Commit Graph

281 Commits

Author SHA1 Message Date
danielehc 1790b37a11
Adding warning for ACL replication data loss (#8210) 2020-08-18 17:48:37 -04:00
Jeff Escalante b1dc6a4a01
upgrade to latest docs-sidenav, fix some issues with the k8s section 2020-08-18 15:11:06 -04:00
danielehc 96916a770c
Refactor api-docs links to learn (#8488) 2020-08-17 18:20:02 +02:00
danielehc 5483988b5b
Refactor docs links to learn 2 (#8491)
* Refactor docs links to learn

* Apply suggestions from code review

Co-authored-by: Derek Strickland <1111455+DerekStrickland@users.noreply.github.com>

Co-authored-by: Derek Strickland <1111455+DerekStrickland@users.noreply.github.com>
2020-08-17 18:19:04 +02:00
danielehc f32b3d2cca
Refactor docs links to learn (#8490) 2020-08-17 18:17:51 +02:00
Derek Strickland 2bf85fae62
Added link to Secure Consul on K8S Tutorial (#8402) 2020-08-14 14:27:34 -04:00
Iryna Shustava 7f8e723dc2
docs: add docs to use Connect CA providers with Helm (#8464) 2020-08-13 14:29:59 -07:00
Derek Strickland 930d7d3158
Learn/link updates derek (#8487)
* Updated Learn url paths.

Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com>
2020-08-13 17:02:44 -04:00
Iryna Shustava cd3d6adbf4
docs: consul on k8s doesn't support external servers requiring mTLS (#8484) 2020-08-13 12:04:34 -07:00
Luke Kysow 7e5253bf04
Update k8s sync docs (#8452)
* Update k8s sync docs

- remove docs that said for nodeport service we register each instance
on a node with its same node name. We instead register each instance
onto the k8s-sync node
- add docs describing which ports and ips are used
2020-08-12 16:34:55 -07:00
Luke Kysow 0f99b63fc8
Document k8s sidecar resource annotations (#8455) 2020-08-12 16:34:17 -07:00
Iryna Shustava ed0fa4b3b1
docs: update helm chart ref (#8483)
No longer require servers to be running on k8s when
manageSystemACLs is true
2020-08-11 14:39:44 -07:00
Jack 77d0c33fc8
Specify allowed ingress gateway protocols in docs (#8454)
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2020-08-07 13:25:23 -06:00
Hans Hasselberg d316cd06c1
auto_config implies connect (#8433) 2020-08-07 12:02:02 +02:00
Rebecca Zanzig 18e9f925b8 Add lifecycle sidecar and init container resource settings docs 2020-08-06 15:11:54 -07:00
R.B. Boyer c599a2f5f4
xds: add support for envoy 1.15.0 and drop support for 1.11.x (#8424)
Related changes:

- hard-fail the xDS connection attempt if the envoy version is known to be too old to be supported
- remove the RouterMatchSafeRegex proxy feature since all supported envoy versions have it
- stop using --max-obj-name-len (due to: envoyproxy/envoy#11740)
2020-07-31 15:52:49 -05:00
Matt Keeler 6352766235
Add some auto-config docs (#8410)
We will probably want a tutorial about this in the future but for now at least we document it a little.
2020-07-30 12:10:25 -04:00
Blake Covarrubias a1a2c008a7 docs: Fix typo in -pid file description
Fix typo in `-pid` file option description. This change restores text
which was erroneously deleted in PR #736 with commit f41dce9.

Fixes #8388
2020-07-28 10:21:28 -07:00
Pierre Souchay 505de6dc29
Added ratelimit to handle throtling cache (#8226)
This implements a solution for #7863

It does:

    Add a new config cache.entry_fetch_rate to limit the number of calls/s for a given cache entry, default value = rate.Inf
    Add cache.entry_fetch_max_burst size of rate limit (default value = 2)

The new configuration now supports the following syntax for instance to allow 1 query every 3s:

    command line HCL: -hcl 'cache = { entry_fetch_rate = 0.333}'
    in JSON

{
  "cache": {
    "entry_fetch_rate": 0.333
  }
}
2020-07-27 23:11:11 +02:00
Blake Covarrubias af51b9e975 docs: Modify network segments limitation callout
Change the callout on the Network Segments page to specify the
limitation applies to versions of Consul prior to version 1.7.3.
2020-07-27 09:10:27 -07:00
Freddy cd27921885
Gateway tasks and overview (#8195)
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2020-07-24 15:07:36 -06:00
Luke Kysow 99d2f6658c
Update terminating-gateways.mdx
* fix formatting issue
* use a command that will work with any pod id
2020-07-23 09:19:33 -07:00
Brandon Romano 4075629319 Adds cloud offerings section to website 2020-07-23 01:21:15 -07:00
Kyle Schochenmaier edfdcd3d67
terminating gw docs (#8300)
* terminating gw docs
Co-authored-by: Rebecca Zanzig <16315901+adilyse@users.noreply.github.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2020-07-22 16:02:47 -05:00
Nathan Lacey ac6ab7c9f5
Add certificate disclaimer for TLS encryption (#8316)
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2020-07-21 10:38:03 -06:00
Joel Watson 49edce1076
docs: Add raft_multiplier default clarification (#8339) 2020-07-20 15:49:46 -06:00
Blake Covarrubias 1ec81bb20c docs: Fix heading for list prepared queries endpoint 2020-07-17 09:00:17 -07:00
Blake Covarrubias 340bc68e45
docs: Fix link to kv_max_value_size config option (#8322)
The sizing recommendation link should point to the config option for
tuning kv_max_value_size.
2020-07-16 14:13:06 -07:00
Sabeen Syed d0f222008c
Merge pull request #8259 from hashicorp/enterprise_docs_update
Consul Enterprise docs update
2020-07-16 15:34:15 -05:00
Kyle Schochenmaier 5f8825af96
Apply suggestions from code review 2020-07-15 18:24:55 -05:00
Kyle Schochenmaier eb6b9f4b37
Merge branch 'master' into k8s/gateway-setup-docs 2020-07-15 17:47:21 -05:00
Kyle Schochenmaier 1227974f43
ingress gw docs for k8s (#8291)
Co-authored-by: Derek Strickland 
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2020-07-15 17:45:20 -05:00
Jeff Escalante ecc406562a
Merge pull request #8230 from hashicorp/je.pin-deps
📌 Hard Pin Website Dependencies
2020-07-15 18:45:19 -04:00
Kyle Schochenmaier 8049aac526 remove term-gw until its ready to merge and update redirects 2020-07-15 17:38:23 -05:00
Hans Hasselberg 496fb5fc5b
add support for envoy 1.14.4, 1.13.4, 1.12.6 (#8216) 2020-07-13 15:44:44 -05:00
Chris Piraino 45a2987c6c
docs: add section for /health/ingress/:service API (#8108)
* docs: add section for /health/ingress/:service API

* Add documentation around consul version for API

* docs: add note about gateway-services API release version
2020-07-10 12:36:46 -05:00
Matt Keeler fb9517bae8
Merge pull request #8268 from hashicorp/feature/improved-version-output
Add Revision to version CLI output and add JSON support
2020-07-10 10:01:57 -04:00
R.B. Boyer 1eef096dfe
xds: version sniff envoy and switch regular expressions from 'regex' to 'safe_regex' on newer envoy versions (#8222)
- cut down on extra node metadata transmission
- split the golden file generation to compare all envoy version
2020-07-09 17:04:51 -05:00
Sabeen Syed afb888cc09 docs: Add Audit Logging page under Consul Enterprise 2020-07-08 18:16:12 -05:00
Jeff Escalante fa135ae285
update deps, format all files 2020-07-08 19:12:34 -04:00
Matt Keeler 680ac0c1c6
Add Revision to version CLI output and add JSON support
Also add JSON format support
2020-07-08 16:32:46 -04:00
JohnnyB 5e5dbedd47
Added undocumented CONSUL_NAMESPACE to website. (#8264) 2020-07-08 10:41:42 -04:00
Sabeen Syed 8a6ad77620 docs: Update Consul Enterprise Intro 2020-07-07 16:11:30 -05:00
Daniel Nephin 0cb9d0739f docs: dns_config.cache_max_age=0 2020-07-07 15:24:26 -04:00
Seth Hoenig a93e44f20c
docs: fix link to connect authorize endpoint (#8248)
/docs/connect/intentions has a broken link presumably meant
to go to /api-docs/agent/connect#authorize

This PR fixes the link.
2020-07-06 16:16:09 -05:00
Jono Sosulska 0cd4178a4c
Fix typos on commandline flags, updated config opts (#8227)
* Fix typos on commandline flags, updated config opts

- Added anchors to https://github.com/hashicorp/consul/pull/8223
- Fix Typos

Updated to include config file options as well as CLI.
2020-07-02 16:13:11 -04:00
Jeff Escalante 7f5a1223f6 drop out unused font 2020-07-02 14:22:29 -04:00
Jeff Escalante b449d7ab5d update dependencies, fapply upgrades, fix breaking changes 2020-07-02 14:22:29 -04:00
Blake Covarrubias 08c92ba880
docs: Fix formatting issues on built-in proxy page (#8005)
Fix markdown formatting and display issues on built-in proxy page.
2020-07-02 12:39:50 -04:00
Rémi Lapeyre 421b9e8ef1
Fix typo in configuration documentation (#7997) 2020-07-02 12:39:23 -04:00
kaitlincarter-hc b353b5f920
update landing page links to learn to specific guides (#8214) 2020-07-01 14:58:46 -05:00
André d06d9ef29e
Update lock.mdx (#8217)
Remove duplicated `-timeout` value.
2020-07-01 14:59:07 +02:00
Fatih Sarhan f6eaf74de2 docs: Fix typo on openstack cloud-auto-join 2020-06-29 13:56:01 -07:00
Seth Hoenig 95f46eb3ed
api/agent: enable setting SuccessBeforePassing and FailuresBeforeCritical in API (#7949)
Fixes #7764

Until now these two fields could only be set through on-disk agent configuration.
This change adds the fields to the agent API struct definition so that they can
be set using the agent HTTP API.
2020-06-29 14:52:35 +02:00
R.B. Boyer 462f0f37ed
connect: various changes to make namespaces for intentions work more like for other subsystems (#8194)
Highlights:

- add new endpoint to query for intentions by exact match

- using this endpoint from the CLI instead of the dump+filter approach

- enforcing that OSS can only read/write intentions with a SourceNS or
  DestinationNS field of "default".

- preexisting OSS intentions with now-invalid namespace fields will
  delete those intentions on initial election or for wildcard namespaces
  an attempt will be made to downgrade them to "default" unless one
  exists.

- also allow the '-namespace' CLI arg on all of the intention subcommands

- update lots of docs
2020-06-26 16:59:15 -05:00
Freddy e10058bc3f
Update website/pages/docs/acl/auth-methods/jwt.mdx
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2020-06-25 11:43:42 -06:00
freddygv 166da8f710 Remove remaining beta tags 2020-06-24 16:12:24 -06:00
freddygv 3f01e08ae0 Remove stray instruction 2020-06-24 16:12:08 -06:00
freddygv 98c5eb8868 Add docs for upstream destination's namespace 2020-06-24 16:11:44 -06:00
freddygv 394b1f2e7f Add tabs to config entry examples 2020-06-24 16:10:46 -06:00
Rebecca Zanzig 864e7f6ae0 Rearrange k8s connect docs to make space for gateways 2020-06-24 13:35:14 -07:00
Mike Morris 49fc7eb4bb
Update dev.mdx (#8090)
Remove ref to "virtual service" to avoid confusion with L7 routing virtual services, replace with "debug service".
2020-06-24 14:26:01 +02:00
Valery V. Vorotyntsev 3098bc8593
Fix quorum formula in consensus.mdx (#8166)
[Add & Remove Servers](https://learn.hashicorp.com/consul/day-2-operations/servers)
guide uses `(N/2)+1` quorum formula.  So does the
[Raft implementation](5927dcda05/raft.go (L909)).

Consensus Protocol document uses `(n+1)/2` formula.
This formula is not only different, it conflicts with the
[Deployment Table](https://www.consul.io/docs/internals/consensus.html#deployment_table)
in the same document; e.g., (6+1)/2 = 3, not 4.

Replace `(n+1)/2` with `(N/2)+1` in Consensus Protocol document.
2020-06-24 14:23:36 +02:00
Chris Piraino 2904cdac36
docs: Specify port in host for example (#8167)
This example shows a TLS enabled ingress config on a non-https port.
Currently, that means we require the port to be specified in one of the
host entries to route traffic.
2020-06-23 14:41:51 -05:00
freddygv c791fbc79c Update namespaces subject-verb agreement 2020-06-23 10:57:30 -06:00
Preetha 8bf0432fae
remove prerelease tag 2020-06-18 20:02:21 -05:00
Freddy 28f22c8a90
Finalize gateway documentation for 1.8.0 GA (#8121)
Co-authored-by: Derek Strickland <1111455+DerekStrickland@users.noreply.github.com>
2020-06-18 15:27:06 -06:00
Luke Kysow fcbed6da44
Remove consul:beta now that 1.8 is out. 2020-06-18 11:50:25 -07:00
Rebecca Zanzig ea8fbdc68f
Merge pull request #8126 from hashicorp/k8s/gateway-docs
Add helm chart options for ingress and terminating gateways
2020-06-18 11:30:59 -07:00
Jono Sosulska c8bee5a934
Fixing multiple document updates (#8135)
* Fixes #7663-ACL Token Reloadable#7432-Cipher Suites,#7385-KV Delete DC, raft list-peers docs

Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2020-06-18 14:10:45 -04:00
Rebecca Zanzig 5c7e62169d Add helm chart options for ingress and terminating gateways 2020-06-18 11:04:19 -07:00
Dexter Lowe 6e208a2120
#8059 Improve Clarity on TTL docs (#8141) 2020-06-18 13:53:43 -04:00
Chris Piraino bb103f22dd
Updates docs with ingress Host header clarifications (#8062)
* Updates docs with ingress Host header changes

Clarify that a Host header is required for L7 protocols, and specify
that the default is to use the Consul DNS ingress subdomain

* Add sentence about using '*' by itself for testing

* Add optional step for using L7 routing config

* Note that port numbers may need to be added in the Hosts field
2020-06-17 14:43:58 -05:00
wisp b29da31f94
Fixed a typo (#8132)
Fixed a little typo 🐰
2020-06-17 10:21:33 -04:00
David Yu fb1f043cdc
Formatting spaces between keys in Config entries (#8116)
* Formatting spaces between keys in Config entries

* Service Router spacing

* Missing Camel Case proxy-defaults

* Remove extra spaces service-splitter

* Remove extra spsaces service-resolver

* More spaces a la hclfmt

* Nice!

* Oh joy!

* More spaces on proxy-defaults

* Update website/pages/docs/agent/config-entries/proxy-defaults.mdx

Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-06-16 11:28:21 -07:00
Matt Keeler d3881dd754
ACL Node Identities (#7970)
A Node Identity is very similar to a service identity. Its main targeted use is to allow creating tokens for use by Consul agents that will grant the necessary permissions for all the typical agent operations (node registration, coordinate updates, anti-entropy).

Half of this commit is for golden file based tests of the acl token and role cli output. Another big updates was to refactor many of the tests in agent/consul/acl_endpoint_test.go to use the same style of tests and the same helpers. Besides being less boiler plate in the tests it also uses a common way of starting a test server with ACLs that should operate without any warnings regarding deprecated non-uuid master tokens etc.
2020-06-16 12:54:27 -04:00
David Yu fdac1d8add
Switching service-route, service-resolver, service-splitter examples to CamelCase (#8107)
* Switching service-route example to CamelCase

* Switch service-resovler examples to CamelCase

* Changing service-splitter examples to CamelCase
2020-06-15 14:14:36 -07:00
Spencer Owen 15b5142bca
docs: Fix ingress dns entry (#8072) 2020-06-15 15:15:33 -05:00
freddygv d97cff0966 Update telemetry for gateway-services endpoint 2020-06-12 14:44:36 -06:00
freddygv cd927eed5e Remove unused method and fixup docs ref 2020-06-12 13:47:43 -06:00
freddygv b2c66359ab Add docs 2020-06-12 13:47:43 -06:00
Hans Hasselberg e62a43c6cf
Support envoy 1.14.2, 1.13.2, 1.12.4 (#8057) 2020-06-10 23:20:17 +02:00
Mike Wickett 8fab683389
Merge pull request #8076 from hashicorp/nq.basic-hero-tertiary-link-support
[Website] Support tertiary-styled third links
2020-06-10 10:47:40 -04:00
Noel Quiles 1dfbd384da Support tertiary-styled third links
Get the tertiary links to wrap below buttons

Adjust color/spacing of tertiary via override

Remove overrides, implement custom link

Extract arrow icon to file

Increase top margin for third link

Apply Brandon's fixes

Co-authored-by: Brandon Romano <BrandonRRomano@gmail.com>
2020-06-09 22:43:05 -07:00
Daniel Nephin 08f1ed16b4
Merge pull request #7900 from hashicorp/dnephin/add-linter-staticcheck-2
intentions: fix a bug in Intention.SetHash
2020-06-09 15:40:20 -04:00
Kyle Havlovitz 0c8966220f
Merge pull request #8040 from hashicorp/ingress/expose-cli
Ingress expose CLI command
2020-06-09 12:11:23 -07:00
Kyle Havlovitz edab5588d8 Add -host flag to expose command 2020-06-08 16:59:47 -07:00
Blake Covarrubias dd1e4ffd0d docs: Fix rendering of markdown on performance page
Fix issue with markdown not being rendered on /docs/install/performance.mdx.

Resolves #8049
2020-06-08 10:29:47 -07:00
Hans Hasselberg 72f92ae7ca
agent: add option to disable agent cache for HTTP endpoints (#8023)
This allows the operator to disable agent caching for the http endpoint.
It is on by default for backwards compatibility and if disabled will
ignore the url parameter `cached`.
2020-06-08 10:08:12 +02:00
Krastin 9262d7a79a website: fix a link in docs/agent/options
fixing the link to gopsutil in the -disable-host-node-id option text body
2020-06-07 03:36:55 -07:00
Jeff Escalante 9977c1df80 a few more naming adjustments 2020-06-06 15:45:29 -04:00
Jeff Escalante f9051298c8 change page path, add redirect 2020-06-06 15:45:29 -04:00
Peter M 45f43476e8 Update Homepage Use Case Name and Link
resubmitting this PR to include a link change.
2020-06-06 15:45:29 -04:00
Peter M 8df640401b Updating NMA use case to reflect new name
Recently changed Network Middleware Automation use case to Network Infrastructure Automation, adding changes to the site to reflect this.
2020-06-06 15:00:03 -04:00
Kyle Havlovitz acae044df4 Document the namespace format for expose CLI command 2020-06-05 15:47:03 -07:00
Kyle Havlovitz ada9e2b3ab Add docs for expose command 2020-06-05 14:54:45 -07:00
Daniel Nephin ce6cc094a1 intentions: fix a bug in Intention.SetHash
Found using staticcheck.

binary.Write does not accept int types without a size. The error from binary.Write was ignored, so we never saw this error. Casting the data to uint64 produces a correct hash.

Also deprecate the Default{Addr,Port} fields, and prevent them from being encoded. These fields will always be empty and are not used.
Removing these would break backwards compatibility, so they are left in place for now.

Co-authored-by: Hans Hasselberg <me@hans.io>
2020-06-05 14:51:43 -04:00
Freddy 9ed325ba8b
Enable gateways to resolve hostnames to IPv4 addresses (#7999)
The DNS resolution will be handled by Envoy and defaults to LOGICAL_DNS. This discovery type can be overridden on a per-gateway basis with the envoy_dns_discovery_type Gateway Option.

If a service contains an instance with a hostname as an address we set the Envoy cluster to use DNS as the discovery type rather than EDS. Since both mesh gateways and terminating gateways route to clusters using SNI, whenever there is a mix of hostnames and IP addresses associated with a service we use the hostname + CDS rather than the IPs + EDS.

Note that we detect hostnames by attempting to parse the service instance's address as an IP. If it is not a valid IP we assume it is a hostname.
2020-06-03 15:28:45 -06:00
Kevin Pruett 9b0d0de178
Merge pull request #8002 from pruett/pruett.quickfix-acl-docs
Add newline to fix rendering bug
2020-06-03 17:21:52 -04:00
Jono Sosulska 66ee9c3bb2
Updating Stopping Agent Section (#8016)
Fixes #6935 to clarify agent behavior.
2020-06-03 17:08:49 -04:00