Commit graph

5807 commits

Author SHA1 Message Date
Jared Kirschner c088753e7b
docs: cluster peering upgrade clarification (#15935) 2023-01-06 18:30:10 -05:00
Dhia Ayachi f17bc5ed73
inject logger and create logdrop sink (#15822)
* inject logger and create logdrop sink

* init sink with an empty struct instead of nil

* wrap a logger instead of a sink and add a discard logger to avoid double logging

* fix compile errors

* fix linter errors

* Fix bug where log arguments aren't properly formatted

* Move log sink construction outside of handler

* Add prometheus definition and docs for log drop counter

Co-authored-by: Daniel Upton <daniel@floppy.co>
2023-01-06 11:33:53 -07:00
Jared Kirschner a8840e710e
docs: fix markdown heading levels (#15912) 2023-01-06 11:37:19 -05:00
Tu Nguyen 9d1f030980
Update example link for Consul K8s NGINX ingress controller (#15916) 2023-01-06 08:11:13 -08:00
lbausch 5199137a6b
docs: Fix link (#14890)
Co-authored-by: David Yu <dyu@hashicorp.com>
2023-01-06 05:21:56 +00:00
Tu Nguyen 39e6ca3bf6
Update api gateway version to latest (#15197)
* Update api gateway version to latest

* Update website/content/docs/api-gateway/install.mdx

* update to latest apigw version 0.5.1

* update consul and helm version
2023-01-04 12:44:02 -08:00
Florian Apolloner cb5389cc89
Allow Operator Generated bootstrap token (#14437)
Add support to provide an initial token via the bootstrap HTTP API, similar to hashicorp/nomad#12520
2023-01-04 20:19:33 +00:00
Tu Nguyen e3997b9533
Update links to new get started tutorials (#15154) 2023-01-04 09:58:08 -08:00
Gerard Nguyen 8a543e11be
docs: update intentions config (#15868) 2022-12-22 20:07:23 +00:00
Jeff Boruszak ddba394070
Removed technical preview callout (#15872) 2022-12-22 12:52:34 -06:00
Vladislav Sharapov a0a8a205c5
Update service-discovery.mdx (#15832)
* Update service-discovery.mdx

* Update website/content/docs/concepts/service-discovery.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2022-12-20 13:54:33 -06:00
Michael Wilkerson ebed9e048f
Enhancement: Consul Compatibility Checking (#15818)
* add functions for returning the max and min Envoy major versions
- added an UnsupportedEnvoyVersions list
- removed an unused error from TestDetermineSupportedProxyFeaturesFromString
- modified minSupportedVersion to use the function for getting the Min Envoy major version. Using just the major version without the patch is equivalent to using `.0`

* added a function for executing the envoy --version command
- added a new exec.go file to not be locked to unix system

* added envoy version check when using consul connect envoy

* added changelog entry

* added docs change
2022-12-20 09:58:19 -08:00
trujillo-adam 583ac64c27
fixed bad markdown in network segments usage (#15852) 2022-12-19 16:23:57 -08:00
trujillo-adam 1732c60a8f
Docs/network segments tutorial docs conversion (#15829)
* added a NS folder and refactored main page into the overview page

* added NS usage page to NS folder

* updated links to NS docs

* updated nav

* addressed feedback from review
2022-12-19 15:35:05 -08:00
Nitya Dhanushkodi 8386bf19bf
extensions: refactor serverless plugin to use extensions from config entry fields (#15817)
docs: update config entry docs and the Lambda manual registration docs

Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
Co-authored-by: Eric <eric@haberkorn.co>
2022-12-19 12:19:37 -08:00
Tu Nguyen 032594f5f2
Update docs to reflect vault and consul compatibility (#15826)
* update docs to reflect vault and consul compatibility

* Update website/content/docs/connect/ca/vault.mdx

Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>

* Apply suggestions from code review

* Apply suggestions from code review

Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>

Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-12-19 10:32:25 -08:00
Paul Glass 62df6a7513
Deprecate -join and -join-wan (#15598) 2022-12-14 20:28:25 +00:00
Paul Glass 237b043d91
Update compat table for ECS (#15782) 2022-12-13 16:15:30 -06:00
John Murret 700c693b33
adding config for request_limits (#15531)
* server: add placeholder glue for rate limit handler

This commit adds a no-op implementation of the rate-limit handler and
adds it to the `consul.Server` struct and setup code.

This allows us to start working on the net/rpc and gRPC interceptors and
config logic.

* Add handler errors

* Set the global read and write limits

* fixing multilimiter moving packages

* Fix typo

* Simplify globalLimit usage

* add multilimiter and tests

* exporting LimitedEntity

* Apply suggestions from code review

Co-authored-by: John Murret <john.murret@hashicorp.com>

* add config update and rename config params

* add doc string and split config

* Apply suggestions from code review

Co-authored-by: Dan Upton <daniel@floppy.co>

* use timer to avoid go routine leak and change the interface

* add comments to tests

* fix failing test

* add prefix with config edge, refactor tests

* Apply suggestions from code review

Co-authored-by: Dan Upton <daniel@floppy.co>

* refactor to apply configs for limiters under a prefix

* add fuzz tests and fix bugs found. Refactor reconcile loop to have a simpler logic

* make KeyType an exported type

* split the config and limiter trees to fix race conditions in config update

* rename variables

* fix race in test and remove dead code

* fix reconcile loop to not create a timer on each loop

* add extra benchmark tests and fix tests

* fix benchmark test to pass value to func

* server: add placeholder glue for rate limit handler

This commit adds a no-op implementation of the rate-limit handler and
adds it to the `consul.Server` struct and setup code.

This allows us to start working on the net/rpc and gRPC interceptors and
config logic.

* Set the global read and write limits

* fixing multilimiter moving packages

* add server configuration for global rate limiting.

* remove agent test

* remove added stuff from handler

* remove added stuff from multilimiter

* removing unnecessary TODOs

* Removing TODO comment from handler

* adding in defaulting to infinite

* add disabled status in there

* adding in documentation for disabled mode.

* make disabled the default.

* Add mock and agent test

* addig documentation and missing mock file.

* Fixing test TestLoad_IntegrationWithFlags

* updating docs based on PR feedback.

* Updating Request Limits mode to use int based on PR feedback.

* Adding RequestLimits struct so we have a nested struct in ReloadableConfig.

* fixing linting references

* Update agent/consul/rate/handler.go

Co-authored-by: Dan Upton <daniel@floppy.co>

* Update agent/consul/config.go

Co-authored-by: Dan Upton <daniel@floppy.co>

* removing the ignore of the request limits in JSON.  addingbuilder logic to convert any read rate or write rate less than 0 to rate.Inf

* added conversion function to convert request limits object to handler config.

* Updating docs to reflect gRPC and RPC are rate limit and as a result, HTTP requests are as well.

* Updating values for TestLoad_FullConfig() so that they were different and discernable.

* Updating TestRuntimeConfig_Sanitize

* Fixing TestLoad_IntegrationWithFlags test

* putting nil check in place

* fixing rebase

* removing change for missing error checks.  will put in another PR

* Rebasing after default multilimiter config change

* resolving rebase issues

* updating reference for incomingRPCLimiter to use interface

* updating interface

* Updating interfaces

* Fixing mock reference

Co-authored-by: Daniel Upton <daniel@floppy.co>
Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2022-12-13 13:09:55 -07:00
cskh 3e37a449c8
feat(ingress-gateway): support outlier detection of upstream service for ingress gateway (#15614)
* feat(ingress-gateway): support outlier detection of upstream service for ingress gateway

* changelog

Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com>
2022-12-13 11:51:37 -05:00
John Murret b8a9ea77f0
Fixing CLI instructions so that the installing a cluster that is embedded in the mac instructions is moved outside of the tabbed instructions. (#15736)
* Fixing CLI instructions so that the installing a cluster that is embedded in the mac instructions is moved outside of the tabbed instructions.
Co-authored-by: boruszak <jeffrey.boruszak@hashicorp.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2022-12-10 18:21:45 +00:00
Geoffrey Grosenbach 6aa98ef755
Remove mention of enterprise license form (#15752)
The license form is no longer available so this recommends contacting a support representative instead.
2022-12-09 14:02:25 -08:00
Jared Kirschner ec1562d7cf
docs: how to launch envoy when ACLs enabled (#15497) 2022-12-08 20:15:58 -05:00
Jeff Boruszak 5f91df3642
docs: Enterprise Feature Table update (#15738)
* Table update

* Old table re-added and alphabetized

* Update website/content/docs/enterprise/index.mdx

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2022-12-08 16:49:49 -06:00
Eric Haberkorn 5dd131fee8
Remove the connect.enable_serverless_plugin agent configuration option (#15710) 2022-12-08 14:46:42 -05:00
Paul Glass 4992733a13
docs: Fix go-sockaddr links (#15723) 2022-12-08 10:32:37 -06:00
trujillo-adam d8138cb568
added link to admin partitions under K8s SM (#15718) 2022-12-07 15:02:18 -08:00
David Yu 353928dde4
docs: Small docs updates, peering and K8s CNI (#15702) 2022-12-07 10:08:24 -08:00
David Yu b49c9ee850
docs: K8s CNI namespace (#15696) 2022-12-06 13:51:31 -08:00
Curt Bushko a98011ccce
Update consul-k8s docs based on the consul-k8s release/1.0.x branch (#15678) 2022-12-05 13:20:14 -08:00
David Yu f9b40bae8a
docs: Update Consul K8s CRDs (#15675) 2022-12-05 13:06:02 -08:00
Jeff Boruszak 0fa97b6d83
docs: Agentless performance clarifications (#15671)
* Requested changes
2022-12-05 12:43:15 -08:00
Evan Culver 78c0b2bde0
Fix broken link to Consul Dataplane index (#15660)
The `/index` appears to result in a 404.
2022-12-03 10:17:06 -08:00
Jared Kirschner f73f0eb17f
docs: clarify Vault CA provider permissions needed (#15478) 2022-12-03 09:17:33 -05:00
James Oulman 6321087fda
docs: fix agent catalog-services caching method (#15645)
* docs: fix agent catalog-services caching method
2022-12-02 18:42:49 +00:00
am-ak c27e246715
docs: Correct a typo in checks.mdx (#15426)
* Update checks.mdx

Correcting a typo under  `UDP + Interval`

* Update website/content/docs/discovery/checks.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-12-02 08:22:32 -08:00
skpratt 400d3fc1da
update docs for exp v2 licensing changes (#15563) 2022-12-01 11:30:29 -06:00
David Yu c5243808f6
docs: fix typos helm install (#15625)
* fix typos helm install and small compat matrix change related to host ports not required any longer
2022-11-30 12:36:40 -08:00
James Oulman 71f7f2e3dc
Add support for configuring Envoys route idle_timeout (#14340)
* Add idleTimeout

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2022-11-29 17:43:15 -05:00
Chris S. Kim ecd4307b7c
docs: Update acl-tokens.mdx (#15607) 2022-11-29 16:20:39 -05:00
Conrad Kleinespel 4b721838c1
Fix AWS IAM trusted identity entity_tags.<key> (#14727)
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-11-29 12:34:28 -08:00
David Yu bea255102e
docs: typo on cluster peering k8s (#15602) 2022-11-29 11:49:54 -08:00
David Yu 327b8ec7a8
docs: Clean up k8s cluster peering instructions (#15592) 2022-11-29 10:58:13 -08:00
cskh a070840dc7
docs: clarify envoy proxy configuration (#15562)
- Specify using the service config entry to configure
  service's envoy proxy
- add missing fields in proxy.config
2022-11-28 20:33:54 -05:00
David Yu 90ca02b70d
docs: Fix language to describe clients previously ran on each node (#15580) 2022-11-28 14:50:48 -08:00
cskh 92e71318c1
fix(peering): increase the gRPC limit to 8MB (#15503)
* fix(peering): increase the gRPC limit to 50MB

* changelog

* update gRPC limit to 8MB
2022-11-28 17:48:43 -05:00
Jeff Boruszak c537bb51f9
Load Balancer addition (#15583) 2022-11-28 16:48:01 -06:00
David Yu 7dde0d70fe
docs: Update Consul K8s Release Notes to mention updates to Cluster Peering (#15573) 2022-11-28 13:26:56 -08:00
Jeff Boruszak fb8b3d63b2
docs: Dataplane performance impact (#15566)
* New image + performance considerations

* Image related updates

* Update website/content/docs/connect/dataplane/index.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

Co-authored-by: David Yu <dyu@hashicorp.com>
2022-11-28 14:33:22 -06:00
Jared Kirschner 0d23452578
docs: add peering control plane diagrams (#15498) 2022-11-26 09:37:56 -05:00
Nitya Dhanushkodi e72dd6254a
update docs with mesh and proxydefaults config (#15526) 2022-11-24 10:02:47 -08:00
Chris Thain 650d4b45fb
Snapshot agent docs updates (#15504) 2022-11-22 06:13:13 -08:00
Tu Nguyen 245a1e471d
fix typo in cluster peering docs (#15519) 2022-11-21 13:51:40 -08:00
Jared Kirschner 68f74a197c
docs: add retry_max agent config option (#15487) 2022-11-21 16:16:56 -05:00
Jeff Boruszak de9213a10b
ServerExternalAddresses parameter clarification (#15506) 2022-11-21 11:51:09 -06:00
Dan Stough 141f6c7591
docs: revert peering API changes (#15505) 2022-11-21 12:45:51 -05:00
Derek Menteer 519a2ae563
Add -grpc-ca-file and -grpc-ca-path CLI info on upgrade notes. (#15500)
* Add -grpc-ca-file and -grpc-ca-path CLI info on upgrade notes.
2022-11-21 09:41:29 -06:00
Jared Kirschner b97acfb107
Support RFC 2782 for prepared query DNS lookups (#14465)
Format:
	_<query id or name>._tcp.query[.<datacenter>].<domain>
2022-11-20 17:21:24 -05:00
Jared Kirschner fb46ae870c
docs: remove unnecessary ent label (#15081) 2022-11-19 08:53:52 -05:00
Jared Kirschner 9224ab9b35
docs: clarify TLS cipher suite config (#15203) 2022-11-19 08:53:27 -05:00
David Yu 6e82262611
docs: formatting release notes (#15484) 2022-11-18 19:50:09 -08:00
David Yu 14aa1a30fb
docs: Core 1.14 and K8s 1.0 release notes (#15416)
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2022-11-18 18:40:54 -08:00
Jared Kirschner 475f86adbd
docs: clarify -retry-max (#15477) 2022-11-18 18:51:28 -05:00
Dan Stough 62023c7062
docs(peering): peering GA ACL updates (#15366)
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-11-18 17:39:41 -05:00
Derek Menteer 25376f5f06
Add Consul 1.14.0 known issue. (#15469)
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
2022-11-18 14:59:57 -07:00
Derek Menteer 3d82afcb01
Fix issue with connect Envoy choosing incorrect TLS settings. (#15466)
This commit fixes a situation where the API TLS configuration
incorrectly influences the GRPC port TLS configuration for XDS.
2022-11-18 14:36:20 -06:00
Jared Kirschner 64b8982261
docs: include upgrade path to 1.14 (#15463) 2022-11-18 09:56:41 -08:00
Iryna Shustava 57a2c201fa
docs: remaining agentless docs updates (#15455)
* Update servers-outside-kubernetes.mdx

* Update single-dc-multi-k8s.mdx

* update Vault data integration for snapshot agent

* update k8s health checks page

* remove all instances of controller.enabled in helm values examples

* API Gateway update

* Apply suggestions from code review

Co-authored-by: Riddhi Shah <riddhi@hashicorp.com>

* Apply suggestions from code review

* Apply suggestions from code review

* Cleaner diagram

* added change around clients to workloads

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: boruszak <jeffrey.boruszak@hashicorp.com>
Co-authored-by: Riddhi Shah <riddhi@hashicorp.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2022-11-18 11:33:02 -06:00
trujillo-adam ec112f0d3c
Update docs for the release of Consul API Gateway v0.5 (#15015)
* added usage folder to organize use case docs for CAPIgw

* Add peer field to MeshService configuration page

* Add first pass at guide for routing to peered services

* Add exception to same-datacenter restriction for referenced Consul service

* Add example HTTPRoute referencing the MeshService as backendRef

* Add example ServiceResolver

* Add note about current ServiceResolver requirement

ServiceResolver may eventually be created implicitly by the API gateway controller, but that decision is pending.

* tweaks to the usage page for routing to peered services

* tweaks to the  description in the  configuration reference

* resolved TO-DOs from previous iteration

* Remove datacenter federation from limited support matrix

* added tolerations doc

* Remove note excluding k8s 1.24 since we now support it

* Reorder sections to maintain alphabetical sort

* Add example configuration for MeshService resource

* Adjust wording + indentation of other docs

* Use consistent "example-" prefix for resource names in example code

* reframed the tolerations documentation; STILL A WIP

* add helm chart documentation

* removed tolerations from gwcconfig configuration model reference

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* update version to 0.5.0

* Update install.mdx

* added release notes for v.0.5.x

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>
2022-11-17 15:42:25 -08:00
David Yu 9d9526a108
docs: Update admin-partitions.mdx (#15428)
* Update admin-partitions.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2022-11-17 15:12:32 -08:00
Jeff Boruszak de543f1aee
docs: Consul Dataplane updates for v.1.14.0 (#15384)
* Consul Architecture update

* Consul on Kubernetes architecture

* Install Consul on Kubernetes with Helm updates

* Vault as the Secrets Backend Data Integration

* Kubernetes Service Mesh Overview

* Terminating Gateways

* Fully updated

* Join external service to k8s

* Consul on Kubernetes

* Configure metrics for Consul on Kubernetes

* Service Sync for Consul on Kubernetes

* Custom Resource Definitions for Consul on k8s

* Upgrading Consul on Kubernetes Components

* Rolling Updates to TLS

* Dataplanes diagram

* Upgrade instructions

* k8s architecture page updates

* Update website/content/docs/k8s/connect/observability/metrics.mdx

Co-authored-by: Riddhi Shah <riddhi@hashicorp.com>

* Update website/content/docs/architecture/index.mdx

* Update website/content/docs/k8s/connect/terminating-gateways.mdx

* CRDs

* updating version numbers

* Updated example config

* Image clean up

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/architecture.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Riddhi Shah <riddhi@hashicorp.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-11-17 17:04:29 -06:00
Derek Menteer 5c9bf9cd4b
Improve language on 1.14 upgrade instructions. (#15412) 2022-11-17 16:28:47 -06:00
Nitya Dhanushkodi 4fdc50b034
generate helm docs (#15443) 2022-11-17 14:26:14 -08:00
Matt Keeler 405c2dfd5f
Update licensing docs to account for virtual agents. (#15398)
* Update licensing docs to account for virtual agents.

* Update website/content/docs/enterprise/license/overview.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-11-17 13:58:07 -08:00
Paul Glass 74aae08dbc
docs: Include env vars in consul-dataplane reference (#15369)
* docs: Include env vars in consul-dataplane reference
* docs: Consul Dataplane bundles Envoy 1.24
* docs: Consul Dataplane is no longer beta
2022-11-17 15:56:41 -06:00
David Yu 58935ce7ca
docs: Consul K8s 1.0/Consul 1.14 GA Compat Matrix change (#15400)
* docs: 1.0 GA Compat Matrix change
2022-11-17 13:42:06 -08:00
Tu Nguyen 3744102232
Update guidance for vault PKI CA provider (#15422)
* Update guidance for vault PKI CA provider

* clarify workarounds if already using vault 1.11+

* Update website/content/docs/connect/ca/vault.mdx

* Update website/content/docs/k8s/connect/connect-ca-provider.mdx

* Update website/content/docs/k8s/deployment-configurations/vault/data-integration/connect-ca.mdx

* Apply suggestions from code review

Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>

* add suggestion from Matt

Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-11-17 08:51:43 -08:00
Dan Stough 9f90e80795
docs(peering): update k8s docs for GA (#15417)
* docs(peering): update k8s docs for GA

* fix code formatting and typo
2022-11-17 08:25:32 -08:00
Michael Schurter 2dea269a25
docs: add nomad incompatibility to 1.14 docs (#15397)
docs: add nomad incompatibility to 1.14 docs
2022-11-16 16:45:58 -06:00
cskh 248aef38cc
fix: clarifying error message when acquiring a lock in remote dc (#15394)
* fix: clarifying error message when acquiring a lock in remote dc

* Update website/content/commands/lock.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-11-16 15:27:37 -05:00
Derek Menteer ff86e305be
Include addresses.grpc_tls in upgrade docs. (#15408) 2022-11-16 14:10:29 -06:00
cskh 071884bca6
docs: make the h1 title consistent with the page_title (#15396) 2022-11-16 14:40:52 -05:00
Derek Menteer fdc0db7c28
Fix issue with formatting in upgrade notes. (#15395) 2022-11-16 13:38:09 -06:00
Nitya Dhanushkodi e8e018d600
update compatibility matrix (#15389) 2022-11-15 22:07:37 -08:00
cskh 5fe7604cf6
docs: minor clarifiation to mesh gateway (#15373)
* doc: minor clarifiation to mesh gateway

* update h1 title of mgw for wan fed control plan traffic
2022-11-15 11:00:58 -05:00
Kyle Havlovitz f5c5d2f5c6
auto-config: relax node name validation for JWT authorization (#15370)
* auto-config: relax node name validation for JWT authorization

This changes the JWT authorization logic to allow all non-whitespace,
non-quote characters when validating node names. Consul had previously
allowed these characters in node names, until this validation was added
to fix a security vulnerability with whitespace/quotes being passed to
the `bexpr` library. This unintentionally broke node names with
characters like `.` which aren't related to this vulnerability.

* Update website/content/docs/agent/config/cli-flags.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-11-14 18:24:40 -06:00
Nick Wales a0c4ccd1b0
Fixes broken links (#15343)
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-11-14 14:18:57 -08:00
Dhia Ayachi 219a3c5bd3
Leadership transfer cmd (#14132)
* add leadership transfer command

* add RPC call test (flaky)

* add missing import

* add changelog

* add command registration

* Apply suggestions from code review

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>

* add the possibility of providing an id to raft leadership transfer. Add few tests.

* delete old file from cherry pick

* rename changelog filename to PR #

* rename changelog and fix import

* fix failing test

* check for OperatorWrite

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>

* rename from leader-transfer to transfer-leader

* remove version check and add test for operator read

* move struct to operator.go

* first pass

* add code for leader transfer in the grpc backend and tests

* wire the http endpoint to the new grpc endpoint

* remove the RPC endpoint

* remove non needed struct

* fix naming

* add mog glue to API

* fix comment

* remove dead code

* fix linter error

* change package name for proto file

* remove error wrapping

* fix failing test

* add command registration

* add grpc service mock tests

* fix receiver to be pointer

* use defined values

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>

* reuse MockAclAuthorizer

* add documentation

* remove usage of external.TokenFromContext

* fix failing tests

* fix proto generation

* Apply suggestions from code review

Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>

* Apply suggestions from code review

* add more context in doc for the reason

* Apply suggestions from docs code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* regenerate proto

* fix linter errors

Co-authored-by: github-team-consul-core <github-team-consul-core@hashicorp.com>
Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2022-11-14 15:35:12 -05:00
Dan Stough 8a2d3c6cc6
Peering Mesh Gateway Updates for GA (#15344)
* docs(peering): remove beta references

Co-authored-by: hc-github-team-consul-core <github-team-consul-core@hashicorp.com>
Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com>
Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
2022-11-14 15:03:17 -05:00
Dan Stough 62c0390707
docs(peering): remove beta references (#15340)
* docs(peering): remove beta references
2022-11-14 14:49:50 -05:00
Derek Menteer 0c07a36408
Prevent serving TLS via ports.grpc (#15339)
Prevent serving TLS via ports.grpc

We remove the ability to run the ports.grpc in TLS mode to avoid
confusion and to simplify configuration. This breaking change
ensures that any user currently using ports.grpc in an encrypted
mode will receive an error message indicating that ports.grpc_tls
must be explicitly used.

The suggested action for these users is to simply swap their ports.grpc
to ports.grpc_tls in the configuration file. If both ports are defined,
or if the user has not configured TLS for grpc, then the error message
will not be printed.
2022-11-11 14:29:22 -06:00
Derek Menteer d4261c30c5
Add peering incompatibility warning to upgrade docs. (#15319) 2022-11-10 09:32:31 -06:00
Luke Kysow 656df780ee
Add description for anon token policy (#15311) 2022-11-09 10:26:10 -08:00
malizz b823d79fcf
update config defaults, add docs (#15302)
* update config defaults, add docs

* update grpc tls port for non-default values

* add changelog

* Update website/content/docs/upgrading/upgrade-specific.mdx

Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>

* Update website/content/docs/agent/config/config-files.mdx

Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>

* update logic for setting grpc tls port value

* move default config to default.go, update changelog

* update docs

* Fix config tests.

* Fix linter error.

* Fix ConnectCA tests.

* Cleanup markdown on upgrade notes.

Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
2022-11-09 09:29:55 -08:00
Krastin Krastev 605ab84636
docs: fix links in ent-license faq (#15242) 2022-11-09 15:56:58 +01:00
Sudharshan K S f8c099e43c
Update dns-tools-compare.mdx (#15287)
Corrected the markdown to correctly display the link
2022-11-08 16:29:22 -05:00
Derek Menteer a8eb047ee6
Bring back parameter ServerExternalAddresses in GenerateToken endpoint (#15267)
Re-add ServerExternalAddresses parameter in GenerateToken endpoint

This reverts commit 5e156772f6a7fba5324eb6804ae4e93c091229a6
and adds extra functionality to support newer peering behaviors.
2022-11-08 14:55:18 -06:00
Jeff Boruszak 0b70e227e9
docs: Admin Partition clarification for cluster peering (#15281)
* Updates

* datcenter statement

* cluster peering page addition

* typo fix

* Update website/content/docs/enterprise/admin-partitions.mdx

* Update website/content/docs/enterprise/admin-partitions.mdx

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2022-11-08 14:40:03 -06:00
David Yu ebe23574e6
docs: cluster peering docs feedback (#15268)
* docs: cluster peering docs feedback

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2022-11-04 15:01:23 -07:00
Paul Glass 8cac6c36fe
docs: Update consul-dataplane docs for post-beta (#15177)
* Update Consul Dataplane CLI reference
* Add new page for Consul Dataplane telemetry
* Add `server_type` label to agent grpc metrics
* Callout Consul Dataplane in Envoy bootstrap configuration section
* Update consul-dataplane unsupported features

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Riddhi Shah <riddhi@hashicorp.com>
2022-11-03 12:05:29 -05:00
Nathan Coleman 59b20e0748
Update required Helm chart version to match APIGW release notes (#15168) 2022-10-31 16:31:10 -04:00
Evan Culver 548cf6f7a4
connect: Add Envoy 1.24 to integration tests, remove Envoy 1.20 (#15093) 2022-10-31 10:50:45 -05:00
Nathan Coleman b370e2c3c2
Fix broken link in Consul API Gateway docs 2022-10-28 15:01:38 -04:00
Jared Kirschner 59ba53b615
Merge pull request #15141 from hashicorp/docs/upgrade-vault-ca-provider-policy-guidance
docs: update Vault CA provider policy guidance
2022-10-24 17:34:43 -04:00
Jared Kirschner ede2eb26ea docs: update Vault CA provider policy guidance 2022-10-24 14:16:51 -07:00
Jared Kirschner 4c53fdc05a
Merge pull request #15028 from hashicorp/docs/auto-cert-1-13-2
Update upgrade docs for 1.13.2.
2022-10-24 11:39:29 -04:00
Freddy 9bd0d77a10
Update website/content/docs/upgrading/upgrade-specific.mdx 2022-10-22 15:49:57 -06:00
Freddy a9fd0606e6
Update website/content/docs/upgrading/upgrade-specific.mdx
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-10-21 18:12:25 -06:00
Freddy b7890f10cf
Update website/content/docs/upgrading/upgrade-specific.mdx
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-10-21 18:12:13 -06:00
David Yu 7d3186d7c5
docs: update versions to include .x in release notes (#15104) 2022-10-21 16:20:24 -07:00
Freddy 03d0be5b40
Merge pull request #15032 from hashicorp/docs/mgw-primary-upgrade 2022-10-21 16:52:27 -06:00
Freddy d48385a589
Update website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-10-21 16:43:40 -06:00
freddygv f08e8fafa8 Clarify how addresses are propagated 2022-10-21 15:50:49 -06:00
freddygv 48a552349b Relax start version requirement 2022-10-21 15:27:39 -06:00
Freddy a706346817
Update website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-10-21 15:17:00 -06:00
Freddy 0507d57e93
Update website/content/docs/upgrading/upgrade-specific.mdx
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-10-21 15:15:35 -06:00
Freddy 19ba9c6b60
Update website/content/docs/upgrading/upgrade-specific.mdx
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-10-21 15:15:29 -06:00
Freddy 6127421eab
Update website/content/docs/upgrading/upgrade-specific.mdx
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-10-21 15:15:22 -06:00
Jared Kirschner 846788fa73
Merge pull request #14813 from hashicorp/docs/1-10-upgrade-compatibility-clarification
docs: clarify 1.10 upgrade compatibility
2022-10-21 16:57:23 -04:00
Iryna Shustava 46fe21a204
cli/sdk: Allow redirection to a different consul dns port (#15050) 2022-10-21 13:15:32 -06:00
Jared Kirschner 0616c0bff8 docs: clarify 1.10 upgrade compatibility 2022-10-21 10:04:52 -07:00
Jared Kirschner dcfaae0bf4
Merge pull request #15045 from hashicorp/docs/fix-recently-broken-links
Docs/fix recently broken links
2022-10-21 10:02:35 -04:00
Jared Kirschner 1c93065a6c docs: use standard links in ent callout 2022-10-21 06:18:05 -07:00
trujillo-adam 20f220e53b fixed broken link/typo in service mesh reg page 2022-10-20 13:00:33 -07:00
trujillo-adam f9ca940748
Merge pull request #14166 from nickwales/main
Typo fix
2022-10-20 09:24:50 -07:00
Nitya Dhanushkodi 598670e376
Remove ability to specify external addresses in GenerateToken endpoint (#14930)
* Reverts "update generate token endpoint to take external addresses (#13844)"

This reverts commit f47319b7c6b6e7c7dd720a5af927ad2d33fa536d.
2022-10-19 09:31:36 -07:00
Tu Nguyen f97c266eca
Merge pull request #15036 from hashicorp/update-ent-license-link
Update enterprise license link
2022-10-18 23:22:01 -07:00
Jared Kirschner e8b9c0a513 docs: fix api docs anchor links 2022-10-18 12:53:53 -07:00
Jared Kirschner 6fb586d96f docs: fix ent feature matrix links 2022-10-18 12:32:56 -07:00
trujillo-adam 4dd572fdd9
Merge pull request #15033 from hashicorp/docs/fix-front-matter-typo
Docs/fix front matter typo
2022-10-18 12:31:28 -07:00
Chris S. Kim e4c20ec190
Refactor client RPC timeouts (#14965)
Fix an issue where rpc_hold_timeout was being used as the timeout for non-blocking queries. Users should be able to tune read timeouts without fiddling with rpc_hold_timeout. A new configuration `rpc_read_timeout` is created.

Refactor some implementation from the original PR 11500 to remove the misleading linkage between RPCInfo's timeout (used to retry in case of certain modes of failures) and the client RPC timeouts.
2022-10-18 15:05:09 -04:00
Tu Nguyen 9f1b9d010f Update enterprise license link 2022-10-18 10:52:50 -07:00
trujillo-adam e70215dd62 clarification that Consul K8s in these instructions refers to the the CLI tool 2022-10-18 09:14:26 -07:00
freddygv 73ff2e933f Fixup links 2022-10-18 10:12:45 -06:00
freddygv 56b153e57f Add docs about upgrading primary mesh gateways
Care must be taken when replacing mesh gateways in the primary
datacenter, because if the old addresses become unreachable before the
secondary datacenters receive the new addresses then the primary
datacenter overall will become unreachable.

This commit adds docs related to this class of upgrades.
2022-10-18 10:08:43 -06:00
trujillo-adam aba377cee4 removed quotation marks around front matter and revised the introduction 2022-10-18 08:56:38 -07:00
freddygv f08acdc092 Update upgrade docs for 1.13.2.
In 1.13.2 we added a new flag called use_auto_cert to address issues
previously documented in the upgrade guide. Originally there was no way
to disable TLS for gRPC when auto-encrypt was in use, because TLS was
enabled for gRPC due to the presence of auto-encrypt certs.

As of 1.13.2, using auto-encrypt certs as the signal to enable TLS for
gRPC is opt-in only. Meaning that if anyone who had upgraded to 1.13
relied on that side-effect, they now need to explicitly configure it.
2022-10-18 09:43:32 -06:00
Iryna Shustava 22b6c39092
Support auth method with snapshot agent [ENT] (#15020)
Port of hashicorp/consul-enterprise#3303
2022-10-17 15:57:48 -06:00
David Yu 4ba1e75259
docs: formatting on backend application and delete peering CRDs (#15007)
* docs: formatting on backend application and delete peering CRDs

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-10-17 10:34:05 -07:00
Chris S. Kim 58c041eb6e
Merge pull request #13388 from deblasis/feature/health-checks_windows_service
Feature: Health checks windows service
2022-10-17 09:26:19 -04:00
Kyle Havlovitz 096ca5e4b0 Extend tcp keepalive settings to work for terminating gateways as well 2022-10-14 17:05:46 -07:00
Kyle Havlovitz f8e745315f Update docs and add tcp_keepalive_probes setting 2022-10-14 17:05:46 -07:00
David Yu 5fbb4aaac0
docs: improvements on language from cluster peering steps (#14993)
* docs: improvements on language from cluster peering steps

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-10-14 14:29:11 -07:00
Dan Upton 3b9297f95a
proxycfg: rate-limit delivery of config snapshots (#14960)
Adds a user-configurable rate limiter to proxycfg snapshot delivery,
with a default limit of 250 updates per second.

This addresses a problem observed in our load testing of Consul
Dataplane where updating a "global" resource such as a wildcard
intention or the proxy-defaults config entry could starve the Raft or
Memberlist goroutines of CPU time, causing general cluster instability.
2022-10-14 15:52:00 +01:00
Alessandro De Blasis fe9078238e
Update website/content/api-docs/agent/check.mdx 2022-10-14 12:32:55 +01:00
David Yu e1093b8576
1.14 dataplane docs beta: Bump to beta3 (#14979)
Bump to beta
2022-10-13 14:40:40 -07:00
malizz 27d0181806
increase protobuf size limit for cluster peering (#14976) 2022-10-13 13:46:51 -07:00
Paul Glass be1a4438a9
Add consul.xds.server.streamStart metric (#14957)
This adds a new consul.xds.server.streamStart metric to measure the time taken to first generate xDS resources after an xDS stream is opened.
2022-10-12 14:17:58 -05:00
Iryna Shustava 28b7dea973
cli: Add -node-name flag to redirect-traffic command (#14933) 2022-10-12 11:53:41 -06:00
Stuart 5eb5fe41c1
Fixed broken links referring to tutorials running as local agent (#14954) 2022-10-11 13:01:29 -07:00