9112 Commits

Author SHA1 Message Date
Mitchell Hashimoto
5943c79ed4
Initial Helm Chart/K8S Docs (#4653)
* website: initial Kubernetes section with Helm information

* website: extraConfig for clients

* website: add more helm fields

* website: document extraVolumes

* website: document Consul DNS

* website: fix typos and show example of downward API
2018-09-12 08:44:30 -07:00
Pierre Souchay
1a906ef34e Fix more unstable tests in agent and command 2018-09-12 14:49:27 +01:00
Kyle Havlovitz
c112a72880
connect/ca: some cleanup and reorganizing of the new methods 2018-09-11 16:43:04 -07:00
Paul Banks
ea5acd3dd3
Update CHANGELOG.md 2018-09-11 17:35:59 +01:00
Pierre Souchay
2fe728c7bd Ensure that Proxies ARE always cleaned up, event with DeregisterCriticalServiceAfter (#4649)
This fixes https://github.com/hashicorp/consul/issues/4648
2018-09-11 17:34:09 +01:00
Freddy
b66763eb33
Update snapshot agent docs to include s3-endpoint (#4652) 2018-09-11 16:32:31 +01:00
Matt Keeler
b3ca084e82
Update CHANGELOG.md 2018-09-11 10:48:12 -04:00
Matt Keeler
3005011efd
Update CHANGELOG.md 2018-09-11 10:42:55 -04:00
Paul Banks
97b9cdbfe8
Update CHANGELOG.md 2018-09-11 15:34:24 +01:00
Matt Keeler
60f5fb1419
Update CHANGELOG.md 2018-09-11 09:40:17 -04:00
Matt Keeler
d3ee66eed4
Add ECS option to EDNS responses where appropriate (#4647)
This implements parts of RFC 7871 where Consul is acting as an authoritative name server (or forwarding resolver when recursors are configured)

If ECS opt is present in the request we will mirror it back and return a response with a scope of 0 (global) or with the same prefix length as the request (indicating its valid specifically for that subnet).

We only mirror the prefix-length (non-global) for prepared queries as those could potentially use nearness checks that could be affected by the subnet. In the future we could get more sophisticated with determining the scope bits and allow for better caching of prepared queries that don’t rely on nearness checks.

The other thing this does not do is implement the part of the ECS RFC related to originating ECS headers when acting as a intermediate DNS server (forwarding resolver). That would take a quite a bit more effort and in general provide very little value. Consul will currently forward the ECS headers between recursors and the clients transparently, we just don't originate them for non-ECS clients to get potentially more accurate "location aware" results.
2018-09-11 09:37:46 -04:00
Mitchell Hashimoto
e3cabb3a26
Merge pull request #4646 from hashicorp/b-fix-build
Detect correct GOOS/ARCH for copying binary with build_consul_local
2018-09-10 13:42:20 -07:00
Mitchell Hashimoto
e7dfb8a0d2
Detect correct GOOS/ARCH for copying binary with build_consul_local
If GOOS/ARCH is set to something custom, we need to unset it before
testing the value so we can compare to the _original value_.
2018-09-10 10:25:15 -07:00
Pierre Souchay
22500f242e Fix unstable tests in agent, api, and command/watch 2018-09-10 16:58:53 +01:00
Freddy
b2032b05be
Add script and makefile goal to help debug flaky tests 2018-09-10 16:44:07 +01:00
Mitchell Hashimoto
49b165965d
Merge pull request #4642 from hashicorp/f-ui-meta
agent: aggregate service instance meta for UI purposes
2018-09-07 17:36:23 -07:00
Mitchell Hashimoto
b95348c4b1
agent: ExternalSources instead of Meta 2018-09-07 10:06:55 -07:00
Matt Keeler
f07406c6fd
Update CHANGELOG.md 2018-09-07 10:59:15 -04:00
Matt Keeler
89ba649252
Connect: Verify the leaf cert to determine its readiness. (#4540)
This improves the checking so that if a certificate were to expire or the roots changed then we will go into a non-ready state.

This parses the x509 certificates from the TLS certificate when the leaf is set. The readyCh will be closed whenever a parseable certificate is set and the ca roots are set. This does not mean that the certificate is valid but that it has been setup and is generally valid. The Ready function will now do x509 certificate verification which will in addition to verifying the signatures with the installed CA roots will also verify the certificate isn't expired or not set to become valid in the future. 

The correct way to use these functions is to wait for the ReadyWait chan to be closed and then periodically check the readiness to determine if the certificate is currently useable.
2018-09-07 10:58:06 -04:00
Matt Keeler
647abbe4e5
Update CHANGELOG.md 2018-09-07 10:49:54 -04:00
Matt Keeler
cc8327ed9a
Ensure that errors setting up the DNS servers get propagated back to the shell (#4598)
Fixes: #4578 

Prior to this fix if there was an error binding to ports for the DNS servers the error would be swallowed by the gated log writer and never output. This fix propagates the DNS server errors back to the shell with a multierror.
2018-09-07 10:48:29 -04:00
Paul Banks
6adaf57a3d
Update CHANGELOG.md 2018-09-07 15:32:42 +01:00
Pierre Souchay
eddcf228ea Implementation of Weights Data structures (#4468)
* Implementation of Weights Data structures

Adding this datastructure will allow us to resolve the
issues #1088 and #4198

This new structure defaults to values:
```
   { Passing: 1, Warning: 0 }
```

Which means, use weight of 0 for a Service in Warning State
while use Weight 1 for a Healthy Service.
Thus it remains compatible with previous Consul versions.

* Implemented weights for DNS SRV Records

* DNS properly support agents with weight support while server does not (backwards compatibility)

* Use Warning value of Weights of 1 by default

When using DNS interface with only_passing = false, all nodes
with non-Critical healthcheck used to have a weight value of 1.
While having weight.Warning = 0 as default value, this is probably
a bad idea as it breaks ascending compatibility.

Thus, we put a default value of 1 to be consistent with existing behaviour.

* Added documentation for new weight field in service description

* Better documentation about weights as suggested by @banks

* Return weight = 1 for unknown Check states as suggested by @banks

* Fixed typo (of -> or) in error message as requested by @mkeeler

* Fixed unstable unit test TestRetryJoin

* Fixed unstable tests

* Fixed wrong Fatalf format in `testrpc/wait.go`

* Added notes regarding DNS SRV lookup limitations regarding number of instances

* Documentation fixes and clarification regarding SRV records with weights as requested by @banks

* Rephrase docs
2018-09-07 15:30:47 +01:00
Kyle Havlovitz
546bdf8663
connect/ca: add Configure/GenerateRoot to provider interface 2018-09-06 19:18:59 -07:00
Mitchell Hashimoto
e9ea190df0
agent: aggregate service instance meta for UI purposes 2018-09-06 12:19:05 -07:00
Matt Keeler
da931445d3
Update CHANGELOG.md 2018-09-06 15:08:51 -04:00
Matt Keeler
d1e52e5292
Update Raft Vendoring (#4539)
Pulls in a fix for a potential memory leak regarding consistent reads that invoke VerifyLeader.
2018-09-06 15:07:42 -04:00
Mitchell Hashimoto
9b96b4baea
Update CHANGELOG 2018-09-06 12:02:38 -07:00
Mitchell Hashimoto
12e58ddbf8
Merge pull request #4635 from hashicorp/f-discover-k8s
Update go-discover, add k8s auto-join
2018-09-06 12:01:14 -07:00
Paul Banks
af7c6cdfbb
Enable CI on f-envoy feature branch 2018-09-06 15:41:29 +01:00
Mitchell Hashimoto
bbb13598bf
vendor k8s client lib 2018-09-05 14:59:02 -07:00
Mitchell Hashimoto
99eb154f6f
agent: configure k8s go-discover 2018-09-05 13:38:13 -07:00
Mitchell Hashimoto
66e31f02f7
Update go-discover vendor 2018-09-05 13:31:10 -07:00
Paul Banks
88148cefb4
Update CHANGELOG.md 2018-09-05 20:35:08 +01:00
Martin
feb3ce4ee0 Use target service name instead of ID as connect proxy service name (#4620) 2018-09-05 20:33:17 +01:00
Pierre Souchay
9a2ae6e8eb Fixed more flaky tests in ./agent/consul (#4617) 2018-09-04 14:02:47 +01:00
Pierre Souchay
c01b410cf5 Fixed flaky watch tests (#4595) 2018-09-04 12:32:59 +01:00
Pierre Souchay
92acdaa94c Fixed flaky tests (#4626) 2018-09-04 12:31:51 +01:00
Pierre Souchay
80b6653a8e Keep same parameters on retry so results can be cached by go test (#4627) 2018-09-04 12:27:39 +01:00
Geoffrey Grosenbach
72fac5b823
Adds XL machine spec and notes on large deployments (#4622)
* Adds XL machine spec and notes on large deployments
* Clarifies machine sizes
* Fixes internal links within the document
* Moves datacenter size guidelines to "Single Datacenter" section
2018-08-31 10:41:48 -05:00
Siva Prasad
5333c63cbb
Updated CHANGELOG.md with the dns recursor fix. (#4618)
* Updated CHANGELOG.md with the dns recursor fix.

* Refined the words a bit
2018-08-30 16:27:03 -04:00
John Cowen
5e987965fa
UI: Bugfix. Fix code toggle in Safari (#4608)
I'd mistakenly changed the checkbox event to listen to oninput, which
works in Chrome and Firefox. Changed this back to onchange as it should
be.
2018-08-30 10:02:26 +01:00
Siva Prasad
ca35d04472
Adds a new command line flag -log-file for file based logging. (#4581)
* Added log-file flag to capture Consul logs in a user specified file

* Refactored code.

* Refactored code. Added flags to rotate logs based on bytes and duration

* Added the flags for log file and log rotation on the webpage

* Fixed TestSantize from failing due to the addition of 3 flags

* Introduced changes : mutex, data-dir log writes, rotation logic

* Added test for logfile and updated the default log destination for docs

* Log name now uses UnixNano

* TestLogFile is now uses t.Parallel()

* Removed unnecessary int64Val function

* Updated docs to reflect default log name for log-file

* No longer writes to data-dir and adds .log if the filename has no extension
2018-08-29 16:56:58 -04:00
John Cowen
40e71f1b91
UI: Simplify/refactor the actions/notification layer (#4572) + (#4573)
* Move notification texts to a slightly different layer (#4572)
* Further Simplify/refactor the actions/notification layer (#4573)

1. Move the 'with-feedback' actions to a 'with-blocking-action' mixin
which better describes what it does
2. Additional set of unit tests almost over the entire layer to prove
things work/add confidence for further changes

The multiple 'with-action' mixins used for every 'index/edit' combo are
now reduced down to only contain the functionality related to their
specific routes, i.e. where to redirect.

The actual functionality to block and carry out the action and then
notify are 'almost' split out so that their respective classes/objects do
one thing and one thing 'well'.

Mixins are chosen for the moment as the decoration approach used by
mixins feels better than multiple levels of inheritence, but I would
like to take this fuether in the future to a 'compositional' based
approach.

There is still possible further work to be done here, but I'm a lot
happier now this is reduced down into separate parts.
2018-08-29 19:14:31 +01:00
John Cowen
d59331f115
Update CHANGELOG.md (#4435) 2018-08-29 12:18:28 +01:00
John Cowen
b41cad6fdf
UI: CSS refactor (#4430) + Fullscreen Layout (#4435)
* Begin refactoring CSS into component folders. Moved most
components into layout/skin folders, left out a couple of ones I want
to think about more.
* Adjust grays based on recent Structure changes 
* Switch to fullscreen layout for lists and detail, left aligned forms (#4435)
* Specifically use the 'actions_close' label, not just the :last-child (actions-group)
* Replace some non-var-ed colours in vaults code skin, plus prefixing (black and white)
2018-08-29 12:11:58 +01:00
John Cowen
7bb35c4c78
UI: Repo layer integration tests (#4454) (#4563)
ui: Repo layer integration tests for methods that touch the API

Includes a `repo` test helper to make repetitive tasks easier, plus a
injectable reporter for sending performance metrics to a centralized metrics
system

Also noticed somewhere in the ember models that I'd like to improve, but left
for the moment to make sure I concentrate on one task at a time, more or less:

The tests currently asserts against the existing JSON tree, which doesn't
seem to be a very nice tree.

The work at hand here is to refactor what is there, so test for the not
nice tree to ensure we don't get any regression, and add a skipped test
so I can come back here later
2018-08-29 10:00:15 +01:00
John Cowen
1b3d566a7a
UI: Begin unskipping some more trivial tests (#4574)
WIP Unskip some lower level trivial tests.

This is the beginning of work to unskip some of the more trivial tests that I'd skipped a while back (if the thing they are testing broke, they would have failed higher up in other acceptance tests).

I'd rather keep the tests, as they do test things in a more isolated manner, and the plan was to always come back and work to unskip them time allowing.

I didn't get to far into this work in progress here, but I'd rather merge what I've done all the same and come back at a later date and continue.
2018-08-29 09:59:02 +01:00
Freddy
fbe45513d8
Correct rpc telemetry docs (#4602) 2018-08-28 16:38:22 -04:00
Freddy
4c5758d891
Remove operator_area note from godoc overview (#4603) 2018-08-28 16:02:24 -04:00