Commit Graph

2188 Commits

Author SHA1 Message Date
Christopher Lai 09e99967ba
Link to Reverse Proxy from Load Balancer 2021-06-19 14:45:18 -07:00
trujillo-adam 5da600c753 docs: updated FAQ to accommodate new requirements prior to upgrading 2021-06-18 14:44:26 -07:00
Daniel Nephin f4c1f982d1
Merge pull request #9924 from hashicorp/dnephin/cert-expiration-metric
connect: emit a metric for the seconds until root CA expiry
2021-06-18 14:18:55 -04:00
Luke Kysow 75362012c7
Fix links to ECS module (#10430) 2021-06-18 09:38:28 -07:00
mrspanishviking 686c8a1fab
Merge pull request #10373 from hashicorp/license-faq-docs
docs: adding a faq document in preparation for Consul Enterprise 1.10.0
2021-06-18 05:30:06 -10:00
mrspanishviking 583ea94df6
Update website/content/docs/enterprise/license/overview.mdx
Merged

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-06-17 11:39:24 -10:00
mrspanishviking 2383c09c4e
Update website/content/docs/enterprise/license/faq.mdx
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2021-06-16 10:17:56 -10:00
Karl Cardenas 2dbae10e0c docs: added question pertaining to Consul Kubernetes and Helm chart 2021-06-16 10:08:28 -10:00
Ashwin Venkatesh 14b23f37c1 Update k8s license docs to account for license autoload 2021-06-16 14:59:34 -04:00
Karl Cardenas 77db629ccd docs: adding new content for review 2021-06-15 06:02:51 -10:00
Blake Covarrubias 61d9adbd17 docs: Add example of escaping tracing JSON using jq 2021-06-14 16:23:44 -07:00
Blake Covarrubias d56f609800 docs: Add note about configurable KV size in FAQ 2021-06-14 16:21:25 -07:00
Daniel Nephin e36800cefa Update metric name
and handle the case where there is no active root CA.
2021-06-14 17:01:16 -04:00
Daniel Nephin 548796ae13 connect: emit a metric for the number of seconds until root CA expiration 2021-06-14 16:57:01 -04:00
Freddy f399fd2add
Rename CatalogDestinationsOnly (#10397)
CatalogDestinationsOnly is a passthrough that would enable dialing
addresses outside of Consul's catalog. However, when this flag is set to
true only _connect_ endpoints for services can be dialed.

This flag is being renamed to signal that non-Connect endpoints can't be
dialed by transparent proxies when the value is set to true.
2021-06-14 14:15:09 -06:00
Luke Kysow 168fbbbed1
Update k8s term gateway docs to make address clear (#10389)
Previously if you were to follow these docs and register two external
services, you would set the Address field on the node. The second
registered service would change the address of the node for the first
service.

Now the docs explain the address key and how to register more than one
external service.
2021-06-14 09:15:40 -07:00
Karl Cardenas 4ae39f6ebe docs: updated content in the overview page and faq 2021-06-11 07:46:14 -10:00
mrspanishviking e96f8473ff
Apply suggestions from code review
Applying suggestions

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2021-06-11 06:55:41 -10:00
Karl Cardenas 4d749ec5a4 docs: added more questions and marking ready for review 2021-06-10 10:16:56 -10:00
Nick Wales e01ea816c2
Aligns audit log code example (#10371) 2021-06-10 11:41:53 -07:00
R.B. Boyer 7ee812b22f
docs: update envoy docs for changes related to xDS v2->v3 and SoTW->Incremental (#10166)
Fixes #10098
2021-06-10 10:59:54 -05:00
Karl Cardenas 7df16fc0c6 docs: adding an faq in preperation for Consul Enterprise 1.10.0 2021-06-09 12:08:45 -10:00
Freddy 61ae2995b7
Add flag for transparent proxies to dial individual instances (#10329) 2021-06-09 14:34:17 -06:00
Daniel Nephin 85ffcdb8db docs: move streaming docs to blocking query page 2021-06-08 14:17:53 -04:00
Daniel Nephin 0f6ad6fd5c docs: try to improve health api doc terminology 2021-06-08 13:10:32 -04:00
Daniel Nephin d4b077174c Document streaming on service health endpoint 2021-06-08 13:10:32 -04:00
Daniel Nephin 789478b542 docs: Add streaming to api features 2021-06-08 13:10:32 -04:00
Dhia Ayachi e3dd0f9a44
generate a single debug file for a long duration capture (#10279)
* debug: remove the CLI check for debug_enabled

The API allows collecting profiles even debug_enabled=false as long as
ACLs are enabled. Remove this check from the CLI so that users do not
need to set debug_enabled=true for no reason.

Also:
- fix the API client to return errors on non-200 status codes for debug
  endpoints
- improve the failure messages when pprof data can not be collected

Co-Authored-By: Dhia Ayachi <dhia@hashicorp.com>

* remove parallel test runs

parallel runs create a race condition that fail the debug tests

* snapshot the timestamp at the beginning of the capture

- timestamp used to create the capture sub folder is snapshot only at the beginning of the capture and reused for subsequent captures
- capture append to the file if it already exist

* Revert "snapshot the timestamp at the beginning of the capture"

This reverts commit c2d03346

* Refactor captureDynamic to extract capture logic for each item in a different func

* snapshot the timestamp at the beginning of the capture

- timestamp used to create the capture sub folder is snapshot only at the beginning of the capture and reused for subsequent captures
- capture append to the file if it already exist

* Revert "snapshot the timestamp at the beginning of the capture"

This reverts commit c2d03346

* Refactor captureDynamic to extract capture logic for each item in a different func

* extract wait group outside the go routine to avoid a race condition

* capture pprof in a separate go routine

* perform a single capture for pprof data for the whole duration

* add missing vendor dependency

* add a change log and fix documentation to reflect the change

* create function for timestamp dir creation and simplify error handling

* use error groups and ticker to simplify interval capture loop

* Logs, profile and traces are captured for the full duration. Metrics, Heap and Go routines are captured every interval

* refactor Logs capture routine and add log capture specific test

* improve error reporting when log test fail

* change test duration to 1s

* make time parsing in log line more robust

* refactor log time format in a const

* test on log line empty the earliest possible and return

Co-authored-by: Freddy <freddygv@users.noreply.github.com>

* rename function to captureShortLived

* more specific changelog

Co-authored-by: Paul Banks <banks@banksco.de>

* update documentation to reflect current implementation

* add test for behavior when invalid param is passed to the command

* fix argument line in test

* a more detailed description of the new behaviour

Co-authored-by: Paul Banks <banks@banksco.de>

* print success right after the capture is done

* remove an unnecessary error check

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* upgraded github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57 => v0.0.0-20210601050228-01bbb1931b22

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
Co-authored-by: Paul Banks <banks@banksco.de>
2021-06-07 13:00:51 -04:00
allisaurus f2c2809612
docs: Improve ECS routing example nesting (#10316) 2021-06-07 09:28:06 -07:00
Mark Anderson ce52d3502c
Docs for Unix Domain Sockets (#10252)
* Docs for Unix Domain Sockets

There are a number of cases where a user might wish to either 1)
expose a service through a Unix Domain Socket in the filesystem
('downstream') or 2) connect to an upstream service by a local unix
domain socket (upstream).
As of Consul (1.10-beta2) we've added new syntax and support to configure
the Envoy proxy to support this
To connect to a service via local Unix Domain Socket instead of a
port, add local_bind_socket_path and optionally local_bind_socket_mode
to the upstream config for a service:
    upstreams = [
      {
         destination_name = "service-1"
         local_bind_socket_path = "/tmp/socket_service_1"
         local_bind_socket_mode = "0700"
	 ...
      }
      ...
    ]
This will cause Envoy to create a socket with the path and mode
provided, and connect that to service-1
The mode field is optional, and if omitted will use the default mode
for Envoy. This is not applicable for abstract sockets. See
https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/address.proto#envoy-v3-api-msg-config-core-v3-pipe
for details
NOTE: These options conflict the local_bind_socket_port and
local_bind_socket_address options. We can bind to an port or we can
bind to a socket, but not both.
To expose a service listening on a Unix Domain socket to the service
mesh use either the 'socket_path' field in the service definition or the
'local_service_socket_path' field in the proxy definition. These
fields are analogous to the 'port' and 'service_port' fields in their
respective locations.
    services {
      name = "service-2"
      socket_path = "/tmp/socket_service_2"
      ...
    }
OR
    proxy {
      local_service_socket_path = "/tmp/socket_service_2"
      ...
    }
There is no mode field since the service is expected to create the
socket it is listening on, not the Envoy proxy.
Again, the socket_path and local_service_socket_path fields conflict
with address/port and local_service_address/local_service_port
configuration entries.
Set up a simple service mesh with dummy services:
socat -d UNIX-LISTEN:/tmp/downstream.sock,fork UNIX-CONNECT:/tmp/upstream.sock
socat -v tcp-l:4444,fork exec:/bin/cat
services {
  name = "sock_forwarder"
  id = "sock_forwarder.1"
  socket_path = "/tmp/downstream.sock"
  connect {
    sidecar_service {
      proxy {
	upstreams = [
	  {
	    destination_name = "echo-service"
	    local_bind_socket_path = "/tmp/upstream.sock"
	    config {
	      passive_health_check {
		interval = "10s"
		max_failures = 42
	      }
	    }
	  }
	]
      }
    }
  }
}
services {
  name = "echo-service"
  port = 4444
  connect = { sidecar_service {} }
Kind = "ingress-gateway"
Name = "ingress-service"
Listeners = [
 {
   Port = 8080
   Protocol = "tcp"
   Services = [
     {
       Name = "sock_forwarder"
     }
   ]
 }
]
consul agent -dev -enable-script-checks -config-dir=./consul.d
consul connect envoy -sidecar-for sock_forwarder.1
consul connect envoy -sidecar-for echo-service -admin-bind localhost:19001
consul config write ingress-gateway.hcl
consul connect envoy -gateway=ingress -register -service ingress-service -address '{{ GetInterfaceIP "eth0" }}:8888' -admin-bind localhost:19002
netcat 127.0.0.1 4444
netcat 127.0.0.1 8080

Signed-off-by: Mark Anderson <manderson@hashicorp.com>

* fixup Unix capitalization

Signed-off-by: Mark Anderson <manderson@hashicorp.com>

* Update website/content/docs/connect/registration/service-registration.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Provide examples in hcl and json

Signed-off-by: Mark Anderson <manderson@hashicorp.com>

* Apply suggestions from code review

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* One more fixup for docs

Signed-off-by: Mark Anderson <manderson@hashicorp.com>

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-06-04 18:54:31 -07:00
Matt Keeler 42007d4a94
Add license inspect command documentation and changelog (#10351)
Also reformatted another changelog entry.
2021-06-04 14:33:13 -04:00
Matt Keeler 65b8929acf
Follow on to PR 10336 (#10343)
There was some PR feedback that came in just after I merged that other PR. This addresses that feedback.
2021-06-03 12:29:41 -04:00
Paul Ewing e454a9aae0
usagemetrics: add cluster members to metrics API (#10340)
This PR adds cluster members to the metrics API. The number of members per
segment are reported as well as the total number of members.

Tested by running a multi-node cluster locally and ensuring the numbers were
correct. Also added unit test coverage to add the new expected gauges to
existing test cases.
2021-06-03 08:25:53 -07:00
Matt Keeler 14ffc7331d Add enterprise v1.10 specific upgrade notes. 2021-06-03 10:48:16 -04:00
Matt Keeler 620b88e29a Add licensing information to snapshot agent docs. 2021-06-03 10:48:16 -04:00
Matt Keeler 798e693d5c Add deprecation/removal notices regarding the APIs/CLI commands for licensing that are going away.
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2021-06-03 10:48:16 -04:00
Matt Keeler 0bfbb8e22c Update licensing docs for 1.10 licensing 2021-06-03 10:47:33 -04:00
Matt Keeler fe104ad99c Add licensing telemetry docs. 2021-06-03 10:47:33 -04:00
Blake Covarrubias 035b0646a3 docs: Clarify set-agent-token token persistence behavior
Clarify that tokens configured via `set-agent-token` will not be
persisted if `acl.enable_token_persistence` is `false`.
2021-05-31 16:08:43 -07:00
Blake Covarrubias 9d333309fe docs: Fix agent token name under ACL Agent Token
Reference the correct name of the agent token in the ACL Agent Token
section for the ACL System docs.
2021-05-31 10:52:15 -07:00
Stanko 8ce18e82da ui: Fix broken link format in ECS install page 2021-05-27 14:11:04 -07:00
allisaurus d09ec192d7
Add note about new ECS ARN format to ECS docs (#10304)
* docs: Add note about ECS task ARN format to ECS docs
2021-05-27 10:59:28 -07:00
Luke Kysow 99875d6d55
Consul ecs docs (#10288)
* ECS docs
2021-05-26 11:25:06 -07:00
Jono Sosulska 3d7b85718e
Update Kubernetes docs to point to install pages. (#10293)
Adds more clear indicators that the collections on the learn.hashicorp.com sites have specific instructions for single node deployments.
Co-Authored by: soonoo <qpseh2m7@gmail.com>
2021-05-25 15:36:09 -04:00
Karl Cardenas 9f7f4b35c1 docs: rename enterprise to Consul enterprise 2021-05-24 13:55:17 -07:00
Jono Sosulska a2ac011b58
Updating Consul Glossary with more industry standard terms (#10074)
* Update glossary.mdx

1. Update header to the first section to "Consul Vocabulary" since these are the terms used in the context of Consul conversations.
2. Kept the header "Consul Glossary" since these are the terms useful for practitioners in the consul space.
3. Removed interlinking to terms on the same page.

Co-authored-by: Hans Hasselberg <me@hans.io>
Co-authored-by: Swarna Podila <swarnap@users.noreply.github.com>
2021-05-24 15:44:03 -04:00
allisaurus 13fcfca31e
docs: fix Amazon EKS service name (#10280) 2021-05-21 15:58:13 -07:00
Sabeen Syed 67756e70c5
Docs: Add link for new Cisco TF module (#10268) 2021-05-21 08:48:58 -05:00
Dhia Ayachi 8d87621a8e docs: Add example ACL policy for snapshot agent
Co-Authored-By: Blake Covarrubias <blake@covarrubi.as>
2021-05-20 14:41:29 -04:00
Paul Banks 429ac52af6
Fix doc note since we switched authorization mechanism in 1.9 (#10266) 2021-05-20 16:28:38 +01:00
Dhia Ayachi e302ba3daf
docs: update register check docs (closes #6635) (#10261)
Update register check documentation clarify that Id returns as CheckId in the response

Co-Authored-By: Shaker Islam <shaqq@users.noreply.github.com>

Co-authored-by: Shaker Islam <shaqq@users.noreply.github.com>
2021-05-19 20:24:54 -04:00
Karl Cardenas 3d808181a9 Merge branch 'master' of github.com:hashicorp/consul into consul-documentation-update 2021-05-17 07:20:06 -07:00
R.B. Boyer 7c9763d027
xds: emit a labeled gauge of connected xDS streams by version (#10243)
Fixes #10099
2021-05-14 13:59:13 -05:00
Luke Kysow fb5d8c1505
Update k8s fed docs to clarify role of acl token (#10233) 2021-05-13 10:20:12 -07:00
R.B. Boyer 05b52a3d63
connect: update supported envoy versions to 1.18.3, 1.17.3, 1.16.4, and 1.15.5 (#10231) 2021-05-12 14:06:06 -05:00
mrspanishviking 1177c30f2e
docs: updated the standard upgrade process
Added a cross-reference link in the upgrade guides.  This resource https://www.consul.io/docs/upgrading/instructions/general-process including specific-version guides for breaking changes and a more detailed upgrade process, but it's not mentioned in the  https://www.consul.io/docs/upgrading#standard-upgrade overview page.
2021-05-12 08:18:06 -07:00
Daniel Nephin d34ad26b72 docs: document the current state of built-in and native 2021-05-10 16:54:11 -04:00
Joel Watson e65d5241e8 Flesh out Raft Protocol Support note 2021-05-10 11:21:05 -05:00
Kim Ngo 37582601dc
docs/nia: simplify api and cli url paths (#10199) 2021-05-06 16:26:31 -05:00
Daniel Nephin 8b0ad949c0
Merge pull request #10064 from hashicorp/docs-fix-namespace-api-descriptions
docs: fix api-docs namespace descriptions
2021-05-06 15:32:12 -04:00
Andy Assareh c7f4c6bbdf
K8s docs: Manual join: add note that kubeconfig not required (#9998)
Per Consul PM, kubeconfig is not required for manual join. I believe this should be clarified in the docs as the current wording refers to the auto join steps above which state kubeconfig is required.
2021-05-06 12:59:25 -06:00
Seth Hoenig fcbdc5cb3b docs: fix api-docs namespace descriptions
Looks like some copy/paste from ACL docs.
2021-05-06 14:58:08 -04:00
Daniel Nephin e98d3d3ecb
Update website/content/commands/config/delete.mdx
Co-authored-by: Jono Sosulska <42216911+jsosulska@users.noreply.github.com>
2021-05-06 14:04:26 -04:00
Daniel Nephin bc6266cc76 docs: remove name field from Mesh config entry
Also document the name of these config entries in the API docs, so that
users know how to query for them.

And fix the name of mesh on the index page.
2021-05-06 13:25:32 -04:00
Paul Banks d47eea3a3f
Make Raft trailing logs and snapshot timing reloadable (#10129)
* WIP reloadable raft config

* Pre-define new raft gauges

* Update go-metrics to change gauge reset behaviour

* Update raft to pull in new metric and reloadable config

* Add snapshot persistance timing and installSnapshot to our 'protected' list as they can be infrequent but are important

* Update telemetry docs

* Update config and telemetry docs

* Add note to oldestLogAge on when it is visible

* Add changelog entry

* Update website/content/docs/agent/options.mdx

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
2021-05-04 15:36:53 +01:00
Freddy 5427a1465c
Only consider virtual IPs for transparent proxies (#10162)
Initially we were loading every potential upstream address into Envoy
and then routing traffic to the logical upstream service. The downside
of this behavior is that traffic meant to go to a specific instance
would be load balanced across ALL instances.

Traffic to specific instance IPs should be forwarded to the original
destination and if it's a destination in the mesh then we should ensure
the appropriate certificates are used.

This PR makes transparent proxying a Kubernetes-only feature for now
since support for other environments requires generating virtual IPs,
and Consul does not do that at the moment.
2021-05-03 14:15:22 -06:00
Frederic Hemberger 2558197260 docs(discovery/service): Clarify multiple service definitions
Be more explicit that the definition of multiple services only works in config files,
not using the HTTP API.

Ref: https://discuss.hashicorp.com/t/register-multiple-services-via-put-request/
2021-04-30 16:46:02 -07:00
Daniel Nephin dcb5b924dc
Merge pull request #10149 from hashicorp/dnephin/config-use-streaming-backend-defualt-true
config: default UseStreamingBackend to true
2021-04-30 16:29:11 -04:00
R.B. Boyer 97e57aedfb
connect: update supported envoy versions to 1.18.2, 1.17.2, 1.16.3, and 1.15.4 (#10101)
The only thing that needed fixing up pertained to this section of the 1.18.x release notes:

> grpc_stats: the default value for stats_for_all_methods is switched from true to false, in order to avoid possible memory exhaustion due to an untrusted downstream sending a large number of unique method names. The previous default value was deprecated in version 1.14.0. This only changes the behavior when the value is not set. The previous behavior can be used by setting the value to true. This behavior change by be overridden by setting runtime feature envoy.deprecated_features.grpc_stats_filter_enable_stats_for_all_methods_by_default.

For now to maintain status-quo I'm explicitly setting `stats_for_all_methods=true` in all versions to avoid relying upon the default.

Additionally the naming of the emitted metrics for these gRPC requests changed slightly so the integration test assertions for `case-grpc` needed adjusting.
2021-04-29 15:22:03 -05:00
Luigi Tagliamonte 5a666b72c5
Improve doc: add note about address validation (#10123)
* Update website/content/docs/discovery/services.mdx with address field behavior.

Co-authored-by: Jono Sosulska <42216911+jsosulska@users.noreply.github.com>

Co-authored-by: Jono Sosulska <42216911+jsosulska@users.noreply.github.com>
2021-04-29 13:37:50 -04:00
Iryna Shustava e7dcf9acd0
Implement traffic redirection exclusion based on proxy config and user-provided values (#10134)
* Use proxy outbound port from TransparentProxyConfig if provided
* If -proxy-id is provided to the redirect-traffic command, exclude any listener ports
  from inbound traffic redirection. This includes envoy_prometheus_bind_addr,
  envoy_stats_bind_addr, and the ListenerPort from the Expose configuration.
* Allow users to provide additional inbound and outbound ports, outbound CIDRs
  and additional user IDs to be excluded from traffic redirection.
  This affects both the traffic-redirect command and the iptables SDK package.
2021-04-29 09:21:15 -07:00
Daniel Nephin 5fa077cf0d config: default UseStreamingBackend to true 2021-04-28 18:58:02 -04:00
Freddy 401f3010e0
Rename "cluster" config entry to "mesh" (#10127)
This config entry is being renamed primarily because in k8s the name
cluster could be confusing given that the config entry applies across
federated datacenters.

Additionally, this config entry will only apply to Consul as a service
mesh, so the more generic "cluster" name is not needed.
2021-04-28 16:13:29 -06:00
Daniel Nephin 318bbd3e30 health: use blocking queries for near query parameter 2021-04-27 19:03:16 -04:00
Matt Keeler 8b20491a79
Update changelog and add telemetry docs (#10107) 2021-04-23 16:05:00 -04:00
Paul Banks 5c409739c7
CLI: Allow snapshot inspect to work on internal raft snapshots directly. (#10089)
* CLI: Add support for reading internal raft snapshots to snapshot inspect

* Add snapshot inspect test for raw state files

* Add changelog entry

* Update .changelog/10089.txt
2021-04-23 16:17:08 +01:00
David Yu a2ba9ae746
docs - Adding json formatting to TProxy HCL examples (#10088)
formatting
2021-04-21 17:17:06 -06:00
Derek Strickland d11823804d
refactor get started links to new tutorial (#10066) 2021-04-20 13:17:50 -04:00
Freddy ba055db83d
Add docs for transparent proxy mode and config (#10038)
Add docs for transparent proxy mode and config

Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Jeff Escalante <jescalan@users.noreply.github.com>
2021-04-16 12:50:02 -07:00
Iryna Shustava 1758a6dc54
docs: update helm ref docs and connect docs (#10032)
All k8s connect-related docs now need to mention that we require a Kubernetes service
for all Connect services
2021-04-16 12:49:02 -07:00
Joel Watson 29a9015ba2 Update upgrade guide from 1.8.4 to 1.8.10 2021-04-15 12:03:24 -05:00
Kent 'picat' Gruber debbf4a604 Add better security warning to docs about the content-type change 2021-04-14 16:36:40 -04:00
Kent 'picat' Gruber 992bf13166 Update KV docs to note new raw response content-type header 2021-04-14 16:21:03 -04:00
ketzacoatl 001e7fb5a0
add consul-haskell to libraries-and-sdks documentation (#9982)
See also https://github.com/alphaHeavy/consul-haskell/issues/40.
2021-04-13 21:06:19 -04:00
Tara Tufano b8e7a90f77
add http2 ping health checks (#8431)
* add http2 ping checks

* fix test issue

* add h2ping check to config resources

* add new test and docs for h2ping

* fix grammatical inconsistency in H2PING documentation

* resolve rebase conflicts, add test for h2ping tls verification failure

* api documentation for h2ping

* update test config data with H2PING

* add H2PING to protocol buffers and update changelog

* fix typo in changelog entry
2021-04-09 15:12:10 -04:00
Iryna Shustava ff2e70f4ce
cli: Add new `consul connect redirect-traffic` command for applying traffic redirection rules when Transparent Proxy is enabled. (#9910)
* Add new consul connect redirect-traffic command for applying traffic redirection rules when Transparent Proxy is enabled.
* Add new iptables package for applying traffic redirection rules with iptables.
2021-04-09 11:48:10 -07:00
Zachary Shilton 5b53b5aef5
website: implement mktg 032 (#9953)
* website: migrate to new nav-data format

* website: clean up unused intro content

* website: remove deprecated sidebar_title from frontmatter

* website: add react-content to fix global style import issue
2021-04-07 15:50:38 -04:00
eddie-rowe f0144c8f68 cross-linking for audit logging 2021-04-05 09:35:04 -05:00
Mike Green 0c2ec8c13d
Docs: add enterprise upgrade link (#9934)
* add enterprise upgrade note
* Update index.mdx
2021-03-29 20:02:42 -04:00
lornasong 6dd378b603
nia/docs 0.1.0 ga (#9946)
* docs/nia: consul compatibilty

* docs/nia: remove beta callouts (#9919)

Co-authored-by: Kim Ngo <6362111+findkim@users.noreply.github.com>
2021-03-29 15:23:10 -04:00
Sabeen Syed 1c395d8508
Add link to TF module tutorial and example TF modules (#9937)
Add link to TF tutorial
Add links to print TF module and template for TF modules
2021-03-28 23:19:31 -05:00
Sabeen Syed e9a8787d19
Add Avi Network, AWS ALB and NS1 TF Registies and GitHub links (#9938)
Add Avi Network GH link
Add AWS ALB TF Registry and GH link
Add NS1 TF Registry and GH link
2021-03-27 01:52:41 -05:00
Daniel Nephin 7e03670b1c
Merge pull request #9917 from Ranjandas/docs/exec-cmd-acl
Document agent token policy requirement for rexec
2021-03-25 17:49:47 -04:00
danielehc 2ca3d85745
Cross linking Learn tutorials (#9893)
* Cross linking Learn tutorials

* Update website/content/docs/nia/index.mdx

Co-authored-by: Kim Ngo <6362111+findkim@users.noreply.github.com>

* Cross linking Learn tutorials

* Cross linking Learn tutorials

* Add links to doc

Co-authored-by: Kim Ngo <6362111+findkim@users.noreply.github.com>
2021-03-24 18:58:10 +01:00
Ranjandas 2538c28cc7 Document agent token policy requirement for rexec
The Agent token policy when using rexec should have `write` on "_rexec"
key prefix. Updated the exec command documentation to explicitly state
this requirement.
2021-03-23 15:51:56 +11:00
Jono Sosulska 91ab4948a7
Update telemetry docs (#9905)
* Fixes #2379-Improve interval explanation in the telemetry doc

* Fixes #4734-Update consul memory metrics

* Fixes #4836-Removed node.deregistration as that isn't in state.go

* Fixes #8986 partially-Trim redundant language

* Fixes #9087-Adds helpful details to telemetry on autopilot

* Fixes #9274-Addresses NaN output in autopilot
2021-03-22 18:47:41 -04:00
Kim Ngo 90ad52575f
docs/nia: Update CTS configuration example to not confuse vault provider with vault config block (#9909) 2021-03-19 16:52:32 -05:00
Iryna Shustava fcc7f280f2
docs: Update Helm reference docs (#9904) 2021-03-19 09:12:49 -07:00
Nitya Dhanushkodi 2965b858c9
Add metrics documentation (#9848) 2021-03-18 17:20:54 -07:00
woz5999 e05877e633 update docs and add changelog 2021-03-18 19:02:34 -04:00
Christoph Puhl beba9b9228
Removing unnecessary comment (#9890)
Removing unnecessary comment around CRL to avoid confusion, as discussed with @banks
2021-03-18 14:39:25 -04:00
Christopher Broglie 94b02c3954 Add support for configuring TLS ServerName for health checks
Some TLS servers require SNI, but the Golang HTTP client doesn't
include it in the ClientHello when connecting to an IP address. This
change adds a new TLSServerName field to health check definitions to
optionally set it. This fixes #9473.
2021-03-16 18:16:44 -04:00
Luke Kysow bfcd311159
docs: rename SourceAddress to SourceIP (#9878)
SourceAddress was probably renamed to SourceIP but the docs weren't
updated.
2021-03-15 14:39:33 -07:00
Christoph Puhl 54f771af6d Add namespaces to prepared query API docs
Add missing section on creating prepared query for namespaced services
2021-03-15 10:04:53 +01:00
Mike Wickett e450ab5540 fix: syntax issue 2021-03-11 17:05:21 -05:00
Preetha b3f1cafed3
Small changes to gossip related telemetry docs (#9846)
Update gossip related telemetry docs to include correct descriptions, and added missing metrics
2021-03-11 14:21:32 -06:00
Freddy 5e12fcff93
Merge pull request #9869 from DanielMabbett/patch-1
Fix typo in requirements.mdx
2021-03-11 12:49:57 -07:00
Kyle Havlovitz 237b41ac8f
Merge pull request #9672 from hashicorp/ca-force-skip-xc
connect/ca: Allow ForceWithoutCrossSigning for all providers
2021-03-11 11:49:15 -08:00
Freddy 43eeb66439
Merge pull request #9770 from hashicorp/docs/fix-terminating-gateway-config-entry
Docs: Update terminating-gateway-config-entry
2021-03-11 12:42:20 -07:00
Kyle Havlovitz 7053fcdd0c
Merge pull request #9792 from dzeban/kv-import-prefix
command/kv: Add prefix option to kv import command
2021-03-11 09:47:53 -08:00
Daniel Mabbett 1e896dc0bb
Update requirements.mdx 2021-03-11 10:08:53 +00:00
Robert Kuska 63ce35a24e
Add units and types to metrics tables (#9674)
This commits adds units and types to key metrics tables to have
consistent table views of all metrics in telemetry.mdx.

Fixes: https://github.com/hashicorp/consul/issues/9069
2021-03-10 22:36:15 -05:00
Nitya Dhanushkodi 9ff49034e7
Add flags to consul connect envoy for metrics merging. (#9768)
Allows setting -prometheus-backend-port to configure the cluster
envoy_prometheus_bind_addr points to.

Allows setting -prometheus-scrape-path to configure which path
envoy_prometheus_bind_addr exposes metrics on.

-prometheus-backend-port is used by the consul-k8s metrics merging feature, to
configure envoy_prometheus_bind_addr to point to the merged metrics
endpoint that combines Envoy and service metrics so that one set of
annotations on a Pod can scrape metrics from the service and it's Envoy
sidecar.

-prometheus-scrape-path is used to allow configurability of the path
where prometheus metrics are exposed on envoy_prometheus_bind_addr.
2021-03-04 16:15:47 -06:00
Ranjandas 0a08c942c8 Add a sample error message 2021-03-02 12:48:03 +11:00
Ranjandas e2f1fa3ccf
Update vms-and-kubernetes.mdx 2021-03-02 10:20:24 +11:00
Ranjandas 9e63706d92
Added references to node name 2021-03-02 09:44:35 +11:00
Ranjandas 3790770af6
Update cert creation instruction for Federation
The Server certificates used for Federation require the node name in the form of `<node>.server.<dc>.<domain>`. Not having this would through `bad tls certificate` error.

* Fixed cert create command
* Added note to create a wildcard cert (like the ones on Kubernetes)
* Fixed numbering
2021-03-02 09:39:46 +11:00
R.B. Boyer 503041f216
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658)
- Also add support for envoy 1.17.0
2021-02-26 16:23:15 -06:00
Daniel Nephin 4a44cfd676
Merge pull request #9188 from hashicorp/dnephin/more-streaming-tests
Add more streaming tests
2021-02-26 12:36:55 -05:00
Daniel Nephin d7ffd6c27d
Merge pull request #9759 from hashicorp/dnephin/streaming-default-rpc-enabled
streaming: default rpc.enable_streaming to true
2021-02-26 12:08:00 -05:00
Kim Ngo 6f042a2edb
nia/docs 0.1.0 beta (#9803)
nia/docs 0.1.0-beta

Co-authored-by: Kent 'picat' Gruber <kent@hashicorp.com>
Co-authored-by: Lorna Song <lorna@hashicorp.com>
Co-authored-by: John Eikenberry <jae@zhar.net>
2021-02-25 16:48:24 -06:00
Daniel Nephin 9a106428c9 docs: fix grpc metric names 2021-02-25 14:30:39 -05:00
Daniel Nephin af2431793b streaming: default rpc.enable_streaming to true
So that all servers will start the grpc server used by streaming
2021-02-25 14:06:04 -05:00
Daniel Nephin ad0c4aacb6 docs: Fix reference to dns_config.use_cache 2021-02-25 13:52:09 -05:00
Blake Covarrubias ea7f543498 docs: Fix code tag displaying on ACL binding rules
Fix indentation of code blocks on ACL binding rules page so that code
fence does not display in JSON output.
2021-02-22 15:18:08 -08:00
R.B. Boyer cdc5e99184
xds: remove deprecated usages of xDS (#9602)
Note that this does NOT upgrade to xDS v3. That will come in a future PR.

Additionally:

- Ignored staticcheck warnings about how github.com/golang/protobuf is deprecated.
- Shuffled some agent/xds imports in advance of a later xDS v3 upgrade.
- Remove support for envoy 1.13.x but don't add in 1.17.x yet. We have to wait until the xDS v3 support is added in a follow-up PR.

Fixes #8425
2021-02-22 15:00:15 -06:00
kaitlincarter-hc 49eeb12b15
fix typo and add link to Learn (#9799) 2021-02-22 08:32:07 -08:00
Daniel Nephin 4553554106
Merge pull request #9777 from hashicorp/dnephin/remove-some-deprecation
docs: remove a couple deprecations
2021-02-19 13:31:20 -05:00
Alex Dzyoba b99693b807 command/kv: Add prefix option to kv import command
Currently when data is imported via `consul kv import` it overwrites
keys under the root key. Since `consul kv export` can retrieve data for
the given prefix, i.e. part of the KV tree, importing it under root may
be not what users want.

To mirror prefix behavior from export this PR adds prefix feature to the
import command that adds prefix to all keys that are imported.
2021-02-19 14:07:25 +03:00
Ashwin Venkatesh ea23b2171c
Update helm docs for consul-helm v0.30.0 (#9779) 2021-02-17 14:08:35 -05:00
Luke Kysow 8695402022
Docs describing migrating to CRDs (#9562)
* Document how users can migrate to CRDs.
* Update documentation for federation with new `ProxyDefaults`
requirement.
* Ensure `controller.enabled: true` is set in our example configs.
* Remove `connect-service-protocol` annotation docs.
2021-02-17 14:01:52 -05:00
Daniel Nephin 500d517efa docs: remove a couple deprecations
These filters can not be reproduced with bexpr just yet.
2021-02-17 13:10:05 -05:00
Paul Banks acd850a85d
Add docs for MIME sniffing on metrics endpoint. (#9696)
* Add docs for MIME sniffing on metrics endpoint.

This was added in 1.7.2 last year but I realised we don't document it so it's kinda surprising Prometheus "just works" now.

* Update website/content/api-docs/agent/index.mdx
2021-02-17 10:39:08 +00:00
Christoph Puhl f4fe262a79
Update terminating-gateway.mdx
fix crds support reference and adding ACL clarification for linked services.
2021-02-15 14:54:40 +01:00
Eddie Rowe f8bcfd7a53 nagios vs sensu updates 2021-02-12 10:44:41 -06:00
Daniel Nephin a5a1fb2098
Merge pull request #9758 from hashicorp/dnephin/fix-streaming-bugs
http: error if near is used with streaming
2021-02-12 10:37:29 -05:00
Preetha 89c2b9c97d
Add docs section on regenerating expired CA certificates (#9709)
* Updated docs on regenerating built in CA

* review feedback

* Add sentence about expected behavior after update CA endpoint is used.
2021-02-11 15:38:12 -06:00
Daniel Nephin da62f22aff http: error if near is used with streaming 2021-02-11 14:10:38 -05:00
R.B. Boyer 194fb0d144
connect: update supported envoy point releases to 1.16.2, 1.15.3, 1.14.6, 1.13.7 (#9737) 2021-02-10 13:11:15 -06:00
Derek Strickland 8b91cae80f
Crosslink new microservices collection. (#9704) 2021-02-08 13:27:20 -05:00
David Yu 7247d9c0cb
docs: fix another broken link to upgrading k8s servers from token rotation page (#9707)
fix another broken link to upgrading k8s servers from token rotation page
2021-02-04 09:44:04 -08:00
David Yu 5c749d32f8
docs: Small change to fix broken link to k8s upgrade from k8s tls certs page (#9705)
Broken link to k8s server upgrade from tls certs page
2021-02-04 09:13:32 -08:00
Kim Ngo 44a5f9057b
docs/nia: recommend sensitive variables for module authoring (#9692) 2021-02-02 14:57:46 -06:00
Kim Ngo cf5d9c5d55
docs/nia: Update verbiage around securely configuring providers (#9684)
This reorganizes and flags where and when sensitive information may
be written in plain-text
2021-02-02 13:24:25 -06:00
Mike Morris b176611c87
website: add release notes for 1.9 (#9189)
* website: initial draft of release notes framework

* website: fixup ref to 1-9-0.mdx

* Update website/pages/docs/release-notes/1-9-0.mdx

* Update website/pages/docs/release-notes/1-9-0.mdx

* website: add draft of 1.9.0 release notes

* website: move release-notes directory from /pages to /content

* Update 1-9-0.mdx

* Update website/content/docs/release-notes/1-9-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/release-notes/1-9-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/release-notes/1-9-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/release-notes/1-9-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/release-notes/1-9-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/release-notes/1-9-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/release-notes/1-9-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/release-notes/1-9-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/release-notes/1-9-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-01-29 18:00:32 -05:00
Ashwin Venkatesh f7092a068f
Add docs for TLS Server Certificate rotation for K8S (#9636)
* Add docs for TLS Server Certificate rotation for K8s
2021-01-29 17:13:28 -05:00
Kyle Havlovitz 1dee4173c1 connect/ca: Allow ForceWithoutCrossSigning for all providers
This allows setting ForceWithoutCrossSigning when reconfiguring the CA
for any provider, in order to forcibly move to a new root in cases where
the old provider isn't reachable or able to cross-sign for whatever
reason.
2021-01-29 13:38:11 -08:00
Luke Kysow 320fcf4510
Add operations section to k8s notes (#9625)
* Add operations section to k8s notes

* Unify faq/troubleshooting
2021-01-29 11:15:40 -08:00
Kyle Havlovitz a299faec89
Merge pull request #9541 from sadedil/patch-1
Add a CLI tool for "Client Libraries & SDKs" page
2021-01-28 10:18:41 -08:00
David Yu 23a5633aea
docs: Update Compat Matrix for Consul Helm 0.29 (#9657)
* docs: Update Compat Matrix for Consul Helm 0.29

Adding 0.29

* Update compatibility.mdx
2021-01-27 14:39:03 -08:00
Luke Kysow 38d630e2e9
Document proxy-defaults config for prometheus (#9640) 2021-01-26 17:19:30 -08:00
Jeff Escalante ceb58d9f09
fix error in component name on autopilot page (#9638) 2021-01-25 20:00:28 -05:00
Chris Boulton 448212060a
connect: add local_request_timeout_ms to configure local_app http timeouts (#9554) 2021-01-25 13:50:00 -06:00
Iryna Shustava 6b432e7dde
docs: Add k8s troubleshooting docs (hostPort vs hostNetwork) (#9464) 2021-01-22 16:31:37 -08:00
Ashwin Venkatesh a341d6f0c5
Merge pull request #9612 from hashicorp/ui-ingress
Update docs with fields for ingress support for consul UI
2021-01-22 15:17:40 -05:00
Ashwin Venkatesh fbf106446d Update docs with fields for ingress support for consul UI 2021-01-22 12:19:43 -05:00
danielehc 130128cfcb
Update index.mdx (#9618) 2021-01-22 18:07:23 +01:00
Mustafa Sadedil fc51320d52
Remove tool ref from the wrong page 2021-01-21 23:04:50 +03:00
Mustafa Sadedil bdecf34663
Add new CLI tool to Community Tools Page (kvit) 2021-01-21 23:03:36 +03:00
markblackman f6f9589e21
Note to steer consumers away from unmaintained python-consul (#9544)
* Quick note to steer consumers away from unmaintained python-consul
2021-01-21 11:38:29 -08:00
Mark Lewis 3c6f0d9767
Update options.mdx (#9578)
MInor typo.
2021-01-18 15:31:39 +00:00
Luke Kysow d6aea9fe7a
Remove guides that live in learn.hashicorp.com now (#9563) 2021-01-14 08:46:55 -08:00
Chulki Lee c734444da5 Fix link markup in docs/connect/ca/vault 2021-01-13 19:20:00 -08:00
Luke Kysow 4217488e78
Move cfg entry docs to under connect from agent (#9533)
Since all config entries are currently related to service mesh it's a
much more natural place to look for them under Service Mesh than under
Agent.
2021-01-13 12:48:48 -08:00
Michael Hofer acc843f04d
cli: Add consul intention list command (based on PR #6825) (#9468)
This PR is based on the previous work by @snuggie12 in PR #6825. It adds the command consul intention list to list all available intentions. The list functionality for intentions seems a bit overdue as it's just very handy. The web UI cannot list intentions outside of the default namespace, and using the API is sometimes not the friendliest option. ;)

I cherry picked snuggie12's commits who did most of the heavy lifting (thanks again @snuggie12 for your great work!). The changes in the original commit mostly still worked on the current HEAD. On top of that I added support for namespaces and fixed the docs as they are managed differently today. Also the requested changes related to the "Connect" references in the original PRs have been addressed.

Fixes #5652

Co-authored-by: Matt Hoey <mhoey05@jcu.edu>
2021-01-12 21:14:31 +01:00
Kim Ngo 26d7927eea
docs/nia: Fix example config block to execute properly (#9547)
CTS running with default configuration will communicate over http
unless the Consul client is configured with TLS. Having the example
set the scheme to https is misleading and will result in an error:
"http: server gave HTTP response to HTTPS client"
2021-01-11 10:27:33 -06:00
Mustafa Sadedil d514c8a8ab
Add a CLI tool for "Client Libraries & SDKs" page
Hi everyone,

I'm developing an open source CLI tool for easily editing Consul KV values from your favorite text editor. I've added to Client Libraries & SDKs page on website.

Repository: https://github.com/sadedil/kvit

Kind regards,
Mustafa
2021-01-10 23:07:18 +03:00
Luke Kysow a89461cc95
Update k8s gateway docs for CRDs (#9538) 2021-01-08 14:30:41 -08:00
Nitya Dhanushkodi 9e58147c30
Document how clients not on K8s can join a DC in K8s. (#9438) 2021-01-07 16:14:07 -08:00
Luke Kysow 3ee1ba1e4b
Reword redirect docs for clarity (#9504) 2021-01-07 11:40:59 -08:00
Luke Kysow 72db0cc6d3
Document CRDs and kube namespaces (#9502)
* Document CRDs and kube namespaces
2021-01-07 11:22:06 -08:00
Luke Kysow edc947d7ff
Merge pull request #9516 from hashicorp/lkysow/config-entry-sidebar
Use full names for cfg entries in sidebar
2021-01-07 11:21:18 -08:00
Luke Kysow 936d12b1b9
Merge pull request #9416 from hashicorp/luke-component-crd
Document Kube CRDs alongside config entry docs
2021-01-07 11:20:46 -08:00
Luke Kysow 0a7d2d0ff9
Use nested tabs for gateway examples 2021-01-06 16:45:35 -08:00
Luke Kysow 8b1f88ef70
Use full names for cfg entries in sidebar 2021-01-06 11:01:01 -08:00
Joel Watson f68bf30c06 docs: add note about TMPDIR for snapshots 2021-01-06 12:56:40 -06:00
Kim Ngo 4130e195a4
Update NIA discuss link to new tag (#9500) 2021-01-05 12:06:09 -06:00
Luke Kysow 76e72de6d3
Document Kube CRDs alongside config entry docs
* Adds a new react component `ConfigEntryReference` that allows us to
document config entries for both HCL and Kubernetes CRDs.
* Rewrites config entry docs to use new component
* Add CRD examples alongside HCL examples
* Removes examples from Kube CRD doc because the examples are now in the
main CRD docs
2021-01-05 09:40:43 -08:00
Michael Montgomery a1748aa2cb Merge branch 'master' into 6074-allow-config-MaxHeaderBytes 2020-12-30 14:14:05 -06:00
Iryna Shustava b5498642d0
Update Helm reference docs (#9463) 2020-12-23 11:42:36 -08:00
David Yu 2a2f8c7394
Update with 0.28 (#9450) 2020-12-21 13:24:33 -08:00
Ashwin Venkatesh 45bfa8101d
Merge pull request #9431 from hashicorp/gen-docs2
Ensure type shown for maps in k8s docs
2020-12-18 15:07:14 -05:00
Nitya Dhanushkodi 21d3b29f93
Update helm docs for external client agents. (#9429) 2020-12-18 09:18:17 -08:00
Blake Covarrubias 8fc383c28e docs: Remove beta tag for 1.8 and 1.9 features
Remove beta tag for 1.8 and 1.9 features which are now GA.
2020-12-17 16:51:35 -08:00
Luke Kysow 41020f73bd
Ensure type shown for maps in k8s docs 2020-12-17 16:27:02 -08:00
Luke Kysow 4d6dc1fd8f
Use generated helm docs (#9324) 2020-12-17 10:47:54 -08:00
Jeff Escalante 0f1075470d
update deps, restore search 2020-12-16 16:55:27 -05:00
Jeff Escalante fe3902c906
maintenance complete, pending markdown-page component addition 2020-12-16 16:55:23 -05:00