R.B. Boyer
ba6b24babf
connect: ensure all vault connect CA tests use limited privilege tokens ( #15669 )
...
All of the current integration tests where Vault is the Connect CA now use non-root tokens for the test. This helps us detect privilege changes in the vault model so we can keep our guides up to date.
One larger change was that the RenewIntermediate function got refactored slightly so it could be used from a test, rather than the large duplicated function we were testing in a test which seemed error prone.
2022-12-06 10:06:36 -06:00
R.B. Boyer
a88d1239e3
Detect Vault 1.11+ import in secondary datacenters and update default issuer ( #15661 )
...
The fix outlined and merged in #15253 fixed the issue as it occurs in the primary
DC. There is a similar issue that arises when vault is used as the Connect CA in a
secondary datacenter that is fixed by this PR.
Additionally: this PR adds support to run the existing suite of vault related integration
tests against the last 4 versions of vault (1.9, 1.10, 1.11, 1.12)
2022-12-05 15:39:21 -06:00
Curt Bushko
a98011ccce
Update consul-k8s docs based on the consul-k8s release/1.0.x branch ( #15678 )
2022-12-05 13:20:14 -08:00
David Yu
f9b40bae8a
docs: Update Consul K8s CRDs ( #15675 )
2022-12-05 13:06:02 -08:00
Jeff Boruszak
0fa97b6d83
docs: Agentless performance clarifications ( #15671 )
...
* Requested changes
2022-12-05 12:43:15 -08:00
Chris S. Kim
5d06668248
Add warn log when all ACL policies are filtered out ( #15632 )
2022-12-05 11:26:10 -05:00
Evan Culver
78c0b2bde0
Fix broken link to Consul Dataplane index ( #15660 )
...
The `/index` appears to result in a 404.
2022-12-03 10:17:06 -08:00
Jared Kirschner
f73f0eb17f
docs: clarify Vault CA provider permissions needed ( #15478 )
2022-12-03 09:17:33 -05:00
Jared Kirschner
145289dc08
Clarify Vault CA changelog entry ( #15662 )
2022-12-02 20:16:49 -05:00
James Oulman
6321087fda
docs: fix agent catalog-services caching method ( #15645 )
...
* docs: fix agent catalog-services caching method
2022-12-02 18:42:49 +00:00
Dao Thanh Tung
6d519c7343
Fixing CLI ACL token processing unexpected precedence ( #15274 )
...
* Fixing CLI ACL token processing unexpected precedence
* Minor flow format and add Changelog
* Fixed failed tests and improve error logging message
* Add unit test cases and minor changes from code review
* Unset env var once the test case finishes running
* remove label FINISH
2022-12-02 12:19:52 -05:00
am-ak
c27e246715
docs: Correct a typo in checks.mdx ( #15426 )
...
* Update checks.mdx
Correcting a typo under `UDP + Interval`
* Update website/content/docs/discovery/checks.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-12-02 08:22:32 -08:00
skpratt
400d3fc1da
update docs for exp v2 licensing changes ( #15563 )
2022-12-01 11:30:29 -06:00
Chris S. Kim
61e808ab6e
clean up go.mod ( #15638 )
2022-12-01 16:24:35 +00:00
cskh
426c2b72d2
integ-test: test consul upgrade from the snapshot of a running cluster ( #15595 )
...
* integ-test: test consul upgrade from the snapshot of a running cluster
* use Target version as default
Co-authored-by: Dan Stough <dan.stough@hashicorp.com>
2022-12-01 10:39:09 -05:00
Dan Stough
2f56c1bdfe
chore: updates from 1.14.2 release ( #15633 )
...
* chore: updates from 1.14.2 release
2022-11-30 22:15:58 -05:00
David Yu
6091b44524
CHANGELOG: add alpn config for ingress and connect proxy ( #15613 )
2022-11-30 15:47:52 -08:00
David Yu
c5243808f6
docs: fix typos helm install ( #15625 )
...
* fix typos helm install and small compat matrix change related to host ports not required any longer
2022-11-30 12:36:40 -08:00
Michael Wilkerson
862e4410a8
added changelog for enterprise only change ( #15621 )
2022-11-30 11:39:20 -08:00
Tyler Wendlandt
4a7fe5625a
ui: Add ServerExternalAddresses to peer token create form ( #15555 )
...
* ui: Add ServerExternalAddresses field to token generation
* Add test for ServerExternalAddresses on peer token create
* Add changelog entry
* Update translations
* Format hbs files
* Update translations
2022-11-30 11:42:36 -07:00
R.B. Boyer
a8411976a8
peering: better represent non-passing states during peer check flattening ( #15615 )
...
During peer stream replication we flatten checks from the source cluster and build one thin overall check to hide the irrelevant details from the consuming cluster. This flattening logic did correctly flip to non-passing if there were any non-passing checks, but WHICH status it got during that was random (warn/error).
Also it didn't represent "maintenance" operations. There is an api package call AggregatedStatus which more correctly flattened check statuses.
This PR replicated the more complete logic into the peer stream package.
2022-11-30 11:29:21 -06:00
Freddy
7641d10184
Remove log line about server mgmt token init ( #15610 )
...
* Remove log line about server mgmt token init
Currently the server management token is only being bootstrapped in the
primary datacenter. That means that servers on the secondary datacenter
will never have this token available, and would log this line any time a
token is resolved.
Bootstrapping the token in secondary datacenters will be done in a
follow-up.
* Add changelog entry
2022-11-29 17:56:03 -05:00
James Oulman
71f7f2e3dc
Add support for configuring Envoys route idle_timeout ( #14340 )
...
* Add idleTimeout
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2022-11-29 17:43:15 -05:00
Chris S. Kim
ecd4307b7c
docs: Update acl-tokens.mdx ( #15607 )
2022-11-29 16:20:39 -05:00
Conrad Kleinespel
4b721838c1
Fix AWS IAM trusted identity entity_tags.<key> ( #14727 )
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-11-29 12:34:28 -08:00
David Yu
bea255102e
docs: typo on cluster peering k8s ( #15602 )
2022-11-29 11:49:54 -08:00
David Yu
327b8ec7a8
docs: Clean up k8s cluster peering instructions ( #15592 )
2022-11-29 10:58:13 -08:00
Derek Menteer
79bef1982f
Add peering `.service` and `.node` DNS lookups. ( #15596 )
...
Add peering `.service` and `.node` DNS lookups.
2022-11-29 12:23:18 -06:00
cskh
a070840dc7
docs: clarify envoy proxy configuration ( #15562 )
...
- Specify using the service config entry to configure
service's envoy proxy
- add missing fields in proxy.config
2022-11-28 20:33:54 -05:00
David Yu
90ca02b70d
docs: Fix language to describe clients previously ran on each node ( #15580 )
2022-11-28 14:50:48 -08:00
cskh
92e71318c1
fix(peering): increase the gRPC limit to 8MB ( #15503 )
...
* fix(peering): increase the gRPC limit to 50MB
* changelog
* update gRPC limit to 8MB
2022-11-28 17:48:43 -05:00
Jeff Boruszak
c537bb51f9
Load Balancer addition ( #15583 )
2022-11-28 16:48:01 -06:00
David Yu
7dde0d70fe
docs: Update Consul K8s Release Notes to mention updates to Cluster Peering ( #15573 )
2022-11-28 13:26:56 -08:00
Chris S. Kim
efffcd56d0
Fix Vault managed intermediate PKI bug ( #15525 )
2022-11-28 16:17:58 -05:00
Jeff Boruszak
fb8b3d63b2
docs: Dataplane performance impact ( #15566 )
...
* New image + performance considerations
* Image related updates
* Update website/content/docs/connect/dataplane/index.mdx
Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2022-11-28 14:33:22 -06:00
Dan Stough
c696516e11
chore(ci): update backport-assistant to use gh automerge ( #14839 )
2022-11-28 13:21:04 -05:00
Dan Stough
4795de72f5
[OSS] chore(ci): add auto-approve workflow for consul bot ( #15533 )
2022-11-28 12:29:46 -05:00
Jared Kirschner
0d23452578
docs: add peering control plane diagrams ( #15498 )
2022-11-26 09:37:56 -05:00
Chris S. Kim
450c8b9eff
[OSS] Add boilerplate for proto files implementing BlockableQuery ( #15554 )
2022-11-25 15:46:56 -05:00
Nitya Dhanushkodi
e72dd6254a
update docs with mesh and proxydefaults config ( #15526 )
2022-11-24 10:02:47 -08:00
Chris S. Kim
4ad4cb1183
Use backport-compatible assertion ( #15546 )
...
* Use backport-compatible assertion
* Add workaround for broken apt-get
2022-11-24 11:44:20 -05:00
Chris S. Kim
d146a3d542
Use rpcHoldTimeout to calculate blocking timeout ( #15541 )
...
Adds buffer to clients so that servers have time to respond to blocking queries.
2022-11-24 10:13:02 -05:00
Chris Thain
650d4b45fb
Snapshot agent docs updates ( #15504 )
2022-11-22 06:13:13 -08:00
Chris Thain
f9b85cbee6
Add changelog for snapshot agent updates ( #15516 )
2022-11-22 06:11:46 -08:00
Tu Nguyen
245a1e471d
fix typo in cluster peering docs ( #15519 )
2022-11-21 13:51:40 -08:00
Jared Kirschner
68f74a197c
docs: add retry_max agent config option ( #15487 )
2022-11-21 16:16:56 -05:00
Derek Menteer
8c3d314c6c
Add 1.14.1 release updates. ( #15514 )
...
Add post-release changes for 1.14.1 updates.
2022-11-21 13:35:30 -06:00
Jeff Boruszak
de9213a10b
ServerExternalAddresses parameter clarification ( #15506 )
2022-11-21 11:51:09 -06:00
Dan Stough
141f6c7591
docs: revert peering API changes ( #15505 )
2022-11-21 12:45:51 -05:00
Derek Menteer
519a2ae563
Add -grpc-ca-file and -grpc-ca-path CLI info on upgrade notes. ( #15500 )
...
* Add -grpc-ca-file and -grpc-ca-path CLI info on upgrade notes.
2022-11-21 09:41:29 -06:00