Commit Graph

411 Commits

Author SHA1 Message Date
Blake Covarrubias 04db17186b docs: Fix broken URLs in Helm docs
- Fix anchors for client.extraEnvironmentVars and
server.extraEnvironmentVars.
- Change extraEnvironmentVars data type to `map`.
- Fix external link to kubernetes.io under
connectInject.namespaceSelector.
2020-12-08 11:13:29 -08:00
Max G f727023b18 docs: reword lack of additional required files 2020-12-05 16:47:41 -08:00
Mike Morris 24130f4f09
Merge pull request #9273 from hashicorp/merge/release-1.9.0
merge: release/1.9.0
2020-12-02 17:34:10 -05:00
Seth Hoenig e32cd6b55c
docs: fix mispelling in connect upstream docs (#9297) 2020-11-30 08:26:08 -08:00
Rob Taylor 32e4a18e70
Fix typo in explanation of connect command (#9295)
Change `Connect Connect` to `Consul Connect, which is consistent with the command output as shown on this page.
2020-11-30 09:54:59 -06:00
Hans Hasselberg 8c5c6e77ec
fix serf_wan documentation (#9289)
WAN config is different than LAN config, source of truth is
f72d2042a8/config.go (L315-L326)
and now the docs are correct.
2020-11-27 20:49:43 +01:00
David Yu ab7f767445
Bump supported chart to 0.27.0 for Consul 1.9 (#9279)
* Bump supported chart to 0.27.0 for Consul 1.9
2020-11-25 16:33:21 -08:00
Mike Morris 67a11e4d16 Merge pull request #9270 from hashicorp/release/1.9.0
merge: release/1.9.0 back into 1.9.x
2020-11-24 17:36:47 -05:00
David Yu 790e30259b
docs: adding Consul 1.9.x to compat matrix and link to Envoy compat matrix (#9263)
* Adding Consul 1.9.x to compat matrix and link to Envoy compat matrix

Adding 1.9.x and link to Envoy compat matrix
2020-11-24 10:49:53 -08:00
Kit Patella 669783f965
Merge pull request #9261 from hashicorp/telemetry/fix-missing-and-stale-docs-2
Telemetry/fix missing and stale docs
2020-11-23 13:34:19 -08:00
Hans Hasselberg 25f9e232af add missing descriptions for metrics 2020-11-23 22:06:30 +01:00
Daniel Nephin 7d7cffb613 docs: mark streaming as experimental 2020-11-23 15:59:47 -05:00
Kit Patella 7a8844ccce add entries for missing fsm operations and mark duplicated metrics prefixes as deprecated 2020-11-23 12:42:51 -08:00
Sabeen Syed 64733d8a89
Update NIA architecture image (#9180) 2020-11-23 01:47:58 -06:00
Kit Patella 3ea27d75e4
Merge pull request #9245 from hashicorp/telemetry/fix-missing-and-stale-docs
Telemetry/fix missing and stale docs
2020-11-20 12:54:29 -08:00
Kit Patella 4ad076207e add telemetry and definition help entries for missing catalog and acl metrics 2020-11-19 13:29:44 -08:00
R.B. Boyer 7bcbc59dea
command: when generating envoy bootstrap configs use the datacenter returned from the agent services endpoint (#9229)
Fixes #9215
2020-11-19 15:27:31 -06:00
Kit Patella 46205bbf27 remove stale entries and rename/define acl.resolveToken 2020-11-19 13:06:28 -08:00
Freddy e4e306210a
Require operator:write to get Connect CA config (#9240)
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.

--

This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
2020-11-19 10:14:48 -07:00
Kit Patella c5af73c4f1
Merge pull request #9091 from scellef/correct-upgrade-guide
Correcting text on when default was changed in Consul
2020-11-18 16:54:48 -08:00
Nitya Dhanushkodi 866628b6e8
Add docs for envoyExtraArgs (#9206) 2020-11-18 15:40:39 -08:00
Matt Keeler 4bca029be9
Refactor to call non-voting servers read replicas (#9191)
Co-authored-by: Kit Patella <kit@jepsen.io>
2020-11-17 10:53:57 -05:00
Matt Keeler a7d945e7b9
[docs] Change links to the DNS information to the right place (#8675)
The redirects were working in many situations but some (INTERNALS.md) was not. This just flips everything over to using the real link.
2020-11-17 10:03:00 -05:00
Luke Kysow 292058c569
Docs for upgrading to CRDs (#9176)
* Add Upgrading to CRDs docs
2020-11-13 15:19:21 -08:00
Kent 'picat' Gruber 4ffa3e66d9
Merge pull request #9106 from hashicorp/security-model-docs-revamp
Revamp Security Model Documentation
2020-11-13 17:30:24 -05:00
Mike Morris 4902e42ca4 Merge pull request #9155 from hashicorp/release/1.9.0-beta3
merge: 1.9.0-beta3
2020-11-13 16:45:50 -05:00
Kyle Schochenmaier 2504ddc9f1
Docs: for consul-k8s health checks (#8819)
* docs for consul-k8s health checks

Co-authored-by: Derek Strickland <1111455+DerekStrickland@users.noreply.github.com>
Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2020-11-12 16:55:44 -06:00
Nitya Dhanushkodi 1bd1f44bf2
Update compatibility matrix
Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com>
2020-11-12 14:43:33 -08:00
R.B. Boyer a5bd1ba323
agent: return the default ACL policy to callers as a header (#9101)
Header is: X-Consul-Default-ACL-Policy=<allow|deny>

This is of particular utility when fetching matching intentions, as the
fallthrough for a request that doesn't match any intentions is to
enforce using the default acl policy.
2020-11-12 10:38:32 -06:00
Paul Banks 990134371b
Update ui-visualization.mdx 2020-11-12 15:52:24 +00:00
Matt Keeler 58f98db227
Add a CLI command for retrieving the autopilot configuration. (#9142) 2020-11-11 13:19:02 -05:00
Joel Watson 4b9034b976
Merge pull request #9098 from hashicorp/watsonian/kv-size-breakdown
Add detailed key size breakdown to snapshot inspect
2020-11-11 11:34:45 -06:00
Joel Watson 1dd5362620 docs: add warning in 0.9.0 upgrade notes 2020-11-11 09:23:43 -05:00
Joel Watson a88177fbf9 Missed a spot with old params in docs 2020-11-10 11:22:45 -06:00
Joel Watson aa21a32ca5 Rename params to better reflect their purpose 2020-11-10 10:44:09 -06:00
Joel Watson 4298a0f7e1 Make docs for params clearer 2020-11-10 10:35:24 -06:00
Matt Keeler 114521af25
Add some autopilot docs and update the changelog (#9139) 2020-11-09 14:14:19 -05:00
Matt Keeler 755fb72994
Switch to using the external autopilot module 2020-11-09 09:22:11 -05:00
Mike Morris 9ccb340893
chore: upgrade to gopsutil/v3 (#9118)
* deps: update golang.org/x/sys

* deps: update imports to gopsutil/v3

* chore: make update-vendor
2020-11-06 20:48:38 -05:00
Mike Morris 4ac5e4638c
website: update callout to 1.9.0-beta2 (#9131) 2020-11-06 20:39:25 -05:00
Kent 'picat' Gruber aa46893717 Adjust the ACLs requirement section wording and add link to ACL docs
It's better to avoid the ambiguous Vault statement that was not clarified and drop the loaded "roles" term in favor of "capabilities" since the ACL system is described as capability-based in previous ACL documentation.
2020-11-06 16:25:21 -05:00
Paul Banks 1757ed6326
UI Metrics documentation (#9048)
* UI Metrics documentation

* Update website/pages/docs/connect/observability/ui-visualization.mdx

* Fix some review comments

* Fix review comments

* Apply suggestions from code review

Co-authored-by: R.B. Boyer <rb@hashicorp.com>

Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2020-11-06 20:32:28 +00:00
Kent 'picat' Gruber 7d692f0b13 Use the EnterpriseAlert inline widget 2020-11-06 10:47:22 -05:00
Kent 'picat' Gruber 9e1054097b Add mention of auto_encrypt to mTLS requirements 2020-11-06 10:15:26 -05:00
Kent 'picat' Gruber c3aa90fe27 Fix sublist format for client agent threats 2020-11-05 16:41:15 -05:00
Kent 'picat' Gruber e0735f6fe0 Add link to the keygen command 2020-11-05 16:34:32 -05:00
Kent 'picat' Gruber 0fa4a13233 Use short link to keyring command 2020-11-05 16:33:04 -05:00
Kent 'picat' Gruber 8e1b9cb177 Add link to default_policy with code format to ACLs requirement section 2020-11-05 16:30:00 -05:00
Kent 'picat' Gruber 845cd6d1da Cleanup verify_server_hostname mTLS requirement 2020-11-05 16:27:23 -05:00
Kent 'picat' Gruber 99906ad09d Add extra clarification around verify_incoming_https for localhost
In many cases access to localhost is restricted to trusted/privellged actors only
2020-11-05 16:20:41 -05:00