Commit Graph

2656 Commits

Author SHA1 Message Date
Freddy f3ba6a9166
Update force-leave ACL requirement to operator:write (#7033) 2020-01-14 15:40:34 -07:00
Matt Keeler c8294b8595
AuthMethod updates to support alternate namespace logins (#7029) 2020-01-14 10:09:29 -05:00
Matt Keeler baa89c7c65
Intentions ACL enforcement updates (#7028)
* Renamed structs.IntentionWildcard to structs.WildcardSpecifier

* Refactor ACL Config

Get rid of remnants of enterprise only renaming.

Add a WildcardName field for specifying what string should be used to indicate a wildcard.

* Add wildcard support in the ACL package

For read operations they can call anyAllowed to determine if any read access to the given resource would be granted.

For write operations they can call allAllowed to ensure that write access is granted to everything.

* Make v1/agent/connect/authorize namespace aware

* Update intention ACL enforcement

This also changes how intention:read is granted. Before the Intention.List RPC would allow viewing an intention if the token had intention:read on the destination. However Intention.Match allowed viewing if access was allowed for either the source or dest side. Now Intention.List and Intention.Get fall in line with Intention.Matches previous behavior.

Due to this being done a few different places ACL enforcement for a singular intention is now done with the CanRead and CanWrite methods on the intention itself.

* Refactor Intention.Apply to make things easier to follow.
2020-01-13 15:51:40 -05:00
danielehc 71eca6330c
added disclaimer about network segments due to Serf limitations (#7004)
* added disclaimer about network segments due to Serf limitations

using work made at https://github.com/hashicorp/consul/pull/6558 by @thepomeranian

* Lowercasing functionality name

* Update website/source/docs/enterprise/network-segments/index.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

Co-authored-by: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>
2020-01-09 10:41:31 +01:00
danielehc aca0720a0e
Update docs to point to new learn guide (#7003)
* Changed the link to point to new guide
* Removed querystring from link
2020-01-09 10:26:47 +01:00
DevOps Rob 7a4b055f50 Azure MSI for cloud auto-join (#7000)
* Azure MSI documentation

Adding in note about support for Azure MSI authentication method for Cloud auto-join

* fixing text formatting

fixing text formatting

* missing word

missing word - variable

* Update website/source/docs/agent/cloud-auto-join.html.md

Language change to be specific about where the security risk mitigation is concerned

Co-Authored-By: Jack Pearkes <jackpearkes@gmail.com>

Co-authored-by: Jack Pearkes <jackpearkes@gmail.com>
2020-01-08 20:43:45 -05:00
kaitlincarter-hc dcd8153244
updating the ent docs to mention GCP (#7001) 2020-01-07 13:19:34 -08:00
tehmoon 7fead04f2e docs: Fix extraVolumes mount paths in helm.html.md (#7008) 2020-01-07 12:13:09 -08:00
Rémi Lapeyre 6b4050fdbf docs: fix typo in ACL legacy documentation (#7006) 2020-01-07 14:33:56 +01:00
kaitlincarter-hc 21f1e7a1b4
[docs] Managing ACL Policies (#6573)
* New Acl policy guide

* Update website/source/docs/guides/managing-acl-policies.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/guides/managing-acl-policies.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/guides/managing-acl-policies.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/guides/managing-acl-policies.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/guides/managing-acl-policies.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

Co-authored-by: Paul Banks <banks@banksco.de>
2020-01-06 15:44:17 -08:00
kaitlincarter-hc ddaf9e0d44
[docs] New Replication Guide (#5823)
* new replication guide

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: R.B. Boyer <public@richardboyer.net>

* fixing list

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: R.B. Boyer <public@richardboyer.net>

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: R.B. Boyer <public@richardboyer.net>

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: R.B. Boyer <public@richardboyer.net>

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: R.B. Boyer <public@richardboyer.net>

* fixing another list

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: Matt Keeler <mkeeler@users.noreply.github.com>

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: R.B. Boyer <public@richardboyer.net>

* fixing formating

* Updating based on feedback.

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: Matt Keeler <mkeeler@users.noreply.github.com>

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: Judith Malnick <judith@hashicorp.com>

* updating introduction based on feedback

* Update website/source/docs/guides/acl-replication.md

* updating intro based on feedback

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: Judith Malnick <judith@hashicorp.com>

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: Judith Malnick <judith@hashicorp.com>

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: Judith Malnick <judith@hashicorp.com>

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: Judith Malnick <judith@hashicorp.com>

* updating based on feedback

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: Judith Malnick <judith@hashicorp.com>

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: Judith Malnick <judith@hashicorp.com>

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: Judith Malnick <judith@hashicorp.com>

* Additional note about servers

Co-authored-by: R.B. Boyer <public@richardboyer.net>
Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
Co-authored-by: Judith Malnick <judith@hashicorp.com>
2020-01-06 15:35:59 -08:00
kaitlincarter-hc c3f6d8e4cd
New Connect guide for new users (#6749) 2020-01-06 15:17:24 -08:00
Blake Covarrubias 532d6d0d18 Move bootstrapACLs under global key in Helm docs
The global.bootstrapACLs key in the Helm chart docs was inadvertently
moved to a top-level key in commit 12e6ef8, which is incorrect.

This commit reverts that error.
2019-12-21 18:47:42 -08:00
Matt Keeler 9ea83a749b
Revert "Remove docs refs to NS inference from ACL token" (#6976)
This reverts commit 3a8426de9c76e7d8dd2728e4ae78bc4e5e18626a.

# Conflicts:
#	command/flags/http.go
#	website/source/api/acl/binding-rules.html.md
#	website/source/api/acl/policies.html.md
#	website/source/api/acl/roles.html.md
#	website/source/api/acl/tokens.html.md
#	website/source/api/kv.html.md
#	website/source/api/session.html.md
#	website/source/docs/commands/_http_api_namespace_options.html.md
2019-12-20 11:52:50 -05:00
Blake Covarrubias befb914cf6 Add 'kind = connect-proxy' to mesh_gateway.html 2019-12-18 15:35:42 -08:00
Hans Hasselberg 1bf94b01e2
log: handle discard all logfiles properly (#6945)
* Handle discard all logfiles properly

Fixes https://github.com/hashicorp/consul/issues/6892.

The [docs](https://www.consul.io/docs/agent/options.html#_log_rotate_max_files) are stating:

> -log-rotate-max-files - to specify the maximum number of older log
> file archives to keep. Defaults to 0 (no files are ever deleted). Set to
> -1 to disable rotation and discard all log files.

But the `-1` case was not implemented and led to a panic when being
used.

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>
2019-12-18 22:31:22 +01:00
Kyle MacDonald f0befc3b7a
website: embed yt videos on intro pages (#6871)
- website: embed yt videos on intro pages
- for /docs/connect
- for /intro
- css to handle iframe responding at smaller viewports
- Update consul connect video with introductory description. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>
- Update consul connect intro with introductory description. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>
2019-12-18 13:54:39 -05:00
Matt Keeler 5c56aab3be
Change how namespaces are specified for the CLI (#6960) 2019-12-18 11:06:39 -05:00
Blake Covarrubias 1818d55fbb Clarify -retry-join can be provided multiple times
Update -retry-join documentation to explicitly state the option can be
specified multiple times. Add corresponding config example showing
multiple join addresses.
2019-12-17 10:25:14 -08:00
Paul Banks ee100e5d48
Fix formatting and add version info (#6926) 2019-12-13 19:55:48 +00:00
Luke Kysow b7bf7d8ed9
Update Helm docs to match repo 2019-12-13 10:15:58 -08:00
ychuzevi f82e704fa3 docs: Fix documentation for kv store create endpoint (#6940) 2019-12-13 09:12:01 -08:00
Luke Kysow f5b9bc2a00
Document that env vars can't be used for config (#6912)
* Document that env vars can't be used for config

Environment variables are not read for config values when starting the
Consul agent. Document this.
2019-12-12 09:31:24 -08:00
Nate Dobbs aad3bf98b0 docs: Fixed typo for 'consul members' link (#6918)
Quick fix on a small typo I noticed while reading the docs on this command.
2019-12-10 20:42:38 -08:00
Mike Morris 0cf75f495e website: add 1.7.0 Beta announcement to Downloads page (#6911)
* website: add 1.7.0 Beta announcement to Downloads page

* Update downloads.html.erb
2019-12-10 17:09:38 -05:00
freddygv 992dfabd82 Fix typos and add expand wildcard ns docs 2019-12-10 14:04:24 -07:00
freddygv 775ea7af6e Remove docs refs to NS inference from ACL token 2019-12-10 13:50:28 -07:00
Matt Keeler 442924c35a
Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
Iryna Shustava 26cf9e2860
Merge pull request #6902 from hashicorp/k8s-auto-join-min-perms
Clarify the minimum permissions required for k8s auto-join
2019-12-06 13:35:15 -08:00
Iryna Shustava e51e5c0901
Clarify minimum perms required for k8s auto-join 2019-12-06 12:57:47 -08:00
Hans Hasselberg 368d5c643f
tls: auto_encrypt and verify_incoming (#6811) (#6899)
* relax requirements for auto_encrypt on server
* better error message when auto_encrypt and verify_incoming on
* docs: explain verify_incoming on Consul clients.
2019-12-06 21:36:13 +01:00
Luke Kysow 70dc714a48
Link directly to reset 2019-12-06 09:38:52 -08:00
Matt Keeler b9996e6bbe
Add Namespace support to the API module and the CLI commands (#6874)
Also update the Docs and fixup the HTTP API to return proper errors when someone attempts to use Namespaces with an OSS agent.

Add Namespace HTTP API docs

Make all API endpoints disallow unknown fields
2019-12-06 11:14:56 -05:00
Blake Covarrubias da34b90ad8 docs: Fix expose path HTTP listener ports
The listener ports specified in the headings for the HTTP and HTTP2
examples do not match the ports in the corresponding service
registration configurations.

This commit changes the port specified in the heading for the HTTP
listener to match the port used in the service registration example.

In addition, the listener_port specified for the HTTP2 listener is
modified to match the port number specified in the heading.
2019-12-05 09:00:52 -08:00
Li Kexian a013020355 add tencentcloud auto join docs (#6818) 2019-12-05 12:36:44 +00:00
Luke Kysow ce149917e4
Reorg helm chart docs
- Remove duplicate install instructions from the Helm Chart page and
kept them in Running Consul
- Renamed Helm Chart to Helm Chart Reference because that's mostly what
it contains (along with some examples)
- Renamed Running Consul to Installing Consul
- Changed instructions to be for installing using Helm 3 and added
  notes if using Helm 2
- Used release name "hashicorp" so subsequent instructions can be more
concise and pastable, e.g. "port forward to svc/hashicorp-consul-server" vs. "port
forward to svc/<your release name>-consul-server"
- Use config.yaml as the name for the override values file since it
differentiates from the default values.yaml file and its the name of the
file used in the helm docs
(https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing)
2019-12-03 17:49:05 -08:00
Chris Piraino 2a95701341
Allow configuration of upstream connection limits in Envoy (#6829)
* Adds 'limits' field to the upstream configuration of a connect proxy

This allows a user to configure the envoy connect proxy with
'max_connections', 'max_queued_requests', and 'max_concurrent_requests'. These
values are defined in the local proxy on a per-service instance basis
and should thus NOT be thought of as a global-level or even service-level value.
2019-12-03 14:13:33 -06:00
Tyler Ryan 3d46c1a3f5 Docs/consul k8s existing pvc (#6872)
Update docs for using pre-existing PVCs with helm
2019-12-03 11:14:25 -08:00
Luke Kysow ea2570a79b
Merge pull request #6855 from hashicorp/opaque-config-examples
Document how to json encode envoy config
2019-12-02 17:55:07 -08:00
Luke Kysow 841361a0f3
Merge pull request #6798 from hashicorp/namespace-selector-docs
Fix documentation for namespaceSelector
2019-12-02 17:54:04 -08:00
Blake Covarrubias 34914cb76c docs: Rename TTL to Timeout in Script/TCP checks
TTL and Interval options were made mutually exclusive in
https://github.com/hashicorp/consul/pull/3560.

Change to Timeout, which is a correct parameter for HTTP, Script, and
TCP checks.

Resolves #6343
2019-12-02 15:40:49 -08:00
Luke Kysow 8e901d7d4a
Fix documentation for namespaceSelector
Also remove the example for using namespace selector because it requires
labelling a namespace which is harder to explain.
2019-12-02 12:25:38 -08:00
Luke Kysow a0b1cd30a1
Document how to json encode envoy config
It wasn't clear how users should encode their config.
2019-11-29 09:43:42 -08:00
Luke Kysow 87d359bb8c
Fix helm docs bug
If the ServiceAccount isn't applied first, we get an error since the Pod
references a non-existing ServiceAccount
2019-11-29 09:17:56 -08:00
Luke Kysow d7a4347307
Merge pull request #6722 from hashicorp/jump-to-section
Add "jump to section" dropdown
2019-11-26 12:20:26 -08:00
Luke Kysow 21d18471a1
Add "jump to section" dropdown 2019-11-26 11:58:23 -08:00
Matt Keeler 90ae4a1f1e
OSS KV Modifications to Support Namespaces 2019-11-25 12:57:35 -05:00
Matt Keeler 68d79142c4
OSS Modifications necessary for sessions namespacing 2019-11-25 12:07:04 -05:00
rerorero e1c79c69c4 docs: Fix links to K8s L7 observability guide (#6834) 2019-11-22 18:51:33 -08:00
Blake Covarrubias 854a4bbd49 docs: Fix links to Sentinel docs for Consul
Current URL returns a 404 error. Correct links to point to the proper
URL.
2019-11-22 10:41:01 -08:00
kaitlincarter-hc f6785b88b9
removed kubecon banner (#6827) 2019-11-22 11:08:17 -06:00
Paul Banks a84b82b3df
connect: Add AWS PCA provider (#6795)
* Update AWS SDK to use PCA features.

* Add AWS PCA provider

* Add plumbing for config, config validation tests, add test for inheriting existing CA resources created by user

* Unparallel the tests so we don't exhaust PCA limits

* Merge updates

* More aggressive polling; rate limit pass through on sign; Timeout on Sign and CA create

* Add AWS PCA docs

* Fix Vault doc typo too

* Doc typo

* Apply suggestions from code review

Co-Authored-By: R.B. Boyer <rb@hashicorp.com>
Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Doc fixes; tests for erroring if State is modified via API

* More review cleanup

* Uncomment tests!

* Minor suggested clean ups
2019-11-21 17:40:29 +00:00
kaitlincarter-hc 66b3a01616
fixing link (#6817) 2019-11-19 17:36:18 -06:00
kaitlincarter-hc dacbd8137a
Replacing updgrade jtbd with k8s (#6813) 2019-11-19 15:20:55 -06:00
RJ Spiker 3035ba56e7 website - add -moz-osx-font-smoothing for smooth firefox osx fonts (#6755) 2019-11-19 14:43:18 -05:00
Chris Piraino d23dfff333 Improve session API documentation
- Remove incorrect statement that `LockDelay` must be greater than 0
- Add sentence to the top of the page pointing to the internal document
describing the sessions mechanism for more context
2019-11-18 16:20:34 -06:00
kaitlincarter-hc 44dd24d099
[WIP] Kubernetes Docs (#6770)
* adding cloud providers for k8s

* adding links

* added utm parameters

* Updating descriptions

* fix sidenav

* renaming page minikube
2019-11-18 12:00:01 -06:00
Jack Pearkes 766224a285 website: alert for kubecon (#6806)
* website: alert for kubecon

* Update website/source/index.html.erb
2019-11-18 10:41:17 -06:00
Chris Piraino d027daf221 docs: add sentence linking to available service-resolver filters
Resolves #6434
2019-11-18 09:38:36 -06:00
Blake Covarrubias 06cb3d8deb Add missing docs for checks Watch type (#5188)
Add configuration examples for specifying watch checks by health check
state or service, and corresponding CLI examples.

Resolves: #5188
2019-11-13 11:24:35 -08:00
Alvin Huang 95afa5c242
add arm download notes (#6785) 2019-11-13 14:21:50 -05:00
kaitlincarter-hc a7e37417ed
fixing buttons (#6772) 2019-11-12 09:23:45 -06:00
Paul Banks 1197b43c7b
Support Connect CAs that can't cross sign (#6726)
* Support Connect CAs that can't cross sign

* revert spurios mod changes from make tools

* Add log warning when forcing CA rotation

* Fixup SupportsCrossSigning to report errors and work with Plugin interface (fixes tests)

* Fix failing snake_case test

* Remove misleading comment

* Revert "Remove misleading comment"

This reverts commit bc4db9cabed8ad5d0e39b30e1fe79196d248349c.

* Remove misleading comment

* Regen proto files messed up by rebase
2019-11-11 21:36:22 +00:00
kaitlincarter-hc b8e71e6fd3
[Website] Add JTBD - WIP (#6673)
* updating the landing page with jtbd

* changed the buttons to pink

* updating CSS based on John's help

* updating a use case

* updating the language and rearranging the guides

* adding icons

* fixed image width

* fixing buttons and updating traffic splitting language.
2019-11-11 09:26:36 -06:00
John Cowen 2a8f876ec1 docs: Add link to config entries 2019-11-08 09:51:39 -08:00
rogerwelin cbfaedb952 Adds crystal-consul to libraries & sdk docs 2019-11-08 09:37:56 -08:00
Tramale Turner 2d2503262b Update proxies.html.md (#6754)
Missing preposition.
2019-11-08 09:26:44 -08:00
Mr.gao 340c968444 docs: Fix delete config entry description (#6593)
Fix the documentation to correctly state the HTTP DELETE method will
remove the specified config entry.
2019-11-06 11:30:44 -08:00
RJ Spiker 8c11e3a4fc website - font and brand updates (#6716)
* website - font and brand updates

* sidebar font-size adjustments and scss cleanup

* adjust nav and inline code styles
2019-11-06 13:53:36 -05:00
Blake Covarrubias bc42074f57
docs: Miscellaneous docs cleanup (#6742)
Fix spelling errors, API doc inconsistencies, and formatting issues.

* Fix several spelling errors.
* Prepend / to v1/event/list path in Watches.
* Rename script handlers to match Watch type.
* Remove /v1 path prefix on service health API endpoints.

Makes request path consistent with the rest of the HTTP API
documentation which does not include the /v1 prefix.

* Fix bracket formatting issue on Telemetry page.

The HTML codes used for brackets inside of the code block are not
interpolated, and are shown as literal strings.

Replace the numeric HTML codes with the intended character value to
fix display formatting.

Also placed variable reference on agent/options.html inside code block
for consistency with the presentation of other options on the page.

* Add missing word to Coordinate.Node docstring.

Resolves #6014
2019-11-05 20:34:46 -08:00
Thibault Gilles 3d816585f4 Fix docs for replace-existing-checks parameter 2019-11-04 12:34:11 -08:00
Robert Hencke b759bc7c00 [docs] Fix sentence order for GCE Cloud Auto-Join 2019-11-04 12:27:58 -08:00
Rémi Lapeyre db9a83ca08 Fix typo in config HTTP API documentation 2019-11-04 12:26:36 -08:00
Yahya ea3b6986a5 [Docs] Fix typo (#6523) 2019-11-04 15:17:28 -05:00
Charlie Voiselle 3c7587c9ab
Merge pull request #6710 from hashicorp/docs/connect-nomad
[docs] Updating Nomad Consul Connect info
2019-11-04 14:18:03 -05:00
R.B. Boyer 7994712731
docs: fix hcl use on production acls guide (#6739)
Also clean up some general whitespace formatting.
2019-11-04 11:11:59 -06:00
Paul Banks 5f405c3277
Fix support for RSA CA keys in Connect. (#6638)
* Allow RSA CA certs for consul and vault providers to correctly sign EC leaf certs.

* Ensure key type ad bits are populated from CA cert and clean up tests

* Add integration test and fix error when initializing secondary CA with RSA key.

* Add more tests, fix review feedback

* Update docs with key type config and output

* Apply suggestions from code review

Co-Authored-By: R.B. Boyer <rb@hashicorp.com>
2019-11-01 13:20:26 +00:00
R.B. Boyer e0e3ec1f32
docs: mention that all logging flags also work in the config file (#6705) 2019-10-31 16:15:48 -05:00
Luke Kysow db2ca07f98
Merge pull request #6583 from hashicorp/connect-annotations
Document new annotations for Connect injections
2019-10-31 12:58:43 -07:00
Alexandra Freeman 48ba388ec9 Update mediums on main community page (#6699)
Updating all .io Community sites to direct practitioners to the Forum as the first medium for communicating with other users and HashiCorp employees. Deleted Gitter link and Google Group link, as these will be phased out over the next few months. Updated what appeared to be a typo on the page description. Chatted with Nic Jackson before submitting PR.
2019-10-31 14:52:23 -04:00
kaitlincarter-hc 18484ae775 removed the term easy and updated the formatting 2019-10-29 15:59:21 -05:00
Charlie Voiselle 820b2bc8f1 Updating Nomad Consul Connect info 2019-10-29 16:53:25 -04:00
Sarah Christoff 86b30bbfbe
Set MinQuorum variable in Autopilot (#6654)
* Add MinQuorum to Autopilot
2019-10-29 09:04:41 -05:00
Sarah Christoff 969d51781a
Update -protocol doc (#6681)
* Update -protocol to have more clear version wording

Co-Authored-By: Judith Malnick <judith.patudith@gmail.com>
2019-10-29 08:41:28 -05:00
Luke Kysow 7a08629b32
Merge pull request #6683 from hashicorp/service-account-connect-inject-docs
Document service account name requirements
2019-10-28 10:26:52 -07:00
Luke Kysow 1b1b41b62e
Document service account name requirements
If ACLs are enabled, service account name must match the name of the
service in Consul.

Fixes https://github.com/hashicorp/consul-helm/issues/202
2019-10-24 16:51:51 -07:00
kaitlincarter-hc fd8e6d1a65
missed UTM parameter (#6679) 2019-10-24 12:29:54 -05:00
kaitlincarter-hc 4fbe4f40ca
fixing ACL reset links (#6678) 2019-10-24 12:22:08 -05:00
kaitlincarter-hc 136a7a2fa8
Top Navigation change (#6630)
* Changed Guides to Learn in the top nav and added utm parameters to the guide index page

* Update website/source/docs/guides/index.html.md

* Update website/source/docs/guides/index.html.md

* Update website/source/layouts/layout.erb
2019-10-21 14:19:27 -05:00
kaitlincarter-hc b5b7925264
updating broken link (#6633) 2019-10-16 16:18:39 -05:00
PHBourquin 16ca8340c1 Checks to passing/critical only after reaching a consecutive success/failure threshold (#5739)
A check may be set to become passing/critical only if a specified number of successive
checks return passing/critical in a row. Status will stay identical as before until
the threshold is reached.
This feature is available for HTTP, TCP, gRPC, Docker & Monitor checks.
2019-10-14 21:49:49 +01:00
kaitlincarter-hc 1a373271e3
[docs] Adding Links to Learn (#6611)
* adding links to Learn

* fixing a couple typos

* adding utm paramaters

* Update website/source/docs/connect/registration/sidecar-service.md

* Update website/source/docs/connect/registration/sidecar-service.md

* Update website/source/docs/acl/acl-system.html.md

* Update website/source/docs/acl/acl-system.html.md

* Update website/source/docs/agent/encryption.html.md

Co-Authored-By: Judith Malnick <judith.patudith@gmail.com>

* Update website/source/docs/connect/proxies/built-in.md

Co-Authored-By: Judith Malnick <judith.patudith@gmail.com>

* Update website/source/docs/connect/registration/sidecar-service.md

Co-Authored-By: Judith Malnick <judith.patudith@gmail.com>

* Update website/source/docs/install/index.html.md

Co-Authored-By: Judith Malnick <judith.patudith@gmail.com>

* Update website/source/docs/agent/kv.html.md

* Update website/source/docs/connect/security.html.md

* Update website/source/docs/connect/security.html.md

* Update website/source/docs/internals/architecture.html.md
2019-10-14 10:40:35 -05:00
Blake Covarrubias 84e9a35a06 Add Consul's L7 features to Istio comparison
Add text listing Consul's L7 features (via Envoy). Re-organize text to
flow similarly to Istio section.

Co-Authored-By: Judith Malnick <judith.patudith@gmail.com>
2019-10-10 11:33:34 -07:00
Luke Kysow 9093b99dfd
Document new annotations for Connect injections 2019-10-04 15:31:24 -07:00
Sarah Christoff 9b93dd93c9
Prune Unhealthy Agents (#6571)
* Add -prune flag to ForceLeave
2019-10-04 16:10:02 -05:00
Freddy 349fa7f97d
Update Force Leave docs (#6550)
Fixes #2742

Previously the docs didn't clarify that if a server restarts as a client then force-leave won't lead to removing the node from the raft config. This is because the node, which is alive after a restart, will refute messages about it having left . These messages about members leaving are in turn what trigger Consul's leader to remove a server from raft.
2019-09-27 17:49:28 -06:00
Mike Morris 3434c8289d
docs: add managed proxy removal note to specific version upgrade notes (#6557) 2019-09-27 10:52:47 -04:00
Judith Malnick 746f786a9f
Specify that mesh gateways require Envoy (#6506)
* Specify that mesh gateways must operate on L7

* Add feedback from Matt

* clarify gateway requirements
2019-09-26 20:06:58 -07:00
Freddy 5eace88ce2
Expose HTTP-based paths through Connect proxy (#6446)
Fixes: #5396

This PR adds a proxy configuration stanza called expose. These flags register
listeners in Connect sidecar proxies to allow requests to specific HTTP paths from outside of the node. This allows services to protect themselves by only
listening on the loopback interface, while still accepting traffic from non
Connect-enabled services.

Under expose there is a boolean checks flag that would automatically expose all
registered HTTP and gRPC check paths.

This stanza also accepts a paths list to expose individual paths. The primary
use case for this functionality would be to expose paths for third parties like
Prometheus or the kubelet.

Listeners for requests to exposed paths are be configured dynamically at run
time. Any time a proxy, or check can be registered, a listener can also be
created.

In this initial implementation requests to these paths are not
authenticated/encrypted.
2019-09-25 20:55:52 -06:00
Alvin Huang e8605da914
remove alert bar on homepage (#6544) 2019-09-25 17:28:14 -04:00
R.B. Boyer cc889443a5
connect: don't colon-hex-encode the AuthorityKeyId and SubjectKeyId fields in connect certs (#6492)
The fields in the certs are meant to hold the original binary
representation of this data, not some ascii-encoded version.

The only time we should be colon-hex-encoding fields is for display
purposes or marshaling through non-TLS mediums (like RPC).
2019-09-23 12:52:35 -05:00
Jack Pearkes 7736be1b5c
website: update alert bar on homepage (#6518)
Per @changli0617
2019-09-20 15:32:25 -07:00
Luke Kysow 9ee27c49ff
Merge pull request #6511 from hashicorp/code-highlighting
Give code blocks coloured background
2019-09-20 10:35:53 -07:00
Luke Kysow 65258a0fb3
Merge pull request #6460 from hashicorp/helm-wait
Update consul-helm enterprise docs for ACLs
2019-09-19 15:32:27 -07:00
Bartek Jaroszewski 3be27beba3 website, add git2consul-go to the tools list (#6286)
Signed-off-by: bjaroszewski <bjaroszewski@griddynamics.com>
2019-09-19 17:20:50 -05:00
Luke Kysow c5fca5d4b5
Update consul-helm enterprise docs for ACLs
If ACLs are added then slightly different commands are needed.
2019-09-19 15:09:38 -07:00
Luke Kysow bd789f1011
Update Consul DNS on kube docs
- fix instructions for CoreDNS (it updated)
- fix instructions for new component names
- recommend installing with the name 'consul'
- add disclaimer that catalog sync is not always required
- clean up example values.yaml files
2019-09-19 15:09:38 -07:00
Luke Kysow 7ac70493c6
Give code blocks coloured background
This will make them stand out more and matches the style of terraform.io
2019-09-19 14:53:28 -07:00
Iryna Shustava ca98bd0eb8
Merge pull request #6500 from hashicorp/typo-fix
Fix typo in "Service Ports" section
2019-09-18 13:11:52 -07:00
kaitlincarter-hc 483870b01a
[docs]Updated Containers Guide (#6215)
* Adding the updated containers guide that will be deployed on Learn only.

* Update website/source/docs/guides/containers-guide.md

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>

* Update website/source/docs/guides/containers-guide.md

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>

* Update website/source/docs/guides/containers-guide.md

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>

* Update website/source/docs/guides/containers-guide.md

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>

* Update website/source/docs/guides/containers-guide.md

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>

* Update website/source/docs/guides/containers-guide.md

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>

* Update website/source/docs/guides/containers-guide.md

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>

* Update website/source/docs/guides/containers-guide.md

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md
2019-09-17 13:35:46 -07:00
Iryna Shustava b3f1b5afd5
Fix typo in "Service Ports" section 2019-09-17 12:05:04 -07:00
Blake Covarrubias d6f2371fcd docs: Fix typo in acl/acl-rules 2019-09-13 19:50:35 -07:00
Blake Covarrubias 2888e444c2 docs: Add .tgz to snapshot restore example (#6476) 2019-09-13 19:48:49 -07:00
Hans Hasselberg 62de041a36
docs (Consul Enterprise): Google Cloud Storage snapshot documentation (#6480) 2019-09-13 17:54:15 +02:00
Jud White 25aab18339 docs: fix typo in install/performance (#6428) 2019-09-09 21:23:25 +01:00
dcallao 876a7cbef9 fixed broken links on consul program page (#6463) 2019-09-06 17:18:59 -04:00
dcallao 58f19c5918 docs: added Consul Integration Program Docs Page (#6459)
* adding the Consul Integration Program page in docs section
2019-09-06 14:52:18 -04:00
John Cowen 5134140b5b
docs: Fix discovery chain internals link (#6449) 2019-09-05 13:56:50 +01:00
Aestek 19c4459d19 Add option to register services and their checks idempotently (#4905) 2019-09-02 09:38:29 -06:00
Matt Keeler f8d49dc4da
TxnCheckOp has a `Check` field not a `Service` field (#6418) 2019-08-28 15:57:41 -04:00
Freddy 51fbcc5fcd
Rephrase bind docs (#6394) 2019-08-26 11:31:55 -06:00
R.B. Boyer 2d4a3b51d0
Merge pull request #6388 from hashicorp/release/1-6
merging release/1-6 into master
2019-08-23 13:44:46 -05:00
Anudeep Reddy 02197b2cd2 Update observability.html.md (#6379) 2019-08-23 17:07:48 +02:00
danielehc 992b1a8d88
Update agent.html.markdown.erb (#6380)
Adding a note on how to make Consul trust S3-compatible storage that expose a self-signed certificate.
2019-08-23 16:09:41 +02:00
Jack Pearkes 88b7db3b79 website: fix typo on mesh page (#6368)
Fixes #6345.
2019-08-21 16:35:11 -05:00
R.B. Boyer 17bf364668
docs: remove beta references; leave version notation (#6372) 2019-08-21 16:23:08 -05:00
R.B. Boyer e7b8032b48
docs: document how envoy escape hatches work with the discovery chain (#6350)
- Bootstrap escape hatches are OK.
- Public listener/cluster escape hatches are OK.
- Upstream listener/cluster escape hatches are not supported.

If an unsupported escape hatch is configured and the discovery chain is
activated log a warning and act like it was not configured.

Fixes #6160
2019-08-21 15:10:12 -05:00
Alvin Huang 387557dc34 Merge Consul OSS branch 'master' at commit ce9cfc773d529ae4b8259d195323c0c350c1f9f1 2019-08-21 16:07:04 -04:00
R.B. Boyer 5f9acb6894 docs: fixing L7 config entries documentation (#6358)
- add service-router example involving gRPC
- fix indentation on service-router page by splitting it up
- remove reference to removed setting
2019-08-21 12:29:53 -05:00
R.B. Boyer e04395ae1a docs: add documentation for discovery chains
Fixes #6273
2019-08-21 12:29:53 -05:00
Ján Dzurek e79a3a9e19 docs: ports docs missing paren fix (#6367) 2019-08-21 10:23:03 +02:00
hashicorp-ci f3a46e5a48 Merge Consul OSS branch 'master' at commit a7ded1bd8efcbc3c67978f050b6f16ec5e8a832d 2019-08-21 02:00:53 +00:00
Matt Keeler 80b67c50da
Turned on Envoy 1.11.1 integration tests (#6347)
I also ran this against 1.5.2 so the docs update claiming compatibility should still be accurate.
2019-08-20 10:20:13 -04:00
John Cowen 54c345babf
docs: Fix typo layey > layer (#6352) 2019-08-20 10:16:30 +02:00
Tyler Ryan ac1282eb6c
Merge pull request #6341 from tryan225/docs/autopilot-updates
Clarifying autopilot bootstrap and config options
2019-08-19 13:36:50 -07:00
Jack Pearkes 957cda2884
website: update the vs. envoy and proxies page (#6326)
* website: update the vs. envoy and proxies page

This is the second result on Google for "consul envoy" and
it seemed like it needed a bit of an upgrade to help clarify the
current state.

* Update website/source/intro/vs/proxies.html.md

Co-Authored-By: Judith Malnick <judith.patudith@gmail.com>

* Update website/source/intro/vs/proxies.html.md

Co-Authored-By: Judith Malnick <judith.patudith@gmail.com>

* Update website/source/intro/vs/proxies.html.md

Co-Authored-By: Judith Malnick <judith.patudith@gmail.com>

* Update website/source/intro/vs/proxies.html.md

Co-Authored-By: Judith Malnick <judith.patudith@gmail.com>

* Apply suggestions from code review

Co-Authored-By: Judith Malnick <judith.patudith@gmail.com>
2019-08-16 14:25:24 -07:00
tryan225 a57dbc0d2a Clarifying autopilot bootstrap and config options 2019-08-16 10:54:13 -07:00
hashicorp-ci fcf8b12e8e Merge Consul OSS branch 'master' at commit 23cf22960af00a02530f51327d9566c8b52e4de7 2019-08-16 02:00:30 +00:00
mattc41190 7757a0186b Fix 404 (#6300)
On page: https://www.consul.io/discovery.html

If you click the link for Health Checks -> Learn More the underlying resource is:

https://learn.hashicorp.com/consul/getting-started/checks

This page for me is a 404. I think you've bundled it together in the following page:

Register a Service and Health Check - Service Discovery

Located at: https://learn.hashicorp.com/consul/getting-started/services

Thanks for Consul, it's really awesome.
2019-08-15 14:04:30 -07:00
hashicorp-ci 29767157ed Merge Consul OSS branch 'master' at commit 8f7586b339dbb518eff3a2eec27d7b8eae7a3fbb 2019-08-13 02:00:43 +00:00
Sarah Adams 2f7a90bc52
add flag to allow /operator/keyring requests to only hit local servers (#6279)
Add parameter local-only to operator keyring list requests to force queries to only hit local servers (no WAN traffic).

HTTP API: GET /operator/keyring?local-only=true
CLI: consul keyring -list --local-only

Sending the local-only flag with any non-GET/list request will result in an error.
2019-08-12 11:11:11 -07:00
hashicorp-ci eb53f9175c Merge Consul OSS branch 'master' at commit 8241787e922955e973c0e762ad3cb8db1804f6cd 2019-08-11 02:01:18 +00:00
Jake Lundberg a530fee06e docs: Update consul-helm example to pull latest tag 2019-08-09 16:33:43 -06:00
Mike Morris d163740bbf
website: restore accidental JSON deletion [skip ci] (#6303) 2019-08-09 15:32:54 -04:00
Mike Morris 88df658243
connect: remove managed proxies (#6220)
* connect: remove managed proxies implementation and all supporting config options and structs

* connect: remove deprecated ProxyDestination

* command: remove CONNECT_PROXY_TOKEN env var

* agent: remove entire proxyprocess proxy manager

* test: remove all managed proxy tests

* test: remove irrelevant managed proxy note from TestService_ServerTLSConfig

* test: update ContentHash to reflect managed proxy removal

* test: remove deprecated ProxyDestination test

* telemetry: remove managed proxy note

* http: remove /v1/agent/connect/proxy endpoint

* ci: remove deprecated test exclusion

* website: update managed proxies deprecation page to note removal

* website: remove managed proxy configuration API docs

* website: remove managed proxy note from built-in proxy config

* website: add note on removing proxy subdirectory of data_dir
2019-08-09 15:19:30 -04:00
Matt Keeler ef7cbc5850
mesh-gateway ACL tokens should also have `node:read` on everyth… (#6291) 2019-08-07 13:52:57 -04:00
Alvin Huang ae898a4a33 Merge remote-tracking branch 'origin/master' into release/1-6 2019-08-02 18:09:32 -04:00
Omer Zach 1e80fc9c0f Fix typo in architecture.html.md (#6261) 2019-08-01 12:21:37 -06:00
Venkata Krishna Annam 5011f305e0 docs: Fix minor mistakes in index.html.md (#6239) 2019-08-01 12:57:26 -05:00
freddygv 00157a2c1f Update default gossip encryption key size to 32 bytes 2019-07-30 09:45:41 -06:00