mirror of https://github.com/status-im/consul.git
Merge branch 'stable-website' into release/1.9.0
This commit is contained in:
commit
dbb1249f13
32
CHANGELOG.md
32
CHANGELOG.md
|
@ -100,6 +100,12 @@ BUG FIXES:
|
||||||
* telemetry: fixed a bug that caused logs to be flooded with `[WARN] agent.router: Non-server in server-only area` [[GH-8685](https://github.com/hashicorp/consul/issues/8685)]
|
* telemetry: fixed a bug that caused logs to be flooded with `[WARN] agent.router: Non-server in server-only area` [[GH-8685](https://github.com/hashicorp/consul/issues/8685)]
|
||||||
* ui: show correct datacenter for gateways [[GH-8704](https://github.com/hashicorp/consul/issues/8704)]
|
* ui: show correct datacenter for gateways [[GH-8704](https://github.com/hashicorp/consul/issues/8704)]
|
||||||
|
|
||||||
|
## 1.8.6 (November 19, 2020)
|
||||||
|
|
||||||
|
SECURITY:
|
||||||
|
|
||||||
|
* Increase the permissions to read from the `/connect/ca/configuration` endpoint to `operator:write`. Previously Connect CA configuration, including the private key, set via this endpoint could be read back by an operator with `operator:read` privileges. [CVE-2020-28053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28053) [[GH-9240](https://github.com/hashicorp/consul/issues/9240)]
|
||||||
|
|
||||||
## 1.8.5 (October 23, 2020)
|
## 1.8.5 (October 23, 2020)
|
||||||
|
|
||||||
SECURITY:
|
SECURITY:
|
||||||
|
@ -266,6 +272,26 @@ BUGFIXES:
|
||||||
* ui: Miscellaneous amends for Safari and Firefox [[GH-7904](https://github.com/hashicorp/consul/issues/7904)] [[GH-7907](https://github.com/hashicorp/consul/pull/7907)]
|
* ui: Miscellaneous amends for Safari and Firefox [[GH-7904](https://github.com/hashicorp/consul/issues/7904)] [[GH-7907](https://github.com/hashicorp/consul/pull/7907)]
|
||||||
* ui: Ensure a value is always passed to CONSUL_SSO_ENABLED [[GH-7913](https://github.com/hashicorp/consul/pull/7913)]
|
* ui: Ensure a value is always passed to CONSUL_SSO_ENABLED [[GH-7913](https://github.com/hashicorp/consul/pull/7913)]
|
||||||
|
|
||||||
|
## 1.7.10 (November 19, 2020)
|
||||||
|
|
||||||
|
SECURITY:
|
||||||
|
|
||||||
|
* Increase the permissions to read from the `/connect/ca/configuration` endpoint to `operator:write`. Previously Connect CA configuration, including the private key, set via this endpoint could be read back by an operator with `operator:read` privileges. [CVE-2020-28053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28053) [[GH-9240](https://github.com/hashicorp/consul/issues/9240)]
|
||||||
|
|
||||||
|
## 1.7.9 (October 26, 2020)
|
||||||
|
|
||||||
|
SECURITY:
|
||||||
|
|
||||||
|
* Fix Consul Enterprise Namespace Config Entry Replication DoS. Previously an operator with service:write ACL permissions in a Consul Enterprise cluster could write a malicious config entry that caused infinite raft writes due to issues with the namespace replication logic. [CVE-2020-25201] (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25201) [[GH-9024](https://github.com/hashicorp/consul/issues/9024)]
|
||||||
|
|
||||||
|
IMPROVEMENTS:
|
||||||
|
|
||||||
|
* connect: update supported envoy releases to 1.13.6, 1.12.7, 1.11.2, 1.10.0 for 1.7.x [[GH-9000](https://github.com/hashicorp/consul/issues/9000)]
|
||||||
|
|
||||||
|
BUG FIXES:
|
||||||
|
|
||||||
|
* agent: when enable_central_service_config is enabled ensure agent reload doesn't revert check state to critical [[GH-8747](https://github.com/hashicorp/consul/issues/8747)]
|
||||||
|
|
||||||
## 1.7.8 (September 11, 2020)
|
## 1.7.8 (September 11, 2020)
|
||||||
|
|
||||||
FEATURES:
|
FEATURES:
|
||||||
|
@ -501,6 +527,12 @@ BUGFIXES:
|
||||||
* ui: Discovery-Chain: Improve parsing of redirects [[GH-7174](https://github.com/hashicorp/consul/pull/7174)]
|
* ui: Discovery-Chain: Improve parsing of redirects [[GH-7174](https://github.com/hashicorp/consul/pull/7174)]
|
||||||
* ui: Fix styling of ‘duplicate intention’ error message [[GH6936]](https://github.com/hashicorp/consul/pull/6936)
|
* ui: Fix styling of ‘duplicate intention’ error message [[GH6936]](https://github.com/hashicorp/consul/pull/6936)
|
||||||
|
|
||||||
|
## 1.6.10 (November 19, 2020)
|
||||||
|
|
||||||
|
SECURITY:
|
||||||
|
|
||||||
|
* Increase the permissions to read from the `/connect/ca/configuration` endpoint to `operator:write`. Previously Connect CA configuration, including the private key, set via this endpoint could be read back by an operator with `operator:read` privileges. [CVE-2020-28053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28053) [[GH-9240](https://github.com/hashicorp/consul/issues/9240)]
|
||||||
|
|
||||||
## 1.6.9 (September 11, 2020)
|
## 1.6.9 (September 11, 2020)
|
||||||
|
|
||||||
BUG FIXES:
|
BUG FIXES:
|
||||||
|
|
|
@ -37,7 +37,7 @@ import (
|
||||||
var Gauges = []prometheus.GaugeDefinition{
|
var Gauges = []prometheus.GaugeDefinition{
|
||||||
{
|
{
|
||||||
Name: []string{"consul", "cache", "entries_count"},
|
Name: []string{"consul", "cache", "entries_count"},
|
||||||
Help: "",
|
Help: "Represents the number of entries in this cache.",
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -45,19 +45,19 @@ var Gauges = []prometheus.GaugeDefinition{
|
||||||
var Counters = []prometheus.CounterDefinition{
|
var Counters = []prometheus.CounterDefinition{
|
||||||
{
|
{
|
||||||
Name: []string{"consul", "cache", "bypass"},
|
Name: []string{"consul", "cache", "bypass"},
|
||||||
Help: "",
|
Help: "Counts how many times a request bypassed the cache because no cache-key was provided.",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"consul", "cache", "fetch_success"},
|
Name: []string{"consul", "cache", "fetch_success"},
|
||||||
Help: "",
|
Help: "Counts the number of successful fetches by the cache.",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"consul", "cache", "fetch_error"},
|
Name: []string{"consul", "cache", "fetch_error"},
|
||||||
Help: "",
|
Help: "Counts the number of failed fetches by the cache.",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"consul", "cache", "evict_expired"},
|
Name: []string{"consul", "cache", "evict_expired"},
|
||||||
Help: "",
|
Help: "Counts the number of expired entries that are evicted.",
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -86,7 +86,7 @@ var CatalogCounters = []prometheus.CounterDefinition{
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"client", "api", "error", "catalog_service_nodes"},
|
Name: []string{"client", "api", "error", "catalog_service_nodes"},
|
||||||
Help: "",
|
Help: "Increments whenever a Consul agent receives an RPC error for request to list nodes offering a service.",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"client", "api", "catalog_node_services"},
|
Name: []string{"client", "api", "catalog_node_services"},
|
||||||
|
@ -102,15 +102,15 @@ var CatalogCounters = []prometheus.CounterDefinition{
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"client", "api", "catalog_node_service_list"},
|
Name: []string{"client", "api", "catalog_node_service_list"},
|
||||||
Help: "",
|
Help: "Increments whenever a Consul agent receives a request to list a node's registered services.",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"client", "rpc", "error", "catalog_node_service_list"},
|
Name: []string{"client", "rpc", "error", "catalog_node_service_list"},
|
||||||
Help: "",
|
Help: "Increments whenever a Consul agent receives an RPC error for request to list a node's registered services.",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"client", "api", "success", "catalog_node_service_list"},
|
Name: []string{"client", "api", "success", "catalog_node_service_list"},
|
||||||
Help: "",
|
Help: "Increments whenever a Consul agent successfully responds to a request to list a node's registered services.",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"client", "api", "catalog_gateway_services"},
|
Name: []string{"client", "api", "catalog_gateway_services"},
|
||||||
|
|
|
@ -19,26 +19,26 @@ import (
|
||||||
var ACLCounters = []prometheus.CounterDefinition{
|
var ACLCounters = []prometheus.CounterDefinition{
|
||||||
{
|
{
|
||||||
Name: []string{"acl", "token", "cache_hit"},
|
Name: []string{"acl", "token", "cache_hit"},
|
||||||
Help: "",
|
Help: "Increments if Consul is able to resolve a token's identity, or a legacy token, from the cache.",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"acl", "token", "cache_miss"},
|
Name: []string{"acl", "token", "cache_miss"},
|
||||||
Help: "",
|
Help: "Increments if Consul cannot resolve a token's identity, or a legacy token, from the cache.",
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
var ACLSummaries = []prometheus.SummaryDefinition{
|
var ACLSummaries = []prometheus.SummaryDefinition{
|
||||||
{
|
{
|
||||||
Name: []string{"acl", "resolveTokenLegacy"},
|
Name: []string{"acl", "resolveTokenLegacy"},
|
||||||
Help: "",
|
Help: "This measures the time it takes to resolve an ACL token using the legacy ACL system.",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"acl", "ResolveToken"},
|
Name: []string{"acl", "ResolveToken"},
|
||||||
Help: "",
|
Help: "This measures the time it takes to resolve an ACL token.",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"acl", "ResolveTokenToIdentity"},
|
Name: []string{"acl", "ResolveTokenToIdentity"},
|
||||||
Help: "",
|
Help: "This measures the time it takes to resolve an ACL token to an Identity.",
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -25,7 +25,7 @@ var CatalogCounters = []prometheus.CounterDefinition{
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"catalog", "connect", "query"},
|
Name: []string{"catalog", "connect", "query"},
|
||||||
Help: "",
|
Help: "Increments for each connect-based catalog query for the given service.",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"catalog", "service", "query-tag"},
|
Name: []string{"catalog", "service", "query-tag"},
|
||||||
|
@ -33,7 +33,7 @@ var CatalogCounters = []prometheus.CounterDefinition{
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"catalog", "connect", "query-tag"},
|
Name: []string{"catalog", "connect", "query-tag"},
|
||||||
Help: "",
|
Help: "Increments for each connect-based catalog query for the given service with the given tag.",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"catalog", "service", "query-tags"},
|
Name: []string{"catalog", "service", "query-tags"},
|
||||||
|
@ -41,7 +41,7 @@ var CatalogCounters = []prometheus.CounterDefinition{
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"catalog", "connect", "query-tags"},
|
Name: []string{"catalog", "connect", "query-tags"},
|
||||||
Help: "",
|
Help: "Increments for each connect-based catalog query for the given service with the given tags.",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"catalog", "service", "not-found"},
|
Name: []string{"catalog", "service", "not-found"},
|
||||||
|
@ -49,7 +49,7 @@ var CatalogCounters = []prometheus.CounterDefinition{
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"catalog", "connect", "not-found"},
|
Name: []string{"catalog", "connect", "not-found"},
|
||||||
Help: "",
|
Help: "Increments for each connect-based catalog query where the given service could not be found.",
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -53,43 +53,43 @@ var CommandsSummaries = []prometheus.SummaryDefinition{
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"consul", "fsm", "intention"},
|
Name: []string{"consul", "fsm", "intention"},
|
||||||
Help: "",
|
Help: "Deprecated - use fsm_intention instead",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"fsm", "intention"},
|
Name: []string{"fsm", "intention"},
|
||||||
Help: "",
|
Help: "Measures the time it takes to apply an intention operation to the FSM.",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"consul", "fsm", "ca"},
|
Name: []string{"consul", "fsm", "ca"},
|
||||||
Help: "",
|
Help: "Deprecated - use fsm_ca instead",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Name: []string{"fsm", "ca"},
|
||||||
|
Help: "Measures the time it takes to apply CA configuration operations to the FSM.",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"fsm", "ca", "leaf"},
|
Name: []string{"fsm", "ca", "leaf"},
|
||||||
Help: "",
|
Help: "Measures the time it takes to apply an operation while signing a leaf certificate.",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"fsm", "acl", "token"},
|
Name: []string{"fsm", "acl", "token"},
|
||||||
Help: "",
|
Help: "Measures the time it takes to apply an ACL token operation to the FSM.",
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: []string{"fsm", "ca", "leaf"},
|
|
||||||
Help: "",
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"fsm", "acl", "policy"},
|
Name: []string{"fsm", "acl", "policy"},
|
||||||
Help: "",
|
Help: "Measures the time it takes to apply an ACL policy operation to the FSM.",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"fsm", "acl", "bindingrule"},
|
Name: []string{"fsm", "acl", "bindingrule"},
|
||||||
Help: "",
|
Help: "Measures the time it takes to apply an ACL binding rule operation to the FSM.",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"fsm", "acl", "authmethod"},
|
Name: []string{"fsm", "acl", "authmethod"},
|
||||||
Help: "",
|
Help: "Measures the time it takes to apply an ACL authmethod operation to the FSM.",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"fsm", "system_metadata"},
|
Name: []string{"fsm", "system_metadata"},
|
||||||
Help: "",
|
Help: "Measures the time it takes to apply a system metadata operation to the FSM.",
|
||||||
},
|
},
|
||||||
// TODO(kit): We generate the config-entry fsm summaries by reading off of the request. It is
|
// TODO(kit): We generate the config-entry fsm summaries by reading off of the request. It is
|
||||||
// possible to statically declare these when we know all of the names, but I didn't get to it
|
// possible to statically declare these when we know all of the names, but I didn't get to it
|
||||||
|
@ -378,8 +378,12 @@ func (c *FSM) applyIntentionOperation(buf []byte, index uint64) interface{} {
|
||||||
panic(fmt.Errorf("failed to decode request: %v", err))
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO(kit): We should deprecate this first metric that writes the metrics_prefix itself,
|
||||||
|
// the config we use to flag this out, telemetry.disable_compat_1.9 is on the agent - how do
|
||||||
|
// we access it here?
|
||||||
defer metrics.MeasureSinceWithLabels([]string{"consul", "fsm", "intention"}, time.Now(),
|
defer metrics.MeasureSinceWithLabels([]string{"consul", "fsm", "intention"}, time.Now(),
|
||||||
[]metrics.Label{{Name: "op", Value: string(req.Op)}})
|
[]metrics.Label{{Name: "op", Value: string(req.Op)}})
|
||||||
|
|
||||||
defer metrics.MeasureSinceWithLabels([]string{"fsm", "intention"}, time.Now(),
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "intention"}, time.Now(),
|
||||||
[]metrics.Label{{Name: "op", Value: string(req.Op)}})
|
[]metrics.Label{{Name: "op", Value: string(req.Op)}})
|
||||||
|
|
||||||
|
@ -474,6 +478,7 @@ func (c *FSM) applyConnectCAOperation(buf []byte, index uint64) interface{} {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// applyConnectCALeafOperation applies an operation while signing a leaf certificate.
|
||||||
func (c *FSM) applyConnectCALeafOperation(buf []byte, index uint64) interface{} {
|
func (c *FSM) applyConnectCALeafOperation(buf []byte, index uint64) interface{} {
|
||||||
var req structs.CALeafRequest
|
var req structs.CALeafRequest
|
||||||
if err := structs.Decode(buf, &req); err != nil {
|
if err := structs.Decode(buf, &req); err != nil {
|
||||||
|
|
|
@ -16,11 +16,11 @@ var SessionGauges = []prometheus.GaugeDefinition{
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"raft", "applied_index"},
|
Name: []string{"raft", "applied_index"},
|
||||||
Help: "",
|
Help: "Represents the raft applied index.",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: []string{"raft", "last_index"},
|
Name: []string{"raft", "last_index"},
|
||||||
Help: "",
|
Help: "Represents the raft last index.",
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -153,7 +153,7 @@ func (s *Server) clearAllSessionTimers() {
|
||||||
s.sessionTimers.StopAll()
|
s.sessionTimers.StopAll()
|
||||||
}
|
}
|
||||||
|
|
||||||
// updateMetrics is a long running routine used to uddate a
|
// updateMetrics is a long running routine used to update a
|
||||||
// number of server periodic metrics
|
// number of server periodic metrics
|
||||||
func (s *Server) updateMetrics() {
|
func (s *Server) updateMetrics() {
|
||||||
for {
|
for {
|
||||||
|
|
|
@ -59,7 +59,7 @@ This section addresses some frequently asked questions about Consul's architectu
|
||||||
|
|
||||||
### How does eventually-consistent gossip relate to the Raft consensus protocol?
|
### How does eventually-consistent gossip relate to the Raft consensus protocol?
|
||||||
|
|
||||||
When you query Consul for information about a service, such as via the [DNS interface](https://www.consul.io/docs/agent/dns.html), the agent will always make an internal RPC request to a Consul server that will query the consistent state store. Even though an agent might learn that another agent is down via gossip, that won't be reflected in service discovery until the current Raft leader server perceives that through gossip and updates the catalog using Raft. You can see an example of where these layers are plumbed together here - https://github.com/hashicorp/consul/blob/v1.0.5/agent/consul/leader.go#L559-L602.
|
When you query Consul for information about a service, such as via the [DNS interface](https://www.consul.io/docs/discovery/dns), the agent will always make an internal RPC request to a Consul server that will query the consistent state store. Even though an agent might learn that another agent is down via gossip, that won't be reflected in service discovery until the current Raft leader server perceives that through gossip and updates the catalog using Raft. You can see an example of where these layers are plumbed together here - https://github.com/hashicorp/consul/blob/v1.0.5/agent/consul/leader.go#L559-L602.
|
||||||
|
|
||||||
## Why does a blocking query sometimes return with identical results?
|
## Why does a blocking query sometimes return with identical results?
|
||||||
|
|
||||||
|
|
|
@ -12,7 +12,7 @@ The `/query` endpoints create, update, destroy, and execute prepared queries.
|
||||||
Prepared queries allow you to register a complex service query and then execute
|
Prepared queries allow you to register a complex service query and then execute
|
||||||
it later via its ID or name to get a set of healthy nodes that provide a given
|
it later via its ID or name to get a set of healthy nodes that provide a given
|
||||||
service. This is particularly useful in combination with Consul's
|
service. This is particularly useful in combination with Consul's
|
||||||
[DNS Interface](/docs/agent/dns) as it allows for much richer queries than
|
[DNS Interface](/docs/discovery/dns) as it allows for much richer queries than
|
||||||
would be possible given the limited entry points exposed by DNS.
|
would be possible given the limited entry points exposed by DNS.
|
||||||
|
|
||||||
Check the [Geo Failover tutorial](https://learn.hashicorp.com/tutorials/consul/automate-geo-failover) for details and
|
Check the [Geo Failover tutorial](https://learn.hashicorp.com/tutorials/consul/automate-geo-failover) for details and
|
||||||
|
|
|
@ -38,7 +38,7 @@ gateway:
|
||||||
- The ingress gateway will route traffic based on the host/authority header,
|
- The ingress gateway will route traffic based on the host/authority header,
|
||||||
expecting a value matching `<service-name>.ingress.*`, or if using namespaces,
|
expecting a value matching `<service-name>.ingress.*`, or if using namespaces,
|
||||||
`<service-name>.ingress.<namespace>.*`. This matches the [Consul DNS
|
`<service-name>.ingress.<namespace>.*`. This matches the [Consul DNS
|
||||||
ingress subdomain](/docs/agent/dns#ingress-service-lookups).
|
ingress subdomain](/docs/discovery/dns#ingress-service-lookups).
|
||||||
|
|
||||||
A wildcard specifier cannot be set on a listener of protocol `tcp`.
|
A wildcard specifier cannot be set on a listener of protocol `tcp`.
|
||||||
|
|
||||||
|
|
|
@ -1452,7 +1452,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
|
||||||
When set to true, in a DNS query for a service, the label between the domain
|
When set to true, in a DNS query for a service, the label between the domain
|
||||||
and the `service` label will be treated as a namespace name instead of a datacenter.
|
and the `service` label will be treated as a namespace name instead of a datacenter.
|
||||||
When set to false, the default, the behavior will be the same as non-Enterprise
|
When set to false, the default, the behavior will be the same as non-Enterprise
|
||||||
versions and will assume the label is the datacenter. See: [this section](/docs/agent/dns#namespaced-services)
|
versions and will assume the label is the datacenter. See: [this section](/docs/discovery/dns#namespaced-services)
|
||||||
for more details.
|
for more details.
|
||||||
|
|
||||||
- `domain` Equivalent to the [`-domain` command-line flag](#_domain).
|
- `domain` Equivalent to the [`-domain` command-line flag](#_domain).
|
||||||
|
@ -1825,9 +1825,10 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
|
||||||
|
|
||||||
- `rpc` configuration for Consul servers.
|
- `rpc` configuration for Consul servers.
|
||||||
|
|
||||||
- `enable_streaming` ((#rpc_enable_streaming)) enables the gRPC subscribe endpoint on a Consul Server. All
|
- `enable_streaming` ((#rpc_enable_streaming)) (experimental) enables the gRPC subscribe endpoint on a Consul Server. All
|
||||||
servers in all federated datacenters must have this enabled before any client can use
|
servers in all federated datacenters must have this enabled before any client can use
|
||||||
[`use_streaming_backend`](#use_streaming_backend). This setting will default to true in a future release of Consul.
|
[`use_streaming_backend`](#use_streaming_backend).
|
||||||
|
This setting will default to true in a future version of Consul.
|
||||||
|
|
||||||
- `segment` <EnterpriseAlert inline /> - Equivalent to the [`-segment` command-line flag](#_segment).
|
- `segment` <EnterpriseAlert inline /> - Equivalent to the [`-segment` command-line flag](#_segment).
|
||||||
|
|
||||||
|
@ -2199,13 +2200,14 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
|
||||||
currently only supports numeric IDs.
|
currently only supports numeric IDs.
|
||||||
- `mode` - The permission bits to set on the file.
|
- `mode` - The permission bits to set on the file.
|
||||||
|
|
||||||
- `use_streaming_backend` when enabled Consul client agents will use streaming rpc to
|
- `use_streaming_backend` (experimental) when enabled Consul client agents will use
|
||||||
populate, instead of the traditional blocking queries, for endpoints which support
|
streaming rpc, instead of the traditional blocking queries, for endpoints which support
|
||||||
streaming. All servers must have [`rpc.enable_streaming`](#rpc_enable_streaming)
|
streaming. All servers must have [`rpc.enable_streaming`](#rpc_enable_streaming)
|
||||||
enabled before any client can enable `use_streaming_backend`.
|
enabled before any client can enable `use_streaming_backend`.
|
||||||
At least one of [`dns.use_cache`](#dns_use_cache) or
|
At least one of [`dns.use_cache`](#dns_use_cache) or
|
||||||
[`http_config.use_cache`](#http_config_use_cache) must be enabled, otherwise
|
[`http_config.use_cache`](#http_config_use_cache) must be enabled, otherwise
|
||||||
this setting has no effect.
|
this setting has no effect.
|
||||||
|
`use_streaming_backend` will default to true in a future version of Consul.
|
||||||
|
|
||||||
- `verify_incoming` - If set to true, Consul
|
- `verify_incoming` - If set to true, Consul
|
||||||
requires that all incoming connections make use of TLS and that the client
|
requires that all incoming connections make use of TLS and that the client
|
||||||
|
|
|
@ -137,51 +137,52 @@ when retrieving metrics from the built-in store using the above described signal
|
||||||
|
|
||||||
This is a full list of metrics emitted by Consul.
|
This is a full list of metrics emitted by Consul.
|
||||||
|
|
||||||
| Metric | Description | Unit | Type |
|
| Metric | Description | Unit | Type |
|
||||||
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------- | ------- |
|
| -------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------- | ------- |
|
||||||
| `consul.acl.blocked.service.registration` | This increments whenever a deregistration fails for a service (blocked by an ACL) | requests | counter |
|
| `consul.acl.blocked.{check,node,service}.deregistration` | This increments whenever a deregistration fails for an entity (check, node or service) is blocked by an ACL. | requests | counter |
|
||||||
| `consul.acl.blocked..registration` | This increments whenever a registration fails for an entity (check, node or service) is blocked by an ACL | requests | counter |
|
| `consul.acl.blocked.{check,node,service}.registration` | This increments whenever a registration fails for an entity (check, node or service) is blocked by an ACL. | requests | counter |
|
||||||
| `consul.api.http` | Migrated from consul.http.. this samples how long it takes to service the given HTTP request for the given verb and path. Includes labels for `path` and `method`. `path` does not include details like service or key names, for these an underscore will be present as a placeholder (eg. path=`v1.kv._`) | ms | timer |
|
| `consul.api.http` | Migrated from consul.http.. this samples how long it takes to service the given HTTP request for the given verb and path. Includes labels for `path` and `method`. `path` does not include details like service or key names, for these an underscore will be present as a placeholder (eg. path=`v1.kv._`) | ms | timer |
|
||||||
| `consul.client.rpc` | This increments whenever a Consul agent in client mode makes an RPC request to a Consul server. This gives a measure of how much a given agent is loading the Consul servers. Currently, this is only generated by agents in client mode, not Consul servers. | requests | counter |
|
| `consul.client.rpc` | This increments whenever a Consul agent in client mode makes an RPC request to a Consul server. This gives a measure of how much a given agent is loading the Consul servers. Currently, this is only generated by agents in client mode, not Consul servers. | requests | counter |
|
||||||
| `consul.client.rpc.exceeded` | This increments whenever a Consul agent in client mode makes an RPC request to a Consul server gets rate limited by that agent's [`limits`](/docs/agent/options#limits) configuration. This gives an indication that there's an abusive application making too many requests on the agent, or that the rate limit needs to be increased. Currently, this only applies to agents in client mode, not Consul servers. | rejected requests | counter |
|
| `consul.client.rpc.exceeded` | This increments whenever a Consul agent in client mode makes an RPC request to a Consul server gets rate limited by that agent's [`limits`](/docs/agent/options#limits) configuration. This gives an indication that there's an abusive application making too many requests on the agent, or that the rate limit needs to be increased. Currently, this only applies to agents in client mode, not Consul servers. | rejected requests | counter |
|
||||||
| `consul.client.rpc.failed` | This increments whenever a Consul agent in client mode makes an RPC request to a Consul server and fails. | requests | counter |
|
| `consul.client.rpc.failed` | This increments whenever a Consul agent in client mode makes an RPC request to a Consul server and fails. | requests | counter |
|
||||||
| `consul.client.api.catalog_register.` | This increments whenever a Consul agent receives a catalog register request. | requests | counter |
|
| `consul.client.api.catalog_register.` | This increments whenever a Consul agent receives a catalog register request. | requests | counter |
|
||||||
| `consul.client.api.success.catalog_register.` | This increments whenever a Consul agent successfully responds to a catalog register request. | requests | counter |
|
| `consul.client.api.success.catalog_register.` | This increments whenever a Consul agent successfully responds to a catalog register request. | requests | counter |
|
||||||
| `consul.client.rpc.error.catalog_register.` | This increments whenever a Consul agent receives an RPC error for a catalog register request. | errors | counter |
|
| `consul.client.rpc.error.catalog_register.` | This increments whenever a Consul agent receives an RPC error for a catalog register request. | errors | counter |
|
||||||
| `consul.client.api.catalog_deregister.` | This increments whenever a Consul agent receives a catalog deregister request. | requests | counter |
|
| `consul.client.api.catalog_deregister.` | This increments whenever a Consul agent receives a catalog deregister request. | requests | counter |
|
||||||
| `consul.client.api.success.catalog_deregister.` | This increments whenever a Consul agent successfully responds to a catalog deregister request. | requests | counter |
|
| `consul.client.api.success.catalog_deregister.` | This increments whenever a Consul agent successfully responds to a catalog deregister request. | requests | counter |
|
||||||
| `consul.client.rpc.error.catalog_deregister.` | This increments whenever a Consul agent receives an RPC error for a catalog deregister request. | errors | counter |
|
| `consul.client.rpc.error.catalog_deregister.` | This increments whenever a Consul agent receives an RPC error for a catalog deregister request. | errors | counter |
|
||||||
| `consul.client.api.catalog_datacenters.` | This increments whenever a Consul agent receives a request to list datacenters in the catalog. | requests | counter |
|
| `consul.client.api.catalog_datacenters.` | This increments whenever a Consul agent receives a request to list datacenters in the catalog. | requests | counter |
|
||||||
| `consul.client.api.success.catalog_datacenters.` | This increments whenever a Consul agent successfully responds to a request to list datacenters. | requests | counter |
|
| `consul.client.api.success.catalog_datacenters.` | This increments whenever a Consul agent successfully responds to a request to list datacenters. | requests | counter |
|
||||||
| `consul.client.rpc.error.catalog_datacenters.` | This increments whenever a Consul agent receives an RPC error for a request to list datacenters. | errors | counter |
|
| `consul.client.rpc.error.catalog_datacenters.` | This increments whenever a Consul agent receives an RPC error for a request to list datacenters. | errors | counter |
|
||||||
| `consul.client.api.catalog_nodes.` | This increments whenever a Consul agent receives a request to list nodes from the catalog. | requests | counter |
|
| `consul.client.api.catalog_nodes.` | This increments whenever a Consul agent receives a request to list nodes from the catalog. | requests | counter |
|
||||||
| `consul.client.api.success.catalog_nodes.` | This increments whenever a Consul agent successfully responds to a request to list nodes. | requests | counter |
|
| `consul.client.api.success.catalog_nodes.` | This increments whenever a Consul agent successfully responds to a request to list nodes. | requests | counter |
|
||||||
| `consul.client.rpc.error.catalog_nodes.` | This increments whenever a Consul agent receives an RPC error for a request to list nodes. | errors | counter |
|
| `consul.client.rpc.error.catalog_nodes.` | This increments whenever a Consul agent receives an RPC error for a request to list nodes. | errors | counter |
|
||||||
| `consul.client.api.catalog_services.` | This increments whenever a Consul agent receives a request to list services from the catalog. | requests | counter |
|
| `consul.client.api.catalog_services.` | This increments whenever a Consul agent receives a request to list services from the catalog. | requests | counter |
|
||||||
| `consul.client.api.success.catalog_services.` | This increments whenever a Consul agent successfully responds to a request to list services. | requests | counter |
|
| `consul.client.api.success.catalog_services.` | This increments whenever a Consul agent successfully responds to a request to list services. | requests | counter |
|
||||||
| `consul.client.rpc.error.catalog_services.` | This increments whenever a Consul agent receives an RPC error for a request to list services. | errors | counter |
|
| `consul.client.rpc.error.catalog_services.` | This increments whenever a Consul agent receives an RPC error for a request to list services. | errors | counter |
|
||||||
| `consul.client.api.catalog_service_nodes.` | This increments whenever a Consul agent receives a request to list nodes offering a service. | requests | counter |
|
| `consul.client.api.catalog_service_nodes.` | This increments whenever a Consul agent receives a request to list nodes offering a service. | requests | counter |
|
||||||
| `consul.client.api.success.catalog_service_nodes.` | This increments whenever a Consul agent successfully responds to a request to list nodes offering a service. | requests | counter |
|
| `consul.client.api.success.catalog_service_nodes.` | This increments whenever a Consul agent successfully responds to a request to list nodes offering a service. | requests | counter |
|
||||||
| `consul.client.rpc.error.catalog_service_nodes.` | This increments whenever a Consul agent receives an RPC error for a request to list nodes offering a service. | errors | counter |
|
| `consul.client.api.error.catalog_service_nodes.` | Increments whenever a Consul agent receives an RPC error for request to list nodes offering a service. | requests | counter |
|
||||||
| `consul.client.api.catalog_node_services.` | This increments whenever a Consul agent receives a request to list services registered in a node. | requests | counter |
|
| `consul.client.rpc.error.catalog_service_nodes.` | This increments whenever a Consul agent receives an RPC error for a request to list nodes offering a service. | errors | counter |
|
||||||
| `consul.client.api.success.catalog_node_services.` | This increments whenever a Consul agent successfully responds to a request to list services in a node. | requests | counter |
|
| `consul.client.api.catalog_node_services.` | This increments whenever a Consul agent receives a request to list services registered in a node. | requests | counter |
|
||||||
| `consul.client.rpc.error.catalog_node_services.` | This increments whenever a Consul agent receives an RPC error for a request to list services in a node. | errors | counter |
|
| `consul.client.api.success.catalog_node_services.` | This increments whenever a Consul agent successfully responds to a request to list services in a node. | requests | counter |
|
||||||
| `consul.client.api.catalog_gateway_services.` | This increments whenever a Consul agent receives a request to list services associated with a gateway. | requests | counter |
|
| `consul.client.rpc.error.catalog_node_services.` | This increments whenever a Consul agent receives an RPC error for a request to list services in a node. | errors | counter |
|
||||||
| `consul.client.api.success.catalog_gateway_services.` | This increments whenever a Consul agent successfully responds to a request to list services associated with a gateway. | requests | counter |
|
| `consul.client.api.catalog_node_service_list` | Increments whenever a Consul agent receives a request to list a node's registered services. | requests | counter |
|
||||||
| `consul.client.rpc.error.catalog_gateway_services.` | This increments whenever a Consul agent receives an RPC error for a request to list services associated with a gateway. | errors | counter |
|
| `consul.client.rpc.error.catalog_node_service_list` | Increments whenever a Consul agent receives an RPC error for request to list a node's registered services. | errors | counter |
|
||||||
| `consul.runtime.num_goroutines` | This tracks the number of running goroutines and is a general load pressure indicator. This may burst from time to time but should return to a steady state value. | number of goroutines | gauge |
|
| `consul.client.api.success.catalog_node_service_list` | Increments whenever a Consul agent successfully responds to a request to list a node's registered services. | requests | counter |
|
||||||
| `consul.runtime.alloc_bytes` | This measures the number of bytes allocated by the Consul process. This may burst from time to time but should return to a steady state value. | bytes | gauge |
|
| `consul.client.api.catalog_gateway_services.` | This increments whenever a Consul agent receives a request to list services associated with a gateway. | requests | counter |
|
||||||
| `consul.runtime.heap_objects` | This measures the number of objects allocated on the heap and is a general memory pressure indicator. This may burst from time to time but should return to a steady state value. | number of objects | gauge |
|
| `consul.client.api.success.catalog_gateway_services.` | This increments whenever a Consul agent successfully responds to a request to list services associated with a gateway. | requests | counter |
|
||||||
| `consul.state.nodes` | This measures the current number of nodes registered with Consul. It is only emitted by Consul servers. Added in v1.9.0. | number of objects | gauge |
|
| `consul.client.rpc.error.catalog_gateway_services.` | This increments whenever a Consul agent receives an RPC error for a request to list services associated with a gateway. | errors | counter |
|
||||||
| `consul.state.services` | This measures the current number of unique services registered with Consul, based on service name. It is only emitted by Consul servers. Added in v1.9.0. | number of objects | gauge |
|
| `consul.runtime.num_goroutines` | This tracks the number of running goroutines and is a general load pressure indicator. This may burst from time to time but should return to a steady state value. | number of goroutines | gauge |
|
||||||
| `consul.state.service_instances` | This measures the current number of unique service instances registered with Consul. It is only emitted by Consul servers. Added in v1.9.0. | number of objects | gauge |
|
| `consul.runtime.alloc_bytes` | This measures the number of bytes allocated by the Consul process. This may burst from time to time but should return to a steady state value. | bytes | gauge |
|
||||||
| `consul.acl.cache_hit` | The number of ACL cache hits. | hits | counter |
|
| `consul.runtime.heap_objects` | This measures the number of objects allocated on the heap and is a general memory pressure indicator. This may burst from time to time but should return to a steady state value. | number of objects | gauge |
|
||||||
| `consul.acl.cache_miss` | The number of ACL cache misses. | misses | counter |
|
| `consul.state.nodes` | This measures the current number of nodes registered with Consul. It is only emitted by Consul servers. Added in v1.9.0. | number of objects | gauge |
|
||||||
| `consul.acl.replication_hit` | The number of ACL replication cache hits (when not running in the ACL datacenter). | hits | counter |
|
| `consul.state.services` | This measures the current number of unique services registered with Consul, based on service name. It is only emitted by Consul servers. Added in v1.9.0. | number of objects | gauge |
|
||||||
| `consul.dns.stale_queries` | This increments when an agent serves a query within the allowed stale threshold. | queries | counter |
|
| `consul.state.service_instances` | This measures the current number of unique service instances registered with Consul. It is only emitted by Consul servers. Added in v1.9.0. | number of objects | gauge |
|
||||||
| `consul.dns.ptr_query.` | This measures the time spent handling a reverse DNS query for the given node. | ms | timer |
|
| `consul.dns.stale_queries` | This increments when an agent serves a query within the allowed stale threshold. | queries | counter |
|
||||||
| `consul.dns.domain_query.` | This measures the time spent handling a domain query for the given node. | ms | timer |
|
| `consul.dns.ptr_query.` | This measures the time spent handling a reverse DNS query for the given node. | ms | timer |
|
||||||
| `consul.http...` | DEPRECATED IN 1.9: This tracks how long it takes to service the given HTTP request for the given verb and path. Paths do not include details like service or key names, for these an underscore will be present as a placeholder (eg. `consul.http.GET.v1.kv._`) | ms | timer |
|
| `consul.dns.domain_query.` | This measures the time spent handling a domain query for the given node. | ms | timer |
|
||||||
|
| `consul.http...` | DEPRECATED IN 1.9: This tracks how long it takes to service the given HTTP request for the given verb and path. Paths do not include details like service or key names, for these an underscore will be present as a placeholder (eg. `consul.http.GET.v1.kv._`) | ms | timer |
|
||||||
|
|
||||||
## Server Health
|
## Server Health
|
||||||
|
|
||||||
|
@ -189,6 +190,16 @@ These metrics are used to monitor the health of the Consul servers.
|
||||||
|
|
||||||
| Metric | Description | Unit | Type |
|
| Metric | Description | Unit | Type |
|
||||||
| ----------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | ------- |
|
| ----------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | ------- |
|
||||||
|
| `consul.acl.apply` | This measures the time it takes to complete an update to the ACL store. | ms | timer |
|
||||||
|
| `consul.acl.resolveTokenLegacy` | This measures the time it takes to resolve an ACL token using the legacy ACL system. | ms | timer |
|
||||||
|
| `consul.acl.ResolveToken` | This measures the time it takes to resolve an ACL token. | ms | timer |
|
||||||
|
| `consul.acl.ResolveTokenToIdentity` | This measures the time it takes to resolve an ACL token to an Identity. | ms | timer |
|
||||||
|
| `consul.acl.token.cache_hit` | Increments if Consul is able to resolve a token's identity, or a legacy token, from the cache. | cache read op | counter |
|
||||||
|
| `consul.acl.token.cache_miss` | Increments if Consul cannot resolve a token's identity, or a legacy token, from the cache. | cache read op | counter |
|
||||||
|
| `consul.cache.bypass` | Counts how many times a request bypassed the cache because no cache-key was provided. | counter | counter |
|
||||||
|
| `consul.cache.fetch_success` | Counts the number of successful fetches by the cache. | counter | counter |
|
||||||
|
| `consul.cache.fetch_error` | Counts the number of failed fetches by the cache. | counter | counter |
|
||||||
|
| `consul.cache.evict_expired` | Counts the number of expired entries that are evicted. | counter | counter |
|
||||||
| `consul.raft.fsm.snapshot` | This metric measures the time taken by the FSM to record the current state for the snapshot. | ms | timer |
|
| `consul.raft.fsm.snapshot` | This metric measures the time taken by the FSM to record the current state for the snapshot. | ms | timer |
|
||||||
| `consul.raft.fsm.apply` | This metric gives the number of logs committed since the last interval. | commit logs / interval | counter |
|
| `consul.raft.fsm.apply` | This metric gives the number of logs committed since the last interval. | commit logs / interval | counter |
|
||||||
| `consul.raft.commitNumLogs` | This metric measures the count of logs processed for application to the FSM in a single batch. | logs | gauge |
|
| `consul.raft.commitNumLogs` | This metric measures the count of logs processed for application to the FSM in a single batch. | logs | gauge |
|
||||||
|
@ -200,6 +211,8 @@ These metrics are used to monitor the health of the Consul servers.
|
||||||
| `consul.raft.replication.heartbeat` | This metric measures the time taken to invoke appendEntries on a peer, so that it doesn’t timeout on a periodic basis. | ms | timer |
|
| `consul.raft.replication.heartbeat` | This metric measures the time taken to invoke appendEntries on a peer, so that it doesn’t timeout on a periodic basis. | ms | timer |
|
||||||
| `consul.serf.snapshot.appendLine` | This metric measures the time taken by the Consul agent to append an entry into the existing log. | ms | timer |
|
| `consul.serf.snapshot.appendLine` | This metric measures the time taken by the Consul agent to append an entry into the existing log. | ms | timer |
|
||||||
| `consul.serf.snapshot.compact` | This metric measures the time taken by the Consul agent to compact a log. This operation occurs only when the snapshot becomes large enough to justify the compaction . | ms | timer |
|
| `consul.serf.snapshot.compact` | This metric measures the time taken by the Consul agent to compact a log. This operation occurs only when the snapshot becomes large enough to justify the compaction . | ms | timer |
|
||||||
|
| `consul.raft.applied_index` | Represents the raft applied index. | index | gauge |
|
||||||
|
| `consul.raft.last_index` | Represents the raft applied index. | index | gauge |
|
||||||
| `consul.raft.state.leader` | This increments whenever a Consul server becomes a leader. If there are frequent leadership changes this may be indication that the servers are overloaded and aren't meeting the soft real-time requirements for Raft, or that there are networking problems between the servers. | leadership transitions / interval | counter |
|
| `consul.raft.state.leader` | This increments whenever a Consul server becomes a leader. If there are frequent leadership changes this may be indication that the servers are overloaded and aren't meeting the soft real-time requirements for Raft, or that there are networking problems between the servers. | leadership transitions / interval | counter |
|
||||||
| `consul.raft.state.candidate` | This increments whenever a Consul server starts an election. If this increments without a leadership change occurring it could indicate that a single server is overloaded or is experiencing network connectivity issues. | election attempts / interval | counter |
|
| `consul.raft.state.candidate` | This increments whenever a Consul server starts an election. If this increments without a leadership change occurring it could indicate that a single server is overloaded or is experiencing network connectivity issues. | election attempts / interval | counter |
|
||||||
| `consul.raft.apply` | This counts the number of Raft transactions occurring over the interval, which is a general indicator of the write load on the Consul servers. | raft transactions / interval | counter |
|
| `consul.raft.apply` | This counts the number of Raft transactions occurring over the interval, which is a general indicator of the write load on the Consul servers. | raft transactions / interval | counter |
|
||||||
|
@ -222,12 +235,6 @@ These metrics are used to monitor the health of the Consul servers.
|
||||||
| `consul.raft.replication.appendEntries.rpc` | This metric measures the time taken by the append entries RFC, to replicate the log entries of a leader agent onto its follower agent(s) | ms | timer |
|
| `consul.raft.replication.appendEntries.rpc` | This metric measures the time taken by the append entries RFC, to replicate the log entries of a leader agent onto its follower agent(s) | ms | timer |
|
||||||
| `consul.raft.replication.appendEntries.logs` | This metric measures the number of logs replicated to an agent, to bring it up to speed with the leader's logs. | logs appended/ interval | counter |
|
| `consul.raft.replication.appendEntries.logs` | This metric measures the number of logs replicated to an agent, to bring it up to speed with the leader's logs. | logs appended/ interval | counter |
|
||||||
| `consul.raft.leader.lastContact` | This will only be emitted by the Raft leader and measures the time since the leader was last able to contact the follower nodes when checking its leader lease. It can be used as a measure for how stable the Raft timing is and how close the leader is to timing out its lease.The lease timeout is 500 ms times the [`raft_multiplier` configuration](/docs/agent/options#raft_multiplier), so this telemetry value should not be getting close to that configured value, otherwise the Raft timing is marginal and might need to be tuned, or more powerful servers might be needed. See the [Server Performance](/docs/install/performance) guide for more details. | ms | timer |
|
| `consul.raft.leader.lastContact` | This will only be emitted by the Raft leader and measures the time since the leader was last able to contact the follower nodes when checking its leader lease. It can be used as a measure for how stable the Raft timing is and how close the leader is to timing out its lease.The lease timeout is 500 ms times the [`raft_multiplier` configuration](/docs/agent/options#raft_multiplier), so this telemetry value should not be getting close to that configured value, otherwise the Raft timing is marginal and might need to be tuned, or more powerful servers might be needed. See the [Server Performance](/docs/install/performance) guide for more details. | ms | timer |
|
||||||
| `consul.acl.apply` | This measures the time it takes to complete an update to the ACL store. | ms | timer |
|
|
||||||
| `consul.acl.fault` | This measures the time it takes to fault in the rules for an ACL during a cache miss. | ms | timer |
|
|
||||||
| `consul.acl.fetchRemoteACLs` | This measures the time it takes to fetch remote ACLs during replication. | ms | timer |
|
|
||||||
| `consul.acl.updateLocalACLs` | This measures the time it takes to apply replication changes to the local ACL store. | ms | timer |
|
|
||||||
| `consul.acl.replicateACLs` | This measures the time it takes to do one pass of the ACL replication algorithm. | ms | timer |
|
|
||||||
| `consul.acl.resolveToken` | This measures the time it takes to resolve an ACL token. | ms | timer |
|
|
||||||
| `consul.rpc.accept_conn` | This increments when a server accepts an RPC connection. | connections | counter |
|
| `consul.rpc.accept_conn` | This increments when a server accepts an RPC connection. | connections | counter |
|
||||||
| `consul.catalog.register` | This measures the time it takes to complete a catalog register operation. | ms | timer |
|
| `consul.catalog.register` | This measures the time it takes to complete a catalog register operation. | ms | timer |
|
||||||
| `consul.catalog.deregister` | This measures the time it takes to complete a catalog deregister operation. | ms | timer |
|
| `consul.catalog.deregister` | This measures the time it takes to complete a catalog deregister operation. | ms | timer |
|
||||||
|
@ -242,6 +249,14 @@ These metrics are used to monitor the health of the Consul servers.
|
||||||
| `consul.fsm.txn` | This measures the time it takes to apply the given transaction update to the FSM. | ms | timer |
|
| `consul.fsm.txn` | This measures the time it takes to apply the given transaction update to the FSM. | ms | timer |
|
||||||
| `consul.fsm.autopilot` | This measures the time it takes to apply the given autopilot update to the FSM. | ms | timer |
|
| `consul.fsm.autopilot` | This measures the time it takes to apply the given autopilot update to the FSM. | ms | timer |
|
||||||
| `consul.fsm.persist` | This measures the time it takes to persist the FSM to a raft snapshot. | ms | timer |
|
| `consul.fsm.persist` | This measures the time it takes to persist the FSM to a raft snapshot. | ms | timer |
|
||||||
|
| `consul.fsm.intention` | Measures the time it takes to apply an intention operation to the state store. | ms | timer |
|
||||||
|
| `consul.fsm.ca` | Measures the time it takes to apply CA configuration operations to the FSM. | ms | timer |
|
||||||
|
| `consul.fsm.ca.leaf` | Measures the time it takes to apply an operation while signing a leaf certificate. | ms | timer |
|
||||||
|
| `consul.fsm.acl.token` | Measures the time it takes to apply an ACL token operation to the FSM. | ms | timer |
|
||||||
|
| `consul.fsm.acl.policy` | Measures the time it takes to apply an ACL policy operation to the FSM. | ms | timer |
|
||||||
|
| `consul.fsm.acl.bindingrule` | Measures the time it takes to apply an ACL binding rule operation to the FSM. | ms | timer |
|
||||||
|
| `consul.fsm.acl.authmethod` | Measures the time it takes to apply an ACL authmethod operation to the FSM. | ms | timer |
|
||||||
|
| `consul.fsm.system_metadata` | Measures the time it takes to apply a system metadata operation to the FSM. | ms | timer |
|
||||||
| `consul.kvs.apply` | This measures the time it takes to complete an update to the KV store. | ms | timer |
|
| `consul.kvs.apply` | This measures the time it takes to complete an update to the KV store. | ms | timer |
|
||||||
| `consul.leader.barrier` | This measures the time spent waiting for the raft barrier upon gaining leadership. | ms | timer |
|
| `consul.leader.barrier` | This measures the time spent waiting for the raft barrier upon gaining leadership. | ms | timer |
|
||||||
| `consul.leader.reconcile` | This measures the time spent updating the raft store from the serf member information. | ms | timer |
|
| `consul.leader.reconcile` | This measures the time spent updating the raft store from the serf member information. | ms | timer |
|
||||||
|
@ -305,10 +320,10 @@ These metrics give insight into the health of the cluster as a whole.
|
||||||
| `consul.catalog.service.query-tag..` | This increments for each catalog query for the given service with the given tag. | queries | counter |
|
| `consul.catalog.service.query-tag..` | This increments for each catalog query for the given service with the given tag. | queries | counter |
|
||||||
| `consul.catalog.service.query-tags..` | This increments for each catalog query for the given service with the given tags. | queries | counter |
|
| `consul.catalog.service.query-tags..` | This increments for each catalog query for the given service with the given tags. | queries | counter |
|
||||||
| `consul.catalog.service.not-found.` | This increments for each catalog query where the given service could not be found. | queries | counter |
|
| `consul.catalog.service.not-found.` | This increments for each catalog query where the given service could not be found. | queries | counter |
|
||||||
| `consul.health.service.query.` | This increments for each health query for the given service. | queries | counter |
|
| `consul.catalog.connect.query.` | This increments for each connect-based catalog query for the given service. | queries | counter |
|
||||||
| `consul.health.service.query-tag..` | This increments for each health query for the given service with the given tag. | queries | counter |
|
| `consul.catalog.connect.query-tag..` | This increments for each connect-based catalog query for the given service with the given tag. | queries | counter |
|
||||||
| `consul.health.service.query-tags..` | This increments for each health query for the given service with the given tags. | queries | counter |
|
| `consul.catalog.connect.query-tags..` | This increments for each connect-based catalog query for the given service with the given tags. | queries | counter |
|
||||||
| `consul.health.service.not-found.` | This increments for each health query where the given service could not be found. | queries | counter |
|
| `consul.catalog.connect.not-found.` | This increments for each connect-based catalog query where the given service could not be found. | queries | counter |
|
||||||
|
|
||||||
## Connect Built-in Proxy Metrics
|
## Connect Built-in Proxy Metrics
|
||||||
|
|
||||||
|
|
|
@ -23,7 +23,7 @@ to a set of backing
|
||||||
[services](/docs/agent/config-entries/ingress-gateway#services).
|
[services](/docs/agent/config-entries/ingress-gateway#services).
|
||||||
|
|
||||||
To enable easier service discovery, a new Consul [DNS
|
To enable easier service discovery, a new Consul [DNS
|
||||||
subdomain](/docs/agent/dns#ingress-service-lookups) is provided, on
|
subdomain](/docs/discovery/dns#ingress-service-lookups) is provided, on
|
||||||
`<service>.ingress.<domain>`.
|
`<service>.ingress.<domain>`.
|
||||||
|
|
||||||
For listeners with a
|
For listeners with a
|
||||||
|
@ -32,7 +32,7 @@ For listeners with a
|
||||||
case, the ingress gateway relies on host/authority headers to decide the
|
case, the ingress gateway relies on host/authority headers to decide the
|
||||||
service that should receive the traffic. The host used to match traffic
|
service that should receive the traffic. The host used to match traffic
|
||||||
defaults to the [Consul DNS ingress
|
defaults to the [Consul DNS ingress
|
||||||
subdomain](/docs/agent/dns#ingress-service-lookups), but can be changed using
|
subdomain](/docs/discovery/dns#ingress-service-lookups), but can be changed using
|
||||||
the [hosts](/docs/agent/config-entries/ingress-gateway#hosts) field.
|
the [hosts](/docs/agent/config-entries/ingress-gateway#hosts) field.
|
||||||
|
|
||||||
![Ingress Gateway Architecture](/img/ingress-gateways.png)
|
![Ingress Gateway Architecture](/img/ingress-gateways.png)
|
||||||
|
|
|
@ -52,7 +52,7 @@ Details on the steps are below:
|
||||||
|
|
||||||
- **Service discovery** - This is normal service discovery using Consul,
|
- **Service discovery** - This is normal service discovery using Consul,
|
||||||
a static IP, or any other mechanism. If you're using Consul DNS, the
|
a static IP, or any other mechanism. If you're using Consul DNS, the
|
||||||
[`<service>.connect`](/docs/agent/dns#connect-capable-service-lookups)
|
[`<service>.connect`](/docs/discovery/dns#connect-capable-service-lookups)
|
||||||
syntax to find Connect-capable endpoints for a service. After service
|
syntax to find Connect-capable endpoints for a service. After service
|
||||||
discovery, choose one address from the list of **service addresses**.
|
discovery, choose one address from the list of **service addresses**.
|
||||||
|
|
||||||
|
|
|
@ -26,7 +26,7 @@ URLs](#configuring-dashboard-urls).
|
||||||
It is possible to configure the UI to fetch basic metrics from your metrics
|
It is possible to configure the UI to fetch basic metrics from your metrics
|
||||||
provider storage to augment the visualization as displayed below.
|
provider storage to augment the visualization as displayed below.
|
||||||
|
|
||||||
![Consul UI Service Mesh Visualization](/img/ui-service-topology.png)
|
![Consul UI Service Mesh Visualization](/img/ui-service-topology-view.png)
|
||||||
|
|
||||||
Consul has built-in support for overlaying metrics from a
|
Consul has built-in support for overlaying metrics from a
|
||||||
[Prometheus](https://prometheus.io) backend. Alternative metrics providers may
|
[Prometheus](https://prometheus.io) backend. Alternative metrics providers may
|
||||||
|
|
|
@ -32,7 +32,7 @@ switch service definitions for registering proxies.
|
||||||
If an application requires dynamic dependencies that are only available
|
If an application requires dynamic dependencies that are only available
|
||||||
at runtime, it must [natively integrate](/docs/connect/native)
|
at runtime, it must [natively integrate](/docs/connect/native)
|
||||||
with Connect. After natively integrating, the HTTP API or
|
with Connect. After natively integrating, the HTTP API or
|
||||||
[DNS interface](/docs/agent/dns#connect-capable-service-lookups)
|
[DNS interface](/docs/discovery/dns#connect-capable-service-lookups)
|
||||||
can be used.
|
can be used.
|
||||||
|
|
||||||
!> Connect proxies do not currently support dynamic upstreams.
|
!> Connect proxies do not currently support dynamic upstreams.
|
||||||
|
|
|
@ -119,7 +119,7 @@ default managed proxy and starts a listener for that service:
|
||||||
|
|
||||||
The listener is started on random port within the configured Connect
|
The listener is started on random port within the configured Connect
|
||||||
port range. It can be discovered using the
|
port range. It can be discovered using the
|
||||||
[DNS interface](/docs/agent/dns#connect-capable-service-lookups)
|
[DNS interface](/docs/discovery/dns#connect-capable-service-lookups)
|
||||||
or
|
or
|
||||||
[Catalog API](#).
|
[Catalog API](#).
|
||||||
In most cases, service-to-service communication is established by
|
In most cases, service-to-service communication is established by
|
||||||
|
|
|
@ -355,7 +355,7 @@ services {
|
||||||
|
|
||||||
## Service and Tag Names with DNS
|
## Service and Tag Names with DNS
|
||||||
|
|
||||||
Consul exposes service definitions and tags over the [DNS](/docs/agent/dns)
|
Consul exposes service definitions and tags over the [DNS](/docs/discovery/dns)
|
||||||
interface. DNS queries have a strict set of allowed characters and a
|
interface. DNS queries have a strict set of allowed characters and a
|
||||||
well-defined format that Consul cannot override. While it is possible to
|
well-defined format that Consul cannot override. While it is possible to
|
||||||
register services or tags with names that don't match the conventions, those
|
register services or tags with names that don't match the conventions, those
|
||||||
|
|
|
@ -15,7 +15,7 @@ Network Infrastructure Automation (NIA) relies on a declarative, workflow and se
|
||||||
|
|
||||||
Consul-Terraform-Sync executes one or more automation tasks with an appropriate value of service variables based on updates from the Consul service catalog. Each task consists of a runbook automation written as a compatible Terraform module using resources and data sources for the underlying network infrastructure. The Consul-Terraform-Sync daemon runs on the same node as a Consul agent.
|
Consul-Terraform-Sync executes one or more automation tasks with an appropriate value of service variables based on updates from the Consul service catalog. Each task consists of a runbook automation written as a compatible Terraform module using resources and data sources for the underlying network infrastructure. The Consul-Terraform-Sync daemon runs on the same node as a Consul agent.
|
||||||
|
|
||||||
[![NIA Architecture](/img/nia-highlevel-diagram.png)](/img/nia-highlevel-diagram.png)
|
[![NIA Architecture](/img/nia-highlevel-diagram.svg)](/img/nia-highlevel-diagram.svg)
|
||||||
|
|
||||||
-> Please note that the above indicated solution is a “push” based method and is not the only way to integrate network devices with Consul and drive Network Infrastructure Automation Integration. If your preferred method is to directly integrate with Consul without using Terraform, then please use [Consul Integration Program](/docs/integrate/partnerships).
|
-> Please note that the above indicated solution is a “push” based method and is not the only way to integrate network devices with Consul and drive Network Infrastructure Automation Integration. If your preferred method is to directly integrate with Consul without using Terraform, then please use [Consul Integration Program](/docs/integrate/partnerships).
|
||||||
|
|
||||||
|
|
|
@ -11,7 +11,7 @@ description: >-
|
||||||
# Consul DNS on Kubernetes
|
# Consul DNS on Kubernetes
|
||||||
|
|
||||||
One of the primary query interfaces to Consul is the
|
One of the primary query interfaces to Consul is the
|
||||||
[DNS interface](/docs/agent/dns). You can configure Consul DNS in
|
[DNS interface](/docs/discovery/dns). You can configure Consul DNS in
|
||||||
Kubernetes using a
|
Kubernetes using a
|
||||||
[stub-domain configuration](https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#configure-stub-domain-and-upstream-dns-servers)
|
[stub-domain configuration](https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#configure-stub-domain-and-upstream-dns-servers)
|
||||||
if using KubeDNS or a [proxy configuration](https://coredns.io/plugins/proxy/) if using CoreDNS.
|
if using KubeDNS or a [proxy configuration](https://coredns.io/plugins/proxy/) if using CoreDNS.
|
||||||
|
|
|
@ -21,7 +21,7 @@ automatically installed and configured using the
|
||||||
Consul catalog enable Kubernetes services to be accessed by any node that
|
Consul catalog enable Kubernetes services to be accessed by any node that
|
||||||
is part of the Consul cluster, including other distinct Kubernetes clusters.
|
is part of the Consul cluster, including other distinct Kubernetes clusters.
|
||||||
For non-Kubernetes nodes, they can access services using the standard
|
For non-Kubernetes nodes, they can access services using the standard
|
||||||
[Consul DNS](/docs/agent/dns) or HTTP API.
|
[Consul DNS](/docs/discovery/dns) or HTTP API.
|
||||||
|
|
||||||
**Why sync Consul services to Kubernetes?** Syncing Consul services to
|
**Why sync Consul services to Kubernetes?** Syncing Consul services to
|
||||||
Kubernetes services enables non-Kubernetes services (such as external to
|
Kubernetes services enables non-Kubernetes services (such as external to
|
||||||
|
|
|
@ -11,10 +11,15 @@ Consul Kubernetes (consul-k8s) is managed using Consul Helm. For every release o
|
||||||
Helm chart and Consul Kubernetes binary is released through the HashiCorp Helm repository. The recommended best practice is to upgrade
|
Helm chart and Consul Kubernetes binary is released through the HashiCorp Helm repository. The recommended best practice is to upgrade
|
||||||
the Helm chart which will ensure a compatible version of the Consul Kubernetes binary is used.
|
the Helm chart which will ensure a compatible version of the Consul Kubernetes binary is used.
|
||||||
|
|
||||||
## Supported Versions
|
## Supported Consul versions
|
||||||
|
|
||||||
| Consul Version | Compatible Consul Helm Versions |
|
| Consul Version | Compatible Consul Helm Versions |
|
||||||
| -------------- | ------------------------------- |
|
| -------------- | ------------------------------- |
|
||||||
|
| 1.9.x | 0.26.0 |
|
||||||
| 1.8.x | 0.22.0 - 0.26.0 |
|
| 1.8.x | 0.22.0 - 0.26.0 |
|
||||||
| 1.7.x | 0.17.0 - 0.21.0 |
|
| 1.7.x | 0.17.0 - 0.21.0 |
|
||||||
| 1.6.x | 0.10.0 - 0.16.2 |
|
| 1.6.x | 0.10.0 - 0.16.2 |
|
||||||
|
|
||||||
|
## Supported Envoy versions
|
||||||
|
|
||||||
|
Supported versions of Envoy for Consul versions are also found in [Envoy - Supported Versions](https://www.consul.io/docs/connect/proxies/envoy#supported-versions). The recommended best practice is to use the default version of Envoy that is provided in the Helm values.yml file, as that is the version that has been tested with the default Consul and Consul Kubernetes binaries for a given Helm chart.
|
||||||
|
|
|
@ -15,7 +15,7 @@ network infrastructure to dynamically secure and connect services.
|
||||||
|
|
||||||
## 10,000 Foot View
|
## 10,000 Foot View
|
||||||
|
|
||||||
[![Consul-Terraform-Sync Architecture](/img/nia-highlevel-diagram.png)](/img/nia-highlevel-diagram.png)
|
[![Consul-Terraform-Sync Architecture](/img/nia-highlevel-diagram.svg)](/img/nia-highlevel-diagram.svg)
|
||||||
|
|
||||||
The diagram shows Consul-Terraform-Sync monitoring the Consul service catalog
|
The diagram shows Consul-Terraform-Sync monitoring the Consul service catalog
|
||||||
for updates and utilizing Terraform to update the state of the infrastructure.
|
for updates and utilizing Terraform to update the state of the infrastructure.
|
||||||
|
|
|
@ -137,8 +137,8 @@ Starting with Consul 1.7.1 this is the new default.
|
||||||
### Vault: default `http_max_conns_per_client` too low to run Vault properly
|
### Vault: default `http_max_conns_per_client` too low to run Vault properly
|
||||||
|
|
||||||
Consul 1.6.3 introduced [limiting of connections per client](/docs/agent/options#http_max_conns_per_client). The default value
|
Consul 1.6.3 introduced [limiting of connections per client](/docs/agent/options#http_max_conns_per_client). The default value
|
||||||
was 100, but Vault could use up to 128, which caused problems. If you want to use Vault with Consul 1.6.3, you should change the value to 200.
|
was 100, but Vault could use up to 128, which caused problems. If you want to use Vault with Consul 1.6.3 through 1.7.0, you should change the value to 200.
|
||||||
Starting with Consul 1.6.4 this is the new default.
|
Starting with Consul 1.7.1 this is the new default.
|
||||||
|
|
||||||
## Consul 1.6.0
|
## Consul 1.6.0
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ export default function DownloadsPage({ releaseData }) {
|
||||||
prerelease={{
|
prerelease={{
|
||||||
type: 'beta', // the type of prerelease: beta, release candidate, etc.
|
type: 'beta', // the type of prerelease: beta, release candidate, etc.
|
||||||
name: 'v1.9.0', // the name displayed in text on the website
|
name: 'v1.9.0', // the name displayed in text on the website
|
||||||
version: '1.9.0-beta3', // the actual version tag that was pushed to releases.hashicorp.com
|
version: '1.9.0-rc1', // the actual version tag that was pushed to releases.hashicorp.com
|
||||||
}}
|
}}
|
||||||
>
|
>
|
||||||
<p>
|
<p>
|
||||||
|
|
|
@ -103,7 +103,7 @@ $ curl localhost:8500/v1/catalog/nodes
|
||||||
[{"Node":"Armons-MacBook-Air","Address":"127.0.0.1","TaggedAddresses":{"lan":"127.0.0.1","wan":"127.0.0.1"},"CreateIndex":4,"ModifyIndex":110}]
|
[{"Node":"Armons-MacBook-Air","Address":"127.0.0.1","TaggedAddresses":{"lan":"127.0.0.1","wan":"127.0.0.1"},"CreateIndex":4,"ModifyIndex":110}]
|
||||||
```
|
```
|
||||||
|
|
||||||
In addition to the HTTP API, the [DNS interface](/docs/agent/dns) can
|
In addition to the HTTP API, the [DNS interface](/docs/discovery/dns) can
|
||||||
be used to query the node. Note that you have to make sure to point your DNS
|
be used to query the node. Note that you have to make sure to point your DNS
|
||||||
lookups to the Consul agent's DNS server which runs on port 8600 by default.
|
lookups to the Consul agent's DNS server which runs on port 8600 by default.
|
||||||
The format of the DNS entries (such as "Armons-MacBook-Air.node.consul") will
|
The format of the DNS entries (such as "Armons-MacBook-Air.node.consul") will
|
||||||
|
|
Binary file not shown.
Before Width: | Height: | Size: 217 KiB |
File diff suppressed because one or more lines are too long
After Width: | Height: | Size: 75 KiB |
Loading…
Reference in New Issue