul namespace

To mirror instructions at https://learn.hashicorp.com/tutorials/consul/kubernetes-api-gateway

* website(api-gateway): add notes on where to find available versions

* website(api-gateway): fixup link to more clearly indicate Consul Helm chart releases

* Update website/content/docs/api-gateway/api-gateway-usage.mdx
2022-03-29 17:36:21 -04:00
Michele Degges 535edfa247
[RelAPI Onboarding] Add release API metadata file (#12591) 2022-03-28 13:45:53 -07:00
mrspanishviking 7da80ddbb4
Merge pull request #12595 from hashicorp/k8s-cli-install
docs: add link to k8s cli install page
2022-03-25 14:09:39 -07:00
Luke Kysow c8cdebd9cc
Update consul-enterprise.mdx (#12622) 2022-03-25 13:00:14 -07:00
Mike Morris f8a2ae2606
agent: convert listener config to TLS types (#12522)
* tlsutil: initial implementation of types/TLSVersion

tlsutil: add test for parsing deprecated agent TLS version strings

tlsutil: return TLSVersionInvalid with error

tlsutil: start moving tlsutil cipher suite lookups over to types/tls

tlsutil: rename tlsLookup to ParseTLSVersion, add cipherSuiteLookup

agent: attempt to use types in runtime config

agent: implement b.tlsVersion validation in config builder

agent: fix tlsVersion nil check in builder

tlsutil: update to renamed ParseTLSVersion and goTLSVersions

tlsutil: fixup TestConfigurator_CommonTLSConfigTLSMinVersion

tlsutil: disable invalid config parsing tests

tlsutil: update tests

auto_config: lookup old config strings from base.TLSMinVersion

auto_config: update endpoint tests to use TLS types

agent: update runtime_test to use TLS types

agent: update TestRuntimeCinfig_Sanitize.golden

agent: update config runtime tests to expect TLS types

* website: update Consul agent tls_min_version values

* agent: fixup TLS parsing and compilation errors

* test: fixup lint issues in agent/config_runtime_test and tlsutil/config_test

* tlsutil: add CHACHA20_POLY1305 cipher suites to goTLSCipherSuites

* test: revert autoconfig tls min version fixtures to old format

* types: add TLSVersions public function

* agent: add warning for deprecated TLS version strings

* agent: move agent config specific logic from tlsutil.ParseTLSVersion into agent config builder

* tlsutil(BREAKING): change default TLS min version to TLS 1.2

* agent: move ParseCiphers logic from tlsutil into agent config builder

* tlsutil: remove unused CipherString function

* agent: fixup import for types package

* Revert "tlsutil: remove unused CipherString function"

This reverts commit 6ca7f6f58d268e617501b7db9500113c13bae70c.

* agent: fixup config builder and runtime tests

* tlsutil: fixup one remaining ListenerConfig -> ProtocolConfig

* test: move TLS cipher suites parsing test from tlsutil into agent config builder tests

* agent: remove parseCiphers helper from auto_config_endpoint_test

* test: remove unused imports from tlsutil

* agent: remove resolved FIXME comment

* tlsutil: remove TODO and FIXME in cipher suite validation

* agent: prevent setting inherited cipher suite config when TLS 1.3 is specified

* changelog: add entry for converting agent config to TLS types

* agent: remove FIXME in runtime test, this is covered in builder tests with invalid tls9 value now

* tlsutil: remove config tests for values checked at agent config builder boundary

* tlsutil: remove tls version check from loadProtocolConfig

* tlsutil: remove tests and TODOs for logic checked in TestBuilder_tlsVersion and TestBuilder_tlsCipherSuites

* website: update search link for supported Consul agent cipher suites

* website: apply review suggestions for tls_min_version description

* website: attempt to clean up markdown list formatting for tls_min_version

* website: moar linebreaks to fix tls_min_version formatting

* Revert "website: moar linebreaks to fix tls_min_version formatting"

This reverts commit 38585927422f73ebf838a7663e566ac245f2a75c.

* autoconfig: translate old values for TLSMinVersion

* agent: rename var for translated value of deprecated TLS version value

* Update agent/config/deprecated.go

Co-authored-by: Dan Upton <daniel@floppy.co>

* agent: fix lint issue

* agent: fixup deprecated config test assertions for updated warning

Co-authored-by: Dan Upton <daniel@floppy.co>
2022-03-24 15:32:25 -04:00
Jared Kirschner 9db69653e4
Merge pull request #12602 from hashicorp/jkirschner-hashicorp-patch-1
docs: make gossip threat model more visible
2022-03-23 14:54:17 -04:00
Luke Kysow f1745c25c5
Lkysow/docs updates 2 (#12604)
* Document intermediate_cert_ttl
2022-03-23 10:22:08 -07:00
Jared Kirschner 74b181018b
docs: make gossip threat model more visible 2022-03-23 11:46:56 -04:00
Karl Cardenas d6778f4e63
docs: removed the word page 2022-03-22 15:51:04 -07:00
Karl Cardenas b17b6a462a
docs: add link to k8s cli install page 2022-03-22 15:40:53 -07:00
Jared Kirschner 4f1bfeaf33
Merge pull request #12523 from Petenerd/patch-1
Update install.mdx
2022-03-22 16:43:06 -04:00
Michael Wilkerson 8178c38d9b updated docs 2022-03-21 13:01:39 -07:00
Jared Kirschner ca2afce5d6 docs: mention filtered by ACLs in affected APIs 2022-03-21 09:06:45 -07:00
Jared Kirschner bea07bd6e7
Merge pull request #12489 from hashicorp/docs/results-filtered-by-acl-awareness-coordinate
docs: mention filtered by ACLs in coordinate API
2022-03-19 16:17:08 -04:00
Jared Kirschner 1f9ca248e1 docs: add filtered by ACLs header curl example 2022-03-18 15:47:08 -07:00
Jared Kirschner 109ffcda26 docs: mention filtered by ACLs in coordinate API 2022-03-18 15:47:08 -07:00
David Yu 15a2204fe4
docs: Correction on rotating gossip key order per DC (#12579)
* docs: Correction on rotating gossip key order per DC
2022-03-18 14:51:11 -07:00
David Yu a1110845df
docs: consul-k8s Change "Consul Connect Service Mesh" to "Consul Service Mesh" (#12577) 2022-03-18 12:31:29 -07:00
David Yu 55e864d125
docs: Consul K8s Overview update (#12575)
* docs: Consul K8s Overview update

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-03-18 12:01:41 -07:00
David Yu 858e05e7d7
docs: Consul Service Mesh overview - rename of title and K8s getting started (#12574)
* Consul Service Mesh overview - rename of title and K8s getting started

* reformat lines
2022-03-18 08:55:57 -07:00
Dan Upton b36d4e16b6
Support per-listener TLS configuration ⚙️ (#12504)
Introduces the capability to configure TLS differently for Consul's
listeners/ports (i.e. HTTPS, gRPC, and the internal multiplexed RPC
port) which is useful in scenarios where you may want the HTTPS or
gRPC interfaces to present a certificate signed by a well-known/public
CA, rather than the certificate used for internal communication which
must have a SAN in the form `server.<dc>.consul`.
2022-03-18 10:46:58 +00:00
Paul Glass 9140d3d1e9
Fix broken link in ECS docs 2022-03-17 14:42:49 -05:00