Commit Graph

227 Commits

Author SHA1 Message Date
Mark Anderson 3046ad707b yUpdate website/content/docs/connect/ca/vault.mdx
Port some changes that were made to the backport branch but not in the original PR.

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-31 20:22:12 -07:00
Blake Covarrubias a74710fd45
docs: Remove unnecessary use of CodeBlockConfig (#12974)
Remove empty CodeBlockConfig elements. These elements are not
providing any benefit for the enclosed code blocks. This PR removes
the elements so so that the source is easier to read.
2022-05-11 15:37:02 -07:00
Blake Covarrubias 13ac34c08b
docs: Fix spelling errors across site (#12973) 2022-05-10 07:28:33 -07:00
Mark Anderson f4c4c0e9ae
Update website/content/docs/connect/config-entries/mesh.mdx (#12943)
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Signed-off-by: Mark Anderson <manderson@hashicorp.com>

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-05-05 10:39:53 -07:00
Mark Anderson 18193f2916
Support vault namespaces in connect CA (#12904)
* Support vault namespaces in connect CA

Follow on to some missed items from #12655

From an internal ticket "Support standard "Vault namespace in the
path" semantics for Connect Vault CA Provider"

Vault allows the namespace to be specified as a prefix in the path of
a PKI definition, but our usage of the Vault API includes calls that
don't support a namespaced key. In particular the sys.* family of
calls simply appends the key, instead of prefixing the namespace in
front of the path.

Unfortunately it is difficult to reliably parse a path with a
namespace; only vault knows what namespaces are present, and the '/'
separator can be inside a key name, as well as separating path
elements. This is in use in the wild; for example
'dc1/intermediate-key' is a relatively common naming schema.

Instead we add two new fields: RootPKINamespace and
IntermediatePKINamespace, which are the absolute namespace paths
'prefixed' in front of the respective PKI Paths.

Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-04 19:41:55 -07:00
Mark Anderson e6282c7c64 Docs and changelog edits
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-04 08:50:59 -07:00
Mark Anderson 33bc0a8cb3 Add some docs
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-04 08:50:58 -07:00
Blake Covarrubias 8dc68002f9
docs: Add example Envoy escape hatch configs (#12764)
Add example escape hatch configurations for all supported override
types.
2022-05-02 11:25:59 -07:00
Karl Cardenas 20975a35f6
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-04-26 13:12:53 -07:00
Karl Cardenas 7ead9840b5
docs: updated connect docs and re-deploying missed changes 2022-04-25 10:04:06 -07:00
David Yu ab78b897e4
docs: remove 1.9.x row in Envoy compatibility matrix (#12828) 2022-04-20 19:35:06 -07:00
Evan Culver 9d0b5bf8e9
connect: Add Envoy 1.22 to integration tests, remove Envoy 1.18 (#12805)
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2022-04-18 09:36:07 -07:00
Evan Culver e62745c82c
connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
Natalie Smith b9ec2222db docs: simplify agent docs slugs 2022-04-11 17:38:47 -07:00
Natalie Smith cd73f27c84 docs: fix external links to agent config pages 2022-04-11 17:38:11 -07:00
R.B. Boyer f4eac06b21
xds: ensure that all connect timeout configs can apply equally to tproxy direct dial connections (#12711)
Just like standard upstreams the order of applicability in descending precedence:

1. caller's `service-defaults` upstream override for destination
2. caller's `service-defaults` upstream defaults
3. destination's `service-resolver` ConnectTimeout
4. system default of 5s

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-04-07 16:58:21 -05:00
Kyle Havlovitz 9380343689
Merge pull request #12672 from hashicorp/tgate-san-validation
Respect SNI with terminating gateways and log a warning if it isn't set alongside TLS
2022-04-05 11:15:59 -07:00
Blake Covarrubias d60e8cd646
docs: Update links to K8s service mesh annotations (#12652)
The list of supported annotations for Consul service mesh were moved
from /docs/k8s/connect to /docs/k8s/annotations-and-labels in PR
#12323.

This commit updates various across the site to point to the new
URL for these annotations.
2022-04-04 14:35:07 -07:00
Kyle Havlovitz 116b6c57cb Use the GatewayService SNI field for upstream SAN validation 2022-03-31 13:54:25 -07:00
Kyle Havlovitz cc3c39b920 Recommend SNI with TLS in the terminating gateway docs 2022-03-31 12:19:16 -07:00
Bryce Kalow 04ec4c2aa4
website: redirect /api to /api-docs (#12660) 2022-03-30 16:16:26 -05:00
R.B. Boyer e9230e93d8
xds: adding control of the mesh-wide min/max TLS versions and cipher suites from the mesh config entry (#12601)
- `tls.incoming`: applies to the inbound mTLS targeting the public
  listener on `connect-proxy` and `terminating-gateway` envoy instances

- `tls.outgoing`: applies to the outbound mTLS dialing upstreams from
  `connect-proxy` and `ingress-gateway` envoy instances

Fixes #11966
2022-03-30 13:43:59 -05:00
R.B. Boyer d4e80b8800
server: ensure that service-defaults meta is incorporated into the discovery chain response (#12511)
Also add a new "Default" field to the discovery chain response to clients
2022-03-30 10:04:18 -05:00
David Yu 6363cb16c3
docs: Consul Service Mesh overview - rename of title and K8s getting started (#12574)
* Consul Service Mesh overview - rename of title and K8s getting started

* reformat lines
2022-03-18 08:55:57 -07:00
Dan Upton 57f0f42733
Support per-listener TLS configuration ⚙️ (#12504)
Introduces the capability to configure TLS differently for Consul's
listeners/ports (i.e. HTTPS, gRPC, and the internal multiplexed RPC
port) which is useful in scenarios where you may want the HTTPS or
gRPC interfaces to present a certificate signed by a well-known/public
CA, rather than the certificate used for internal communication which
must have a SAN in the form `server.<dc>.consul`.
2022-03-18 10:46:58 +00:00
Jacob 578d82fd96
Update ui-visualization.mdx 2022-03-16 10:08:22 -04:00
mrspanishviking 1ae820ea0a
Revert "[Docs] Agent configuration hierarchy " 2022-03-15 16:13:58 -07:00
trujillo-adam 667976c94f fixing merge conflicts part 3 2022-03-15 15:25:03 -07:00
trujillo-adam 33d0ed5e96 fixed merge conflicts pt2 2022-03-15 14:01:24 -07:00
trujillo-adam 60a88bb40f merging new hierarchy for agent configuration 2022-03-14 15:44:41 -07:00
Kyle Schochenmaier 6e6e705ae0
update docs (#12543) 2022-03-09 13:24:20 -06:00
Blake Covarrubias 866c8cde4b
docs: Update Kubernetes YAML examples in UI visualization (#12419)
* Update Kubernetes related YAML config examples to document supported
syntax in the latest version of the Helm chart.
* Fix syntax in JSON example configs.

Resolves #12403

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-03-03 21:31:57 -08:00
David Yu 30aff819f7
docs: Envoy 'compatibility' typo (#12513) 2022-03-03 10:50:56 -08:00
David Yu b1035b6f4a
docs: bump Envoy for 1.10.x (#12472)
* docs: bump Envoy for 1.10.x

* update security notes and remove previous versions older than n-2

Envoy 1.9.0 and older have last vulnerability.

* Update envoy.mdx

* Update envoy.mdx

* Update envoy.mdx

* Update envoy.mdx

* formatting

* Update website/content/docs/connect/proxies/envoy.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/connect/proxies/envoy.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2022-03-03 10:34:30 -08:00
Luke Kysow 2a925b7ef1
Update exported-services.mdx (#12499) 2022-03-02 15:57:58 -08:00
Eddie Rowe 56c2f00676 Remove deprecated built-in proxy tutorial reference 2022-03-01 14:35:28 -06:00
Evan Culver 7889071385
connect: Update supported Envoy versions to include 1.19.3 and 1.18.6 2022-02-24 16:59:33 -08:00
Evan Culver 9f4d9f3f74
connect: Upgrade Envoy 1.20 to 1.20.2 (#12443) 2022-02-24 16:19:39 -08:00
Karl Cardenas 568ba392b6
docs: added example for service-router retry 2022-02-24 10:52:41 -07:00
Daniel Nephin 58f3fec54a docs: add docs for using an external CA 2022-02-17 18:21:30 -05:00
Karl Cardenas b1726a7ecb
docs: updated per feedback 2022-02-08 11:02:36 -07:00
Karl Cardenas bdeb752f83
docs: update the wan mesh gateway page 2022-02-08 10:25:27 -07:00
Luke Kysow fcf804043c
docs: update for k8s support for igw and header manip (#12264)
Add docs now that k8s supports these new config entry fields
2022-02-03 14:03:21 -08:00
Blake Covarrubias 4dcb6e8904 docs: Fix discrepancy with sidecar min/max port range
Remove incorrect sidecar port range on docs for built-in proxy.

Updates the bind_port/port fields on the built-in proxy and sidecar
service registration pages to link to the `sidecar_min_port` and
`sidecar_max_port` configuration options for the defined port range.

Fixes #12253
2022-02-02 20:12:00 -08:00
Dan Upton a3c4b85cec
docs: add transparent proxy visual aid (#12211)
Co-authored-by: Paul Banks <banks@banksco.de>
2022-01-28 10:57:37 +00:00
Luke Kysow 0eb453ce17
Update distributed-tracing.mdx with caveat on 128 bit IDs (#12196)
* Update distributed-tracing.mdx
2022-01-26 10:39:33 -08:00
David Yu 3a2d1dfccb
docs: iptables for TProxy requirement (#12180)
* docs: iptables

Add iptables requirement

* Update website/content/docs/connect/transparent-proxy.mdx

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
2022-01-26 10:18:31 -08:00
Blake Covarrubias ea0d3d8d05
docs: Add ingress TLS cipher and version documentation (#12163)
Document the new TLS cipher and version parameters that were added to
ingress gateways in #11576.

Co-authored-by: Mike Morris <mikemorris@users.noreply.github.com>
2022-01-26 08:12:12 -08:00
mrspanishviking 14f6ee5aae
Merge pull request #11980 from krastin/krastin/docsday-ui-viz
adding JSON examples to /docs/connect/observability/ui-visualization
2022-01-24 08:42:46 -07:00
Krastin Krastev 1e550a4c3f fixing K8s notes placement in /docs/connect/observability/ui-visualization 2022-01-24 16:35:18 +01:00