This change was necessary, because the configuration was always
generated with a gRPC TLS port, which did not exist in Consul 1.13,
and would result in the server failing to launch with an error.
This code checks the version of Consul and conditionally adds the
gRPC TLS port, only if the version number is greater than 1.14.
* added usage folder to organize use case docs for CAPIgw
* Add peer field to MeshService configuration page
* Add first pass at guide for routing to peered services
* Add exception to same-datacenter restriction for referenced Consul service
* Add example HTTPRoute referencing the MeshService as backendRef
* Add example ServiceResolver
* Add note about current ServiceResolver requirement
ServiceResolver may eventually be created implicitly by the API gateway controller, but that decision is pending.
* tweaks to the usage page for routing to peered services
* tweaks to the description in the configuration reference
* resolved TO-DOs from previous iteration
* Remove datacenter federation from limited support matrix
* added tolerations doc
* Remove note excluding k8s 1.24 since we now support it
* Reorder sections to maintain alphabetical sort
* Add example configuration for MeshService resource
* Adjust wording + indentation of other docs
* Use consistent "example-" prefix for resource names in example code
* reframed the tolerations documentation; STILL A WIP
* add helm chart documentation
* removed tolerations from gwcconfig configuration model reference
* Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* update version to 0.5.0
* Update install.mdx
* added release notes for v.0.5.x
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>
* Consul Architecture update
* Consul on Kubernetes architecture
* Install Consul on Kubernetes with Helm updates
* Vault as the Secrets Backend Data Integration
* Kubernetes Service Mesh Overview
* Terminating Gateways
* Fully updated
* Join external service to k8s
* Consul on Kubernetes
* Configure metrics for Consul on Kubernetes
* Service Sync for Consul on Kubernetes
* Custom Resource Definitions for Consul on k8s
* Upgrading Consul on Kubernetes Components
* Rolling Updates to TLS
* Dataplanes diagram
* Upgrade instructions
* k8s architecture page updates
* Update website/content/docs/k8s/connect/observability/metrics.mdx
Co-authored-by: Riddhi Shah <riddhi@hashicorp.com>
* Update website/content/docs/architecture/index.mdx
* Update website/content/docs/k8s/connect/terminating-gateways.mdx
* CRDs
* updating version numbers
* Updated example config
* Image clean up
* Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
* Update website/content/docs/k8s/architecture.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: Riddhi Shah <riddhi@hashicorp.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Consul used to rely on implicit issuer selection when calling Vault endpoints to issue new CSRs. Vault 1.11+ changed that behavior, which caused Consul to check the wrong (previous) issuer when renewing its Intermediate CA. This patch allows Consul to explicitly set a default issuer when it detects that the response from Vault is 1.11+.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
* Update guidance for vault PKI CA provider
* clarify workarounds if already using vault 1.11+
* Update website/content/docs/connect/ca/vault.mdx
* Update website/content/docs/k8s/connect/connect-ca-provider.mdx
* Update website/content/docs/k8s/deployment-configurations/vault/data-integration/connect-ca.mdx
* Apply suggestions from code review
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
* add suggestion from Matt
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
* fix: clarifying error message when acquiring a lock in remote dc
* Update website/content/commands/lock.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
* auto-config: relax node name validation for JWT authorization
This changes the JWT authorization logic to allow all non-whitespace,
non-quote characters when validating node names. Consul had previously
allowed these characters in node names, until this validation was added
to fix a security vulnerability with whitespace/quotes being passed to
the `bexpr` library. This unintentionally broke node names with
characters like `.` which aren't related to this vulnerability.
* Update website/content/docs/agent/config/cli-flags.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>