Commit graph

564 commits

Author SHA1 Message Date
Dan Upton e1829a8706
Rename master and agent_master ACL tokens in the config file format (#11665) 2021-12-01 21:08:14 +00:00
R.B. Boyer 70b143ddc5
auto-config: ensure the feature works properly with partitions (#11699) 2021-12-01 13:32:34 -06:00
Paul Banks 5015e9a733 Reformatting suggestions from review 2021-12-01 15:35:24 +00:00
Paul Banks 15ece49126 Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2021-12-01 15:13:40 +00:00
Paul Banks d149311cee Apply suggestions from code review
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2021-12-01 15:13:40 +00:00
Paul Banks c1b9601a94 Add documentation for SDS support in ingress gateways. 2021-12-01 15:13:40 +00:00
Heronimus Tresy 409385ed23
docs: community tools - add string2files consul-template plugin (#11675) 2021-12-01 09:24:47 -05:00
John Cowen 6fa1a058a6
ui: Add Service.Partition as available variable for dashboard urls (#11654) 2021-12-01 11:05:57 +00:00
trujillo-adam cff9356f97
Merge pull request #11558 from hashicorp/docs/admin-partitions-service-exports-configuration-entry
Admin partition docs: cross-partition support beta2/3
2021-11-30 11:22:30 -08:00
trujillo-adam 861e756b70 addtional feedback; added PartitionExports to CRDs section 2021-11-30 11:18:12 -08:00
trujillo-adam 5c47887093 applied additional feedback 2021-11-29 13:28:05 -08:00
David Yu db01c70914
docs: Notes about WAN Federation when using Vault as Connect CA (#11143)
* docs: Notes about WAN Federation when using Vault as Connect CA

* Apply suggestions from code review

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* Update website/content/docs/connect/ca/vault.mdx

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* Update website/content/docs/connect/ca/vault.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/connect/ca/vault.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update vault.mdx

* Update vault.mdx

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2021-11-29 12:37:14 -08:00
Daniel Nephin 5e5e3b590d
Merge pull request #11468 from hashicorp/dnephin/acl-docs-namespace-rules
docs: update docs about namespace default policy/role
2021-11-26 14:00:30 -05:00
Daniel Nephin aaea8df5d1 docs: update docs about namespace default policy/role
To include details about the permissions the ACL token must have to perform the request.
2021-11-26 13:47:45 -05:00
Chris S. Kim 92ed172c6e
docs: fix name for partition resource labels (#11634) 2021-11-23 15:51:55 -05:00
trujillo-adam 55d439d6eb updated server and client example yamls in usage section 2021-11-22 15:35:31 -08:00
lornasong eea9a33c13
nia/docs 0.4.2 (#11611)
* nia/docs: Add TLS options for the CTS API

* docs: Add workspace tags (#11564)

* nia/docs: Change CLI options to table format

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Michael Wilkerson <62034708+wilkermichael@users.noreply.github.com>

* nia/docs: Update TLS CLI defaults

Also clarifies some behavior for the CLI options.

Co-authored-by: Melissa Kam <mkam@hashicorp.com>
Co-authored-by: Kim Ngo <6362111+findkim@users.noreply.github.com>
Co-authored-by: Melissa Kam <3768460+mkam@users.noreply.github.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Michael Wilkerson <62034708+wilkermichael@users.noreply.github.com>
2021-11-22 17:02:19 -05:00
Konstantine 0142f64f83 added missing 'be' 2021-11-22 01:17:33 +02:00
Konstantine d0a6cfba1a
Update website/content/docs/discovery/dns.mdx
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2021-11-22 01:14:19 +02:00
Konstantine a077e69df4
Update website/content/docs/discovery/dns.mdx
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2021-11-22 01:09:39 +02:00
Konstantine bd89e2a68f
Update website/content/docs/discovery/dns.mdx
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2021-11-22 01:07:22 +02:00
trujillo-adam 2d1ac42cac removed 'flat network' requirements 2021-11-19 16:27:07 -08:00
Karl Cardenas 4a52289e2b
docs: updated proxy page to use new codeblock 2021-11-18 18:17:38 -07:00
Iryna Shustava bd3fb0d0e9
connect: Support auth methods for the vault connect CA provider (#11573)
* Support vault auth methods for the Vault connect CA provider
* Rotate the token (re-authenticate to vault using auth method) when the token can no longer be renewed
2021-11-18 13:15:28 -07:00
ultrafear 1cb5f734dd Fixing spelling under Matching and Prefix Values 2021-11-17 10:33:08 -08:00
Luke Kysow b356a7cdc9
Add docs for Consul Ent on ECS (#11537) 2021-11-17 09:59:32 -08:00
Eric Haberkorn 40566d82c2
Merge pull request #11583 from hashicorp/consul-ecs-ga-docs
Consul ECS GA Docs
2021-11-17 12:42:47 -05:00
Paul Glass 63c631d75e docs: Fix some typos in ECS overview 2021-11-17 11:20:23 -06:00
trujillo-adam 8dfab9eb67 fixed typo and added link from partition exports to admin partitions section 2021-11-17 08:50:07 -08:00
trujillo-adam f238f75923 fixed more bad links 2021-11-17 08:08:52 -08:00
danielehc 6b93af86ca
Connect.enabled config option (#11533) 2021-11-17 12:06:11 +01:00
trujillo-adam 4d9f7c5f53 fixed bad links 2021-11-16 12:05:18 -08:00
Konstantine ea91f60827
Update website/content/docs/discovery/dns.mdx
Co-authored-by: Evan Culver <eculver@users.noreply.github.com>
2021-11-16 21:55:15 +02:00
trujillo-adam 7fbb8dd08b added link to agent configuration from partition exports in usage section 2021-11-16 10:53:07 -08:00
trujillo-adam 3d2222cd8a applied freddy's feedback 2021-11-16 10:44:21 -08:00
Paul Glass 61e38b2b30 docs: correct some capitalization 2021-11-16 11:06:08 -06:00
Paul Glass 5f5c5d1d7a docs: ECS docs for GA 2021-11-16 10:55:23 -06:00
Eric 6180729072 Update Consul ECS documentation with health sync changes
This also switches the task startup image to an svg so it isn't pixelated
anymore
2021-11-16 11:51:32 -05:00
Paul Glass f901bd2d6b docs: Suggestions for ECS architecture from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2021-11-16 11:51:31 -05:00
Paul Glass eb4a2cce4b docs: ECS graceful shutdown refinements 2021-11-16 11:51:31 -05:00
Paul Glass 0904d6af3a docs: Apply suggestions to ecs docs from code review
Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2021-11-16 11:51:31 -05:00
Paul Glass 444f31f7ef docs: ECS graceful shutdown docs for GA 2021-11-16 11:51:31 -05:00
trujillo-adam c06675fb3a Adding partition exports configuraiton entry details, upstream config, acl impact 2021-11-13 18:52:58 -08:00
trujillo-adam b937934b35 first commit for cross-partition support - partition exports section 2021-11-11 18:43:57 -08:00
mrspanishviking dadb7a7c33
Merge pull request #11543 from hashicorp/envoy-token
docs: added more information to help endusers with proxies and ACL
2021-11-11 08:37:12 -08:00
mrspanishviking a7bda35a3f
Update website/content/docs/connect/proxies/integrate.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2021-11-11 08:05:45 -08:00
Freddy 317c875de9
Merge pull request #11546 from hashicorp/ui/bug/revert-11328
ui: Revert #11328 allow-${}-style-interpolation due, to browser support
2021-11-10 14:53:23 -07:00
mrspanishviking 890f3a6757
Merge pull request #11542 from hashicorp/vault-ca
docs: added link to the Learn tutorial in Vault CA integration page
2021-11-10 13:10:01 -08:00
mrspanishviking 0ae860df38
Update website/content/docs/connect/ca/vault.mdx
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-11-10 13:03:28 -08:00
David Yu c1f3f77261
docs: provide more example CLI commands and reference Vault (#11528)
* docs: provide more example CLI commands and reference Vault

* Extra formatting

* Update website/content/docs/k8s/operations/gossip-encryption-key-rotation.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/operations/gossip-encryption-key-rotation.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/operations/gossip-encryption-key-rotation.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/operations/gossip-encryption-key-rotation.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/operations/gossip-encryption-key-rotation.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/operations/gossip-encryption-key-rotation.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* adding more detail around gossip encryption rotation precautions

* Update website/content/docs/k8s/operations/gossip-encryption-key-rotation.mdx

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
2021-11-10 12:05:20 -08:00
John Cowen ecd296eaf7 Revert "Merge pull request #11328 from radiantly/ui/feature/allow-${}-style-interpolation"
This reverts commit cd55c0cda3310c06abe989b8d145d9946945ae8d, reversing
changes made to 14af8cb7a9e7fc0a65178e6ca7708b3f395f0d70.
2021-11-10 17:54:33 +00:00
trujillo-adam 8ea10fa959
Merge pull request #11487 from hashicorp/docs/admin-partitions-feedback-acl-policies-redux
changed 'segments' in this page to 'resource labels' to disambiguate from 'network segments
updated the code snippets to use CodeBlock component and to include JSON
2021-11-10 07:56:54 -08:00
Karl Cardenas 3ee1996504
docs: added more information to help endusers with proxies and ACL tokens 2021-11-10 08:52:44 -07:00
Karl Cardenas e7faee6ef7
docs: added link to the Learn tutorial in Vault CA integration page 2021-11-10 07:30:12 -07:00
trujillo-adam 66ad4e7d3d added json versions for all hcl examples 2021-11-09 18:19:04 -08:00
Freddy 0344f3579b
Fix caveat about resolvers operating at L4 (#11497)
Service resolvers can specify L4 rules such as redirects, or L7 rules such as
hash-based load balancing policies.
2021-11-08 07:11:36 -07:00
David Yu 0bd182feb7
docs: add brew install hashicorp/tap/consul-k8s and re-order install and uninstall workflows (#11489)
* docs: add `brew install hashicorp/tap/consul-k8s`

* add consul k8s cli brew install to reference

* Update k8s-cli.mdx

* split home-brew commands into two steps

* Update k8s-cli.mdx

* slight changes on recommended way of installing Consul K8s for CLI or multi-DC

* Update install.mdx

* reorder cli and helm uninstall

* Update website/content/docs/k8s/installation/install.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/installation/install.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/installation/install.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/k8s-cli.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/installation/install.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/k8s-cli.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2021-11-05 16:33:11 -07:00
Luke Kysow c010fa076d
Document default storage class requirements (#11492) 2021-11-05 11:27:49 -07:00
Connor b3af482e09
Support Vault Namespaces explicitly in CA config (#11477)
* Support Vault Namespaces explicitly in CA config

If there is a Namespace entry included in the Vault CA configuration,
set it as the Vault Namespace on the Vault client

Currently the only way to support Vault namespaces in the Consul CA
config is by doing one of the following:
1) Set the VAULT_NAMESPACE environment variable which will be picked up
by the Vault API client
2) Prefix all Vault paths with the namespace

Neither of these are super pleasant. The first requires direct access
and modification to the Consul runtime environment. It's possible and
expected, not super pleasant.

The second requires more indepth knowledge of Vault and how it uses
Namespaces and could be confusing for anyone without that context. It
also infers that it is not supported

* Add changelog

* Remove fmt.Fprint calls

* Make comment clearer

* Add next consul version to website docs

* Add new test for default configuration

* go mod tidy

* Add skip if vault not present

* Tweak changelog text
2021-11-05 11:42:28 -05:00
trujillo-adam e6073653b5 applied feedback 2021-11-05 09:30:28 -07:00
FFMMM 573ea1a95d
change vault ca docs to mention root cert ttl config (#11488)
Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>
2021-11-04 15:44:22 -07:00
FFMMM 9afecfa10c
plumb thru root cert tll to the aws ca provider (#11449)
* plumb thru root cert ttl to the aws ca provider

Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>

* Update .changelog/11449.txt

Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>

Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2021-11-04 12:19:08 -07:00
David Yu a96a035973
docs: consul-k8s uninstall with namespace (#11478)
* docs:  consul-k8s uninstall with namespace

Uninstall with namespace

* change release name to consul in uninstall

* Update website/content/docs/k8s/operations/uninstall.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* add --create-namespace command to install for custom values file

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2021-11-03 16:48:48 -07:00
trujillo-adam 9b632f0a9e changed 'segments' in this page to 'resource labels' to disambiguate from 'network segments' 2021-11-03 15:16:42 -07:00
Kyle Rarey 37e051ed36 Update namespaced replication token example 2021-11-03 15:33:30 -04:00
Thomas Eckert 4789e3a4d0
Update Helm Docs for v0.36.0 Consul K8s release (#11483)
Co-authored-by: David Yu <dyu@hashicorp.com>
2021-11-03 10:04:16 -07:00
Luke Kysow 0f8434a213
Add quick-link for users coming from UI (#11403)
The Consul UI topology view has an icon with the text
"Configure metrics dashboard" that links to this page. Add a notice at
the top of the page that links them directly to the relevant section.
2021-11-03 09:37:30 -07:00
Luke Kysow 6131a207cf
Remove Name/Namespace fields from upstream default (#11456)
The UpstreamConfig.Defaults field does not support setting Name or
Namespace because the purpose is to apply defaults to all upstreams.
I think this was just missed in the docs since those fields would
error if set under Defaults.

i.e. this is not supported:

```
UpstreamConfig {
  Defaults {
    Name = "foo"
    Namespace = "bar"
    # Defaults config here
  }
}
```
2021-11-02 14:21:15 -07:00
FFMMM 27227c0fd2
add root_cert_ttl option for consul connect, vault ca providers (#11428)
* add root_cert_ttl option for consul connect, vault ca providers

Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Chris S. Kim <ckim@hashicorp.com>

* add changelog, pr feedback

Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>

* Update .changelog/11428.txt, more docs

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* Update website/content/docs/agent/options.mdx

Co-authored-by: Kyle Havlovitz <kylehav@gmail.com>

Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
Co-authored-by: Kyle Havlovitz <kylehav@gmail.com>
2021-11-02 11:02:10 -07:00
Daniel Nephin 0ec2a804df
Merge pull request #10690 from tarat44/h2c-support-in-ping-checks
add support for h2c in h2 ping health checks
2021-11-02 13:53:06 -04:00
Melissa Kam f7297a712d docs/nia: Fix typo in TLS configs for CTS 2021-11-01 14:03:19 -05:00
Melissa Kam 89c89657d5
Merge pull request #11463 from hashicorp/docs-cts-tls
docs/nia: Update TLS-related configurations for CTS
2021-11-01 12:39:39 -05:00
trujillo-adam 2bcd5c42b9
Merge pull request #11441 from hashicorp/docs/admin-partitions-feedback-acl-policies
admin partitions feedback related to ACLs; additional improvements to ACL rule docs
2021-11-01 09:09:38 -07:00
trujillo-adam 5050867956
Update website/content/docs/security/acl/acl-rules.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2021-11-01 09:07:08 -07:00
Melissa Kam afac305b54 docs/nia: Update TLS-related configurations for CTS
- Clarify file types and uses of the configurations
- Update some wording to match between Consul and TFE TLS configs
2021-11-01 10:44:14 -05:00
Konstantine 5ca3fc61b8 added Alternative Domain section to dns page in docs 2021-10-30 16:45:58 +03:00
Jared Kirschner 6dfcbeceec
Merge pull request #11348 from kbabuadze/fix-answers-alt-domain
Fix answers for alt domain
2021-10-29 17:09:20 -04:00
David Yu 571cff9dc9
docs: add -verbose flag for install command (#11447) 2021-10-29 12:08:23 -07:00
David Yu c3a1895f2e
docs: revised Helm install to create namespace and install on dedicated namespace (#11440)
* docs: revised Helm install to create namespace and install on dedicated Consul namespace

* Update website/content/docs/k8s/installation/install.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update install.mdx

* changing to Helm 3.2+ as a pre-req to make it easier to follow
* might as well bump to latest version

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2021-10-28 12:27:00 -07:00
trujillo-adam e70cff6ee8 applying admin partitions feedback related to ACLs; additional immprovments to ACL rule docs 2021-10-28 11:23:15 -07:00
Daniel Nephin b02b324c9d
Merge pull request #11255 from hashicorp/dnephin/fix-auth-verify-incoming
tlsutil: only AuthorizerServerConn when VerifyIncomingRPC is true
2021-10-28 12:56:58 -04:00
Kim Ngo 0ac20e556a
CTS document manual apply (#11426)
* CTS document manual apply
* Add Consul-Terraform-Sync parentheses to CTS acronym
* Add tf link for run notifications
2021-10-28 10:19:18 -05:00
Evan Culver b3c92f22b1
connect: Remove support for Envoy 1.16 (#11354) 2021-10-27 18:51:35 -07:00
Evan Culver 98acbfa79c
connect: Add support for Envoy 1.20 (#11277) 2021-10-27 18:38:10 -07:00
Daniel Nephin 6e9dd995eb tlsutil: only AuthorizerServerConn when VerifyIncomingRPC is true
See github.com/hashicorp/consul/issues/11207

When VerifyIncomingRPC is false the TLS conn will not have the required certificates.
2021-10-27 13:43:25 -04:00
Konstantine bd443875f5 fixed configurations options order in dns.mdx 2021-10-27 02:33:36 +03:00
Chris S. Kim dac34427c5
docs: Document datacenter limitations for admin partitions (#11425) 2021-10-26 15:35:39 -04:00
Kim Ngo 80efc993ba
Update CTS compatibility matrix to include TFC and flexible (#11424) 2021-10-26 13:12:44 -05:00
Konstantine d897a3e16e describe how alt-domain works in docs 2021-10-26 12:38:13 -04:00
Daniel Nephin f24bad2a52
Merge pull request #11232 from hashicorp/dnephin/acl-legacy-remove-docs
acl: add docs and changelog for the removal of the legacy ACL system
2021-10-25 18:38:00 -04:00
David Yu e184ccc8e0
docs: Move consul-k8s architecture docs to Overview (#11414)
* docs: Move consul-k8s architecture docs to Overview
2021-10-25 15:33:41 -07:00
David Yu 5f3dad4db2
docs: minor Consul K8s changes (#11402)
* docs: minor Consul K8s changes
2021-10-25 10:00:10 -07:00
Pete Lopez f8c1561495 Use correct registry url
A small typo in the module source leads to an error when performing `terraform init`.
2021-10-22 17:12:23 -07:00
David Yu 4d1490d16f
docs: bump reference to consul-k8s cli to beta and reformat helm config example (#11398) 2021-10-22 09:14:35 -07:00
Chris S. Kim 1eaa53798c
Update docs for tls_cipher_suites (#11070) 2021-10-21 16:41:51 -04:00
trujillo-adam 53295c8f58
Merge pull request #11325 from hashicorp/docs/admin-partitions-concept-v1.11.0
Docs/admin partitions concept v1.11.0 beta1
2021-10-20 11:33:41 -07:00
trujillo-adam 56d2781a7f added info about resource behavior when upgrading to 1.11 + 2021-10-20 09:57:55 -07:00
trujillo-adam c89eec9a66 applying most of blake's feedback - still have a question 2021-10-20 08:12:07 -07:00
Jared Kirschner fe09db6158
Merge pull request #11328 from radiantly/ui/feature/allow-${}-style-interpolation
ui: Allow ${ } interpolation for UI Dashboard template URLs
2021-10-20 08:59:02 -04:00
Jared Kirschner d4f6b06b97
Merge pull request #11278 from anihm136/main
Update docs: Mention grafana dashboard
2021-10-20 08:54:59 -04:00