Commit Graph

346 Commits

Author SHA1 Message Date
boruszak f3a9f607b9 Proofing edits 2022-08-02 16:20:43 -05:00
boruszak c0c97f2cb3 Proofing edits 2022-08-02 16:01:22 -05:00
boruszak a7b4444958 New features/functions list 2022-08-02 15:17:09 -05:00
boruszak b96d540271 New "Mesh Gateways for Peered Clusters" page 2022-08-02 15:09:00 -05:00
boruszak 8ace17e47c Initial new features commit 2022-08-02 14:26:20 -05:00
boruszak 52656f4426 Proofing updates & adjustments 2022-08-01 14:43:10 -05:00
boruszak 58a7b3aece Updated functionality + task instructions 2022-08-01 14:28:50 -05:00
boruszak 31df478292 Beta release constraints updated 2022-08-01 10:43:38 -05:00
boruszak e9c8abefcb Update "technical preview" to "beta" 2022-08-01 10:30:36 -05:00
Krastin Krastev 7f2eea5be3 Merge branch 'main' into krastin/docs/sidecarservice-typo 2022-07-21 10:51:39 +03:00
Jared Kirschner 53ab2bd9d2
Merge pull request #13405 from hashicorp/jkirschner-hashicorp-patch-3
docs: correct Vault CA multiple namespace support
2022-07-20 17:52:32 -04:00
Krastin Krastev 40c0519d46 docs: clean-up expanded service def 2022-07-18 13:45:59 +03:00
boruszak 7384eefff0 Clarification around "peering_token.json" and adding Partition names 2022-07-07 16:10:21 -05:00
boruszak 368d88f9b3 "<service-name" fix - added brackets 2022-07-07 10:08:53 -05:00
David Yu 8f8ed954cc
docs: add controller to cluster peering docs (#13639)
* docs: add controller to cluster peering docs
2022-06-29 11:08:37 -07:00
Tu Nguyen 3c608f5536
Fix typo in cluster peering docs (#13574)
* Fix typo in cluster peering docs
* Remove highlight, update curly quotes
2022-06-28 15:54:57 -07:00
Matt Keeler 91b8bf4b55
Clarify the wording of the peering limitations in the preview (#13590) 2022-06-24 09:58:31 -04:00
David Yu baf6c67415
docs: add indent to code block config tab to align with other branches (#13573) 2022-06-23 08:38:36 -07:00
David Yu e8f7a1f2c1
docs: add Core requirements to cluster peering k8s docs (#13569)
* docs: add Core requirements to cluster peering k8s docs

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-06-22 19:12:08 -07:00
Tu Nguyen a35d37c574
Merge pull request #13433 from hashicorp/docs-cluster-peering-technical-preview
docs: Cluster Peering for OSS Technical Preview
2022-06-22 00:10:11 -07:00
David Yu 563c11baa5
Update website/content/docs/connect/cluster-peering/k8s.mdx 2022-06-21 16:34:45 -07:00
Tu Nguyen 5596f6fc4b
Apply suggestions from code review 2022-06-21 16:31:49 -07:00
David Yu 32eb9a70a9 adding fixes 2022-06-21 16:27:06 -07:00
Tu Nguyen 32ecc216f6
Update website/content/docs/connect/cluster-peering/k8s.mdx
Co-authored-by: David Yu <dyu@hashicorp.com>
2022-06-21 16:21:29 -07:00
Tu Nguyen 5df3af9778
Update website/content/docs/connect/cluster-peering/create-manage-peering.mdx 2022-06-21 16:15:34 -07:00
Tu Nguyen 60f6948b0a
Apply suggestions from code review
Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-06-21 16:13:39 -07:00
Tu Nguyen 23e4884779
Merge pull request #13448 from hashicorp/docs-cluster-peering-k8s-technical-preview
docs: Cluster Peering for Kubernetes Technical Preview
2022-06-21 10:18:13 -07:00
Jeff Boruszak 3ded4522fb
Apply suggestions from code review
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-06-20 15:28:50 -05:00
Freddy 902e76d304
Additional service mesh docs updates for peering (#13464)
This PR covers two sets of changes:
- Documenting the new `destination_peer` for proxy upstream definitions.
- Updating the exported-services config entry documentation.

Updates to the `exported-services` config entry include:
- As of 1.13.0 it is no longer only for Consul Enterprise
- A `PeerName` is now a possible consumer for an exported service.
- Added examples for OSS and Enterprise
- Linked to peering docs
2022-06-17 18:40:38 -06:00
Jeff Boruszak 4c520323a5
Update website/content/docs/connect/cluster-peering/create-manage-peering.mdx 2022-06-17 12:35:35 -05:00
Jeff Boruszak 85463445b4
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-06-17 12:31:11 -05:00
Chris S. Kim 4b0ffb227a
Update docs with Source.Peer field (#13463) 2022-06-16 09:30:05 -04:00
Jeff Boruszak 93a50d5b12
Additional consistency edits 2022-06-15 16:25:57 -05:00
Jeff Boruszak 8bd57c75fe
Apply suggestions from code review
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2022-06-15 16:15:03 -05:00
Jeff Boruszak 627173110b
Update website/content/docs/connect/cluster-peering/index.mdx 2022-06-15 14:26:40 -05:00
Jeff Boruszak 1a6eea4fc3
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-06-15 14:23:18 -05:00
boruszak b00262381b Limitations -> Constraints 2022-06-15 14:21:58 -05:00
Jeff Boruszak 08716c5279
Apply suggestions from code review
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-06-15 14:19:03 -05:00
boruszak 37acf49357 typo fix 2022-06-15 14:08:34 -05:00
boruszak 80f779a528 Switch fronend-service and backend-service 2022-06-15 14:07:56 -05:00
Jeff Boruszak e8d34bab68
Apply suggestions from code review 2022-06-15 14:04:52 -05:00
Jeff Boruszak c23ab4259e
Apply suggestions from code review
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-06-15 14:01:34 -05:00
Jeff Boruszak 199e9a900a
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2022-06-15 13:56:55 -05:00
boruszak 1c7d51f9d9 peering_token.json addition 2022-06-15 13:55:53 -05:00
Jared Kirschner bd68f0f6f6
Merge branch 'main' into jkirschner-hashicorp-patch-3 2022-06-15 00:06:40 -04:00
Jeff Boruszak caa2dc5bfb
Apply suggestions from code review
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-06-14 17:34:21 -05:00
Evan Culver ca7acd2970
connect: Use Envoy 1.22.2 instead of 1.22.1 (#13444) 2022-06-14 15:29:41 -07:00
Jeff Boruszak 687c16b9e0
Update website/content/docs/connect/cluster-peering/create-manage-peering.mdx
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-06-14 17:29:30 -05:00
Jeff Boruszak 9a8235993a
Update website/content/docs/connect/cluster-peering/create-manage-peering.mdx 2022-06-14 17:28:06 -05:00
Jeff Boruszak fe0a5491d2
Update website/content/docs/connect/cluster-peering/create-manage-peering.mdx
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2022-06-14 17:27:03 -05:00
Jeff Boruszak 24409fa40b
Update website/content/docs/connect/cluster-peering/index.mdx
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2022-06-14 17:23:07 -05:00
boruszak e22171cdbf Cluster Peering on Kubernetes page creation 2022-06-14 17:15:14 -05:00
boruszak 703ce412c7 Removing k8s updates on this branch 2022-06-14 17:12:45 -05:00
boruszak 8687f1511e <CodeBlockConfig> fixes 2022-06-14 16:58:07 -05:00
boruszak 0b60e6b539 Code Block fixes 2022-06-14 16:55:25 -05:00
boruszak c901667dd4 Cluster Peering on Kubernetes initial draft 2022-06-14 16:33:29 -05:00
boruszak 0bffbc429c Cluster Peering on Kubernetes page creation 2022-06-14 16:15:57 -05:00
Evan Culver 2adb9f7c8a
connect: Update Envoy support matrix to latest patch releases (#13431) 2022-06-14 13:19:09 -07:00
Jeff Boruszak 2e5163dfdc
Fixing double-ticks ` 2022-06-14 10:00:22 -05:00
boruszak 0c1b6d77d8 Removing Kubernetes page - will submit separate PR for timing reason 2022-06-13 16:47:47 -05:00
boruszak ad4712334d Typo fix 2022-06-13 16:42:29 -05:00
boruszak 00e648ab89 Create and Manage Peering Connections additional fixes 2022-06-13 16:38:44 -05:00
boruszak ecdb4cda96 What is Cluster Peering? additional fixes 2022-06-13 16:06:29 -05:00
boruszak fb573f7801 Create and Manage Peering Connections page 2022-06-13 14:24:02 -05:00
boruszak 4b306efd94 What is Cluster Peering? additional fixes 2022-06-13 13:41:57 -05:00
boruszak d3fd58ad8e What is Cluster Peering? page 2022-06-13 13:31:13 -05:00
boruszak b8b9be4d56 Initial page creation 2022-06-13 12:58:16 -05:00
Jared Kirschner 40402339e8
docs: correct Vault CA multiple namespace support 2022-06-08 17:50:56 -04:00
Mark Anderson 3046ad707b yUpdate website/content/docs/connect/ca/vault.mdx
Port some changes that were made to the backport branch but not in the original PR.

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-31 20:22:12 -07:00
Blake Covarrubias a74710fd45
docs: Remove unnecessary use of CodeBlockConfig (#12974)
Remove empty CodeBlockConfig elements. These elements are not
providing any benefit for the enclosed code blocks. This PR removes
the elements so so that the source is easier to read.
2022-05-11 15:37:02 -07:00
Blake Covarrubias 13ac34c08b
docs: Fix spelling errors across site (#12973) 2022-05-10 07:28:33 -07:00
Mark Anderson f4c4c0e9ae
Update website/content/docs/connect/config-entries/mesh.mdx (#12943)
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Signed-off-by: Mark Anderson <manderson@hashicorp.com>

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-05-05 10:39:53 -07:00
Mark Anderson 18193f2916
Support vault namespaces in connect CA (#12904)
* Support vault namespaces in connect CA

Follow on to some missed items from #12655

From an internal ticket "Support standard "Vault namespace in the
path" semantics for Connect Vault CA Provider"

Vault allows the namespace to be specified as a prefix in the path of
a PKI definition, but our usage of the Vault API includes calls that
don't support a namespaced key. In particular the sys.* family of
calls simply appends the key, instead of prefixing the namespace in
front of the path.

Unfortunately it is difficult to reliably parse a path with a
namespace; only vault knows what namespaces are present, and the '/'
separator can be inside a key name, as well as separating path
elements. This is in use in the wild; for example
'dc1/intermediate-key' is a relatively common naming schema.

Instead we add two new fields: RootPKINamespace and
IntermediatePKINamespace, which are the absolute namespace paths
'prefixed' in front of the respective PKI Paths.

Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-04 19:41:55 -07:00
Mark Anderson e6282c7c64 Docs and changelog edits
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-04 08:50:59 -07:00
Mark Anderson 33bc0a8cb3 Add some docs
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-04 08:50:58 -07:00
Blake Covarrubias 8dc68002f9
docs: Add example Envoy escape hatch configs (#12764)
Add example escape hatch configurations for all supported override
types.
2022-05-02 11:25:59 -07:00
Karl Cardenas 20975a35f6
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-04-26 13:12:53 -07:00
Karl Cardenas 7ead9840b5
docs: updated connect docs and re-deploying missed changes 2022-04-25 10:04:06 -07:00
David Yu ab78b897e4
docs: remove 1.9.x row in Envoy compatibility matrix (#12828) 2022-04-20 19:35:06 -07:00
Evan Culver 9d0b5bf8e9
connect: Add Envoy 1.22 to integration tests, remove Envoy 1.18 (#12805)
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2022-04-18 09:36:07 -07:00
Evan Culver e62745c82c
connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
Natalie Smith b9ec2222db docs: simplify agent docs slugs 2022-04-11 17:38:47 -07:00
Natalie Smith cd73f27c84 docs: fix external links to agent config pages 2022-04-11 17:38:11 -07:00
R.B. Boyer f4eac06b21
xds: ensure that all connect timeout configs can apply equally to tproxy direct dial connections (#12711)
Just like standard upstreams the order of applicability in descending precedence:

1. caller's `service-defaults` upstream override for destination
2. caller's `service-defaults` upstream defaults
3. destination's `service-resolver` ConnectTimeout
4. system default of 5s

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-04-07 16:58:21 -05:00
Kyle Havlovitz 9380343689
Merge pull request #12672 from hashicorp/tgate-san-validation
Respect SNI with terminating gateways and log a warning if it isn't set alongside TLS
2022-04-05 11:15:59 -07:00
Blake Covarrubias d60e8cd646
docs: Update links to K8s service mesh annotations (#12652)
The list of supported annotations for Consul service mesh were moved
from /docs/k8s/connect to /docs/k8s/annotations-and-labels in PR
#12323.

This commit updates various across the site to point to the new
URL for these annotations.
2022-04-04 14:35:07 -07:00
Kyle Havlovitz 116b6c57cb Use the GatewayService SNI field for upstream SAN validation 2022-03-31 13:54:25 -07:00
Kyle Havlovitz cc3c39b920 Recommend SNI with TLS in the terminating gateway docs 2022-03-31 12:19:16 -07:00
Bryce Kalow 04ec4c2aa4
website: redirect /api to /api-docs (#12660) 2022-03-30 16:16:26 -05:00
R.B. Boyer e9230e93d8
xds: adding control of the mesh-wide min/max TLS versions and cipher suites from the mesh config entry (#12601)
- `tls.incoming`: applies to the inbound mTLS targeting the public
  listener on `connect-proxy` and `terminating-gateway` envoy instances

- `tls.outgoing`: applies to the outbound mTLS dialing upstreams from
  `connect-proxy` and `ingress-gateway` envoy instances

Fixes #11966
2022-03-30 13:43:59 -05:00
R.B. Boyer d4e80b8800
server: ensure that service-defaults meta is incorporated into the discovery chain response (#12511)
Also add a new "Default" field to the discovery chain response to clients
2022-03-30 10:04:18 -05:00
Krastin Krastev f6958894f5
docs: fix a trailing comma in JSON body
removing a comma after a last element in JSON body
2022-03-22 20:36:59 +01:00
David Yu 6363cb16c3
docs: Consul Service Mesh overview - rename of title and K8s getting started (#12574)
* Consul Service Mesh overview - rename of title and K8s getting started

* reformat lines
2022-03-18 08:55:57 -07:00
Dan Upton 57f0f42733
Support per-listener TLS configuration ⚙️ (#12504)
Introduces the capability to configure TLS differently for Consul's
listeners/ports (i.e. HTTPS, gRPC, and the internal multiplexed RPC
port) which is useful in scenarios where you may want the HTTPS or
gRPC interfaces to present a certificate signed by a well-known/public
CA, rather than the certificate used for internal communication which
must have a SAN in the form `server.<dc>.consul`.
2022-03-18 10:46:58 +00:00
Jacob 578d82fd96
Update ui-visualization.mdx 2022-03-16 10:08:22 -04:00
mrspanishviking 1ae820ea0a
Revert "[Docs] Agent configuration hierarchy " 2022-03-15 16:13:58 -07:00
trujillo-adam 667976c94f fixing merge conflicts part 3 2022-03-15 15:25:03 -07:00
trujillo-adam 33d0ed5e96 fixed merge conflicts pt2 2022-03-15 14:01:24 -07:00
trujillo-adam 60a88bb40f merging new hierarchy for agent configuration 2022-03-14 15:44:41 -07:00
Kyle Schochenmaier 6e6e705ae0
update docs (#12543) 2022-03-09 13:24:20 -06:00