Commit Graph

156 Commits (9f5a9b21508c1df8762bea9cf94a73be3e2883fd)

Author SHA1 Message Date
Matt Keeler d3881dd754
ACL Node Identities (#7970)
A Node Identity is very similar to a service identity. Its main targeted use is to allow creating tokens for use by Consul agents that will grant the necessary permissions for all the typical agent operations (node registration, coordinate updates, anti-entropy).

Half of this commit is for golden file based tests of the acl token and role cli output. Another big updates was to refactor many of the tests in agent/consul/acl_endpoint_test.go to use the same style of tests and the same helpers. Besides being less boiler plate in the tests it also uses a common way of starting a test server with ACLs that should operate without any warnings regarding deprecated non-uuid master tokens etc.
2020-06-16 12:54:27 -04:00
David Yu fdac1d8add
Switching service-route, service-resolver, service-splitter examples to CamelCase (#8107)
* Switching service-route example to CamelCase

* Switch service-resovler examples to CamelCase

* Changing service-splitter examples to CamelCase
2020-06-15 14:14:36 -07:00
Spencer Owen 15b5142bca
docs: Fix ingress dns entry (#8072) 2020-06-15 15:15:33 -05:00
freddygv d97cff0966 Update telemetry for gateway-services endpoint 2020-06-12 14:44:36 -06:00
freddygv cd927eed5e Remove unused method and fixup docs ref 2020-06-12 13:47:43 -06:00
freddygv b2c66359ab Add docs 2020-06-12 13:47:43 -06:00
Hans Hasselberg e62a43c6cf
Support envoy 1.14.2, 1.13.2, 1.12.4 (#8057) 2020-06-10 23:20:17 +02:00
Mike Wickett 8fab683389
Merge pull request #8076 from hashicorp/nq.basic-hero-tertiary-link-support
[Website] Support tertiary-styled third links
2020-06-10 10:47:40 -04:00
Noel Quiles 1dfbd384da Support tertiary-styled third links
Get the tertiary links to wrap below buttons

Adjust color/spacing of tertiary via override

Remove overrides, implement custom link

Extract arrow icon to file

Increase top margin for third link

Apply Brandon's fixes

Co-authored-by: Brandon Romano <BrandonRRomano@gmail.com>
2020-06-09 22:43:05 -07:00
Daniel Nephin 08f1ed16b4
Merge pull request #7900 from hashicorp/dnephin/add-linter-staticcheck-2
intentions: fix a bug in Intention.SetHash
2020-06-09 15:40:20 -04:00
Kyle Havlovitz 0c8966220f
Merge pull request #8040 from hashicorp/ingress/expose-cli
Ingress expose CLI command
2020-06-09 12:11:23 -07:00
Kyle Havlovitz edab5588d8 Add -host flag to expose command 2020-06-08 16:59:47 -07:00
Blake Covarrubias dd1e4ffd0d docs: Fix rendering of markdown on performance page
Fix issue with markdown not being rendered on /docs/install/performance.mdx.

Resolves #8049
2020-06-08 10:29:47 -07:00
Hans Hasselberg 72f92ae7ca
agent: add option to disable agent cache for HTTP endpoints (#8023)
This allows the operator to disable agent caching for the http endpoint.
It is on by default for backwards compatibility and if disabled will
ignore the url parameter `cached`.
2020-06-08 10:08:12 +02:00
Krastin 9262d7a79a website: fix a link in docs/agent/options
fixing the link to gopsutil in the -disable-host-node-id option text body
2020-06-07 03:36:55 -07:00
Jeff Escalante 9977c1df80 a few more naming adjustments 2020-06-06 15:45:29 -04:00
Jeff Escalante f9051298c8 change page path, add redirect 2020-06-06 15:45:29 -04:00
Peter M 45f43476e8 Update Homepage Use Case Name and Link
resubmitting this PR to include a link change.
2020-06-06 15:45:29 -04:00
Peter M 8df640401b Updating NMA use case to reflect new name
Recently changed Network Middleware Automation use case to Network Infrastructure Automation, adding changes to the site to reflect this.
2020-06-06 15:00:03 -04:00
Kyle Havlovitz acae044df4 Document the namespace format for expose CLI command 2020-06-05 15:47:03 -07:00
Kyle Havlovitz ada9e2b3ab Add docs for expose command 2020-06-05 14:54:45 -07:00
Daniel Nephin ce6cc094a1 intentions: fix a bug in Intention.SetHash
Found using staticcheck.

binary.Write does not accept int types without a size. The error from binary.Write was ignored, so we never saw this error. Casting the data to uint64 produces a correct hash.

Also deprecate the Default{Addr,Port} fields, and prevent them from being encoded. These fields will always be empty and are not used.
Removing these would break backwards compatibility, so they are left in place for now.

Co-authored-by: Hans Hasselberg <me@hans.io>
2020-06-05 14:51:43 -04:00
Freddy 9ed325ba8b
Enable gateways to resolve hostnames to IPv4 addresses (#7999)
The DNS resolution will be handled by Envoy and defaults to LOGICAL_DNS. This discovery type can be overridden on a per-gateway basis with the envoy_dns_discovery_type Gateway Option.

If a service contains an instance with a hostname as an address we set the Envoy cluster to use DNS as the discovery type rather than EDS. Since both mesh gateways and terminating gateways route to clusters using SNI, whenever there is a mix of hostnames and IP addresses associated with a service we use the hostname + CDS rather than the IPs + EDS.

Note that we detect hostnames by attempting to parse the service instance's address as an IP. If it is not a valid IP we assume it is a hostname.
2020-06-03 15:28:45 -06:00
Kevin Pruett 9b0d0de178
Merge pull request #8002 from pruett/pruett.quickfix-acl-docs
Add newline to fix rendering bug
2020-06-03 17:21:52 -04:00
Jono Sosulska 66ee9c3bb2
Updating Stopping Agent Section (#8016)
Fixes #6935 to clarify agent behavior.
2020-06-03 17:08:49 -04:00
Kevin Pruett bf0b5055f1
Add newline to fix rendering bug 2020-06-03 15:21:06 -04:00
Derek Strickland 9795b19e27
Added guideLinks prop for UseCaseLayout component and linked terminating gateways guide from documentation. (#7998) 2020-06-02 10:40:07 -04:00
R.B. Boyer 833211c14c
acl: allow auth methods created in the primary datacenter to optionally create global tokens (#7899) 2020-06-01 11:44:47 -05:00
R.B. Boyer ffb9c7d6f7
acl: remove the deprecated `acl_enforce_version_8` option (#7991)
Fixes #7292
2020-05-29 16:16:03 -05:00
Jono Sosulska c554ba9e10
Replace whitelist/blacklist terminology with allowlist/denylist (#7971)
* Replace whitelist/blacklist terminology with allowlist/denylist
2020-05-29 14:19:16 -04:00
Shantanu Gadgil b4f2874d89
add gobetween to the Consul tools (#7973)
add gobetween to the Consul tools
2020-05-29 11:17:22 -07:00
Chris Piraino 6c444ba24c
Remove underscores from gateway URL paths (#7962) 2020-05-28 14:19:17 -05:00
Luke Kysow db6f876b59
Merge pull request #7936 from hashicorp/helm-k8s-mgw
Helm docs for k8s mesh gateways and federation
2020-05-28 10:51:03 -07:00
Luke Kysow 6409c488ee
Helm docs for k8s mesh gateways and federation 2020-05-28 10:49:59 -07:00
Alvin Huang 37cafc3f52
bump beta callout to v1.8.0-beta2 (#7945) 2020-05-26 12:51:44 -04:00
Luke Kysow 85b20d3713
Merge pull request #7944 from hashicorp/k8s-mgw-docs-update
Update for consul:1.8.0-beta2
2020-05-25 11:26:28 -07:00
Luke Kysow 56e2a98aea
Update for consul:1.8.0-beta2 2020-05-25 11:26:09 -07:00
Jeff Escalante 7cbd8b9d36 upgrade to stylelint release 2020-05-21 14:50:45 -04:00
Jeff Escalante 789ba665d5 remove unused dependencies, adjust 404 link color 2020-05-21 14:50:45 -04:00
Jeff Escalante 326ec30d68 update dependencies 2020-05-21 14:50:45 -04:00
Peter M aedabfbf57 Updated resource heading to correct error 2020-05-20 15:26:56 -07:00
Freddy 3dd8b66aa2
Update ingress/terminating gateway ACL docs (#7891) 2020-05-20 09:27:25 -06:00
Paul Mundt 82c391b75d
docs: Add Dart client to list of Libraries and SDKs (#7884) 2020-05-20 12:42:12 +02:00
Patrice Krakow 746bf9b7e2
docs: change "is" to "can be" in connect docs (#7902)
The doc says: "When the Connect injector is installed, the Connect sidecar is automatically added to all pods." But, it depends on the configuration, so I think it's better to say: "When the Connect injector is installed, the Connect sidecar can automatically added to all pods."
2020-05-20 12:40:24 +02:00
Pierre Souchay e9d176db2a
Allow to restrict servers that can join a given Serf Consul cluster. (#7628)
Based on work done in https://github.com/hashicorp/memberlist/pull/196
this allows to restrict the IP ranges that can join a given Serf cluster
and be a member of the cluster.

Restrictions on IPs can be done separatly using 2 new differents flags
and config options to restrict IPs for LAN and WAN Serf.
2020-05-20 11:31:19 +02:00
R.B. Boyer 89a6492033
docs: remove todos (#7922)
Fixes #7921
2020-05-19 15:19:06 -05:00
R.B. Boyer 228284758b
docs: update the 'consul tls' command docs to match the current flags (#7911) 2020-05-18 12:01:14 -05:00
nicolelyn 209f97bfe4 website: update flexible architecture image 2020-05-15 13:49:57 -04:00
David Yu e226a21c3e
Unindenting to remove shell pre-formatting (#7890) 2020-05-14 15:04:53 -06:00
Luke Kysow 6d472b6d60
Merge pull request #7882 from hashicorp/multi-cluster-k8s
Documentation for wan fed via mgw on k8s
2020-05-14 09:57:39 -07:00