Mark Anderson
3046ad707b
yUpdate website/content/docs/connect/ca/vault.mdx
...
Port some changes that were made to the backport branch but not in the original PR.
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-31 20:22:12 -07:00
Blake Covarrubias
a74710fd45
docs: Remove unnecessary use of CodeBlockConfig ( #12974 )
...
Remove empty CodeBlockConfig elements. These elements are not
providing any benefit for the enclosed code blocks. This PR removes
the elements so so that the source is easier to read.
2022-05-11 15:37:02 -07:00
Blake Covarrubias
13ac34c08b
docs: Fix spelling errors across site ( #12973 )
2022-05-10 07:28:33 -07:00
Mark Anderson
f4c4c0e9ae
Update website/content/docs/connect/config-entries/mesh.mdx ( #12943 )
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-05-05 10:39:53 -07:00
Mark Anderson
18193f2916
Support vault namespaces in connect CA ( #12904 )
...
* Support vault namespaces in connect CA
Follow on to some missed items from #12655
From an internal ticket "Support standard "Vault namespace in the
path" semantics for Connect Vault CA Provider"
Vault allows the namespace to be specified as a prefix in the path of
a PKI definition, but our usage of the Vault API includes calls that
don't support a namespaced key. In particular the sys.* family of
calls simply appends the key, instead of prefixing the namespace in
front of the path.
Unfortunately it is difficult to reliably parse a path with a
namespace; only vault knows what namespaces are present, and the '/'
separator can be inside a key name, as well as separating path
elements. This is in use in the wild; for example
'dc1/intermediate-key' is a relatively common naming schema.
Instead we add two new fields: RootPKINamespace and
IntermediatePKINamespace, which are the absolute namespace paths
'prefixed' in front of the respective PKI Paths.
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-04 19:41:55 -07:00
Mark Anderson
e6282c7c64
Docs and changelog edits
...
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-04 08:50:59 -07:00
Mark Anderson
33bc0a8cb3
Add some docs
...
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-04 08:50:58 -07:00
Blake Covarrubias
8dc68002f9
docs: Add example Envoy escape hatch configs ( #12764 )
...
Add example escape hatch configurations for all supported override
types.
2022-05-02 11:25:59 -07:00
Karl Cardenas
20975a35f6
Apply suggestions from code review
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-04-26 13:12:53 -07:00
Karl Cardenas
7ead9840b5
docs: updated connect docs and re-deploying missed changes
2022-04-25 10:04:06 -07:00
David Yu
ab78b897e4
docs: remove 1.9.x row in Envoy compatibility matrix ( #12828 )
2022-04-20 19:35:06 -07:00
Evan Culver
9d0b5bf8e9
connect: Add Envoy 1.22 to integration tests, remove Envoy 1.18 ( #12805 )
...
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2022-04-18 09:36:07 -07:00
Evan Culver
e62745c82c
connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 ( #12777 )
2022-04-14 10:44:42 -07:00
Natalie Smith
b9ec2222db
docs: simplify agent docs slugs
2022-04-11 17:38:47 -07:00
Natalie Smith
cd73f27c84
docs: fix external links to agent config pages
2022-04-11 17:38:11 -07:00
R.B. Boyer
f4eac06b21
xds: ensure that all connect timeout configs can apply equally to tproxy direct dial connections ( #12711 )
...
Just like standard upstreams the order of applicability in descending precedence:
1. caller's `service-defaults` upstream override for destination
2. caller's `service-defaults` upstream defaults
3. destination's `service-resolver` ConnectTimeout
4. system default of 5s
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-04-07 16:58:21 -05:00
Kyle Havlovitz
9380343689
Merge pull request #12672 from hashicorp/tgate-san-validation
...
Respect SNI with terminating gateways and log a warning if it isn't set alongside TLS
2022-04-05 11:15:59 -07:00
Blake Covarrubias
d60e8cd646
docs: Update links to K8s service mesh annotations ( #12652 )
...
The list of supported annotations for Consul service mesh were moved
from /docs/k8s/connect to /docs/k8s/annotations-and-labels in PR
#12323 .
This commit updates various across the site to point to the new
URL for these annotations.
2022-04-04 14:35:07 -07:00
Kyle Havlovitz
116b6c57cb
Use the GatewayService SNI field for upstream SAN validation
2022-03-31 13:54:25 -07:00
Kyle Havlovitz
cc3c39b920
Recommend SNI with TLS in the terminating gateway docs
2022-03-31 12:19:16 -07:00
Bryce Kalow
04ec4c2aa4
website: redirect /api to /api-docs ( #12660 )
2022-03-30 16:16:26 -05:00
R.B. Boyer
e9230e93d8
xds: adding control of the mesh-wide min/max TLS versions and cipher suites from the mesh config entry ( #12601 )
...
- `tls.incoming`: applies to the inbound mTLS targeting the public
listener on `connect-proxy` and `terminating-gateway` envoy instances
- `tls.outgoing`: applies to the outbound mTLS dialing upstreams from
`connect-proxy` and `ingress-gateway` envoy instances
Fixes #11966
2022-03-30 13:43:59 -05:00
R.B. Boyer
d4e80b8800
server: ensure that service-defaults meta is incorporated into the discovery chain response ( #12511 )
...
Also add a new "Default" field to the discovery chain response to clients
2022-03-30 10:04:18 -05:00
Krastin Krastev
f6958894f5
docs: fix a trailing comma in JSON body
...
removing a comma after a last element in JSON body
2022-03-22 20:36:59 +01:00
David Yu
6363cb16c3
docs: Consul Service Mesh overview - rename of title and K8s getting started ( #12574 )
...
* Consul Service Mesh overview - rename of title and K8s getting started
* reformat lines
2022-03-18 08:55:57 -07:00
Dan Upton
57f0f42733
Support per-listener TLS configuration ⚙️ ( #12504 )
...
Introduces the capability to configure TLS differently for Consul's
listeners/ports (i.e. HTTPS, gRPC, and the internal multiplexed RPC
port) which is useful in scenarios where you may want the HTTPS or
gRPC interfaces to present a certificate signed by a well-known/public
CA, rather than the certificate used for internal communication which
must have a SAN in the form `server.<dc>.consul`.
2022-03-18 10:46:58 +00:00
Jacob
578d82fd96
Update ui-visualization.mdx
2022-03-16 10:08:22 -04:00
mrspanishviking
1ae820ea0a
Revert "[Docs] Agent configuration hierarchy "
2022-03-15 16:13:58 -07:00
trujillo-adam
667976c94f
fixing merge conflicts part 3
2022-03-15 15:25:03 -07:00
trujillo-adam
33d0ed5e96
fixed merge conflicts pt2
2022-03-15 14:01:24 -07:00
trujillo-adam
60a88bb40f
merging new hierarchy for agent configuration
2022-03-14 15:44:41 -07:00
Kyle Schochenmaier
6e6e705ae0
update docs ( #12543 )
2022-03-09 13:24:20 -06:00
Blake Covarrubias
866c8cde4b
docs: Update Kubernetes YAML examples in UI visualization ( #12419 )
...
* Update Kubernetes related YAML config examples to document supported
syntax in the latest version of the Helm chart.
* Fix syntax in JSON example configs.
Resolves #12403
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-03-03 21:31:57 -08:00
David Yu
30aff819f7
docs: Envoy 'compatibility' typo ( #12513 )
2022-03-03 10:50:56 -08:00
David Yu
b1035b6f4a
docs: bump Envoy for 1.10.x ( #12472 )
...
* docs: bump Envoy for 1.10.x
* update security notes and remove previous versions older than n-2
Envoy 1.9.0 and older have last vulnerability.
* Update envoy.mdx
* Update envoy.mdx
* Update envoy.mdx
* Update envoy.mdx
* formatting
* Update website/content/docs/connect/proxies/envoy.mdx
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
* Update website/content/docs/connect/proxies/envoy.mdx
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2022-03-03 10:34:30 -08:00
Luke Kysow
2a925b7ef1
Update exported-services.mdx ( #12499 )
2022-03-02 15:57:58 -08:00
Eddie Rowe
56c2f00676
Remove deprecated built-in proxy tutorial reference
2022-03-01 14:35:28 -06:00
Evan Culver
7889071385
connect: Update supported Envoy versions to include 1.19.3 and 1.18.6
2022-02-24 16:59:33 -08:00
Evan Culver
9f4d9f3f74
connect: Upgrade Envoy 1.20 to 1.20.2 ( #12443 )
2022-02-24 16:19:39 -08:00
Karl Cardenas
568ba392b6
docs: added example for service-router retry
2022-02-24 10:52:41 -07:00
Daniel Nephin
58f3fec54a
docs: add docs for using an external CA
2022-02-17 18:21:30 -05:00
Karl Cardenas
b1726a7ecb
docs: updated per feedback
2022-02-08 11:02:36 -07:00
Karl Cardenas
bdeb752f83
docs: update the wan mesh gateway page
2022-02-08 10:25:27 -07:00
Luke Kysow
fcf804043c
docs: update for k8s support for igw and header manip ( #12264 )
...
Add docs now that k8s supports these new config entry fields
2022-02-03 14:03:21 -08:00
Blake Covarrubias
4dcb6e8904
docs: Fix discrepancy with sidecar min/max port range
...
Remove incorrect sidecar port range on docs for built-in proxy.
Updates the bind_port/port fields on the built-in proxy and sidecar
service registration pages to link to the `sidecar_min_port` and
`sidecar_max_port` configuration options for the defined port range.
Fixes #12253
2022-02-02 20:12:00 -08:00
Dan Upton
a3c4b85cec
docs: add transparent proxy visual aid ( #12211 )
...
Co-authored-by: Paul Banks <banks@banksco.de>
2022-01-28 10:57:37 +00:00
Luke Kysow
0eb453ce17
Update distributed-tracing.mdx with caveat on 128 bit IDs ( #12196 )
...
* Update distributed-tracing.mdx
2022-01-26 10:39:33 -08:00
David Yu
3a2d1dfccb
docs: iptables for TProxy requirement ( #12180 )
...
* docs: iptables
Add iptables requirement
* Update website/content/docs/connect/transparent-proxy.mdx
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
2022-01-26 10:18:31 -08:00
Blake Covarrubias
ea0d3d8d05
docs: Add ingress TLS cipher and version documentation ( #12163 )
...
Document the new TLS cipher and version parameters that were added to
ingress gateways in #11576 .
Co-authored-by: Mike Morris <mikemorris@users.noreply.github.com>
2022-01-26 08:12:12 -08:00
mrspanishviking
14f6ee5aae
Merge pull request #11980 from krastin/krastin/docsday-ui-viz
...
adding JSON examples to /docs/connect/observability/ui-visualization
2022-01-24 08:42:46 -07:00
Krastin Krastev
1e550a4c3f
fixing K8s notes placement in /docs/connect/observability/ui-visualization
2022-01-24 16:35:18 +01:00
Krastin Krastev
fcddb890c5
migrating <Tabs> to <CodeTabs> in /docs/connect/observability/ui-visualization
2022-01-24 16:10:03 +01:00
R.B. Boyer
acef0e816e
docs: update config entry docs for proxy-defaults to follow new template ( #12011 )
2022-01-20 15:35:27 -06:00
Blake Covarrubias
f46bbb7205
Fix spelling errors
2022-01-20 08:54:23 -08:00
Blake Covarrubias
54b37823bc
Convert absolute URLs to relative URLs for consul.io
2022-01-20 08:52:51 -08:00
Blake Covarrubias
d81889bb41
docs: Avoid redirects by pointing links to new URLs
...
Avoid HTTP redirects for internal site links by updating old URLs to
point to the new location for the target content.
2022-01-20 08:52:51 -08:00
Blake Covarrubias
86d6d2b3ba
docs: Fix typo in service resolver's RingHashConfig
...
Fix typo in documentation for service resolver's RingHashConfig. The
correct child parameters are `MinimumRingSize` and `MaximumRingSize`.
2022-01-19 15:17:53 -08:00
Jared Kirschner
73219b6b92
Merge pull request #12100 from hashicorp/update-gateway-overview-visual
...
docs: clarify gateways don't connect to public internet
2022-01-18 19:03:32 -05:00
trujillo-adam
42d5c5d2a7
Merge pull request #11898 from hashicorp/docs/service-mesh-config-entries-add-partitions--1.11.0
...
updated configuration entry params for admin partitions 1.11
2022-01-18 15:46:15 -08:00
trujillo-adam
c7331577c9
applied final feedback
2022-01-18 15:40:43 -08:00
trujillo-adam
55e9afec99
Apply suggestions from code review
...
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-01-18 15:31:58 -08:00
Jared Kirschner
c82e3130a0
docs: clarify gateways don't connect to internet
...
Consul's ingress and terminating gateways are meant to enable connectivity
within your organizational network between services outside the Consul service
mesh and those within. They are not meant to connect to the public internet.
2022-01-18 13:28:26 -08:00
Evan Culver
ec65890f01
connect: Upgrade Envoy 1.20 to 1.20.1 ( #11895 )
2022-01-18 14:35:27 -05:00
Jared Kirschner
39f00317c4
Merge pull request #12101 from hashicorp/wan-federation-with-mesh-gateways-networking-visual
...
docs: show WAN fed with/without mesh gateways
2022-01-18 09:22:13 -05:00
Jared Kirschner
f6f28c4952
docs: show WAN fed with/without mesh gateways
2022-01-16 16:55:12 -08:00
Thomas Kula
fdd196ae1c
docs: Minor grammar change to ingress-gateway.mdx ( #11365 )
...
Use plural form of "listeners", not possessive form of "listener's"
2022-01-14 16:36:02 -08:00
trujillo-adam
23ac796406
Merge branch 'docs/service-mesh-config-entries-add-partitions--1.11.0' of github.com:hashicorp/consul into docs/service-mesh-config-entries-add-partitions--1.11.0
...
pre and post docs day merge
2022-01-14 11:34:36 -08:00
trujillo-adam
71907728ff
applying latest round of feedback
2022-01-14 09:51:57 -08:00
Blake Covarrubias
5a12f2cf20
docs: Use long form of CLI flags ( #12030 )
...
Use long form of CLI flags in all example commands.
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2022-01-12 15:05:01 -08:00
Dhia Ayachi
2a0e15cd69
CA certificates relationship HL diagram ( #12022 )
...
* add diagram and text to explain certificates in consul
* use bullet points instead of enumeration
* Apply suggestions from code review
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
* remove non needed text and improve image
* fix cert naming
* move section to the right place
* rename DC
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-12 16:10:00 -05:00
Blake Covarrubias
97e7e118e0
docs: Fix spelling errors
2022-01-11 09:37:09 -08:00
mrspanishviking
a51f17a0f1
Merge pull request #11983 from hashicorp/resolver_examples
...
docs: added another resolver example for DC and namespace failover
2022-01-11 10:27:57 -07:00
Jasmine W
e671ea7f60
Merge pull request #11995 from hashicorp/l7-routing-screenshots
...
Adding UI screenshots to L7 overview
2022-01-11 11:33:20 -05:00
Jasmine W
8f662c49f6
Update website/content/docs/connect/config-entries/service-splitter.mdx
...
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-11 11:18:49 -05:00
Jasmine W
62583f75fe
Update website/content/docs/connect/config-entries/service-router.mdx
...
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-11 11:18:43 -05:00
Jasmine W
d011b1afcb
Update website/content/docs/connect/config-entries/service-resolver.mdx
...
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-11 11:18:36 -05:00
Natalie Smith
61980f0808
docs: simplify agent docs slugs
2022-01-10 17:37:18 -08:00
Natalie Smith
2b71c59298
docs: fix external links to agent config pages
2022-01-10 17:11:50 -08:00
mrspanishviking
071b3025af
Merge pull request #12016 from hashicorp/Screenshot-Updates
...
Consul UI Screenshot Updates
2022-01-10 18:05:02 -07:00
Xuan Luo
8ca86265a5
Merge pull request #12017 from hashicorp/doc-changes
...
Doc changes
2022-01-10 16:33:47 -08:00
Xuan Luo
3ae25bfb58
updated image
2022-01-10 16:29:32 -08:00
Xuan Luo
edb95ce99c
docs: add gateway overview illustration
2022-01-10 15:47:57 -08:00
Luke Kysow
e30e0a075c
Add distributed tracing docs ( #12010 )
...
* Add distributed tracing docs
2022-01-10 15:43:31 -08:00
Jake Herschman
5469bcd6d1
updated topology image
2022-01-10 18:39:35 -05:00
Amier Chery
6c230ff458
Added images to respective pages
...
Added the images to each respective page on splitting/routing/resolving along with a brief description on how to navigate there.
2022-01-10 18:14:24 -05:00
Jasmine W
2e60b0949f
Adding UI screenshots to L7 overview
2022-01-10 14:34:00 -05:00
Karl Cardenas
52a667ca85
added additonal example for failover within DC and unique namespace
2022-01-10 11:41:43 -07:00
mrspanishviking
095ad35891
Apply suggestions from code review
...
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2022-01-10 11:22:53 -07:00
Karl Cardenas
77b6e1824c
removed empty {}
2022-01-10 10:51:00 -07:00
Karl Cardenas
967093f425
added another example for DC and namespace failover
2022-01-10 10:45:54 -07:00
Krastin Krastev
32ee4e440d
adding JSON examples to /docs/connect/observability/ui-visualization
2022-01-10 17:47:51 +01:00
trujillo-adam
43d013ddcf
Merge pull request #11930 from hashicorp/docs/admin-partition-updates-1.11.0-misc
...
added line about wildcard intentions not supported for admin partitions
2022-01-10 07:53:58 -08:00
trujillo-adam
15220e8d39
applied feedback
2022-01-07 15:43:51 -08:00
trujillo-adam
c617a4a970
Update website/content/docs/connect/config-entries/mesh.mdx
...
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-01-07 14:20:43 -08:00
trujillo-adam
ea2ae4b637
tweaks to the language used in the requirements section
2022-01-05 12:01:10 -08:00
Noel Quiles
2c047e1c3a
website: Update copy ( #11853 )
2022-01-04 15:29:46 -05:00
trujillo-adam
31551b49f4
added line about wildcard intentions not supported for admin partitions
2022-01-03 15:31:58 -08:00
trujillo-adam
f072adc618
proposed language about why there is no <CE>.meta.partition field
2022-01-03 14:40:03 -08:00
trujillo-adam
186adb00e5
Merge branch 'docs/service-mesh-config-entries-add-partitions--1.11.0' of github.com:hashicorp/consul into docs/service-mesh-config-entries-add-partitions--1.11.0
...
updating local with GH comments
2022-01-03 11:32:34 -08:00
trujillo-adam
078003955b
Apply suggestions from code review
...
typos and minor corrections
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-01-03 11:32:14 -08:00
saurabh-sp-tripathi
5e6c934135
Fix typo, Layer 7 is application layer not network
2021-12-22 15:13:56 -08:00
trujillo-adam
5835d18664
Merge branch 'main' of github.com:hashicorp/consul into docs/service-mesh-config-entries-add-partitions--1.11.0
...
pulling main into the this branch
2021-12-22 13:12:08 -08:00
trujillo-adam
2edf383b79
Merge pull request #11859 from hashicorp/docs/service-mesh-gateways-clarification-for-1.11.0
...
clarify mesh gateway docs use cases; include admin partition flow
2021-12-22 11:56:11 -08:00
trujillo-adam
ca41ee4484
fixed bad md syntax
2021-12-22 11:40:26 -08:00
trujillo-adam
ec6aff8dc0
applied feedback
2021-12-22 11:18:06 -08:00
trujillo-adam
0288678e00
updated configuration entry params for admin partitions 1.11
2021-12-20 16:30:39 -08:00
David Yu
e1d32b6a9f
docs: ExportedServices YAML correction ( #11883 )
...
* docs: ExportedServices YAML correction
* Add enterprise alert to CRD index
2021-12-17 11:29:10 -08:00
trujillo-adam
94da06f6ee
additional clarification on upstream configurations for x-dc and x-partition traffic
2021-12-17 09:46:50 -08:00
David Yu
463c7e9f43
docs: fix ExportedServices typo on example
...
Fix typlo
2021-12-17 09:39:55 -08:00
David Yu
1a2f8b04c6
add enterprise inline
2021-12-16 20:23:03 -08:00
David Yu
5b5d5f283d
docs: add exported services to overview
2021-12-16 20:20:11 -08:00
David Yu
d369a13795
docs: ExportedServices CRD typo and change heading for services ( #11845 )
2021-12-15 15:51:24 -08:00
trujillo-adam
478e988206
clarify mesh gateway docs use cases; include admin partition flow
2021-12-15 13:11:52 -08:00
Chris S. Kim
540b5c1945
docs: Update discovery chain compilation results with partition fields ( #11835 )
2021-12-14 15:37:34 -05:00
Kyle Havlovitz
e964cb37cf
docs: Update exported-services page to include required Name field
2021-12-14 12:10:30 -08:00
Paul Banks
6a97a5d02e
Merge pull request #11164 from hashicorp/docs/ingress-sds
...
Document SDS for ingress gateways
2021-12-14 17:32:40 +00:00
freddygv
a2fd30e514
Clean up additional refs to partition exports
2021-12-04 15:16:40 -07:00
freddygv
32a2012059
Move exported-services docs based on new name
2021-12-03 17:47:32 -07:00
freddygv
02fb323652
Rename partition-exports to exported-services
...
Using a name less tied to partitions gives us more flexibility to use
this config entry in OSS for exports between datacenters/meshes.
2021-12-03 17:47:31 -07:00
Paul Banks
5015e9a733
Reformatting suggestions from review
2021-12-01 15:35:24 +00:00
Paul Banks
15ece49126
Apply suggestions from code review
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2021-12-01 15:13:40 +00:00
Paul Banks
d149311cee
Apply suggestions from code review
...
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2021-12-01 15:13:40 +00:00
Paul Banks
c1b9601a94
Add documentation for SDS support in ingress gateways.
2021-12-01 15:13:40 +00:00
John Cowen
6fa1a058a6
ui: Add `Service.Partition` as available variable for dashboard urls ( #11654 )
2021-12-01 11:05:57 +00:00
trujillo-adam
cff9356f97
Merge pull request #11558 from hashicorp/docs/admin-partitions-service-exports-configuration-entry
...
Admin partition docs: cross-partition support beta2/3
2021-11-30 11:22:30 -08:00
trujillo-adam
861e756b70
addtional feedback; added PartitionExports to CRDs section
2021-11-30 11:18:12 -08:00
trujillo-adam
5c47887093
applied additional feedback
2021-11-29 13:28:05 -08:00
David Yu
db01c70914
docs: Notes about WAN Federation when using Vault as Connect CA ( #11143 )
...
* docs: Notes about WAN Federation when using Vault as Connect CA
* Apply suggestions from code review
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
* Update website/content/docs/connect/ca/vault.mdx
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
* Update website/content/docs/connect/ca/vault.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
* Update website/content/docs/connect/ca/vault.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
* Update vault.mdx
* Update vault.mdx
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2021-11-29 12:37:14 -08:00
Karl Cardenas
4a52289e2b
docs: updated proxy page to use new codeblock
2021-11-18 18:17:38 -07:00
Iryna Shustava
bd3fb0d0e9
connect: Support auth methods for the vault connect CA provider ( #11573 )
...
* Support vault auth methods for the Vault connect CA provider
* Rotate the token (re-authenticate to vault using auth method) when the token can no longer be renewed
2021-11-18 13:15:28 -07:00
trujillo-adam
8dfab9eb67
fixed typo and added link from partition exports to admin partitions section
2021-11-17 08:50:07 -08:00
trujillo-adam
4d9f7c5f53
fixed bad links
2021-11-16 12:05:18 -08:00
trujillo-adam
7fbb8dd08b
added link to agent configuration from partition exports in usage section
2021-11-16 10:53:07 -08:00
trujillo-adam
3d2222cd8a
applied freddy's feedback
2021-11-16 10:44:21 -08:00
trujillo-adam
c06675fb3a
Adding partition exports configuraiton entry details, upstream config, acl impact
2021-11-13 18:52:58 -08:00
trujillo-adam
b937934b35
first commit for cross-partition support - partition exports section
2021-11-11 18:43:57 -08:00
mrspanishviking
dadb7a7c33
Merge pull request #11543 from hashicorp/envoy-token
...
docs: added more information to help endusers with proxies and ACL
2021-11-11 08:37:12 -08:00
mrspanishviking
a7bda35a3f
Update website/content/docs/connect/proxies/integrate.mdx
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2021-11-11 08:05:45 -08:00
mrspanishviking
0ae860df38
Update website/content/docs/connect/ca/vault.mdx
...
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-11-10 13:03:28 -08:00
Karl Cardenas
3ee1996504
docs: added more information to help endusers with proxies and ACL tokens
2021-11-10 08:52:44 -07:00
Karl Cardenas
e7faee6ef7
docs: added link to the Learn tutorial in Vault CA integration page
2021-11-10 07:30:12 -07:00
Freddy
0344f3579b
Fix caveat about resolvers operating at L4 ( #11497 )
...
Service resolvers can specify L4 rules such as redirects, or L7 rules such as
hash-based load balancing policies.
2021-11-08 07:11:36 -07:00
Connor
b3af482e09
Support Vault Namespaces explicitly in CA config ( #11477 )
...
* Support Vault Namespaces explicitly in CA config
If there is a Namespace entry included in the Vault CA configuration,
set it as the Vault Namespace on the Vault client
Currently the only way to support Vault namespaces in the Consul CA
config is by doing one of the following:
1) Set the VAULT_NAMESPACE environment variable which will be picked up
by the Vault API client
2) Prefix all Vault paths with the namespace
Neither of these are super pleasant. The first requires direct access
and modification to the Consul runtime environment. It's possible and
expected, not super pleasant.
The second requires more indepth knowledge of Vault and how it uses
Namespaces and could be confusing for anyone without that context. It
also infers that it is not supported
* Add changelog
* Remove fmt.Fprint calls
* Make comment clearer
* Add next consul version to website docs
* Add new test for default configuration
* go mod tidy
* Add skip if vault not present
* Tweak changelog text
2021-11-05 11:42:28 -05:00
FFMMM
573ea1a95d
change vault ca docs to mention root cert ttl config ( #11488 )
...
Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>
2021-11-04 15:44:22 -07:00
Luke Kysow
0f8434a213
Add quick-link for users coming from UI ( #11403 )
...
The Consul UI topology view has an icon with the text
"Configure metrics dashboard" that links to this page. Add a notice at
the top of the page that links them directly to the relevant section.
2021-11-03 09:37:30 -07:00
Luke Kysow
6131a207cf
Remove Name/Namespace fields from upstream default ( #11456 )
...
The UpstreamConfig.Defaults field does not support setting Name or
Namespace because the purpose is to apply defaults to all upstreams.
I think this was just missed in the docs since those fields would
error if set under Defaults.
i.e. this is not supported:
```
UpstreamConfig {
Defaults {
Name = "foo"
Namespace = "bar"
# Defaults config here
}
}
```
2021-11-02 14:21:15 -07:00
Evan Culver
98acbfa79c
connect: Add support for Envoy 1.20 ( #11277 )
2021-10-27 18:38:10 -07:00
Andy Assareh
97dda48b74
docs: Mesh gateway requires 1.6.0 *or newer* ( #11333 )
...
* 1.6.0 or newer
* Update website/content/docs/connect/gateways/mesh-gateway/index.mdx
Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: mrspanishviking <cardenas88karl@gmail.com>
2021-10-18 17:11:00 -07:00
Paul Banks
51769d1f95
Merge pull request #11037 from hashicorp/docs/mesh-header-manip
...
Document HTTP Header manipulation options added in #10613
2021-10-08 13:11:44 +01:00
Paul Banks
a3e0d0c69d
Wording improvements from review
2021-10-08 12:26:11 +01:00
Evan Culver
807871224a
Merge branch 'main' into eculver/envoy-1.19.1
2021-09-28 15:58:20 -07:00
Jared Kirschner
25181b2cc6
Merge pull request #11167 from hashicorp/add-cross-dc-comm-model-visual
...
Improve mesh gateway diagram
2021-09-28 13:19:18 -04:00
Jared Kirschner
21753a9331
Improve mesh gateway diagram
...
Diagram now shows all possible cross-DC communication models supported by mesh
gateways for both the control and data planes.
2021-09-28 09:56:05 -07:00
Paul Banks
bdd7a31837
Apply suggestions from code review
...
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-09-28 17:19:13 +01:00
Chris S. Kim
90fe20c3a2
agent: Clean up unused built-in proxy config ( #11165 )
2021-09-28 11:29:10 -04:00
Paul Banks
05c8387891
Merge pull request #10725 from hashicorp/banks-patch-3
...
Call out the incompatibility of wildcards and L7 permissions
2021-09-28 13:51:41 +01:00
Paul Banks
d84380882b
Document HTTP Header manipulation options added in #10613
2021-09-27 14:46:15 +01:00
Evan Culver
34f64ed208
update docs to indicate support for envoy 1.19.1 in Consul 1.11.x
2021-09-22 10:57:22 -07:00
Kyle MacDonald
13e0bb2906
website: fixup incorrect markdown syntax ( #11015 )
2021-09-13 10:36:34 -04:00
Paul Banks
b9dd859c6d
Apply suggestions from code review
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2021-09-10 21:29:43 +01:00
Paul Banks
64957f2d22
Document how to make namespace wildcard intentions. ( #10724 )
...
* Update intentions.mdx
* Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-09-10 21:25:09 +01:00
Freddy
11672defaf
connect: update envoy supported versions to latest patch release
...
(#10961 )
Relevant advisory:
https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h
2021-08-31 10:39:18 -06:00
Nitya Dhanushkodi
59eab91d69
doc: remove sentence that tproxy works cross-DC with config entries. ( #10885 )
...
It can only work if there is a running service instance in the local DC,
so this is a bit misleading, since failover and redirects are typically
used when there is not an instance in the local DC.
2021-08-23 12:14:28 -07:00
Blake Covarrubias
ef11e8bc92
docs: Add common CA config options to provider doc pages ( #10842 )
...
Add the list of common Connect CA configuration options to the
provider-specific CA docs.
Previously these options were only documented under the agent
configuration options. This change makes it so that all supported CA
provider configuration options are available from a single location.
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-08-19 11:18:55 -07:00
Blake Covarrubias
247397dcd2
Document possible risk w.r.t exposing the admin API in Envoy ( #10817 )
...
Add a section to the Connect Security page which highlights the risks
of exposing Envoy's administration interface outside of localhost.
Resolves #5692
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Kent 'picat' Gruber <kent@hashicorp.com>
2021-08-13 10:05:29 -07:00
Blake Covarrubias
deeebd2795
docs: Clarify ingress gateway's -address flag ( #10810 )
...
Clarify the function of `-address` flag when instantiating an ingress
gateway.
Resolves #9849
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2021-08-12 14:56:07 -07:00
Chris Piraino
b302a926c6
docs: remove note on ingress gateway hosts field needing a port number ( #10827 )
...
This was necessary in older versions of Consul, but was obsoleted by
making Consul add the port number itself when constructing the Envoy
configuration.
2021-08-11 16:36:57 -05:00
Blake Covarrubias
db59597cac
docs: Update code blocks across website
...
* Use CodeTabs for examples in multiple formats.
* Ensure correct language on code fences.
* Use CodeBlockConfig for examples with filenames, or which need
highlighted content.
2021-08-11 13:20:03 -07:00
Blake Covarrubias
6f1fa59005
docs: Add JSON examples to all config entries
...
This commit adds example JSON configs for several config entry
resources were missing examples in this language.
The examples have been updated to use the new CodeTabs resource
instead of the Tab component.
2021-08-10 15:34:28 -07:00
trujillo-adam
79c25af139
Merge branch 'main' into docs-envoy-proxy-breaks-when-enabling-tls
2021-08-09 14:57:29 -07:00
trujillo-adam
521be9f2a8
Update website/content/docs/connect/proxies/envoy.mdx
...
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-08-09 13:36:28 -07:00
trujillo-adam
4c3a48e6b3
Update website/content/docs/connect/proxies/envoy.mdx
...
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-08-09 13:36:07 -07:00
trujillo-adam
6ba6025b55
docs: adding env var info, resolves #7926
2021-08-09 13:14:02 -07:00
trujillo-adam
caa7052455
Merge pull request #10763 from hashicorp/docs-proxy-integration-improvements
...
general language and readability improvements to proxy integration docs
2021-08-04 14:36:47 -07:00
trujillo-adam
068ec1b607
Applying more feedback from @black and @karl-cardenas-coding
2021-08-04 14:02:42 -07:00
trujillo-adam
c412c2811d
Applying feedback from @blake
2021-08-04 11:29:21 -07:00
trujillo-adam
df643bb921
Update website/content/docs/connect/proxies/integrate.mdx
...
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-08-04 10:44:06 -07:00
trujillo-adam
0a6ea4e91e
general language and readability improvements to proxy integration docs
2021-08-03 15:56:56 -07:00
Blake Covarrubias
9eb8622061
docs: Note proxy-defaults can globally set service protocol ( #10649 )
...
Add a note to the docs for the service defaults config entry which
informs users that the service protocol can be configured for all
services using the proxy defaults config entry.
Resolves #8279
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2021-08-02 13:23:58 -07:00
Paul Banks
73d1d55ddd
Call out the incompatibility of wildcards and L7 permissions
2021-07-29 11:58:21 +01:00
Fabio Lichinchi
ab9008158d
Update vault.mdx ( #10679 )
2021-07-26 09:16:00 -07:00
Blake Covarrubias
4d2bc76d62
docs: Fix spelling errors across website
2021-07-19 14:29:54 -07:00
David Yu
f6273fe5ba
docs: Update docs to reflect limitation in TProxy when using single Consul DC deployment with multiple k8s clusters ( #10549 )
...
* docs: Update to reflect single Consul DC deployment with multiple k8s clusters
2021-07-08 10:44:29 -07:00
Daniel Nephin
14527dd005
Merge pull request #10552 from hashicorp/dnephin/ca-remove-rotation-period
...
ca: remove unused RotationPeriod field
2021-07-06 18:49:33 -04:00
jkirschner-hashicorp
31bbab8ae7
Merge pull request #10560 from jkirschner-hashicorp/change-sane-to-reasonable
...
Replace use of 'sane' where appropriate
2021-07-06 11:46:04 -04:00
Daniel Nephin
b4a10443d1
ca: remove unused RotationPeriod field
...
This field was never used. Since it is persisted as part of a map[string]interface{} it
is pretty easy to remove it.
2021-07-05 19:15:44 -04:00
Jared Kirschner
4c3b1b8b7b
Replace use of 'sane' where appropriate
...
HashiCorp voice, style, and language guidelines recommend avoiding ableist
language unless its reference to ability is accurate in a particular use.
2021-07-02 12:18:46 -04:00
Daniel Nephin
9a0680040e
Merge pull request #10527 from hashicorp/rename-main-branch
...
Update references to the main branch
2021-06-30 13:07:09 -04:00
Luke Kysow
128d4444f5
docs: Document setting dashboard_url on k8s ( #10510 )
...
It's tricky because the `{{` needs to be escaped with Helm.
2021-06-30 09:16:38 -07:00
Daniel Nephin
c2cc9b6bda
Update references to the main branch
...
The main branch is being renamed from master->main. This commit should
update all references to the main branch to the new name.
Co-Authored-By: Mike Morris <mikemorris@users.noreply.github.com>
2021-06-29 17:17:38 -04:00
Jared Kirschner
817a7ff454
Fix service splitter example weight sum
...
Weight sum must be equal to 100.
2021-06-29 07:01:55 -04:00
David Yu
2b4942b7f5
docs - Adding Mesh as CRD in Consul K8s ( #10459 )
...
* docs - Adding Mesh as CRD in Consul K8s
* Removing extra left brace in ServiceDefaults
2021-06-22 19:18:13 -07:00
Luke Kysow
3ad64aeb7d
Update config entry docs for CRDs ( #10407 )
...
* Update mesh, proxy-defaults and service-defaults docs to properly
document Kubernetes YAML.
Co-authored-by: David Yu <dyu@hashicorp.com>
2021-06-22 16:56:53 -07:00
Nitya Dhanushkodi
a91c670eab
docs: upgrading to tproxy (/docs/upgrades/upgrade-specific) ( #10416 )
...
* docs: update tproxy docs
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2021-06-22 16:41:08 -07:00
Nitya Dhanushkodi
d001b197b0
docs: update tproxy docs (/docs/connect/transparent-proxy) ( #10415 )
...
* docs: update tproxy docs
* add examples
* links
2021-06-22 16:29:52 -07:00
Blake Covarrubias
ebe1f1cb51
docs: Remove beta tag for 1.10 features
...
Remove beta tag for 1.10 features which are now GA.
2021-06-22 16:22:50 -07:00
R.B. Boyer
3581e72dbc
docs: mention that service defaults upstream config sections should not contain wildcards ( #10451 )
2021-06-22 10:57:03 -05:00
Blake Covarrubias
61d9adbd17
docs: Add example of escaping tracing JSON using jq
2021-06-14 16:23:44 -07:00
Freddy
f399fd2add
Rename CatalogDestinationsOnly ( #10397 )
...
CatalogDestinationsOnly is a passthrough that would enable dialing
addresses outside of Consul's catalog. However, when this flag is set to
true only _connect_ endpoints for services can be dialed.
This flag is being renamed to signal that non-Connect endpoints can't be
dialed by transparent proxies when the value is set to true.
2021-06-14 14:15:09 -06:00
R.B. Boyer
7ee812b22f
docs: update envoy docs for changes related to xDS v2->v3 and SoTW->Incremental ( #10166 )
...
Fixes #10098
2021-06-10 10:59:54 -05:00