Commit Graph

16290 Commits

Author SHA1 Message Date
vanphan24 7a44e0d78c
Update website/content/docs/k8s/installation/vault/server-tls.mdx
Co-authored-by: mrspanishviking <cardenas88karl@gmail.com>
2022-01-12 08:57:09 -08:00
vanphan24 0d43b17228
Update website/content/docs/k8s/installation/vault/server-tls.mdx
Co-authored-by: mrspanishviking <cardenas88karl@gmail.com>
2022-01-12 08:57:02 -08:00
vanphan24 073387885e
Update website/content/docs/k8s/installation/vault/server-tls.mdx
Co-authored-by: mrspanishviking <cardenas88karl@gmail.com>
2022-01-12 08:56:58 -08:00
vanphan24 088decf30f
Update website/content/docs/k8s/installation/vault/server-tls.mdx
Co-authored-by: mrspanishviking <cardenas88karl@gmail.com>
2022-01-12 08:56:53 -08:00
vanphan24 26fb50a326
Update website/content/docs/k8s/installation/vault/server-tls.mdx
Co-authored-by: mrspanishviking <cardenas88karl@gmail.com>
2022-01-12 08:56:33 -08:00
vanphan24 399864d3ce
Update server-tls.mdx
Added k8s auth role for client
Added to Consul yaml file: tls.enableAutoEncrypt: true
Fixed name of CA policy: policies=ca-policy
2022-01-12 08:46:55 -08:00
Bryce Kalow 369c4d0760
website: upgrade downloads page (#12043) 2022-01-12 10:30:46 -06:00
Chris S. Kim 4330a6a21a
Fix race with tags (#12041) 2022-01-12 11:24:51 -05:00
mrspanishviking 29e07eb48c
Merge pull request #12014 from hashicorp/neenap-patch-1
docs: updated the description of min_quorum
2022-01-12 07:55:41 -07:00
Matt Siegel a7912028b9
Merge pull request #11984 from hashicorp/msiege2/docs-day
Docs: Update CLI commands to show corresponding HTTP API commands and ACL policies required
2022-01-12 08:18:52 -05:00
John Cowen 4d62ee7353
ui: Adds a notice for non-primary intention creation (#11985) 2022-01-12 11:50:09 +00:00
John Cowen a408644205
ui: Fix up wiring or empty state login button (#11981)
* ui: Some ACL component documentation (#11982)
2022-01-12 11:05:24 +00:00
John Cowen 754afd356a
ui: Alter position of dashboard button in the service instance header (#11988) 2022-01-12 09:31:54 +00:00
John Cowen fe105d1ba7
ui: Allow templateName paths to be relative (#11955) 2022-01-12 09:27:00 +00:00
John Cowen ac72b1b9f0
ui: First pass at writing some data layer related Eng docs (#11203) 2022-01-12 09:26:02 +00:00
mrspanishviking fa192431eb
Merge pull request #12034 from vanphan24/patch-2
Clarifies external CA config
2022-01-11 15:09:50 -07:00
vanphan24 2c0a87a057
Clarifies external CA config
It is not clear that this page is to configure an external CA for Connect CA. Added line to clarify that this page is for configuring external CA's for the Connect CA. For the built-in CA, no config is needed.
2022-01-11 13:22:50 -08:00
Matt Siegel 749f02e500
Merge branch 'main' into msiege2/docs-day 2022-01-11 16:16:41 -05:00
David Yu 733526a012
docs: Update uninstall to ensure CRDs are deleted (#12021)
* docs: Update uninstall to ensure CRDs are deleted

* Update website/content/docs/k8s/operations/uninstall.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* add more details around CRD deletion

* move around crd deletion to before unsintall

* slight wording

* move deletion of CRDs to first line

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2022-01-11 12:53:39 -08:00
Kim Ngo 9340b3bfe5
CTS OSS vs Ent docs (#12006)
* Add CTS OSS and Ent feature comparision chart

* Mention CTS Ent in intro

* Update CTS install page with Ent and tab install options

* Clarify local workspaces and add Collaboration row

* Oxford comma, rename to Automation Driver, install +ent ctx

* Update website/content/docs/nia/installation/install.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Melissa Kam <3768460+mkam@users.noreply.github.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Remove self-hosted row and add TFE explicitly

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Melissa Kam <3768460+mkam@users.noreply.github.com>
2022-01-11 13:31:06 -06:00
Chris S. Kim 4f0a3a997c
Fix races in anti-entropy tests (#12028) 2022-01-11 14:28:51 -05:00
Kim Ngo 5818d6b669
Clarify CTS monitoring of service and instances (#12008)
* Clarify CTS monitoring of service and instances

Co-authored-by: Michael Wilkerson <62034708+wilkermichael@users.noreply.github.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-01-11 13:06:13 -06:00
Blake Covarrubias 97e7e118e0 docs: Fix spelling errors 2022-01-11 09:37:09 -08:00
mrspanishviking a51f17a0f1
Merge pull request #11983 from hashicorp/resolver_examples
docs: added another resolver example for DC and namespace failover
2022-01-11 10:27:57 -07:00
Mike Morris 277c41d336
ingress: allow setting TLS min version and cipher suites in ingress gateway config entries (#11576)
* xds: refactor ingress listener SDS configuration

* xds: update resolveListenerSDS call args in listeners_test

* ingress: add TLS min, max and cipher suites to GatewayTLSConfig

* xds: implement envoyTLSVersions and envoyTLSCipherSuites

* xds: merge TLS config

* xds: configure TLS parameters with ingress TLS context from leaf

* xds: nil check in resolveListenerTLSConfig validation

* xds: nil check in makeTLSParameters* functions

* changelog: add entry for TLS params on ingress config entries

* xds: remove indirection for TLS params in TLSConfig structs

* xds: return tlsContext, nil instead of ambiguous err

Co-authored-by: Chris S. Kim <ckim@hashicorp.com>

* xds: switch zero checks to types.TLSVersionUnspecified

* ingress: add validation for ingress config entry TLS params

* ingress: validate listener TLS config

* xds: add basic ingress with TLS params tests

* xds: add ingress listeners mixed TLS min version defaults precedence test

* xds: add more explicit tests for ingress listeners inheriting gateway defaults

* xds: add test for single TLS listener on gateway without TLS defaults

* xds: regen golden files for TLSVersionInvalid zero value, add TLSVersionAuto listener test

* types/tls: change TLSVersion to string

* types/tls: update TLSCipherSuite to string type

* types/tls: implement validation functions for TLSVersion and TLSCipherSuites, make some maps private

* api: add TLS params to GatewayTLSConfig, add tests

* api: add TLSMinVersion to ingress gateway config entry test JSON

* xds: switch to Envoy TLS cipher suite encoding from types package

* xds: fixup validation for TLSv1_3 min version with cipher suites

* add some kitchen sink tests and add a missing struct tag

* xds: check if mergedCfg.TLSVersion is in TLSVersionsWithConfigurableCipherSuites

* xds: update connectTLSEnabled comment

* xds: remove unsued resolveGatewayServiceTLSConfig function

 * xds: add makeCommonTLSContextFromLeafWithoutParams

* types/tls: add LessThan comparator function for concrete values

* types/tls: change tlsVersions validation map from string to TLSVersion keys

* types/tls: remove unused envoyTLSCipherSuites

* types/tls: enable chacha20 cipher suites for Consul agent

* types/tls: remove insecure cipher suites from allowed config

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 are both explicitly listed as insecure and disabled in the Go source.

Refs https://cs.opensource.google/go/go/+/refs/tags/go1.17.3:src/crypto/tls/cipher_suites.go;l=329-330

* types/tls: add ValidateConsulAgentCipherSuites function, make direct lookup map private

* types/tls: return all unmatched cipher suites in validation errors

* xds: check that Envoy API value matching TLS version is found when building TlsParameters

* types/tls: check that value is found in map before appending to slice in MarshalEnvoyTLSCipherSuiteStrings

* types/tls: cast to string rather than fmt.Printf in TLSCihperSuite.String()

* xds: add TLSVersionUnspecified to list of configurable cipher suites

* structs: update note about config entry warning

* xds: remove TLS min version cipher suite unconfigurable test placeholder

* types/tls: update tests to remove assumption about private map values

Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2022-01-11 11:46:42 -05:00
Jasmine W 889aa2dd1a
Merge pull request #12002 from hashicorp/kubernetes-service-screenshot
added screenshot of k8s service
2022-01-11 11:34:00 -05:00
Jasmine W e671ea7f60
Merge pull request #11995 from hashicorp/l7-routing-screenshots
Adding UI screenshots to L7 overview
2022-01-11 11:33:20 -05:00
Hannah Hearth 8436b4b0d1 Add CTS and API Gateway to docs on tools page 2022-01-11 10:22:30 -06:00
Jasmine W 8f662c49f6
Update website/content/docs/connect/config-entries/service-splitter.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-11 11:18:49 -05:00
Jasmine W 62583f75fe
Update website/content/docs/connect/config-entries/service-router.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-11 11:18:43 -05:00
Jasmine W d011b1afcb
Update website/content/docs/connect/config-entries/service-resolver.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-11 11:18:36 -05:00
Jasmine W b9bfb424b5 pushing for circleci 2022-01-11 11:16:24 -05:00
Kenia fbb9f5cdf5
ui: Adding Partition to topology card (#11805) 2022-01-11 10:04:06 -05:00
Matt Siegel 24ea879264 Added some missing ACL info, updated details around some permissions, added missing HTTP API refs 2022-01-11 09:41:54 -05:00
Dao Thanh Tung 217e2dc656
URL-encode/decode resource names for HTTP API part 2 (#11957) 2022-01-11 08:52:45 -05:00
Matt Siegel 079f27ee52 Fixed absolute links to HTTP apis. 2022-01-11 08:26:58 -05:00
John Cowen fc8e89d640
ui: Ensure the partition is passed through to the request for the SSO auth URL (#11979)
* Make sure the mocks reflect the requested partition/namespace

* Ensure partition is passed through to the HTTP adapter

* Pass AuthMethod object through to TokenSource in order to use Partition

* Change up docs and add potential improvements for future

* Pass the query partition back onto the response

* Make sure the OIDC callback mock returns a Partition

* Enable OIDC provider mock overwriting during acceptance testing

* Make sure we can enable partitions and SSO post bootup only required

...for now

* Wire up oidc provider mocking

* Add SSO full auth flow acceptance tests
2022-01-11 11:02:46 +00:00
Anthony a217d13e1b
docs: Add CodeBlockConfig to network coordinates page 2022-01-10 22:13:27 -08:00
Connor a4d2dc0ce2
Add go-sockaddr examples for multiple interfaces (#11998)
* Add overview example for multiple interfaces with go-sockaddr

* Include go-sockaddr examples in agent configuration

* Add changelog entry

* Make suggested changes

* Simplify hcl comment

* Update link and fix gRPC

* Switch index.mdx from Tabs to CodeTabs

* Reformat new links for screen readers

* Apply suggestions from code review

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Fix spacing in code block

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-10 20:10:25 -06:00
mrspanishviking 071b3025af
Merge pull request #12016 from hashicorp/Screenshot-Updates
Consul UI Screenshot Updates
2022-01-10 18:05:02 -07:00
Xuan Luo 8ca86265a5
Merge pull request #12017 from hashicorp/doc-changes
Doc changes
2022-01-10 16:33:47 -08:00
Xuan Luo 3ae25bfb58 updated image 2022-01-10 16:29:32 -08:00
Jake Herschman 0925fba881 fixed duplicated image path 2022-01-10 19:08:16 -05:00
Jake Herschman a93ba20343 Updated Consul UI Screenshots 2022-01-10 19:01:42 -05:00
Xuan Luo edb95ce99c docs: add gateway overview illustration 2022-01-10 15:47:57 -08:00
Luke Kysow e30e0a075c
Add distributed tracing docs (#12010)
* Add distributed tracing docs
2022-01-10 15:43:31 -08:00
Jake Herschman 5469bcd6d1 updated topology image 2022-01-10 18:39:35 -05:00
Jake Herschman 52ef50b1da updated datacenter dropdown image 2022-01-10 18:38:41 -05:00
Jake Herschman af77cb65f9 updated topology image 2022-01-10 18:37:51 -05:00
Neena Pemmaraju c20694d453
docs: updated the description of min_quorum 2022-01-10 15:37:36 -08:00