Commit Graph

220 Commits

Author SHA1 Message Date
Karl Cardenas c3e23c1ec9 docs: added more questions and marking ready for review 2021-06-10 10:16:56 -10:00
Nick Wales 119960211d
Aligns audit log code example (#10371) 2021-06-10 11:41:53 -07:00
R.B. Boyer dbca996c3c
docs: update envoy docs for changes related to xDS v2->v3 and SoTW->Incremental (#10166)
Fixes #10098
2021-06-10 10:59:54 -05:00
Karl Cardenas 97bcee3be6 docs: adding an faq in preperation for Consul Enterprise 1.10.0 2021-06-09 12:08:45 -10:00
Freddy 429f9d8bb8
Add flag for transparent proxies to dial individual instances (#10329) 2021-06-09 14:34:17 -06:00
Daniel Nephin 8b9ec040c3 docs: move streaming docs to blocking query page 2021-06-08 14:17:53 -04:00
Daniel Nephin c19d5d831b docs: try to improve health api doc terminology 2021-06-08 13:10:32 -04:00
Daniel Nephin 61423fbd28 Document streaming on service health endpoint 2021-06-08 13:10:32 -04:00
Daniel Nephin e93e7d0152 docs: Add streaming to api features 2021-06-08 13:10:32 -04:00
Dhia Ayachi 005ad9e46d
generate a single debug file for a long duration capture (#10279)
* debug: remove the CLI check for debug_enabled

The API allows collecting profiles even debug_enabled=false as long as
ACLs are enabled. Remove this check from the CLI so that users do not
need to set debug_enabled=true for no reason.

Also:
- fix the API client to return errors on non-200 status codes for debug
  endpoints
- improve the failure messages when pprof data can not be collected

Co-Authored-By: Dhia Ayachi <dhia@hashicorp.com>

* remove parallel test runs

parallel runs create a race condition that fail the debug tests

* snapshot the timestamp at the beginning of the capture

- timestamp used to create the capture sub folder is snapshot only at the beginning of the capture and reused for subsequent captures
- capture append to the file if it already exist

* Revert "snapshot the timestamp at the beginning of the capture"

This reverts commit c2d03346

* Refactor captureDynamic to extract capture logic for each item in a different func

* snapshot the timestamp at the beginning of the capture

- timestamp used to create the capture sub folder is snapshot only at the beginning of the capture and reused for subsequent captures
- capture append to the file if it already exist

* Revert "snapshot the timestamp at the beginning of the capture"

This reverts commit c2d03346

* Refactor captureDynamic to extract capture logic for each item in a different func

* extract wait group outside the go routine to avoid a race condition

* capture pprof in a separate go routine

* perform a single capture for pprof data for the whole duration

* add missing vendor dependency

* add a change log and fix documentation to reflect the change

* create function for timestamp dir creation and simplify error handling

* use error groups and ticker to simplify interval capture loop

* Logs, profile and traces are captured for the full duration. Metrics, Heap and Go routines are captured every interval

* refactor Logs capture routine and add log capture specific test

* improve error reporting when log test fail

* change test duration to 1s

* make time parsing in log line more robust

* refactor log time format in a const

* test on log line empty the earliest possible and return

Co-authored-by: Freddy <freddygv@users.noreply.github.com>

* rename function to captureShortLived

* more specific changelog

Co-authored-by: Paul Banks <banks@banksco.de>

* update documentation to reflect current implementation

* add test for behavior when invalid param is passed to the command

* fix argument line in test

* a more detailed description of the new behaviour

Co-authored-by: Paul Banks <banks@banksco.de>

* print success right after the capture is done

* remove an unnecessary error check

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* upgraded github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57 => v0.0.0-20210601050228-01bbb1931b22

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
Co-authored-by: Paul Banks <banks@banksco.de>
2021-06-07 13:00:51 -04:00
allisaurus 6dbfec50ce
docs: Improve ECS routing example nesting (#10316) 2021-06-07 09:28:06 -07:00
Mark Anderson 1bf3dc5a5f
Docs for Unix Domain Sockets (#10252)
* Docs for Unix Domain Sockets

There are a number of cases where a user might wish to either 1)
expose a service through a Unix Domain Socket in the filesystem
('downstream') or 2) connect to an upstream service by a local unix
domain socket (upstream).
As of Consul (1.10-beta2) we've added new syntax and support to configure
the Envoy proxy to support this
To connect to a service via local Unix Domain Socket instead of a
port, add local_bind_socket_path and optionally local_bind_socket_mode
to the upstream config for a service:
    upstreams = [
      {
         destination_name = "service-1"
         local_bind_socket_path = "/tmp/socket_service_1"
         local_bind_socket_mode = "0700"
	 ...
      }
      ...
    ]
This will cause Envoy to create a socket with the path and mode
provided, and connect that to service-1
The mode field is optional, and if omitted will use the default mode
for Envoy. This is not applicable for abstract sockets. See
https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/address.proto#envoy-v3-api-msg-config-core-v3-pipe
for details
NOTE: These options conflict the local_bind_socket_port and
local_bind_socket_address options. We can bind to an port or we can
bind to a socket, but not both.
To expose a service listening on a Unix Domain socket to the service
mesh use either the 'socket_path' field in the service definition or the
'local_service_socket_path' field in the proxy definition. These
fields are analogous to the 'port' and 'service_port' fields in their
respective locations.
    services {
      name = "service-2"
      socket_path = "/tmp/socket_service_2"
      ...
    }
OR
    proxy {
      local_service_socket_path = "/tmp/socket_service_2"
      ...
    }
There is no mode field since the service is expected to create the
socket it is listening on, not the Envoy proxy.
Again, the socket_path and local_service_socket_path fields conflict
with address/port and local_service_address/local_service_port
configuration entries.
Set up a simple service mesh with dummy services:
socat -d UNIX-LISTEN:/tmp/downstream.sock,fork UNIX-CONNECT:/tmp/upstream.sock
socat -v tcp-l:4444,fork exec:/bin/cat
services {
  name = "sock_forwarder"
  id = "sock_forwarder.1"
  socket_path = "/tmp/downstream.sock"
  connect {
    sidecar_service {
      proxy {
	upstreams = [
	  {
	    destination_name = "echo-service"
	    local_bind_socket_path = "/tmp/upstream.sock"
	    config {
	      passive_health_check {
		interval = "10s"
		max_failures = 42
	      }
	    }
	  }
	]
      }
    }
  }
}
services {
  name = "echo-service"
  port = 4444
  connect = { sidecar_service {} }
Kind = "ingress-gateway"
Name = "ingress-service"
Listeners = [
 {
   Port = 8080
   Protocol = "tcp"
   Services = [
     {
       Name = "sock_forwarder"
     }
   ]
 }
]
consul agent -dev -enable-script-checks -config-dir=./consul.d
consul connect envoy -sidecar-for sock_forwarder.1
consul connect envoy -sidecar-for echo-service -admin-bind localhost:19001
consul config write ingress-gateway.hcl
consul connect envoy -gateway=ingress -register -service ingress-service -address '{{ GetInterfaceIP "eth0" }}:8888' -admin-bind localhost:19002
netcat 127.0.0.1 4444
netcat 127.0.0.1 8080

Signed-off-by: Mark Anderson <manderson@hashicorp.com>

* fixup Unix capitalization

Signed-off-by: Mark Anderson <manderson@hashicorp.com>

* Update website/content/docs/connect/registration/service-registration.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Provide examples in hcl and json

Signed-off-by: Mark Anderson <manderson@hashicorp.com>

* Apply suggestions from code review

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* One more fixup for docs

Signed-off-by: Mark Anderson <manderson@hashicorp.com>

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-06-04 18:54:31 -07:00
Matt Keeler af3ffdf4c8
Add license inspect command documentation and changelog (#10351)
Also reformatted another changelog entry.
2021-06-04 14:33:13 -04:00
Matt Keeler c5dc729dda
Follow on to PR 10336 (#10343)
There was some PR feedback that came in just after I merged that other PR. This addresses that feedback.
2021-06-03 12:29:41 -04:00
Paul Ewing 42a51b1a2c
usagemetrics: add cluster members to metrics API (#10340)
This PR adds cluster members to the metrics API. The number of members per
segment are reported as well as the total number of members.

Tested by running a multi-node cluster locally and ensuring the numbers were
correct. Also added unit test coverage to add the new expected gauges to
existing test cases.
2021-06-03 08:25:53 -07:00
Matt Keeler ca423c80b9 Add enterprise v1.10 specific upgrade notes. 2021-06-03 10:48:16 -04:00
Matt Keeler 4222242f1c Add licensing information to snapshot agent docs. 2021-06-03 10:48:16 -04:00
Matt Keeler aeaeec15e8 Add deprecation/removal notices regarding the APIs/CLI commands for licensing that are going away.
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2021-06-03 10:48:16 -04:00
Matt Keeler f3595f5394 Update licensing docs for 1.10 licensing 2021-06-03 10:47:33 -04:00
Matt Keeler 6b7ca99a69 Add licensing telemetry docs. 2021-06-03 10:47:33 -04:00
Blake Covarrubias 2196262eab docs: Clarify set-agent-token token persistence behavior
Clarify that tokens configured via `set-agent-token` will not be
persisted if `acl.enable_token_persistence` is `false`.
2021-05-31 16:08:43 -07:00
Blake Covarrubias 665e052e96 docs: Fix agent token name under ACL Agent Token
Reference the correct name of the agent token in the ACL Agent Token
section for the ACL System docs.
2021-05-31 10:52:15 -07:00
Stanko b130f355ee ui: Fix broken link format in ECS install page 2021-05-27 14:11:04 -07:00
allisaurus 0b52545c01
Add note about new ECS ARN format to ECS docs (#10304)
* docs: Add note about ECS task ARN format to ECS docs
2021-05-27 10:59:28 -07:00
Luke Kysow 78af667ed0
Consul ecs docs (#10288)
* ECS docs
2021-05-26 11:25:06 -07:00
Jono Sosulska 835bf2640f
Update Kubernetes docs to point to install pages. (#10293)
Adds more clear indicators that the collections on the learn.hashicorp.com sites have specific instructions for single node deployments.
Co-Authored by: soonoo <qpseh2m7@gmail.com>
2021-05-25 15:36:09 -04:00
Karl Cardenas 2e952324b1 docs: rename enterprise to Consul enterprise 2021-05-24 13:55:17 -07:00
Jono Sosulska bb07d1a30f
Updating Consul Glossary with more industry standard terms (#10074)
* Update glossary.mdx

1. Update header to the first section to "Consul Vocabulary" since these are the terms used in the context of Consul conversations.
2. Kept the header "Consul Glossary" since these are the terms useful for practitioners in the consul space.
3. Removed interlinking to terms on the same page.

Co-authored-by: Hans Hasselberg <me@hans.io>
Co-authored-by: Swarna Podila <swarnap@users.noreply.github.com>
2021-05-24 15:44:03 -04:00
allisaurus e4aad106c9
docs: fix Amazon EKS service name (#10280) 2021-05-21 15:58:13 -07:00
Sabeen Syed ce958e7218
Docs: Add link for new Cisco TF module (#10268) 2021-05-21 08:48:58 -05:00
Dhia Ayachi e527c191ae docs: Add example ACL policy for snapshot agent
Co-Authored-By: Blake Covarrubias <blake@covarrubi.as>
2021-05-20 14:41:29 -04:00
Paul Banks 8233328e48
Fix doc note since we switched authorization mechanism in 1.9 (#10266) 2021-05-20 16:28:38 +01:00
Dhia Ayachi 7dc78b39c9
docs: update register check docs (closes #6635) (#10261)
Update register check documentation clarify that Id returns as CheckId in the response

Co-Authored-By: Shaker Islam <shaqq@users.noreply.github.com>

Co-authored-by: Shaker Islam <shaqq@users.noreply.github.com>
2021-05-19 20:24:54 -04:00
Karl Cardenas 498a698ffa Merge branch 'master' of github.com:hashicorp/consul into consul-documentation-update 2021-05-17 07:20:06 -07:00
R.B. Boyer ede14b7c54
xds: emit a labeled gauge of connected xDS streams by version (#10243)
Fixes #10099
2021-05-14 13:59:13 -05:00
Luke Kysow 83a6579299
Update k8s fed docs to clarify role of acl token (#10233) 2021-05-13 10:20:12 -07:00
R.B. Boyer 3b50a55533
connect: update supported envoy versions to 1.18.3, 1.17.3, 1.16.4, and 1.15.5 (#10231) 2021-05-12 14:06:06 -05:00
mrspanishviking c59c0b05dd
docs: updated the standard upgrade process
Added a cross-reference link in the upgrade guides.  This resource https://www.consul.io/docs/upgrading/instructions/general-process including specific-version guides for breaking changes and a more detailed upgrade process, but it's not mentioned in the  https://www.consul.io/docs/upgrading#standard-upgrade overview page.
2021-05-12 08:18:06 -07:00
Daniel Nephin f6580400dc docs: document the current state of built-in and native 2021-05-10 16:54:11 -04:00
Joel Watson a1db512e90 Flesh out Raft Protocol Support note 2021-05-10 11:21:05 -05:00
Kim Ngo 5c17bf3d78
docs/nia: simplify api and cli url paths (#10199) 2021-05-06 16:26:31 -05:00
Daniel Nephin 7b5d432121
Merge pull request #10064 from hashicorp/docs-fix-namespace-api-descriptions
docs: fix api-docs namespace descriptions
2021-05-06 15:32:12 -04:00
Andy Assareh 99617a70af
K8s docs: Manual join: add note that kubeconfig not required (#9998)
Per Consul PM, kubeconfig is not required for manual join. I believe this should be clarified in the docs as the current wording refers to the auto join steps above which state kubeconfig is required.
2021-05-06 12:59:25 -06:00
Seth Hoenig 60af6a13ff docs: fix api-docs namespace descriptions
Looks like some copy/paste from ACL docs.
2021-05-06 14:58:08 -04:00
Daniel Nephin 2628974692
Update website/content/commands/config/delete.mdx
Co-authored-by: Jono Sosulska <42216911+jsosulska@users.noreply.github.com>
2021-05-06 14:04:26 -04:00
Daniel Nephin 583850e9d4 docs: remove name field from Mesh config entry
Also document the name of these config entries in the API docs, so that
users know how to query for them.

And fix the name of mesh on the index page.
2021-05-06 13:25:32 -04:00
Paul Banks 3ad754ca7b
Make Raft trailing logs and snapshot timing reloadable (#10129)
* WIP reloadable raft config

* Pre-define new raft gauges

* Update go-metrics to change gauge reset behaviour

* Update raft to pull in new metric and reloadable config

* Add snapshot persistance timing and installSnapshot to our 'protected' list as they can be infrequent but are important

* Update telemetry docs

* Update config and telemetry docs

* Add note to oldestLogAge on when it is visible

* Add changelog entry

* Update website/content/docs/agent/options.mdx

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
2021-05-04 15:36:53 +01:00
Freddy 2ca3f481f8
Only consider virtual IPs for transparent proxies (#10162)
Initially we were loading every potential upstream address into Envoy
and then routing traffic to the logical upstream service. The downside
of this behavior is that traffic meant to go to a specific instance
would be load balanced across ALL instances.

Traffic to specific instance IPs should be forwarded to the original
destination and if it's a destination in the mesh then we should ensure
the appropriate certificates are used.

This PR makes transparent proxying a Kubernetes-only feature for now
since support for other environments requires generating virtual IPs,
and Consul does not do that at the moment.
2021-05-03 14:15:22 -06:00
Frederic Hemberger 9a5a0ba209 docs(discovery/service): Clarify multiple service definitions
Be more explicit that the definition of multiple services only works in config files,
not using the HTTP API.

Ref: https://discuss.hashicorp.com/t/register-multiple-services-via-put-request/
2021-04-30 16:46:02 -07:00
Daniel Nephin 00d3283e93
Merge pull request #10149 from hashicorp/dnephin/config-use-streaming-backend-defualt-true
config: default UseStreamingBackend to true
2021-04-30 16:29:11 -04:00
R.B. Boyer abc1dc0fe9
connect: update supported envoy versions to 1.18.2, 1.17.2, 1.16.3, and 1.15.4 (#10101)
The only thing that needed fixing up pertained to this section of the 1.18.x release notes:

> grpc_stats: the default value for stats_for_all_methods is switched from true to false, in order to avoid possible memory exhaustion due to an untrusted downstream sending a large number of unique method names. The previous default value was deprecated in version 1.14.0. This only changes the behavior when the value is not set. The previous behavior can be used by setting the value to true. This behavior change by be overridden by setting runtime feature envoy.deprecated_features.grpc_stats_filter_enable_stats_for_all_methods_by_default.

For now to maintain status-quo I'm explicitly setting `stats_for_all_methods=true` in all versions to avoid relying upon the default.

Additionally the naming of the emitted metrics for these gRPC requests changed slightly so the integration test assertions for `case-grpc` needed adjusting.
2021-04-29 15:22:03 -05:00
Luigi Tagliamonte 5220699696
Improve doc: add note about address validation (#10123)
* Update website/content/docs/discovery/services.mdx with address field behavior.

Co-authored-by: Jono Sosulska <42216911+jsosulska@users.noreply.github.com>

Co-authored-by: Jono Sosulska <42216911+jsosulska@users.noreply.github.com>
2021-04-29 13:37:50 -04:00
Iryna Shustava 8dffb89131
Implement traffic redirection exclusion based on proxy config and user-provided values (#10134)
* Use proxy outbound port from TransparentProxyConfig if provided
* If -proxy-id is provided to the redirect-traffic command, exclude any listener ports
  from inbound traffic redirection. This includes envoy_prometheus_bind_addr,
  envoy_stats_bind_addr, and the ListenerPort from the Expose configuration.
* Allow users to provide additional inbound and outbound ports, outbound CIDRs
  and additional user IDs to be excluded from traffic redirection.
  This affects both the traffic-redirect command and the iptables SDK package.
2021-04-29 09:21:15 -07:00
Daniel Nephin bb472111fd config: default UseStreamingBackend to true 2021-04-28 18:58:02 -04:00
Freddy 078c40425f
Rename "cluster" config entry to "mesh" (#10127)
This config entry is being renamed primarily because in k8s the name
cluster could be confusing given that the config entry applies across
federated datacenters.

Additionally, this config entry will only apply to Consul as a service
mesh, so the more generic "cluster" name is not needed.
2021-04-28 16:13:29 -06:00
Daniel Nephin 0558586dbd health: use blocking queries for near query parameter 2021-04-27 19:03:16 -04:00
Matt Keeler f7e825afe3
Update changelog and add telemetry docs (#10107) 2021-04-23 16:05:00 -04:00
Paul Banks d717d2cdc4
CLI: Allow snapshot inspect to work on internal raft snapshots directly. (#10089)
* CLI: Add support for reading internal raft snapshots to snapshot inspect

* Add snapshot inspect test for raw state files

* Add changelog entry

* Update .changelog/10089.txt
2021-04-23 16:17:08 +01:00
David Yu b7cc83fde0
docs - Adding json formatting to TProxy HCL examples (#10088)
formatting
2021-04-21 17:17:06 -06:00
Derek Strickland ccb2511ff3
refactor get started links to new tutorial (#10066) 2021-04-20 13:17:50 -04:00
Freddy 8b8c3c1992
Add docs for transparent proxy mode and config (#10038)
Add docs for transparent proxy mode and config

Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Jeff Escalante <jescalan@users.noreply.github.com>
2021-04-16 12:50:02 -07:00
Iryna Shustava ba0bc10f09
docs: update helm ref docs and connect docs (#10032)
All k8s connect-related docs now need to mention that we require a Kubernetes service
for all Connect services
2021-04-16 12:49:02 -07:00
Joel Watson fd9e240569 Update upgrade guide from 1.8.4 to 1.8.10 2021-04-15 12:03:24 -05:00
Kent 'picat' Gruber 493f820e9d Add better security warning to docs about the content-type change 2021-04-14 16:36:40 -04:00
Kent 'picat' Gruber d07f57ce67 Update KV docs to note new raw response content-type header 2021-04-14 16:21:03 -04:00
ketzacoatl c8a6fbd994
add consul-haskell to libraries-and-sdks documentation (#9982)
See also https://github.com/alphaHeavy/consul-haskell/issues/40.
2021-04-13 21:06:19 -04:00
Tara Tufano 9deb52e868
add http2 ping health checks (#8431)
* add http2 ping checks

* fix test issue

* add h2ping check to config resources

* add new test and docs for h2ping

* fix grammatical inconsistency in H2PING documentation

* resolve rebase conflicts, add test for h2ping tls verification failure

* api documentation for h2ping

* update test config data with H2PING

* add H2PING to protocol buffers and update changelog

* fix typo in changelog entry
2021-04-09 15:12:10 -04:00
Iryna Shustava 5755c97bc7
cli: Add new `consul connect redirect-traffic` command for applying traffic redirection rules when Transparent Proxy is enabled. (#9910)
* Add new consul connect redirect-traffic command for applying traffic redirection rules when Transparent Proxy is enabled.
* Add new iptables package for applying traffic redirection rules with iptables.
2021-04-09 11:48:10 -07:00
Zachary Shilton 8671762474
website: implement mktg 032 (#9953)
* website: migrate to new nav-data format

* website: clean up unused intro content

* website: remove deprecated sidebar_title from frontmatter

* website: add react-content to fix global style import issue
2021-04-07 15:50:38 -04:00
eddie-rowe 5fe1cc48ff cross-linking for audit logging 2021-04-05 09:35:04 -05:00
Mike Green 68b13f4c70
Docs: add enterprise upgrade link (#9934)
* add enterprise upgrade note
* Update index.mdx
2021-03-29 20:02:42 -04:00
lornasong 8431137c1a
nia/docs 0.1.0 ga (#9946)
* docs/nia: consul compatibilty

* docs/nia: remove beta callouts (#9919)

Co-authored-by: Kim Ngo <6362111+findkim@users.noreply.github.com>
2021-03-29 15:23:10 -04:00
Sabeen Syed 1345b92c73
Add link to TF module tutorial and example TF modules (#9937)
Add link to TF tutorial
Add links to print TF module and template for TF modules
2021-03-28 23:19:31 -05:00
Sabeen Syed c64f3600f0
Add Avi Network, AWS ALB and NS1 TF Registies and GitHub links (#9938)
Add Avi Network GH link
Add AWS ALB TF Registry and GH link
Add NS1 TF Registry and GH link
2021-03-27 01:52:41 -05:00
Daniel Nephin 5d5abedb1f
Merge pull request #9917 from Ranjandas/docs/exec-cmd-acl
Document agent token policy requirement for rexec
2021-03-25 17:49:47 -04:00
danielehc eba632da13
Cross linking Learn tutorials (#9893)
* Cross linking Learn tutorials

* Update website/content/docs/nia/index.mdx

Co-authored-by: Kim Ngo <6362111+findkim@users.noreply.github.com>

* Cross linking Learn tutorials

* Cross linking Learn tutorials

* Add links to doc

Co-authored-by: Kim Ngo <6362111+findkim@users.noreply.github.com>
2021-03-24 18:58:10 +01:00
Ranjandas 7857c5746f Document agent token policy requirement for rexec
The Agent token policy when using rexec should have `write` on "_rexec"
key prefix. Updated the exec command documentation to explicitly state
this requirement.
2021-03-23 15:51:56 +11:00
Jono Sosulska 277de5addc
Update telemetry docs (#9905)
* Fixes #2379-Improve interval explanation in the telemetry doc

* Fixes #4734-Update consul memory metrics

* Fixes #4836-Removed node.deregistration as that isn't in state.go

* Fixes #8986 partially-Trim redundant language

* Fixes #9087-Adds helpful details to telemetry on autopilot

* Fixes #9274-Addresses NaN output in autopilot
2021-03-22 18:47:41 -04:00
Kim Ngo e6cc186d79
docs/nia: Update CTS configuration example to not confuse vault provider with vault config block (#9909) 2021-03-19 16:52:32 -05:00
Iryna Shustava 199a0b0c19
docs: Update Helm reference docs (#9904) 2021-03-19 09:12:49 -07:00
Nitya Dhanushkodi 147628859d
Add metrics documentation (#9848) 2021-03-18 17:20:54 -07:00
woz5999 ea33c390ce update docs and add changelog 2021-03-18 19:02:34 -04:00
Christoph Puhl 11f60c46a3
Removing unnecessary comment (#9890)
Removing unnecessary comment around CRL to avoid confusion, as discussed with @banks
2021-03-18 14:39:25 -04:00
Christopher Broglie f0307c73e5 Add support for configuring TLS ServerName for health checks
Some TLS servers require SNI, but the Golang HTTP client doesn't
include it in the ClientHello when connecting to an IP address. This
change adds a new TLSServerName field to health check definitions to
optionally set it. This fixes #9473.
2021-03-16 18:16:44 -04:00
Luke Kysow a1d5e1fb41
docs: rename SourceAddress to SourceIP (#9878)
SourceAddress was probably renamed to SourceIP but the docs weren't
updated.
2021-03-15 14:39:33 -07:00
Christoph Puhl a11ed1570a Add namespaces to prepared query API docs
Add missing section on creating prepared query for namespaced services
2021-03-15 10:04:53 +01:00
Mike Wickett 8f72c17248 fix: syntax issue 2021-03-11 17:05:21 -05:00
Preetha ccde7e5f8b
Small changes to gossip related telemetry docs (#9846)
Update gossip related telemetry docs to include correct descriptions, and added missing metrics
2021-03-11 14:21:32 -06:00
Freddy d38fa1cbcf
Merge pull request #9869 from DanielMabbett/patch-1
Fix typo in requirements.mdx
2021-03-11 12:49:57 -07:00
Kyle Havlovitz 1e87c7183a
Merge pull request #9672 from hashicorp/ca-force-skip-xc
connect/ca: Allow ForceWithoutCrossSigning for all providers
2021-03-11 11:49:15 -08:00
Freddy 555961e036
Merge pull request #9770 from hashicorp/docs/fix-terminating-gateway-config-entry
Docs: Update terminating-gateway-config-entry
2021-03-11 12:42:20 -07:00
Kyle Havlovitz d62565f368
Merge pull request #9792 from dzeban/kv-import-prefix
command/kv: Add prefix option to kv import command
2021-03-11 09:47:53 -08:00
Daniel Mabbett f923a2d249
Update requirements.mdx 2021-03-11 10:08:53 +00:00
Robert Kuska 6fe45c075f
Add units and types to metrics tables (#9674)
This commits adds units and types to key metrics tables to have
consistent table views of all metrics in telemetry.mdx.

Fixes: https://github.com/hashicorp/consul/issues/9069
2021-03-10 22:36:15 -05:00
Nitya Dhanushkodi 15e8b13891
Add flags to consul connect envoy for metrics merging. (#9768)
Allows setting -prometheus-backend-port to configure the cluster
envoy_prometheus_bind_addr points to.

Allows setting -prometheus-scrape-path to configure which path
envoy_prometheus_bind_addr exposes metrics on.

-prometheus-backend-port is used by the consul-k8s metrics merging feature, to
configure envoy_prometheus_bind_addr to point to the merged metrics
endpoint that combines Envoy and service metrics so that one set of
annotations on a Pod can scrape metrics from the service and it's Envoy
sidecar.

-prometheus-scrape-path is used to allow configurability of the path
where prometheus metrics are exposed on envoy_prometheus_bind_addr.
2021-03-04 16:15:47 -06:00
Ranjandas 851a1b123d Add a sample error message 2021-03-02 12:48:03 +11:00
Ranjandas 9827a02ef6
Update vms-and-kubernetes.mdx 2021-03-02 10:20:24 +11:00
Ranjandas 479d6e6862
Added references to node name 2021-03-02 09:44:35 +11:00
Ranjandas 9c74d6cc3a
Update cert creation instruction for Federation
The Server certificates used for Federation require the node name in the form of `<node>.server.<dc>.<domain>`. Not having this would through `bad tls certificate` error.

* Fixed cert create command
* Added note to create a wildcard cert (like the ones on Kubernetes)
* Fixed numbering
2021-03-02 09:39:46 +11:00
R.B. Boyer 398b766532
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658)
- Also add support for envoy 1.17.0
2021-02-26 16:23:15 -06:00