* update main apigw overview
* moved the tech specs to main gw folder
* merged tech specs into single topic
* restructure nav part 1
* fix typo in nav json file
* moved k8s install up one level
* restructure nav part 2
* moved and created all listeners and routes content
* moved errors ref and upgrades
* fix error in upgrade-k8s link
* moved conf refs to appropriate spots
* updated conf overview
* fixed some links and bad formatting
* fixed link
* added JWT on VMs usage page
* added JWT conf to APIGW conf entry
* added JWTs to HTTP route conf entry
* added new gatwaypolicy k8s conf reference
* added metadesc for gatewaypolicy conf ref
* added http route auth filter k8s conf ref
* added http route auth filter k8s conf ref to nav
* updates to k8s route conf ref to include extensionRef
* added JWTs usage page for k8s
* fixed link in gwpolicy conf ref
* added openshift installation info to installation pages
* fixed bad link on tech specs
* Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
* fixed VerityClaims param
* best guess at verifyclaims params
* tweaks to gateway policy dconf ref
* Docs/ce 475 retries timeouts for apigw (#19086)
* added timeout and retry conf ref for k8s
* added retry and TO filters to HTTP routes conf ref for VMs
* Apply suggestions from code review
Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>
* fix copy/paste error in http route conf entry
---------
Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>
* update links across site and add redirects
* Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Thomas Eckert <teckert@hashicorp.com>
* Applied feedback from review
* Apply suggestions from code review
* Apply suggestions from code review
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
* Update CRD configuration for responseHeaderModifiers
* Update Config Entry for http-route
* Add ResponseFilter example to service
* Update website/redirects.js
errant curly brace breaking the preview
* fix links and bad MD
* fixed md formatting issues
* fix formatting errors
* fix formatting errors
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
* Apply suggestions from code review
* fixed typo
* Fix headers in http-route
* Apply suggestions from code review
Co-authored-by: John Maguire <john.maguire@hashicorp.com>
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
---------
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>
Co-authored-by: Thomas Eckert <teckert@hashicorp.com>
Co-authored-by: John Maguire <john.maguire@hashicorp.com>
* updated nav; renamed L7 traffic folder
* Added locality-aware routing to traffic mgmt overview
* Added route to local upstreams topic
* Updated agent configuration reference
* Added locality param to services conf ref
* Added locality param to conf entries
* mentioned traffic management in proxies overview
* added locality-aware to failover overview
* added docs for service rate limiting
* updated service defaults conf entry
* Apply suggestions from code review
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
* Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
* updated links and added redirects
---------
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Replaces unicode quotation marks with ASCII quotation marks.
For code examples, this fixes HCL decoding errors that would otherwise
be raised when attempting to read the file.
This commit fixes syntax errors in HCL, JSON, and YAML example
configurations. In some cases, it replaces the code example with the
proper format for the code block.
Also fixes HCL formatting and misc opportunistic updates to codeblock.
Co-authored-by: Tu Nguyen <im2nguyen@gmail.com>
* first commit; reformat PD conf entry
* updated proxies overview page
* added Deploy SM proxy usage and removed reg index
* moved sidecar proxy usage to main proxy folder
* recast sidecar reg page as Deploy sidecar services
* fix typos
* recast SM reg as conf reference- set the sidebar
* add redirects
* fix links
* add PD conf entry usage to appropro pages
* edits to proxy conf ref
* fix links on index page
* example command to write PD conf entry
* updated links to old SM proxy reg page
* updated links to sidecar service reg page
* tryna fix front matter issues
* Apply suggestions from code review
Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com>
* added paragraph about SM proxies to overivew
* Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
---------
Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* fix broken link caught in weekly report
* Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
---------
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
The `grep` command used to obtain the ID for the terminating gateway
role is not reliable in all scenarios. For example, if there is a
similarly named role, the command may return the wrong role ID for the
active terminating gateway instance.
This commit updates the command to use jq to obtain the role ID. If
multiple roles are found, jq will raise an error informing the user
that it cannot reliably determine the role ID.
Doc guidance for federation with externalServers
Add guidance for proper configuration when joining to a secondary
cluster using WAN fed with external servers also enabled.
Also clarify federation requirements and fix formatting for an
unrelated value.
Update both the Helm chart reference (synced from `consul-k8s`, see
hashicorp/consul-k8s#2583) and the docs on using `externalServers`.
* Docs for dataplane upgrade on k8s
---------
Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
* Fix formatting for webhook-certs Consul tutorial
* Make a small grammar change to also pick up whitespace changes necessary for formatting
---------
Co-authored-by: David Yu <dyu@hashicorp.com>
* porting over changes from enterprise repo to oss
* applied feedback on service mesh for k8s overview
* fixed typo
* removed ent-only build script file
* Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
---------
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
* add docs for consul-k8s config read command
This PR adds documentation for the functionality introduced in
https://github.com/hashicorp/consul-k8s/pull/2078.
* add output
---------
Co-authored-by: David Yu <dyu@hashicorp.com>
Remove outdated usage of "Consul Connect" instead of Consul service mesh.
The connect subsystem in Consul provides Consul's service mesh capabilities.
However, the term "Consul Connect" should not be used as an alternative to
the name "Consul service mesh".
* converted intentions conf entry to ref CT format
* set up intentions nav
* add page for intentions usage
* final intentions usage page
* final intentions overview page
* fixed old relative links
* updated diagram for overview
* updated links to intentions content
* fixed typo in updated links
* rename intentions overview page file to index
* rollback link updates to intentions overview
* fixed nav
* Updated custom HTML in API and CLI pages to MD
* applied suggestions from review to index page
* moved conf examples from usage to conf ref
* missed custom HTML section
* applied additional feedback
* Apply suggestions from code review
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
* updated headings in usage page
* renamed files and udpated nav
* updated links to new file names
* added redirects and final tweaks
* typo
---------
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
* Fix broken links in Consul docs
* more broken link fixes
* more 404 fixes
* 404 fixes
* broken link fix
---------
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
* First cluster grpc service should be NodePort
This is based on the issue opened here https://github.com/hashicorp/consul-k8s/issues/1903
If you follow the documentation https://developer.hashicorp.com/consul/docs/k8s/deployment-configurations/single-dc-multi-k8s exactly as it is, the first cluster will only create the consul UI service on NodePort but not the rest of the services (including for grpc). By default, from the helm chart, they are created as headless services by setting clusterIP None. This will cause an issue for the second cluster to discover consul server on the first cluster over gRPC as it cannot simply cannot through gRPC default port 8502 and it ends up in an error as shown in the issue https://github.com/hashicorp/consul-k8s/issues/1903
As a solution, the grpc service should be exposed using NodePort (or LoadBalancer). I added those changes required in both cluster1-values.yaml and cluster2-values.yaml, and also a description for those changes for the normal users to understand. Kindly review and I hope this PR will be accepted.
* Update website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
* Update website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
* Update website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
---------
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
* Update the consul-k8s cli docs for the new `proxy log` subcommand
* Updated consul-k8s docs from PR feedback
* Added proxy log command to release notes
* converted main services page to services overview page
* set up services usage dirs
* added Define Services usage page
* converted health checks everything page to Define Health Checks usage page
* added Register Services and Nodes usage page
* converted Query with DNS to Discover Services and Nodes Overview page
* added Configure DNS Behavior usage page
* added Enable Static DNS Lookups usage page
* added the Enable Dynamic Queries DNS Queries usage page
* added the Configuration dir and overview page - may not need the overview, tho
* fixed the nav from previous commit
* added the Services Configuration Reference page
* added Health Checks Configuration Reference page
* updated service defaults configuraiton entry to new configuration ref format
* fixed some bad links found by checker
* more bad links found by checker
* another bad link found by checker
* converted main services page to services overview page
* set up services usage dirs
* added Define Services usage page
* converted health checks everything page to Define Health Checks usage page
* added Register Services and Nodes usage page
* converted Query with DNS to Discover Services and Nodes Overview page
* added Configure DNS Behavior usage page
* added Enable Static DNS Lookups usage page
* added the Enable Dynamic Queries DNS Queries usage page
* added the Configuration dir and overview page - may not need the overview, tho
* fixed the nav from previous commit
* added the Services Configuration Reference page
* added Health Checks Configuration Reference page
* updated service defaults configuraiton entry to new configuration ref format
* fixed some bad links found by checker
* more bad links found by checker
* another bad link found by checker
* fixed cross-links between new topics
* updated links to the new services pages
* fixed bad links in scale file
* tweaks to titles and phrasing
* fixed typo in checks.mdx
* started updating the conf ref to latest template
* update SD conf ref to match latest CT standard
* Apply suggestions from code review
Co-authored-by: Eddie Rowe <74205376+eddie-rowe@users.noreply.github.com>
* remove previous version of the checks page
* fixed cross-links
* Apply suggestions from code review
Co-authored-by: Eddie Rowe <74205376+eddie-rowe@users.noreply.github.com>
---------
Co-authored-by: Eddie Rowe <74205376+eddie-rowe@users.noreply.github.com>
* Update ingress-gateways.mdx
Added an example of running the HELM install for the ingress gateways using values.yaml
* Apply suggestions from code review
* Update ingress-gateways.mdx
Adds closing back ticks on example command. The suggesting UI strips them out.
---------
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
* Remove Consul Client installation option
With Consul-K8S 1.0 and introduction of Consul-Dataplane, K8S has
the option to run without running Consul Client agents.
* remove note referring to the same documentation
* Added instructions on the use of httpsPort when servers are not running TLS enabled
* Modified titile and description
The generate_lease=true configuration is unnecessary and generates a note about performance implications in Vault logs. Remove this configuration so that the default value of generate_lease=false is used instead.
* update docs to reflect vault and consul compatibility
* Update website/content/docs/connect/ca/vault.mdx
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
* Apply suggestions from code review
* Apply suggestions from code review
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
* Fixing CLI instructions so that the installing a cluster that is embedded in the mac instructions is moved outside of the tabbed instructions.
Co-authored-by: boruszak <jeffrey.boruszak@hashicorp.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
* added usage folder to organize use case docs for CAPIgw
* Add peer field to MeshService configuration page
* Add first pass at guide for routing to peered services
* Add exception to same-datacenter restriction for referenced Consul service
* Add example HTTPRoute referencing the MeshService as backendRef
* Add example ServiceResolver
* Add note about current ServiceResolver requirement
ServiceResolver may eventually be created implicitly by the API gateway controller, but that decision is pending.
* tweaks to the usage page for routing to peered services
* tweaks to the description in the configuration reference
* resolved TO-DOs from previous iteration
* Remove datacenter federation from limited support matrix
* added tolerations doc
* Remove note excluding k8s 1.24 since we now support it
* Reorder sections to maintain alphabetical sort
* Add example configuration for MeshService resource
* Adjust wording + indentation of other docs
* Use consistent "example-" prefix for resource names in example code
* reframed the tolerations documentation; STILL A WIP
* add helm chart documentation
* removed tolerations from gwcconfig configuration model reference
* Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* update version to 0.5.0
* Update install.mdx
* added release notes for v.0.5.x
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>
* Consul Architecture update
* Consul on Kubernetes architecture
* Install Consul on Kubernetes with Helm updates
* Vault as the Secrets Backend Data Integration
* Kubernetes Service Mesh Overview
* Terminating Gateways
* Fully updated
* Join external service to k8s
* Consul on Kubernetes
* Configure metrics for Consul on Kubernetes
* Service Sync for Consul on Kubernetes
* Custom Resource Definitions for Consul on k8s
* Upgrading Consul on Kubernetes Components
* Rolling Updates to TLS
* Dataplanes diagram
* Upgrade instructions
* k8s architecture page updates
* Update website/content/docs/k8s/connect/observability/metrics.mdx
Co-authored-by: Riddhi Shah <riddhi@hashicorp.com>
* Update website/content/docs/architecture/index.mdx
* Update website/content/docs/k8s/connect/terminating-gateways.mdx
* CRDs
* updating version numbers
* Updated example config
* Image clean up
* Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
* Update website/content/docs/k8s/architecture.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: Riddhi Shah <riddhi@hashicorp.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
* Update guidance for vault PKI CA provider
* clarify workarounds if already using vault 1.11+
* Update website/content/docs/connect/ca/vault.mdx
* Update website/content/docs/k8s/connect/connect-ca-provider.mdx
* Update website/content/docs/k8s/deployment-configurations/vault/data-integration/connect-ca.mdx
* Apply suggestions from code review
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
* add suggestion from Matt
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
David Yu