Commit Graph

4551 Commits

Author SHA1 Message Date
Matt Keeler 3447880091
Enable running autopilot state updates on all servers (#12617)
* Fixes a lint warning about t.Errorf not supporting %w

* Enable running autopilot on all servers

On the non-leader servers all they do is update the state and do not attempt any modifications.

* Fix the RPC conn limiting tests

Technically they were relying on racey behavior before. Now they should be reliable.
2022-04-07 10:48:48 -04:00
John Murret 6bf3de8e52
k8s docs - ACLs refactor - Updating terminating gateway documentation to call out updating the role rather than the token with the policy (#12612)
* k8s docs - ACLs refactor - Updating terminating gateway documentation to call out updating the role rather than the token with the policy

* Modifying role and policy names based on naming convention change.
2022-04-06 15:54:27 -06:00
Kyle Havlovitz 9380343689
Merge pull request #12672 from hashicorp/tgate-san-validation
Respect SNI with terminating gateways and log a warning if it isn't set alongside TLS
2022-04-05 11:15:59 -07:00
Bryce Kalow 23200990db
website: fix usages of img tag (#12696) 2022-04-05 11:18:57 -05:00
David Yu a49cbf50dd
docs: rename Connect Service Mesh Kubernetes to Consul Service Mesh on Kubernetes (#12690)
* docs:rename Connect Service Mesh Kubernetes to Consul Service Mesh on Kubernetes
2022-04-05 07:46:14 -07:00
Thomas Eckert b4285b56ee
Update Helm docs to reflect 0.42.0 release (#12689)
* Update Helm docs to reflect 0.42.0 release

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-04-04 14:50:59 -07:00
Blake Covarrubias d60e8cd646
docs: Update links to K8s service mesh annotations (#12652)
The list of supported annotations for Consul service mesh were moved
from /docs/k8s/connect to /docs/k8s/annotations-and-labels in PR
#12323.

This commit updates various across the site to point to the new
URL for these annotations.
2022-04-04 14:35:07 -07:00
mrspanishviking 171334b79a
Merge pull request #12687 from hashicorp/acl-fix
docs: fixes broken url in acl overview page
2022-04-04 14:06:09 -07:00
John Murret 9224181958
Updating helm docs with additionalVault and ACLs refactor functionality. (#12669)
* Updating helm docs with additionalVault and ACLs refactor funtionality.

* PR Feedback corrections.

- Fix indentation.
- Fix description of secretName and secretKey to be consistent
- Change description of manageACLsRole to be more clear.
- Make the added vault role field descriptions consistent

* PR Feedback - correcting description for adminPartitionsRole

* Fixing broken shell sessions

* Fixing broken shell sessions by changing shell-session tobecloser tocomment marker
2022-04-04 14:36:19 -06:00
Karl Cardenas 7bd9dec6d0
docs: fixes broken url in acl overview page 2022-04-04 09:47:15 -07:00
Dhia Ayachi a6e7195bdf
documentation for config auto reload feature (#12548)
* add config watcher to the config package

* add logging to watcher

* add test and refactor to add WatcherEvent.

* add all API calls and fix a bug with recreated files

* add tests for watcher

* remove the unnecessary use of context

* Add debug log and a test for file rename

* use inode to detect if the file is recreated/replaced and only listen to create events.

* tidy ups (#1535)

* tidy ups

* Add tests for inode reconcile

* fix linux vs windows syscall

* fix linux vs windows syscall

* fix windows compile error

* increase timeout

* use ctime ID

* remove remove/creation test as it's a use case that fail in linux

* fix linux/windows to use Ino/CreationTime

* fix the watcher to only overwrite current file id

* fix linter error

* fix remove/create test

* set reconcile loop to 200 Milliseconds

* fix watcher to not trigger event on remove, add more tests

* on a remove event try to add the file back to the watcher and trigger the handler if success

* fix race condition

* fix flaky test

* fix race conditions

* set level to info

* fix when file is removed and get an event for it after

* fix to trigger handler when we get a remove but re-add fail

* fix error message

* add tests for directory watch and fixes

* detect if a file is a symlink and return an error on Add

* rename Watcher to FileWatcher and remove symlink deref

* add fsnotify@v1.5.1

* fix go mod

* do not reset timer on errors, rename OS specific files

* rename New func

* events trigger on write and rename

* add missing test

* fix flaking tests

* fix flaky test

* check reconcile when removed

* delete invalid file

* fix test to create files with different mod time.

* back date file instead of sleeping

* add watching file in agent command.

* fix watcher call to use new API

* add configuration and stop watcher when server stop

* add certs as watched files

* move FileWatcher to the agent start instead of the command code

* stop watcher before replacing it

* save watched files in agent

* add add and remove interfaces to the file watcher

* fix remove to not return an error

* use `Add` and `Remove` to update certs files

* fix tests

* close events channel on the file watcher even when the context is done

* extract `NotAutoReloadableRuntimeConfig` is a separate struct

* fix linter errors

* add Ca configs and outgoing verify to the not auto reloadable config

* add some logs and fix to use background context

* add tests to auto-config reload

* remove stale test

* add tests to changes to config files

* add check to see if old cert files still trigger updates

* rename `NotAutoReloadableRuntimeConfig` to `StaticRuntimeConfig`

* fix to re add both key and cert file. Add test to cover this case.

* review suggestion

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>

* add check to static runtime config changes

* fix test

* add changelog file

* fix review comments

* Apply suggestions from code review

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>

* update flag description

Co-authored-by: FFMMM <FFMMM@users.noreply.github.com>

* fix compilation error

* add static runtime config support

* fix test

* fix review comments

* fix log test

* Update .changelog/12329.txt

Co-authored-by: Dan Upton <daniel@floppy.co>

* transfer tests to runtime_test.go

* fix filewatcher Replace to not deadlock.

* avoid having lingering locks

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>

* split ReloadConfig func

* fix warning message

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>

* convert `FileWatcher` into an interface

* fix compilation errors

* fix tests

* extract func for adding and removing files

* add a coalesceTimer with a very small timer

* extract coaelsce Timer and add a shim for testing

* add tests to coalesceTimer fix to send remaining events

* set `coalesceTimer` to 1 Second

* support symlink, fix a nil deref.

* fix compile error

* fix compile error

* refactor file watcher rate limiting to be a Watcher implementation

* fix linter issue

* fix runtime config

* fix runtime test

* fix flaky tests

* fix compile error

* Apply suggestions from code review

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>

* fix agent New to return an error if File watcher New return an error

* add a coalesceTimer with a very small timer

* extract coaelsce Timer and add a shim for testing

* set `coalesceTimer` to 1 Second

* add flag description to agent command docs

* fix link

* add Static runtime config docs

* fix links and alignment

* fix typo

* Revert "add a coalesceTimer with a very small timer"

This reverts commit d9db2fcb8213a81ac761f04b458091409c5fb1ee.

* Revert "extract coaelsce Timer and add a shim for testing"

This reverts commit 0ab86012a415ffeb452acf58e52c9f37c9f49254.

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com>
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
Co-authored-by: FFMMM <FFMMM@users.noreply.github.com>
Co-authored-by: Daniel Upton <daniel@floppy.co>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-04-04 12:01:38 -04:00
FFMMM b0cba2ec03
mark disable_compat_1.9 to deprecate in 1.13, change default to true (#12675)
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
2022-04-01 10:35:56 -07:00
Eric Haberkorn 07a7b0a1ff
Merge pull request #12680 from hashicorp/fix-k8s-dns-service-name
Fix the Kubernetes service name for DNS
2022-04-01 11:03:24 -04:00
Eric bbf0d13fc6 Fix the Kubernetes service name for DNS 2022-04-01 10:38:56 -04:00
Kyle Havlovitz 7a016a4c46 Add doc examples for expanded token read CLI and API 2022-03-31 15:03:41 -07:00
Kyle Havlovitz 116b6c57cb Use the GatewayService SNI field for upstream SAN validation 2022-03-31 13:54:25 -07:00
FFMMM 8dd4e609c1
docs: new rpc metric (#12608) 2022-03-31 13:04:33 -07:00
Kyle Havlovitz cc3c39b920 Recommend SNI with TLS in the terminating gateway docs 2022-03-31 12:19:16 -07:00
Bryce Kalow 04ec4c2aa4
website: redirect /api to /api-docs (#12660) 2022-03-30 16:16:26 -05:00
Mike Morris 3b6fd762ae
website(api-gateway): add common errors page (#12643)
* Adding common errors page for API Gateway

* website(api-gateway): add missing CRDs common error message

* Update website/content/docs/api-gateway/common-errors.mdx

Co-authored-by: Nathan Coleman <nathandanielcoleman@gmail.com>

* Update website/content/docs/api-gateway/common-errors.mdx

Co-authored-by: Nathan Coleman <nathandanielcoleman@gmail.com>

* Update website/content/docs/api-gateway/common-errors.mdx

Co-authored-by: Nathan Coleman <nathandanielcoleman@gmail.com>

* Update website/content/docs/api-gateway/common-errors.mdx

* Additional page editing instructions and formating

* Update website/content/docs/api-gateway/common-errors.mdx

* Update website/content/docs/api-gateway/common-errors.mdx

* Update website/content/docs/api-gateway/common-errors.mdx

* Update website/content/docs/api-gateway/common-errors.mdx

* Update website/content/docs/api-gateway/common-errors.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Apply suggestions from code review

Co-authored-by: Jeff-Apple <79924108+Jeff-Apple@users.noreply.github.com>
Co-authored-by: Nathan Coleman <nathandanielcoleman@gmail.com>
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-03-30 16:05:00 -04:00
R.B. Boyer e9230e93d8
xds: adding control of the mesh-wide min/max TLS versions and cipher suites from the mesh config entry (#12601)
- `tls.incoming`: applies to the inbound mTLS targeting the public
  listener on `connect-proxy` and `terminating-gateway` envoy instances

- `tls.outgoing`: applies to the outbound mTLS dialing upstreams from
  `connect-proxy` and `ingress-gateway` envoy instances

Fixes #11966
2022-03-30 13:43:59 -05:00
Matt Keeler 8d51e22d26
Update raft-boltdb to pull in new writeCapacity metric (#12646) 2022-03-30 11:38:44 -04:00
R.B. Boyer d4e80b8800
server: ensure that service-defaults meta is incorporated into the discovery chain response (#12511)
Also add a new "Default" field to the discovery chain response to clients
2022-03-30 10:04:18 -05:00
Mike Morris 0ae60adff9
website(api-gateway): add consul namespace to helm install (#12644)
* website: api-gateway helm install consul namespace

To mirror instructions at https://learn.hashicorp.com/tutorials/consul/kubernetes-api-gateway

* website(api-gateway): add notes on where to find available versions

* website(api-gateway): fixup link to more clearly indicate Consul Helm chart releases

* Update website/content/docs/api-gateway/api-gateway-usage.mdx
2022-03-29 17:36:21 -04:00
Michele Degges 2f84aabffe
[RelAPI Onboarding] Add release API metadata file (#12591) 2022-03-28 13:45:53 -07:00
mrspanishviking 07a534229d
Merge pull request #12595 from hashicorp/k8s-cli-install
docs: add link to k8s cli install page
2022-03-25 14:09:39 -07:00
Luke Kysow 9d3df6b08b
Update consul-enterprise.mdx (#12622) 2022-03-25 13:00:14 -07:00
Mike Morris 8020fb2098
agent: convert listener config to TLS types (#12522)
* tlsutil: initial implementation of types/TLSVersion

tlsutil: add test for parsing deprecated agent TLS version strings

tlsutil: return TLSVersionInvalid with error

tlsutil: start moving tlsutil cipher suite lookups over to types/tls

tlsutil: rename tlsLookup to ParseTLSVersion, add cipherSuiteLookup

agent: attempt to use types in runtime config

agent: implement b.tlsVersion validation in config builder

agent: fix tlsVersion nil check in builder

tlsutil: update to renamed ParseTLSVersion and goTLSVersions

tlsutil: fixup TestConfigurator_CommonTLSConfigTLSMinVersion

tlsutil: disable invalid config parsing tests

tlsutil: update tests

auto_config: lookup old config strings from base.TLSMinVersion

auto_config: update endpoint tests to use TLS types

agent: update runtime_test to use TLS types

agent: update TestRuntimeCinfig_Sanitize.golden

agent: update config runtime tests to expect TLS types

* website: update Consul agent tls_min_version values

* agent: fixup TLS parsing and compilation errors

* test: fixup lint issues in agent/config_runtime_test and tlsutil/config_test

* tlsutil: add CHACHA20_POLY1305 cipher suites to goTLSCipherSuites

* test: revert autoconfig tls min version fixtures to old format

* types: add TLSVersions public function

* agent: add warning for deprecated TLS version strings

* agent: move agent config specific logic from tlsutil.ParseTLSVersion into agent config builder

* tlsutil(BREAKING): change default TLS min version to TLS 1.2

* agent: move ParseCiphers logic from tlsutil into agent config builder

* tlsutil: remove unused CipherString function

* agent: fixup import for types package

* Revert "tlsutil: remove unused CipherString function"

This reverts commit 6ca7f6f58d268e617501b7db9500113c13bae70c.

* agent: fixup config builder and runtime tests

* tlsutil: fixup one remaining ListenerConfig -> ProtocolConfig

* test: move TLS cipher suites parsing test from tlsutil into agent config builder tests

* agent: remove parseCiphers helper from auto_config_endpoint_test

* test: remove unused imports from tlsutil

* agent: remove resolved FIXME comment

* tlsutil: remove TODO and FIXME in cipher suite validation

* agent: prevent setting inherited cipher suite config when TLS 1.3 is specified

* changelog: add entry for converting agent config to TLS types

* agent: remove FIXME in runtime test, this is covered in builder tests with invalid tls9 value now

* tlsutil: remove config tests for values checked at agent config builder boundary

* tlsutil: remove tls version check from loadProtocolConfig

* tlsutil: remove tests and TODOs for logic checked in TestBuilder_tlsVersion and TestBuilder_tlsCipherSuites

* website: update search link for supported Consul agent cipher suites

* website: apply review suggestions for tls_min_version description

* website: attempt to clean up markdown list formatting for tls_min_version

* website: moar linebreaks to fix tls_min_version formatting

* Revert "website: moar linebreaks to fix tls_min_version formatting"

This reverts commit 38585927422f73ebf838a7663e566ac245f2a75c.

* autoconfig: translate old values for TLSMinVersion

* agent: rename var for translated value of deprecated TLS version value

* Update agent/config/deprecated.go

Co-authored-by: Dan Upton <daniel@floppy.co>

* agent: fix lint issue

* agent: fixup deprecated config test assertions for updated warning

Co-authored-by: Dan Upton <daniel@floppy.co>
2022-03-24 15:32:25 -04:00
Jared Kirschner a004eea0dd
Merge pull request #12602 from hashicorp/jkirschner-hashicorp-patch-1
docs: make gossip threat model more visible
2022-03-23 14:54:17 -04:00
Luke Kysow 6553bf4a2a
Lkysow/docs updates 2 (#12604)
* Document intermediate_cert_ttl
2022-03-23 10:22:08 -07:00
Jared Kirschner 31baed248d
docs: make gossip threat model more visible 2022-03-23 11:46:56 -04:00
Karl Cardenas 626fe75167
docs: removed the word page 2022-03-22 15:51:04 -07:00
Karl Cardenas 1bf4571c8e
docs: add link to k8s cli install page 2022-03-22 15:40:53 -07:00
Jared Kirschner 0d07aa5c57
Merge pull request #12523 from Petenerd/patch-1
Update install.mdx
2022-03-22 16:43:06 -04:00
Michael Wilkerson eb50b3766a updated docs 2022-03-21 13:01:39 -07:00
Jared Kirschner fcec9a18ce docs: mention filtered by ACLs in affected APIs 2022-03-21 09:06:45 -07:00
Jared Kirschner e90c2a6994
Merge pull request #12489 from hashicorp/docs/results-filtered-by-acl-awareness-coordinate
docs: mention filtered by ACLs in coordinate API
2022-03-19 16:17:08 -04:00
Jared Kirschner 724838e600 docs: add filtered by ACLs header curl example 2022-03-18 15:47:08 -07:00
Jared Kirschner 37385058d8 docs: mention filtered by ACLs in coordinate API 2022-03-18 15:47:08 -07:00
David Yu 7cc720a2bc
docs: Correction on rotating gossip key order per DC (#12579)
* docs: Correction on rotating gossip key order per DC
2022-03-18 14:51:11 -07:00
David Yu b1dde225c4
docs: consul-k8s Change "Consul Connect Service Mesh" to "Consul Service Mesh" (#12577) 2022-03-18 12:31:29 -07:00
David Yu 6ab2507f18
docs: Consul K8s Overview update (#12575)
* docs: Consul K8s Overview update

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-03-18 12:01:41 -07:00
David Yu 6363cb16c3
docs: Consul Service Mesh overview - rename of title and K8s getting started (#12574)
* Consul Service Mesh overview - rename of title and K8s getting started

* reformat lines
2022-03-18 08:55:57 -07:00
Dan Upton 57f0f42733
Support per-listener TLS configuration ⚙️ (#12504)
Introduces the capability to configure TLS differently for Consul's
listeners/ports (i.e. HTTPS, gRPC, and the internal multiplexed RPC
port) which is useful in scenarios where you may want the HTTPS or
gRPC interfaces to present a certificate signed by a well-known/public
CA, rather than the certificate used for internal communication which
must have a SAN in the form `server.<dc>.consul`.
2022-03-18 10:46:58 +00:00
Paul Glass 29ae8a4974
Fix broken link in ECS docs 2022-03-17 14:42:49 -05:00
Jacob 578d82fd96
Update ui-visualization.mdx 2022-03-16 10:08:22 -04:00
mrspanishviking 1ae820ea0a
Revert "[Docs] Agent configuration hierarchy " 2022-03-15 16:13:58 -07:00
trujillo-adam 667976c94f fixing merge conflicts part 3 2022-03-15 15:25:03 -07:00
trujillo-adam 33d0ed5e96 fixed merge conflicts pt2 2022-03-15 14:01:24 -07:00
trujillo-adam 60a88bb40f merging new hierarchy for agent configuration 2022-03-14 15:44:41 -07:00