Commit Graph

2942 Commits

Author SHA1 Message Date
Anthony Scalisi 1565351a5c
docs: fix typos, IDs are UUIDs, /acl/token endpoints manage ACL tokens (#5736) 2020-02-03 09:41:54 +01:00
Hans Hasselberg 5531678e9e
Security fixes (#7182)
* Mitigate HTTP/RPC Services Allow Unbounded Resource Usage

Fixes #7159.

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
Co-authored-by: Paul Banks <banks@banksco.de>
2020-01-31 11:19:37 -05:00
Sarah Christoff fbb9120894
[docs] Clarify retry-join (#7078) 2020-01-30 12:52:58 -06:00
Matt Keeler 6855a778c2
Updates to the Txn API for namespaces (#7172)
* Updates to the Txn API for namespaces

* Update agent/consul/txn_endpoint.go

Co-Authored-By: R.B. Boyer <rb@hashicorp.com>

Co-authored-by: R.B. Boyer <public@richardboyer.net>
2020-01-30 13:12:26 -05:00
Iryna Shustava 7b549b0b5e
docs: clarify that clients and servers need to talk over LAN if outside k8s (#7156) 2020-01-29 19:09:38 -08:00
Iryna Shustava 22872b03a6
docs: Clarify the use of kustomize or ship with the Helm chart (#7154) 2020-01-28 22:18:12 -08:00
Chris Piraino 401221de58
Allow users to configure either unstructured or JSON logging (#7130)
* hclog Allow users to choose between unstructured and JSON logging
2020-01-28 17:50:41 -06:00
Iryna Shustava 14369f03ce docs: update ACL perms for the /connect/ca/roots endpoint (#7155) 2020-01-28 20:01:25 +01:00
Blake Covarrubias 08909661c2 docs: Fix success/passing health check definition
This commit changes the health check example shown for the
success/failures_before_passing option to correctly show that the value
of `checks` is an array of objects, not an object.

Added text clarifying these check parameters are available in Consul
1.7.0 and later.

Expanded the health check to provide a more complete configuration
example.

Resolves #7114.
2020-01-27 12:15:25 -08:00
Matt Keeler bbc2eb1951
Add the v1/catalog/node-services/:node endpoint (#7115)
The backing RPC already existed but the endpoint will be useful for other service syncing processes such as consul-k8s as this endpoint can return all services registered with a node regardless of namespacing.
2020-01-24 09:27:25 -05:00
Blake Covarrubias b3cf47c861 Redirect /docs/guides/outage.html to Learn
Resolves: #6953
2020-01-24 00:26:07 -08:00
Alexey Miasoedov b71630b752 fix Unix socket path in docs 2020-01-22 09:11:24 -08:00
David Yu ee329db79a
Merge pull request #7104 from hashicorp/david-yu-patch-4
Small change to TLS connection wording
2020-01-22 08:51:34 -08:00
Kit Ewbank 7b17f789d3 docs: add Helm chart 'dns.clusterIP' value. (#5845) 2020-01-22 17:32:08 +01:00
Hans Hasselberg 11a571de95
agent: setup grpc server with auto_encrypt certs and add -https-port (#7086)
* setup grpc server with TLS config used across consul.
* add -https-port flag
2020-01-22 11:32:17 +01:00
Iryna Shustava a33154ac9b
Add docs about rolling out TLS on k8s (#7096)
* Add docs about gradually rolling out TLS on k8s

Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2020-01-21 19:29:55 -08:00
David Yu 26a0ea1c39
Small change to wording
Removing automatic connection wording for applications for the time being. From @blake 
> They can automatically establish TLS connections without being aware that TLS is happening. They are aware that they’re routed through the Connect proxy, the app has to configure itself to use the local upstream port.
2020-01-21 16:27:43 -08:00
Luke Kysow c9dbcc31ec
Merge pull request #6970 from hashicorp/k8s-docs-refactor
Kubernetes docs reorganization
2020-01-18 19:08:26 -06:00
Luke Kysow e0aff262cf
Reorg kube docs 2020-01-18 19:07:53 -06:00
Hans Hasselberg 804eb17094
connect: check if intermediate cert needs to be renewed. (#6835)
Currently when using the built-in CA provider for Connect, root certificates are valid for 10 years, however secondary DCs get intermediates that are valid for only 1 year. There is no mechanism currently short of rotating the root in the primary that will cause the secondary DCs to renew their intermediates.
This PR adds a check that renews the cert if it is half way through its validity period.

In order to be able to test these changes, a new configuration option was added: IntermediateCertTTL which is set extremely low in the tests.
2020-01-17 23:27:13 +01:00
Hans Hasselberg 87f32c8ba6
auto_encrypt: set dns and ip san for k8s and provide configuration (#6944)
* Add CreateCSRWithSAN
* Use CreateCSRWithSAN in auto_encrypt and cache
* Copy DNSNames and IPAddresses to cert
* Verify auto_encrypt.sign returns cert with SAN
* provide configuration options for auto_encrypt dnssan and ipsan
* rename CreateCSRWithSAN to CreateCSR
2020-01-17 23:25:26 +01:00
Matej Urbas ce023359fe agent: configurable MaxQueryTime and DefaultQueryTime. (#3777) 2020-01-17 14:20:57 +01:00
John Cowen bc86002be9
docs: Add note about using valid DNS labels for service names (#7035)
Add note about using valid DNS labels for service names
2020-01-15 15:36:17 +00:00
Kit Patella 8be67b777a
Small improvements to Connect docs (#6910)
* docs/connect add link to intentions and minor phrasing change

* docs/connect pluralize 'applications'

* Update website/source/docs/connect/connect-internals.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>
2020-01-14 14:59:27 -08:00
Freddy e635b24215
Update force-leave ACL requirement to operator:write (#7033) 2020-01-14 15:40:34 -07:00
Matt Keeler 663cf1e9a8
AuthMethod updates to support alternate namespace logins (#7029) 2020-01-14 10:09:29 -05:00
Matt Keeler 8bd34e126f
Intentions ACL enforcement updates (#7028)
* Renamed structs.IntentionWildcard to structs.WildcardSpecifier

* Refactor ACL Config

Get rid of remnants of enterprise only renaming.

Add a WildcardName field for specifying what string should be used to indicate a wildcard.

* Add wildcard support in the ACL package

For read operations they can call anyAllowed to determine if any read access to the given resource would be granted.

For write operations they can call allAllowed to ensure that write access is granted to everything.

* Make v1/agent/connect/authorize namespace aware

* Update intention ACL enforcement

This also changes how intention:read is granted. Before the Intention.List RPC would allow viewing an intention if the token had intention:read on the destination. However Intention.Match allowed viewing if access was allowed for either the source or dest side. Now Intention.List and Intention.Get fall in line with Intention.Matches previous behavior.

Due to this being done a few different places ACL enforcement for a singular intention is now done with the CanRead and CanWrite methods on the intention itself.

* Refactor Intention.Apply to make things easier to follow.
2020-01-13 15:51:40 -05:00
danielehc 6ae75f6063
added disclaimer about network segments due to Serf limitations (#7004)
* added disclaimer about network segments due to Serf limitations

using work made at https://github.com/hashicorp/consul/pull/6558 by @thepomeranian

* Lowercasing functionality name

* Update website/source/docs/enterprise/network-segments/index.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

Co-authored-by: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>
2020-01-09 10:41:31 +01:00
danielehc a207f1a147
Update docs to point to new learn guide (#7003)
* Changed the link to point to new guide
* Removed querystring from link
2020-01-09 10:26:47 +01:00
DevOps Rob 0785bcc8df Azure MSI for cloud auto-join (#7000)
* Azure MSI documentation

Adding in note about support for Azure MSI authentication method for Cloud auto-join

* fixing text formatting

fixing text formatting

* missing word

missing word - variable

* Update website/source/docs/agent/cloud-auto-join.html.md

Language change to be specific about where the security risk mitigation is concerned

Co-Authored-By: Jack Pearkes <jackpearkes@gmail.com>

Co-authored-by: Jack Pearkes <jackpearkes@gmail.com>
2020-01-08 20:43:45 -05:00
kaitlincarter-hc 15f070231a
updating the ent docs to mention GCP (#7001) 2020-01-07 13:19:34 -08:00
tehmoon 43ab78fe5a docs: Fix extraVolumes mount paths in helm.html.md (#7008) 2020-01-07 12:13:09 -08:00
Rémi Lapeyre ec591a5b77 docs: fix typo in ACL legacy documentation (#7006) 2020-01-07 14:33:56 +01:00
kaitlincarter-hc 6e2ae79552
[docs] Managing ACL Policies (#6573)
* New Acl policy guide

* Update website/source/docs/guides/managing-acl-policies.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/guides/managing-acl-policies.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/guides/managing-acl-policies.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/guides/managing-acl-policies.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/guides/managing-acl-policies.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

Co-authored-by: Paul Banks <banks@banksco.de>
2020-01-06 15:44:17 -08:00
kaitlincarter-hc 2e1a8acb45
[docs] New Replication Guide (#5823)
* new replication guide

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: R.B. Boyer <public@richardboyer.net>

* fixing list

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: R.B. Boyer <public@richardboyer.net>

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: R.B. Boyer <public@richardboyer.net>

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: R.B. Boyer <public@richardboyer.net>

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: R.B. Boyer <public@richardboyer.net>

* fixing another list

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: Matt Keeler <mkeeler@users.noreply.github.com>

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: R.B. Boyer <public@richardboyer.net>

* fixing formating

* Updating based on feedback.

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: Matt Keeler <mkeeler@users.noreply.github.com>

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: Judith Malnick <judith@hashicorp.com>

* updating introduction based on feedback

* Update website/source/docs/guides/acl-replication.md

* updating intro based on feedback

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: Judith Malnick <judith@hashicorp.com>

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: Judith Malnick <judith@hashicorp.com>

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: Judith Malnick <judith@hashicorp.com>

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: Judith Malnick <judith@hashicorp.com>

* updating based on feedback

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: Judith Malnick <judith@hashicorp.com>

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: Judith Malnick <judith@hashicorp.com>

* Update website/source/docs/guides/acl-replication.md

Co-Authored-By: Judith Malnick <judith@hashicorp.com>

* Additional note about servers

Co-authored-by: R.B. Boyer <public@richardboyer.net>
Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
Co-authored-by: Judith Malnick <judith@hashicorp.com>
2020-01-06 15:35:59 -08:00
kaitlincarter-hc 88a4950a78
New Connect guide for new users (#6749) 2020-01-06 15:17:24 -08:00
Blake Covarrubias b52ce19e8f Move bootstrapACLs under global key in Helm docs
The global.bootstrapACLs key in the Helm chart docs was inadvertently
moved to a top-level key in commit 12e6ef8, which is incorrect.

This commit reverts that error.
2019-12-21 18:47:42 -08:00
Matt Keeler c276e2a634
Revert "Remove docs refs to NS inference from ACL token" (#6976)
This reverts commit 3a8426de9c.

# Conflicts:
#	command/flags/http.go
#	website/source/api/acl/binding-rules.html.md
#	website/source/api/acl/policies.html.md
#	website/source/api/acl/roles.html.md
#	website/source/api/acl/tokens.html.md
#	website/source/api/kv.html.md
#	website/source/api/session.html.md
#	website/source/docs/commands/_http_api_namespace_options.html.md
2019-12-20 11:52:50 -05:00
Blake Covarrubias e94db0178c Add 'kind = connect-proxy' to mesh_gateway.html 2019-12-18 15:35:42 -08:00
Hans Hasselberg 937a414fd0
log: handle discard all logfiles properly (#6945)
* Handle discard all logfiles properly

Fixes https://github.com/hashicorp/consul/issues/6892.

The [docs](https://www.consul.io/docs/agent/options.html#_log_rotate_max_files) are stating:

> -log-rotate-max-files - to specify the maximum number of older log
> file archives to keep. Defaults to 0 (no files are ever deleted). Set to
> -1 to disable rotation and discard all log files.

But the `-1` case was not implemented and led to a panic when being
used.

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>
2019-12-18 22:31:22 +01:00
Kyle MacDonald 3628de6de5
website: embed yt videos on intro pages (#6871)
- website: embed yt videos on intro pages
- for /docs/connect
- for /intro
- css to handle iframe responding at smaller viewports
- Update consul connect video with introductory description. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>
- Update consul connect intro with introductory description. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>
2019-12-18 13:54:39 -05:00
Matt Keeler 34e6e23d43
Change how namespaces are specified for the CLI (#6960) 2019-12-18 11:06:39 -05:00
Blake Covarrubias 87679a7a4f Clarify -retry-join can be provided multiple times
Update -retry-join documentation to explicitly state the option can be
specified multiple times. Add corresponding config example showing
multiple join addresses.
2019-12-17 10:25:14 -08:00
Paul Banks fd99486794
Fix formatting and add version info (#6926) 2019-12-13 19:55:48 +00:00
Luke Kysow 12e6ef8424
Update Helm docs to match repo 2019-12-13 10:15:58 -08:00
ychuzevi bae8a8a6cc docs: Fix documentation for kv store create endpoint (#6940) 2019-12-13 09:12:01 -08:00
Luke Kysow 9003f8be9c
Document that env vars can't be used for config (#6912)
* Document that env vars can't be used for config

Environment variables are not read for config values when starting the
Consul agent. Document this.
2019-12-12 09:31:24 -08:00
Nate Dobbs 53574c4204 docs: Fixed typo for 'consul members' link (#6918)
Quick fix on a small typo I noticed while reading the docs on this command.
2019-12-10 20:42:38 -08:00
Alvin Huang de42b8db8e
correct website download version to 1.6.2 (#6927) 2019-12-10 17:29:58 -05:00
Mike Morris 8baf94d94f website: add 1.7.0 Beta announcement to Downloads page (#6911)
* website: add 1.7.0 Beta announcement to Downloads page

* Update downloads.html.erb
2019-12-10 17:09:38 -05:00
freddygv 03aa0ee1c5 Fix typos and add expand wildcard ns docs 2019-12-10 14:04:24 -07:00
freddygv 3a8426de9c Remove docs refs to NS inference from ACL token 2019-12-10 13:50:28 -07:00
Matt Keeler 5934f803bf
Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
Iryna Shustava 1f3f9a7847
Merge pull request #6902 from hashicorp/k8s-auto-join-min-perms
Clarify the minimum permissions required for k8s auto-join
2019-12-06 13:35:15 -08:00
Iryna Shustava 1694f95e4a
Clarify minimum perms required for k8s auto-join 2019-12-06 12:57:47 -08:00
Hans Hasselberg 9ff69194a2
tls: auto_encrypt and verify_incoming (#6811) (#6899)
* relax requirements for auto_encrypt on server
* better error message when auto_encrypt and verify_incoming on
* docs: explain verify_incoming on Consul clients.
2019-12-06 21:36:13 +01:00
Luke Kysow 86cb454bb1
Link directly to reset 2019-12-06 09:38:52 -08:00
Matt Keeler a704ebe639
Add Namespace support to the API module and the CLI commands (#6874)
Also update the Docs and fixup the HTTP API to return proper errors when someone attempts to use Namespaces with an OSS agent.

Add Namespace HTTP API docs

Make all API endpoints disallow unknown fields
2019-12-06 11:14:56 -05:00
Blake Covarrubias 1d21635a6b docs: Fix expose path HTTP listener ports
The listener ports specified in the headings for the HTTP and HTTP2
examples do not match the ports in the corresponding service
registration configurations.

This commit changes the port specified in the heading for the HTTP
listener to match the port used in the service registration example.

In addition, the listener_port specified for the HTTP2 listener is
modified to match the port number specified in the heading.
2019-12-05 09:00:52 -08:00
Li Kexian a8b3be0491 add tencentcloud auto join docs (#6818) 2019-12-05 12:36:44 +00:00
Luke Kysow 5412ba9dad
Reorg helm chart docs
- Remove duplicate install instructions from the Helm Chart page and
kept them in Running Consul
- Renamed Helm Chart to Helm Chart Reference because that's mostly what
it contains (along with some examples)
- Renamed Running Consul to Installing Consul
- Changed instructions to be for installing using Helm 3 and added
  notes if using Helm 2
- Used release name "hashicorp" so subsequent instructions can be more
concise and pastable, e.g. "port forward to svc/hashicorp-consul-server" vs. "port
forward to svc/<your release name>-consul-server"
- Use config.yaml as the name for the override values file since it
differentiates from the default values.yaml file and its the name of the
file used in the helm docs
(https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing)
2019-12-03 17:49:05 -08:00
Chris Piraino f3b54fa535
Allow configuration of upstream connection limits in Envoy (#6829)
* Adds 'limits' field to the upstream configuration of a connect proxy

This allows a user to configure the envoy connect proxy with
'max_connections', 'max_queued_requests', and 'max_concurrent_requests'. These
values are defined in the local proxy on a per-service instance basis
and should thus NOT be thought of as a global-level or even service-level value.
2019-12-03 14:13:33 -06:00
Tyler Ryan 0a7e0279e7 Docs/consul k8s existing pvc (#6872)
Update docs for using pre-existing PVCs with helm
2019-12-03 11:14:25 -08:00
Luke Kysow d24f58a1b2
Merge pull request #6855 from hashicorp/opaque-config-examples
Document how to json encode envoy config
2019-12-02 17:55:07 -08:00
Luke Kysow 585f3ccf29
Merge pull request #6798 from hashicorp/namespace-selector-docs
Fix documentation for namespaceSelector
2019-12-02 17:54:04 -08:00
Blake Covarrubias e42ff8dd76 docs: Rename TTL to Timeout in Script/TCP checks
TTL and Interval options were made mutually exclusive in
https://github.com/hashicorp/consul/pull/3560.

Change to Timeout, which is a correct parameter for HTTP, Script, and
TCP checks.

Resolves #6343
2019-12-02 15:40:49 -08:00
Luke Kysow eaefa80362
Fix documentation for namespaceSelector
Also remove the example for using namespace selector because it requires
labelling a namespace which is harder to explain.
2019-12-02 12:25:38 -08:00
Luke Kysow cb459a7289
Document how to json encode envoy config
It wasn't clear how users should encode their config.
2019-11-29 09:43:42 -08:00
Luke Kysow 7b9f63af15
Fix helm docs bug
If the ServiceAccount isn't applied first, we get an error since the Pod
references a non-existing ServiceAccount
2019-11-29 09:17:56 -08:00
Luke Kysow 9cb841adc4
Merge pull request #6722 from hashicorp/jump-to-section
Add "jump to section" dropdown
2019-11-26 12:20:26 -08:00
Luke Kysow e358db5610
Add "jump to section" dropdown 2019-11-26 11:58:23 -08:00
Matt Keeler b069d6777b
OSS KV Modifications to Support Namespaces 2019-11-25 12:57:35 -05:00
Matt Keeler 7b471f6bf8
OSS Modifications necessary for sessions namespacing 2019-11-25 12:07:04 -05:00
rerorero 40df8bea57 docs: Fix links to K8s L7 observability guide (#6834) 2019-11-22 18:51:33 -08:00
Blake Covarrubias 5ac8a21f93 docs: Fix links to Sentinel docs for Consul
Current URL returns a 404 error. Correct links to point to the proper
URL.
2019-11-22 10:41:01 -08:00
kaitlincarter-hc 99e088107f
removed kubecon banner (#6827) 2019-11-22 11:08:17 -06:00
Paul Banks cd1b613352
connect: Add AWS PCA provider (#6795)
* Update AWS SDK to use PCA features.

* Add AWS PCA provider

* Add plumbing for config, config validation tests, add test for inheriting existing CA resources created by user

* Unparallel the tests so we don't exhaust PCA limits

* Merge updates

* More aggressive polling; rate limit pass through on sign; Timeout on Sign and CA create

* Add AWS PCA docs

* Fix Vault doc typo too

* Doc typo

* Apply suggestions from code review

Co-Authored-By: R.B. Boyer <rb@hashicorp.com>
Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Doc fixes; tests for erroring if State is modified via API

* More review cleanup

* Uncomment tests!

* Minor suggested clean ups
2019-11-21 17:40:29 +00:00
kaitlincarter-hc 58db6b5d22
fixing link (#6817) 2019-11-19 17:36:18 -06:00
kaitlincarter-hc 50af948044
Replacing updgrade jtbd with k8s (#6813) 2019-11-19 15:20:55 -06:00
RJ Spiker f75b47d3a9 website - add -moz-osx-font-smoothing for smooth firefox osx fonts (#6755) 2019-11-19 14:43:18 -05:00
Chris Piraino cf69630620 Improve session API documentation
- Remove incorrect statement that `LockDelay` must be greater than 0
- Add sentence to the top of the page pointing to the internal document
describing the sessions mechanism for more context
2019-11-18 16:20:34 -06:00
kaitlincarter-hc 9c0e1a5b08
[WIP] Kubernetes Docs (#6770)
* adding cloud providers for k8s

* adding links

* added utm parameters

* Updating descriptions

* fix sidenav

* renaming page minikube
2019-11-18 12:00:01 -06:00
Jack Pearkes 3b173b8cd2 website: alert for kubecon (#6806)
* website: alert for kubecon

* Update website/source/index.html.erb
2019-11-18 10:41:17 -06:00
Chris Piraino 0687e2fe93 docs: add sentence linking to available service-resolver filters
Resolves #6434
2019-11-18 09:38:36 -06:00
Blake Covarrubias 8572ac135c Add missing docs for checks Watch type (#5188)
Add configuration examples for specifying watch checks by health check
state or service, and corresponding CLI examples.

Resolves: #5188
2019-11-13 11:24:35 -08:00
Alvin Huang e4dcd8ea6c
add arm download notes (#6785) 2019-11-13 14:21:50 -05:00
kaitlincarter-hc f982290d9f
fixing buttons (#6772) 2019-11-12 09:23:45 -06:00
Paul Banks b621910618
Support Connect CAs that can't cross sign (#6726)
* Support Connect CAs that can't cross sign

* revert spurios mod changes from make tools

* Add log warning when forcing CA rotation

* Fixup SupportsCrossSigning to report errors and work with Plugin interface (fixes tests)

* Fix failing snake_case test

* Remove misleading comment

* Revert "Remove misleading comment"

This reverts commit bc4db9cabed8ad5d0e39b30e1fe79196d248349c.

* Remove misleading comment

* Regen proto files messed up by rebase
2019-11-11 21:36:22 +00:00
kaitlincarter-hc 51278ff46e
[Website] Add JTBD - WIP (#6673)
* updating the landing page with jtbd

* changed the buttons to pink

* updating CSS based on John's help

* updating a use case

* updating the language and rearranging the guides

* adding icons

* fixed image width

* fixing buttons and updating traffic splitting language.
2019-11-11 09:26:36 -06:00
John Cowen 8a89e1a62f docs: Add link to config entries 2019-11-08 09:51:39 -08:00
rogerwelin 47eff3475f Adds crystal-consul to libraries & sdk docs 2019-11-08 09:37:56 -08:00
Tramale Turner d6c910fe2f Update proxies.html.md (#6754)
Missing preposition.
2019-11-08 09:26:44 -08:00
Mr.gao 653096973d docs: Fix delete config entry description (#6593)
Fix the documentation to correctly state the HTTP DELETE method will
remove the specified config entry.
2019-11-06 11:30:44 -08:00
RJ Spiker 2bb994ace4 website - font and brand updates (#6716)
* website - font and brand updates

* sidebar font-size adjustments and scss cleanup

* adjust nav and inline code styles
2019-11-06 13:53:36 -05:00
Blake Covarrubias 0aa025df1c
docs: Miscellaneous docs cleanup (#6742)
Fix spelling errors, API doc inconsistencies, and formatting issues.

* Fix several spelling errors.
* Prepend / to v1/event/list path in Watches.
* Rename script handlers to match Watch type.
* Remove /v1 path prefix on service health API endpoints.

Makes request path consistent with the rest of the HTTP API
documentation which does not include the /v1 prefix.

* Fix bracket formatting issue on Telemetry page.

The HTML codes used for brackets inside of the code block are not
interpolated, and are shown as literal strings.

Replace the numeric HTML codes with the intended character value to
fix display formatting.

Also placed variable reference on agent/options.html inside code block
for consistency with the presentation of other options on the page.

* Add missing word to Coordinate.Node docstring.

Resolves #6014
2019-11-05 20:34:46 -08:00
Thibault Gilles f7f1c3fa54 Fix docs for replace-existing-checks parameter 2019-11-04 12:34:11 -08:00
Robert Hencke d908f2c420 [docs] Fix sentence order for GCE Cloud Auto-Join 2019-11-04 12:27:58 -08:00
Rémi Lapeyre 7190af29ac Fix typo in config HTTP API documentation 2019-11-04 12:26:36 -08:00
Yahya 0604934e13 [Docs] Fix typo (#6523) 2019-11-04 15:17:28 -05:00
Charlie Voiselle f1786211e1
Merge pull request #6710 from hashicorp/docs/connect-nomad
[docs] Updating Nomad Consul Connect info
2019-11-04 14:18:03 -05:00
R.B. Boyer dc4b3e3444
docs: fix hcl use on production acls guide (#6739)
Also clean up some general whitespace formatting.
2019-11-04 11:11:59 -06:00
Paul Banks 87699eca2f
Fix support for RSA CA keys in Connect. (#6638)
* Allow RSA CA certs for consul and vault providers to correctly sign EC leaf certs.

* Ensure key type ad bits are populated from CA cert and clean up tests

* Add integration test and fix error when initializing secondary CA with RSA key.

* Add more tests, fix review feedback

* Update docs with key type config and output

* Apply suggestions from code review

Co-Authored-By: R.B. Boyer <rb@hashicorp.com>
2019-11-01 13:20:26 +00:00
R.B. Boyer 5ff8fa9918
docs: mention that all logging flags also work in the config file (#6705) 2019-10-31 16:15:48 -05:00
Luke Kysow c496fd80c2
Merge pull request #6583 from hashicorp/connect-annotations
Document new annotations for Connect injections
2019-10-31 12:58:43 -07:00
Alexandra Freeman 00f5fde869 Update mediums on main community page (#6699)
Updating all .io Community sites to direct practitioners to the Forum as the first medium for communicating with other users and HashiCorp employees. Deleted Gitter link and Google Group link, as these will be phased out over the next few months. Updated what appeared to be a typo on the page description. Chatted with Nic Jackson before submitting PR.
2019-10-31 14:52:23 -04:00
kaitlincarter-hc bac8edb7df removed the term easy and updated the formatting 2019-10-29 15:59:21 -05:00
Charlie Voiselle c646089c84 Updating Nomad Consul Connect info 2019-10-29 16:53:25 -04:00
Sarah Christoff 5e1c6e907b
Set MinQuorum variable in Autopilot (#6654)
* Add MinQuorum to Autopilot
2019-10-29 09:04:41 -05:00
Sarah Christoff 64d099c020
Update -protocol doc (#6681)
* Update -protocol to have more clear version wording

Co-Authored-By: Judith Malnick <judith.patudith@gmail.com>
2019-10-29 08:41:28 -05:00
Luke Kysow b5cd6f83a3
Merge pull request #6683 from hashicorp/service-account-connect-inject-docs
Document service account name requirements
2019-10-28 10:26:52 -07:00
Luke Kysow 3524ee0478
Document service account name requirements
If ACLs are enabled, service account name must match the name of the
service in Consul.

Fixes https://github.com/hashicorp/consul-helm/issues/202
2019-10-24 16:51:51 -07:00
kaitlincarter-hc 749915ce0f
missed UTM parameter (#6679) 2019-10-24 12:29:54 -05:00
kaitlincarter-hc 73832ed80b
fixing ACL reset links (#6678) 2019-10-24 12:22:08 -05:00
Alvin Huang 3361bab1bc
modify netlify-cli installation (#6674)
* modify netlify CLI installation

* bump middleman-hashicorp to 0.3.40 to include ssh
2019-10-23 13:54:19 -04:00
kaitlincarter-hc 30ae048f85
Top Navigation change (#6630)
* Changed Guides to Learn in the top nav and added utm parameters to the guide index page

* Update website/source/docs/guides/index.html.md

* Update website/source/docs/guides/index.html.md

* Update website/source/layouts/layout.erb
2019-10-21 14:19:27 -05:00
kaitlincarter-hc 4f9e639d49
updating broken link (#6633) 2019-10-16 16:18:39 -05:00
PHBourquin 039615641e Checks to passing/critical only after reaching a consecutive success/failure threshold (#5739)
A check may be set to become passing/critical only if a specified number of successive
checks return passing/critical in a row. Status will stay identical as before until
the threshold is reached.
This feature is available for HTTP, TCP, gRPC, Docker & Monitor checks.
2019-10-14 21:49:49 +01:00
kaitlincarter-hc b0310364c6
[docs] Adding Links to Learn (#6611)
* adding links to Learn

* fixing a couple typos

* adding utm paramaters

* Update website/source/docs/connect/registration/sidecar-service.md

* Update website/source/docs/connect/registration/sidecar-service.md

* Update website/source/docs/acl/acl-system.html.md

* Update website/source/docs/acl/acl-system.html.md

* Update website/source/docs/agent/encryption.html.md

Co-Authored-By: Judith Malnick <judith.patudith@gmail.com>

* Update website/source/docs/connect/proxies/built-in.md

Co-Authored-By: Judith Malnick <judith.patudith@gmail.com>

* Update website/source/docs/connect/registration/sidecar-service.md

Co-Authored-By: Judith Malnick <judith.patudith@gmail.com>

* Update website/source/docs/install/index.html.md

Co-Authored-By: Judith Malnick <judith.patudith@gmail.com>

* Update website/source/docs/agent/kv.html.md

* Update website/source/docs/connect/security.html.md

* Update website/source/docs/connect/security.html.md

* Update website/source/docs/internals/architecture.html.md
2019-10-14 10:40:35 -05:00
Blake Covarrubias 97953454c4 Add Consul's L7 features to Istio comparison
Add text listing Consul's L7 features (via Envoy). Re-organize text to
flow similarly to Istio section.

Co-Authored-By: Judith Malnick <judith.patudith@gmail.com>
2019-10-10 11:33:34 -07:00
Luke Kysow 17990aabf3
Document new annotations for Connect injections 2019-10-04 15:31:24 -07:00
Sarah Christoff 5e26971864
Prune Unhealthy Agents (#6571)
* Add -prune flag to ForceLeave
2019-10-04 16:10:02 -05:00
Freddy 2eaece10a7
Update Force Leave docs (#6550)
Fixes #2742

Previously the docs didn't clarify that if a server restarts as a client then force-leave won't lead to removing the node from the raft config. This is because the node, which is alive after a restart, will refute messages about it having left . These messages about members leaving are in turn what trigger Consul's leader to remove a server from raft.
2019-09-27 17:49:28 -06:00
Mike Morris 6bf75d201d
docs: add managed proxy removal note to specific version upgrade notes (#6557) 2019-09-27 10:52:47 -04:00
Judith Malnick fd41003138
Specify that mesh gateways require Envoy (#6506)
* Specify that mesh gateways must operate on L7

* Add feedback from Matt

* clarify gateway requirements
2019-09-26 20:06:58 -07:00
Freddy fdd10dd8b8
Expose HTTP-based paths through Connect proxy (#6446)
Fixes: #5396

This PR adds a proxy configuration stanza called expose. These flags register
listeners in Connect sidecar proxies to allow requests to specific HTTP paths from outside of the node. This allows services to protect themselves by only
listening on the loopback interface, while still accepting traffic from non
Connect-enabled services.

Under expose there is a boolean checks flag that would automatically expose all
registered HTTP and gRPC check paths.

This stanza also accepts a paths list to expose individual paths. The primary
use case for this functionality would be to expose paths for third parties like
Prometheus or the kubelet.

Listeners for requests to exposed paths are be configured dynamically at run
time. Any time a proxy, or check can be registered, a listener can also be
created.

In this initial implementation requests to these paths are not
authenticated/encrypted.
2019-09-25 20:55:52 -06:00
Alvin Huang f6b928043f
remove alert bar on homepage (#6544) 2019-09-25 17:28:14 -04:00
R.B. Boyer af01d397a5
connect: don't colon-hex-encode the AuthorityKeyId and SubjectKeyId fields in connect certs (#6492)
The fields in the certs are meant to hold the original binary
representation of this data, not some ascii-encoded version.

The only time we should be colon-hex-encoding fields is for display
purposes or marshaling through non-TLS mediums (like RPC).
2019-09-23 12:52:35 -05:00
Jack Pearkes 5b41903bd0
website: update alert bar on homepage (#6518)
Per @changli0617
2019-09-20 15:32:25 -07:00
Luke Kysow 9f4ecdbf3e
Merge pull request #6511 from hashicorp/code-highlighting
Give code blocks coloured background
2019-09-20 10:35:53 -07:00
Luke Kysow 5c9ece5964
Merge pull request #6460 from hashicorp/helm-wait
Update consul-helm enterprise docs for ACLs
2019-09-19 15:32:27 -07:00
Bartek Jaroszewski ea009d1457 website, add git2consul-go to the tools list (#6286)
Signed-off-by: bjaroszewski <bjaroszewski@griddynamics.com>
2019-09-19 17:20:50 -05:00
Luke Kysow dcf922858a
Update consul-helm enterprise docs for ACLs
If ACLs are added then slightly different commands are needed.
2019-09-19 15:09:38 -07:00
Luke Kysow 2a0d9ff882
Update Consul DNS on kube docs
- fix instructions for CoreDNS (it updated)
- fix instructions for new component names
- recommend installing with the name 'consul'
- add disclaimer that catalog sync is not always required
- clean up example values.yaml files
2019-09-19 15:09:38 -07:00
Luke Kysow 16d1f4ca01
Give code blocks coloured background
This will make them stand out more and matches the style of terraform.io
2019-09-19 14:53:28 -07:00
Iryna Shustava 91e6c634ca
Merge pull request #6500 from hashicorp/typo-fix
Fix typo in "Service Ports" section
2019-09-18 13:11:52 -07:00
kaitlincarter-hc c10f83ebee
[docs]Updated Containers Guide (#6215)
* Adding the updated containers guide that will be deployed on Learn only.

* Update website/source/docs/guides/containers-guide.md

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>

* Update website/source/docs/guides/containers-guide.md

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>

* Update website/source/docs/guides/containers-guide.md

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>

* Update website/source/docs/guides/containers-guide.md

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>

* Update website/source/docs/guides/containers-guide.md

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>

* Update website/source/docs/guides/containers-guide.md

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>

* Update website/source/docs/guides/containers-guide.md

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>

* Update website/source/docs/guides/containers-guide.md

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md
2019-09-17 13:35:46 -07:00
Iryna Shustava 7d593aca60
Fix typo in "Service Ports" section 2019-09-17 12:05:04 -07:00
Blake Covarrubias fb2ffef849 docs: Fix typo in acl/acl-rules 2019-09-13 19:50:35 -07:00
Blake Covarrubias 257aeb7929 docs: Add .tgz to snapshot restore example (#6476) 2019-09-13 19:48:49 -07:00
Hans Hasselberg dcba96079a
docs (Consul Enterprise): Google Cloud Storage snapshot documentation (#6480) 2019-09-13 17:54:15 +02:00
hashicorp-ci 9be6dfc310
Release v1.6.1 2019-09-12 19:39:59 +00:00
Jud White 5096a2fe39 docs: fix typo in install/performance (#6428) 2019-09-09 21:23:25 +01:00
dcallao 40af5ca2f0 fixed broken links on consul program page (#6463) 2019-09-06 17:18:59 -04:00
dcallao 545ab3c236 docs: added Consul Integration Program Docs Page (#6459)
* adding the Consul Integration Program page in docs section
2019-09-06 14:52:18 -04:00
John Cowen 826e82f765
docs: Fix discovery chain internals link (#6449) 2019-09-05 13:56:50 +01:00
Aestek 7c7b7f24fd Add option to register services and their checks idempotently (#4905) 2019-09-02 09:38:29 -06:00
Matt Keeler 00aa108490
TxnCheckOp has a `Check` field not a `Service` field (#6418) 2019-08-28 15:57:41 -04:00
Nick Fagerlund ce8a27aedc website: Update middleman-hashicorp container and Gemfile.lock (#6374)
* website: Update middleman-hashicorp container and Gemfile.lock

Time marches on, and so do security vulnerabilities in Nokogiri. So it's time
for a new container.

As with last time, here's a reminder for the next person who needs to update
this:

- You shouldn't just update the dependency in Gemfile.lock, because your build
  times will go to heck as you compile Nokogiri from source on every run. So you
  need an updated container with all the dependencies.
- To update the container, you need to push a new tag to the middleman-hashicorp
  repo. Teamcity does the rest, and will ship a new container to Docker Hub
  (unless its credentials are out of date, in which case go ask team-eng-serv.)
- Once that's pushed:
    - Update Makefile
    - Update the Gemfile
    - Delete Gemfile.lock
    - `make website` until it comes up, then ctrl-C
    - Commit the changes

* website: Specify a different json version in Gemfile.lock

The Consul website uses different containers for preview and deploy, and this
oddball JSON version was causing issues. This commit sacrifices a little bit
of preview startup speed for (hopefully) working deploys.
2019-08-27 11:05:18 -04:00
Mike Morris e7a5d80169
bump eventmachine to 1.2.7 in Gemfile.lock (#6389) 2019-08-27 02:00:43 -04:00
Freddy 4caf1d111a
Rephrase bind docs (#6394) 2019-08-26 11:31:55 -06:00
hashicorp-ci 944cc71026
Release v1.6.0 2019-08-23 22:10:51 +00:00
R.B. Boyer cc9a6f7993
Merge pull request #6388 from hashicorp/release/1-6
merging release/1-6 into master
2019-08-23 13:44:46 -05:00
Anudeep Reddy f9c2a95e0e Update observability.html.md (#6379) 2019-08-23 17:07:48 +02:00
danielehc 2e64b19fc2
Update agent.html.markdown.erb (#6380)
Adding a note on how to make Consul trust S3-compatible storage that expose a self-signed certificate.
2019-08-23 16:09:41 +02:00
Jack Pearkes b428e81483 website: fix typo on mesh page (#6368)
Fixes #6345.
2019-08-21 16:35:11 -05:00
R.B. Boyer 0a4e683708
docs: remove beta references; leave version notation (#6372) 2019-08-21 16:23:08 -05:00
R.B. Boyer 7a6faccf2f
docs: document how envoy escape hatches work with the discovery chain (#6350)
- Bootstrap escape hatches are OK.
- Public listener/cluster escape hatches are OK.
- Upstream listener/cluster escape hatches are not supported.

If an unsupported escape hatch is configured and the discovery chain is
activated log a warning and act like it was not configured.

Fixes #6160
2019-08-21 15:10:12 -05:00
Alvin Huang 52041cc278 Merge Consul OSS branch 'master' at commit ce9cfc773d 2019-08-21 16:07:04 -04:00
R.B. Boyer 65fc93ea33 docs: fixing L7 config entries documentation (#6358)
- add service-router example involving gRPC
- fix indentation on service-router page by splitting it up
- remove reference to removed setting
2019-08-21 12:29:53 -05:00
R.B. Boyer 33c09f80c8 docs: add documentation for discovery chains
Fixes #6273
2019-08-21 12:29:53 -05:00
Ján Dzurek 5515e094f4 docs: ports docs missing paren fix (#6367) 2019-08-21 10:23:03 +02:00
hashicorp-ci 22789fedf8 Merge Consul OSS branch 'master' at commit a7ded1bd8e 2019-08-21 02:00:53 +00:00
Matt Keeler 9a5b258edf
Turned on Envoy 1.11.1 integration tests (#6347)
I also ran this against 1.5.2 so the docs update claiming compatibility should still be accurate.
2019-08-20 10:20:13 -04:00
John Cowen a7ded1bd8e
docs: Fix typo layey > layer (#6352) 2019-08-20 10:16:30 +02:00
Tyler Ryan fc9fcdfa53
Merge pull request #6341 from tryan225/docs/autopilot-updates
Clarifying autopilot bootstrap and config options
2019-08-19 13:36:50 -07:00
Jack Pearkes 589f77b2ab
website: update the vs. envoy and proxies page (#6326)
* website: update the vs. envoy and proxies page

This is the second result on Google for "consul envoy" and
it seemed like it needed a bit of an upgrade to help clarify the
current state.

* Update website/source/intro/vs/proxies.html.md

Co-Authored-By: Judith Malnick <judith.patudith@gmail.com>

* Update website/source/intro/vs/proxies.html.md

Co-Authored-By: Judith Malnick <judith.patudith@gmail.com>

* Update website/source/intro/vs/proxies.html.md

Co-Authored-By: Judith Malnick <judith.patudith@gmail.com>

* Update website/source/intro/vs/proxies.html.md

Co-Authored-By: Judith Malnick <judith.patudith@gmail.com>

* Apply suggestions from code review

Co-Authored-By: Judith Malnick <judith.patudith@gmail.com>
2019-08-16 14:25:24 -07:00
tryan225 47ca1fa988 Clarifying autopilot bootstrap and config options 2019-08-16 10:54:13 -07:00
hashicorp-ci 868780f237 Merge Consul OSS branch 'master' at commit 23cf22960a 2019-08-16 02:00:30 +00:00
mattc41190 23cf22960a Fix 404 (#6300)
On page: https://www.consul.io/discovery.html

If you click the link for Health Checks -> Learn More the underlying resource is:

https://learn.hashicorp.com/consul/getting-started/checks

This page for me is a 404. I think you've bundled it together in the following page:

Register a Service and Health Check - Service Discovery

Located at: https://learn.hashicorp.com/consul/getting-started/services

Thanks for Consul, it's really awesome.
2019-08-15 14:04:30 -07:00
hashicorp-ci 5919c7c184 Merge Consul OSS branch 'master' at commit 8f7586b339 2019-08-13 02:00:43 +00:00
Sarah Adams 8ff1f481fe
add flag to allow /operator/keyring requests to only hit local servers (#6279)
Add parameter local-only to operator keyring list requests to force queries to only hit local servers (no WAN traffic).

HTTP API: GET /operator/keyring?local-only=true
CLI: consul keyring -list --local-only

Sending the local-only flag with any non-GET/list request will result in an error.
2019-08-12 11:11:11 -07:00
hashicorp-ci 5ecffb0c0a Merge Consul OSS branch 'master' at commit 8241787e92 2019-08-11 02:01:18 +00:00
Jake Lundberg 8241787e92 docs: Update consul-helm example to pull latest tag 2019-08-09 16:33:43 -06:00
Mike Morris b9f07fa9c3
website: restore accidental JSON deletion [skip ci] (#6303) 2019-08-09 15:32:54 -04:00
Mike Morris 65be58703c
connect: remove managed proxies (#6220)
* connect: remove managed proxies implementation and all supporting config options and structs

* connect: remove deprecated ProxyDestination

* command: remove CONNECT_PROXY_TOKEN env var

* agent: remove entire proxyprocess proxy manager

* test: remove all managed proxy tests

* test: remove irrelevant managed proxy note from TestService_ServerTLSConfig

* test: update ContentHash to reflect managed proxy removal

* test: remove deprecated ProxyDestination test

* telemetry: remove managed proxy note

* http: remove /v1/agent/connect/proxy endpoint

* ci: remove deprecated test exclusion

* website: update managed proxies deprecation page to note removal

* website: remove managed proxy configuration API docs

* website: remove managed proxy note from built-in proxy config

* website: add note on removing proxy subdirectory of data_dir
2019-08-09 15:19:30 -04:00
Matt Keeler b53b98fa26
mesh-gateway ACL tokens should also have `node:read` on everyth… (#6291) 2019-08-07 13:52:57 -04:00
Alvin Huang 206b2016a4 Merge remote-tracking branch 'origin/master' into release/1-6 2019-08-02 18:09:32 -04:00
Omer Zach 6785e33d8a Fix typo in architecture.html.md (#6261) 2019-08-01 12:21:37 -06:00
Venkata Krishna Annam 80f091e107 docs: Fix minor mistakes in index.html.md (#6239) 2019-08-01 12:57:26 -05:00
freddygv 1a14b94441 Update default gossip encryption key size to 32 bytes 2019-07-30 09:45:41 -06:00
Alvin Huang b2944bdbe1 Merge remote-tracking branch 'origin/master' into release/1-6 2019-07-26 16:22:53 -04:00
Matt Keeler 59454c7edc
Set --max-obj-name-len 256 when execing Envoy (#6202)
* Pass -max-obj-name-len 256 to envoy

* Update test expectations.

* Add a note about requireing the max-obj-name-len option to be set
2019-07-26 15:43:15 -04:00
Todd Radel dbae899796
Merge pull request #6210 from hashicorp/docs/fix-ambassador-link
Fix links to ambassador website
2019-07-26 14:29:03 -04:00
R.B. Boyer c6c4a2251a Merge Consul OSS branch master at commit b3541c4f34 2019-07-26 10:34:24 -05:00
hashicorp-ci a42ded477c
Release v1.5.3 2019-07-25 23:41:17 +00:00
Mike Morris 34984e4764
docs: add TCP half-close broken pipe to common errors (#6203) 2019-07-25 16:01:33 -04:00
Matt Keeler 8b54307be2
Allow forwarding of some status RPCs (#6198)
* Allow forwarding of some status RPCs

* Update docs

* add comments about not using the regular forward
2019-07-25 14:26:22 -04:00
Todd Radel 569b37133a Fix links to ambassador website 2019-07-24 13:23:49 -04:00
R.B. Boyer ad9e7b6ae9
connect: allow L7 routers to match on http methods (#6164)
Fixes #6158
2019-07-23 20:56:39 -05:00
R.B. Boyer 85cf2706e6
connect: change router syntax for matching query parameters to resemble the syntax for matching paths and headers for consistency. (#6163)
This is a breaking change, but only in the context of the beta series.
2019-07-23 20:55:26 -05:00
R.B. Boyer e039dfd7f8
connect: rework how the service resolver subset OnlyPassing flag works (#6173)
The main change is that we no longer filter service instances by health,
preferring instead to render all results down into EDS endpoints in
envoy and merely label the endpoints as HEALTHY or UNHEALTHY.

When OnlyPassing is set to true we will force consul checks in a
'warning' state to render as UNHEALTHY in envoy.

Fixes #6171
2019-07-23 20:20:24 -05:00
Alvin Huang ef6b80bab2 resolve circleci config conflicts 2019-07-23 20:18:36 -04:00
Matt Keeler d7fe8befa9
Update go-bexpr (#6190)
* Update go-bexpr to v0.1.1

This brings in:

• `in`/`not in` operators to do substring matching
• `matches` / `not matches` operators to perform regex string matching.

* Add the capability to auto-generate the filtering selector ops tables for our docs
2019-07-23 14:45:20 -04:00
Paul Banks f38da47c55
Allow raft TrailingLogs to be configured. (#6186)
This fixes pathological cases where the write throughput and snapshot size are both so large that more than 10k log entries are written in the time it takes to restore the snapshot from disk. In this case followers that restart can never catch up with leader replication again and enter a loop of constantly downloading a full snapshot and restoring it only to find that snapshot is already out of date and the leader has truncated its logs so a new snapshot is sent etc.

In general if you need to adjust this, you are probably abusing Consul for purposes outside its design envelope and should reconsider your usage to reduce data size and/or write volume.
2019-07-23 15:19:57 +01:00
kaitlincarter-hc 3a4e38a13e
[docs] New K8s-Consul deployment guide (#5859)
* New K8s-Consul deployment guide

* Update website/source/docs/guides/kubernetes-production-deploy.md

* Update website/source/docs/guides/kubernetes-production-deploy.md

Co-Authored-By: Rebecca Zanzig <rebecca@hashicorp.com>

* Update website/source/docs/guides/kubernetes-production-deploy.md

Co-Authored-By: Rebecca Zanzig <rebecca@hashicorp.com>

* Update website/source/docs/guides/kubernetes-production-deploy.md

Co-Authored-By: Rebecca Zanzig <rebecca@hashicorp.com>

* Update website/source/docs/guides/kubernetes-production-deploy.md

Co-Authored-By: Rebecca Zanzig <rebecca@hashicorp.com>

* Update website/source/docs/guides/kubernetes-production-deploy.md

Co-Authored-By: Rebecca Zanzig <rebecca@hashicorp.com>

* updating based on comments

* Update website/source/docs/guides/kubernetes-production-deploy.md

Co-Authored-By: Rebecca Zanzig <rebecca@hashicorp.com>

* Update website/source/docs/guides/kubernetes-production-deploy.md

* Update website/source/docs/guides/kubernetes-production-deploy.md
2019-07-22 19:16:06 -05:00
hashicorp-ci a4431da1cc Merge Consul OSS branch 'master' at commit ef257b084d 2019-07-20 02:00:29 +00:00
Freddy ef257b084d
Fix typo chose/choose (#6170) 2019-07-19 16:29:42 -06:00
javicrespo b006060d4c log rotation: limit count of rotated log files (#5831) 2019-07-19 15:36:34 -06:00
hashicorp-ci 194a978707 Merge Consul OSS branch 'master' at commit 42dae36923 2019-07-19 02:00:21 +00:00
Luke Kysow 42dae36923
Merge pull request #6141 from hashicorp/hcl-multi-service-docs
Document multiple services config in hcl
2019-07-18 12:15:22 +01:00
kaitlincarter-hc 2679315177 [docs] Encryption docs update (#6082)
* Bad link in encryption docs

* clarifying the guide link

* Update website/source/docs/agent/encryption.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/agent/encryption.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>
2019-07-17 20:36:36 -07:00
Judith Malnick f946545b28
Detail required settings in Gateway doc (#6126)
* Update mesh_gateway.html.md

* Apply suggestions from code review

Co-Authored-By: Luke Kysow <1034429+lkysow@users.noreply.github.com>

* Add WAN joining requirement

* re-word primary dc guidance

Co-Authored-By: Luke Kysow <1034429+lkysow@users.noreply.github.com>

* Update website/source/docs/connect/mesh_gateway.html.md
2019-07-17 11:02:58 -07:00
Luke Kysow c31cb95da3
Document multiple services config in hcl
Also change ttl => timeout since ttl doesn't work anymore.
2019-07-17 15:26:08 +01:00
Sarah Adams ea2bd5b728
http/tcp checks: fix long timeout behavior to default to user-configured value (#6094)
Fixes #5834
2019-07-16 15:13:26 -07:00
Jack Pearkes df6eab83d4 website: link to beta changelog 2019-07-09 13:43:29 +02:00
Jack Pearkes ad9dcfcfe5 website: fix use-case dropdown size 2019-07-09 08:45:58 +02:00
Jack Pearkes 6cf9abcf2f website: remove configuration use-case 2019-07-09 07:47:49 +02:00
Jack Pearkes 81aba02015 website: better mesh call to actions 2019-07-09 05:55:58 +02:00
Jack Pearkes 12dc9019af website: better mesh links into new docs 2019-07-09 05:51:23 +02:00
R.B. Boyer 068a069512
config entry doc snippet for mesh gateways (#6095) 2019-07-08 21:25:25 -05:00
R.B. Boyer edd0d4be5a
Initial L7 Documentation (#6056) 2019-07-08 21:11:19 -05:00
Judith Malnick a0ee71baf9
[docs] Guide - Connecting Services Across Datacenters (#6052)
* add connect gateway guide

* Remove stray space

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>

* Specify stanza and exact options

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>

* incorporate comments from freddy

* integrate feedback from matt

* make snippets all json

* incorporate more comments from matt

* added links

* incorporate comments from neena on google doc draft

* make learn lnks relative

* clarify that gateways are new

* change socat to netcat

* add more description about replication token permissions

* Apply suggestions from code review

Co-Authored-By: Matt Keeler <mkeeler@users.noreply.github.com>

* add the prerequisite to enable centralized service config

* finish adding docs links
2019-07-09 02:07:51 +02:00
Matt Keeler d4a3c0e661
Initial Mesh Gateway Docs (#6090) 2019-07-08 19:40:57 -04:00
Paul Banks 3716bac3b7
Better gateway image 2019-07-08 16:30:51 +02:00
Jack Pearkes 9013bc5199 website: changes for 1.6.0 beta (#6083)
* website: link to 1.6.0 beta in downloads page

* website: reorganize intention replication/ca federation

* website: remove announcement bar

* Update website/source/docs/connect/connect-internals.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* website: update homepage and service mesh page

Aligning messaging to current product.

* website: fix link TODOs

* Add Mesh Gateway to mesh page, update use case wording
2019-07-08 15:12:42 +01:00
hashicorp-ci d2adfc0bda Merge Consul OSS branch 'master' at commit c2c154eaf4 2019-07-08 02:00:37 +00:00
Judith Malnick c2c154eaf4
[docs] Link to TLS guide in Encryption doc (#6071)
Fixes issue #6067
2019-07-07 16:55:03 +02:00
Michael Schurter b5aab27c21 connect: allow overriding envoy listener bind_address (#6033)
* connect: allow overriding envoy listener bind_address

* Update agent/xds/config.go

Co-Authored-By: Kyle Havlovitz <kylehav@gmail.com>

* connect: allow overriding envoy listener bind_port

* envoy: support unix sockets for grpc in bootstrap

Add AgentSocket BootstrapTplArgs which if set overrides the AgentAddress
and AgentPort to generate a bootstrap which points Envoy to a unix
socket file instead of an ip:port.

* Add a test for passing the consul addr as a unix socket

* Fix config formatting for envoy bootstrap tests

* Fix listeners test cases for bind addr/port

* Update website/source/docs/connect/proxies/envoy.md
2019-07-05 16:06:47 +01:00
hashicorp-ci 7a32c5a618 Merge Consul OSS branch 'master' at commit a58d8e91ac 2019-07-03 02:00:31 +00:00
Freddy a58d8e91ac
Fix Envoy 1.10 support note (#6045) 2019-07-02 11:26:26 -06:00
Jack Pearkes fd52e9e5f4 website: fix link to raft paper (#6046) 2019-07-01 12:38:53 -06:00
hashicorp-ci 43bda6fb76 Merge Consul OSS branch 'master' at commit e91f73f592 2019-06-30 02:00:31 +00:00
Alvin Huang 81d47a871a fix glossary link (#6043) 2019-06-28 10:04:09 -06:00
Hans Hasselberg a82e6a7fd3
Release v1.5.2 2019-06-27 22:59:46 +00:00
Hans Hasselberg 33a7df3330
tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
Akshay Ganeshen 98a35fbe69 dns: support alt domains for dns resolution (#5940)
this adds an option for an alt domain to be used with dns while migrating to a new consul domain.
2019-06-27 12:00:37 +02:00
hashicorp-ci f4304e2e5b Merge Consul OSS branch 'master' at commit 4eb73973b6 2019-06-27 02:00:41 +00:00
Sarah Christoff d3d92d76f3
ui: modify content path (#5950)
* Add ui-content-path flag

* tests complete, regex validator on string, index.html updated

* cleaning up debugging stuff

* ui: Enable ember environment configuration to be set via the go binary at runtime (#5934)

* ui: Only inject {{.ContentPath}} if we are makeing a prod build...

...otherwise we just use the current rootURL

This gets injected into a <base /> node which solves the assets path
problem but not the ember problem

* ui: Pull out the <base href=""> value and inject it into ember env

See previous commit:

The <base href=""> value is 'sometimes' injected from go at index
serve time. We pass this value down to ember by overwriting the ember
config that is injected via a <meta> tag. This has to be done before
ember bootup.

Sometimes (during testing and development, basically not production)
this is injected with the already existing value, in which case this
essentially changes nothing.

The code here is slightly abstracted away from our specific usage to
make it easier for anyone else to use, and also make sure we can cope
with using this same method to pass variables down from the CLI through
to ember in the future.

* ui: We can't use <base /> move everything to javascript (#5941)

Unfortuantely we can't seem to be able to use <base> and rootURL
together as URL paths will get doubled up (`ui/ui/`).

This moves all the things that we need to interpolate with .ContentPath
to the `startup` javascript so we can conditionally print out
`{{.ContentPath}}` in lots of places (now we can't use base)

* fixed when we serve index.html

* ui: For writing a ContentPath, we also need to cope with testing... (#5945)

...and potentially more environments

Testing has more additional things in a separate index.html in `tests/`

This make the entire thing a little saner and uses just javascriopt
template literals instead of a pseudo handbrake synatx for our
templating of these files.

Intead of just templating the entire file this way, we still only
template `{{content-for 'head'}}` and `{{content-for 'body'}}`
in this way to ensure we support other plugins/addons

* build: Loosen up the regex for retrieving the CONSUL_VERSION (#5946)

* build: Loosen up the regex for retrieving the CONSUL_VERSION

1. Previously the `sed` replacement was searching for the CONSUL_VERSION
comment at the start of a line, it no longer does this to allow for
indentation.
2. Both `grep` and `sed` where looking for the omment at the end of the
line. We've removed this restriction here. We don't need to remove it
right now, but if we ever put the comment followed by something here the
searching would break.
3. Added `xargs` for trimming the resulting version string. We aren't
using this already in the rest of the scripts, but we are pretty sure
this is available on most systems.

* ui: Fix erroneous variable, and also force an ember cache clean on build

1. We referenced a variable incorrectly here, this fixes that.
2. We also made sure that every `make` target clears ember's `tmp` cache
to ensure that its not using any caches that have since been edited
everytime we call a `make` target.

* added docs, fixed encoding

* fixed go fmt

* Update agent/config/config.go

Co-Authored-By: R.B. Boyer <public@richardboyer.net>

* Completed Suggestions

* run gofmt on http.go

* fix testsanitize

* fix fullconfig/hcl by setting correct 'want'

* ran gofmt on agent/config/runtime_test.go

* Update website/source/docs/agent/options.html.md

Co-Authored-By: Hans Hasselberg <me@hans.io>

* Update website/source/docs/agent/options.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* remove contentpath from redirectFS struct
2019-06-26 11:43:30 -05:00
Pierre Souchay 0e907f5aa8 Support for maximum size for Output of checks (#5233)
* Support for maximum size for Output of checks

This PR allows users to limit the size of output produced by checks at the agent 
and check level.

When set at the agent level, it will limit the output for all checks monitored
by the agent.

When set at the check level, it can override the agent max for a specific check but
only if it is lower than the agent max.

Default value is 4k, and input must be at least 1.
2019-06-26 09:43:25 -06:00
Michael Schurter 4c37598ad8 docs: small typo/wording fixes for envoy (#6018) 2019-06-26 09:34:58 -06:00
hashicorp-ci 4d185baf55 Merge Consul OSS branch 'master' at commit 88b15d84f9
skip-checks: true
2019-06-25 02:00:26 +00:00
Justin Weissig 88b15d84f9 docs: fixed typos on a few doc pages (#5870) 2019-06-24 15:25:57 -06:00
kaitlincarter-hc 48bc581470
[docs] New Glossary Page (#5999)
* Moved the glossary to a new page and removed the advanced warnings from all internals docs.

* Update website/source/layouts/docs.erb

Co-Authored-By: Judith Malnick <judith@hashicorp.com>

* Updates based on PR feedback

* Update website/source/docs/internals/index.html.md

* Update website/source/docs/internals/index.html.md

* Update website/source/docs/internals/index.html.md

* Update website/source/docs/internals/index.html.md

* Update website/source/docs/internals/index.html.md
2019-06-24 16:19:12 -05:00
kaitlincarter-hc ceff2e3baa
[docs] Architecture Node vs Agent (#6010)
* Upating the term node to be more clear

* Update website/source/docs/internals/architecture.html.md

* Update website/source/docs/internals/architecture.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Addressing the failure detection comment
2019-06-24 12:25:47 -05:00
Hans Hasselberg b36a14349d
docs: document reset license in enterprise (#5977) 2019-06-24 14:36:59 +02:00
Matt Keeler c10173c5bd Fix weird sentence in the proxy docs (#6002)
* Fix weird sentence in the proxy docs

* Update website/source/docs/connect/proxies.html.md
2019-06-21 10:01:00 -07:00
RJ Spiker d545ffa8b5 website - updates to home hero video carousel (#5932) 2019-06-20 20:06:29 -04:00
Sarah Christoff 8c821c1260
[docs] update documentation for connect-service-upstreams (#5422)
* update documentation for connect-service-upstreams

Adds documentation for services, multiple services, and prepared
query under connect-service-upstreams annotation.

* changing tone of voice

* active voice fix

* fixing spaces

* fixed order, added clarification for multiple upstreams

* Update website/source/docs/platform/k8s/connect.html.md

Co-Authored-By: s-christoff <sarah.christoff13@gmail.com>
2019-06-20 14:18:34 -05:00
kaitlincarter-hc cb80c7ba85
[docs] Sidecar Registration (#5998)
* missing service option

* fixing the second example
2019-06-20 12:31:17 -05:00
A. F 7a3c94677b fix invalid curl request (#5972) 2019-06-20 09:48:56 -05:00
kaitlincarter-hc 868d99a821
[docs] Internals (#5979)
* Updating internals docs for clarity

* Update website/source/docs/internals/consensus.html.md

Co-Authored-By: Hans Hasselberg <me@hans.io>
2019-06-18 12:12:39 -05:00
Andrei Burd 2fa2879504 docs: add agent to windows service (#5982) 2019-06-18 09:50:07 +02:00
Alvin Huang 3928878433
Support relative and external URL rewrites (#5970)
* switch to relative path redirects for non external links

* update website deploy script to support relative+full url redirects
2019-06-17 11:48:29 -04:00
Matt Keeler f3d9b999ee
Add tagged addresses for services (#5965)
This allows addresses to be tagged at the service level similar to what we allow for nodes already. The address translation that can be enabled with the `translate_wan_addrs` config was updated to take these new addresses into account as well.
2019-06-17 10:51:50 -04:00
Judith Malnick 4c5c69bdba
[docs] Correct typos in API agnet docs (#5966) 2019-06-14 09:30:41 -07:00
Judith Malnick 9915e22bc2
[docs] Reorganize connect documentation for clarity (#5864)
* clarify possibilities for centralized proxy configuration

* add line breaks to config entries file

* add info about centralized config to built in proxy doc

* mondify connect landing page to help with navigation

* move internals details to its own page

* link fixes and shortening text on main page

* put built-in proxy options on its own page

* add configuration details for connect

* clarify security title and add observability page

* reorganize menu

* remove observability from configuration section

* Update website/source/docs/connect/configuration.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/connect/index.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/agent/config_entries.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/connect/configuration.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* rename connect section to include service mesh

* reorganize sections per suggestions from paul

* add configuration edits from paul

* add internals edits from paul

* add observability edits from paul

* reorganize pages and menu

* Update website/source/docs/connect/configuration.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* menu corrections and edits

* incorporate some of pauls comments

* incorporate more of pauls comments

* Update website/source/docs/connect/configuration.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/connect/index.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/connect/index.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/connect/registration.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* incorporate kaitlin and pavanni feedback

* add redirect

* fix conflicts in index file

* Resolve conflicts in index file

* correct links for new organization

* Update website/source/docs/connect/proxies.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/connect/registration.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/connect/registration.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/connect/registration.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* add title to service registration page
2019-06-13 22:52:50 -07:00
Hans Hasselberg dce847a97a
Remove the misleading default separator for listing keys. (#5288)
The default separator for key listing is an empty string - the docs incorrectly made it seem as if this was `/`.
2019-06-14 00:06:18 +02:00
Justin Weissig 4cafff579e docs: fixed typos (#5854)
Fixed typos: alterative/alternative & communciation/communication
2019-06-14 00:05:32 +02:00
Hans Hasselberg 06e0bb4065
docs: wording (#5889)
Fixed wording: "will be resolve to the" -> "will be resolved to the".
2019-06-13 23:59:05 +02:00
Justin Weissig aa6ed1ff25 docs: fixed typo polices/policies (#5894)
Fixed typo: polices/policies.
2019-06-13 23:58:34 +02:00