Commit Graph

16365 Commits (b0e3956c578d88a80ecd336f74f1ed2728b703da)

Author SHA1 Message Date
Kyle Havlovitz 0db874c38b Add virtual IP generation for term gateway backed services 2022-01-12 12:08:49 -08:00
David Yu a17c78ab21
docs: Formatting for Consul K8s uninstall commands (#12031)
* docs: Missing $ prior to command for Consul K8s uninstall

* re-do numer bullets was mis-numbered

* Update uninstall.mdx

* simplify wording
2022-01-12 09:16:42 -08:00
mrspanishviking 4b730392d6
Merge pull request #12044 from vanphan24/patch-3
Update server-tls.mdx
2022-01-12 10:09:15 -07:00
Chris S. Kim ea0df29afb
Update memberlist to 0.3.1 (#12042) 2022-01-12 12:00:18 -05:00
vanphan24 e765343983
Update website/content/docs/k8s/installation/vault/server-tls.mdx
Co-authored-by: mrspanishviking <cardenas88karl@gmail.com>
2022-01-12 08:57:14 -08:00
vanphan24 f4c5c2cf16
Update website/content/docs/k8s/installation/vault/server-tls.mdx
Co-authored-by: mrspanishviking <cardenas88karl@gmail.com>
2022-01-12 08:57:09 -08:00
vanphan24 6e2c0a3f00
Update website/content/docs/k8s/installation/vault/server-tls.mdx
Co-authored-by: mrspanishviking <cardenas88karl@gmail.com>
2022-01-12 08:57:02 -08:00
vanphan24 f1c872604f
Update website/content/docs/k8s/installation/vault/server-tls.mdx
Co-authored-by: mrspanishviking <cardenas88karl@gmail.com>
2022-01-12 08:56:58 -08:00
vanphan24 3e65685dbd
Update website/content/docs/k8s/installation/vault/server-tls.mdx
Co-authored-by: mrspanishviking <cardenas88karl@gmail.com>
2022-01-12 08:56:53 -08:00
vanphan24 4dd4349897
Update website/content/docs/k8s/installation/vault/server-tls.mdx
Co-authored-by: mrspanishviking <cardenas88karl@gmail.com>
2022-01-12 08:56:33 -08:00
vanphan24 196d5fdeb7
Update server-tls.mdx
Added k8s auth role for client
Added to Consul yaml file: tls.enableAutoEncrypt: true
Fixed name of CA policy: policies=ca-policy
2022-01-12 08:46:55 -08:00
Bryce Kalow c15b6b54de
website: upgrade downloads page (#12043) 2022-01-12 10:30:46 -06:00
Chris S. Kim 98ea6d1cf1
Fix race with tags (#12041) 2022-01-12 11:24:51 -05:00
mrspanishviking 209d03c267
Merge pull request #12014 from hashicorp/neenap-patch-1
docs: updated the description of min_quorum
2022-01-12 07:55:41 -07:00
Matt Siegel ac959ba423
Merge pull request #11984 from hashicorp/msiege2/docs-day
Docs: Update CLI commands to show corresponding HTTP API commands and ACL policies required
2022-01-12 08:18:52 -05:00
John Cowen 9192452885
ui: Adds a notice for non-primary intention creation (#11985) 2022-01-12 11:50:09 +00:00
John Cowen b50c7cbef9
ui: Fix up wiring or empty state login button (#11981)
* ui: Some ACL component documentation (#11982)
2022-01-12 11:05:24 +00:00
Krastin Krastev 0462f0538a
Clarify consul.version telemetry description
The description of consul.version telemetry is not very clear, fixing
2022-01-12 11:21:13 +01:00
John Cowen 0ac27ef473
ui: Alter position of dashboard button in the service instance header (#11988) 2022-01-12 09:31:54 +00:00
John Cowen e424e3dc83
ui: Allow templateName paths to be relative (#11955) 2022-01-12 09:27:00 +00:00
John Cowen 2aaa96bf96
ui: First pass at writing some data layer related Eng docs (#11203) 2022-01-12 09:26:02 +00:00
mrspanishviking 8ee453ced1
Merge pull request #12034 from vanphan24/patch-2
Clarifies external CA config
2022-01-11 15:09:50 -07:00
vanphan24 a10382e5d1
Clarifies external CA config
It is not clear that this page is to configure an external CA for Connect CA. Added line to clarify that this page is for configuring external CA's for the Connect CA. For the built-in CA, no config is needed.
2022-01-11 13:22:50 -08:00
Matt Siegel f8bb804d36
Merge branch 'main' into msiege2/docs-day 2022-01-11 16:16:41 -05:00
David Yu d20230fac1
docs: Update uninstall to ensure CRDs are deleted (#12021)
* docs: Update uninstall to ensure CRDs are deleted

* Update website/content/docs/k8s/operations/uninstall.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* add more details around CRD deletion

* move around crd deletion to before unsintall

* slight wording

* move deletion of CRDs to first line

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2022-01-11 12:53:39 -08:00
Chip Vaughn 2b3fa23425 CLI Link clean-up 2022-01-11 15:51:04 -05:00
Kim Ngo e0537cb3f0
CTS OSS vs Ent docs (#12006)
* Add CTS OSS and Ent feature comparision chart

* Mention CTS Ent in intro

* Update CTS install page with Ent and tab install options

* Clarify local workspaces and add Collaboration row

* Oxford comma, rename to Automation Driver, install +ent ctx

* Update website/content/docs/nia/installation/install.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Melissa Kam <3768460+mkam@users.noreply.github.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Remove self-hosted row and add TFE explicitly

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Melissa Kam <3768460+mkam@users.noreply.github.com>
2022-01-11 13:31:06 -06:00
Chris S. Kim a0acf9978f
Fix races in anti-entropy tests (#12028) 2022-01-11 14:28:51 -05:00
Kim Ngo 5ebfe1b4ab
Clarify CTS monitoring of service and instances (#12008)
* Clarify CTS monitoring of service and instances

Co-authored-by: Michael Wilkerson <62034708+wilkermichael@users.noreply.github.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-01-11 13:06:13 -06:00
Blake Covarrubias e3f36ad45c docs: Fix spelling errors 2022-01-11 09:37:09 -08:00
mrspanishviking 79170d9731
Merge pull request #11983 from hashicorp/resolver_examples
docs: added another resolver example for DC and namespace failover
2022-01-11 10:27:57 -07:00
Chip Vaughn 47067b0256 Fixing CircleCI issues and adding Partition CLI links 2022-01-11 11:46:50 -05:00
Mike Morris 1b1a97e8f9
ingress: allow setting TLS min version and cipher suites in ingress gateway config entries (#11576)
* xds: refactor ingress listener SDS configuration

* xds: update resolveListenerSDS call args in listeners_test

* ingress: add TLS min, max and cipher suites to GatewayTLSConfig

* xds: implement envoyTLSVersions and envoyTLSCipherSuites

* xds: merge TLS config

* xds: configure TLS parameters with ingress TLS context from leaf

* xds: nil check in resolveListenerTLSConfig validation

* xds: nil check in makeTLSParameters* functions

* changelog: add entry for TLS params on ingress config entries

* xds: remove indirection for TLS params in TLSConfig structs

* xds: return tlsContext, nil instead of ambiguous err

Co-authored-by: Chris S. Kim <ckim@hashicorp.com>

* xds: switch zero checks to types.TLSVersionUnspecified

* ingress: add validation for ingress config entry TLS params

* ingress: validate listener TLS config

* xds: add basic ingress with TLS params tests

* xds: add ingress listeners mixed TLS min version defaults precedence test

* xds: add more explicit tests for ingress listeners inheriting gateway defaults

* xds: add test for single TLS listener on gateway without TLS defaults

* xds: regen golden files for TLSVersionInvalid zero value, add TLSVersionAuto listener test

* types/tls: change TLSVersion to string

* types/tls: update TLSCipherSuite to string type

* types/tls: implement validation functions for TLSVersion and TLSCipherSuites, make some maps private

* api: add TLS params to GatewayTLSConfig, add tests

* api: add TLSMinVersion to ingress gateway config entry test JSON

* xds: switch to Envoy TLS cipher suite encoding from types package

* xds: fixup validation for TLSv1_3 min version with cipher suites

* add some kitchen sink tests and add a missing struct tag

* xds: check if mergedCfg.TLSVersion is in TLSVersionsWithConfigurableCipherSuites

* xds: update connectTLSEnabled comment

* xds: remove unsued resolveGatewayServiceTLSConfig function

 * xds: add makeCommonTLSContextFromLeafWithoutParams

* types/tls: add LessThan comparator function for concrete values

* types/tls: change tlsVersions validation map from string to TLSVersion keys

* types/tls: remove unused envoyTLSCipherSuites

* types/tls: enable chacha20 cipher suites for Consul agent

* types/tls: remove insecure cipher suites from allowed config

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 are both explicitly listed as insecure and disabled in the Go source.

Refs https://cs.opensource.google/go/go/+/refs/tags/go1.17.3:src/crypto/tls/cipher_suites.go;l=329-330

* types/tls: add ValidateConsulAgentCipherSuites function, make direct lookup map private

* types/tls: return all unmatched cipher suites in validation errors

* xds: check that Envoy API value matching TLS version is found when building TlsParameters

* types/tls: check that value is found in map before appending to slice in MarshalEnvoyTLSCipherSuiteStrings

* types/tls: cast to string rather than fmt.Printf in TLSCihperSuite.String()

* xds: add TLSVersionUnspecified to list of configurable cipher suites

* structs: update note about config entry warning

* xds: remove TLS min version cipher suite unconfigurable test placeholder

* types/tls: update tests to remove assumption about private map values

Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2022-01-11 11:46:42 -05:00
Jasmine W a4af0a6bb0
Merge pull request #12002 from hashicorp/kubernetes-service-screenshot
added screenshot of k8s service
2022-01-11 11:34:00 -05:00
Jasmine W 665c9933ce
Merge pull request #11995 from hashicorp/l7-routing-screenshots
Adding UI screenshots to L7 overview
2022-01-11 11:33:20 -05:00
Chip Vaughn c20050c883 Correcting CLI links and grammer changes part 2 2022-01-11 11:26:05 -05:00
Hannah Hearth 9a4763bfbf Add CTS and API Gateway to docs on tools page 2022-01-11 10:22:30 -06:00
Jasmine W a5c63acb62
Update website/content/docs/connect/config-entries/service-splitter.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-11 11:18:49 -05:00
Jasmine W 88d752e41e
Update website/content/docs/connect/config-entries/service-router.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-11 11:18:43 -05:00
Jasmine W 8c440d181f
Update website/content/docs/connect/config-entries/service-resolver.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-11 11:18:36 -05:00
Jasmine W 4aeee82661 pushing for circleci 2022-01-11 11:16:24 -05:00
Chip Vaughn 738016b3b0 Correcting CLI links and grammer changes 2022-01-11 10:41:48 -05:00
Chip Vaughn 4d6128d28d Correcting CLI links and grammer changes 2022-01-11 10:37:48 -05:00
Chip Vaughn 9f629ae7e5 Editing links and grammer changes 2022-01-11 10:36:09 -05:00
Kenia aaace559e2
ui: Adding Partition to topology card (#11805) 2022-01-11 10:04:06 -05:00
Matt Siegel 565bfce4ac Added some missing ACL info, updated details around some permissions, added missing HTTP API refs 2022-01-11 09:41:54 -05:00
Dao Thanh Tung 88c7cfa578
URL-encode/decode resource names for HTTP API part 2 (#11957) 2022-01-11 08:52:45 -05:00
Matt Siegel f7b1208fc3 Fixed absolute links to HTTP apis. 2022-01-11 08:26:58 -05:00
John Cowen 78e9c0d2d9
ui: Ensure the partition is passed through to the request for the SSO auth URL (#11979)
* Make sure the mocks reflect the requested partition/namespace

* Ensure partition is passed through to the HTTP adapter

* Pass AuthMethod object through to TokenSource in order to use Partition

* Change up docs and add potential improvements for future

* Pass the query partition back onto the response

* Make sure the OIDC callback mock returns a Partition

* Enable OIDC provider mock overwriting during acceptance testing

* Make sure we can enable partitions and SSO post bootup only required

...for now

* Wire up oidc provider mocking

* Add SSO full auth flow acceptance tests
2022-01-11 11:02:46 +00:00
Anthony 1ad3ed3a2b
docs: Add CodeBlockConfig to network coordinates page 2022-01-10 22:13:27 -08:00