Commit graph

17566 commits

Author SHA1 Message Date
trujillo-adam be6fe11784 applied suggestions from review, udpates to TF secure configuration 2022-06-21 13:20:14 -07:00
trujillo-adam 8dc94aff32 removed terminating and ingress polices from secure manual installation 2022-06-21 09:27:04 -07:00
trujillo-adam f26995bced Merge branch 'main' of github.com:hashicorp/consul into docs-ecs-mesh-gw 2022-06-21 08:53:30 -07:00
David Yu 3a35b181f2
docs: Lambda consul service mesh naming suggestions (#13506)
* docs: Lambda consul service mesh naming suggestions
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-06-21 08:14:43 -07:00
trujillo-adam c0a0227c96
Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>
2022-06-21 08:08:37 -07:00
Chris S. Kim 247b56def3
Pass trust domain to RBAC to validate and fix use of wrong peer trust bundles (#13508) 2022-06-20 22:47:14 -04:00
David Yu b724f8b3ab
docs: Use "error" to use standard log level value (#13507)
* docs: Use "error" to use standard log level value
2022-06-20 16:07:38 -07:00
trujillo-adam cfd9e2e41d fixed links to TF install examples 2022-06-20 14:14:18 -07:00
trujillo-adam 1bd3909a71
Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2022-06-20 14:11:05 -07:00
trujillo-adam c779d224e2
Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2022-06-20 13:53:48 -07:00
trujillo-adam f6d0220af8 incorporated examples from @cthain 2022-06-20 12:38:21 -07:00
trujillo-adam 03a3c44031 Merge remote-tracking branch 'origin/docs/cthain-ecs-mesh-gateway' into docs-ecs-mesh-gw
pulling in change from cthain
2022-06-20 09:47:04 -07:00
Chris Thain b74e8f3713 merge branch main 2022-06-20 09:13:51 -07:00
Chris Thain 569cf68daa Add mesh gateway configuration examples. 2022-06-20 09:07:44 -07:00
trujillo-adam 7249a0326e tweaks to the enterprise section for ecs mesh gateways 2022-06-17 15:17:48 -07:00
trujillo-adam c5c5ef7845 tweaks to the secure configuration for manually installing consul ecs 2022-06-17 15:13:48 -07:00
trujillo-adam 1cee20a644 Added note about manually creating mesh gw not being supported 2022-06-17 14:57:37 -07:00
trujillo-adam 4850a1d4c1 tweaks to the secure TF install section 2022-06-17 14:42:51 -07:00
trujillo-adam 1b1cfa900e minor tweaks to TF install 2022-06-17 14:15:29 -07:00
trujillo-adam e00c5c7554 updates to ECS Terraform install 2022-06-17 12:58:47 -07:00
trujillo-adam 461dbb2e77 Merge branch 'main' of github.com:hashicorp/consul into docs-ecs-mesh-gw 2022-06-17 11:32:05 -07:00
Kyle Schochenmaier 6980975d6f
update helm values docs and annotations (#13487) 2022-06-17 12:47:47 -05:00
John Murret 6b77fa11d9
Docs - k8s - Webhook Certs on Vault (#13441)
* Docs - k8s - Webhook Certs on Vault

* Adding webhook certs to data-integration overview page

* marking items as code

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Updating prerequisites intro

* Updating prerequisites intro

* Updating `Create a Vault auth roles that link the policy to each Consul on Kubernetes service account that requires access` to `Link the Vault policy to Consul workloads`

* changing `Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart` to `Update the Consul on Kubernetes helm chart`.

* Changed `Create a Vault PKI role that establishes the domains that it is allowed to issue certificates for` to `Configure allowed domains for PKI certificates`

* Moved `Create a Vault policy that authorizes the desired level of access to the secret` to the Set up per Consul Datacenter section

* Update website/content/docs/k8s/installation/vault/data-integration/webhook-certs.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Moving Overview above Prerequisites.  Adding sentence where missing after page title.

* Moving Overview above Prerequisites for webhook certs page.

* fixing the end of the overview section that was not moved.

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-06-17 10:23:54 -06:00
trujillo-adam dfcd28048a referred to mesh gateway functionality in ECS overview 2022-06-17 09:04:52 -07:00
Tu Nguyen fa9c1bfcf4
Merge pull request #13466 from hashicorp/consul-lambda-broken-link
Fix broken link in lambda docs
2022-06-17 08:31:10 -07:00
Dan Upton 989b22425c
Move ACLResolveResult into acl/resolver package (#13467)
Having this type live in the agent/consul package makes it difficult to
put anything that relies on token resolution (e.g. the new gRPC services)
in separate packages without introducing import cycles.

For example, if package foo imports agent/consul for the ACLResolveResult
type it means that agent/consul cannot import foo to register its service.

We've previously worked around this by wrapping the ACLResolver to
"downgrade" its return type to an acl.Authorizer - aside from the
added complexity, this also loses the resolved identity information.

In the future, we may want to move the whole ACLResolver into the
acl/resolver package. For now, putting the result type there at least,
fixes the immediate import cycle issues.
2022-06-17 10:24:43 +01:00
DanStough 37694eefb5 feat: tgtwy xDS generation for destinations
Signed-off-by: Dhia Ayachi <dhia@hashicorp.com>
2022-06-16 16:17:49 -04:00
alex d73adfef81
peering: block Intention.Apply ops (#13451)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-06-16 12:07:28 -07:00
alex ba1f235d70
peering, state: account for peer intentions (#13443)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-06-16 10:27:31 -07:00
Luke Kysow d8a2825361
Add type info to options (#13477) 2022-06-16 10:09:39 -07:00
Luke Kysow a7b01600b6
Update index.mdx (#13476) 2022-06-16 09:59:49 -07:00
Sam Salisbury 3712143786
Merge pull request #13469 from hashicorp/correct-redhat-tags
Correct redhat tags
2022-06-16 17:13:37 +01:00
Eric Haberkorn fefb936456
Lambda documentation tweaks (#13459)
Lambda documentation tweaks
2022-06-16 09:00:21 -04:00
Sam Salisbury cf603d51ff correct redgat_tag ospid 2022-06-16 13:28:36 +01:00
Sam Salisbury 1f76000690 strip trailing whitespace 2022-06-16 13:27:37 +01:00
John Cowen 91bdeef373
ui: Fix intl keys in order to render correct messages for empty states (#13409)
* ui: Fix intl keys in order to render correct messages for empty states

* Add a debug only debug log to warn about missing keys
2022-06-16 12:07:04 +01:00
Tu Nguyen 6e0a42b150
Fix broken link in lambda docs 2022-06-15 21:23:56 -07:00
R.B. Boyer 9c5d818546
xds: begin refactor to always pass test snapshots through all xDS types (#13461) 2022-06-15 14:58:28 -05:00
R.B. Boyer 93611819e2
xds: mesh gateways now have their own leaf certificate when involved in a peering (#13460)
This is only configured in xDS when a service with an L7 protocol is
exported.

They also load any relevant trust bundles for the peered services to
eventually use for L7 SPIFFE validation during mTLS termination.
2022-06-15 14:36:18 -05:00
Daniel Upton 8d39e1fd7e docs: instructions for interacting with the private gRPC server locally 2022-06-15 18:26:58 +01:00
Riddhi Shah 414bb7e34e
[OSS] Support merge-central-config option in node services list API (#13450)
Adds the merge-central-config query param option to the /catalog/node-services/:node-name API,
to get a service definition in the response that is merged with central defaults (proxy-defaults/service-defaults).

Updated the consul connect envoy command to use this option when
retrieving the proxy service details so as to render the bootstrap configuration correctly.
2022-06-15 08:30:31 -07:00
Eric Haberkorn eb9c341f5e
Lambda Beta Documentation (#13426)
* Document the `enable_serverless_plugin` Agent Configuration Option (#13372)
* Initial AWS Lambda documentation (#13245)
2022-06-15 11:14:16 -04:00
cskh 340a194894
Load test, upgrade packer version, fix k6s installation (#13382)
- fix sg: need remote access to test server
- Give the load generator a name
- Update loadtest hcl filename in readme
- Add terraform init
- Disable access to the server machine by default
2022-06-15 09:29:38 -04:00
Jared Kirschner a01acbae1b
Merge pull request #13353 from hashicorp/jkirschner-hashicorp-patch-1
docs: show HCP Consul supports CTS enterprise
2022-06-15 00:05:30 -04:00
Evan Culver ca7acd2970
connect: Use Envoy 1.22.2 instead of 1.22.1 (#13444) 2022-06-14 15:29:41 -07:00
Freddy 81fff23841
Merge pull request #13445 from hashicorp/peering/finalize-deletions 2022-06-14 15:58:44 -06:00
freddygv a288d0c388 Avoid deleting peerings marked as terminated.
When our peer deletes the peering it is locally marked as terminated.
This termination should kick off deleting all imported data, but should
not delete the peering object itself.

Keeping peerings marked as terminated acts as a signal that the action
took place.
2022-06-14 15:37:09 -06:00
freddygv a5283e4361 Add leader routine to clean up peerings
Once a peering is marked for deletion a new leader routine will now
clean up all imported resources and then the peering itself.

A lot of the logic was grabbed from the namespace/partitions deferred
deletions but with a handful of simplifications:
- The rate limiting is not configurable.

- Deleting imported nodes/services/checks is done by deleting nodes with
  the Txn API. The services and checks are deleted as a side-effect.

- There is no "round rate limiter" like with namespaces and partitions.
  This is because peerings are purely local, and deleting a peering in
  the datacenter does not depend on deleting data from other DCs like
  with WAN-federated namespaces. All rate limiting is handled by the
  Raft rate limiter.
2022-06-14 15:36:50 -06:00
Evan Culver 2adb9f7c8a
connect: Update Envoy support matrix to latest patch releases (#13431) 2022-06-14 13:19:09 -07:00
alex 6dbcb1d88e
peering: intentions list test (#13435) 2022-06-14 10:59:53 -07:00