Commit Graph

213 Commits (1dfc265abe20b202bd90cf3946020a1587717667)

Author SHA1 Message Date
Michael Zalimeni 40c7f73629
[NET-1151 NET-11046] docs: clarify request normalization and L7 headers feature availability (#21855)
docs: clarify request normalization and L7 headers feature availability

- Add notes on feature availability tied to specific fix versions
- Add missing 1.20 upgrade entry
- Remove erroneous 1.17 upgrade entry (version DNE)
- Add missing HCL variant for service intentions config
2024-10-28 11:06:28 -06:00
Michael Zalimeni d9206fc7e2
[NET-1151 NET-11228] security: Add request normalization and header match options to prevent L7 intentions bypass (#21816)
mesh: add options for HTTP incoming request normalization

Expose global mesh configuration to enforce inbound HTTP request
normalization on mesh traffic via Envoy xDS config.

mesh: enable inbound URL path normalization by default

mesh: add support for L7 header match contains and ignore_case

Enable partial string and case-insensitive matching in L7 intentions
header match rules.

ui: support L7 header match contains and ignore_case

Co-authored-by: Phil Renaud <phil@riotindustries.com>

test: add request normalization integration bats tests

Add both "positive" and "negative" test suites, showing normalization in
action as well as expected results when it is not enabled, for the same
set of test cases.

Also add some alternative service container test helpers for verifying
raw HTTP request paths, which is difficult to do with Fortio.

docs: update security and reference docs for L7 intentions bypass prevention

- Update security docs with best practices for service intentions
  configuration
- Update configuration entry references for mesh and intentions to
  reflect new values and add guidance on usage
2024-10-16 12:23:33 -04:00
Nitya Dhanushkodi ed738a6f98
fix: use Envoy's default for validate_clusters to fix breaking routes when some backend clusters don't exist (#21587) 2024-08-19 22:39:28 -07:00
Jeff Boruszak 963cee200b
docs: External Services CRD (#21264)
* Initial reference page structure

* Most specifications

* Reference page details complete

* Enterprise alerts

* Overview page

* Overview page

* TGW note

* fixes

* Apply suggestions from code review

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/k8s/deployment-configurations/external-service.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/connect/config-entries/registration.mdx

* Update website/content/docs/connect/config-entries/registration.mdx

---------

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2024-06-11 12:58:12 -07:00
Jeff Boruszak 970353419c
docs: File System Certificates (#21259)
* Reference page updates

* Inline certificate config entry updates

* API Gateway configuration page

* K8s page updates

* Apply suggestions from code review

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com>

* Daniele's suggestions

* Encrypt VMs suggestions

* Apply suggestions from code review

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

---------

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com>
2024-06-11 12:58:01 -07:00
Blake Covarrubias 6f02144a14
docs: Fix spelling errors (#21204)
Fix spelling errors across docs site.
2024-05-22 22:36:57 +00:00
John Murret dc19ce36ef
NET-9143 - sameness group queries in DNS do not respect DefaultForFailover setting and always assume failover behavior (#21029)
* NET-9143 - sameness group queries in DNS do not respect DefaultForFailover setting and always assume failover behavior

* update config entry docs for sameness groups

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2024-05-10 09:17:56 -06:00
Nathan Coleman 5e9f02d4be
[NET-8091] Add file-system-certificate config entry for API gateway (#20873)
* Define file-system-certificate config entry

* Collect file-system-certificate(s) referenced by api-gateway onto snapshot

* Add file-system-certificate to config entry kind allow lists

* Remove inapplicable validation

This validation makes sense for inline certificates since Consul server is holding the certificate; however, for file system certificates, Consul server never actually sees the certificate.

* Support file-system-certificate as source for listener TLS certificate

* Add more required mappings for the new config entry type

* Construct proper TLS context based on certificate kind

* Add support or SDS in xdscommon

* Remove unused param

* Adds back verification of certs for inline-certificates

* Undo tangential changes to TLS config consumption

* Remove stray curly braces

* Undo some more tangential changes

* Improve function name for generating API gateway secrets

* Add changelog entry

* Update .changelog/20873.txt

Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>

* Add some nil-checking, remove outdated TODO

* Update test assertions to include file-system-certificate

* Add documentation for file-system-certificate config entry

Add new doc to nav

* Fix grammar mistake

* Rename watchmaps, remove outdated TODO

---------

Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com>
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2024-04-15 16:45:05 -04:00
George Ma 44facc2ea3
chore: remove repetitive words (#20890)
Signed-off-by: availhang <mayangang@outlook.com>
2024-03-28 16:31:55 -07:00
John Murret 20210a8d86
fix broken link on sameness groups page (#20894) 2024-03-25 17:22:20 -06:00
Nathan Coleman cff9161bb5
Add API gateway to index of configuration entries (#20849) 2024-03-13 16:57:12 -04:00
Nathan Coleman eccb144bbf
Fix typo in ingress-gateway docs (#20835) 2024-03-12 21:08:33 +00:00
sarahalsmiller 262f435800
NET-6821 Disable Terminating Gateway Auto Host Header Rewrite (#20802)
* disable terminating gateway auto host rewrite

* add changelog

* clean up unneeded additional snapshot fields

* add new field to docs

* squash

* fix test
2024-03-12 15:37:20 -05:00
Krastin Krastev fa8e8837ac
docs: Fix typos in docs (#20211)
* Update sameness.mdx

* Update service-resolver.mdx
2024-01-28 10:00:33 +00:00
wangxinyi7 7bb2c7cf13
Xw/net 5724 grpc client delete (#20309)
* delete commmand works
2024-01-24 15:17:54 -08:00
Lord-Y 758ddf84e9
Case sensitive route match (#19647)
Add case insensitive param on service route match

This commit adds in a new feature that allows service routers to specify that
paths and path prefixes should ignore upper / lower casing when matching URLs.

Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
2024-01-22 09:23:24 -06:00
Nathan Coleman 02d4520235
Fix typo in service-defaults documentation (#19957) 2023-12-14 22:12:28 +00:00
Jeff Boruszak c870c00e70
docs: service rate limiting examples (#19925)
* Include examples on usage page.

* Description/example alignment
2023-12-12 15:58:14 -08:00
John Maguire 5b581e0442
Update links and fix route kind for APIGW JWT Docs (#19585)
Update links and fix route kind
2023-11-09 11:16:04 -05:00
Michael Zalimeni c9f2a6add4
[NET-5916] Update locality-aware routing docs (#19529)
* docs: Update locality-aware routing docs

- Align locality-aware routing documentation to the recommended use of the
feature and incorporate engineer feedback.
- Remove docs for unreleased multi-cluster failover feature.
- Fix minor typos and formatting in examples.

* docs: Fix rate limit docs typo
2023-11-06 15:03:47 -05:00
Nathan Coleman 01bfa2ce24
Fix casing in example yaml config (#19369) 2023-10-27 09:14:47 -05:00
Chris S. Kim 4096c9682e
Add enterprise label for rate limiting (#19384) 2023-10-26 16:09:59 +00:00
Chris S. Kim 6360c745b5
Add clarification for route match behavior (#19363)
* Add clarification for route match behavior

* Update website/content/docs/connect/config-entries/service-defaults.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-10-25 20:01:46 +00:00
Blake Covarrubias 9976e08505
docs: Fix example control-plane-request-limit HCL and JSON (#19105)
The control-plane-request-limit config entry does not support
specifying parameter names in snake case format.

This commit updates the HCL and JSON examples to use the supported
camel case key format.
2023-10-17 19:50:12 +00:00
Jeff Boruszak 679b0f650f
docs: Sameness groups GA (#19103)
* New page creation

* Initial DNS edits

* IncludeLocal added

* Beta callout removal

* Create group page updates

* K8s page edits

* Failover usage intro

* sameness grop failover task

* Upstreams and DNS for VMs and K8s

* Additional failover and links

* <Tab> corrections

* HCP Consul Central edit

* Update website/content/docs/connect/cluster-peering/usage/create-sameness-groups.mdx

* Suggestions from review

* path update in links

* conflict fix

* nav fix

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-10-10 16:20:36 -07:00
trujillo-adam 78938c163a
Docs/api-gw-jwts-openshift-1-17-x (#19035)
* update main apigw overview

* moved the tech specs to main gw folder

* merged tech specs into single topic

* restructure nav part 1

* fix typo in nav json file

* moved k8s install up one level

* restructure nav part 2

* moved and created all listeners and routes content

* moved errors ref and upgrades

* fix error in upgrade-k8s link

* moved conf refs to appropriate spots

* updated conf overview

* fixed some links and bad formatting

* fixed link

* added JWT on VMs usage page

* added JWT conf to APIGW conf entry

* added JWTs to HTTP route conf entry

* added new gatwaypolicy k8s conf reference

* added metadesc for gatewaypolicy conf ref

* added http route auth filter k8s conf ref

* added http route auth filter k8s conf ref to nav

* updates to k8s route conf ref to include extensionRef

* added JWTs usage page for k8s

* fixed link in gwpolicy conf ref

* added openshift installation info to installation pages

* fixed bad link on tech specs

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>

* fixed VerityClaims param

* best guess at verifyclaims params

* tweaks to gateway policy dconf ref

* Docs/ce 475 retries timeouts for apigw (#19086)

* added timeout and retry conf ref for k8s

* added retry and TO filters to HTTP routes conf ref for VMs

* Apply suggestions from code review

Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>

* fix copy/paste error in http route conf entry

---------

Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>

* update links across site and add redirects

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Thomas Eckert <teckert@hashicorp.com>

* Applied feedback from review

* Apply suggestions from code review

* Apply suggestions from code review

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>

* Update CRD configuration for responseHeaderModifiers

* Update Config Entry for http-route

* Add ResponseFilter example to service

* Update website/redirects.js

errant curly brace breaking the preview

* fix links and bad MD

* fixed md formatting issues

* fix formatting errors

* fix formatting errors

* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx

* Apply suggestions from code review

* fixed typo

* Fix headers in http-route

* Apply suggestions from code review

Co-authored-by: John Maguire <john.maguire@hashicorp.com>
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>
Co-authored-by: Thomas Eckert <teckert@hashicorp.com>
Co-authored-by: John Maguire <john.maguire@hashicorp.com>
2023-10-10 13:29:55 -07:00
Chris S. Kim d6200faefb
Minor update to ratelimit wording (#19106) 2023-10-10 09:24:14 -04:00
trujillo-adam a9747dc38c
Docs/ce 470 locality aware (#19071)
* updated nav; renamed L7 traffic folder

* Added locality-aware routing to traffic mgmt overview

* Added route to local upstreams topic

* Updated agent configuration reference

* Added locality param to services conf ref

* Added locality param to conf entries

* mentioned traffic management in proxies overview

* added locality-aware to failover overview

* added docs for service rate limiting

* updated service defaults conf entry

* Apply suggestions from code review

Co-authored-by: Chris S. Kim <ckim@hashicorp.com>

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>

* updated links and added redirects

---------

Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-10-06 12:48:05 -07:00
Blake Covarrubias fbc2b93bc4
docs: Rename Consul OSS to Consul CE (#19009)
Rename references of Consul OSS to Consul Community Edition (CE).

Co-authored-by: Tu Nguyen <im2nguyen@gmail.com>
2023-09-27 09:31:28 -07:00
Ashesh Vidyut 23062489c2
Fix type of datacenter in Service Resolvers Config Entry (#19004) 2023-09-27 06:55:21 +05:30
Blake Covarrubias cc40e084bb
docs: Fix invalid JSON in code examples (#18932)
This commit fixes invalid JSON in various code examples.
2023-09-21 11:35:16 -07:00
Blake Covarrubias a2e50a63ad
docs: Fix Kubernetes CRD example configs (#18878)
Fixes configuration examples for several Consul Kubernetes CRDs. The
CRDs were missing required fields such as `apiVersion`, `metadata`,
and `spec`.

Co-authored-by: Tu Nguyen <im2nguyen@gmail.com>
2023-09-19 15:50:03 +00:00
Blake Covarrubias f3bf3295f6
docs: Fix HCL, JSON, and YAML syntax errors (#18879)
This commit fixes syntax errors in HCL, JSON, and YAML example
configurations. In some cases, it replaces the code example with the
proper format for the code block.

Also fixes HCL formatting and misc opportunistic updates to codeblock.

Co-authored-by: Tu Nguyen <im2nguyen@gmail.com>
2023-09-19 08:39:26 -07:00
trujillo-adam 850fbda2e9
added consul and envoy version constraints (#18726)
* added consul and envoy version constraints

* fixed Destination configuraiton and added tproxy requirement

* Apply suggestions from code review

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>

---------

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
2023-09-15 09:37:11 -07:00
Melisa Griffin 9adb617695
Adds PassiveHealthCheck Fields to ServiceDefaults and IngressGateway (#18532)
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-09-08 10:02:04 -04:00
trujillo-adam a17f4a0b89
Reformat proxy docs refresh (#18623)
* first commit; reformat PD conf entry

* updated proxies overview page

* added Deploy SM proxy usage and removed reg index

* moved sidecar proxy usage to main proxy folder

* recast sidecar reg page as Deploy sidecar services

* fix typos

* recast SM reg as conf reference- set the sidebar

* add redirects

* fix links

* add PD conf entry usage to appropro pages

* edits to proxy conf ref

* fix links on index page

* example command to write PD conf entry

* updated links to old SM proxy reg page

* updated links to sidecar service reg page

* tryna fix front matter issues

* Apply suggestions from code review

Co-authored-by: Ronald  <roncodingenthusiast@users.noreply.github.com>

* added paragraph about SM proxies to overivew

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-09-06 16:55:18 -07:00
Blake Covarrubias eab88bf92a
docs: Fix spelling errors across various pages on the site (#18533)
This commit fixes numerous spelling errors across the site and also
removes unnecessary whitespace that was present in the edited files.
2023-08-21 16:23:27 +00:00
Luke Kysow d565056fb0
Fix incorrect yaml in examples (#18463) 2023-08-15 08:04:21 -07:00
John Maguire b162c51523
Fix some inconsistencies in jwt docs (#18234) 2023-07-24 16:36:26 +00:00
Ronald 2229206bbe
Add docs for jwt cluster configuration (#18004)
### Description

<!-- Please describe why you're making this change, in plain English.
-->

- Add jwt-provider docs for jwks cluster configuration. The
configuration was added here:
https://github.com/hashicorp/consul/pull/17978
2023-07-14 11:10:42 +00:00
Jeff Apple 68863b42f8
Add ingress gateway deprecation notices to docs (#18102)
### Description

This adds notices, that ingress gateway is deprecated, to several places
in the product docs where ingress gateway is the topic.

### Testing & Reproduction steps

Tested with a local copy of the website.

### Links

Deprecation of ingress gateway was announced in the Release Notes for
Consul 1.16 and Consul-K8s 1.2. See:

[https://developer.hashicorp.com/consul/docs/release-notes/consul/v1_16_x#what-s-deprecated](https://developer.hashicorp.com/consul/docs/release-notes/consul/v1_16_x#what-s-deprecated
)

[https://developer.hashicorp.com/consul/docs/release-notes/consul-k8s/v1_2_x#what-s-deprecated](https://developer.hashicorp.com/consul/docs/release-notes/consul-k8s/v1_2_x#what-s-deprecated)

### PR Checklist

* [N/A] updated test coverage
* [X] external facing docs updated
* [X] appropriate backport labels added
* [X] not a security concern

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-07-13 15:17:32 -07:00
trujillo-adam f7d399f7fc
fix stand-in text for name field (#18030) 2023-07-06 09:31:45 -07:00
Jeff Boruszak 7ef807df48
docs: Sameness "beta" warning (#18017)
* Warning updates

* .x
2023-07-05 19:56:25 +00:00
Jeff Boruszak f096fc53ca
docs: samenessGroup YAML examples (#17984)
* configuration entry syntax

* Example config
2023-06-30 20:26:08 +00:00
David Yu 6f5da97d66
Update sameness-group.mdx (#17915) 2023-06-28 01:45:23 +00:00
mr-miles c8cfa605f8
Update docs (#17476)
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-06-27 09:16:40 -07:00
Derek Menteer 94eb36b775
Add docs for sameness groups with resolvers. (#17851) 2023-06-23 13:57:21 -05:00
Ronald ee95bc7266
Add jwt-authn metrics to jwt-provider docs (#17816)
* [NET-3095] add jwt-authn metrics docs
2023-06-20 19:46:16 +00:00
Jeff Boruszak 414a61da28
Fixes (#17765) 2023-06-15 11:24:40 -07:00
David Yu 9acbe76ee9
Remove extraneous version info for Config entries (#17716)
* Update terminating-gateway.mdx
* Update exported-services.mdx
* Update mesh.mdx
2023-06-13 22:50:28 +00:00