Commit graph

10789 commits

Author SHA1 Message Date
Matt Keeler 90b9f87160
Add the v1/catalog/node-services/:node endpoint (#7115)
The backing RPC already existed but the endpoint will be useful for other service syncing processes such as consul-k8s as this endpoint can return all services registered with a node regardless of namespacing.
2020-01-24 09:27:25 -05:00
Blake Covarrubias 9d1bb9e8aa Redirect /docs/guides/outage.html to Learn
Resolves: #6953
2020-01-24 00:26:07 -08:00
Hans Hasselberg d534f7bdcb
bot: replace stalebot with hashibot (#7113) 2020-01-24 09:24:21 +01:00
Hans Hasselberg 40d28fcbae
Update CHANGELOG.md 2020-01-23 22:12:51 +01:00
Matt Keeler a46c8b6dc7
Update CHANGELOG.md 2020-01-23 15:01:01 -05:00
Chris Piraino db36928faa
Fix segfault when removing both a service and associated check (#7108)
* Fix segfault when removing both a service and associated check

updateSyncState creates entries in the services and checks maps for
remote services/checks that are not found locally, so that we can then
make sure to delete them in our reconciliation process. However, the
values added to the map are missing key fields that the rest of the code
expects to not be nil.

* Add comment stating Check field can be nil
2020-01-23 10:38:32 -06:00
R.B. Boyer b69e84b2cf update changelog 2020-01-23 10:00:26 -06:00
R.B. Boyer b8801f2136
agent: default the primary_datacenter to the datacenter if not configured (#7111)
Something similar already happens inside of the server
(agent/consul/server.go) but by doing it in the general config parsing
for the agent we can have agent-level code rely on the PrimaryDatacenter
field, too.
2020-01-23 09:59:31 -06:00
Freddy aa2925958a
Update CHANGELOG.md 2020-01-22 12:48:20 -07:00
Paul Lesiak d8e6c68ccc bug: Consul lock does not receive signals if lock not acquired (#5909) 2020-01-22 12:44:48 -07:00
Chris Piraino 61b92b92bd
Fix up formatting in sdk package (#7109) 2020-01-22 12:45:34 -06:00
Alexey Miasoedov b7b4bef33a fix Unix socket path in docs 2020-01-22 09:11:24 -08:00
David Yu 4e2cf7a562
Merge pull request #7102 from hashicorp/david-yu-patch-2
Adding links to Kubernetes install to README.md
2020-01-22 08:57:10 -08:00
David Yu 9d958c37f9
Merge pull request #7103 from hashicorp/david-yu-patch-3
Adding Service Mesh reference to README.md
2020-01-22 08:56:34 -08:00
David Yu 8b473c956f
Merge pull request #7104 from hashicorp/david-yu-patch-4
Small change to TLS connection wording
2020-01-22 08:51:34 -08:00
Song Yihan 88dc6121d8 tests: fix zombie consul process while invoking TestServer.Stop() method in sdk/testutil in Windows (#6032)
* Fix zombie consul process in Windows 

Windows doesn't support Interrupt signal, thus while stop it on Windows platform
it would fail and left zombie consul process
2020-01-22 17:34:35 +01:00
Kit Ewbank 013dfe109f docs: add Helm chart 'dns.clusterIP' value. (#5845) 2020-01-22 17:32:08 +01:00
Hans Hasselberg 5379cf7c67
raft: increase raft notify buffer. (#6863)
* Increase raft notify buffer.

Fixes https://github.com/hashicorp/consul/issues/6852.

Increasing the buffer helps recovering from leader flapping. It lowers
the chances of the flapping leader to get into a deadlock situation like
described in #6852.
2020-01-22 16:15:59 +01:00
Hans Hasselberg e00effa325
agent: setup grpc server with auto_encrypt certs and add -https-port (#7086)
* setup grpc server with TLS config used across consul.
* add -https-port flag
2020-01-22 11:32:17 +01:00
Hans Hasselberg f3a01e6a4a
connect: use correct subject key id for leaf certificates. (#7091) 2020-01-22 11:28:28 +01:00
Iryna Shustava 2163f79170
Add docs about rolling out TLS on k8s (#7096)
* Add docs about gradually rolling out TLS on k8s

Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2020-01-21 19:29:55 -08:00
David Yu 54c46ec678
Small change to wording
Removing automatic connection wording for applications for the time being. From @blake 
> They can automatically establish TLS connections without being aware that TLS is happening. They are aware that they’re routed through the Connect proxy, the app has to configure itself to use the local upstream port.
2020-01-21 16:27:43 -08:00
David Yu 8291cc8133
Small change 2020-01-21 16:22:22 -08:00
David Yu 5c8e7eb7ea
Adding change to mention a few guides
Previously mentioned just one one guide in the header
2020-01-21 15:46:04 -08:00
David Yu 62a84697a1
Adding Service Mesh reference
Adding Service Mesh reference for Consul
2020-01-21 15:07:54 -08:00
David Yu 060a932a1b
Adding links to Kubernetes install
Adding links to Kubernetes deployment guide and minikube install for visibility
2020-01-21 14:55:21 -08:00
R.B. Boyer ce7ab8abc1
make TestCatalogNodes_Blocking less flaky (#7074)
- Explicitly wait to start the test until the initial AE sync of the node.

- Run the blocking query in the main goroutine to cut down on possible
poor goroutine scheduling issues being to blame for delays.

- If the blocking query is woken up with no index change, rerun the
query. This may happen if the CI server is loaded and time dilation is
happening.
2020-01-21 14:58:50 -06:00
R.B. Boyer 791f7baa6b
test: ensure we don't ask vault to sign a leaf that outlives its CA when acting as a secondary (#7100) 2020-01-21 14:55:21 -06:00
R.B. Boyer 6d90d873a4
fix the submodule go.mod and go.sum files (#7098) 2020-01-21 14:49:26 -06:00
R.B. Boyer 988273f2a1
test: run both the TestVaultProvider and TestVaultCAProvider tests in CI (#7097) 2020-01-21 12:01:35 -06:00
Hans Hasselberg d52a4e3b82
tests: fix autopilot test (#7092) 2020-01-21 14:09:51 +01:00
Paul Banks 1e88978aae
Fix TestAPI_DiscoveryChain_Get flake (#7082) 2020-01-20 14:56:56 +00:00
Aestek 8c799447cf agent: remove service sidecars in Agent.cleanupRegistration (#7022)
Sidecar proxies were left behind when cleaning up after an unsuccessful
registration. There are now also removed when the service is cleanup up.
2020-01-20 14:01:40 +01:00
Hans Hasselberg 43392d5db3
raft: update raft to v1.1.2 (#7079)
* update raft
* use hclogger for raft.
2020-01-20 13:58:02 +01:00
Luke Kysow e2ea3c5965
Merge pull request #6970 from hashicorp/k8s-docs-refactor
Kubernetes docs reorganization
2020-01-18 19:08:26 -06:00
Luke Kysow 520d37fcd5
Reorg kube docs 2020-01-18 19:07:53 -06:00
Hans Hasselberg 315ba7d6ad
connect: check if intermediate cert needs to be renewed. (#6835)
Currently when using the built-in CA provider for Connect, root certificates are valid for 10 years, however secondary DCs get intermediates that are valid for only 1 year. There is no mechanism currently short of rotating the root in the primary that will cause the secondary DCs to renew their intermediates.
This PR adds a check that renews the cert if it is half way through its validity period.

In order to be able to test these changes, a new configuration option was added: IntermediateCertTTL which is set extremely low in the tests.
2020-01-17 23:27:13 +01:00
Hans Hasselberg b6c83e06d5
auto_encrypt: set dns and ip san for k8s and provide configuration (#6944)
* Add CreateCSRWithSAN
* Use CreateCSRWithSAN in auto_encrypt and cache
* Copy DNSNames and IPAddresses to cert
* Verify auto_encrypt.sign returns cert with SAN
* provide configuration options for auto_encrypt dnssan and ipsan
* rename CreateCSRWithSAN to CreateCSR
2020-01-17 23:25:26 +01:00
Kit Patella 3de3259833
.gitignore: cut IDE-specific entries, cleanup (#7083)
* .gitignore: add vscode and MacOS-specific files. add a little org

* .gitignore: remove IDE-specific ignores, add docs
2020-01-17 11:06:33 -08:00
Matt Keeler ff31b9c248
Update CHANGELOG.md 2020-01-17 09:55:59 -05:00
Aestek 9329cbac0a Add support for dual stack IPv4/IPv6 network (#6640)
* Use consts for well known tagged adress keys

* Add ipv4 and ipv6 tagged addresses for node lan and wan

* Add ipv4 and ipv6 tagged addresses for service lan and wan

* Use IPv4 and IPv6 address in DNS
2020-01-17 09:54:17 -05:00
Aestek c35af89dfd agent: do not deregister service checks twice (#6168)
Deregistering a service from the catalog automatically deregisters its
checks, however the agent still performs a deregister call for each
service checks even after the service has been deregistered.
With ACLs enabled this results in logs like:
"message:consul: "Catalog.Deregister" RPC failed to server
server_ip:8300: rpc error making call: rpc error making call: Unknown
check 'check_id'"
This change removes associated checks from the agent state when
deregistering a service, which results in less calls to the servers and
supresses the error logs.
2020-01-17 14:26:53 +01:00
Matej Urbas d877e091d6 agent: configurable MaxQueryTime and DefaultQueryTime. (#3777) 2020-01-17 14:20:57 +01:00
neillyt 5f5085aa75 Fix Namespace Typo (#7030) 2020-01-16 20:34:04 -07:00
Matt Keeler a1655062da
Update CHANGELOG.md 2020-01-15 11:58:19 -05:00
John Cowen 248ee65f72
docs: Add note about using valid DNS labels for service names (#7035)
Add note about using valid DNS labels for service names
2020-01-15 15:36:17 +00:00
Kit Patella 79fef74772
Small improvements to Connect docs (#6910)
* docs/connect add link to intentions and minor phrasing change

* docs/connect pluralize 'applications'

* Update website/source/docs/connect/connect-internals.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>
2020-01-14 14:59:27 -08:00
Freddy de49668707
Update CHANGELOG.md 2020-01-14 15:44:03 -07:00
Freddy f3ba6a9166
Update force-leave ACL requirement to operator:write (#7033) 2020-01-14 15:40:34 -07:00
Matt Keeler c8294b8595
AuthMethod updates to support alternate namespace logins (#7029) 2020-01-14 10:09:29 -05:00