Commit Graph

14379 Commits

Author SHA1 Message Date
Daniel Nephin a96aca3a63 Merge pull request #10400 from hashicorp/dnephin/api-client-response-body
api: properly close the response body
2021-06-15 15:54:24 +00:00
Blake Covarrubias d8f9789c26 docs: Add example of escaping tracing JSON using jq 2021-06-14 23:24:19 +00:00
Blake Covarrubias 028996a308 docs: Add note about configurable KV size in FAQ 2021-06-14 23:22:21 +00:00
R.B. Boyer f72774618d xds: ensure that dependent xDS resources are reconfigured during primary type warming (#10381)
Updates to a cluster will clear the associated endpoints, and updates to
a listener will clear the associated routes. Update the incremental xDS
logic to account for this implicit cleanup so that we can finish warming
the clusters and listeners.

Fixes #10379
2021-06-14 22:21:04 +00:00
Freddy 645e406ca0 Rename CatalogDestinationsOnly (#10397)
CatalogDestinationsOnly is a passthrough that would enable dialing
addresses outside of Consul's catalog. However, when this flag is set to
true only _connect_ endpoints for services can be dialed.

This flag is being renamed to signal that non-Connect endpoints can't be
dialed by transparent proxies when the value is set to true.
2021-06-14 20:15:58 +00:00
R.B. Boyer 976ed0fdba grpc: move gRPC INFO logs to be emitted as TRACE logs from Consul (#10395)
Fixes #10183
2021-06-14 20:14:37 +00:00
Freddy f6e32892dc Relax validation for expose.paths config (#10394)
Previously we would return an error if duplicate paths were specified.
This could lead to problems in cases where a user has the same path,
say /healthz, on two different ports.

This validation was added to signal a potential misconfiguration.
Instead we will only check for duplicate listener ports, since that is
what would lead to ambiguity issues when generating xDS config.

In the future we could look into using a single listener and creating
distinct filter chains for each path/port.
2021-06-14 20:04:50 +00:00
Dhia Ayachi 6de0cb747a upgrade golang crypto from 0.0.0-20200930160638-afb6bcd081ae => v0.0.0-20210513164829-c07d793c2f9a (#10390) 2021-06-14 16:39:38 +00:00
Luke Kysow 86cc952e7f Update k8s term gateway docs to make address clear (#10389)
Previously if you were to follow these docs and register two external
services, you would set the Address field on the node. The second
registered service would change the address of the node for the first
service.

Now the docs explain the address key and how to register more than one
external service.
2021-06-14 16:16:19 +00:00
Peter M 8b421dafb4 Homepage CTA button to point to Learn (#10380)
redirecting users to learn instead of to the download page.
2021-06-11 21:51:44 +00:00
Daniel Nephin a5524f26c0 Merge pull request #10378 from hashicorp/dnephin/agent-self-primary-dc
http: add PrimaryDatacenter to the /v1/agent/self  response
2021-06-11 17:45:04 +00:00
Peter M 6bc29b713f Homepage Hero Upgrade w/ Alert (#10377)
* updating hero with ecs info

* updates to hero

* Include back the Basic Hero styles

The basic hero is still used on the use case pages

* Revert the tsconfig changes

Nothing in the scope of this PR requires these changes!

* Remove the old Carousel CSS file

This is no longer needed as we're using the @hashicorp/react-hero
which comes with all the styling required for this carousel to work.

* Rename ConsulHero -> HomepageHero imports/exports

This will help prevent any confusion for future devs here -- this is a
convention we have that helps us from having to trace every import,
which helps us find the source of the component without actually having
to look at the import.

* Pin the deps

These were previously pinned to the exact version; including ^ will
allow minor & patch updates to sneak in, which normally shouldn't cause
an issue but we tend to be more conservative on dep upgrades.

* Revert unneeded changes to the document file

* Revert changes to app.js file

Not needed in the scope of this PR!

* Hard pin react-alert

* Remove unneeded css

Co-authored-by: Brandon Romano <brandon@hashicorp.com>
2021-06-10 22:32:37 +00:00
Nick Wales 8bd29f735c Aligns audit log code example (#10371) 2021-06-10 18:43:10 +00:00
R.B. Boyer 1872f0a665 docs: update envoy docs for changes related to xDS v2->v3 and SoTW->Incremental (#10166)
Fixes #10098
2021-06-10 16:03:07 +00:00
hc-github-team-consul-core e8fdefc772 Putting source back into Dev Mode 2021-06-10 00:48:37 +00:00
hc-github-team-consul-core 477a6c73e9
Release v1.10.0-beta4 2021-06-10 00:14:48 +00:00
hc-github-team-consul-core d4bfdafff4
update bindata_assetfs.go 2021-06-10 00:14:47 +00:00
freddygv dd831d5d4b Update CHANGELOG.md 2021-06-09 17:50:24 -06:00
Freddy 168073c4dc Add flag for transparent proxies to dial individual instances (#10329) 2021-06-09 20:39:37 +00:00
Brandon Romano 46dc5639ce Merge pull request #10366 from hashicorp/pcmccarron-ecs-additions
Adding ECS copy and other edits
2021-06-09 16:21:39 +00:00
Daniel Nephin e5baf32f22 Merge pull request #10367 from hashicorp/dnephin/submatview-store-get-tests
submatview: add test cases for store.Get with timeout and no index
2021-06-09 15:54:22 +00:00
Mike Wickett e61974471e Merge pull request #10369 from hashicorp/mw.post-hashiconf-alert-banner
Adjust alert banner for the end of HashiConf
2021-06-09 15:03:51 +00:00
Daniel Nephin 84eba733e7 Merge pull request #10169 from hashicorp/dnephin/streaming-docs
docs: add streaming to api-docs
2021-06-08 20:15:34 +00:00
Daniel Nephin 1ed213470c Merge pull request #10364 from hashicorp/dnephin/streaming-e2e-test
submatview: and Store integration test with stream backend
2021-06-08 20:14:25 +00:00
Freddy f0fe3cf4a6 Revert "Avoid adding original_dst filter when not needed" (#10365) 2021-06-08 19:19:31 +00:00
Mike Morris 5ce7517f54 website: bump latest binary version to 1.9.6 2021-06-08 12:36:07 +00:00
Brandon Romano 91272f2d27 Merge pull request #10333 from hashicorp/ks.website/updates-alert-banner
chore: updates alert banner
2021-06-08 11:21:28 +00:00
Dhia Ayachi 3717ab0991 generate a single debug file for a long duration capture (#10279)
* debug: remove the CLI check for debug_enabled

The API allows collecting profiles even debug_enabled=false as long as
ACLs are enabled. Remove this check from the CLI so that users do not
need to set debug_enabled=true for no reason.

Also:
- fix the API client to return errors on non-200 status codes for debug
  endpoints
- improve the failure messages when pprof data can not be collected

Co-Authored-By: Dhia Ayachi <dhia@hashicorp.com>

* remove parallel test runs

parallel runs create a race condition that fail the debug tests

* snapshot the timestamp at the beginning of the capture

- timestamp used to create the capture sub folder is snapshot only at the beginning of the capture and reused for subsequent captures
- capture append to the file if it already exist

* Revert "snapshot the timestamp at the beginning of the capture"

This reverts commit c2d03346

* Refactor captureDynamic to extract capture logic for each item in a different func

* snapshot the timestamp at the beginning of the capture

- timestamp used to create the capture sub folder is snapshot only at the beginning of the capture and reused for subsequent captures
- capture append to the file if it already exist

* Revert "snapshot the timestamp at the beginning of the capture"

This reverts commit c2d03346

* Refactor captureDynamic to extract capture logic for each item in a different func

* extract wait group outside the go routine to avoid a race condition

* capture pprof in a separate go routine

* perform a single capture for pprof data for the whole duration

* add missing vendor dependency

* add a change log and fix documentation to reflect the change

* create function for timestamp dir creation and simplify error handling

* use error groups and ticker to simplify interval capture loop

* Logs, profile and traces are captured for the full duration. Metrics, Heap and Go routines are captured every interval

* refactor Logs capture routine and add log capture specific test

* improve error reporting when log test fail

* change test duration to 1s

* make time parsing in log line more robust

* refactor log time format in a const

* test on log line empty the earliest possible and return

Co-authored-by: Freddy <freddygv@users.noreply.github.com>

* rename function to captureShortLived

* more specific changelog

Co-authored-by: Paul Banks <banks@banksco.de>

* update documentation to reflect current implementation

* add test for behavior when invalid param is passed to the command

* fix argument line in test

* a more detailed description of the new behaviour

Co-authored-by: Paul Banks <banks@banksco.de>

* print success right after the capture is done

* remove an unnecessary error check

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* upgraded github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57 => v0.0.0-20210601050228-01bbb1931b22

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
Co-authored-by: Paul Banks <banks@banksco.de>
2021-06-07 17:12:49 +00:00
allisaurus a12ce30023 docs: Improve ECS routing example nesting (#10316) 2021-06-07 16:29:08 +00:00
Dhia Ayachi c14439045f fix monitor to only start the monitor in json format when requested (#10358)
* fix monitor to only start the monitor in json format when requested

* add release notes

* add test to validate json format when requested
2021-06-07 16:09:26 +00:00
Mark Anderson 884135eae5 Docs for Unix Domain Sockets (#10252)
* Docs for Unix Domain Sockets

There are a number of cases where a user might wish to either 1)
expose a service through a Unix Domain Socket in the filesystem
('downstream') or 2) connect to an upstream service by a local unix
domain socket (upstream).
As of Consul (1.10-beta2) we've added new syntax and support to configure
the Envoy proxy to support this
To connect to a service via local Unix Domain Socket instead of a
port, add local_bind_socket_path and optionally local_bind_socket_mode
to the upstream config for a service:
    upstreams = [
      {
         destination_name = "service-1"
         local_bind_socket_path = "/tmp/socket_service_1"
         local_bind_socket_mode = "0700"
	 ...
      }
      ...
    ]
This will cause Envoy to create a socket with the path and mode
provided, and connect that to service-1
The mode field is optional, and if omitted will use the default mode
for Envoy. This is not applicable for abstract sockets. See
https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/address.proto#envoy-v3-api-msg-config-core-v3-pipe
for details
NOTE: These options conflict the local_bind_socket_port and
local_bind_socket_address options. We can bind to an port or we can
bind to a socket, but not both.
To expose a service listening on a Unix Domain socket to the service
mesh use either the 'socket_path' field in the service definition or the
'local_service_socket_path' field in the proxy definition. These
fields are analogous to the 'port' and 'service_port' fields in their
respective locations.
    services {
      name = "service-2"
      socket_path = "/tmp/socket_service_2"
      ...
    }
OR
    proxy {
      local_service_socket_path = "/tmp/socket_service_2"
      ...
    }
There is no mode field since the service is expected to create the
socket it is listening on, not the Envoy proxy.
Again, the socket_path and local_service_socket_path fields conflict
with address/port and local_service_address/local_service_port
configuration entries.
Set up a simple service mesh with dummy services:
socat -d UNIX-LISTEN:/tmp/downstream.sock,fork UNIX-CONNECT:/tmp/upstream.sock
socat -v tcp-l:4444,fork exec:/bin/cat
services {
  name = "sock_forwarder"
  id = "sock_forwarder.1"
  socket_path = "/tmp/downstream.sock"
  connect {
    sidecar_service {
      proxy {
	upstreams = [
	  {
	    destination_name = "echo-service"
	    local_bind_socket_path = "/tmp/upstream.sock"
	    config {
	      passive_health_check {
		interval = "10s"
		max_failures = 42
	      }
	    }
	  }
	]
      }
    }
  }
}
services {
  name = "echo-service"
  port = 4444
  connect = { sidecar_service {} }
Kind = "ingress-gateway"
Name = "ingress-service"
Listeners = [
 {
   Port = 8080
   Protocol = "tcp"
   Services = [
     {
       Name = "sock_forwarder"
     }
   ]
 }
]
consul agent -dev -enable-script-checks -config-dir=./consul.d
consul connect envoy -sidecar-for sock_forwarder.1
consul connect envoy -sidecar-for echo-service -admin-bind localhost:19001
consul config write ingress-gateway.hcl
consul connect envoy -gateway=ingress -register -service ingress-service -address '{{ GetInterfaceIP "eth0" }}:8888' -admin-bind localhost:19002
netcat 127.0.0.1 4444
netcat 127.0.0.1 8080

Signed-off-by: Mark Anderson <manderson@hashicorp.com>

* fixup Unix capitalization

Signed-off-by: Mark Anderson <manderson@hashicorp.com>

* Update website/content/docs/connect/registration/service-registration.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Provide examples in hcl and json

Signed-off-by: Mark Anderson <manderson@hashicorp.com>

* Apply suggestions from code review

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* One more fixup for docs

Signed-off-by: Mark Anderson <manderson@hashicorp.com>

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-06-05 01:55:07 +00:00
Jeff Escalante d81aa604e3 rotate algolia api key (#10297) 2021-06-04 23:55:16 +00:00
Matt Keeler 4c6ba21b1d Add license inspect command documentation and changelog (#10351)
Also reformatted another changelog entry.
2021-06-04 18:33:53 +00:00
Daniel Nephin 6327c3fb3f Merge pull request #10348 from hashicorp/dnephin/fix-submatview-store-bug
submatview: fix a bug with Store.Get
2021-06-04 16:06:56 +00:00
Matt Keeler 7530f0f346 Follow on to PR 10336 (#10343)
There was some PR feedback that came in just after I merged that other PR. This addresses that feedback.
2021-06-03 16:30:19 +00:00
Daniel Nephin f4a6ab97dc Merge pull request #10338 from hashicorp/dnephin/fix-logging-indent
agent: remove leading whitespace from agent log lines
2021-06-03 16:21:20 +00:00
Paul Ewing a9c2f6a741 usagemetrics: add cluster members to metrics API (#10340)
This PR adds cluster members to the metrics API. The number of members per
segment are reported as well as the total number of members.

Tested by running a multi-node cluster locally and ensuring the numbers were
correct. Also added unit test coverage to add the new expected gauges to
existing test cases.
2021-06-03 15:26:35 +00:00
Matt Keeler d50875f48f Merge pull request #10336 from hashicorp/docs/licensing-updates
[Docs] Update documentation with information about v1.10 licensing changes.
2021-06-03 14:51:28 +00:00
Daniel Nephin 749a0b01c3 Merge pull request #10334 from hashicorp/dnephin/grpc-fix-resolver-data-race
grpc: fix resolver data race
2021-06-02 17:24:05 +00:00
Jimmy Merritello 8197d2c063 Fix broken link (#10335) 2021-06-02 14:33:50 +00:00
Jimmy Merritello 4632e043e6 [Website] WIP - Update Homepage (#10314)
* Initial structure for updated homepage

* Bring back <UseCases />

* Add section stubs

* Add ecosystem section

* Add features section

* Iron out features section

* Add Learn Callout section

* Copy updates

* Better together copy

* Add updated copy & swap assets

* Remove comment & just add existing icon for now

* Copy and asset tweaks

* Remove unwanted copy

* Process the codeblock

* Add transparent img

* Swap for transparent img

* More transparent img

* Use Learn cards pattern

* Rearrange img and finishing padding touches
2021-06-02 14:23:31 +00:00
Daniel Nephin 3e08c33cea Merge pull request #10325 from hashicorp/docs/clarify-acl-set-agent-token-persistence
docs: Clarify set-agent-token token persistence behavior
2021-06-01 20:48:27 +00:00
Daniel Nephin 07a1b7d081 Merge pull request #10324 from hashicorp/dnephin/fix-envoy-bootstrap-exec
envoy: fix deadlock when input is larger than named pipe buffer size
2021-06-01 17:03:26 +00:00
Daniel Nephin cab82ca5a0 Merge pull request #9556 from hashicorp/dnephin/add-more-cache-key-completness-tests
structs: Add more cache key completeness tests
2021-06-01 15:28:34 +00:00
Dhia Ayachi db23df862c debug: remove the CLI check for debug_enabled (#10273)
* debug: remove the CLI check for debug_enabled

The API allows collecting profiles even debug_enabled=false as long as
ACLs are enabled. Remove this check from the CLI so that users do not
need to set debug_enabled=true for no reason.

Also:
- fix the API client to return errors on non-200 status codes for debug
  endpoints
- improve the failure messages when pprof data can not be collected

Co-Authored-By: Dhia Ayachi <dhia@hashicorp.com>

* remove parallel test runs

parallel runs create a race condition that fail the debug tests

* Add changelog

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-05-31 18:46:42 +00:00
Blake Covarrubias 5bae906c45 docs: Fix agent token name under ACL Agent Token
Reference the correct name of the agent token in the ACL Agent Token
section for the ACL System docs.
2021-05-31 17:53:47 +00:00
Stanko 44ddd863ac ui: Fix broken link format in ECS install page 2021-05-27 21:13:17 +00:00
Mike Morris d7d775fc64 Merge branch 'stable-website' into release/1.10.x 2021-05-27 17:00:00 -04:00
allisaurus e145640199 Add note about new ECS ARN format to ECS docs (#10304)
* docs: Add note about ECS task ARN format to ECS docs
2021-05-27 18:02:37 +00:00
allisaurus ce2ed0a8f5 Add note about new ECS ARN format to ECS docs (#10304)
* docs: Add note about ECS task ARN format to ECS docs
2021-05-27 18:02:34 +00:00