Commit Graph

14494 Commits

Author SHA1 Message Date
hc-github-team-consul-core 5d9ff1df92
update bindata_assetfs.go 2021-06-17 21:45:27 +00:00
Mike Morris 8a986f476b changelog: add unreleased entry for proxycfg bug fix 2021-06-17 17:40:35 -04:00
Freddy 89748d805a Merge pull request #10423 from hashicorp/fix-map 2021-06-17 19:56:26 +00:00
hc-github-team-consul-core af64bb9730 Putting source back into Dev Mode 2021-06-16 22:57:08 +00:00
hc-github-team-consul-core dc4f271d50
Release v1.10.0-rc 2021-06-16 22:24:02 +00:00
hc-github-team-consul-core b2331f599d
update bindata_assetfs.go 2021-06-16 22:24:01 +00:00
freddygv 2297cb9fd4 Update CHANGELOG.md 2021-06-16 16:11:40 -06:00
Freddy c1c2002cbd Merge pull request #10418 from hashicorp/changelog/eula-toe 2021-06-16 21:12:44 +00:00
Ashwin Venkatesh 76b082d5f0 Update k8s license docs to account for license autoload 2021-06-16 19:00:12 +00:00
R.B. Boyer 6441b4b2c7 xds: fix flaky protocol tests (#10410) 2021-06-16 16:58:34 +00:00
Freddy fc86420955 Merge pull request #10404 from hashicorp/ingress-stats 2021-06-15 20:28:43 +00:00
R.B. Boyer 0958f1dc3c xds: adding more delta protocol tests (#10398)
Fixes #10125
2021-06-15 20:21:42 +00:00
Freddy f300a1fadb Omit empty tproxy config in JSON responses (#10402) 2021-06-15 19:54:11 +00:00
Nitya Dhanushkodi c9e5177b35 proxycfg: Ensure that endpoints for explicit upstreams in other datacenters are watched in transparent mode (#10391)
Co-authored-by: Freddy Vallenilla <freddy@hashicorp.com>
2021-06-15 18:03:52 +00:00
Dhia Ayachi d4aa152850 improve monitor performance (#10368)
* remove flush for each write to http response in the agent monitor endpoint

* fix race condition when we stop and start monitor multiple times, the doneCh is closed and never recover.

* start log reading goroutine before adding the sink to avoid filling the log channel before getting a chance of reading from it

* flush every 500ms to optimize log writing in the http server side.

* add changelog file

* add issue url to changelog

* fix changelog url

* Update changelog

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* use ticker to flush and avoid race condition when flushing in a different goroutine

* stop the ticker when done

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* Revert "fix race condition when we stop and start monitor multiple times, the doneCh is closed and never recover."

This reverts commit 1eeddf7a

* wait for log consumer loop to start before registering the sink

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-06-15 16:23:20 +00:00
Daniel Nephin a96aca3a63 Merge pull request #10400 from hashicorp/dnephin/api-client-response-body
api: properly close the response body
2021-06-15 15:54:24 +00:00
Blake Covarrubias d8f9789c26 docs: Add example of escaping tracing JSON using jq 2021-06-14 23:24:19 +00:00
Blake Covarrubias 028996a308 docs: Add note about configurable KV size in FAQ 2021-06-14 23:22:21 +00:00
R.B. Boyer f72774618d xds: ensure that dependent xDS resources are reconfigured during primary type warming (#10381)
Updates to a cluster will clear the associated endpoints, and updates to
a listener will clear the associated routes. Update the incremental xDS
logic to account for this implicit cleanup so that we can finish warming
the clusters and listeners.

Fixes #10379
2021-06-14 22:21:04 +00:00
Freddy 645e406ca0 Rename CatalogDestinationsOnly (#10397)
CatalogDestinationsOnly is a passthrough that would enable dialing
addresses outside of Consul's catalog. However, when this flag is set to
true only _connect_ endpoints for services can be dialed.

This flag is being renamed to signal that non-Connect endpoints can't be
dialed by transparent proxies when the value is set to true.
2021-06-14 20:15:58 +00:00
R.B. Boyer 976ed0fdba grpc: move gRPC INFO logs to be emitted as TRACE logs from Consul (#10395)
Fixes #10183
2021-06-14 20:14:37 +00:00
Freddy f6e32892dc Relax validation for expose.paths config (#10394)
Previously we would return an error if duplicate paths were specified.
This could lead to problems in cases where a user has the same path,
say /healthz, on two different ports.

This validation was added to signal a potential misconfiguration.
Instead we will only check for duplicate listener ports, since that is
what would lead to ambiguity issues when generating xDS config.

In the future we could look into using a single listener and creating
distinct filter chains for each path/port.
2021-06-14 20:04:50 +00:00
Dhia Ayachi 6de0cb747a upgrade golang crypto from 0.0.0-20200930160638-afb6bcd081ae => v0.0.0-20210513164829-c07d793c2f9a (#10390) 2021-06-14 16:39:38 +00:00
Luke Kysow 86cc952e7f Update k8s term gateway docs to make address clear (#10389)
Previously if you were to follow these docs and register two external
services, you would set the Address field on the node. The second
registered service would change the address of the node for the first
service.

Now the docs explain the address key and how to register more than one
external service.
2021-06-14 16:16:19 +00:00
Peter M 8b421dafb4 Homepage CTA button to point to Learn (#10380)
redirecting users to learn instead of to the download page.
2021-06-11 21:51:44 +00:00
Daniel Nephin a5524f26c0 Merge pull request #10378 from hashicorp/dnephin/agent-self-primary-dc
http: add PrimaryDatacenter to the /v1/agent/self  response
2021-06-11 17:45:04 +00:00
Peter M 6bc29b713f Homepage Hero Upgrade w/ Alert (#10377)
* updating hero with ecs info

* updates to hero

* Include back the Basic Hero styles

The basic hero is still used on the use case pages

* Revert the tsconfig changes

Nothing in the scope of this PR requires these changes!

* Remove the old Carousel CSS file

This is no longer needed as we're using the @hashicorp/react-hero
which comes with all the styling required for this carousel to work.

* Rename ConsulHero -> HomepageHero imports/exports

This will help prevent any confusion for future devs here -- this is a
convention we have that helps us from having to trace every import,
which helps us find the source of the component without actually having
to look at the import.

* Pin the deps

These were previously pinned to the exact version; including ^ will
allow minor & patch updates to sneak in, which normally shouldn't cause
an issue but we tend to be more conservative on dep upgrades.

* Revert unneeded changes to the document file

* Revert changes to app.js file

Not needed in the scope of this PR!

* Hard pin react-alert

* Remove unneeded css

Co-authored-by: Brandon Romano <brandon@hashicorp.com>
2021-06-10 22:32:37 +00:00
Nick Wales 8bd29f735c Aligns audit log code example (#10371) 2021-06-10 18:43:10 +00:00
R.B. Boyer 1872f0a665 docs: update envoy docs for changes related to xDS v2->v3 and SoTW->Incremental (#10166)
Fixes #10098
2021-06-10 16:03:07 +00:00
hc-github-team-consul-core e8fdefc772 Putting source back into Dev Mode 2021-06-10 00:48:37 +00:00
hc-github-team-consul-core 477a6c73e9
Release v1.10.0-beta4 2021-06-10 00:14:48 +00:00
hc-github-team-consul-core d4bfdafff4
update bindata_assetfs.go 2021-06-10 00:14:47 +00:00
freddygv dd831d5d4b Update CHANGELOG.md 2021-06-09 17:50:24 -06:00
Freddy 168073c4dc Add flag for transparent proxies to dial individual instances (#10329) 2021-06-09 20:39:37 +00:00
Brandon Romano 46dc5639ce Merge pull request #10366 from hashicorp/pcmccarron-ecs-additions
Adding ECS copy and other edits
2021-06-09 16:21:39 +00:00
Daniel Nephin e5baf32f22 Merge pull request #10367 from hashicorp/dnephin/submatview-store-get-tests
submatview: add test cases for store.Get with timeout and no index
2021-06-09 15:54:22 +00:00
Mike Wickett e61974471e Merge pull request #10369 from hashicorp/mw.post-hashiconf-alert-banner
Adjust alert banner for the end of HashiConf
2021-06-09 15:03:51 +00:00
Daniel Nephin 84eba733e7 Merge pull request #10169 from hashicorp/dnephin/streaming-docs
docs: add streaming to api-docs
2021-06-08 20:15:34 +00:00
Daniel Nephin 1ed213470c Merge pull request #10364 from hashicorp/dnephin/streaming-e2e-test
submatview: and Store integration test with stream backend
2021-06-08 20:14:25 +00:00
Freddy f0fe3cf4a6 Revert "Avoid adding original_dst filter when not needed" (#10365) 2021-06-08 19:19:31 +00:00
Mike Morris 5ce7517f54 website: bump latest binary version to 1.9.6 2021-06-08 12:36:07 +00:00
Brandon Romano 91272f2d27 Merge pull request #10333 from hashicorp/ks.website/updates-alert-banner
chore: updates alert banner
2021-06-08 11:21:28 +00:00
Dhia Ayachi 3717ab0991 generate a single debug file for a long duration capture (#10279)
* debug: remove the CLI check for debug_enabled

The API allows collecting profiles even debug_enabled=false as long as
ACLs are enabled. Remove this check from the CLI so that users do not
need to set debug_enabled=true for no reason.

Also:
- fix the API client to return errors on non-200 status codes for debug
  endpoints
- improve the failure messages when pprof data can not be collected

Co-Authored-By: Dhia Ayachi <dhia@hashicorp.com>

* remove parallel test runs

parallel runs create a race condition that fail the debug tests

* snapshot the timestamp at the beginning of the capture

- timestamp used to create the capture sub folder is snapshot only at the beginning of the capture and reused for subsequent captures
- capture append to the file if it already exist

* Revert "snapshot the timestamp at the beginning of the capture"

This reverts commit c2d03346

* Refactor captureDynamic to extract capture logic for each item in a different func

* snapshot the timestamp at the beginning of the capture

- timestamp used to create the capture sub folder is snapshot only at the beginning of the capture and reused for subsequent captures
- capture append to the file if it already exist

* Revert "snapshot the timestamp at the beginning of the capture"

This reverts commit c2d03346

* Refactor captureDynamic to extract capture logic for each item in a different func

* extract wait group outside the go routine to avoid a race condition

* capture pprof in a separate go routine

* perform a single capture for pprof data for the whole duration

* add missing vendor dependency

* add a change log and fix documentation to reflect the change

* create function for timestamp dir creation and simplify error handling

* use error groups and ticker to simplify interval capture loop

* Logs, profile and traces are captured for the full duration. Metrics, Heap and Go routines are captured every interval

* refactor Logs capture routine and add log capture specific test

* improve error reporting when log test fail

* change test duration to 1s

* make time parsing in log line more robust

* refactor log time format in a const

* test on log line empty the earliest possible and return

Co-authored-by: Freddy <freddygv@users.noreply.github.com>

* rename function to captureShortLived

* more specific changelog

Co-authored-by: Paul Banks <banks@banksco.de>

* update documentation to reflect current implementation

* add test for behavior when invalid param is passed to the command

* fix argument line in test

* a more detailed description of the new behaviour

Co-authored-by: Paul Banks <banks@banksco.de>

* print success right after the capture is done

* remove an unnecessary error check

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* upgraded github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57 => v0.0.0-20210601050228-01bbb1931b22

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
Co-authored-by: Paul Banks <banks@banksco.de>
2021-06-07 17:12:49 +00:00
allisaurus a12ce30023 docs: Improve ECS routing example nesting (#10316) 2021-06-07 16:29:08 +00:00
Dhia Ayachi c14439045f fix monitor to only start the monitor in json format when requested (#10358)
* fix monitor to only start the monitor in json format when requested

* add release notes

* add test to validate json format when requested
2021-06-07 16:09:26 +00:00
Mark Anderson 884135eae5 Docs for Unix Domain Sockets (#10252)
* Docs for Unix Domain Sockets

There are a number of cases where a user might wish to either 1)
expose a service through a Unix Domain Socket in the filesystem
('downstream') or 2) connect to an upstream service by a local unix
domain socket (upstream).
As of Consul (1.10-beta2) we've added new syntax and support to configure
the Envoy proxy to support this
To connect to a service via local Unix Domain Socket instead of a
port, add local_bind_socket_path and optionally local_bind_socket_mode
to the upstream config for a service:
    upstreams = [
      {
         destination_name = "service-1"
         local_bind_socket_path = "/tmp/socket_service_1"
         local_bind_socket_mode = "0700"
	 ...
      }
      ...
    ]
This will cause Envoy to create a socket with the path and mode
provided, and connect that to service-1
The mode field is optional, and if omitted will use the default mode
for Envoy. This is not applicable for abstract sockets. See
https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/address.proto#envoy-v3-api-msg-config-core-v3-pipe
for details
NOTE: These options conflict the local_bind_socket_port and
local_bind_socket_address options. We can bind to an port or we can
bind to a socket, but not both.
To expose a service listening on a Unix Domain socket to the service
mesh use either the 'socket_path' field in the service definition or the
'local_service_socket_path' field in the proxy definition. These
fields are analogous to the 'port' and 'service_port' fields in their
respective locations.
    services {
      name = "service-2"
      socket_path = "/tmp/socket_service_2"
      ...
    }
OR
    proxy {
      local_service_socket_path = "/tmp/socket_service_2"
      ...
    }
There is no mode field since the service is expected to create the
socket it is listening on, not the Envoy proxy.
Again, the socket_path and local_service_socket_path fields conflict
with address/port and local_service_address/local_service_port
configuration entries.
Set up a simple service mesh with dummy services:
socat -d UNIX-LISTEN:/tmp/downstream.sock,fork UNIX-CONNECT:/tmp/upstream.sock
socat -v tcp-l:4444,fork exec:/bin/cat
services {
  name = "sock_forwarder"
  id = "sock_forwarder.1"
  socket_path = "/tmp/downstream.sock"
  connect {
    sidecar_service {
      proxy {
	upstreams = [
	  {
	    destination_name = "echo-service"
	    local_bind_socket_path = "/tmp/upstream.sock"
	    config {
	      passive_health_check {
		interval = "10s"
		max_failures = 42
	      }
	    }
	  }
	]
      }
    }
  }
}
services {
  name = "echo-service"
  port = 4444
  connect = { sidecar_service {} }
Kind = "ingress-gateway"
Name = "ingress-service"
Listeners = [
 {
   Port = 8080
   Protocol = "tcp"
   Services = [
     {
       Name = "sock_forwarder"
     }
   ]
 }
]
consul agent -dev -enable-script-checks -config-dir=./consul.d
consul connect envoy -sidecar-for sock_forwarder.1
consul connect envoy -sidecar-for echo-service -admin-bind localhost:19001
consul config write ingress-gateway.hcl
consul connect envoy -gateway=ingress -register -service ingress-service -address '{{ GetInterfaceIP "eth0" }}:8888' -admin-bind localhost:19002
netcat 127.0.0.1 4444
netcat 127.0.0.1 8080

Signed-off-by: Mark Anderson <manderson@hashicorp.com>

* fixup Unix capitalization

Signed-off-by: Mark Anderson <manderson@hashicorp.com>

* Update website/content/docs/connect/registration/service-registration.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Provide examples in hcl and json

Signed-off-by: Mark Anderson <manderson@hashicorp.com>

* Apply suggestions from code review

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* One more fixup for docs

Signed-off-by: Mark Anderson <manderson@hashicorp.com>

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-06-05 01:55:07 +00:00
Jeff Escalante d81aa604e3 rotate algolia api key (#10297) 2021-06-04 23:55:16 +00:00
Matt Keeler 4c6ba21b1d Add license inspect command documentation and changelog (#10351)
Also reformatted another changelog entry.
2021-06-04 18:33:53 +00:00
Daniel Nephin 6327c3fb3f Merge pull request #10348 from hashicorp/dnephin/fix-submatview-store-bug
submatview: fix a bug with Store.Get
2021-06-04 16:06:56 +00:00
Matt Keeler 7530f0f346 Follow on to PR 10336 (#10343)
There was some PR feedback that came in just after I merged that other PR. This addresses that feedback.
2021-06-03 16:30:19 +00:00