Commit graph

59 commits

Author SHA1 Message Date
Derek Menteer 0c07a36408
Prevent serving TLS via ports.grpc (#15339)
Prevent serving TLS via ports.grpc

We remove the ability to run the ports.grpc in TLS mode to avoid
confusion and to simplify configuration. This breaking change
ensures that any user currently using ports.grpc in an encrypted
mode will receive an error message indicating that ports.grpc_tls
must be explicitly used.

The suggested action for these users is to simply swap their ports.grpc
to ports.grpc_tls in the configuration file. If both ports are defined,
or if the user has not configured TLS for grpc, then the error message
will not be printed.
2022-11-11 14:29:22 -06:00
malizz b823d79fcf
update config defaults, add docs (#15302)
* update config defaults, add docs

* update grpc tls port for non-default values

* add changelog

* Update website/content/docs/upgrading/upgrade-specific.mdx

Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>

* Update website/content/docs/agent/config/config-files.mdx

Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>

* update logic for setting grpc tls port value

* move default config to default.go, update changelog

* update docs

* Fix config tests.

* Fix linter error.

* Fix ConnectCA tests.

* Cleanup markdown on upgrade notes.

Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
2022-11-09 09:29:55 -08:00
Jared Kirschner e8b9c0a513 docs: fix api docs anchor links 2022-10-18 12:53:53 -07:00
Chris S. Kim e4c20ec190
Refactor client RPC timeouts (#14965)
Fix an issue where rpc_hold_timeout was being used as the timeout for non-blocking queries. Users should be able to tune read timeouts without fiddling with rpc_hold_timeout. A new configuration `rpc_read_timeout` is created.

Refactor some implementation from the original PR 11500 to remove the misleading linkage between RPCInfo's timeout (used to retry in case of certain modes of failures) and the client RPC timeouts.
2022-10-18 15:05:09 -04:00
Dan Upton 3b9297f95a
proxycfg: rate-limit delivery of config snapshots (#14960)
Adds a user-configurable rate limiter to proxycfg snapshot delivery,
with a default limit of 250 updates per second.

This addresses a problem observed in our load testing of Consul
Dataplane where updating a "global" resource such as a wildcard
intention or the proxy-defaults config entry could starve the Raft or
Memberlist goroutines of CPU time, causing general cluster instability.
2022-10-14 15:52:00 +01:00
Stuart 5eb5fe41c1
Fixed broken links referring to tutorials running as local agent (#14954) 2022-10-11 13:01:29 -07:00
Luke Kysow b5e3bfdc05
Make defaulting behaviour of connect.enabled clear (#14768) 2022-09-27 13:04:59 -07:00
Jared Kirschner 98f95b94f1 docs: address review feedback 2022-09-20 14:43:17 -07:00
Jared Kirschner 60779a4eb4 docs: all enterprise locality labels now optional 2022-09-19 15:00:22 -07:00
boruszak 3fdb3e894d Spacing and title fixes 2022-09-16 10:28:32 -05:00
boruszak 94c4ff07a8 Merge 'main' into docs/search-metadata-headers 2022-09-15 15:34:36 -05:00
Jeff Boruszak a0b56f0612
Apply suggestions from code review
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-09-15 12:10:20 -05:00
Bryce Kalow 8d416f74ba
website: content updates for developer (#14419)
Co-authored-by: Ashlee Boyer <ashlee.boyer@hashicorp.com>
Co-authored-by: Ashlee M Boyer <43934258+ashleemboyer@users.noreply.github.com>
Co-authored-by: Tu Nguyen <im2nguyen@gmail.com>
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
Co-authored-by: HashiBot <62622282+hashibot-web@users.noreply.github.com>
Co-authored-by: Kevin Wang <kwangsan@gmail.com>
2022-09-14 17:45:42 -05:00
Derek Menteer 2fb66d0cc9
Improve grpc_tls wording in docs. (#14608)
Improve grpc_tls wording in docs.

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2022-09-14 15:25:39 -05:00
boruszak c89922499c /docs/agent/config 2022-09-13 14:41:42 -05:00
Derek Menteer 8efe862b76 Merge branch 'main' of github.com:hashicorp/consul into derekm/split-grpc-ports 2022-09-08 14:53:08 -05:00
Krastin Krastev e2a6c2e932
docs: licensing improvements (#14488)
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2022-09-06 18:39:07 -07:00
Tu Nguyen 2ed84e5f89 revert links to learn 2022-09-06 08:35:01 -07:00
Derek Menteer 1233680362 Add documentation and changelog entry. 2022-08-29 13:43:49 -05:00
Tu Nguyen cb3cdfc8cc fix merge conflicts 2022-08-28 19:33:37 -07:00
Tu Nguyen e11f567c60 Update Learn links in prep for devdot 2022-08-25 22:49:29 -07:00
Pablo Ruiz García 4188769c32
Added new auto_encrypt.grpc_server_tls config option to control AutoTLS enabling of GRPC Server's TLS usage
Fix for #14253

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-08-24 12:31:38 -04:00
Jared Kirschner 92b718ad96
Merge pull request #14259 from hashicorp/docs/1-13-upgrade-considerations
docs: add 1.13 upgrade considerations
2022-08-18 18:18:33 -04:00
Jared Kirschner 18bb45db75 docs: add 1.13 upgrade considerations
Adds guidance when upgrading a Consul service mesh deployment to 1.13 and:
- using auto-encrypt or auto-config; or
- the HTTPS port is not enabled on Consul agents
2022-08-18 15:13:21 -07:00
Jared Kirschner 149f6a610d
docs: fix broken markdown 2022-08-16 23:08:09 -04:00
Luke Kysow e9960dfdf3
peering: default to false (#13963)
* defaulting to false because peering will be released as beta
* Ignore peering disabled error in bundles cachetype

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Matt Keeler <mjkeeler7@gmail.com>
2022-08-01 15:22:36 -04:00
Luke Kysow 5263980884
Re-document peering disabled (#13879)
Change wording because it does have effect on clients because it
disables peering in the UI served from that client.
2022-07-25 09:30:37 -07:00
Luke Kysow d21f793b74
peering: add config to enable/disable peering (#13867)
* peering: add config to enable/disable peering

Add config:

```
peering {
  enabled = true
}
```

Defaults to true. When disabled:
1. All peering RPC endpoints will return an error
2. Leader won't start its peering establishment goroutines
3. Leader won't start its peering deletion goroutines
2022-07-22 15:20:21 -07:00
Jared Kirschner 7a58a4df96 docs: suggest using token header, not query param 2022-07-20 15:16:27 -07:00
R.B. Boyer 61ebb38092
server: ensure peer replication can successfully use TLS over external gRPC (#13733)
Ensure that the peer stream replication rpc can successfully be used with TLS activated.

Also:

- If key material is configured for the gRPC port but HTTPS is not
  enabled now TLS will still be activated for the gRPC port.

- peerstream replication stream opened by the establishing-side will now
  ignore grpc.WithBlock so that TLS errors will bubble up instead of
  being awkwardly delayed or suppressed
2022-07-15 13:15:50 -05:00
alex 04ec093130
no 1.9 style metrics (#13532)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-06-29 09:46:37 -07:00
David Yu b724f8b3ab
docs: Use "error" to use standard log level value (#13507)
* docs: Use "error" to use standard log level value
2022-06-20 16:07:38 -07:00
Luke Kysow d8a2825361
Add type info to options (#13477) 2022-06-16 10:09:39 -07:00
Eric Haberkorn eb9c341f5e
Lambda Beta Documentation (#13426)
* Document the `enable_serverless_plugin` Agent Configuration Option (#13372)
* Initial AWS Lambda documentation (#13245)
2022-06-15 11:14:16 -04:00
Blake Covarrubias a74710fd45
docs: Remove unnecessary use of CodeBlockConfig (#12974)
Remove empty CodeBlockConfig elements. These elements are not
providing any benefit for the enclosed code blocks. This PR removes
the elements so so that the source is easier to read.
2022-05-11 15:37:02 -07:00
Blake Covarrubias 13ac34c08b
docs: Fix spelling errors across site (#12973) 2022-05-10 07:28:33 -07:00
Blake Covarrubias f315eee98f
docs: Restore agent config docs removed in PR #12562 (#12907)
* docs: Re-add config file content removed in PR #12562

Re-add agent config option content that was erroneously removed in #12562 with
commit f4c03d234.

* docs: Re-add CLI flag content removed in PR #12562

Re-add CLI flag content that was erroneously removed in #12562 with
commit c5220fd18.

* Update website/content/docs/agent/config/cli-flags.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-05-05 10:08:15 -07:00
Natalie Smith b9ec2222db docs: simplify agent docs slugs 2022-04-11 17:38:47 -07:00
Natalie Smith bea810cf62 docs: pr feedback 2022-04-11 17:38:17 -07:00
Natalie Smith a00492e622 chore: rebase updates 2022-04-11 17:38:17 -07:00
Natalie Smith cd73f27c84 docs: fix external links to agent config pages 2022-04-11 17:38:11 -07:00
Natalie Smith 9f693afcba docs: fix agent config links 2022-04-11 16:07:09 -07:00
Natalie Smith 02dc86cad1 docs: arrange agent configuration file parameters into logical groups 2022-04-11 16:06:54 -07:00
Blake Covarrubias 7a1d4f0ec5 docs: move configuration files content from agent/config/index to agent/config/agent-config-files 2022-04-11 16:06:20 -07:00
Blake Covarrubias 84123368db docs: move cli content from agent/config/index to agent/config/agent-config-cli
And add sections for logical groupings of options
2022-04-11 16:05:48 -07:00
Blake Covarrubias f7edcdc6b9 docs: move agent/options.mdx into agent/config/index.mdx and add placeholder .mdx files for cli/files
Also update nav data
2022-04-11 16:05:21 -07:00
mrspanishviking 1ae820ea0a
Revert "[Docs] Agent configuration hierarchy " 2022-03-15 16:13:58 -07:00
trujillo-adam 667976c94f fixing merge conflicts part 3 2022-03-15 15:25:03 -07:00
trujillo-adam 33d0ed5e96 fixed merge conflicts pt2 2022-03-15 14:01:24 -07:00
trujillo-adam 60a88bb40f merging new hierarchy for agent configuration 2022-03-14 15:44:41 -07:00