luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

fixed merge conflicts pt2

This commit is contained in:
trujillo-adam 2022-03-15 14:01:24 -07:00
parent 60a88bb40f 7fb5e7b6f1
commit 33d0ed5e96
14 changed files with 611 additions and 1087 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
website/content/commands/debug.mdx
View File

@ -78,11 +78,7 @@ information when `debug` is running. By default, it captures all information.
| `members` | A list of all the WAN and LAN members in the cluster. |
| `metrics` | Metrics from the in-memory metrics endpoint in the target, captured at the interval. |
| `logs` | `DEBUG` level logs for the target agent, captured for the duration. |
<<<<<<< HEAD
| `pprof` | Golang heap, CPU, goroutine, and trace profiling. CPU profile is captured for `duration` in a single file, trace is captured for a single `interval`, while heap and goroutine are separate snapshots for each `interval`. This information is not retrieved unless [`enable_debug`](/docs/agent/options#enable_debug) is set to `true` on the target agent or ACLs are enable and an ACL token with `operator:read` is provided. |
=======
| `pprof` | Golang heap, CPU, goroutine, and trace profiling. CPU and traces are captured for `duration` in a single file while heap and goroutine are separate snapshots for each `interval`. This information is not retrieved unless [`enable_debug`](/docs/agent/config/config-files#enable_debug) is set to `true` on the target agent or ACLs are enable and an ACL token with `operator:read` is provided. |
>>>>>>> cd907b75cebdefe62a30986e0cdc7bd528c52159
## Examples

8
website/content/docs/agent/config-entries.mdx
View File

@ -56,14 +56,8 @@ See [Kubernetes Custom Resource Definitions](/docs/k8s/crds).
Configuration entries outside of Kubernetes should be managed with the Consul
[CLI](/commands/config) or [API](/api/config). Additionally, as a
convenience for initial cluster bootstrapping, configuration entries can be
<<<<<<< HEAD
specified in the Consul servers agent's
[configuration files](/docs/agent/options#config_entries_bootstrap)
=======
specified in all of the Consul servers's
convenience for initial cluster bootstrapping, configuration entries can be specified in all of the Consul servers's
[configuration files](/docs/agent/config/config-files#config_entries_bootstrap)
>>>>>>> cd907b75cebdefe62a30986e0cdc7bd528c52159
### Managing Configuration Entries with the CLI

1586
website/content/docs/agent/config/config-files.mdx
View File

File diff suppressed because it is too large Load Diff

7
website/content/docs/agent/index.mdx
View File

@ -135,12 +135,7 @@ $ consul agent -data-dir=/tmp/consul
- **Server**: This indicates whether the agent is running in server or client
mode.
Running an agent in server mode requires additional overhead. This is because they participate in the consensus quorum, store cluster state, and handle queries. A server may also be
<<<<<<< HEAD
in ["bootstrap"](/docs/agent/options#_bootstrap_expect) mode, which enables the server to elect itself as the Raft leader. Multiple servers cannot be in bootstrap mode because it would put the cluster in an inconsistent state.
=======
in ["bootstrap"](/docs/agent/config/cli-flags#_bootstrap_expect) mode, which enables the server to elect itselft as the Raft leader. Multiple servers cannot be in bootstrap mode because it would put the cluster in an inconsistent state.
>>>>>>> cd907b75cebdefe62a30986e0cdc7bd528c52159
Running an agent in server mode requires additional overhead. This is because they participate in the consensus quorum, store cluster state, and handle queries. A server may also be in [`bootstrap`](/docs/agent/config/cli-flags#_bootstrap_expect) mode, which enables the server to elect itself as the raft leader. Multiple servers cannot be in bootstrap mode because it would put the cluster in an inconsistent state.
- **Client Addr**: This is the address used for client interfaces to the agent.
This includes the ports for the HTTP and DNS interfaces. By default, this

7
website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters.mdx
View File

@ -33,15 +33,10 @@ Ensure that your Consul environment meets the following requirements.
* Consul [Connect](/docs/agent/config/config-files#connect) must be enabled in both datacenters.
* Each [datacenter](/docs/agent/config/config-files#datacenter) must have a unique name.
* Each datacenters must be [WAN joined](https://learn.hashicorp.com/tutorials/consul/federarion-gossip-wan).
<<<<<<< HEAD
* The [primary datacenter](/docs/agent/options#primary_datacenter) must be set to the same value in both datacenters. This specifies which datacenter is the authority for Connect certificates and is required for services in all datacenters to establish mutual TLS with each other.
* [gRPC](/docs/agent/options#grpc_port) must be enabled.
* If you want to [enable gateways globally](/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters#enabling-gateways-globally) you must enable [centralized configuration](/docs/agent/options#enable_central_service_config).
=======
* The [primary datacenter](/docs/agent/config/config-files#primary_datacenter) must be set to the same value in both datacenters. This specifies which datacenter is the authority for Connect certificates and is required for services in all datacenters to establish mutual TLS with each other.
* [gRPC](/docs/agent/config/config-files#grpc_port) must be enabled.
* If you want to [enable gateways globally](/docs/connect/mesh-gateway#enabling-gateways-globally) you must enable [centralized configuration](/docs/agent/config/config-files#enable_central_service_config).
>>>>>>> cd907b75cebdefe62a30986e0cdc7bd528c52159
* The [primary datacenter](/docs/agent/config/config-files#primary_datacenter) must be set to the same value in both datacenters. This specifies which datacenter is the authority for Connect certificates and is required for services in all datacenters to establish mutual TLS with each other.
### Network

10
website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions.mdx
View File

@ -23,16 +23,16 @@ Ensure that your Consul environment meets the following requirements.
### Consul
* Consul Enterprise version 1.11.0 or newer.
* A local Consul agent is required to manage its configuration.
<<<<<<< HEAD
* Consul service mesh must be enabled in all partitions. Refer to the [`connect` documentation](/docs/agent/options#connect) for details.
* Each partition must have a unique name. Refer to the [admin partitions documentation](/docs/enterprise/admin-partitions) for details.
* If you want to [enable gateways globally](/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters#enabling-gateways-globally) you must enable [centralized configuration](/docs/agent/options#enable_central_service_config).
=======
* Consul service mesh must be enabled in all partitions. Refer to the [`connect` documentation](/docs/agent/config/config-files#connect) for details.
* Each partition must have a unique name. Refer to the [admin partitions documentation](/docs/enteprise/admin-partitions) for details.
* If you want to [enable gateways globally](/docs/connect/mesh-gateway#enabling-gateways-globally) you must enable [centralized configuration](/docs/agent/config/config-files#enable_central_service_config).
>>>>>>> cd907b75cebdefe62a30986e0cdc7bd528c52159
### Proxy

9
website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx
View File

@ -126,14 +126,9 @@ connect {
}
```
<<<<<<< HEAD
The [`start_join_wan`](/docs/agent/options#start_join_wan) or [`retry_join_wan`](/docs/agent/options#retry_join_wan) are only used for the [traditional federation process](/docs/k8s/installation/multi-cluster#traditional-wan-federation). They must be omitted when federating Consul servers via gateways.
=======
Any references to [`start_join_wan`](/docs/agent/config/config-files#start_join_wan) or [`retry_join_wan`](/docs/agent/config/config-files#retry_join_wan) should be omitted.
>>>>>>> cd907b75cebdefe62a30986e0cdc7bd528c52159
References to [`start_join_wan`](/docs/agent/config/config-files#start_join_wan) or [`retry_join_wan`](/docs/agent/config/config-files#retry_join_wan) should be omitted.
-> The `primary_gateways` configuration can also use `go-discover` syntax just
like `retry_join_wan`.
-> The `primary_gateways` configuration can use the same `go-discover` syntax used in `retry_join_wan`.
### Bootstrapping

10
website/content/docs/discovery/dns.mdx
View File

@ -447,14 +447,8 @@ machine.node.dc1.test-domain. 0 IN A 127.0.0.1
machine.node.dc1.test-domain. 0 IN TXT "consul-network-segment="
```
<<<<<<< HEAD
-> **PTR queries:** Responses to PTR queries (`<ip>.in-addr.arpa.`) will always use the
[primary domain](/docs/agent/options#domain) (not the alternative domain),
=======
-> **PTR queries:** Responses to PTR queries (`<ip>.in-addr.arpa.`) will always use the
[primary domain](/docs/agent/config/config-files#domain) (not the alternative domain),
>>>>>>> cd907b75cebdefe62a30986e0cdc7bd528c52159
as there is no way for the query to specify a domain.
-> **PTR queries:** Responses to PTR queries (`<ip>.in-addr.arpa.`) always use the
[primary domain](/docs/agent/config/config-files#domain) and not the alternative domain. This is because the query cannot specify a domain.
## Caching

3
website/content/docs/enterprise/audit-logging.mdx
View File

@ -24,8 +24,7 @@ greater insight into Consul access and usage patterns.
For more experience leveraging Consul's audit logging functionality, explore our
HashiCorp Learn tutorial [Capture Consul Events with Audit Logging](https://learn.hashicorp.com/tutorials/consul/audit-logging).
For detailed configuration information on configuring the Consul Enterprise's audit
logging, review the Consul [Audit Log](/docs/agent/config/config-files#audit)
For detailed configuration information on configuring the Consul Enterprise's audit logging, review the Consul [Audit Log](/docs/agent/config/config-files#audit)
documentation.
## Example Configuration

32
website/content/docs/k8s/installation/deployment-configurations/servers-outside-kubernetes.mdx
View File

@ -6,31 +6,21 @@ description: Running Consul servers outside of Kubernetes
# Consul Servers Outside of Kubernetes
If you have a Consul cluster already running, you can configure your
Consul clients inside Kubernetes to join this existing cluster.
This topic describes how to configure your Consul clients inside Kubernetes to join an existing cluster.
The below `config.yaml` file shows how to configure the Helm chart to install
Consul clients that will join an existing cluster.
## Configuration Overview
The `global.enabled` value first disables all chart components by default
so that each component is opt-in. This allows us to _only_ setup the client
agents. We then opt-in to the client agents by setting `client.enabled` to
`true`.
In the following example `config.yaml` file, the Helm chart is configured to install Consul clients that will join an existing cluster. It includes the following parameters:
Next, `client.exposeGossipPorts` can be set to `true` or `false` depending on if
you want the clients to be exposed on the Kubernetes internal node IPs (`true`) or
their pod IPs (`false`).
* The `global.enabled` parameter is set to `false`. This configuration disables all chart components by default so that each component must opt-in. As a result, only client agents will be set up when the configuraiton is applied.
Finally, `client.join` is set to an array of valid
<<<<<<< HEAD
[`-retry-join` values](/docs/agent/options#retry-join). In the
example above, a fake [cloud auto-join](/docs/install/cloud-auto-join)
=======
[`-retry-join` values](/docs/agent/config/cli-flags#retry-join). In the
example above, a fake [cloud auto-join](/docs/agent/cloud-auto-join)
>>>>>>> cd907b75cebdefe62a30986e0cdc7bd528c52159
value is specified. This should be set to resolve to the proper addresses of
your existing Consul cluster.
* The `client.enabled` parameter is set to `true`. This configuration opts the client agents into the cluster.
* The `client.exposeGossipPorts` parameter is set to `true` or `false`. Setting the parameter to `true` exposes the clients on the Kubernetes internal node IPs. Setting to `false` exposes the clients on their pod IPs.
* The `client.join` is set to an array of valid
[`-retry-join` values](/docs/agent/config/cli-flags#retry-join). The
following example includes a [cloud auto-join](/docs/agent/cloud-auto-join) value resolve to the proper addresses of the existing Consul cluster.
<CodeBlockConfig filename="config.yaml">

4
website/content/docs/security/acl/acl-rules.mdx
View File

@ -102,11 +102,7 @@ Use the `policy` keyword and one of the following access levels to set a policy
- `write`: Allows the resource to be read and modified.
- `deny`: Denies read and write access to the resource.
<<<<<<< HEAD
The special `list` access level provides access to all keys with the specified resource label in the Consul KV. The `list` access level can only be used with the `key_prefix` resource. The [`acl.enable_key_list_policy`](/docs/agent/options#acl_enable_key_list_policy) setting must be set to `true`.
=======
The special `list` access level provices access to all keys with the specified resource label in the Consul KV. The `list` access level can only be used with the `key_prefix` resource. The [`acl.enable_key_list_policy`](/docs/agent/config/config-files#acl_enable_key_list_policy) setting must be set to `true`.
>>>>>>> cd907b75cebdefe62a30986e0cdc7bd528c52159
### Matching and Prefix Values

8
website/content/docs/security/acl/acl-system.mdx
View File

@ -173,14 +173,8 @@ examples of using a service identity.
-> Added in Consul 1.8.1
<<<<<<< HEAD
An ACL node identity is an [ACL policy](/docs/security/acl/acl-system#acl-policies) template for expressing a link to a policy
suitable for use as an [Consul `agent` token](/docs/agent/options#acl_tokens_agent). They are usable
=======
An ACL node identity is an [ACL policy](/docs/acl/acl-system#acl-policies) template for expressing a link to a policy
suitable for use as an [Consul `agent` token](/docs/agent/config/config-files#acl_tokens_agent). They are usable
>>>>>>> cd907b75cebdefe62a30986e0cdc7bd528c52159
on both tokens and roles and are composed of the following elements:
suitable for use as an [Consul `agent` token](/docs/agent/config/config-files#acl_tokens_agent). They are usable on both tokens and roles and are composed of the following elements:
- **Node Name** - The name of the node to grant access to.
- **Datacenter** - The datacenter that the node resides within.

6
website/content/docs/security/security-models/core.mdx
View File

@ -235,11 +235,7 @@ environment and adapt these configurations accordingly.
- **Customize HTTP Response Headers** - Additional security headers, such as
[`X-XSS-Protection`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection), can be
<<<<<<< HEAD
[configured](/docs/agent/options#response_headers) for HTTP API responses.
=======
[configured](https://www.consul.io/docs/agent/config/config-files#response_headers) for HTTP API responses.
>>>>>>> cd907b75cebdefe62a30986e0cdc7bd528c52159
[configured](/docs/agent/config/config-files#response_headers) for HTTP API responses.
```hcl
http_config {

4
website/content/docs/upgrading/instructions/upgrade-to-1-6-x.mdx
View File

@ -20,7 +20,7 @@ Here is some documentation that may prove useful for reference during this upgra
- [ACL System in Legacy Mode](/docs/security/acl/acl-legacy) - You can find
information about legacy configuration options and differences between modes here.
- [Configuration](/docs/agent/config) - You can find more details
- [Configuration](https://www.consul.io/docs/agent/config) - You can find more details
around legacy ACL and new ACL configuration options here. Legacy ACL config options
will be listed as deprecates as of 1.4.0.
@ -51,7 +51,7 @@ Looking through these changes prior to upgrading is highly recommended.
Two very notable items are:
- 1.6.2 introduced more strict JSON decoding. Invalid JSON that was previously ignored might result in errors now (e.g., `Connect: null` in service definitions). See [[GH#6680](https://github.com/hashicorp/consul/pull/6680)].
- 1.6.3 introduced the [http_max_conns_per_client](/docs/agent/config/config-files.html#http_max_conns_per_client) limit. This defaults to 200. Prior to this, connections per client were unbounded. [[GH#7159](https://github.com/hashicorp/consul/issues/7159)]
- 1.6.3 introduced the [http_max_conns_per_client](/docs/agent/config/config-files#http_max_conns_per_client) limit. This defaults to 200. Prior to this, connections per client were unbounded. [[GH#7159](https://github.com/hashicorp/consul/issues/7159)]
## Procedure