RJ Spiker
64218ec7af
initial commit for website upgrade
2018-06-25 12:26:11 -07:00
Jack Pearkes
315cc04536
website: fix a TODO in a page description
2018-06-25 12:26:11 -07:00
Jack Pearkes
36e1dd6ffd
website: note windows support
2018-06-25 12:26:10 -07:00
Matt Keeler
98e98fa815
Remove build tags from vendored vault file to allow for this to merge properly into enterprise
2018-06-25 12:26:10 -07:00
Matt Keeler
677d6dac80
Remove x509 name constraints
...
These were only added as SPIFFE intends to use the in the future but currently does not mandate their usage due to patch support in common TLS implementations and some ambiguity over how to use them with URI SAN certificates. We included them because until now everything seem fine with it, however we've found the latest version of `openssl` (1.1.0h) fails to validate our certificats if its enabled. LibreSSL as installed on OS X by default doesn’t have these issues. For now it's most compatible not to have them and later we can find ways to add constraints with wider compatibility testing.
2018-06-25 12:26:10 -07:00
Matt Keeler
163fe11101
Make sure we omit the Kind value in JSON if empty
2018-06-25 12:26:10 -07:00
Matt Keeler
01f82717b4
Vendor the vault api
2018-06-25 12:26:10 -07:00
Kyle Havlovitz
0b5d7277f9
website: fix example config in vault CA docs
2018-06-25 12:26:09 -07:00
Jack Pearkes
e4f5753e06
bump to beta4
2018-06-25 12:26:01 -07:00
Mitchell Hashimoto
4acbe3fdf0
website: add vs. Envoy page
2018-06-25 12:25:43 -07:00
Mitchell Hashimoto
e6e984a813
website: address Armon's feedback
2018-06-25 12:25:43 -07:00
Mitchell Hashimoto
834137fe55
website: remove redundant "as well"
2018-06-25 12:25:43 -07:00
Mitchell Hashimoto
7ad6f7b758
website: address pearkes feedback
2018-06-25 12:25:43 -07:00
Mitchell Hashimoto
ec1322a95d
website: address feedback
2018-06-25 12:25:43 -07:00
Mitchell Hashimoto
68826b2b76
website: istio vs. and nomad platform guide
2018-06-25 12:25:43 -07:00
Jack Pearkes
105c4763dc
update UI to latest
2018-06-25 12:25:42 -07:00
Kyle Havlovitz
3baa67cdef
connect/ca: pull the cluster ID from config during a rotation
2018-06-25 12:25:42 -07:00
Kyle Havlovitz
8c2c9705d9
connect/ca: use weak type decoding in the Vault config parsing
2018-06-25 12:25:42 -07:00
Kyle Havlovitz
b4ef7bb64d
connect/ca: leave blank root key/cert out of the default config (unnecessary)
2018-06-25 12:25:42 -07:00
Kyle Havlovitz
8e028b7dc6
website: add Vault CA provider doc sections
2018-06-25 12:25:42 -07:00
Kyle Havlovitz
050da22473
connect/ca: undo the interface changes and use sign-self-issued in Vault
2018-06-25 12:25:42 -07:00
Kyle Havlovitz
914d9e5e20
connect/ca: add leaf verify check to cross-signing tests
2018-06-25 12:25:41 -07:00
Kyle Havlovitz
bc997688e3
connect/ca: update Consul provider to use new cross-sign CSR method
2018-06-25 12:25:41 -07:00
Kyle Havlovitz
8a70ea64a6
connect/ca: update Vault provider to add cross-signing methods
2018-06-25 12:25:41 -07:00
Kyle Havlovitz
6a2fc00997
connect/ca: add URI SAN support to the Vault provider
2018-06-25 12:25:41 -07:00
Kyle Havlovitz
226a59215d
connect/ca: fix vault provider URI SANs and test
2018-06-25 12:25:41 -07:00
Kyle Havlovitz
1a8ac686b2
connect/ca: add the Vault CA provider
2018-06-25 12:25:41 -07:00
Paul Banks
51fc48e8a6
Sign certificates valid from 1 minute earlier to avoid failures caused by clock drift
2018-06-25 12:25:41 -07:00
Paul Banks
e33bfe249e
Note leadership issues in comments
2018-06-25 12:25:41 -07:00
Paul Banks
b5f24a21cb
Fix test broken by final telemetry PR change!
2018-06-25 12:25:40 -07:00
Paul Banks
e514570dfa
Actually return Intermediate certificates bundled with a leaf!
2018-06-25 12:25:40 -07:00
John Cowen
9f8b87cdda
Check for NOT connect-proxy
2018-06-25 12:25:40 -07:00
John Cowen
cc3d578271
Filter Source and Destination menus by Kind
2018-06-25 12:25:40 -07:00
Matt Keeler
e22b9c8e15
Output the service Kind in the /v1/internal/ui/services endpoint
2018-06-25 12:25:40 -07:00
Paul Banks
3a6024e1b0
Fix merge error
2018-06-25 12:25:40 -07:00
Paul Banks
17789d4fe3
register TCP check for managed proxies
2018-06-25 12:25:40 -07:00
Paul Banks
280f14d64c
Make proxy only listen after initial certs are fetched
2018-06-25 12:25:40 -07:00
John Cowen
d61a09ea28
Fix linting typo, caused the selection of future services to break
2018-06-25 12:25:40 -07:00
Paul Banks
b562b9f66a
Add proxy telemetry to docs
2018-06-25 12:25:39 -07:00
Paul Banks
420ae3df69
Limit proxy telemetry config to only be visible with authenticated with a proxy token
2018-06-25 12:25:39 -07:00
Paul Banks
597e55e8e2
Misc test fixes
2018-06-25 12:25:39 -07:00
Paul Banks
c6ef6a61c9
Refactor to use embedded struct.
2018-06-25 12:25:39 -07:00
Paul Banks
2f8c1d2059
Remove go-diff vendor as assert.JSONEq output is way better for our case
2018-06-25 12:25:39 -07:00
Paul Banks
9f559da913
Revert telemetry config changes ready for cleaner approach
2018-06-25 12:25:39 -07:00
Paul Banks
32f362bad9
StartupTelemetry => InitTelemetry
2018-06-25 12:25:39 -07:00
Paul Banks
38405bd4a9
Allow user override of proxy telemetry config
2018-06-25 12:25:38 -07:00
Paul Banks
96c416012e
Misc rebase and test fixes
2018-06-25 12:25:38 -07:00
Paul Banks
dc260f42fa
Basic proxy active conns and bandwidth telemetry
2018-06-25 12:25:38 -07:00
Paul Banks
c08b6f6fec
Add accessor and helpers to SDK for fetching self-name and client service ID
2018-06-25 12:25:38 -07:00
Paul Banks
7649d630c6
Basic proxy telemetry working; not sure if it's too ugly; need to instrument things we care about
2018-06-25 12:25:38 -07:00