Mark Anderson
db0c61303f
Update mesh config tests
...
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-04 08:50:59 -07:00
Mark Anderson
e6282c7c64
Docs and changelog edits
...
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-04 08:50:59 -07:00
Mark Anderson
c6dbc34172
Fixup missed config entry
...
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-04 08:50:59 -07:00
Mark Anderson
33bc0a8cb3
Add some docs
...
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-04 08:50:58 -07:00
Mark Anderson
d8f4cc5537
Add x-forwarded-client-cert headers
...
Description
Add x-fowarded-client-cert information on trusted incoming connections.
Envoy provides support forwarding and annotating the
x-forwarded-client-cert header via the forward_client_cert_details
set_current_client_cert_details filter fields. It would be helpful for
consul to support this directly in its config. The escape hatches are
a bit cumbersome for this purpose.
This has been implemented on incoming connections to envoy. Outgoing
(from the local service through the sidecar) will not have a
certificate, and so are left alone.
A service on an incoming connection will now get headers something like this:
```
X-Forwarded-Client-Cert:[By=spiffe://efad7282-d9b2-3298-f6d8-38b37fb58df3.consul/ns/default/dc/dc1/svc/counting;Hash=61ad5cbdfcb50f5a3ec0ca60923d61613c149a9d4495010a64175c05a0268ab2;Cert="-----BEGIN%20CERTIFICATE-----%0AMIICHDCCAcOgAwIBAgIBCDAKBggqhkjOPQQDAjAxMS8wLQYDVQQDEyZwcmktMTli%0AYXdyb2YuY29uc3VsLmNhLmVmYWQ3MjgyLmNvbnN1bDAeFw0yMjA0MjkwMzE0NTBa%0AFw0yMjA1MDIwMzE0NTBaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARVIZ7Y%0AZEXfbOGBfxGa7Vuok1MIng%2FuzLQK2xLVlSTIPDbO5hstTGP%2B%2FGx182PYFP3jYqk5%0Aq6rYWe1wiPNMA30Io4H8MIH5MA4GA1UdDwEB%2FwQEAwIDuDAdBgNVHSUEFjAUBggr%0ABgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH%2FBAIwADApBgNVHQ4EIgQgrp4q50oX%0AHHghMbxz5Bk8OJFWMdfgH0Upr350WlhyxvkwKwYDVR0jBCQwIoAgUe6uERAIj%2FLM%0AyuFzDc3Wbp9TGAKBJYAwyhF14ToOQCMwYgYDVR0RAQH%2FBFgwVoZUc3BpZmZlOi8v%0AZWZhZDcyODItZDliMi0zMjk4LWY2ZDgtMzhiMzdmYjU4ZGYzLmNvbnN1bC9ucy9k%0AZWZhdWx0L2RjL2RjMS9zdmMvZGFzaGJvYXJkMAoGCCqGSM49BAMCA0cAMEQCIDwb%0AFlchufggNTijnQ5SUcvTZrWlZyq%2FrdVC20nbbmWLAiAVshNNv1xBqJI1NmY2HI9n%0AgRMfb8aEPVSuxEHhqy57eQ%3D%3D%0A-----END%20CERTIFICATE-----%0A";Chain="-----BEGIN%20CERTIFICATE-----%0AMIICHDCCAcOgAwIBAgIBCDAKBggqhkjOPQQDAjAxMS8wLQYDVQQDEyZwcmktMTli%0AYXdyb2YuY29uc3VsLmNhLmVmYWQ3MjgyLmNvbnN1bDAeFw0yMjA0MjkwMzE0NTBa%0AFw0yMjA1MDIwMzE0NTBaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARVIZ7Y%0AZEXfbOGBfxGa7Vuok1MIng%2FuzLQK2xLVlSTIPDbO5hstTGP%2B%2FGx182PYFP3jYqk5%0Aq6rYWe1wiPNMA30Io4H8MIH5MA4GA1UdDwEB%2FwQEAwIDuDAdBgNVHSUEFjAUBggr%0ABgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH%2FBAIwADApBgNVHQ4EIgQgrp4q50oX%0AHHghMbxz5Bk8OJFWMdfgH0Upr350WlhyxvkwKwYDVR0jBCQwIoAgUe6uERAIj%2FLM%0AyuFzDc3Wbp9TGAKBJYAwyhF14ToOQCMwYgYDVR0RAQH%2FBFgwVoZUc3BpZmZlOi8v%0AZWZhZDcyODItZDliMi0zMjk4LWY2ZDgtMzhiMzdmYjU4ZGYzLmNvbnN1bC9ucy9k%0AZWZhdWx0L2RjL2RjMS9zdmMvZGFzaGJvYXJkMAoGCCqGSM49BAMCA0cAMEQCIDwb%0AFlchufggNTijnQ5SUcvTZrWlZyq%2FrdVC20nbbmWLAiAVshNNv1xBqJI1NmY2HI9n%0AgRMfb8aEPVSuxEHhqy57eQ%3D%3D%0A-----END%20CERTIFICATE-----%0A";Subject="";URI=spiffe://efad7282-d9b2-3298-f6d8-38b37fb58df3.consul/ns/default/dc/dc1/svc/dashboard]
```
Closes #12852
2022-05-04 08:50:58 -07:00
claire labry
1cd73d7a71
Merge pull request #12917 from hashicorp/add-release-config-key
...
Add config key to the promote-staging event
2022-05-03 17:26:46 -04:00
Amier Chery
b51cc46e43
Merge pull request #12631 from driesgroblerw/patch-1
...
Updated the link to acl-policies
2022-05-03 14:59:05 -04:00
DanStough
64b339aca7
chore(ci): fix backport-assistant for stable website
2022-05-03 14:36:46 -04:00
Kyle Havlovitz
369f4848e3
Merge pull request #12885 from hashicorp/acl-err-cache
...
Store and return RPC error in ACL cache entries
2022-05-03 10:44:22 -07:00
Kyle Havlovitz
3bd001fb29
Return ACLRemoteError from cache and test it correctly
2022-05-03 10:05:26 -07:00
DanStough
b1a1ddf78f
chore(ci): fix backport assistant
2022-05-03 12:41:12 -04:00
R.B. Boyer
7d20b68959
ci: upgrade bats and the circle machine executors to get integration tests to function again ( #12918 )
...
Bonus change: send less context when building the test-sds-server to
speed up the setup.
2022-05-03 11:21:32 -05:00
Claire Labry
b147910a95
Add config key to the promote-staging event
2022-05-03 11:58:14 -04:00
FFMMM
4cd68b4534
[sync oss] api: add peering api module ( #12911 )
2022-05-02 11:49:05 -07:00
Blake Covarrubias
8dc68002f9
docs: Add example Envoy escape hatch configs ( #12764 )
...
Add example escape hatch configurations for all supported override
types.
2022-05-02 11:25:59 -07:00
DanStough
5fa882127e
chore(ci): add initial support for backport assistant
2022-05-02 11:14:32 -04:00
Jared Kirschner
304eb8a95d
Merge pull request #12762 from hashicorp/jkirschner-hashicorp-patch-1
...
docs: use correct previous name of recovery token
2022-04-29 18:35:56 -04:00
Chris S. Kim
829554c706
peering: Make Upstream peer-aware ( #12900 )
...
Adds DestinationPeer field to Upstream.
Adds Peer field to UpstreamID and its string conversion functions.
2022-04-29 18:12:51 -04:00
Jared Kirschner
23b3f88141
Merge pull request #12902 from hashicorp/jkirschner-hashicorp-patch-2
...
docs: fix typo
2022-04-29 17:59:26 -04:00
Jared Kirschner
4b315c6ffd
docs: fix typo
2022-04-29 17:57:21 -04:00
Jared Kirschner
c8676a4564
Merge pull request #12893 from hashicorp/docs/improve-consul-server-resilience
...
docs: add guidance on improving Consul resilience
2022-04-29 15:42:09 -04:00
Chris S. Kim
33bfaf5671
Cleanup peering files that used error types that were removed ( #12892 )
2022-04-29 14:02:26 -04:00
Jared Kirschner
2ab5559a6a
docs: add guidance on improving Consul resilience
...
Discuss available strategies for improving server-level and infrastructure-level
fault tolerance in Consul.
2022-04-29 10:58:03 -07:00
Jeff Apple
d6fdaa608f
Merge pull request #12891 from hashicorp/docs-api-gateway-0.2.1
...
Docs: update for API Gateway v0.2.1
2022-04-29 10:50:04 -07:00
Mathew Estafanous
893b740dff
Unify various status errors into one HTTP error type. ( #12594 )
...
Replaces specific error types for HTTP Status codes with
a generic HTTPError type.
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
2022-04-29 13:42:49 -04:00
Jeff-Apple
70e5ccfe59
Dcos: update for API Gateway v0.2.1
2022-04-29 09:52:00 -07:00
Jared Kirschner
3867ce2355
Merge pull request #11810 from hashicorp/update-enterprise-packaging-in-feature-docs
...
Update enterprise packaging in feature docs
2022-04-28 19:38:59 -04:00
Jared Kirschner
1e161b8c1b
docs: improve ent overview headings
2022-04-28 16:27:34 -07:00
Jared Kirschner
e4a66931a9
docs: explicitly fill all ent feature matrix cells
2022-04-28 12:41:37 -07:00
Chris S. Kim
6e7d17052c
Add a Github action to remind people about backport automation ( #12884 )
2022-04-28 14:52:41 -04:00
Kyle Havlovitz
f84ed5f70b
Store and return rpc error in acl cache entries
2022-04-28 09:08:55 -07:00
Jeff Apple
6ec2cfe8a0
Merge pull request #12874 from hashicorp/japple-api-gw-fix-install-doc
...
Docs: updated versions on install page and other minor fixes.
2022-04-27 17:24:51 -07:00
Jeff-Apple
04409f7164
Docs: updated versions on install page and other minor fixes.
2022-04-27 16:52:52 -07:00
Mike Morris
22c02b002d
website(consul-api-gateway): fixup stray div tag and step 8 link rendering ( #12873 )
2022-04-27 19:36:01 -04:00
Karl Cardenas
da4adcd808
Merge pull request #12872 from hashicorp/markdown-fix
...
docs: fixes makdown leakage
2022-04-27 14:20:19 -07:00
Karl Cardenas
89c32164d7
docs: fixes makdown leakage
2022-04-27 14:15:39 -07:00
Jared Kirschner
ce9e72778c
docs: update HCP Consul feature matrix
2022-04-27 12:44:00 -07:00
Nathan Coleman
ebacee3d13
Merge pull request #12871 from hashicorp/apigw-crd-version
...
Update version pin for consul-api-gateway install docs
2022-04-27 14:23:05 -05:00
Nathan Coleman
a9a0416266
Update version pin for consul-api-gateway CRD install
2022-04-27 15:07:02 -04:00
Jeff Apple
1f8f4e5d27
Merge pull request #12863 from hashicorp/api-gateway-v0.2-docs
...
Update product docs for release of Consul API Gateway v0.2
2022-04-27 12:01:23 -07:00
Nathan Coleman
498b80b284
Update minimum Consul version in Tech Specs
2022-04-27 14:55:55 -04:00
Jeff-Apple
d110933167
correction to the API Gateway 0.2 release notes.
2022-04-27 11:53:27 -07:00
Nathan Coleman
865fa7c480
Instruct user to update apiGateway.image in values.yaml
2022-04-27 14:47:15 -04:00
Jeff-Apple
14030b261e
Adding release notes for API Gateway v0.2
2022-04-27 11:44:39 -07:00
Nathan Coleman
f678d8aeda
Hide clipboard for codeblocks that shouldn't be copied
2022-04-27 14:37:51 -04:00
trujillo-adam
48a2ef9722
hid copy fn for codeblocks that don't need it
2022-04-27 11:34:44 -07:00
Mike Morris
955f23628f
website(consul-api-gateway): add ReferencePolicy to overview docs ( #12861 )
...
* website(consul-api-gateway): add ReferencePolicy to overview docs
* website(consul-api-gateway): bump required Consul Helm chart version
For allowing Consul API Gateway controller to read ReferencePolicy
resources and UX improvement re-using connectInject.consulNamespaces
config for Consul API Gateway config.
* added referencepolicy documentation to route section
* Update website/content/docs/api-gateway/consul-api-gateway-install.mdx
Co-authored-by: Mike Morris <mikemorris@users.noreply.github.com>
* Update website/content/docs/api-gateway/consul-api-gateway-install.mdx
Co-authored-by: Mike Morris <mikemorris@users.noreply.github.com>
* Update website/content/docs/api-gateway/consul-api-gateway-install.mdx
Co-authored-by: Mike Morris <mikemorris@users.noreply.github.com>
* Update website/content/docs/api-gateway/consul-api-gateway-install.mdx
Co-authored-by: Mike Morris <mikemorris@users.noreply.github.com>
* Update website/content/docs/api-gateway/consul-api-gateway-install.mdx
Co-authored-by: Mike Morris <mikemorris@users.noreply.github.com>
* Update consul-api-gateway-install.mdx
* Update consul-api-gateway-install.mdx
* Update website/content/docs/api-gateway/consul-api-gateway-install.mdx
Co-authored-by: Nathan Coleman <nathandanielcoleman@gmail.com>
* Update website/content/docs/api-gateway/consul-api-gateway-install.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/api-gateway/consul-api-gateway-install.mdx
* Update website/content/docs/api-gateway/consul-api-gateway-install.mdx
* Update website/content/docs/api-gateway/index.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/api-gateway/index.mdx
* Update website/content/docs/api-gateway/index.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>
Co-authored-by: Nathan Coleman <nathandanielcoleman@gmail.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2022-04-27 14:25:42 -04:00
Nathan Coleman
7f0755a4f1
Update website/content/docs/api-gateway/upgrade-specific-versions.mdx
...
Co-authored-by: Karl Cardenas <kcardenas@hashicorp.com>
2022-04-27 14:24:28 -04:00
Nathan Coleman
019907a51a
Update website/content/docs/api-gateway/upgrade-specific-versions.mdx
...
Co-authored-by: Karl Cardenas <kcardenas@hashicorp.com>
2022-04-27 14:23:57 -04:00
Nathan Coleman
0727a0f4fd
Update website/content/docs/api-gateway/upgrade-specific-versions.mdx
...
Co-authored-by: Karl Cardenas <kcardenas@hashicorp.com>
2022-04-27 14:23:48 -04:00