Commit Graph

462 Commits (ca2e7c2039c8b1368a9d2141b117e35108f6a15a)

Author SHA1 Message Date
Blake Covarrubias e92ae681c6 docs: Fix broken URLs in Helm docs
- Fix anchors for client.extraEnvironmentVars and
server.extraEnvironmentVars.
- Change extraEnvironmentVars data type to `map`.
- Fix external link to kubernetes.io under
connectInject.namespaceSelector.
2020-12-08 11:13:29 -08:00
Max G 1a3dd325ee docs: reword lack of additional required files 2020-12-05 16:47:41 -08:00
Mike Morris 92465e67a7
Merge pull request #9273 from hashicorp/merge/release-1.9.0
merge: release/1.9.0
2020-12-02 17:34:10 -05:00
Seth Hoenig 0f2c396334
docs: fix mispelling in connect upstream docs (#9297) 2020-11-30 08:26:08 -08:00
Rob Taylor 0178a4d0f1
Fix typo in explanation of connect command (#9295)
Change `Connect Connect` to `Consul Connect, which is consistent with the command output as shown on this page.
2020-11-30 09:54:59 -06:00
Hans Hasselberg 44674bcdf8
fix serf_wan documentation (#9289)
WAN config is different than LAN config, source of truth is
f72d2042a8/config.go (L315-L326)
and now the docs are correct.
2020-11-27 20:49:43 +01:00
David Yu 6e0f51cd5f
Bump supported chart to 0.27.0 for Consul 1.9 (#9279)
* Bump supported chart to 0.27.0 for Consul 1.9
2020-11-25 16:33:21 -08:00
Mike Morris ab927d5480 Merge pull request #9270 from hashicorp/release/1.9.0
merge: release/1.9.0 back into 1.9.x
2020-11-24 17:36:47 -05:00
David Yu fc4e115380
docs: adding Consul 1.9.x to compat matrix and link to Envoy compat matrix (#9263)
* Adding Consul 1.9.x to compat matrix and link to Envoy compat matrix

Adding 1.9.x and link to Envoy compat matrix
2020-11-24 10:49:53 -08:00
Daniel Nephin 341552198e docs: deprecate some old filter parameters
The filtering can be done with the general purpose `filter` query parameter.
2020-11-23 18:23:58 -05:00
Kit Patella 0ba7f4ce39
Merge pull request #9261 from hashicorp/telemetry/fix-missing-and-stale-docs-2
Telemetry/fix missing and stale docs
2020-11-23 13:34:19 -08:00
Hans Hasselberg 57701695c3 add missing descriptions for metrics 2020-11-23 22:06:30 +01:00
Daniel Nephin 6751d51aa3 docs: mark streaming as experimental 2020-11-23 15:59:47 -05:00
Kit Patella fcec25de40 add entries for missing fsm operations and mark duplicated metrics prefixes as deprecated 2020-11-23 12:42:51 -08:00
Sabeen Syed cfbefc45f0
Update NIA architecture image (#9180) 2020-11-23 01:47:58 -06:00
Kit Patella c6b29a8bba
Merge pull request #9245 from hashicorp/telemetry/fix-missing-and-stale-docs
Telemetry/fix missing and stale docs
2020-11-20 12:54:29 -08:00
Kit Patella 5c09dc322e add telemetry and definition help entries for missing catalog and acl metrics 2020-11-19 13:29:44 -08:00
R.B. Boyer 7c7a3e5165
command: when generating envoy bootstrap configs use the datacenter returned from the agent services endpoint (#9229)
Fixes #9215
2020-11-19 15:27:31 -06:00
Kit Patella 9e54e897d7 remove stale entries and rename/define acl.resolveToken 2020-11-19 13:06:28 -08:00
Freddy fd5928fa4e
Require operator:write to get Connect CA config (#9240)
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.

--

This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
2020-11-19 10:14:48 -07:00
Kit Patella 0cc8d8e0a1
Merge pull request #9091 from scellef/correct-upgrade-guide
Correcting text on when default was changed in Consul
2020-11-18 16:54:48 -08:00
Nitya Dhanushkodi d24be614e5
Add docs for envoyExtraArgs (#9206) 2020-11-18 15:40:39 -08:00
Matt Keeler 66fd23d67f
Refactor to call non-voting servers read replicas (#9191)
Co-authored-by: Kit Patella <kit@jepsen.io>
2020-11-17 10:53:57 -05:00
Matt Keeler 946cc0b82a
[docs] Change links to the DNS information to the right place (#8675)
The redirects were working in many situations but some (INTERNALS.md) was not. This just flips everything over to using the real link.
2020-11-17 10:03:00 -05:00
Luke Kysow 11db2b37c3
Docs for upgrading to CRDs (#9176)
* Add Upgrading to CRDs docs
2020-11-13 15:19:21 -08:00
Kent 'picat' Gruber 53e0683ae6
Merge pull request #9106 from hashicorp/security-model-docs-revamp
Revamp Security Model Documentation
2020-11-13 17:30:24 -05:00
Mike Morris 96df6a7bf5 Merge pull request #9155 from hashicorp/release/1.9.0-beta3
merge: 1.9.0-beta3
2020-11-13 16:45:50 -05:00
Kyle Schochenmaier a3653a7ae2
Docs: for consul-k8s health checks (#8819)
* docs for consul-k8s health checks

Co-authored-by: Derek Strickland <1111455+DerekStrickland@users.noreply.github.com>
Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2020-11-12 16:55:44 -06:00
Nitya Dhanushkodi 5d31e2d766
Update compatibility matrix
Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com>
2020-11-12 14:43:33 -08:00
R.B. Boyer 61eac21f1a
agent: return the default ACL policy to callers as a header (#9101)
Header is: X-Consul-Default-ACL-Policy=<allow|deny>

This is of particular utility when fetching matching intentions, as the
fallthrough for a request that doesn't match any intentions is to
enforce using the default acl policy.
2020-11-12 10:38:32 -06:00
Paul Banks 3f37a3132e
Update ui-visualization.mdx 2020-11-12 15:52:24 +00:00
Matt Keeler 7ef9b04f90
Add a CLI command for retrieving the autopilot configuration. (#9142) 2020-11-11 13:19:02 -05:00
Joel Watson 81fb937e4f
Merge pull request #9098 from hashicorp/watsonian/kv-size-breakdown
Add detailed key size breakdown to snapshot inspect
2020-11-11 11:34:45 -06:00
Joel Watson 2e654a1759 docs: add warning in 0.9.0 upgrade notes 2020-11-11 09:23:43 -05:00
Joel Watson 6957056911 Missed a spot with old params in docs 2020-11-10 11:22:45 -06:00
Joel Watson 1ef259b093 Rename params to better reflect their purpose 2020-11-10 10:44:09 -06:00
Joel Watson 5ad0db73c8 Make docs for params clearer 2020-11-10 10:35:24 -06:00
Matt Keeler 361fe3ad20
Add some autopilot docs and update the changelog (#9139) 2020-11-09 14:14:19 -05:00
Matt Keeler c048e86bb2
Switch to using the external autopilot module 2020-11-09 09:22:11 -05:00
Mike Morris 75019baadd
chore: upgrade to gopsutil/v3 (#9118)
* deps: update golang.org/x/sys

* deps: update imports to gopsutil/v3

* chore: make update-vendor
2020-11-06 20:48:38 -05:00
Mike Morris 9875846509
website: update callout to 1.9.0-beta2 (#9131) 2020-11-06 20:39:25 -05:00
Kent 'picat' Gruber 81efada5c3 Adjust the ACLs requirement section wording and add link to ACL docs
It's better to avoid the ambiguous Vault statement that was not clarified and drop the loaded "roles" term in favor of "capabilities" since the ACL system is described as capability-based in previous ACL documentation.
2020-11-06 16:25:21 -05:00
Paul Banks b5dbeff784
UI Metrics documentation (#9048)
* UI Metrics documentation

* Update website/pages/docs/connect/observability/ui-visualization.mdx

* Fix some review comments

* Fix review comments

* Apply suggestions from code review

Co-authored-by: R.B. Boyer <rb@hashicorp.com>

Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2020-11-06 20:32:28 +00:00
Kent 'picat' Gruber facd48b486 Use the EnterpriseAlert inline widget 2020-11-06 10:47:22 -05:00
Kent 'picat' Gruber fd29187499 Add mention of auto_encrypt to mTLS requirements 2020-11-06 10:15:26 -05:00
Kent 'picat' Gruber c7c151f789 Fix sublist format for client agent threats 2020-11-05 16:41:15 -05:00
Kent 'picat' Gruber 05b34a3cf0 Add link to the keygen command 2020-11-05 16:34:32 -05:00
Kent 'picat' Gruber a06768f582 Use short link to keyring command 2020-11-05 16:33:04 -05:00
Kent 'picat' Gruber d0e4e7a6ff Add link to default_policy with code format to ACLs requirement section 2020-11-05 16:30:00 -05:00
Kent 'picat' Gruber cc58a73716 Cleanup verify_server_hostname mTLS requirement 2020-11-05 16:27:23 -05:00
Kent 'picat' Gruber e0a9e329e5 Add extra clarification around verify_incoming_https for localhost
In many cases access to localhost is restricted to trusted/privellged actors only
2020-11-05 16:20:41 -05:00
Kent 'picat' Gruber 84a345324c Fix inline links + format in mTLS requirements section 2020-11-05 16:09:07 -05:00
Kent 'picat' Gruber 7a7f0425a1 Capitalize enterprise and add link to enerprise docs 2020-11-05 16:03:14 -05:00
Kent 'picat' Gruber e51dbbf529 Soften language by replacing utilize with use 2020-11-05 15:59:53 -05:00
Kim Ngo 52f3714c7a
Fix NIA doc links (#9110)
fix config link and anchor
2020-11-05 13:35:57 -06:00
Joel Watson 52ea53f95e Update docs with new flags 2020-11-05 10:31:36 -06:00
Kent 'picat' Gruber 8c2f2ca806 Actually fix spelling of recommendations
I obviously have no idea how to spell this word
2020-11-05 11:13:14 -05:00
Kent 'picat' Gruber 2d0be0c7a0 Fix spelling of recomendations
Thank you @rboyer!
2020-11-04 17:44:51 -05:00
Kent 'picat' Gruber 961f475de2 Revamp security model documentation 2020-11-04 17:05:44 -05:00
Sean Ellefson acc6cfaaf6 Correcting text on when default was changed in Consul 2020-11-02 15:10:34 -08:00
s-christoff 79ce24e9fc
cli: Add JSON and Pretty Print formatting for `consul snapshot inspect` (#9006) 2020-10-29 11:31:14 -05:00
Kim Ngo a670f7a098
docs: Add links in CTS docs for the community to get involved (#9060) 2020-10-29 10:07:20 -05:00
Daniel Nephin 7b9ee25956
Merge pull request #9026 from hashicorp/dnephin/streaming-without-cache-query-param
streaming: rename config and remove requirement for cache=1
2020-10-28 12:33:25 -04:00
Daniel Nephin 62c9124011 docs: Add the new metrics to telemetry.mdx 2020-10-27 16:49:50 -04:00
Kevin Pruett 5637683f5d
Merge pull request #9021 from hashicorp/pruett.alertbanner-exp
Expose `expirationDate` prop in <AlertBanner/>
2020-10-26 16:08:23 -04:00
Kim Ngo 47009930a2
NIA: add Terraform version compatibility (#9023) 2020-10-26 09:46:34 -05:00
Daniel Nephin 853667e7d8 health: change the name of UseStreamingBackend config
Remove it from the cache section, and update the docs.
2020-10-23 17:47:01 -04:00
Kevin Pruett 6a946ec6e4
Expose `expirationDate` prop in <AlertBanner/> 2020-10-23 11:19:41 -04:00
James Light 5b10046418
Update managed-deprecated.mdx (#9016)
fix typo / spell checker replacing w/ wrong word
2020-10-23 10:54:16 -04:00
R.B. Boyer a2c50d3303
connect: add support for envoy 1.16.0, drop support for 1.12.x, and bump point releases as well (#8944)
Supported versions will be: "1.16.0", "1.15.2", "1.14.5", "1.13.6"
2020-10-22 13:46:19 -05:00
Kim Ngo 8ffebeb793
NIA: document daemon exiting on task errors (#8985) 2020-10-22 13:22:55 -05:00
Blake Covarrubias 0c6d1ff3c9
Add extraEnvironmentVars and client.affinity to Helm values (#8997)
Document client.extraEnvironmentVars, server.extraEnvironmentVars, and
client.affinity Helm chart values.

Remove deprecated connectInject.imageEnvoy and meshGateway.imageEnvoy
values.
2020-10-21 23:28:39 -07:00
Blake Covarrubias bdd5e1e2a8 docs: Remove sentence about pluggable CAs
Consul's Connect CA documentation mentions future releases will
support a pluggable CA system. This sentence has existed in the docs
for over two years, however there are currently no plans to develop
this feature on the near-term roadmap.

This commit removes this sentence to avoid giving the impression that
this feature will be available in an upcoming release.
2020-10-20 11:51:22 -07:00
Sabeen Syed 37cfa479d8
Update links (#8949) 2020-10-19 14:38:10 -05:00
Sabeen Syed a3f8aa20dd
Add A10 and Checkpoint TF modules (#8950) 2020-10-15 16:11:09 -05:00
Luke Kysow 812fe06d6c
Update to CRD docs (#8956)
* Update to CRD docs

* Update website/pages/docs/k8s/crds.mdx

* Modify proxy default and service default protocols

Carry over from previous PR that I forgot to submit a review/suggestion to, TCP and HTTP are not valid protocols for Proxy Defaults and Service Defaults

kubectl apply -f sdefault.yml
Error from server: error when creating "sdefault.yml": admission webhook "mutate-servicedefaults.consul.hashicorp.com" denied the request: servicedefaults.consul.hashicorp.com "your-service-name" is invalid: spec.expose.paths[0].protocol: Invalid value: "tcp": must be one of "http", "http2"


kubectl apply -f sdefault.yml
Error from server: error when creating "sdefault.yml": admission webhook "mutate-servicedefaults.consul.hashicorp.com" denied the request: servicedefaults.consul.hashicorp.com "your-service-name" is invalid: spec.expose.paths[0].protocol: Invalid value: "tcp": must be one of "http", "http2"

Co-authored-by: David Yu <dyu@hashicorp.com>
2020-10-15 10:35:26 -07:00
Kit Patella dc8beffb48 truncate jepsen.mdx log for length 2020-10-14 13:13:38 -07:00
R.B. Boyer f0d47ded95
docs: all intention documentation updates (#8869) 2020-10-14 10:23:05 -05:00
Preetha 891c4026c1
Merge pull request #8920 from hashicorp/crd-docs
CRD Docs
2020-10-14 09:42:45 -05:00
Luke Kysow 3ba38fb4be
CRD docs 2020-10-13 17:00:24 -07:00
Luke Kysow bfcd9a5ee3
Recommend using vault token auto-renew in 1.8.5 (#8945) 2020-10-13 16:18:19 -07:00
Peter M 05665e0b84
Add files via upload
updating logo grid image
2020-10-13 15:16:34 -07:00
Kyle Havlovitz 659c4fa941
Merge pull request #8943 from hashicorp/vault-renew-docs
docs: Add a note about auto-renewing the Vault token
2020-10-13 14:36:44 -07:00
Mike Morris 1b2518a358
website: add v1.9.0-beta1 download callout (#8939) 2020-10-13 17:33:49 -04:00
Kyle Havlovitz 2b0713b34d docs: Add a note about auto-renewing the Vault token 2020-10-13 14:25:42 -07:00
Paul Banks f1fd722b81
Add ui metrics config docs (#8921)
* Add ui metrics docs

* Update website/pages/docs/agent/options.mdx

Co-authored-by: R.B. Boyer <rb@hashicorp.com>

Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2020-10-13 22:11:12 +01:00
Sabeen Syed 52498e8d27
Remove email address (#8931) 2020-10-13 13:16:06 -05:00
Kim Ngo fa76fb40f6
Add docs on what activates task execution (#8936) 2020-10-13 11:47:30 -05:00
Lorna Song 1b4d76da52 Update Requirements doc: Terraform module links
Update "Using Terraform Modules" with latest module links from partners
2020-10-13 09:26:39 -06:00
Brandon Romano d39830a667 Plugs in proper links for NIA page 2020-10-12 20:39:34 -07:00
Brandon Romano 2f4f93a383 Fix failed build 2020-10-12 19:38:43 -07:00
Peter M cb84904afb Update network-infrastructure-automation.jsx 2020-10-12 19:20:48 -07:00
pcmccarron 61f62acc9a updating use case pages 2020-10-12 19:20:48 -07:00
pcmccarron 3d3a29c72d updating NIA use case page 2020-10-12 19:20:48 -07:00
Iryna Shustava 4ce6f918a9
Update compatibility matrix (#8928) 2020-10-12 18:03:54 -07:00
Iryna Shustava 482402c2de
docs: add Helm docs for openshift; also add other missing Helm docs (#8833) 2020-10-12 16:35:20 -07:00
Sabeen Syed 7339a13c30
Update a link and reword some sentences (#8925)
Update PANOS link
Update sentences
2020-10-12 17:40:01 -05:00
Ricardo Oliveira a1cf7889e5
Update service-defaults.mdx (#8780) 2020-10-09 13:43:52 -07:00
s-christoff 9bb348c6c7
Enhance the output of consul snapshot inspect (#8787) 2020-10-09 14:57:29 -05:00
Ashwin Venkatesh 79fc29788a Initial docs commit 2020-10-09 15:54:15 -04:00