Commit graph

74 commits

Author SHA1 Message Date
trujillo-adam 2d75b88eb3
Docs/rate limiting 1.15 (#16345)
* Added rate limit section to agent overview, updated headings per style guide

* added GTRL section and overview

* added usage docs for rate limiting 1.15

* added file for initializing rate limits

* added steps for initializing rate limits

* updated descriptions for rate_limits in agent conf

* updated rate limiter-related metrics

* tweaks to agent index

* Apply suggestions from code review

Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
Co-authored-by: Krastin Krastev <krastin@hashicorp.com>

* Apply suggestions from code review

Co-authored-by: Krastin Krastev <krastin@hashicorp.com>

* Apply suggestions from code review

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
Co-authored-by: Krastin Krastev <krastin@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-02-22 13:02:51 -08:00
Ashlee M Boyer 588bca2207
docs: Migrate link formats (#15976)
* Adding check-legacy-links-format workflow

* Adding test-link-rewrites workflow

* Updating docs-content-check-legacy-links-format hash

* Migrating links to new format

Co-authored-by: Kendall Strautman <kendallstrautman@gmail.com>
2023-01-25 08:52:43 -08:00
Jared Kirschner d96563323e
docs: clarify reloadable config option usage (#15957) 2023-01-20 18:42:30 -05:00
Paul Glass 1bf1686ebc
Add new config_file_service_registration token (#15828) 2023-01-10 10:24:02 -06:00
Tu Nguyen e3997b9533
Update links to new get started tutorials (#15154) 2023-01-04 09:58:08 -08:00
trujillo-adam 1732c60a8f
Docs/network segments tutorial docs conversion (#15829)
* added a NS folder and refactored main page into the overview page

* added NS usage page to NS folder

* updated links to NS docs

* updated nav

* addressed feedback from review
2022-12-19 15:35:05 -08:00
Paul Glass 62df6a7513
Deprecate -join and -join-wan (#15598) 2022-12-14 20:28:25 +00:00
John Murret 700c693b33
adding config for request_limits (#15531)
* server: add placeholder glue for rate limit handler

This commit adds a no-op implementation of the rate-limit handler and
adds it to the `consul.Server` struct and setup code.

This allows us to start working on the net/rpc and gRPC interceptors and
config logic.

* Add handler errors

* Set the global read and write limits

* fixing multilimiter moving packages

* Fix typo

* Simplify globalLimit usage

* add multilimiter and tests

* exporting LimitedEntity

* Apply suggestions from code review

Co-authored-by: John Murret <john.murret@hashicorp.com>

* add config update and rename config params

* add doc string and split config

* Apply suggestions from code review

Co-authored-by: Dan Upton <daniel@floppy.co>

* use timer to avoid go routine leak and change the interface

* add comments to tests

* fix failing test

* add prefix with config edge, refactor tests

* Apply suggestions from code review

Co-authored-by: Dan Upton <daniel@floppy.co>

* refactor to apply configs for limiters under a prefix

* add fuzz tests and fix bugs found. Refactor reconcile loop to have a simpler logic

* make KeyType an exported type

* split the config and limiter trees to fix race conditions in config update

* rename variables

* fix race in test and remove dead code

* fix reconcile loop to not create a timer on each loop

* add extra benchmark tests and fix tests

* fix benchmark test to pass value to func

* server: add placeholder glue for rate limit handler

This commit adds a no-op implementation of the rate-limit handler and
adds it to the `consul.Server` struct and setup code.

This allows us to start working on the net/rpc and gRPC interceptors and
config logic.

* Set the global read and write limits

* fixing multilimiter moving packages

* add server configuration for global rate limiting.

* remove agent test

* remove added stuff from handler

* remove added stuff from multilimiter

* removing unnecessary TODOs

* Removing TODO comment from handler

* adding in defaulting to infinite

* add disabled status in there

* adding in documentation for disabled mode.

* make disabled the default.

* Add mock and agent test

* addig documentation and missing mock file.

* Fixing test TestLoad_IntegrationWithFlags

* updating docs based on PR feedback.

* Updating Request Limits mode to use int based on PR feedback.

* Adding RequestLimits struct so we have a nested struct in ReloadableConfig.

* fixing linting references

* Update agent/consul/rate/handler.go

Co-authored-by: Dan Upton <daniel@floppy.co>

* Update agent/consul/config.go

Co-authored-by: Dan Upton <daniel@floppy.co>

* removing the ignore of the request limits in JSON.  addingbuilder logic to convert any read rate or write rate less than 0 to rate.Inf

* added conversion function to convert request limits object to handler config.

* Updating docs to reflect gRPC and RPC are rate limit and as a result, HTTP requests are as well.

* Updating values for TestLoad_FullConfig() so that they were different and discernable.

* Updating TestRuntimeConfig_Sanitize

* Fixing TestLoad_IntegrationWithFlags test

* putting nil check in place

* fixing rebase

* removing change for missing error checks.  will put in another PR

* Rebasing after default multilimiter config change

* resolving rebase issues

* updating reference for incomingRPCLimiter to use interface

* updating interface

* Updating interfaces

* Fixing mock reference

Co-authored-by: Daniel Upton <daniel@floppy.co>
Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2022-12-13 13:09:55 -07:00
Eric Haberkorn 5dd131fee8
Remove the connect.enable_serverless_plugin agent configuration option (#15710) 2022-12-08 14:46:42 -05:00
Paul Glass 4992733a13
docs: Fix go-sockaddr links (#15723) 2022-12-08 10:32:37 -06:00
Jared Kirschner 68f74a197c
docs: add retry_max agent config option (#15487) 2022-11-21 16:16:56 -05:00
Jared Kirschner 9224ab9b35
docs: clarify TLS cipher suite config (#15203) 2022-11-19 08:53:27 -05:00
Jared Kirschner 475f86adbd
docs: clarify -retry-max (#15477) 2022-11-18 18:51:28 -05:00
Derek Menteer ff86e305be
Include addresses.grpc_tls in upgrade docs. (#15408) 2022-11-16 14:10:29 -06:00
Kyle Havlovitz f5c5d2f5c6
auto-config: relax node name validation for JWT authorization (#15370)
* auto-config: relax node name validation for JWT authorization

This changes the JWT authorization logic to allow all non-whitespace,
non-quote characters when validating node names. Consul had previously
allowed these characters in node names, until this validation was added
to fix a security vulnerability with whitespace/quotes being passed to
the `bexpr` library. This unintentionally broke node names with
characters like `.` which aren't related to this vulnerability.

* Update website/content/docs/agent/config/cli-flags.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-11-14 18:24:40 -06:00
Derek Menteer 0c07a36408
Prevent serving TLS via ports.grpc (#15339)
Prevent serving TLS via ports.grpc

We remove the ability to run the ports.grpc in TLS mode to avoid
confusion and to simplify configuration. This breaking change
ensures that any user currently using ports.grpc in an encrypted
mode will receive an error message indicating that ports.grpc_tls
must be explicitly used.

The suggested action for these users is to simply swap their ports.grpc
to ports.grpc_tls in the configuration file. If both ports are defined,
or if the user has not configured TLS for grpc, then the error message
will not be printed.
2022-11-11 14:29:22 -06:00
malizz b823d79fcf
update config defaults, add docs (#15302)
* update config defaults, add docs

* update grpc tls port for non-default values

* add changelog

* Update website/content/docs/upgrading/upgrade-specific.mdx

Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>

* Update website/content/docs/agent/config/config-files.mdx

Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>

* update logic for setting grpc tls port value

* move default config to default.go, update changelog

* update docs

* Fix config tests.

* Fix linter error.

* Fix ConnectCA tests.

* Cleanup markdown on upgrade notes.

Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
2022-11-09 09:29:55 -08:00
Jared Kirschner e8b9c0a513 docs: fix api docs anchor links 2022-10-18 12:53:53 -07:00
Chris S. Kim e4c20ec190
Refactor client RPC timeouts (#14965)
Fix an issue where rpc_hold_timeout was being used as the timeout for non-blocking queries. Users should be able to tune read timeouts without fiddling with rpc_hold_timeout. A new configuration `rpc_read_timeout` is created.

Refactor some implementation from the original PR 11500 to remove the misleading linkage between RPCInfo's timeout (used to retry in case of certain modes of failures) and the client RPC timeouts.
2022-10-18 15:05:09 -04:00
Dan Upton 3b9297f95a
proxycfg: rate-limit delivery of config snapshots (#14960)
Adds a user-configurable rate limiter to proxycfg snapshot delivery,
with a default limit of 250 updates per second.

This addresses a problem observed in our load testing of Consul
Dataplane where updating a "global" resource such as a wildcard
intention or the proxy-defaults config entry could starve the Raft or
Memberlist goroutines of CPU time, causing general cluster instability.
2022-10-14 15:52:00 +01:00
Stuart 5eb5fe41c1
Fixed broken links referring to tutorials running as local agent (#14954) 2022-10-11 13:01:29 -07:00
Luke Kysow b5e3bfdc05
Make defaulting behaviour of connect.enabled clear (#14768) 2022-09-27 13:04:59 -07:00
Jared Kirschner 98f95b94f1 docs: address review feedback 2022-09-20 14:43:17 -07:00
Jared Kirschner 60779a4eb4 docs: all enterprise locality labels now optional 2022-09-19 15:00:22 -07:00
boruszak 3fdb3e894d Spacing and title fixes 2022-09-16 10:28:32 -05:00
boruszak 94c4ff07a8 Merge 'main' into docs/search-metadata-headers 2022-09-15 15:34:36 -05:00
Jeff Boruszak a0b56f0612
Apply suggestions from code review
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-09-15 12:10:20 -05:00
Bryce Kalow 8d416f74ba
website: content updates for developer (#14419)
Co-authored-by: Ashlee Boyer <ashlee.boyer@hashicorp.com>
Co-authored-by: Ashlee M Boyer <43934258+ashleemboyer@users.noreply.github.com>
Co-authored-by: Tu Nguyen <im2nguyen@gmail.com>
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
Co-authored-by: HashiBot <62622282+hashibot-web@users.noreply.github.com>
Co-authored-by: Kevin Wang <kwangsan@gmail.com>
2022-09-14 17:45:42 -05:00
Derek Menteer 2fb66d0cc9
Improve grpc_tls wording in docs. (#14608)
Improve grpc_tls wording in docs.

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2022-09-14 15:25:39 -05:00
boruszak c89922499c /docs/agent/config 2022-09-13 14:41:42 -05:00
Derek Menteer 8efe862b76 Merge branch 'main' of github.com:hashicorp/consul into derekm/split-grpc-ports 2022-09-08 14:53:08 -05:00
Krastin Krastev e2a6c2e932
docs: licensing improvements (#14488)
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2022-09-06 18:39:07 -07:00
Tu Nguyen 2ed84e5f89 revert links to learn 2022-09-06 08:35:01 -07:00
Derek Menteer 1233680362 Add documentation and changelog entry. 2022-08-29 13:43:49 -05:00
Tu Nguyen cb3cdfc8cc fix merge conflicts 2022-08-28 19:33:37 -07:00
Tu Nguyen e11f567c60 Update Learn links in prep for devdot 2022-08-25 22:49:29 -07:00
Pablo Ruiz García 4188769c32
Added new auto_encrypt.grpc_server_tls config option to control AutoTLS enabling of GRPC Server's TLS usage
Fix for #14253

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-08-24 12:31:38 -04:00
Jared Kirschner 92b718ad96
Merge pull request #14259 from hashicorp/docs/1-13-upgrade-considerations
docs: add 1.13 upgrade considerations
2022-08-18 18:18:33 -04:00
Jared Kirschner 18bb45db75 docs: add 1.13 upgrade considerations
Adds guidance when upgrading a Consul service mesh deployment to 1.13 and:
- using auto-encrypt or auto-config; or
- the HTTPS port is not enabled on Consul agents
2022-08-18 15:13:21 -07:00
Jared Kirschner 149f6a610d
docs: fix broken markdown 2022-08-16 23:08:09 -04:00
Luke Kysow e9960dfdf3
peering: default to false (#13963)
* defaulting to false because peering will be released as beta
* Ignore peering disabled error in bundles cachetype

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Matt Keeler <mjkeeler7@gmail.com>
2022-08-01 15:22:36 -04:00
Luke Kysow 5263980884
Re-document peering disabled (#13879)
Change wording because it does have effect on clients because it
disables peering in the UI served from that client.
2022-07-25 09:30:37 -07:00
Luke Kysow d21f793b74
peering: add config to enable/disable peering (#13867)
* peering: add config to enable/disable peering

Add config:

```
peering {
  enabled = true
}
```

Defaults to true. When disabled:
1. All peering RPC endpoints will return an error
2. Leader won't start its peering establishment goroutines
3. Leader won't start its peering deletion goroutines
2022-07-22 15:20:21 -07:00
Jared Kirschner 7a58a4df96 docs: suggest using token header, not query param 2022-07-20 15:16:27 -07:00
R.B. Boyer 61ebb38092
server: ensure peer replication can successfully use TLS over external gRPC (#13733)
Ensure that the peer stream replication rpc can successfully be used with TLS activated.

Also:

- If key material is configured for the gRPC port but HTTPS is not
  enabled now TLS will still be activated for the gRPC port.

- peerstream replication stream opened by the establishing-side will now
  ignore grpc.WithBlock so that TLS errors will bubble up instead of
  being awkwardly delayed or suppressed
2022-07-15 13:15:50 -05:00
alex 04ec093130
no 1.9 style metrics (#13532)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-06-29 09:46:37 -07:00
David Yu b724f8b3ab
docs: Use "error" to use standard log level value (#13507)
* docs: Use "error" to use standard log level value
2022-06-20 16:07:38 -07:00
Luke Kysow d8a2825361
Add type info to options (#13477) 2022-06-16 10:09:39 -07:00
Eric Haberkorn eb9c341f5e
Lambda Beta Documentation (#13426)
* Document the `enable_serverless_plugin` Agent Configuration Option (#13372)
* Initial AWS Lambda documentation (#13245)
2022-06-15 11:14:16 -04:00
Blake Covarrubias a74710fd45
docs: Remove unnecessary use of CodeBlockConfig (#12974)
Remove empty CodeBlockConfig elements. These elements are not
providing any benefit for the enclosed code blocks. This PR removes
the elements so so that the source is easier to read.
2022-05-11 15:37:02 -07:00