Commit Graph

18670 Commits (0b742a0d75d70c52cadf2fad845f2a3a398e5cda)

Author SHA1 Message Date
Pablo Ruiz García 1f293e5244
Added new auto_encrypt.grpc_server_tls config option to control AutoTLS enabling of GRPC Server's TLS usage
Fix for #14253

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-08-24 12:31:38 -04:00
DanStough ca228aad8d doc: tproxy destination fixes 2022-08-24 11:31:05 -04:00
Tyler Wendlandt cdc6fd89d3
ui: Replace file-mask with file-text icon usage on policy list (#14275) 2022-08-24 06:44:01 -06:00
Dan Upton 3b993f2da7
dataplane: update envoy bootstrap params for consul-dataplane (#14017)
Contains 2 changes to the GetEnvoyBootstrapParams response to support
consul-dataplane.

Exposing node_name and node_id:

consul-dataplane will support providing either the node_id or node_name in its
configuration. Unfortunately, supporting both in the xDS meta adds a fair amount
of complexity (partly because most tables are currently indexed on node_name)
so for now we're going to return them both from the bootstrap params endpoint,
allowing consul-dataplane to exchange a node_id for a node_name (which it will
supply in the xDS meta).

Properly setting service for gateways:

To avoid the need to special case gateways in consul-dataplane, service will now
either be the destination service name for connect proxies, or the gateway
service name. This means it can be used as-is in Envoy configuration (i.e. as a
cluster name or in metric tags).
2022-08-24 12:03:15 +01:00
twunderlich-grapl bb35a8303d
Clarify docs around using either Consul or Vault managed PKI paths (#13295)
* Clarify docs around using either Consul or Vault managed PKI paths

The current docs can be misread to indicate that you need both the
Consul and Vault managed PKI Paths policies. The [Learning Tutorial](https://learn.hashicorp.com/tutorials/consul/vault-pki-consul-connect-ca?in=consul/vault-secure#create-vault-policies)
is clearer. This tries to make the original docs as clear as the
learning tutorial

* Clarify that PKI secret engines are used to store certs

Co-authored-by: Blake Covarrubias <blake.covarrubias@gmail.com>
2022-08-23 17:06:00 -07:00
Rosemary Wang 8d6b73aed0
Clarify transparent proxy documentation (#14301)
* Clarify transparent proxy documentation

Some confusion over known limitations for transparent proxy, specifically over federation versus cluster peering.
Updated `KubeDNS` to Kubernetes DNS for consistency with Kubernetes documentation.

Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2022-08-23 14:52:03 -07:00
Tu Nguyen 4b06add255 more more reshuffling 2022-08-23 13:04:21 -07:00
Tu Nguyen 21d8358761 more reshuffling 2022-08-23 13:00:04 -07:00
Tu Nguyen c56802132c more reshuffling 2022-08-23 12:41:44 -07:00
Daniel Upton 13c04a13af proxycfg: terminate stream on irrecoverable errors
This is the OSS portion of enterprise PR 2339.

It improves our handling of "irrecoverable" errors in proxycfg data sources.

The canonical example of this is what happens when the ACL token presented by
Envoy is deleted/revoked. Previously, the stream would get "stuck" until the
xDS server re-checked the token (after 5 minutes) and terminated the stream.

Materializers would also sit burning resources retrying something that could
never succeed.

Now, it is possible for data sources to mark errors as "terminal" which causes
the xDS stream to be closed immediately. Similarly, the submatview.Store will
evict materializers when it observes they have encountered such an error.
2022-08-23 20:17:49 +01:00
Ashwin Venkatesh 24a3975494
Updates docs for CRDs (#14267)
Co-authored-by: NicoletaPopoviciu <nicoleta@hashicorp.com>
2022-08-23 15:14:36 -04:00
Tyler Wendlandt cb1043d8ac
ui: Update badge / pill icon sizing (#14282)
* Update badge icon sizing to be 16x16

* Update icon sizing in pill component
2022-08-23 13:02:40 -06:00
Chris S. Kim 81e965479b PR feedback to specify Node name in test mock 2022-08-23 11:51:04 -04:00
Jared Kirschner eb645453d6
Merge pull request #13999 from hashicorp/docs/improve-dns-lookup-variable-consistency
docs: improve consistency of DNS lookup variables
2022-08-23 09:53:04 -04:00
Jared Kirschner 589e7cfab4 docs: improve consistency of DNS lookup variables
Previously, some variables were wrapped in < > while others were not,
creating ambiguity in whether some labels were a string literal or a
variable.

Now, all variables are wrapped in < >.
2022-08-23 06:47:17 -07:00
Jared Kirschner 1200e83c3b
Merge pull request #14034 from hashicorp/make-proxy-sidecar-for-case-insensitive
Allow uppercase in proxy launch -sidecar-for arg
2022-08-23 09:37:39 -04:00
Jared Kirschner 3bbe803d7a
Merge pull request #13967 from hashicorp/jkirschner-hashicorp-patch-3
docs: link pq docs to relevant DNS lookup section
2022-08-23 09:23:49 -04:00
Eric Haberkorn 58901ad7df
Cluster peering failover disco chain changes (#14296) 2022-08-23 09:13:43 -04:00
Jared Kirschner b0ef7a6674 docs: link pq docs to relevant DNS lookup section 2022-08-23 06:02:47 -07:00
Jared Kirschner 888fbce828
Merge pull request #14221 from hashicorp/jkirschner-hashicorp-patch-1
docs: update k8s vault connect ca config docs
2022-08-23 09:02:16 -04:00
Jared Kirschner 4f920610bf docs: update k8s vault connect ca config docs
- Add namespace to additionalConfig example
- Improve the link to additional configuration options available
2022-08-23 05:49:40 -07:00
Tu Nguyen 046a046861 Reshuffle Docs nav IA 2022-08-22 21:37:03 -07:00
Tu Nguyen 1688683dee Merge branch 'main' of ssh://github.com/hashicorp/consul 2022-08-22 19:45:15 -07:00
Nathan Coleman 97fcfc215f
Merge pull request #14288 from hashicorp/apigw-docs-x-namespace-cert
Add example code for cross-namespace certificateRefs
2022-08-22 18:23:57 -04:00
Nathan Coleman c1be820d85
Update website/content/docs/api-gateway/configuration/gateway.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-08-22 16:22:43 -04:00
Nathan Coleman 596ab31262
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-08-22 15:14:30 -04:00
Chris S. Kim cdc8b0634d Fix flakes 2022-08-22 14:45:31 -04:00
Nathan Coleman 226bfa8203
Update website/content/docs/api-gateway/configuration/gateway.mdx 2022-08-22 14:40:43 -04:00
Nathan Coleman 022c155660
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-08-22 14:31:19 -04:00
Chris S. Kim 03e92826aa Increase heartbeat rate to reduce test flakes 2022-08-22 14:24:05 -04:00
Luke Kysow 60c82757ea
Update requirements.mdx (#14286)
* Update requirements.mdx
2022-08-22 11:04:51 -07:00
Chris S. Kim 06ba9775ee Remove check for ResponseNonce 2022-08-22 13:55:01 -04:00
Chris S. Kim 547fb9570e Add missing mock assertions 2022-08-22 13:55:01 -04:00
Chris S. Kim adff2eef16 Fix data race
newMockSnapshotHandler has an assertion on t.Cleanup which gets called before the event publisher is cancelled. This commit reorders the context.WithCancel so it properly gets cancelled before the assertion is made.
2022-08-22 13:55:01 -04:00
cskh 060531a29a
Fix: add missing ent meta for test (#14289) 2022-08-22 13:51:04 -04:00
Chris S. Kim 39cb26e4d7 Add changelog 2022-08-22 13:42:13 -04:00
Chris S. Kim 4e40e1d222 Handle server addresses update as client 2022-08-22 13:42:12 -04:00
Chris S. Kim 584d3409c4 Send server addresses on update from server 2022-08-22 13:41:44 -04:00
Chris S. Kim c9d8ad3939 Add new subscription for server addresses 2022-08-22 13:40:25 -04:00
Chris S. Kim 028b87d51f Cleanup unused logger 2022-08-22 13:40:23 -04:00
Nathan Coleman 48e7af89b2 Correct structure of existing tls.certificateRefs example 2022-08-22 12:34:16 -04:00
Nathan Coleman 9c72169d26 Add example code for cross-namespace certificateRefs 2022-08-22 12:33:42 -04:00
Chris S. Kim df951bd601 Expose external gRPC port in autopilot
The grpc_port was added to a NodeService's meta in ea58f235f5
2022-08-22 10:07:00 -04:00
Chris S. Kim 09c0fe22f2 Add PeeringServerAddresses proto 2022-08-22 10:04:23 -04:00
Jared Kirschner ca22ac9b29
Merge pull request #14279 from hashicorp/docs/1-13-upgrade-considerations-changelog
docs: add 1.13 upgrade considerations to changelog
2022-08-19 14:32:52 -04:00
Jared Kirschner acc5fd5c0a docs: add 1.13 upgrade considerations to changelog 2022-08-19 11:29:57 -07:00
cskh 527ebd068a
fix: missing MaxInboundConnections field in service-defaults config entry (#14072)
* fix:  missing max_inbound_connections field in merge config
2022-08-19 14:11:21 -04:00
Chris Thain 5384f5baad
Skip Lambda integration tests for fork PRs (#14257) 2022-08-18 16:06:20 -07:00
Jared Kirschner 6b6038885a
Merge pull request #14259 from hashicorp/docs/1-13-upgrade-considerations
docs: add 1.13 upgrade considerations
2022-08-18 18:18:33 -04:00
Jared Kirschner c201254ae9 docs: add 1.13 upgrade considerations
Adds guidance when upgrading a Consul service mesh deployment to 1.13 and:
- using auto-encrypt or auto-config; or
- the HTTPS port is not enabled on Consul agents
2022-08-18 15:13:21 -07:00