Commit Graph

18424 Commits

Author SHA1 Message Date
trujillo-adam f6d0220af8 incorporated examples from @cthain 2022-06-20 12:38:21 -07:00
Nathan Coleman e33d4e3cb2 ReferenceGrant -> ReferencePolicy 2022-06-20 15:25:15 -04:00
Nitya Dhanushkodi 39ff759d86 upstream annotation 2022-06-20 10:33:00 -07:00
trujillo-adam 03a3c44031 Merge remote-tracking branch 'origin/docs/cthain-ecs-mesh-gateway' into docs-ecs-mesh-gw
pulling in change from cthain
2022-06-20 09:47:04 -07:00
Nitya Dhanushkodi 7e8b21a0e0 add peering helm value 2022-06-20 09:16:31 -07:00
Chris Thain b74e8f3713 merge branch main 2022-06-20 09:13:51 -07:00
Chris Thain 569cf68daa Add mesh gateway configuration examples. 2022-06-20 09:07:44 -07:00
Max Bowsher 884a63431e Delete definition of metric `consul.acl.blocked.node.registration`
Although the metric is defined, there is no code which ever sets its
value - the code in question is genuinely asymmetric - there are 3 types
of object for which registration can be tracked, but only 2 for which
deregistration can be tracked.
2022-06-19 17:38:04 +01:00
Max Bowsher 3f93b3cc88 Fix incorrect name and doc for kv_entries metric
The name of the metric as registered with the metrics library to provide
the help string, was incorrect compared with the actual code that sets
the metric value - bring them into sync.

Also, the help message was incorrect. Rather than copy the help message
from telemetry.mdx, which was correct, but felt a bit unnatural in the
way it was worded, update both of them to a new wording.
2022-06-19 11:58:23 +01:00
Freddy 902e76d304
Additional service mesh docs updates for peering (#13464)
This PR covers two sets of changes:
- Documenting the new `destination_peer` for proxy upstream definitions.
- Updating the exported-services config entry documentation.

Updates to the `exported-services` config entry include:
- As of 1.13.0 it is no longer only for Consul Enterprise
- A `PeerName` is now a possible consumer for an exported service.
- Added examples for OSS and Enterprise
- Linked to peering docs
2022-06-17 18:40:38 -06:00
trujillo-adam 7249a0326e tweaks to the enterprise section for ecs mesh gateways 2022-06-17 15:17:48 -07:00
trujillo-adam c5c5ef7845 tweaks to the secure configuration for manually installing consul ecs 2022-06-17 15:13:48 -07:00
trujillo-adam 1cee20a644 Added note about manually creating mesh gw not being supported 2022-06-17 14:57:37 -07:00
trujillo-adam 4850a1d4c1 tweaks to the secure TF install section 2022-06-17 14:42:51 -07:00
trujillo-adam 1b1cfa900e minor tweaks to TF install 2022-06-17 14:15:29 -07:00
trujillo-adam e00c5c7554 updates to ECS Terraform install 2022-06-17 12:58:47 -07:00
Jeff Boruszak 1e6ddc8f82
Apply suggestions from code review 2022-06-17 13:36:20 -05:00
trujillo-adam 461dbb2e77 Merge branch 'main' of github.com:hashicorp/consul into docs-ecs-mesh-gw 2022-06-17 11:32:05 -07:00
Kyle Schochenmaier 6980975d6f
update helm values docs and annotations (#13487) 2022-06-17 12:47:47 -05:00
Jeff Boruszak 4c520323a5
Update website/content/docs/connect/cluster-peering/create-manage-peering.mdx 2022-06-17 12:35:35 -05:00
Jeff Boruszak 85463445b4
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-06-17 12:31:11 -05:00
John Murret 6b77fa11d9
Docs - k8s - Webhook Certs on Vault (#13441)
* Docs - k8s - Webhook Certs on Vault

* Adding webhook certs to data-integration overview page

* marking items as code

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Updating prerequisites intro

* Updating prerequisites intro

* Updating `Create a Vault auth roles that link the policy to each Consul on Kubernetes service account that requires access` to `Link the Vault policy to Consul workloads`

* changing `Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart` to `Update the Consul on Kubernetes helm chart`.

* Changed `Create a Vault PKI role that establishes the domains that it is allowed to issue certificates for` to `Configure allowed domains for PKI certificates`

* Moved `Create a Vault policy that authorizes the desired level of access to the secret` to the Set up per Consul Datacenter section

* Update website/content/docs/k8s/installation/vault/data-integration/webhook-certs.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Moving Overview above Prerequisites.  Adding sentence where missing after page title.

* Moving Overview above Prerequisites for webhook certs page.

* fixing the end of the overview section that was not moved.

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-06-17 10:23:54 -06:00
trujillo-adam dfcd28048a referred to mesh gateway functionality in ECS overview 2022-06-17 09:04:52 -07:00
Tu Nguyen fa9c1bfcf4
Merge pull request #13466 from hashicorp/consul-lambda-broken-link
Fix broken link in lambda docs
2022-06-17 08:31:10 -07:00
Dan Upton 989b22425c
Move ACLResolveResult into acl/resolver package (#13467)
Having this type live in the agent/consul package makes it difficult to
put anything that relies on token resolution (e.g. the new gRPC services)
in separate packages without introducing import cycles.

For example, if package foo imports agent/consul for the ACLResolveResult
type it means that agent/consul cannot import foo to register its service.

We've previously worked around this by wrapping the ACLResolver to
"downgrade" its return type to an acl.Authorizer - aside from the
added complexity, this also loses the resolved identity information.

In the future, we may want to move the whole ACLResolver into the
acl/resolver package. For now, putting the result type there at least,
fixes the immediate import cycle issues.
2022-06-17 10:24:43 +01:00
Kyle Havlovitz 6bcd065270 Add changelog note 2022-06-16 18:26:25 -07:00
Kyle Havlovitz 7c5ef2aa3f command: Add TLS support for envoy prometheus endpoint 2022-06-16 17:53:05 -07:00
sarahalsmiller 1c610cb01d
Update upgrade-specific-versions.mdx 2022-06-16 15:36:27 -05:00
Chris S. Kim 42f7d6a403
Update docs with peer query parameter (#13462)
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2022-06-16 16:25:44 -04:00
DanStough 37694eefb5 feat: tgtwy xDS generation for destinations
Signed-off-by: Dhia Ayachi <dhia@hashicorp.com>
2022-06-16 16:17:49 -04:00
alex d73adfef81
peering: block Intention.Apply ops (#13451)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-06-16 12:07:28 -07:00
alex ba1f235d70
peering, state: account for peer intentions (#13443)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-06-16 10:27:31 -07:00
Luke Kysow d8a2825361
Add type info to options (#13477) 2022-06-16 10:09:39 -07:00
Luke Kysow a7b01600b6
Update index.mdx (#13476) 2022-06-16 09:59:49 -07:00
Sam Salisbury 3712143786
Merge pull request #13469 from hashicorp/correct-redhat-tags
Correct redhat tags
2022-06-16 17:13:37 +01:00
Chris S. Kim 4b0ffb227a
Update docs with Source.Peer field (#13463) 2022-06-16 09:30:05 -04:00
Eric Haberkorn fefb936456
Lambda documentation tweaks (#13459)
Lambda documentation tweaks
2022-06-16 09:00:21 -04:00
Sam Salisbury cf603d51ff correct redgat_tag ospid 2022-06-16 13:28:36 +01:00
Sam Salisbury 1f76000690 strip trailing whitespace 2022-06-16 13:27:37 +01:00
John Cowen 91bdeef373
ui: Fix intl keys in order to render correct messages for empty states (#13409)
* ui: Fix intl keys in order to render correct messages for empty states

* Add a debug only debug log to warn about missing keys
2022-06-16 12:07:04 +01:00
Tu Nguyen 6e0a42b150
Fix broken link in lambda docs 2022-06-15 21:23:56 -07:00
Jeff Boruszak 93a50d5b12
Additional consistency edits 2022-06-15 16:25:57 -05:00
Jeff Boruszak 8bd57c75fe
Apply suggestions from code review
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2022-06-15 16:15:03 -05:00
Freddy 082bc3632b
Add peering endpoint API docs (#13454) 2022-06-15 14:18:14 -06:00
R.B. Boyer 9c5d818546
xds: begin refactor to always pass test snapshots through all xDS types (#13461) 2022-06-15 14:58:28 -05:00
Nathan Coleman 521e040356 Add note about expected status for invalid CertificateRef 2022-06-15 15:46:46 -04:00
R.B. Boyer 93611819e2
xds: mesh gateways now have their own leaf certificate when involved in a peering (#13460)
This is only configured in xDS when a service with an L7 protocol is
exported.

They also load any relevant trust bundles for the peered services to
eventually use for L7 SPIFFE validation during mTLS termination.
2022-06-15 14:36:18 -05:00
Jeff Boruszak 3b85a9dda2
Update website/data/docs-nav-data.json
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-06-15 14:26:54 -05:00
Jeff Boruszak 627173110b
Update website/content/docs/connect/cluster-peering/index.mdx 2022-06-15 14:26:40 -05:00
Jeff Boruszak 1a6eea4fc3
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-06-15 14:23:18 -05:00