40c7f73629
[NET-1151 NET-11046] docs: clarify request normalization and L7 headers feature availability ( #21855 )
...
docs: clarify request normalization and L7 headers feature availability
- Add notes on feature availability tied to specific fix versions
- Add missing 1.20 upgrade entry
- Remove erroneous 1.17 upgrade entry (version DNE)
- Add missing HCL variant for service intentions config
2024-10-28 11:06:28 -06:00
94ca67463b
Update Envoy compatibility matrices to include consul 1.20.x and dataplane 1.6.x ( #21852 )
...
* Update Envoy compatibility matrices to include consul 1.20.x and dataplane 1.6.x
* Remove non-LTS version from LTS table
* Fix incorrect version in dataplane release matrix
* Remove releases that don't span versions from the matrix of releases that span versions
2024-10-17 21:34:15 +00:00
0ce6730cbe
docs: clarify Envoy and dataplane LTS support policy ( #21337 )
...
Update matrices and clarify statements as to when Consul expands
support to new major versions of Envoy and Consul dataplane in light of
Consul LTS or Envoy EOL status.
2024-10-17 13:31:22 -04:00
d9206fc7e2
[NET-1151 NET-11228] security: Add request normalization and header match options to prevent L7 intentions bypass ( #21816 )
...
mesh: add options for HTTP incoming request normalization
Expose global mesh configuration to enforce inbound HTTP request
normalization on mesh traffic via Envoy xDS config.
mesh: enable inbound URL path normalization by default
mesh: add support for L7 header match contains and ignore_case
Enable partial string and case-insensitive matching in L7 intentions
header match rules.
ui: support L7 header match contains and ignore_case
Co-authored-by: Phil Renaud <phil@riotindustries.com>
test: add request normalization integration bats tests
Add both "positive" and "negative" test suites, showing normalization in
action as well as expected results when it is not enabled, for the same
set of test cases.
Also add some alternative service container test helpers for verifying
raw HTTP request paths, which is difficult to do with Fortio.
docs: update security and reference docs for L7 intentions bypass prevention
- Update security docs with best practices for service intentions
configuration
- Update configuration entry references for mesh and intentions to
reflect new values and add guidance on usage
2024-10-16 12:23:33 -04:00
320b708b9f
Bump Envoy, remove support for unsupported versions ( #21616 )
...
* bump envoy
* changelog
* drop breaking change note
* update docs
* udpate port tests
2024-09-12 15:32:18 +00:00
0e47b380b2
[NET-10774] Fix Group Reference in GatewayPolcy Docs ( #21625 )
...
fix group reference for gateway policy
2024-08-20 12:33:07 -04:00
ed738a6f98
fix: use Envoy's default for validate_clusters to fix breaking routes when some backend clusters don't exist ( #21587 )
2024-08-19 22:39:28 -07:00
bbc5229362
docs: Clarify cluster peering vs WAN federation comparison ( #21568 )
...
cluster peering: remove shared KV store bulletpoint
2024-07-30 16:24:25 +03:00
e601d7e0e9
[NET-7787] Update JWT docs for APIGateway ( #20800 )
...
* Update k8s docs
* Update jwt docs with examples
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update docs to follow style guide, use CodeBlockConfig, remove section
to apply the configuration for k8s docs
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
---------
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2024-07-24 17:56:44 +00:00
78715ef718
docs: simplify Envoy version support docs ( #21295 )
...
Consistently use `.x` to denote implicit support for Envoy minor
versions under a supported major version unless otherwise noted.
This will clarify for operators that we support new Envoy minor versions
without requiring a docs update on each new release, and will reduce the
maintenance burden for these docs going forward.
2024-06-13 16:10:59 -04:00
e9c983f361
docs: consul-k8s v1.5.0 release notes ( #21320 )
...
* consul-k8s 1.5.0 release notes
* Nav Entry
* Envoy version bumps
* Version updates/corrections
* external crd description update
2024-06-12 14:44:35 -07:00
963cee200b
docs: External Services CRD ( #21264 )
...
* Initial reference page structure
* Most specifications
* Reference page details complete
* Enterprise alerts
* Overview page
* Overview page
* TGW note
* fixes
* Apply suggestions from code review
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
* Update website/content/docs/k8s/deployment-configurations/external-service.mdx
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
* Update website/content/docs/connect/config-entries/registration.mdx
* Update website/content/docs/connect/config-entries/registration.mdx
---------
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2024-06-11 12:58:12 -07:00
970353419c
docs: File System Certificates ( #21259 )
...
* Reference page updates
* Inline certificate config entry updates
* API Gateway configuration page
* K8s page updates
* Apply suggestions from code review
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com>
* Daniele's suggestions
* Encrypt VMs suggestions
* Apply suggestions from code review
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
---------
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com>
2024-06-11 12:58:01 -07:00
ffa7aff207
[NET-8971] docs: update LTS Envoy versions to include 1.29.4 ( #21271 )
...
docs: update LTS Envoy versions to include 1.29.4
2024-06-06 16:20:05 +00:00
cf1c030043
feat: update supported envoy to 1.29 ( #21142 )
2024-05-24 13:26:07 -04:00
6f02144a14
docs: Fix spelling errors ( #21204 )
...
Fix spelling errors across docs site.
2024-05-22 22:36:57 +00:00
1c0f6e5597
docs: Well Architected Framework content migration ( #21099 )
...
* Migration
* move page
2024-05-20 14:04:10 -07:00
48df56f7d2
docs: Add fault injection to Envoy extensions list ( #21087 )
...
Add fault injection to Envoy extensions list
2024-05-13 16:38:36 -07:00
dc19ce36ef
NET-9143 - sameness group queries in DNS do not respect DefaultForFailover setting and always assume failover behavior ( #21029 )
...
* NET-9143 - sameness group queries in DNS do not respect DefaultForFailover setting and always assume failover behavior
* update config entry docs for sameness groups
* Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
---------
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2024-05-10 09:17:56 -06:00
3a6f2fba18
security: bump envoy version and k8s.io/apimachinery ( #21017 )
...
* security: bump envoy version
* add changelog
2024-05-02 13:36:02 -04:00
bbd8080ec0
HCP Consul Dedicated Rebrand changes ( #21026 )
...
* HCP Consul Dedicated rebrand
* Dedicated rebrand
* path change
* Update website/content/docs/architecture/index.mdx
Co-authored-by: Krastin Krastev <krastin@hashicorp.com>
* typo
---------
Co-authored-by: Krastin Krastev <krastin@hashicorp.com>
2024-05-01 09:09:08 -07:00
5e9f02d4be
[NET-8091] Add file-system-certificate config entry for API gateway ( #20873 )
...
* Define file-system-certificate config entry
* Collect file-system-certificate(s) referenced by api-gateway onto snapshot
* Add file-system-certificate to config entry kind allow lists
* Remove inapplicable validation
This validation makes sense for inline certificates since Consul server is holding the certificate; however, for file system certificates, Consul server never actually sees the certificate.
* Support file-system-certificate as source for listener TLS certificate
* Add more required mappings for the new config entry type
* Construct proper TLS context based on certificate kind
* Add support or SDS in xdscommon
* Remove unused param
* Adds back verification of certs for inline-certificates
* Undo tangential changes to TLS config consumption
* Remove stray curly braces
* Undo some more tangential changes
* Improve function name for generating API gateway secrets
* Add changelog entry
* Update .changelog/20873.txt
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
* Add some nil-checking, remove outdated TODO
* Update test assertions to include file-system-certificate
* Add documentation for file-system-certificate config entry
Add new doc to nav
* Fix grammar mistake
* Rename watchmaps, remove outdated TODO
---------
Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com>
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2024-04-15 16:45:05 -04:00
e52b1702e9
FIX: wrong indentation of to block in Example yaml ( #20974 )
...
docs: Fix wrong indentation of `to` block in cross-namespace `backendRef` example YAML file
2024-04-11 15:23:15 -07:00
3152ac3702
security: bump go, x/net and envoy versions ( #20956 )
...
* Bump go version
* Bump x/net
* Bump envoy version
* Add changelog
---------
Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
2024-04-08 19:18:40 +00:00
44facc2ea3
chore: remove repetitive words ( #20890 )
...
Signed-off-by: availhang <mayangang@outlook.com>
2024-03-28 16:31:55 -07:00
20210a8d86
fix broken link on sameness groups page ( #20894 )
2024-03-25 17:22:20 -06:00
12fd9db45d
Add docs for default_intention_policy ( #20886 )
2024-03-22 15:33:17 -04:00
fea6926de3
Fix typo in example yaml for MeshService ( #20879 )
2024-03-19 13:04:53 -04:00
e2b966c896
docs: clarify LTS language ( #20875 )
...
* docs: clarify LTS language
2024-03-18 23:06:39 +00:00
cff9161bb5
Add API gateway to index of configuration entries ( #20849 )
2024-03-13 16:57:12 -04:00
eccb144bbf
Fix typo in ingress-gateway docs ( #20835 )
2024-03-12 21:08:33 +00:00
262f435800
NET-6821 Disable Terminating Gateway Auto Host Header Rewrite ( #20802 )
...
* disable terminating gateway auto host rewrite
* add changelog
* clean up unneeded additional snapshot fields
* add new field to docs
* squash
* fix test
2024-03-12 15:37:20 -05:00
08bfca0193
docs: K8s docs cleanup ( #20820 )
...
* Update install.mdx
* Update install-k8s.mdx
2024-03-11 10:56:37 -07:00
c097b11fff
Fix typos in route retry filter docs for APIGW ( #20761 )
...
* Fix typose in route retry filter docs for APIGW
* Update website/content/docs/connect/gateways/api-gateway/configuration/routetimeoutfilter.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
---------
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2024-03-01 21:07:50 +00:00
1857f73669
Johnlanda/fault injection docs ( #20713 )
...
* fault injection docs
* Add link to the fault injection docs from nav
* Fix formatting
* Update enterprise docs
* Update website/content/docs/connect/manage-traffic/fault-injection.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/manage-traffic/fault-injection.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/manage-traffic/fault-injection.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/manage-traffic/fault-injection.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/manage-traffic/fault-injection.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/manage-traffic/fault-injection.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/manage-traffic/fault-injection.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/enterprise/index.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/enterprise/index.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/manage-traffic/fault-injection.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/manage-traffic/fault-injection.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/manage-traffic/fault-injection.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/manage-traffic/fault-injection.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/manage-traffic/fault-injection.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/manage-traffic/fault-injection.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/manage-traffic/fault-injection.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/manage-traffic/fault-injection.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/manage-traffic/fault-injection.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update docs-nav-data.json
add fault injection to nav
* Update docs-nav-data.json
* Update docs-nav-data.json
* Update docs-nav-data.json
* Update v1_18_x.mdx
* Update v1_4_x.mdx
* Update v1_4_x.mdx
---------
Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2024-02-29 17:40:19 -08:00
3ee926e6b3
docs: Add Consul Enterprise LTS docs ( #20720 )
2024-02-26 15:27:59 -05:00
e72152465f
docs: format API GW tab docs ( #20707 )
...
* Update install-k8s.mdx
* Update install-k8s.mdx
2024-02-22 15:21:49 -08:00
317eaa9a87
Fix malformed MDX in install-k8s ( #20702 )
...
Fix malformed MDX
2024-02-22 14:05:58 -05:00
b45314f8e9
docs: GKE Autopilot section ( #20697 )
...
* Update install.mdx
* Update install-k8s.mdx
* Update website/content/docs/k8s/installation/install.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2024-02-22 17:28:36 +00:00
5862c52642
[NET-7948] Bump Envoy version to address multiple CVEs ( #20589 )
...
security: Bump Envoy versions to address CVEs
2024-02-12 22:29:50 +00:00
49025105f0
Fix typo ( #20441 )
...
Update establish-cluster-peering.mdx
2024-02-01 14:35:52 -08:00
fa8e8837ac
docs: Fix typos in docs ( #20211 )
...
* Update sameness.mdx
* Update service-resolver.mdx
2024-01-28 10:00:33 +00:00
91a783a980
docs: Fix example service registration for built-in proxy ( #20336 )
...
Fix the sample service registration for the built-in proxy by adding
the missing `sidecar_service` block.
2024-01-25 11:38:58 -08:00
7bb2c7cf13
Xw/net 5724 grpc client delete ( #20309 )
...
* delete commmand works
2024-01-24 15:17:54 -08:00
758ddf84e9
Case sensitive route match ( #19647 )
...
Add case insensitive param on service route match
This commit adds in a new feature that allows service routers to specify that
paths and path prefixes should ignore upper / lower casing when matching URLs.
Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
2024-01-22 09:23:24 -06:00
800279098a
Update gateway.mdx ( #20113 )
...
Co-authored-by: David Yu <dyu@hashicorp.com>
2024-01-09 19:02:31 +00:00
02d4520235
Fix typo in service-defaults documentation ( #19957 )
2023-12-14 22:12:28 +00:00
a995505976
NET-6317 - update usage of deprecated fields: http2_protocol_options and access_log_path ( #19940 )
...
* updating usage of http2_protocol_options and access_log_path
* add changelog
* update template for AdminAccessLogConfig
* remove mucking with AdminAccessLogConfig
2023-12-14 13:08:53 -07:00
c870c00e70
docs: service rate limiting examples ( #19925 )
...
* Include examples on usage page.
* Description/example alignment
2023-12-12 15:58:14 -08:00
ccb2bf6170
Add documentation for proxy-config-map and xds_fetch_timeout_ms. ( #19893 )
...
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-12-11 15:53:35 -06:00
Michael Zalimeni