Commit Graph

2639 Commits

Author SHA1 Message Date
Iryna Shustava 77c52ac2a8
Add missing Helm docs (#7492) 2020-03-24 16:06:57 -07:00
Daniel Nephin 1ff9b748ae
Merge pull request #7458 from hashicorp/dnephin/small-doc-improvements
website/docs: small doc improvements to CLI reference
2020-03-17 18:35:44 -04:00
Hans Hasselberg bf6a91af94
docs: fix filenames (#7453) 2020-03-17 21:00:45 +01:00
Kim Ngo bef693df9c
agent/xds: Update mesh gateway to use service router timeout (#7444)
* website/connect/proxy/envoy: specify timeout precedence for services behind mesh gateway
2020-03-17 14:50:14 -05:00
Daniel Nephin fdbc3d82f6 website/docs: small doc improvements to CLI reference
Small improvements to the join docs.

The help text for `lock` says -try is deprecated and replaced with -timeout.
Update the docs to match.
2020-03-16 17:54:45 -04:00
Matt Keeler 8c43f199fd
Update namespace docs for some new CLI commands (#7435)
Co-Authored-By: Hans Hasselberg <me@hans.io>
2020-03-16 09:42:39 -04:00
Charlie Jones 5d734a85d6
docs: fix typo in consul-template tutorial (#7454) 2020-03-16 14:04:28 +01:00
Matt Keeler e62e862df9
Update intention precedence table in the docs (#7421)
* Update intention precedence table in the docs

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>
2020-03-10 11:49:08 -04:00
Hans Hasselberg 6a49a42e98
connect: support for envoy 1.13.1 and 1.12.3 (#7380)
* setup new envoy versions for CI
* bump version on the website too.
2020-03-10 11:04:46 +01:00
R.B. Boyer 6adad71125
wan federation via mesh gateways (#6884)
This is like a Möbius strip of code due to the fact that low-level components (serf/memberlist) are connected to high-level components (the catalog and mesh-gateways) in a twisty maze of references which make it hard to dive into. With that in mind here's a high level summary of what you'll find in the patch:

There are several distinct chunks of code that are affected:

* new flags and config options for the server

* retry join WAN is slightly different

* retry join code is shared to discover primary mesh gateways from secondary datacenters

* because retry join logic runs in the *agent* and the results of that
  operation for primary mesh gateways are needed in the *server* there are
  some methods like `RefreshPrimaryGatewayFallbackAddresses` that must occur
  at multiple layers of abstraction just to pass the data down to the right
  layer.

* new cache type `FederationStateListMeshGatewaysName` for use in `proxycfg/xds` layers

* the function signature for RPC dialing picked up a new required field (the
  node name of the destination)

* several new RPCs for manipulating a FederationState object:
  `FederationState:{Apply,Get,List,ListMeshGateways}`

* 3 read-only internal APIs for debugging use to invoke those RPCs from curl

* raft and fsm changes to persist these FederationStates

* replication for FederationStates as they are canonically stored in the
  Primary and replicated to the Secondaries.

* a special derivative of anti-entropy that runs in secondaries to snapshot
  their local mesh gateway `CheckServiceNodes` and sync them into their upstream
  FederationState in the primary (this works in conjunction with the
  replication to distribute addresses for all mesh gateways in all DCs to all
  other DCs)

* a "gateway locator" convenience object to make use of this data to choose
  the addresses of gateways to use for any given RPC or gossip operation to a
  remote DC. This gets data from the "retry join" logic in the agent and also
  directly calls into the FSM.

* RPC (`:8300`) on the server sniffs the first byte of a new connection to
  determine if it's actually doing native TLS. If so it checks the ALPN header
  for protocol determination (just like how the existing system uses the
  type-byte marker).

* 2 new kinds of protocols are exclusively decoded via this native TLS
  mechanism: one for ferrying "packet" operations (udp-like) from the gossip
  layer and one for "stream" operations (tcp-like). The packet operations
  re-use sockets (using length-prefixing) to cut down on TLS re-negotiation
  overhead.

* the server instances specially wrap the `memberlist.NetTransport` when running
  with gateway federation enabled (in a `wanfed.Transport`). The general gist is
  that if it tries to dial a node in the SAME datacenter (deduced by looking
  at the suffix of the node name) there is no change. If dialing a DIFFERENT
  datacenter it is wrapped up in a TLS+ALPN blob and sent through some mesh
  gateways to eventually end up in a server's :8300 port.

* a new flag when launching a mesh gateway via `consul connect envoy` to
  indicate that the servers are to be exposed. This sets a special service
  meta when registering the gateway into the catalog.

* `proxycfg/xds` notice this metadata blob to activate additional watches for
  the FederationState objects as well as the location of all of the consul
  servers in that datacenter.

* `xds:` if the extra metadata is in place additional clusters are defined in a
  DC to bulk sink all traffic to another DC's gateways. For the current
  datacenter we listen on a wildcard name (`server.<dc>.consul`) that load
  balances all servers as well as one mini-cluster per node
  (`<node>.server.<dc>.consul`)

* the `consul tls cert create` command got a new flag (`-node`) to help create
  an additional SAN in certs that can be used with this flavor of federation.
2020-03-09 15:59:02 -05:00
Freddy 602aa742d8
Update namespace docs for config entries (#7420) 2020-03-09 14:51:21 -06:00
Dane Harrigan 382d33bb7e
Update envoy.html.md.erb (#7394)
Minor typo
2020-03-09 13:58:29 -04:00
Hans Hasselberg c46e2ae59b
docs: add docs for kv_max_value_size (#7405)
Apart from the added docs, the error messages are similar now and are
pointing to the corresponding options.
Fixes #6708.
2020-03-09 11:13:40 +01:00
Kim Ngo a8f4123d37
agent/txn_endpoint: configure max txn request length (#7388)
configure max transaction size separately from kv limit
2020-03-05 15:42:37 -06:00
Freddy ee24f4dcc1
1.7 upgrade note (#7397)
The Session API in Consul 1.7.0 and 1.7.1 is incompatible with prior versions of Consul.

This PR adds a note to our version-specific upgrade guide to guard against users upgrading before the fix in 1.7.2 is released.
2020-03-05 13:04:04 -07:00
John Cowen 4befec8f0c
docs: Add that `response_headers` also affects the UI (#7376) 2020-03-05 12:06:35 +00:00
Alvin Huang a24e431c0e
update envoy doc notes (#7389) 2020-03-04 14:59:30 -05:00
steven jacobs ca6e866232
docs:add documentation for Linode cloud auto-join (#6719)
The go-discover library supports Linode. This adds support for
discovering other Consul agents running on Linode. Consul has supported
this since [66b8c20][1] was merged, so this commit just updates the
documentation to match current features.

[1]: 66b8c20990
2020-02-27 06:51:21 -05:00
Luke Kysow ca6ba769ff
Merge pull request #7207 from hashicorp/namespace-k8s-docs
Docs for consul-k8s namespaces support
2020-02-21 14:05:38 -07:00
Luke Kysow 01e30289d2
Docs for Consul namespaces in kube 2020-02-20 14:27:09 -07:00
Jono Sosulska f5920e4832
Merge pull request #7304 from hashicorp/docs/anti-entropy
Added links to Anti-entropy guide + catalog
2020-02-20 11:16:13 -05:00
Hans Hasselberg e05ac57e8f
tls: support tls 1.3 (#7325) 2020-02-19 23:22:31 +01:00
kaitlincarter-hc 707e06e3fe
docs: adding new guide for namespaces and service discovery (#6788) 2020-02-18 18:34:21 +01:00
kaitlincarter-hc e8bbd00c38
docs: setup secure namespaces (#6789)
* Adding new guide for namespaces and ACLs

* Update website/source/docs/guides/secure-namespaces.html.md

Co-Authored-By: Blake Covarrubias <bcovarrubias@hashicorp.com>

Co-authored-by: Hans Hasselberg <me@hans.io>
Co-authored-by: Blake Covarrubias <blake.covarrubias@gmail.com>
2020-02-18 18:33:35 +01:00
Mishin Nickolay b519cc73b5
docs: add note bout change case in config files to specific version upgrade notes (#6870) (#6878) 2020-02-18 14:32:07 +01:00
Tom Downes 0cf11ec744
docs: add documentation for enabling reverse DNS lookup with systemd-resolved (#6731)
* Remove trailing whitespace in DNS forwarding guide.
* Add example for enabling reverse lookup of IP addrseses to .consul domain on systemd-resolved platforms
2020-02-18 14:16:12 +01:00
Mr.gao bc664159ea
docs: update libraries-and-sdks.html.md (#6745)
python-consul maintainer gone, this is my version you want to add to the recommended
2020-02-18 14:08:57 +01:00
Aleksey Stepanenko 95db3971da
docs: update connection for the openstack provider (#6776)
The option `username` does not work. Need to use user_name with underscore

> Authentication failed: Exactly one of Username and UserID must be provided for password authentication

The option `user_name` works, however, it's need to use `region`, `domain_name` in additional.
2020-02-18 14:06:34 +01:00
jsosulska 42fbbd5d15 Added links to Anti-entropy guide + catalog 2020-02-14 09:27:37 -05:00
Hans Hasselberg 4fb41ba9c0
website: put a note on the website re vault with 1.7.0 and 1.6.3 (#7295) 2020-02-13 20:42:36 +01:00
Christoph Puhl c8466fad8c
Adjust formula for quorum size (#7286)
Current formula for quorum size does not match numbers in table below.
2020-02-13 15:57:38 +00:00
Hans Hasselberg cb0f94487c
config: increase http_max_conns_per_client default to 200 (#7289) 2020-02-13 16:27:33 +01:00
Hans Hasselberg 3a15fb9dde
docs: correct envoy versions (#7266) 2020-02-11 23:18:09 +01:00
David Yu fd8a1d0b3a
Merge pull request #7263 from hashicorp/david-yu-patch-2
1.7.0 Namespaces Learn Guides
2020-02-11 11:56:59 -08:00
Judith Malnick 1814e56bd6
docs: add f5 guide text (#6493) 2020-02-11 20:39:44 +01:00
Judith Malnick c3ccfd37fc
docs: add splitting guide (#6597)
* add splitting guide, originially adapted from nic's blog and drafted on learn
2020-02-11 20:39:08 +01:00
David Yu c828495a24
1.7.0 Namespaces Learn Guides
Attaching learn guides associated with Namespaces release
2020-02-11 11:31:47 -08:00
Nuno Adrego de62daf386
docs: changed the return value from null to empty JSON list, when a session does not exist (#7232) 2020-02-11 11:03:28 +01:00
Blake Covarrubias 895a8a43b2
docs: document format for TTL values in Consul config (#6693) 2020-02-11 10:47:21 +01:00
kaitlincarter-hc be35f68ec5
docs: adding note to ACL rules page for intentions. (#6569) 2020-02-11 10:28:48 +01:00
Blake Covarrubias 4ea2685a7c Fix broken link to consul-aws guide on Learn 2020-02-10 12:25:54 -08:00
Hans Hasselberg 9cb7adb304
add envoy version 1.12.2 and 1.13.0 to the matrix (#7240)
* add 1.12.2

* add envoy 1.13.0

* Introduce -envoy-version to get 1.10.0 passing.

* update old version and fix consul-exec case

* add envoy_version and fix check

* Update Envoy CLI tests to account for the 1.13 compatibility changes.

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
2020-02-10 14:53:04 -05:00
Matt Keeler 0b1902f03f
Remove the 1.7.0 beta banner on downloads page (#7253) 2020-02-10 14:20:51 -05:00
Kit Patella 55f19a9eb2
rpc: measure blocking queries (#7224)
* agent: measure blocking queries

* agent.rpc: update docs to mention we only record blocking queries

* agent.rpc: make go fmt happy

* agent.rpc: fix non-atomic read and decrement with bitwise xor of uint64 0

* agent.rpc: clarify review question

* agent.rpc: today I learned that one must declare all variables before interacting with goto labels

* Update agent/consul/server.go

agent.rpc: more precise comment on `Server.queriesBlocking`

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/agent/telemetry.html.md

agent.rpc: improve queries_blocking description

Co-Authored-By: Paul Banks <banks@banksco.de>

* agent.rpc: fix some bugs found in review

* add a note about the updated counter behavior to telemetry.md

* docs: add upgrade-specific note on consul.rpc.quer{y,ies_blocking} behavior

Co-authored-by: Paul Banks <banks@banksco.de>
2020-02-10 10:01:15 -08:00
Akshay Ganeshen 8beb716414
feat: support sending body in HTTP checks (#6602) 2020-02-10 09:27:12 -07:00
danielehc 20600403b2
Adding upgrade-legacy doc (#7212)
Addresses #7071
2020-02-10 15:43:51 +01:00
Kyle Havlovitz 88ae18a2b2 Update config entry docs for namespaces 2020-02-07 12:01:04 -08:00
Blake Covarrubias 91245622db docs: Indent secretName and secretKey under aclSyncToken
These are sub-parameters under aclSyncToken. Fix indentation so that
they are properly displayed under that top-level key.
2020-02-06 10:40:33 -08:00
Fredrik Hoem Grelland d364a64f9a
docs: namespaces has erroneous HCL example (#7228) 2020-02-06 06:33:07 -06:00
Freddy cb77fc6d01
Add managed service provider token (#7218)
Stubs for enterprise-only ACL token to be used by managed service providers.
2020-02-04 13:58:56 -07:00