R.B. Boyer
25ba9c147a
xds: ensure that all connect timeout configs can apply equally to tproxy direct dial connections ( #12711 )
...
Just like standard upstreams the order of applicability in descending precedence:
1. caller's `service-defaults` upstream override for destination
2. caller's `service-defaults` upstream defaults
3. destination's `service-resolver` ConnectTimeout
4. system default of 5s
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-04-07 16:58:21 -05:00
Kyle Havlovitz
6cf22a5cef
Merge pull request #12672 from hashicorp/tgate-san-validation
...
Respect SNI with terminating gateways and log a warning if it isn't set alongside TLS
2022-04-05 11:15:59 -07:00
Blake Covarrubias
79144dbac6
docs: Update links to K8s service mesh annotations ( #12652 )
...
The list of supported annotations for Consul service mesh were moved
from /docs/k8s/connect to /docs/k8s/annotations-and-labels in PR
#12323 .
This commit updates various across the site to point to the new
URL for these annotations.
2022-04-04 14:35:07 -07:00
Kyle Havlovitz
1a3b885027
Use the GatewayService SNI field for upstream SAN validation
2022-03-31 13:54:25 -07:00
Kyle Havlovitz
51527907ab
Recommend SNI with TLS in the terminating gateway docs
2022-03-31 12:19:16 -07:00
Bryce Kalow
6bf67b7ef4
website: redirect /api to /api-docs ( #12660 )
2022-03-30 16:16:26 -05:00
R.B. Boyer
e79ce8ab03
xds: adding control of the mesh-wide min/max TLS versions and cipher suites from the mesh config entry ( #12601 )
...
- `tls.incoming`: applies to the inbound mTLS targeting the public
listener on `connect-proxy` and `terminating-gateway` envoy instances
- `tls.outgoing`: applies to the outbound mTLS dialing upstreams from
`connect-proxy` and `ingress-gateway` envoy instances
Fixes #11966
2022-03-30 13:43:59 -05:00
R.B. Boyer
ac5bea862a
server: ensure that service-defaults meta is incorporated into the discovery chain response ( #12511 )
...
Also add a new "Default" field to the discovery chain response to clients
2022-03-30 10:04:18 -05:00
David Yu
858e05e7d7
docs: Consul Service Mesh overview - rename of title and K8s getting started ( #12574 )
...
* Consul Service Mesh overview - rename of title and K8s getting started
* reformat lines
2022-03-18 08:55:57 -07:00
Dan Upton
b36d4e16b6
Support per-listener TLS configuration ⚙️ ( #12504 )
...
Introduces the capability to configure TLS differently for Consul's
listeners/ports (i.e. HTTPS, gRPC, and the internal multiplexed RPC
port) which is useful in scenarios where you may want the HTTPS or
gRPC interfaces to present a certificate signed by a well-known/public
CA, rather than the certificate used for internal communication which
must have a SAN in the form `server.<dc>.consul`.
2022-03-18 10:46:58 +00:00
Jacob
ee78b5a380
Update ui-visualization.mdx
2022-03-16 10:08:22 -04:00
mrspanishviking
7180c99960
Revert "[Docs] Agent configuration hierarchy "
2022-03-15 16:13:58 -07:00
trujillo-adam
4151dc097a
fixing merge conflicts part 3
2022-03-15 15:25:03 -07:00
trujillo-adam
9cc9122be8
fixed merge conflicts pt2
2022-03-15 14:01:24 -07:00
trujillo-adam
76d55ac2b4
merging new hierarchy for agent configuration
2022-03-14 15:44:41 -07:00
Kyle Schochenmaier
d6792f14a3
update docs ( #12543 )
2022-03-09 13:24:20 -06:00
Blake Covarrubias
9a0c2dee60
docs: Update Kubernetes YAML examples in UI visualization ( #12419 )
...
* Update Kubernetes related YAML config examples to document supported
syntax in the latest version of the Helm chart.
* Fix syntax in JSON example configs.
Resolves #12403
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-03-03 21:31:57 -08:00
David Yu
e6e168b3e6
docs: Envoy 'compatibility' typo ( #12513 )
2022-03-03 10:50:56 -08:00
David Yu
fb18aa5529
docs: bump Envoy for 1.10.x ( #12472 )
...
* docs: bump Envoy for 1.10.x
* update security notes and remove previous versions older than n-2
Envoy 1.9.0 and older have last vulnerability.
* Update envoy.mdx
* Update envoy.mdx
* Update envoy.mdx
* Update envoy.mdx
* formatting
* Update website/content/docs/connect/proxies/envoy.mdx
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
* Update website/content/docs/connect/proxies/envoy.mdx
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2022-03-03 10:34:30 -08:00
Luke Kysow
16085d7eee
Update exported-services.mdx ( #12499 )
2022-03-02 15:57:58 -08:00
Eddie Rowe
28c78c52a2
Remove deprecated built-in proxy tutorial reference
2022-03-01 14:35:28 -06:00
Evan Culver
522676ed8d
connect: Update supported Envoy versions to include 1.19.3 and 1.18.6
2022-02-24 16:59:33 -08:00
Evan Culver
b95f010ac0
connect: Upgrade Envoy 1.20 to 1.20.2 ( #12443 )
2022-02-24 16:19:39 -08:00
Karl Cardenas
48c60946f9
docs: added example for service-router retry
2022-02-24 10:52:41 -07:00
Daniel Nephin
12f12d577a
docs: add docs for using an external CA
2022-02-17 18:21:30 -05:00
Karl Cardenas
497e65426f
docs: updated per feedback
2022-02-08 11:02:36 -07:00
Karl Cardenas
52f1ed3c3b
docs: update the wan mesh gateway page
2022-02-08 10:25:27 -07:00
Luke Kysow
ecc5dae06f
docs: update for k8s support for igw and header manip ( #12264 )
...
Add docs now that k8s supports these new config entry fields
2022-02-03 14:03:21 -08:00
Blake Covarrubias
a6f51d8c1b
docs: Fix discrepancy with sidecar min/max port range
...
Remove incorrect sidecar port range on docs for built-in proxy.
Updates the bind_port/port fields on the built-in proxy and sidecar
service registration pages to link to the `sidecar_min_port` and
`sidecar_max_port` configuration options for the defined port range.
Fixes #12253
2022-02-02 20:12:00 -08:00
Dan Upton
c1cb58bdcb
docs: add transparent proxy visual aid ( #12211 )
...
Co-authored-by: Paul Banks <banks@banksco.de>
2022-01-28 10:57:37 +00:00
Luke Kysow
4df488b1d3
Update distributed-tracing.mdx with caveat on 128 bit IDs ( #12196 )
...
* Update distributed-tracing.mdx
2022-01-26 10:39:33 -08:00
David Yu
f4df4c25f2
docs: iptables for TProxy requirement ( #12180 )
...
* docs: iptables
Add iptables requirement
* Update website/content/docs/connect/transparent-proxy.mdx
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
2022-01-26 10:18:31 -08:00
Blake Covarrubias
a3ad4be429
docs: Add ingress TLS cipher and version documentation ( #12163 )
...
Document the new TLS cipher and version parameters that were added to
ingress gateways in #11576 .
Co-authored-by: Mike Morris <mikemorris@users.noreply.github.com>
2022-01-26 08:12:12 -08:00
mrspanishviking
f3514d802b
Merge pull request #11980 from krastin/krastin/docsday-ui-viz
...
adding JSON examples to /docs/connect/observability/ui-visualization
2022-01-24 08:42:46 -07:00
Krastin Krastev
8abf4088c1
fixing K8s notes placement in /docs/connect/observability/ui-visualization
2022-01-24 16:35:18 +01:00
Krastin Krastev
65d750a84d
migrating <Tabs> to <CodeTabs> in /docs/connect/observability/ui-visualization
2022-01-24 16:10:03 +01:00
R.B. Boyer
b9e9f1106b
docs: update config entry docs for proxy-defaults to follow new template ( #12011 )
2022-01-20 15:35:27 -06:00
Blake Covarrubias
f09aea524f
Fix spelling errors
2022-01-20 08:54:23 -08:00
Blake Covarrubias
26401c5c26
Convert absolute URLs to relative URLs for consul.io
2022-01-20 08:52:51 -08:00
Blake Covarrubias
59394e4aa2
docs: Avoid redirects by pointing links to new URLs
...
Avoid HTTP redirects for internal site links by updating old URLs to
point to the new location for the target content.
2022-01-20 08:52:51 -08:00
Blake Covarrubias
17f8c311be
docs: Fix typo in service resolver's RingHashConfig
...
Fix typo in documentation for service resolver's RingHashConfig. The
correct child parameters are `MinimumRingSize` and `MaximumRingSize`.
2022-01-19 15:17:53 -08:00
Jared Kirschner
1a615f63a5
Merge pull request #12100 from hashicorp/update-gateway-overview-visual
...
docs: clarify gateways don't connect to public internet
2022-01-18 19:03:32 -05:00
trujillo-adam
9b00acec40
Merge pull request #11898 from hashicorp/docs/service-mesh-config-entries-add-partitions--1.11.0
...
updated configuration entry params for admin partitions 1.11
2022-01-18 15:46:15 -08:00
trujillo-adam
7573b80454
applied final feedback
2022-01-18 15:40:43 -08:00
trujillo-adam
727dbbd817
Apply suggestions from code review
...
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-01-18 15:31:58 -08:00
Jared Kirschner
3fc42a2f1f
docs: clarify gateways don't connect to internet
...
Consul's ingress and terminating gateways are meant to enable connectivity
within your organizational network between services outside the Consul service
mesh and those within. They are not meant to connect to the public internet.
2022-01-18 13:28:26 -08:00
Evan Culver
e35dd08a63
connect: Upgrade Envoy 1.20 to 1.20.1 ( #11895 )
2022-01-18 14:35:27 -05:00
Jared Kirschner
1ec3a8524f
Merge pull request #12101 from hashicorp/wan-federation-with-mesh-gateways-networking-visual
...
docs: show WAN fed with/without mesh gateways
2022-01-18 09:22:13 -05:00
Jared Kirschner
a0d48e17c0
docs: show WAN fed with/without mesh gateways
2022-01-16 16:55:12 -08:00
Thomas Kula
ae0fe19d2f
docs: Minor grammar change to ingress-gateway.mdx ( #11365 )
...
Use plural form of "listeners", not possessive form of "listener's"
2022-01-14 16:36:02 -08:00