Commit Graph

178 Commits

Author SHA1 Message Date
R.B. Boyer c599a2f5f4
xds: add support for envoy 1.15.0 and drop support for 1.11.x (#8424)
Related changes:

- hard-fail the xDS connection attempt if the envoy version is known to be too old to be supported
- remove the RouterMatchSafeRegex proxy feature since all supported envoy versions have it
- stop using --max-obj-name-len (due to: envoyproxy/envoy#11740)
2020-07-31 15:52:49 -05:00
Matt Keeler 6352766235
Add some auto-config docs (#8410)
We will probably want a tutorial about this in the future but for now at least we document it a little.
2020-07-30 12:10:25 -04:00
Blake Covarrubias a1a2c008a7 docs: Fix typo in -pid file description
Fix typo in `-pid` file option description. This change restores text
which was erroneously deleted in PR #736 with commit f41dce9.

Fixes #8388
2020-07-28 10:21:28 -07:00
Pierre Souchay 505de6dc29
Added ratelimit to handle throtling cache (#8226)
This implements a solution for #7863

It does:

    Add a new config cache.entry_fetch_rate to limit the number of calls/s for a given cache entry, default value = rate.Inf
    Add cache.entry_fetch_max_burst size of rate limit (default value = 2)

The new configuration now supports the following syntax for instance to allow 1 query every 3s:

    command line HCL: -hcl 'cache = { entry_fetch_rate = 0.333}'
    in JSON

{
  "cache": {
    "entry_fetch_rate": 0.333
  }
}
2020-07-27 23:11:11 +02:00
Blake Covarrubias af51b9e975 docs: Modify network segments limitation callout
Change the callout on the Network Segments page to specify the
limitation applies to versions of Consul prior to version 1.7.3.
2020-07-27 09:10:27 -07:00
Freddy cd27921885
Gateway tasks and overview (#8195)
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2020-07-24 15:07:36 -06:00
Luke Kysow 99d2f6658c
Update terminating-gateways.mdx
* fix formatting issue
* use a command that will work with any pod id
2020-07-23 09:19:33 -07:00
Kyle Schochenmaier edfdcd3d67
terminating gw docs (#8300)
* terminating gw docs
Co-authored-by: Rebecca Zanzig <16315901+adilyse@users.noreply.github.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2020-07-22 16:02:47 -05:00
Nathan Lacey ac6ab7c9f5
Add certificate disclaimer for TLS encryption (#8316)
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2020-07-21 10:38:03 -06:00
Joel Watson 49edce1076
docs: Add raft_multiplier default clarification (#8339) 2020-07-20 15:49:46 -06:00
Blake Covarrubias 340bc68e45
docs: Fix link to kv_max_value_size config option (#8322)
The sizing recommendation link should point to the config option for
tuning kv_max_value_size.
2020-07-16 14:13:06 -07:00
Sabeen Syed d0f222008c
Merge pull request #8259 from hashicorp/enterprise_docs_update
Consul Enterprise docs update
2020-07-16 15:34:15 -05:00
Kyle Schochenmaier 5f8825af96
Apply suggestions from code review 2020-07-15 18:24:55 -05:00
Kyle Schochenmaier eb6b9f4b37
Merge branch 'master' into k8s/gateway-setup-docs 2020-07-15 17:47:21 -05:00
Kyle Schochenmaier 1227974f43
ingress gw docs for k8s (#8291)
Co-authored-by: Derek Strickland 
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2020-07-15 17:45:20 -05:00
Jeff Escalante ecc406562a
Merge pull request #8230 from hashicorp/je.pin-deps
📌 Hard Pin Website Dependencies
2020-07-15 18:45:19 -04:00
Kyle Schochenmaier 8049aac526 remove term-gw until its ready to merge and update redirects 2020-07-15 17:38:23 -05:00
Hans Hasselberg 496fb5fc5b
add support for envoy 1.14.4, 1.13.4, 1.12.6 (#8216) 2020-07-13 15:44:44 -05:00
Matt Keeler fb9517bae8
Merge pull request #8268 from hashicorp/feature/improved-version-output
Add Revision to version CLI output and add JSON support
2020-07-10 10:01:57 -04:00
R.B. Boyer 1eef096dfe
xds: version sniff envoy and switch regular expressions from 'regex' to 'safe_regex' on newer envoy versions (#8222)
- cut down on extra node metadata transmission
- split the golden file generation to compare all envoy version
2020-07-09 17:04:51 -05:00
Sabeen Syed afb888cc09 docs: Add Audit Logging page under Consul Enterprise 2020-07-08 18:16:12 -05:00
Jeff Escalante fa135ae285
update deps, format all files 2020-07-08 19:12:34 -04:00
Matt Keeler 680ac0c1c6
Add Revision to version CLI output and add JSON support
Also add JSON format support
2020-07-08 16:32:46 -04:00
JohnnyB 5e5dbedd47
Added undocumented CONSUL_NAMESPACE to website. (#8264) 2020-07-08 10:41:42 -04:00
Sabeen Syed 8a6ad77620 docs: Update Consul Enterprise Intro 2020-07-07 16:11:30 -05:00
Daniel Nephin 0cb9d0739f docs: dns_config.cache_max_age=0 2020-07-07 15:24:26 -04:00
Seth Hoenig a93e44f20c
docs: fix link to connect authorize endpoint (#8248)
/docs/connect/intentions has a broken link presumably meant
to go to /api-docs/agent/connect#authorize

This PR fixes the link.
2020-07-06 16:16:09 -05:00
Jono Sosulska 0cd4178a4c
Fix typos on commandline flags, updated config opts (#8227)
* Fix typos on commandline flags, updated config opts

- Added anchors to https://github.com/hashicorp/consul/pull/8223
- Fix Typos

Updated to include config file options as well as CLI.
2020-07-02 16:13:11 -04:00
Blake Covarrubias 08c92ba880
docs: Fix formatting issues on built-in proxy page (#8005)
Fix markdown formatting and display issues on built-in proxy page.
2020-07-02 12:39:50 -04:00
Rémi Lapeyre 421b9e8ef1
Fix typo in configuration documentation (#7997) 2020-07-02 12:39:23 -04:00
André d06d9ef29e
Update lock.mdx (#8217)
Remove duplicated `-timeout` value.
2020-07-01 14:59:07 +02:00
Fatih Sarhan f6eaf74de2 docs: Fix typo on openstack cloud-auto-join 2020-06-29 13:56:01 -07:00
R.B. Boyer 462f0f37ed
connect: various changes to make namespaces for intentions work more like for other subsystems (#8194)
Highlights:

- add new endpoint to query for intentions by exact match

- using this endpoint from the CLI instead of the dump+filter approach

- enforcing that OSS can only read/write intentions with a SourceNS or
  DestinationNS field of "default".

- preexisting OSS intentions with now-invalid namespace fields will
  delete those intentions on initial election or for wildcard namespaces
  an attempt will be made to downgrade them to "default" unless one
  exists.

- also allow the '-namespace' CLI arg on all of the intention subcommands

- update lots of docs
2020-06-26 16:59:15 -05:00
Freddy e10058bc3f
Update website/pages/docs/acl/auth-methods/jwt.mdx
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2020-06-25 11:43:42 -06:00
freddygv 166da8f710 Remove remaining beta tags 2020-06-24 16:12:24 -06:00
freddygv 3f01e08ae0 Remove stray instruction 2020-06-24 16:12:08 -06:00
freddygv 98c5eb8868 Add docs for upstream destination's namespace 2020-06-24 16:11:44 -06:00
freddygv 394b1f2e7f Add tabs to config entry examples 2020-06-24 16:10:46 -06:00
Rebecca Zanzig 864e7f6ae0 Rearrange k8s connect docs to make space for gateways 2020-06-24 13:35:14 -07:00
Mike Morris 49fc7eb4bb
Update dev.mdx (#8090)
Remove ref to "virtual service" to avoid confusion with L7 routing virtual services, replace with "debug service".
2020-06-24 14:26:01 +02:00
Valery V. Vorotyntsev 3098bc8593
Fix quorum formula in consensus.mdx (#8166)
[Add & Remove Servers](https://learn.hashicorp.com/consul/day-2-operations/servers)
guide uses `(N/2)+1` quorum formula.  So does the
[Raft implementation](5927dcda05/raft.go (L909)).

Consensus Protocol document uses `(n+1)/2` formula.
This formula is not only different, it conflicts with the
[Deployment Table](https://www.consul.io/docs/internals/consensus.html#deployment_table)
in the same document; e.g., (6+1)/2 = 3, not 4.

Replace `(n+1)/2` with `(N/2)+1` in Consensus Protocol document.
2020-06-24 14:23:36 +02:00
Chris Piraino 2904cdac36
docs: Specify port in host for example (#8167)
This example shows a TLS enabled ingress config on a non-https port.
Currently, that means we require the port to be specified in one of the
host entries to route traffic.
2020-06-23 14:41:51 -05:00
Freddy 28f22c8a90
Finalize gateway documentation for 1.8.0 GA (#8121)
Co-authored-by: Derek Strickland <1111455+DerekStrickland@users.noreply.github.com>
2020-06-18 15:27:06 -06:00
Luke Kysow fcbed6da44
Remove consul:beta now that 1.8 is out. 2020-06-18 11:50:25 -07:00
Rebecca Zanzig ea8fbdc68f
Merge pull request #8126 from hashicorp/k8s/gateway-docs
Add helm chart options for ingress and terminating gateways
2020-06-18 11:30:59 -07:00
Jono Sosulska c8bee5a934
Fixing multiple document updates (#8135)
* Fixes #7663-ACL Token Reloadable#7432-Cipher Suites,#7385-KV Delete DC, raft list-peers docs

Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2020-06-18 14:10:45 -04:00
Rebecca Zanzig 5c7e62169d Add helm chart options for ingress and terminating gateways 2020-06-18 11:04:19 -07:00
Chris Piraino bb103f22dd
Updates docs with ingress Host header clarifications (#8062)
* Updates docs with ingress Host header changes

Clarify that a Host header is required for L7 protocols, and specify
that the default is to use the Consul DNS ingress subdomain

* Add sentence about using '*' by itself for testing

* Add optional step for using L7 routing config

* Note that port numbers may need to be added in the Hosts field
2020-06-17 14:43:58 -05:00
David Yu fb1f043cdc
Formatting spaces between keys in Config entries (#8116)
* Formatting spaces between keys in Config entries

* Service Router spacing

* Missing Camel Case proxy-defaults

* Remove extra spaces service-splitter

* Remove extra spsaces service-resolver

* More spaces a la hclfmt

* Nice!

* Oh joy!

* More spaces on proxy-defaults

* Update website/pages/docs/agent/config-entries/proxy-defaults.mdx

Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-06-16 11:28:21 -07:00
Matt Keeler d3881dd754
ACL Node Identities (#7970)
A Node Identity is very similar to a service identity. Its main targeted use is to allow creating tokens for use by Consul agents that will grant the necessary permissions for all the typical agent operations (node registration, coordinate updates, anti-entropy).

Half of this commit is for golden file based tests of the acl token and role cli output. Another big updates was to refactor many of the tests in agent/consul/acl_endpoint_test.go to use the same style of tests and the same helpers. Besides being less boiler plate in the tests it also uses a common way of starting a test server with ACLs that should operate without any warnings regarding deprecated non-uuid master tokens etc.
2020-06-16 12:54:27 -04:00
David Yu fdac1d8add
Switching service-route, service-resolver, service-splitter examples to CamelCase (#8107)
* Switching service-route example to CamelCase

* Switch service-resovler examples to CamelCase

* Changing service-splitter examples to CamelCase
2020-06-15 14:14:36 -07:00
Spencer Owen 15b5142bca
docs: Fix ingress dns entry (#8072) 2020-06-15 15:15:33 -05:00
freddygv d97cff0966 Update telemetry for gateway-services endpoint 2020-06-12 14:44:36 -06:00
freddygv b2c66359ab Add docs 2020-06-12 13:47:43 -06:00
Hans Hasselberg e62a43c6cf
Support envoy 1.14.2, 1.13.2, 1.12.4 (#8057) 2020-06-10 23:20:17 +02:00
Kyle Havlovitz 0c8966220f
Merge pull request #8040 from hashicorp/ingress/expose-cli
Ingress expose CLI command
2020-06-09 12:11:23 -07:00
Kyle Havlovitz edab5588d8 Add -host flag to expose command 2020-06-08 16:59:47 -07:00
Blake Covarrubias dd1e4ffd0d docs: Fix rendering of markdown on performance page
Fix issue with markdown not being rendered on /docs/install/performance.mdx.

Resolves #8049
2020-06-08 10:29:47 -07:00
Hans Hasselberg 72f92ae7ca
agent: add option to disable agent cache for HTTP endpoints (#8023)
This allows the operator to disable agent caching for the http endpoint.
It is on by default for backwards compatibility and if disabled will
ignore the url parameter `cached`.
2020-06-08 10:08:12 +02:00
Krastin 9262d7a79a website: fix a link in docs/agent/options
fixing the link to gopsutil in the -disable-host-node-id option text body
2020-06-07 03:36:55 -07:00
Kyle Havlovitz acae044df4 Document the namespace format for expose CLI command 2020-06-05 15:47:03 -07:00
Kyle Havlovitz ada9e2b3ab Add docs for expose command 2020-06-05 14:54:45 -07:00
Freddy 9ed325ba8b
Enable gateways to resolve hostnames to IPv4 addresses (#7999)
The DNS resolution will be handled by Envoy and defaults to LOGICAL_DNS. This discovery type can be overridden on a per-gateway basis with the envoy_dns_discovery_type Gateway Option.

If a service contains an instance with a hostname as an address we set the Envoy cluster to use DNS as the discovery type rather than EDS. Since both mesh gateways and terminating gateways route to clusters using SNI, whenever there is a mix of hostnames and IP addresses associated with a service we use the hostname + CDS rather than the IPs + EDS.

Note that we detect hostnames by attempting to parse the service instance's address as an IP. If it is not a valid IP we assume it is a hostname.
2020-06-03 15:28:45 -06:00
Kevin Pruett 9b0d0de178
Merge pull request #8002 from pruett/pruett.quickfix-acl-docs
Add newline to fix rendering bug
2020-06-03 17:21:52 -04:00
Jono Sosulska 66ee9c3bb2
Updating Stopping Agent Section (#8016)
Fixes #6935 to clarify agent behavior.
2020-06-03 17:08:49 -04:00
Kevin Pruett bf0b5055f1
Add newline to fix rendering bug 2020-06-03 15:21:06 -04:00
Derek Strickland 9795b19e27
Added guideLinks prop for UseCaseLayout component and linked terminating gateways guide from documentation. (#7998) 2020-06-02 10:40:07 -04:00
R.B. Boyer 833211c14c
acl: allow auth methods created in the primary datacenter to optionally create global tokens (#7899) 2020-06-01 11:44:47 -05:00
R.B. Boyer ffb9c7d6f7
acl: remove the deprecated `acl_enforce_version_8` option (#7991)
Fixes #7292
2020-05-29 16:16:03 -05:00
Jono Sosulska c554ba9e10
Replace whitelist/blacklist terminology with allowlist/denylist (#7971)
* Replace whitelist/blacklist terminology with allowlist/denylist
2020-05-29 14:19:16 -04:00
Chris Piraino 6c444ba24c
Remove underscores from gateway URL paths (#7962) 2020-05-28 14:19:17 -05:00
Luke Kysow db6f876b59
Merge pull request #7936 from hashicorp/helm-k8s-mgw
Helm docs for k8s mesh gateways and federation
2020-05-28 10:51:03 -07:00
Luke Kysow 6409c488ee
Helm docs for k8s mesh gateways and federation 2020-05-28 10:49:59 -07:00
Luke Kysow 85b20d3713
Merge pull request #7944 from hashicorp/k8s-mgw-docs-update
Update for consul:1.8.0-beta2
2020-05-25 11:26:28 -07:00
Luke Kysow 56e2a98aea
Update for consul:1.8.0-beta2 2020-05-25 11:26:09 -07:00
Jeff Escalante 326ec30d68 update dependencies 2020-05-21 14:50:45 -04:00
Freddy 3dd8b66aa2
Update ingress/terminating gateway ACL docs (#7891) 2020-05-20 09:27:25 -06:00
Patrice Krakow 746bf9b7e2
docs: change "is" to "can be" in connect docs (#7902)
The doc says: "When the Connect injector is installed, the Connect sidecar is automatically added to all pods." But, it depends on the configuration, so I think it's better to say: "When the Connect injector is installed, the Connect sidecar can automatically added to all pods."
2020-05-20 12:40:24 +02:00
Pierre Souchay e9d176db2a
Allow to restrict servers that can join a given Serf Consul cluster. (#7628)
Based on work done in https://github.com/hashicorp/memberlist/pull/196
this allows to restrict the IP ranges that can join a given Serf cluster
and be a member of the cluster.

Restrictions on IPs can be done separatly using 2 new differents flags
and config options to restrict IPs for LAN and WAN Serf.
2020-05-20 11:31:19 +02:00
R.B. Boyer 89a6492033
docs: remove todos (#7922)
Fixes #7921
2020-05-19 15:19:06 -05:00
R.B. Boyer 228284758b
docs: update the 'consul tls' command docs to match the current flags (#7911) 2020-05-18 12:01:14 -05:00
David Yu e226a21c3e
Unindenting to remove shell pre-formatting (#7890) 2020-05-14 15:04:53 -06:00
Luke Kysow 5355c07bc1
Documentation for wan fed via mgw on k8s 2020-05-14 09:09:18 -07:00
Mike Morris 9cbbff5318
docs: add audit logging docs to agent configuration (#7880) 2020-05-13 20:59:00 -04:00
Preetha 33888bccad
temporarily remove link that 404s
will be readded later when page is available
2020-05-13 19:11:13 -05:00
Freddy 56dccd2b95
Add beta tags to gateway docs (#7876) 2020-05-13 15:47:20 -06:00
Chris Piraino 98005a79c4
Ingress and Terminating Gateway docs (#7710)
This PR contains documentation additions for ingress and terminating gateways. New pages for the config-entries and overall feature description were added, as well as various additions to related pages.

Co-authored-by: Jono Sosulska <42216911+jsosulska@users.noreply.github.com>
Co-authored-by: freddygv <gh@freddygv.xyz>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
Co-authored-by: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>
2020-05-13 16:29:40 -05:00
Preetha 0a77ea2bfc
Merge pull request #7823 from hashicorp/docs-wanfed-mesh
Redo PR #7430 for new website (docs for WAN federation over mesh gateways)
2020-05-13 14:22:18 -05:00
R.B. Boyer 44d10e4894
docs: docs for jwt and oidc auth methods (#7847) 2020-05-13 14:14:03 -05:00
Preetha Appan 9d7ce4c621 added links, removed todo 2020-05-13 14:11:58 -05:00
Freddy ccd0822539
Use proxy-id in gateway auto-registration (#7845) 2020-05-13 11:56:53 -06:00
jsosulska 78e9766b2b Update FAQ with Compat Matrix information 2020-05-12 19:43:56 -04:00
Jono Sosulska 57096f8410
Update FAQ + formatting (#7816)
* Update FAQ + formatting

* Fix 80 chars lines in FAQ
2020-05-12 19:36:49 -04:00
Preetha Appan 8ce0a2509b Clean up placeholder diagrams, rename file to use dashes 2020-05-12 16:34:59 -05:00
Marek Vavruša 81aeb06a2e
docs: fix misleading example for HTTP healthcheck (#7773)
The documentation says the `header` field has type `map[string][]string`,
but the example has `map[string]string`.
2020-05-12 11:45:46 +02:00
Preetha Appan c32de785a0 Add Beta super script to page title
also moves version availability to below feature title
2020-05-11 14:59:17 -05:00
Iryna Shustava cd5a539c38
docs: add docs for configuring ACLs with external servers (#7802) 2020-05-11 11:26:10 -07:00
Preetha Appan a4ec82102e Add beta superscript to docs title for wan federation over mesh gateways 2020-05-08 18:25:41 -05:00
Preetha Appan cf56325196 Redo PR #7430 for new website
Still has todos and diagrams to be added
2020-05-08 18:07:45 -05:00
Daniel Nephin eaa05d623a xds: Add passive health check config for upstreams 2020-05-08 14:56:57 -04:00