fixed merge conflicts pt2

This commit is contained in:
trujillo-adam 2022-03-15 14:01:24 -07:00
commit 9cc9122be8
14 changed files with 611 additions and 1087 deletions

View File

@ -78,11 +78,7 @@ information when `debug` is running. By default, it captures all information.
| `members` | A list of all the WAN and LAN members in the cluster. | | `members` | A list of all the WAN and LAN members in the cluster. |
| `metrics` | Metrics from the in-memory metrics endpoint in the target, captured at the interval. | | `metrics` | Metrics from the in-memory metrics endpoint in the target, captured at the interval. |
| `logs` | `DEBUG` level logs for the target agent, captured for the duration. | | `logs` | `DEBUG` level logs for the target agent, captured for the duration. |
<<<<<<< HEAD
| `pprof` | Golang heap, CPU, goroutine, and trace profiling. CPU profile is captured for `duration` in a single file, trace is captured for a single `interval`, while heap and goroutine are separate snapshots for each `interval`. This information is not retrieved unless [`enable_debug`](/docs/agent/options#enable_debug) is set to `true` on the target agent or ACLs are enable and an ACL token with `operator:read` is provided. |
=======
| `pprof` | Golang heap, CPU, goroutine, and trace profiling. CPU and traces are captured for `duration` in a single file while heap and goroutine are separate snapshots for each `interval`. This information is not retrieved unless [`enable_debug`](/docs/agent/config/config-files#enable_debug) is set to `true` on the target agent or ACLs are enable and an ACL token with `operator:read` is provided. | | `pprof` | Golang heap, CPU, goroutine, and trace profiling. CPU and traces are captured for `duration` in a single file while heap and goroutine are separate snapshots for each `interval`. This information is not retrieved unless [`enable_debug`](/docs/agent/config/config-files#enable_debug) is set to `true` on the target agent or ACLs are enable and an ACL token with `operator:read` is provided. |
>>>>>>> cd907b75cebdefe62a30986e0cdc7bd528c52159
## Examples ## Examples

View File

@ -56,14 +56,8 @@ See [Kubernetes Custom Resource Definitions](/docs/k8s/crds).
Configuration entries outside of Kubernetes should be managed with the Consul Configuration entries outside of Kubernetes should be managed with the Consul
[CLI](/commands/config) or [API](/api/config). Additionally, as a [CLI](/commands/config) or [API](/api/config). Additionally, as a
convenience for initial cluster bootstrapping, configuration entries can be convenience for initial cluster bootstrapping, configuration entries can be specified in all of the Consul servers's
<<<<<<< HEAD
specified in the Consul servers agent's
[configuration files](/docs/agent/options#config_entries_bootstrap)
=======
specified in all of the Consul servers's
[configuration files](/docs/agent/config/config-files#config_entries_bootstrap) [configuration files](/docs/agent/config/config-files#config_entries_bootstrap)
>>>>>>> cd907b75cebdefe62a30986e0cdc7bd528c52159
### Managing Configuration Entries with the CLI ### Managing Configuration Entries with the CLI

File diff suppressed because it is too large Load Diff

View File

@ -135,12 +135,7 @@ $ consul agent -data-dir=/tmp/consul
- **Server**: This indicates whether the agent is running in server or client - **Server**: This indicates whether the agent is running in server or client
mode. mode.
Running an agent in server mode requires additional overhead. This is because they participate in the consensus quorum, store cluster state, and handle queries. A server may also be Running an agent in server mode requires additional overhead. This is because they participate in the consensus quorum, store cluster state, and handle queries. A server may also be in [`bootstrap`](/docs/agent/config/cli-flags#_bootstrap_expect) mode, which enables the server to elect itself as the raft leader. Multiple servers cannot be in bootstrap mode because it would put the cluster in an inconsistent state.
<<<<<<< HEAD
in ["bootstrap"](/docs/agent/options#_bootstrap_expect) mode, which enables the server to elect itself as the Raft leader. Multiple servers cannot be in bootstrap mode because it would put the cluster in an inconsistent state.
=======
in ["bootstrap"](/docs/agent/config/cli-flags#_bootstrap_expect) mode, which enables the server to elect itselft as the Raft leader. Multiple servers cannot be in bootstrap mode because it would put the cluster in an inconsistent state.
>>>>>>> cd907b75cebdefe62a30986e0cdc7bd528c52159
- **Client Addr**: This is the address used for client interfaces to the agent. - **Client Addr**: This is the address used for client interfaces to the agent.
This includes the ports for the HTTP and DNS interfaces. By default, this This includes the ports for the HTTP and DNS interfaces. By default, this

View File

@ -33,15 +33,10 @@ Ensure that your Consul environment meets the following requirements.
* Consul [Connect](/docs/agent/config/config-files#connect) must be enabled in both datacenters. * Consul [Connect](/docs/agent/config/config-files#connect) must be enabled in both datacenters.
* Each [datacenter](/docs/agent/config/config-files#datacenter) must have a unique name. * Each [datacenter](/docs/agent/config/config-files#datacenter) must have a unique name.
* Each datacenters must be [WAN joined](https://learn.hashicorp.com/tutorials/consul/federarion-gossip-wan). * Each datacenters must be [WAN joined](https://learn.hashicorp.com/tutorials/consul/federarion-gossip-wan).
<<<<<<< HEAD
* The [primary datacenter](/docs/agent/options#primary_datacenter) must be set to the same value in both datacenters. This specifies which datacenter is the authority for Connect certificates and is required for services in all datacenters to establish mutual TLS with each other.
* [gRPC](/docs/agent/options#grpc_port) must be enabled.
* If you want to [enable gateways globally](/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters#enabling-gateways-globally) you must enable [centralized configuration](/docs/agent/options#enable_central_service_config).
=======
* The [primary datacenter](/docs/agent/config/config-files#primary_datacenter) must be set to the same value in both datacenters. This specifies which datacenter is the authority for Connect certificates and is required for services in all datacenters to establish mutual TLS with each other. * The [primary datacenter](/docs/agent/config/config-files#primary_datacenter) must be set to the same value in both datacenters. This specifies which datacenter is the authority for Connect certificates and is required for services in all datacenters to establish mutual TLS with each other.
* [gRPC](/docs/agent/config/config-files#grpc_port) must be enabled. * [gRPC](/docs/agent/config/config-files#grpc_port) must be enabled.
* If you want to [enable gateways globally](/docs/connect/mesh-gateway#enabling-gateways-globally) you must enable [centralized configuration](/docs/agent/config/config-files#enable_central_service_config). * If you want to [enable gateways globally](/docs/connect/mesh-gateway#enabling-gateways-globally) you must enable [centralized configuration](/docs/agent/config/config-files#enable_central_service_config).
>>>>>>> cd907b75cebdefe62a30986e0cdc7bd528c52159 * The [primary datacenter](/docs/agent/config/config-files#primary_datacenter) must be set to the same value in both datacenters. This specifies which datacenter is the authority for Connect certificates and is required for services in all datacenters to establish mutual TLS with each other.
### Network ### Network

View File

@ -23,16 +23,16 @@ Ensure that your Consul environment meets the following requirements.
### Consul ### Consul
* Consul Enterprise version 1.11.0 or newer. * Consul Enterprise version 1.11.0 or newer.
* A local Consul agent is required to manage its configuration. * A local Consul agent is required to manage its configuration.
<<<<<<< HEAD
* Consul service mesh must be enabled in all partitions. Refer to the [`connect` documentation](/docs/agent/options#connect) for details.
* Each partition must have a unique name. Refer to the [admin partitions documentation](/docs/enterprise/admin-partitions) for details. * Each partition must have a unique name. Refer to the [admin partitions documentation](/docs/enterprise/admin-partitions) for details.
* If you want to [enable gateways globally](/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters#enabling-gateways-globally) you must enable [centralized configuration](/docs/agent/options#enable_central_service_config).
=======
* Consul service mesh must be enabled in all partitions. Refer to the [`connect` documentation](/docs/agent/config/config-files#connect) for details. * Consul service mesh must be enabled in all partitions. Refer to the [`connect` documentation](/docs/agent/config/config-files#connect) for details.
* Each partition must have a unique name. Refer to the [admin partitions documentation](/docs/enteprise/admin-partitions) for details. * Each partition must have a unique name. Refer to the [admin partitions documentation](/docs/enteprise/admin-partitions) for details.
* If you want to [enable gateways globally](/docs/connect/mesh-gateway#enabling-gateways-globally) you must enable [centralized configuration](/docs/agent/config/config-files#enable_central_service_config). * If you want to [enable gateways globally](/docs/connect/mesh-gateway#enabling-gateways-globally) you must enable [centralized configuration](/docs/agent/config/config-files#enable_central_service_config).
>>>>>>> cd907b75cebdefe62a30986e0cdc7bd528c52159
### Proxy ### Proxy

View File

@ -126,14 +126,9 @@ connect {
} }
``` ```
<<<<<<< HEAD References to [`start_join_wan`](/docs/agent/config/config-files#start_join_wan) or [`retry_join_wan`](/docs/agent/config/config-files#retry_join_wan) should be omitted.
The [`start_join_wan`](/docs/agent/options#start_join_wan) or [`retry_join_wan`](/docs/agent/options#retry_join_wan) are only used for the [traditional federation process](/docs/k8s/installation/multi-cluster#traditional-wan-federation). They must be omitted when federating Consul servers via gateways.
=======
Any references to [`start_join_wan`](/docs/agent/config/config-files#start_join_wan) or [`retry_join_wan`](/docs/agent/config/config-files#retry_join_wan) should be omitted.
>>>>>>> cd907b75cebdefe62a30986e0cdc7bd528c52159
-> The `primary_gateways` configuration can also use `go-discover` syntax just -> The `primary_gateways` configuration can use the same `go-discover` syntax used in `retry_join_wan`.
like `retry_join_wan`.
### Bootstrapping ### Bootstrapping

View File

@ -447,14 +447,8 @@ machine.node.dc1.test-domain. 0 IN A 127.0.0.1
machine.node.dc1.test-domain. 0 IN TXT "consul-network-segment=" machine.node.dc1.test-domain. 0 IN TXT "consul-network-segment="
``` ```
<<<<<<< HEAD -> **PTR queries:** Responses to PTR queries (`<ip>.in-addr.arpa.`) always use the
-> **PTR queries:** Responses to PTR queries (`<ip>.in-addr.arpa.`) will always use the [primary domain](/docs/agent/config/config-files#domain) and not the alternative domain. This is because the query cannot specify a domain.
[primary domain](/docs/agent/options#domain) (not the alternative domain),
=======
-> **PTR queries:** Responses to PTR queries (`<ip>.in-addr.arpa.`) will always use the
[primary domain](/docs/agent/config/config-files#domain) (not the alternative domain),
>>>>>>> cd907b75cebdefe62a30986e0cdc7bd528c52159
as there is no way for the query to specify a domain.
## Caching ## Caching

View File

@ -24,8 +24,7 @@ greater insight into Consul access and usage patterns.
For more experience leveraging Consul's audit logging functionality, explore our For more experience leveraging Consul's audit logging functionality, explore our
HashiCorp Learn tutorial [Capture Consul Events with Audit Logging](https://learn.hashicorp.com/tutorials/consul/audit-logging). HashiCorp Learn tutorial [Capture Consul Events with Audit Logging](https://learn.hashicorp.com/tutorials/consul/audit-logging).
For detailed configuration information on configuring the Consul Enterprise's audit For detailed configuration information on configuring the Consul Enterprise's audit logging, review the Consul [Audit Log](/docs/agent/config/config-files#audit)
logging, review the Consul [Audit Log](/docs/agent/config/config-files#audit)
documentation. documentation.
## Example Configuration ## Example Configuration

View File

@ -6,31 +6,21 @@ description: Running Consul servers outside of Kubernetes
# Consul Servers Outside of Kubernetes # Consul Servers Outside of Kubernetes
If you have a Consul cluster already running, you can configure your This topic describes how to configure your Consul clients inside Kubernetes to join an existing cluster.
Consul clients inside Kubernetes to join this existing cluster.
The below `config.yaml` file shows how to configure the Helm chart to install ## Configuration Overview
Consul clients that will join an existing cluster.
The `global.enabled` value first disables all chart components by default In the following example `config.yaml` file, the Helm chart is configured to install Consul clients that will join an existing cluster. It includes the following parameters:
so that each component is opt-in. This allows us to _only_ setup the client
agents. We then opt-in to the client agents by setting `client.enabled` to
`true`.
Next, `client.exposeGossipPorts` can be set to `true` or `false` depending on if * The `global.enabled` parameter is set to `false`. This configuration disables all chart components by default so that each component must opt-in. As a result, only client agents will be set up when the configuraiton is applied.
you want the clients to be exposed on the Kubernetes internal node IPs (`true`) or
their pod IPs (`false`).
Finally, `client.join` is set to an array of valid * The `client.enabled` parameter is set to `true`. This configuration opts the client agents into the cluster.
<<<<<<< HEAD
[`-retry-join` values](/docs/agent/options#retry-join). In the * The `client.exposeGossipPorts` parameter is set to `true` or `false`. Setting the parameter to `true` exposes the clients on the Kubernetes internal node IPs. Setting to `false` exposes the clients on their pod IPs.
example above, a fake [cloud auto-join](/docs/install/cloud-auto-join)
======= * The `client.join` is set to an array of valid
[`-retry-join` values](/docs/agent/config/cli-flags#retry-join). In the [`-retry-join` values](/docs/agent/config/cli-flags#retry-join). The
example above, a fake [cloud auto-join](/docs/agent/cloud-auto-join) following example includes a [cloud auto-join](/docs/agent/cloud-auto-join) value resolve to the proper addresses of the existing Consul cluster.
>>>>>>> cd907b75cebdefe62a30986e0cdc7bd528c52159
value is specified. This should be set to resolve to the proper addresses of
your existing Consul cluster.
<CodeBlockConfig filename="config.yaml"> <CodeBlockConfig filename="config.yaml">

View File

@ -102,11 +102,7 @@ Use the `policy` keyword and one of the following access levels to set a policy
- `write`: Allows the resource to be read and modified. - `write`: Allows the resource to be read and modified.
- `deny`: Denies read and write access to the resource. - `deny`: Denies read and write access to the resource.
<<<<<<< HEAD
The special `list` access level provides access to all keys with the specified resource label in the Consul KV. The `list` access level can only be used with the `key_prefix` resource. The [`acl.enable_key_list_policy`](/docs/agent/options#acl_enable_key_list_policy) setting must be set to `true`.
=======
The special `list` access level provices access to all keys with the specified resource label in the Consul KV. The `list` access level can only be used with the `key_prefix` resource. The [`acl.enable_key_list_policy`](/docs/agent/config/config-files#acl_enable_key_list_policy) setting must be set to `true`. The special `list` access level provices access to all keys with the specified resource label in the Consul KV. The `list` access level can only be used with the `key_prefix` resource. The [`acl.enable_key_list_policy`](/docs/agent/config/config-files#acl_enable_key_list_policy) setting must be set to `true`.
>>>>>>> cd907b75cebdefe62a30986e0cdc7bd528c52159
### Matching and Prefix Values ### Matching and Prefix Values

View File

@ -173,14 +173,8 @@ examples of using a service identity.
-> Added in Consul 1.8.1 -> Added in Consul 1.8.1
<<<<<<< HEAD
An ACL node identity is an [ACL policy](/docs/security/acl/acl-system#acl-policies) template for expressing a link to a policy
suitable for use as an [Consul `agent` token](/docs/agent/options#acl_tokens_agent). They are usable
=======
An ACL node identity is an [ACL policy](/docs/acl/acl-system#acl-policies) template for expressing a link to a policy An ACL node identity is an [ACL policy](/docs/acl/acl-system#acl-policies) template for expressing a link to a policy
suitable for use as an [Consul `agent` token](/docs/agent/config/config-files#acl_tokens_agent). They are usable suitable for use as an [Consul `agent` token](/docs/agent/config/config-files#acl_tokens_agent). They are usable on both tokens and roles and are composed of the following elements:
>>>>>>> cd907b75cebdefe62a30986e0cdc7bd528c52159
on both tokens and roles and are composed of the following elements:
- **Node Name** - The name of the node to grant access to. - **Node Name** - The name of the node to grant access to.
- **Datacenter** - The datacenter that the node resides within. - **Datacenter** - The datacenter that the node resides within.

View File

@ -235,11 +235,7 @@ environment and adapt these configurations accordingly.
- **Customize HTTP Response Headers** - Additional security headers, such as - **Customize HTTP Response Headers** - Additional security headers, such as
[`X-XSS-Protection`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection), can be [`X-XSS-Protection`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection), can be
<<<<<<< HEAD [configured](/docs/agent/config/config-files#response_headers) for HTTP API responses.
[configured](/docs/agent/options#response_headers) for HTTP API responses.
=======
[configured](https://www.consul.io/docs/agent/config/config-files#response_headers) for HTTP API responses.
>>>>>>> cd907b75cebdefe62a30986e0cdc7bd528c52159
```hcl ```hcl
http_config { http_config {

View File

@ -20,7 +20,7 @@ Here is some documentation that may prove useful for reference during this upgra
- [ACL System in Legacy Mode](/docs/security/acl/acl-legacy) - You can find - [ACL System in Legacy Mode](/docs/security/acl/acl-legacy) - You can find
information about legacy configuration options and differences between modes here. information about legacy configuration options and differences between modes here.
- [Configuration](/docs/agent/config) - You can find more details - [Configuration](https://www.consul.io/docs/agent/config) - You can find more details
around legacy ACL and new ACL configuration options here. Legacy ACL config options around legacy ACL and new ACL configuration options here. Legacy ACL config options
will be listed as deprecates as of 1.4.0. will be listed as deprecates as of 1.4.0.
@ -51,7 +51,7 @@ Looking through these changes prior to upgrading is highly recommended.
Two very notable items are: Two very notable items are:
- 1.6.2 introduced more strict JSON decoding. Invalid JSON that was previously ignored might result in errors now (e.g., `Connect: null` in service definitions). See [[GH#6680](https://github.com/hashicorp/consul/pull/6680)]. - 1.6.2 introduced more strict JSON decoding. Invalid JSON that was previously ignored might result in errors now (e.g., `Connect: null` in service definitions). See [[GH#6680](https://github.com/hashicorp/consul/pull/6680)].
- 1.6.3 introduced the [http_max_conns_per_client](/docs/agent/config/config-files.html#http_max_conns_per_client) limit. This defaults to 200. Prior to this, connections per client were unbounded. [[GH#7159](https://github.com/hashicorp/consul/issues/7159)] - 1.6.3 introduced the [http_max_conns_per_client](/docs/agent/config/config-files#http_max_conns_per_client) limit. This defaults to 200. Prior to this, connections per client were unbounded. [[GH#7159](https://github.com/hashicorp/consul/issues/7159)]
## Procedure ## Procedure