Commit graph

233 commits

Author SHA1 Message Date
mrspanishviking 583ea94df6
Update website/content/docs/enterprise/license/overview.mdx
Merged

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-06-17 11:39:24 -10:00
mrspanishviking 2383c09c4e
Update website/content/docs/enterprise/license/faq.mdx
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2021-06-16 10:17:56 -10:00
Karl Cardenas 2dbae10e0c docs: added question pertaining to Consul Kubernetes and Helm chart 2021-06-16 10:08:28 -10:00
Ashwin Venkatesh 14b23f37c1 Update k8s license docs to account for license autoload 2021-06-16 14:59:34 -04:00
Karl Cardenas 77db629ccd docs: adding new content for review 2021-06-15 06:02:51 -10:00
Blake Covarrubias 61d9adbd17 docs: Add example of escaping tracing JSON using jq 2021-06-14 16:23:44 -07:00
Blake Covarrubias d56f609800 docs: Add note about configurable KV size in FAQ 2021-06-14 16:21:25 -07:00
Daniel Nephin e36800cefa Update metric name
and handle the case where there is no active root CA.
2021-06-14 17:01:16 -04:00
Daniel Nephin 548796ae13 connect: emit a metric for the number of seconds until root CA expiration 2021-06-14 16:57:01 -04:00
Freddy f399fd2add
Rename CatalogDestinationsOnly (#10397)
CatalogDestinationsOnly is a passthrough that would enable dialing
addresses outside of Consul's catalog. However, when this flag is set to
true only _connect_ endpoints for services can be dialed.

This flag is being renamed to signal that non-Connect endpoints can't be
dialed by transparent proxies when the value is set to true.
2021-06-14 14:15:09 -06:00
Luke Kysow 168fbbbed1
Update k8s term gateway docs to make address clear (#10389)
Previously if you were to follow these docs and register two external
services, you would set the Address field on the node. The second
registered service would change the address of the node for the first
service.

Now the docs explain the address key and how to register more than one
external service.
2021-06-14 09:15:40 -07:00
Karl Cardenas 4ae39f6ebe docs: updated content in the overview page and faq 2021-06-11 07:46:14 -10:00
mrspanishviking e96f8473ff
Apply suggestions from code review
Applying suggestions

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2021-06-11 06:55:41 -10:00
Karl Cardenas 4d749ec5a4 docs: added more questions and marking ready for review 2021-06-10 10:16:56 -10:00
Nick Wales e01ea816c2
Aligns audit log code example (#10371) 2021-06-10 11:41:53 -07:00
R.B. Boyer 7ee812b22f
docs: update envoy docs for changes related to xDS v2->v3 and SoTW->Incremental (#10166)
Fixes #10098
2021-06-10 10:59:54 -05:00
Karl Cardenas 7df16fc0c6 docs: adding an faq in preperation for Consul Enterprise 1.10.0 2021-06-09 12:08:45 -10:00
Freddy 61ae2995b7
Add flag for transparent proxies to dial individual instances (#10329) 2021-06-09 14:34:17 -06:00
Daniel Nephin 85ffcdb8db docs: move streaming docs to blocking query page 2021-06-08 14:17:53 -04:00
Daniel Nephin 0f6ad6fd5c docs: try to improve health api doc terminology 2021-06-08 13:10:32 -04:00
Daniel Nephin d4b077174c Document streaming on service health endpoint 2021-06-08 13:10:32 -04:00
Daniel Nephin 789478b542 docs: Add streaming to api features 2021-06-08 13:10:32 -04:00
Dhia Ayachi e3dd0f9a44
generate a single debug file for a long duration capture (#10279)
* debug: remove the CLI check for debug_enabled

The API allows collecting profiles even debug_enabled=false as long as
ACLs are enabled. Remove this check from the CLI so that users do not
need to set debug_enabled=true for no reason.

Also:
- fix the API client to return errors on non-200 status codes for debug
  endpoints
- improve the failure messages when pprof data can not be collected

Co-Authored-By: Dhia Ayachi <dhia@hashicorp.com>

* remove parallel test runs

parallel runs create a race condition that fail the debug tests

* snapshot the timestamp at the beginning of the capture

- timestamp used to create the capture sub folder is snapshot only at the beginning of the capture and reused for subsequent captures
- capture append to the file if it already exist

* Revert "snapshot the timestamp at the beginning of the capture"

This reverts commit c2d03346

* Refactor captureDynamic to extract capture logic for each item in a different func

* snapshot the timestamp at the beginning of the capture

- timestamp used to create the capture sub folder is snapshot only at the beginning of the capture and reused for subsequent captures
- capture append to the file if it already exist

* Revert "snapshot the timestamp at the beginning of the capture"

This reverts commit c2d03346

* Refactor captureDynamic to extract capture logic for each item in a different func

* extract wait group outside the go routine to avoid a race condition

* capture pprof in a separate go routine

* perform a single capture for pprof data for the whole duration

* add missing vendor dependency

* add a change log and fix documentation to reflect the change

* create function for timestamp dir creation and simplify error handling

* use error groups and ticker to simplify interval capture loop

* Logs, profile and traces are captured for the full duration. Metrics, Heap and Go routines are captured every interval

* refactor Logs capture routine and add log capture specific test

* improve error reporting when log test fail

* change test duration to 1s

* make time parsing in log line more robust

* refactor log time format in a const

* test on log line empty the earliest possible and return

Co-authored-by: Freddy <freddygv@users.noreply.github.com>

* rename function to captureShortLived

* more specific changelog

Co-authored-by: Paul Banks <banks@banksco.de>

* update documentation to reflect current implementation

* add test for behavior when invalid param is passed to the command

* fix argument line in test

* a more detailed description of the new behaviour

Co-authored-by: Paul Banks <banks@banksco.de>

* print success right after the capture is done

* remove an unnecessary error check

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* upgraded github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57 => v0.0.0-20210601050228-01bbb1931b22

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
Co-authored-by: Paul Banks <banks@banksco.de>
2021-06-07 13:00:51 -04:00
allisaurus f2c2809612
docs: Improve ECS routing example nesting (#10316) 2021-06-07 09:28:06 -07:00
Mark Anderson ce52d3502c
Docs for Unix Domain Sockets (#10252)
* Docs for Unix Domain Sockets

There are a number of cases where a user might wish to either 1)
expose a service through a Unix Domain Socket in the filesystem
('downstream') or 2) connect to an upstream service by a local unix
domain socket (upstream).
As of Consul (1.10-beta2) we've added new syntax and support to configure
the Envoy proxy to support this
To connect to a service via local Unix Domain Socket instead of a
port, add local_bind_socket_path and optionally local_bind_socket_mode
to the upstream config for a service:
    upstreams = [
      {
         destination_name = "service-1"
         local_bind_socket_path = "/tmp/socket_service_1"
         local_bind_socket_mode = "0700"
	 ...
      }
      ...
    ]
This will cause Envoy to create a socket with the path and mode
provided, and connect that to service-1
The mode field is optional, and if omitted will use the default mode
for Envoy. This is not applicable for abstract sockets. See
https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/address.proto#envoy-v3-api-msg-config-core-v3-pipe
for details
NOTE: These options conflict the local_bind_socket_port and
local_bind_socket_address options. We can bind to an port or we can
bind to a socket, but not both.
To expose a service listening on a Unix Domain socket to the service
mesh use either the 'socket_path' field in the service definition or the
'local_service_socket_path' field in the proxy definition. These
fields are analogous to the 'port' and 'service_port' fields in their
respective locations.
    services {
      name = "service-2"
      socket_path = "/tmp/socket_service_2"
      ...
    }
OR
    proxy {
      local_service_socket_path = "/tmp/socket_service_2"
      ...
    }
There is no mode field since the service is expected to create the
socket it is listening on, not the Envoy proxy.
Again, the socket_path and local_service_socket_path fields conflict
with address/port and local_service_address/local_service_port
configuration entries.
Set up a simple service mesh with dummy services:
socat -d UNIX-LISTEN:/tmp/downstream.sock,fork UNIX-CONNECT:/tmp/upstream.sock
socat -v tcp-l:4444,fork exec:/bin/cat
services {
  name = "sock_forwarder"
  id = "sock_forwarder.1"
  socket_path = "/tmp/downstream.sock"
  connect {
    sidecar_service {
      proxy {
	upstreams = [
	  {
	    destination_name = "echo-service"
	    local_bind_socket_path = "/tmp/upstream.sock"
	    config {
	      passive_health_check {
		interval = "10s"
		max_failures = 42
	      }
	    }
	  }
	]
      }
    }
  }
}
services {
  name = "echo-service"
  port = 4444
  connect = { sidecar_service {} }
Kind = "ingress-gateway"
Name = "ingress-service"
Listeners = [
 {
   Port = 8080
   Protocol = "tcp"
   Services = [
     {
       Name = "sock_forwarder"
     }
   ]
 }
]
consul agent -dev -enable-script-checks -config-dir=./consul.d
consul connect envoy -sidecar-for sock_forwarder.1
consul connect envoy -sidecar-for echo-service -admin-bind localhost:19001
consul config write ingress-gateway.hcl
consul connect envoy -gateway=ingress -register -service ingress-service -address '{{ GetInterfaceIP "eth0" }}:8888' -admin-bind localhost:19002
netcat 127.0.0.1 4444
netcat 127.0.0.1 8080

Signed-off-by: Mark Anderson <manderson@hashicorp.com>

* fixup Unix capitalization

Signed-off-by: Mark Anderson <manderson@hashicorp.com>

* Update website/content/docs/connect/registration/service-registration.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Provide examples in hcl and json

Signed-off-by: Mark Anderson <manderson@hashicorp.com>

* Apply suggestions from code review

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* One more fixup for docs

Signed-off-by: Mark Anderson <manderson@hashicorp.com>

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-06-04 18:54:31 -07:00
Matt Keeler 42007d4a94
Add license inspect command documentation and changelog (#10351)
Also reformatted another changelog entry.
2021-06-04 14:33:13 -04:00
Matt Keeler 65b8929acf
Follow on to PR 10336 (#10343)
There was some PR feedback that came in just after I merged that other PR. This addresses that feedback.
2021-06-03 12:29:41 -04:00
Paul Ewing e454a9aae0
usagemetrics: add cluster members to metrics API (#10340)
This PR adds cluster members to the metrics API. The number of members per
segment are reported as well as the total number of members.

Tested by running a multi-node cluster locally and ensuring the numbers were
correct. Also added unit test coverage to add the new expected gauges to
existing test cases.
2021-06-03 08:25:53 -07:00
Matt Keeler 14ffc7331d Add enterprise v1.10 specific upgrade notes. 2021-06-03 10:48:16 -04:00
Matt Keeler 620b88e29a Add licensing information to snapshot agent docs. 2021-06-03 10:48:16 -04:00
Matt Keeler 798e693d5c Add deprecation/removal notices regarding the APIs/CLI commands for licensing that are going away.
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2021-06-03 10:48:16 -04:00
Matt Keeler 0bfbb8e22c Update licensing docs for 1.10 licensing 2021-06-03 10:47:33 -04:00
Matt Keeler fe104ad99c Add licensing telemetry docs. 2021-06-03 10:47:33 -04:00
Blake Covarrubias 035b0646a3 docs: Clarify set-agent-token token persistence behavior
Clarify that tokens configured via `set-agent-token` will not be
persisted if `acl.enable_token_persistence` is `false`.
2021-05-31 16:08:43 -07:00
Blake Covarrubias 9d333309fe docs: Fix agent token name under ACL Agent Token
Reference the correct name of the agent token in the ACL Agent Token
section for the ACL System docs.
2021-05-31 10:52:15 -07:00
Stanko 8ce18e82da ui: Fix broken link format in ECS install page 2021-05-27 14:11:04 -07:00
allisaurus d09ec192d7
Add note about new ECS ARN format to ECS docs (#10304)
* docs: Add note about ECS task ARN format to ECS docs
2021-05-27 10:59:28 -07:00
Luke Kysow 99875d6d55
Consul ecs docs (#10288)
* ECS docs
2021-05-26 11:25:06 -07:00
Jono Sosulska 3d7b85718e
Update Kubernetes docs to point to install pages. (#10293)
Adds more clear indicators that the collections on the learn.hashicorp.com sites have specific instructions for single node deployments.
Co-Authored by: soonoo <qpseh2m7@gmail.com>
2021-05-25 15:36:09 -04:00
Karl Cardenas 9f7f4b35c1 docs: rename enterprise to Consul enterprise 2021-05-24 13:55:17 -07:00
Jono Sosulska a2ac011b58
Updating Consul Glossary with more industry standard terms (#10074)
* Update glossary.mdx

1. Update header to the first section to "Consul Vocabulary" since these are the terms used in the context of Consul conversations.
2. Kept the header "Consul Glossary" since these are the terms useful for practitioners in the consul space.
3. Removed interlinking to terms on the same page.

Co-authored-by: Hans Hasselberg <me@hans.io>
Co-authored-by: Swarna Podila <swarnap@users.noreply.github.com>
2021-05-24 15:44:03 -04:00
allisaurus 13fcfca31e
docs: fix Amazon EKS service name (#10280) 2021-05-21 15:58:13 -07:00
Sabeen Syed 67756e70c5
Docs: Add link for new Cisco TF module (#10268) 2021-05-21 08:48:58 -05:00
Dhia Ayachi 8d87621a8e docs: Add example ACL policy for snapshot agent
Co-Authored-By: Blake Covarrubias <blake@covarrubi.as>
2021-05-20 14:41:29 -04:00
Paul Banks 429ac52af6
Fix doc note since we switched authorization mechanism in 1.9 (#10266) 2021-05-20 16:28:38 +01:00
Dhia Ayachi e302ba3daf
docs: update register check docs (closes #6635) (#10261)
Update register check documentation clarify that Id returns as CheckId in the response

Co-Authored-By: Shaker Islam <shaqq@users.noreply.github.com>

Co-authored-by: Shaker Islam <shaqq@users.noreply.github.com>
2021-05-19 20:24:54 -04:00
Karl Cardenas 3d808181a9 Merge branch 'master' of github.com:hashicorp/consul into consul-documentation-update 2021-05-17 07:20:06 -07:00
R.B. Boyer 7c9763d027
xds: emit a labeled gauge of connected xDS streams by version (#10243)
Fixes #10099
2021-05-14 13:59:13 -05:00
Luke Kysow fb5d8c1505
Update k8s fed docs to clarify role of acl token (#10233) 2021-05-13 10:20:12 -07:00
R.B. Boyer 05b52a3d63
connect: update supported envoy versions to 1.18.3, 1.17.3, 1.16.4, and 1.15.5 (#10231) 2021-05-12 14:06:06 -05:00
mrspanishviking 1177c30f2e
docs: updated the standard upgrade process
Added a cross-reference link in the upgrade guides.  This resource https://www.consul.io/docs/upgrading/instructions/general-process including specific-version guides for breaking changes and a more detailed upgrade process, but it's not mentioned in the  https://www.consul.io/docs/upgrading#standard-upgrade overview page.
2021-05-12 08:18:06 -07:00
Daniel Nephin d34ad26b72 docs: document the current state of built-in and native 2021-05-10 16:54:11 -04:00
Joel Watson e65d5241e8 Flesh out Raft Protocol Support note 2021-05-10 11:21:05 -05:00
Kim Ngo 37582601dc
docs/nia: simplify api and cli url paths (#10199) 2021-05-06 16:26:31 -05:00
Daniel Nephin 8b0ad949c0
Merge pull request #10064 from hashicorp/docs-fix-namespace-api-descriptions
docs: fix api-docs namespace descriptions
2021-05-06 15:32:12 -04:00
Andy Assareh c7f4c6bbdf
K8s docs: Manual join: add note that kubeconfig not required (#9998)
Per Consul PM, kubeconfig is not required for manual join. I believe this should be clarified in the docs as the current wording refers to the auto join steps above which state kubeconfig is required.
2021-05-06 12:59:25 -06:00
Seth Hoenig fcbdc5cb3b docs: fix api-docs namespace descriptions
Looks like some copy/paste from ACL docs.
2021-05-06 14:58:08 -04:00
Daniel Nephin e98d3d3ecb
Update website/content/commands/config/delete.mdx
Co-authored-by: Jono Sosulska <42216911+jsosulska@users.noreply.github.com>
2021-05-06 14:04:26 -04:00
Daniel Nephin bc6266cc76 docs: remove name field from Mesh config entry
Also document the name of these config entries in the API docs, so that
users know how to query for them.

And fix the name of mesh on the index page.
2021-05-06 13:25:32 -04:00
Paul Banks d47eea3a3f
Make Raft trailing logs and snapshot timing reloadable (#10129)
* WIP reloadable raft config

* Pre-define new raft gauges

* Update go-metrics to change gauge reset behaviour

* Update raft to pull in new metric and reloadable config

* Add snapshot persistance timing and installSnapshot to our 'protected' list as they can be infrequent but are important

* Update telemetry docs

* Update config and telemetry docs

* Add note to oldestLogAge on when it is visible

* Add changelog entry

* Update website/content/docs/agent/options.mdx

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
2021-05-04 15:36:53 +01:00
Freddy 5427a1465c
Only consider virtual IPs for transparent proxies (#10162)
Initially we were loading every potential upstream address into Envoy
and then routing traffic to the logical upstream service. The downside
of this behavior is that traffic meant to go to a specific instance
would be load balanced across ALL instances.

Traffic to specific instance IPs should be forwarded to the original
destination and if it's a destination in the mesh then we should ensure
the appropriate certificates are used.

This PR makes transparent proxying a Kubernetes-only feature for now
since support for other environments requires generating virtual IPs,
and Consul does not do that at the moment.
2021-05-03 14:15:22 -06:00
Frederic Hemberger 2558197260 docs(discovery/service): Clarify multiple service definitions
Be more explicit that the definition of multiple services only works in config files,
not using the HTTP API.

Ref: https://discuss.hashicorp.com/t/register-multiple-services-via-put-request/
2021-04-30 16:46:02 -07:00
Daniel Nephin dcb5b924dc
Merge pull request #10149 from hashicorp/dnephin/config-use-streaming-backend-defualt-true
config: default UseStreamingBackend to true
2021-04-30 16:29:11 -04:00
R.B. Boyer 97e57aedfb
connect: update supported envoy versions to 1.18.2, 1.17.2, 1.16.3, and 1.15.4 (#10101)
The only thing that needed fixing up pertained to this section of the 1.18.x release notes:

> grpc_stats: the default value for stats_for_all_methods is switched from true to false, in order to avoid possible memory exhaustion due to an untrusted downstream sending a large number of unique method names. The previous default value was deprecated in version 1.14.0. This only changes the behavior when the value is not set. The previous behavior can be used by setting the value to true. This behavior change by be overridden by setting runtime feature envoy.deprecated_features.grpc_stats_filter_enable_stats_for_all_methods_by_default.

For now to maintain status-quo I'm explicitly setting `stats_for_all_methods=true` in all versions to avoid relying upon the default.

Additionally the naming of the emitted metrics for these gRPC requests changed slightly so the integration test assertions for `case-grpc` needed adjusting.
2021-04-29 15:22:03 -05:00
Luigi Tagliamonte 5a666b72c5
Improve doc: add note about address validation (#10123)
* Update website/content/docs/discovery/services.mdx with address field behavior.

Co-authored-by: Jono Sosulska <42216911+jsosulska@users.noreply.github.com>

Co-authored-by: Jono Sosulska <42216911+jsosulska@users.noreply.github.com>
2021-04-29 13:37:50 -04:00
Iryna Shustava e7dcf9acd0
Implement traffic redirection exclusion based on proxy config and user-provided values (#10134)
* Use proxy outbound port from TransparentProxyConfig if provided
* If -proxy-id is provided to the redirect-traffic command, exclude any listener ports
  from inbound traffic redirection. This includes envoy_prometheus_bind_addr,
  envoy_stats_bind_addr, and the ListenerPort from the Expose configuration.
* Allow users to provide additional inbound and outbound ports, outbound CIDRs
  and additional user IDs to be excluded from traffic redirection.
  This affects both the traffic-redirect command and the iptables SDK package.
2021-04-29 09:21:15 -07:00
Daniel Nephin 5fa077cf0d config: default UseStreamingBackend to true 2021-04-28 18:58:02 -04:00
Freddy 401f3010e0
Rename "cluster" config entry to "mesh" (#10127)
This config entry is being renamed primarily because in k8s the name
cluster could be confusing given that the config entry applies across
federated datacenters.

Additionally, this config entry will only apply to Consul as a service
mesh, so the more generic "cluster" name is not needed.
2021-04-28 16:13:29 -06:00
Daniel Nephin 318bbd3e30 health: use blocking queries for near query parameter 2021-04-27 19:03:16 -04:00
Matt Keeler 8b20491a79
Update changelog and add telemetry docs (#10107) 2021-04-23 16:05:00 -04:00
Paul Banks 5c409739c7
CLI: Allow snapshot inspect to work on internal raft snapshots directly. (#10089)
* CLI: Add support for reading internal raft snapshots to snapshot inspect

* Add snapshot inspect test for raw state files

* Add changelog entry

* Update .changelog/10089.txt
2021-04-23 16:17:08 +01:00
David Yu a2ba9ae746
docs - Adding json formatting to TProxy HCL examples (#10088)
formatting
2021-04-21 17:17:06 -06:00
Derek Strickland d11823804d
refactor get started links to new tutorial (#10066) 2021-04-20 13:17:50 -04:00
Freddy ba055db83d
Add docs for transparent proxy mode and config (#10038)
Add docs for transparent proxy mode and config

Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Jeff Escalante <jescalan@users.noreply.github.com>
2021-04-16 12:50:02 -07:00
Iryna Shustava 1758a6dc54
docs: update helm ref docs and connect docs (#10032)
All k8s connect-related docs now need to mention that we require a Kubernetes service
for all Connect services
2021-04-16 12:49:02 -07:00
Joel Watson 29a9015ba2 Update upgrade guide from 1.8.4 to 1.8.10 2021-04-15 12:03:24 -05:00
Kent 'picat' Gruber debbf4a604 Add better security warning to docs about the content-type change 2021-04-14 16:36:40 -04:00
Kent 'picat' Gruber 992bf13166 Update KV docs to note new raw response content-type header 2021-04-14 16:21:03 -04:00
ketzacoatl 001e7fb5a0
add consul-haskell to libraries-and-sdks documentation (#9982)
See also https://github.com/alphaHeavy/consul-haskell/issues/40.
2021-04-13 21:06:19 -04:00
Tara Tufano b8e7a90f77
add http2 ping health checks (#8431)
* add http2 ping checks

* fix test issue

* add h2ping check to config resources

* add new test and docs for h2ping

* fix grammatical inconsistency in H2PING documentation

* resolve rebase conflicts, add test for h2ping tls verification failure

* api documentation for h2ping

* update test config data with H2PING

* add H2PING to protocol buffers and update changelog

* fix typo in changelog entry
2021-04-09 15:12:10 -04:00
Iryna Shustava ff2e70f4ce
cli: Add new consul connect redirect-traffic command for applying traffic redirection rules when Transparent Proxy is enabled. (#9910)
* Add new consul connect redirect-traffic command for applying traffic redirection rules when Transparent Proxy is enabled.
* Add new iptables package for applying traffic redirection rules with iptables.
2021-04-09 11:48:10 -07:00
Zachary Shilton 5b53b5aef5
website: implement mktg 032 (#9953)
* website: migrate to new nav-data format

* website: clean up unused intro content

* website: remove deprecated sidebar_title from frontmatter

* website: add react-content to fix global style import issue
2021-04-07 15:50:38 -04:00
eddie-rowe f0144c8f68 cross-linking for audit logging 2021-04-05 09:35:04 -05:00
Mike Green 0c2ec8c13d
Docs: add enterprise upgrade link (#9934)
* add enterprise upgrade note
* Update index.mdx
2021-03-29 20:02:42 -04:00
lornasong 6dd378b603
nia/docs 0.1.0 ga (#9946)
* docs/nia: consul compatibilty

* docs/nia: remove beta callouts (#9919)

Co-authored-by: Kim Ngo <6362111+findkim@users.noreply.github.com>
2021-03-29 15:23:10 -04:00
Sabeen Syed 1c395d8508
Add link to TF module tutorial and example TF modules (#9937)
Add link to TF tutorial
Add links to print TF module and template for TF modules
2021-03-28 23:19:31 -05:00
Sabeen Syed e9a8787d19
Add Avi Network, AWS ALB and NS1 TF Registies and GitHub links (#9938)
Add Avi Network GH link
Add AWS ALB TF Registry and GH link
Add NS1 TF Registry and GH link
2021-03-27 01:52:41 -05:00
Daniel Nephin 7e03670b1c
Merge pull request #9917 from Ranjandas/docs/exec-cmd-acl
Document agent token policy requirement for rexec
2021-03-25 17:49:47 -04:00
danielehc 2ca3d85745
Cross linking Learn tutorials (#9893)
* Cross linking Learn tutorials

* Update website/content/docs/nia/index.mdx

Co-authored-by: Kim Ngo <6362111+findkim@users.noreply.github.com>

* Cross linking Learn tutorials

* Cross linking Learn tutorials

* Add links to doc

Co-authored-by: Kim Ngo <6362111+findkim@users.noreply.github.com>
2021-03-24 18:58:10 +01:00
Ranjandas 2538c28cc7 Document agent token policy requirement for rexec
The Agent token policy when using rexec should have `write` on "_rexec"
key prefix. Updated the exec command documentation to explicitly state
this requirement.
2021-03-23 15:51:56 +11:00
Jono Sosulska 91ab4948a7
Update telemetry docs (#9905)
* Fixes #2379-Improve interval explanation in the telemetry doc

* Fixes #4734-Update consul memory metrics

* Fixes #4836-Removed node.deregistration as that isn't in state.go

* Fixes #8986 partially-Trim redundant language

* Fixes #9087-Adds helpful details to telemetry on autopilot

* Fixes #9274-Addresses NaN output in autopilot
2021-03-22 18:47:41 -04:00
Kim Ngo 90ad52575f
docs/nia: Update CTS configuration example to not confuse vault provider with vault config block (#9909) 2021-03-19 16:52:32 -05:00
Iryna Shustava fcc7f280f2
docs: Update Helm reference docs (#9904) 2021-03-19 09:12:49 -07:00
Nitya Dhanushkodi 2965b858c9
Add metrics documentation (#9848) 2021-03-18 17:20:54 -07:00
woz5999 e05877e633 update docs and add changelog 2021-03-18 19:02:34 -04:00
Christoph Puhl beba9b9228
Removing unnecessary comment (#9890)
Removing unnecessary comment around CRL to avoid confusion, as discussed with @banks
2021-03-18 14:39:25 -04:00
Christopher Broglie 94b02c3954 Add support for configuring TLS ServerName for health checks
Some TLS servers require SNI, but the Golang HTTP client doesn't
include it in the ClientHello when connecting to an IP address. This
change adds a new TLSServerName field to health check definitions to
optionally set it. This fixes #9473.
2021-03-16 18:16:44 -04:00
Luke Kysow bfcd311159
docs: rename SourceAddress to SourceIP (#9878)
SourceAddress was probably renamed to SourceIP but the docs weren't
updated.
2021-03-15 14:39:33 -07:00
Christoph Puhl 54f771af6d Add namespaces to prepared query API docs
Add missing section on creating prepared query for namespaced services
2021-03-15 10:04:53 +01:00
Mike Wickett e450ab5540 fix: syntax issue 2021-03-11 17:05:21 -05:00