Commit Graph

186 Commits

Author SHA1 Message Date
Daniel Nephin d81f527be8
Merge pull request #9924 from hashicorp/dnephin/cert-expiration-metric
connect: emit a metric for the seconds until root CA expiry
2021-06-18 14:18:55 -04:00
Luke Kysow a7e7c15adf
Fix links to ECS module (#10430) 2021-06-18 09:38:28 -07:00
mrspanishviking 552ed646d2
Merge pull request #10373 from hashicorp/license-faq-docs
docs: adding a faq document in preparation for Consul Enterprise 1.10.0
2021-06-18 05:30:06 -10:00
mrspanishviking 0fcf928999
Update website/content/docs/enterprise/license/overview.mdx
Merged

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-06-17 11:39:24 -10:00
mrspanishviking 5435f2309a
Update website/content/docs/enterprise/license/faq.mdx
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2021-06-16 10:17:56 -10:00
Karl Cardenas 1daf923563 docs: added question pertaining to Consul Kubernetes and Helm chart 2021-06-16 10:08:28 -10:00
Ashwin Venkatesh 325b18ad07 Update k8s license docs to account for license autoload 2021-06-16 14:59:34 -04:00
Karl Cardenas 737f48f723 docs: adding new content for review 2021-06-15 06:02:51 -10:00
Blake Covarrubias 64d122b0a2 docs: Add example of escaping tracing JSON using jq 2021-06-14 16:23:44 -07:00
Blake Covarrubias 26b8e8904b docs: Add note about configurable KV size in FAQ 2021-06-14 16:21:25 -07:00
Daniel Nephin aec7e798b0 Update metric name
and handle the case where there is no active root CA.
2021-06-14 17:01:16 -04:00
Daniel Nephin 1c980e4700 connect: emit a metric for the number of seconds until root CA expiration 2021-06-14 16:57:01 -04:00
Freddy ffb13f35f1
Rename CatalogDestinationsOnly (#10397)
CatalogDestinationsOnly is a passthrough that would enable dialing
addresses outside of Consul's catalog. However, when this flag is set to
true only _connect_ endpoints for services can be dialed.

This flag is being renamed to signal that non-Connect endpoints can't be
dialed by transparent proxies when the value is set to true.
2021-06-14 14:15:09 -06:00
Luke Kysow ac384e2a1f
Update k8s term gateway docs to make address clear (#10389)
Previously if you were to follow these docs and register two external
services, you would set the Address field on the node. The second
registered service would change the address of the node for the first
service.

Now the docs explain the address key and how to register more than one
external service.
2021-06-14 09:15:40 -07:00
Karl Cardenas be72c5f851 docs: updated content in the overview page and faq 2021-06-11 07:46:14 -10:00
mrspanishviking 7688e9e257
Apply suggestions from code review
Applying suggestions

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2021-06-11 06:55:41 -10:00
Karl Cardenas c3e23c1ec9 docs: added more questions and marking ready for review 2021-06-10 10:16:56 -10:00
Nick Wales 119960211d
Aligns audit log code example (#10371) 2021-06-10 11:41:53 -07:00
R.B. Boyer dbca996c3c
docs: update envoy docs for changes related to xDS v2->v3 and SoTW->Incremental (#10166)
Fixes #10098
2021-06-10 10:59:54 -05:00
Karl Cardenas 97bcee3be6 docs: adding an faq in preperation for Consul Enterprise 1.10.0 2021-06-09 12:08:45 -10:00
Freddy 429f9d8bb8
Add flag for transparent proxies to dial individual instances (#10329) 2021-06-09 14:34:17 -06:00
Daniel Nephin 8b9ec040c3 docs: move streaming docs to blocking query page 2021-06-08 14:17:53 -04:00
Daniel Nephin c19d5d831b docs: try to improve health api doc terminology 2021-06-08 13:10:32 -04:00
Daniel Nephin 61423fbd28 Document streaming on service health endpoint 2021-06-08 13:10:32 -04:00
Daniel Nephin e93e7d0152 docs: Add streaming to api features 2021-06-08 13:10:32 -04:00
Dhia Ayachi 005ad9e46d
generate a single debug file for a long duration capture (#10279)
* debug: remove the CLI check for debug_enabled

The API allows collecting profiles even debug_enabled=false as long as
ACLs are enabled. Remove this check from the CLI so that users do not
need to set debug_enabled=true for no reason.

Also:
- fix the API client to return errors on non-200 status codes for debug
  endpoints
- improve the failure messages when pprof data can not be collected

Co-Authored-By: Dhia Ayachi <dhia@hashicorp.com>

* remove parallel test runs

parallel runs create a race condition that fail the debug tests

* snapshot the timestamp at the beginning of the capture

- timestamp used to create the capture sub folder is snapshot only at the beginning of the capture and reused for subsequent captures
- capture append to the file if it already exist

* Revert "snapshot the timestamp at the beginning of the capture"

This reverts commit c2d03346

* Refactor captureDynamic to extract capture logic for each item in a different func

* snapshot the timestamp at the beginning of the capture

- timestamp used to create the capture sub folder is snapshot only at the beginning of the capture and reused for subsequent captures
- capture append to the file if it already exist

* Revert "snapshot the timestamp at the beginning of the capture"

This reverts commit c2d03346

* Refactor captureDynamic to extract capture logic for each item in a different func

* extract wait group outside the go routine to avoid a race condition

* capture pprof in a separate go routine

* perform a single capture for pprof data for the whole duration

* add missing vendor dependency

* add a change log and fix documentation to reflect the change

* create function for timestamp dir creation and simplify error handling

* use error groups and ticker to simplify interval capture loop

* Logs, profile and traces are captured for the full duration. Metrics, Heap and Go routines are captured every interval

* refactor Logs capture routine and add log capture specific test

* improve error reporting when log test fail

* change test duration to 1s

* make time parsing in log line more robust

* refactor log time format in a const

* test on log line empty the earliest possible and return

Co-authored-by: Freddy <freddygv@users.noreply.github.com>

* rename function to captureShortLived

* more specific changelog

Co-authored-by: Paul Banks <banks@banksco.de>

* update documentation to reflect current implementation

* add test for behavior when invalid param is passed to the command

* fix argument line in test

* a more detailed description of the new behaviour

Co-authored-by: Paul Banks <banks@banksco.de>

* print success right after the capture is done

* remove an unnecessary error check

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* upgraded github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57 => v0.0.0-20210601050228-01bbb1931b22

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
Co-authored-by: Paul Banks <banks@banksco.de>
2021-06-07 13:00:51 -04:00
allisaurus 6dbfec50ce
docs: Improve ECS routing example nesting (#10316) 2021-06-07 09:28:06 -07:00
Mark Anderson 1bf3dc5a5f
Docs for Unix Domain Sockets (#10252)
* Docs for Unix Domain Sockets

There are a number of cases where a user might wish to either 1)
expose a service through a Unix Domain Socket in the filesystem
('downstream') or 2) connect to an upstream service by a local unix
domain socket (upstream).
As of Consul (1.10-beta2) we've added new syntax and support to configure
the Envoy proxy to support this
To connect to a service via local Unix Domain Socket instead of a
port, add local_bind_socket_path and optionally local_bind_socket_mode
to the upstream config for a service:
    upstreams = [
      {
         destination_name = "service-1"
         local_bind_socket_path = "/tmp/socket_service_1"
         local_bind_socket_mode = "0700"
	 ...
      }
      ...
    ]
This will cause Envoy to create a socket with the path and mode
provided, and connect that to service-1
The mode field is optional, and if omitted will use the default mode
for Envoy. This is not applicable for abstract sockets. See
https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/address.proto#envoy-v3-api-msg-config-core-v3-pipe
for details
NOTE: These options conflict the local_bind_socket_port and
local_bind_socket_address options. We can bind to an port or we can
bind to a socket, but not both.
To expose a service listening on a Unix Domain socket to the service
mesh use either the 'socket_path' field in the service definition or the
'local_service_socket_path' field in the proxy definition. These
fields are analogous to the 'port' and 'service_port' fields in their
respective locations.
    services {
      name = "service-2"
      socket_path = "/tmp/socket_service_2"
      ...
    }
OR
    proxy {
      local_service_socket_path = "/tmp/socket_service_2"
      ...
    }
There is no mode field since the service is expected to create the
socket it is listening on, not the Envoy proxy.
Again, the socket_path and local_service_socket_path fields conflict
with address/port and local_service_address/local_service_port
configuration entries.
Set up a simple service mesh with dummy services:
socat -d UNIX-LISTEN:/tmp/downstream.sock,fork UNIX-CONNECT:/tmp/upstream.sock
socat -v tcp-l:4444,fork exec:/bin/cat
services {
  name = "sock_forwarder"
  id = "sock_forwarder.1"
  socket_path = "/tmp/downstream.sock"
  connect {
    sidecar_service {
      proxy {
	upstreams = [
	  {
	    destination_name = "echo-service"
	    local_bind_socket_path = "/tmp/upstream.sock"
	    config {
	      passive_health_check {
		interval = "10s"
		max_failures = 42
	      }
	    }
	  }
	]
      }
    }
  }
}
services {
  name = "echo-service"
  port = 4444
  connect = { sidecar_service {} }
Kind = "ingress-gateway"
Name = "ingress-service"
Listeners = [
 {
   Port = 8080
   Protocol = "tcp"
   Services = [
     {
       Name = "sock_forwarder"
     }
   ]
 }
]
consul agent -dev -enable-script-checks -config-dir=./consul.d
consul connect envoy -sidecar-for sock_forwarder.1
consul connect envoy -sidecar-for echo-service -admin-bind localhost:19001
consul config write ingress-gateway.hcl
consul connect envoy -gateway=ingress -register -service ingress-service -address '{{ GetInterfaceIP "eth0" }}:8888' -admin-bind localhost:19002
netcat 127.0.0.1 4444
netcat 127.0.0.1 8080

Signed-off-by: Mark Anderson <manderson@hashicorp.com>

* fixup Unix capitalization

Signed-off-by: Mark Anderson <manderson@hashicorp.com>

* Update website/content/docs/connect/registration/service-registration.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Provide examples in hcl and json

Signed-off-by: Mark Anderson <manderson@hashicorp.com>

* Apply suggestions from code review

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* One more fixup for docs

Signed-off-by: Mark Anderson <manderson@hashicorp.com>

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-06-04 18:54:31 -07:00
Matt Keeler af3ffdf4c8
Add license inspect command documentation and changelog (#10351)
Also reformatted another changelog entry.
2021-06-04 14:33:13 -04:00
Matt Keeler c5dc729dda
Follow on to PR 10336 (#10343)
There was some PR feedback that came in just after I merged that other PR. This addresses that feedback.
2021-06-03 12:29:41 -04:00
Paul Ewing 42a51b1a2c
usagemetrics: add cluster members to metrics API (#10340)
This PR adds cluster members to the metrics API. The number of members per
segment are reported as well as the total number of members.

Tested by running a multi-node cluster locally and ensuring the numbers were
correct. Also added unit test coverage to add the new expected gauges to
existing test cases.
2021-06-03 08:25:53 -07:00
Matt Keeler ca423c80b9 Add enterprise v1.10 specific upgrade notes. 2021-06-03 10:48:16 -04:00
Matt Keeler 4222242f1c Add licensing information to snapshot agent docs. 2021-06-03 10:48:16 -04:00
Matt Keeler aeaeec15e8 Add deprecation/removal notices regarding the APIs/CLI commands for licensing that are going away.
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2021-06-03 10:48:16 -04:00
Matt Keeler f3595f5394 Update licensing docs for 1.10 licensing 2021-06-03 10:47:33 -04:00
Matt Keeler 6b7ca99a69 Add licensing telemetry docs. 2021-06-03 10:47:33 -04:00
Blake Covarrubias 2196262eab docs: Clarify set-agent-token token persistence behavior
Clarify that tokens configured via `set-agent-token` will not be
persisted if `acl.enable_token_persistence` is `false`.
2021-05-31 16:08:43 -07:00
Blake Covarrubias 665e052e96 docs: Fix agent token name under ACL Agent Token
Reference the correct name of the agent token in the ACL Agent Token
section for the ACL System docs.
2021-05-31 10:52:15 -07:00
Stanko b130f355ee ui: Fix broken link format in ECS install page 2021-05-27 14:11:04 -07:00
allisaurus 0b52545c01
Add note about new ECS ARN format to ECS docs (#10304)
* docs: Add note about ECS task ARN format to ECS docs
2021-05-27 10:59:28 -07:00
Luke Kysow 78af667ed0
Consul ecs docs (#10288)
* ECS docs
2021-05-26 11:25:06 -07:00
Jono Sosulska 835bf2640f
Update Kubernetes docs to point to install pages. (#10293)
Adds more clear indicators that the collections on the learn.hashicorp.com sites have specific instructions for single node deployments.
Co-Authored by: soonoo <qpseh2m7@gmail.com>
2021-05-25 15:36:09 -04:00
Karl Cardenas 2e952324b1 docs: rename enterprise to Consul enterprise 2021-05-24 13:55:17 -07:00
Jono Sosulska bb07d1a30f
Updating Consul Glossary with more industry standard terms (#10074)
* Update glossary.mdx

1. Update header to the first section to "Consul Vocabulary" since these are the terms used in the context of Consul conversations.
2. Kept the header "Consul Glossary" since these are the terms useful for practitioners in the consul space.
3. Removed interlinking to terms on the same page.

Co-authored-by: Hans Hasselberg <me@hans.io>
Co-authored-by: Swarna Podila <swarnap@users.noreply.github.com>
2021-05-24 15:44:03 -04:00
allisaurus e4aad106c9
docs: fix Amazon EKS service name (#10280) 2021-05-21 15:58:13 -07:00
Sabeen Syed ce958e7218
Docs: Add link for new Cisco TF module (#10268) 2021-05-21 08:48:58 -05:00
Dhia Ayachi e527c191ae docs: Add example ACL policy for snapshot agent
Co-Authored-By: Blake Covarrubias <blake@covarrubi.as>
2021-05-20 14:41:29 -04:00
Paul Banks 8233328e48
Fix doc note since we switched authorization mechanism in 1.9 (#10266) 2021-05-20 16:28:38 +01:00
Dhia Ayachi 7dc78b39c9
docs: update register check docs (closes #6635) (#10261)
Update register check documentation clarify that Id returns as CheckId in the response

Co-Authored-By: Shaker Islam <shaqq@users.noreply.github.com>

Co-authored-by: Shaker Islam <shaqq@users.noreply.github.com>
2021-05-19 20:24:54 -04:00
Karl Cardenas 498a698ffa Merge branch 'master' of github.com:hashicorp/consul into consul-documentation-update 2021-05-17 07:20:06 -07:00