Commit Graph

5819 Commits (3b83c7ee9a5871c236f9a4c6950c01ef948688be)

Author SHA1 Message Date
Luke Kysow d3d7847ca1
Remove global.name requirement for APs (#16964)
This is not a requirement when using APs because each AP has its own
auth method so it's okay if the names overlap.
2023-04-11 11:41:33 -07:00
Derek Menteer 2ef812f68b
Update docs for service-defaults overrides. (#16960)
Update docs for service-defaults overrides.

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-04-11 11:40:55 -05:00
Thomas Eckert 380d74ca95
Fix the indentation of the copyAnnotations example (#16873) 2023-04-11 15:34:52 +00:00
Derek Menteer 1bcaeabfc3
Remove deprecated service-defaults upstream behavior. (#16957)
Prior to this change, peer services would be targeted by service-default
overrides as long as the new `peer` field was not found in the config entry.
This commit removes that deprecated backwards-compatibility behavior. Now
it is necessary to specify the `peer` field in order for upstream overrides
to apply to a peer upstream.
2023-04-11 10:20:33 -05:00
Andrea Scarpino a1404d6dcf
docs: fix typo in LocalRequestTimeoutMs (#16917) 2023-04-10 09:56:49 -07:00
Jared Kirschner e5be4b4550
docs: improve upgrade path guidance (#16925) 2023-04-07 20:47:15 +00:00
John Eikenberry eccd2f9871
highlight the agent.tls cert metric with CA ones
Include server agent certificate with list of cert metrics that need monitoring.
2023-04-07 20:41:14 +00:00
Eddie Rowe 5bdf795f2b
Fix API GW broken link (#16885)
* Fix API GW broken link

* Update website/content/docs/api-gateway/upgrades.mdx

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

---------

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2023-04-06 22:29:09 +00:00
Eddie Rowe 25f9da48d7
Omit false positives from 404 checker (#16881)
* Remove false positives from 404 checker

* fix remaining 404s
2023-04-05 17:58:29 +00:00
Dao Thanh Tung 0582f137c5
Fix broken doc in consul-k8s upgrade (#16852)
Signed-off-by: dttung2905 <ttdao.2015@accountancy.smu.edu.sg>
Co-authored-by: David Yu <dyu@hashicorp.com>
2023-04-03 21:21:51 +00:00
John Eikenberry 40854125a5
CA mesh CA expiration to it's own section
This is part of an effort to raise awareness that you need to monitor
your mesh CA if coming from an external source as you'll need to manage
the rotation.
2023-04-03 20:02:08 +00:00
Hariram Sankaran 71c32b4607
Fix typo on cli-flags.mdx (#16843)
Change "segements" to segments
2023-04-03 10:28:18 -07:00
Jared Kirschner cc23b0e4dc
docs: raise awareness of GH-16779 (#16823) 2023-03-30 17:23:19 -04:00
Jeff Boruszak 4c038df0ab
docs: Updates to support HCP Consul cluster peering release (#16774)
* New HCP Consul documentation section + links

* Establish cluster peering usage cross-link

* unrelated fix to backport to v1.15

* nav correction + fixes

* Tech specs fixes

* specifications for headers

* Tech specs fixes + alignments

* sprawl edits

* Tip -> note
2023-03-29 09:27:41 -07:00
Ronald b64674623e
Copyright headers for missing files/folders (#16708)
* copyright headers for agent folder
2023-03-28 18:48:58 -04:00
Michael Wilkerson e5d58c59c9
changes to support new PQ enterprise fields (#16793) 2023-03-27 15:40:49 -07:00
trujillo-adam 90bbae5d75
Docs/intentions refactor docs day 2022 (#16758)
* converted intentions conf entry to ref CT format

* set up intentions nav

* add page for intentions usage

* final intentions usage page

* final intentions overview page

* fixed old relative links

* updated diagram for overview

* updated links to intentions content

* fixed typo in updated links

* rename intentions overview page file to index

* rollback link updates to intentions overview

* fixed nav

* Updated custom HTML in API and CLI pages to MD

* applied suggestions from review to index page

* moved conf examples from usage to conf ref

* missed custom HTML section

* applied additional feedback

* Apply suggestions from code review

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

* updated headings in usage page

* renamed files and udpated nav

* updated links to new file names

* added redirects and final tweaks

* typo

---------

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2023-03-24 15:16:06 -07:00
Eddie Rowe ce6e278d9b
Fix broken links in Consul docs (#16640)
* Fix broken links in Consul docs

* more broken link fixes

* more 404 fixes

* 404 fixes

* broken link fix

---------

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2023-03-24 19:35:34 +00:00
malizz a168d0e667
add failover policy to ProxyConfigEntry in api (#16759)
* add failover policy to ProxyConfigEntry in api

* update docs
2023-03-24 12:03:00 -07:00
Tu Nguyen e3fd7d32da
Use GH issues type for edu board (#16750) 2023-03-23 09:00:38 -07:00
Luke Kysow 8f7e4d4a7c
Helm docs without developer.hashicorp.com prefix (#16711)
This was causing linter errors
2023-03-21 18:26:40 +00:00
Tu Nguyen 93a3a76de7
Update envoy extension docs, service-defaults, add multi-config example for lua (#16710) 2023-03-21 10:44:02 -07:00
Luke Kysow 1f4c590f2c
Regen helm docs (#16701) 2023-03-21 09:15:53 -07:00
Paul Banks 7eb3dcb65f
Update WAL Known issues (#16676) 2023-03-20 21:44:00 +00:00
Tu Nguyen c8d9cadd56
Fix broken links from api docs (#16695) 2023-03-20 13:53:09 -07:00
Melisa Griffin 606f8fbbab
Adds check to verify that the API Gateway is being created with at least one listener 2023-03-20 12:37:30 -04:00
Rosemary Wang 33a205877e
Fix incorrect links on Envoy extensions documentation (#16666) 2023-03-17 08:29:58 -07:00
Vipin John Wilson c26b6bc037
First cluster grpc service should be NodePort for the second cluster to connect (#16430)
* First cluster grpc service should be NodePort

This is based on the issue opened here https://github.com/hashicorp/consul-k8s/issues/1903

If you follow the documentation https://developer.hashicorp.com/consul/docs/k8s/deployment-configurations/single-dc-multi-k8s exactly as it is, the first cluster will only create the consul UI service on NodePort but not the rest of the services (including for grpc). By default, from the helm chart, they are created as headless services by setting clusterIP None. This will cause an issue for the second cluster to discover consul server on the first cluster over gRPC as it cannot simply cannot through gRPC default port 8502 and it ends up in an error as shown in the issue https://github.com/hashicorp/consul-k8s/issues/1903

As a solution, the grpc service should be exposed using NodePort (or LoadBalancer). I added those changes required in both cluster1-values.yaml and cluster2-values.yaml, and also a description for those changes for the normal users to understand. Kindly review and I hope this PR will be accepted.

* Update website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-03-16 16:43:19 +00:00
Paul Banks e557fb4e8c
Add known issues to Raft WAL docs. (#16600)
* Add known issues to Raft WAL docs.

* Refactor update based on review feedback
2023-03-15 04:21:31 +00:00
Bastien Dronneau a915d0ca87
Docs discovery typo (#16628)
* docs(discovery): typo

* docs(discovery): EOF and trim lines

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-03-14 08:49:48 -07:00
Ashvitha f95ffe0355
Allow HCP metrics collection for Envoy proxies
Co-authored-by: Ashvitha Sridharan <ashvitha.sridharan@hashicorp.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>

Add a new envoy flag: "envoy_hcp_metrics_bind_socket_dir", a directory
where a unix socket will be created with the name
`<namespace>_<proxy_id>.sock` to forward Envoy metrics.

If set, this will configure:
- In bootstrap configuration a local stats_sink and static cluster.
  These will forward metrics to a loopback listener sent over xDS.

- A dynamic listener listening at the socket path that the previously
  defined static cluster is sending metrics to.

- A dynamic cluster that will forward traffic received at this listener
  to the hcp-metrics-collector service.


Reasons for having a static cluster pointing at a dynamic listener:
- We want to secure the metrics stream using TLS, but the stats sink can
  only be defined in bootstrap config. With dynamic listeners/clusters
  we can use the proxy's leaf certificate issued by the Connect CA,
  which isn't available at bootstrap time.

- We want to intelligently route to the HCP collector. Configuring its
  addreess at bootstrap time limits our flexibility routing-wise. More
  on this below.

Reasons for defining the collector as an upstream in `proxycfg`:
- The HCP collector will be deployed as a mesh service.

- Certificate management is taken care of, as mentioned above.

- Service discovery and routing logic is automatically taken care of,
  meaning that no code changes are required in the xds package.

- Custom routing rules can be added for the collector using discovery
  chain config entries. Initially the collector is expected to be
  deployed to each admin partition, but in the future could be deployed
  centrally in the default partition. These config entries could even be
  managed by HCP itself.
2023-03-10 13:52:54 -07:00
natemollica-dev 726c97b2bd
Consul WAN Fed with Vault Secrets Backend document updates (#16597)
* Consul WAN Fed with Vault Secrets Backend document updates

* Corrected dc1-consul.yaml and dc2-consul.yaml file highlights

* Update website/content/docs/k8s/deployment-configurations/vault/wan-federation.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/deployment-configurations/vault/wan-federation.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-03-10 12:45:32 -08:00
trujillo-adam 51902695de
fixes for unsupported partitions field in CRD metadata block (#16604)
* fixes for unsupported partitions field in CRD metadata block

* Apply suggestions from code review

Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>

---------

Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2023-03-10 19:33:42 +00:00
Bryce Kalow e2c4a787a5
website: adds content-check command and README update (#16579) 2023-03-08 15:30:38 -06:00
Eddie Rowe 3d75ab8a41
Broken link fixes (#16566) 2023-03-07 23:27:11 +00:00
Paul Glass 58016d1aa2
docs: Document config entry permissions (#16556) 2023-03-07 14:05:23 -06:00
Tu Nguyen a5b8256111
Update docs to reflect functionality (#16549)
* Update docs to reflect functionality

* make consistent with other client runtimes
2023-03-07 08:21:23 -08:00
John Maguire 6166889d44
Update the consul-k8s cli docs for the new `proxy log` subcommand (#16458)
* Update the consul-k8s cli docs for the new `proxy log` subcommand

* Updated consul-k8s docs from PR feedback

* Added proxy log command to release notes
2023-03-06 20:43:36 +00:00
Ronald bf501a337b
Improve ux around ACL token to help users avoid overwriting node/service identities (#16506)
* Deprecate merge-node-identities and merge-service-identities flags

* added tests for node identities changes

* added changelog file and docs
2023-03-06 15:00:39 +00:00
trujillo-adam 9e93a30f4d
fixes empty link in DNS usage page (#16534) 2023-03-03 15:04:05 -08:00
Melisa Griffin 129eca8fdb
NET-2903 Normalize weight for http routes (#16512)
* NET-2903 Normalize weight for http routes

* Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-03-03 16:39:59 -05:00
John Eikenberry 8910002e8f
update connect/ca's vault AuthMethod conf section (#16346)
Updated Params field to re-frame as supporting arguments specific to the
supported vault-agent auth-auth methods with links to each methods
"#configuration" section.
Included a call out limits on parameters supported.
2023-03-03 19:32:21 +00:00
trujillo-adam 43bd3512f0
fixed broken links associated with cluster peering updates (#16523)
* fixed broken links associated with cluster peering updates

* additional links to fix

* typos

* fixed redirect file
2023-03-03 11:17:26 -08:00
Andrew Stucki 4b661d1e0c
Add ServiceResolver RequestTimeout for route timeouts to make TerminatingGateway upstream timeouts configurable (#16495)
* Leverage ServiceResolver ConnectTimeout for route timeouts to make TerminatingGateway upstream timeouts configurable

* Regenerate golden files

* Add RequestTimeout field

* Add changelog entry
2023-03-03 09:37:12 -05:00
Michael Hofer bbbdc5f4e5
docs(architecture): remove merge conflict leftovers (#16507) 2023-03-02 21:02:52 +00:00
David Yu 21c30958cc
docs: Update release notes with Envoy compat issue (#16494)
* Update v1_15_x.mdx

---------

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2023-03-01 14:21:32 -08:00
Ronald 4f8594b28f
Improve ux to help users avoid overwriting fields of ACL tokens, roles and policies (#16288)
* Deprecate merge-policies and add options add-policy-name/add-policy-id to improve CLI token update command

* deprecate merge-roles fields

* Fix potential flakey tests and update ux to remove 'completely' + typo fixes
2023-03-01 15:00:37 -05:00
trujillo-adam 5ac1bdd3db
update services nav titles (#16484) 2023-03-01 11:52:13 -08:00
David Yu 66de1def3b
docs: Consul 1.15.0 and Consul K8s 1.0 release notes (#16481)
* add new release notes
---------

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2023-03-01 00:09:11 -08:00
trujillo-adam 1f422f3df3
Changed titles for services pages to sentence style cap (#16477)
* Changed titles for services pages to sentence style cap

* missed a meta title
2023-02-28 19:56:18 -08:00