Commit Graph

78 Commits

Author SHA1 Message Date
Matt Keeler e9b07c50bc Add some auto-config docs (#8410)
We will probably want a tutorial about this in the future but for now at least we document it a little.
2020-07-30 16:10:53 +00:00
Pierre Souchay 678489d9d1 Added ratelimit to handle throtling cache (#8226)
This implements a solution for #7863

It does:

    Add a new config cache.entry_fetch_rate to limit the number of calls/s for a given cache entry, default value = rate.Inf
    Add cache.entry_fetch_max_burst size of rate limit (default value = 2)

The new configuration now supports the following syntax for instance to allow 1 query every 3s:

    command line HCL: -hcl 'cache = { entry_fetch_rate = 0.333}'
    in JSON

{
  "cache": {
    "entry_fetch_rate": 0.333
  }
}
2020-07-27 21:11:42 +00:00
Nathan Lacey 8513ad572d Add certificate disclaimer for TLS encryption (#8316)
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2020-07-21 16:39:16 +00:00
Joel Watson 5c2fe4d0d5 docs: Add raft_multiplier default clarification (#8339) 2020-07-20 21:51:19 +00:00
Matt Keeler 3ba0b03cd8 Add Revision to version CLI output and add JSON support
Also add JSON format support

# Conflicts:
#	website/pages/docs/commands/version.mdx
2020-07-10 10:43:09 -04:00
R.B. Boyer 2142a697ad
[backport: 1.8.x] xds: version sniff envoy and switch regular expressions from 'regex' to 'safe_regex' on newer envoy versions (#8265)
cherry-pick of #8222 onto origin/release/1.8.x

Fixes: #8205
2020-07-09 17:04:23 -05:00
JohnnyB 9e10a9d81e Added undocumented CONSUL_NAMESPACE to website. (#8264) 2020-07-08 14:42:22 +00:00
Seth Hoenig 870097646e api/agent: enable setting SuccessBeforePassing and FailuresBeforeCritical in API (#7949)
Fixes #7764

Until now these two fields could only be set through on-disk agent configuration.
This change adds the fields to the agent API struct definition so that they can
be set using the agent HTTP API.
2020-06-29 12:53:38 +00:00
Freddy fc1baf2223 Merge pull request #8169 from hashicorp/config-entry-ns 2020-06-23 11:44:57 -06:00
Matt Keeler 3c4413cbed ACL Node Identities (#7970)
A Node Identity is very similar to a service identity. Its main targeted use is to allow creating tokens for use by Consul agents that will grant the necessary permissions for all the typical agent operations (node registration, coordinate updates, anti-entropy).

Half of this commit is for golden file based tests of the acl token and role cli output. Another big updates was to refactor many of the tests in agent/consul/acl_endpoint_test.go to use the same style of tests and the same helpers. Besides being less boiler plate in the tests it also uses a common way of starting a test server with ACLs that should operate without any warnings regarding deprecated non-uuid master tokens etc.
2020-06-16 16:55:01 +00:00
Freddy 2af14433be Merge pull request #8099 from hashicorp/gateway-services-endpoint 2020-06-12 21:15:25 +00:00
Hans Hasselberg a8830aca88 Support envoy 1.14.2, 1.13.2, 1.12.4 (#8057) 2020-06-10 21:20:42 +00:00
Kyle Havlovitz 9e6718ad0f Merge pull request #8040 from hashicorp/ingress/expose-cli
Ingress expose CLI command
2020-06-09 19:11:51 +00:00
Hans Hasselberg b4f33b52a2 agent: add option to disable agent cache for HTTP endpoints (#8023)
This allows the operator to disable agent caching for the http endpoint.
It is on by default for backwards compatibility and if disabled will
ignore the url parameter `cached`.
2020-06-08 22:49:33 +02:00
Freddy 5d2475232a Enable gateways to resolve hostnames to IPv4 addresses (#7999)
The DNS resolution will be handled by Envoy and defaults to LOGICAL_DNS. This discovery type can be overridden on a per-gateway basis with the envoy_dns_discovery_type Gateway Option.

If a service contains an instance with a hostname as an address we set the Envoy cluster to use DNS as the discovery type rather than EDS. Since both mesh gateways and terminating gateways route to clusters using SNI, whenever there is a mix of hostnames and IP addresses associated with a service we use the hostname + CDS rather than the IPs + EDS.

Note that we detect hostnames by attempting to parse the service instance's address as an IP. If it is not a valid IP we assume it is a hostname.
2020-06-03 18:51:33 -06:00
R.B. Boyer 5404155d36 acl: allow auth methods created in the primary datacenter to optionally create global tokens (#7899) 2020-06-01 16:45:22 +00:00
R.B. Boyer c4b875cae4 acl: remove the deprecated `acl_enforce_version_8` option (#7991)
Fixes #7292
2020-06-01 10:40:22 -05:00
Jono Sosulska cedcbf3299 Replace whitelist/blacklist terminology with allowlist/denylist (#7971)
* Replace whitelist/blacklist terminology with allowlist/denylist
2020-06-01 10:40:14 -05:00
Pierre Souchay 876ee89d4a Allow to restrict servers that can join a given Serf Consul cluster. (#7628)
Based on work done in https://github.com/hashicorp/memberlist/pull/196
this allows to restrict the IP ranges that can join a given Serf cluster
and be a member of the cluster.

Restrictions on IPs can be done separatly using 2 new differents flags
and config options to restrict IPs for LAN and WAN Serf.
2020-06-01 10:31:32 -05:00
Mike Morris 9cbbff5318
docs: add audit logging docs to agent configuration (#7880) 2020-05-13 20:59:00 -04:00
Preetha 33888bccad
temporarily remove link that 404s
will be readded later when page is available
2020-05-13 19:11:13 -05:00
Freddy 56dccd2b95
Add beta tags to gateway docs (#7876) 2020-05-13 15:47:20 -06:00
Chris Piraino 98005a79c4
Ingress and Terminating Gateway docs (#7710)
This PR contains documentation additions for ingress and terminating gateways. New pages for the config-entries and overall feature description were added, as well as various additions to related pages.

Co-authored-by: Jono Sosulska <42216911+jsosulska@users.noreply.github.com>
Co-authored-by: freddygv <gh@freddygv.xyz>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
Co-authored-by: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>
2020-05-13 16:29:40 -05:00
Preetha 0a77ea2bfc
Merge pull request #7823 from hashicorp/docs-wanfed-mesh
Redo PR #7430 for new website (docs for WAN federation over mesh gateways)
2020-05-13 14:22:18 -05:00
R.B. Boyer 44d10e4894
docs: docs for jwt and oidc auth methods (#7847) 2020-05-13 14:14:03 -05:00
Preetha Appan 9d7ce4c621 added links, removed todo 2020-05-13 14:11:58 -05:00
Jeff Escalante a58ac39562 add tabs component 2020-05-13 14:01:37 -04:00
Freddy ccd0822539
Use proxy-id in gateway auto-registration (#7845) 2020-05-13 11:56:53 -06:00
jsosulska 78e9766b2b Update FAQ with Compat Matrix information 2020-05-12 19:43:56 -04:00
Jono Sosulska 57096f8410
Update FAQ + formatting (#7816)
* Update FAQ + formatting

* Fix 80 chars lines in FAQ
2020-05-12 19:36:49 -04:00
Preetha Appan 8ce0a2509b Clean up placeholder diagrams, rename file to use dashes 2020-05-12 16:34:59 -05:00
bitsofinfo c72d6f7aac
added files-to-consul-kv to tools
added files-to-consul-kv to tools
2020-05-12 08:30:16 -06:00
krishna sindhur 3698e03e7a
docs: header payload type change (#7763)
* changed the header type from string to list as mentioned in doc in [website/pages/api-docs/agent/check.mdx, website/pages/docs/agent/checks.mdx]
2020-05-12 11:48:48 +02:00
Marek Vavruša 81aeb06a2e
docs: fix misleading example for HTTP healthcheck (#7773)
The documentation says the `header` field has type `map[string][]string`,
but the example has `map[string]string`.
2020-05-12 11:45:46 +02:00
Preetha Appan c32de785a0 Add Beta super script to page title
also moves version availability to below feature title
2020-05-11 14:59:17 -05:00
Iryna Shustava cd5a539c38
docs: add docs for configuring ACLs with external servers (#7802) 2020-05-11 11:26:10 -07:00
Preetha Appan a4ec82102e Add beta superscript to docs title for wan federation over mesh gateways 2020-05-08 18:25:41 -05:00
Preetha Appan cf56325196 Redo PR #7430 for new website
Still has todos and diagrams to be added
2020-05-08 18:07:45 -05:00
Daniel Nephin eaa05d623a xds: Add passive health check config for upstreams 2020-05-08 14:56:57 -04:00
Jono Sosulska 9b363e9f23
Fix spelling of deregister (#7804) 2020-05-08 10:03:45 -04:00
Denislav Denov 6cb782708f
Update website/pages/docs/commands/license.mdx
Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com>
2020-05-08 15:51:52 +03:00
Denislav Denov 2b39b21f0f
Update license.mdx
Hello team,

I noticed that the reset part of the consul license command was missing in the documentation so I added it and created this PR.
2020-05-08 11:13:41 +03:00
Jeff Escalante f0df674e07 add alert banner to website 2020-05-06 20:06:39 -04:00
R.B. Boyer a854e4d9c5
acl: oss plumbing to support auth method namespace rules in enterprise (#7794)
This includes website docs updates.
2020-05-06 13:48:04 -05:00
Luke Kysow c33a241438
Merge pull request #7724 from hashicorp/helm-repo
Update k8s instructions for new helm repo
2020-05-05 16:17:53 -07:00
Iryna Shustava 543568fd9a
docs: add Helm docs for external servers and bootstrapToken (#7725) 2020-05-04 18:09:59 -07:00
R.B. Boyer 22eb016153
acl: add MaxTokenTTL field to auth methods (#7779)
When set to a non zero value it will limit the ExpirationTime of all
tokens created via the auth method.
2020-05-04 17:02:57 -05:00
R.B. Boyer ca52ba7068
acl: add DisplayName field to auth methods (#7769)
Also add a few missing acl fields in the api.
2020-05-04 15:18:25 -05:00
R.B. Boyer 88d5060610
docs: add docs for snapshot agent local_scratch_path option (#7730)
Also fix some website upgrade bugs.
2020-05-01 14:51:57 -05:00
Jeff Escalante 27eb12ec51
fix multiline note (#7744) 2020-04-30 14:07:16 -04:00