Commit Graph

9995 Commits (f13fe4b3041d91810f21bd267887a5362878f159)

Author SHA1 Message Date
Rebecca Zanzig fb521c6094 Add dns configuration info for CoreDNS users 2019-03-20 23:02:04 -07:00
kaitlincarter 3f230aeb48 New k8s reference arch guide. 2019-03-20 19:20:05 -05:00
Kyle Havlovitz d92577c16b Fix fsm serialization and add snapshot/restore 2019-03-20 16:13:13 -07:00
Alvin Huang 5675026e23 add optional parallel flag to gox 2019-03-20 15:19:27 -04:00
Hans Hasselberg ea5210a30e
Release v1.4.4 2019-03-20 16:00:54 +00:00
Hans Hasselberg 32c2c90b12 Update CHANGELOG.md 2019-03-20 13:15:35 +00:00
Hans Hasselberg 29b79d652a Update CHANGELOG.md 2019-03-20 10:53:32 +00:00
Kyle Havlovitz 17aa6a5a34 Fill out state store/FSM functions and add tests 2019-03-19 15:56:17 -07:00
R.B. Boyer 02b2cb1d15 agent: ensure the TLS hostname verification knows about the currently configured domain (#5513) 2019-03-19 22:35:19 +01:00
tryan225 8f9b93448f Adding an example of extraVolumes with the Helm chart 2019-03-19 14:31:11 -07:00
Kyle Havlovitz 9d07add047 Add config types and state store table 2019-03-19 10:06:46 -07:00
Hans Hasselberg b2a70cb80e
Update CHANGELOG.md 2019-03-19 17:09:15 +01:00
Erik DeLamarter e37c402c9e [Docs] Added a note to GCE auto-join credentials option (#5391)
* Added a note to GCE auto-join credentials option

Simply added a note to remind users that putting a json file in the config-dir will make consul parse it as a config file.
Hope to help someone else avoid wasting a day because of these errors:
==> Error parsing /etc/consul.d/credentials.json: 10 error(s) occurred: * invalid config key private_key

* Updated according to style guidelines

Co-Authored-By: delamart <erik@delamarter.ch>
2019-03-19 09:40:12 -05:00
Kyle Havlovitz aa4e26d102 Condense some test logic and add a comment about renaming 2019-03-18 16:15:36 -07:00
kaitlincarter-hc 49511f979e Updating the intro. 2019-03-18 14:52:17 -05:00
John Cowen 69ac5d0b04 [Docs] Connect Sidecar Proxies: Fixes 'must may' typo and adds formatting to follow other docs (#5397)
* Fixes 'must may' typo and adds formatting to follow other docs

* Reverts local_service_port docs to state its optional
2019-03-18 11:48:56 -07:00
Todd Radel c5bd1a79da [docs] Added section on using Helm chart to deploy Enterprise binaries (#5454)
* Added section on using Helm chart to deploy Enterprise binaries

* Update website/source/docs/platform/k8s/helm.html.md

Switch to active voice.

Co-Authored-By: tradel <todd@radel.us>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: tradel <todd@radel.us>

* Update website/source/docs/platform/k8s/helm.html.md

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: tradel <todd@radel.us>
2019-03-18 11:21:40 -07:00
Steve Burns 34c70d2475 Add log_file attribute to agent configuration documentation (#5492) 2019-03-18 10:24:49 -07:00
Hans Hasselberg e7134a0dab
agent: only use TestAgent when appropriate (#5502) 2019-03-18 17:06:16 +01:00
Paul Banks 6ef970a191
Update CHANGELOG.md 2019-03-15 20:20:39 +00:00
Paul Banks 0b5a078b95
Optimize health watching to single chan/goroutine. (#5449)
Refs #4984.

Watching chans for every node we touch in a health query is wasteful. In #4984 it shows that if there are more than 682 service instances we always fallback to watching all services which kills performance.

We already have a record in MemDB that is reliably update whenever the service health result should change thanks to per-service watch indexes.

So in general, provided there is at least one service instances and we actually have a service index for it (we always do now) we only ever need to watch a single channel.

This saves us from ever falling back to the general index and causing the performance cliff in #4984, but it also means fewer goroutines and work done for every blocking health query.

It also saves some allocations made during the query because we no longer have to populate a WatchSet with 3 chans per service instance which saves the internal map allocation.

This passes all state store tests except the one that explicitly checked for the fallback behaviour we've now optimized away and in general seems safe.
2019-03-15 20:18:48 +00:00
Paul Banks 6458fdd876
Update CHANGELOG.md 2019-03-15 20:16:13 +00:00
Pierre Souchay 88d4383410 Ensure we remove Connect proxy before deregistering the service itself (#5482)
This will fix https://github.com/hashicorp/consul/issues/5351
2019-03-15 20:14:46 +00:00
Alex Mayer 585978ab94 Docs Proofing (#5424)
* Docs: Remove default_policy From Code Example

It is not needed according to:
https://www.consul.io/docs/agent/acl-system.html#configuring-acls

* Docs: Cleanup Commands And Their Output On ACL Guide Page

Remove extra spaces and newlines
Ensure rules match input rules

* Docs: Remove Incomplete "Added In Version" Statement

Version added is specified on parent option

* Docs: Fix Broken Links

* Docs: Minor Sentence Tweaks
2019-03-15 09:35:33 -05:00
Matt Keeler 33d0922db3
Update CHANGELOG.md 2019-03-14 11:10:32 -04:00
Valentin Fritz 21f149de8b Fix checks removal when removing service (#5457)
Fix my recently discovered issue described here: #5456
2019-03-14 11:02:49 -04:00
R.B. Boyer cd96af4fc0
acl: reduce complexity of token resolution process with alternative singleflighting (#5480)
acl: reduce complexity of token resolution process with alternative singleflighting

Switches acl resolution to use golang.org/x/sync/singleflight. For the
identity/legacy lookups this is a drop-in replacement with the same
overall approach to request coalescing.

For policies this is technically a change in behavior, but when
considered holistically is approximately performance neutral (with the
benefit of less code).

There are two goals with this blob of code (speaking specifically of
policy resolution here):

  1) Minimize cross-DC requests.
  2) Minimize client-to-server LAN requests.

The previous iteration of this code was optimizing for the case of many
possibly different tokens being resolved concurrently that have a
significant overlap in linked policies such that deduplication would be
worth the complexity. While this is laudable there are some things to
consider that can help to adjust expectations:

  1) For v1.4+ policies are always replicated, and once a single policy
  shows up in a secondary DC the replicated data is considered
  authoritative for requests made in that DC. This means that our
  earlier concerns about minimizing cross-DC requests are irrelevant
  because there will be no cross-DC policy reads that occur.

  2) For Server nodes the in-memory ACL policy cache is capped at zero,
  meaning it has no caching. Only Client nodes run with a cache. This
  means that instead of having an entire DC's worth of tokens (what a
  Server might see) that can have policy resolutions coalesced these
  nodes will only ever be seeing node-local token resolutions. In a
  reasonable worst-case scenario where a scheduler like Kubernetes has
  "filled" a node with Connect services, even that will only schedule
  ~100 connect services per node. If every service has a unique token
  there will only be 100 tokens to coalesce and even then those requests
  have to occur concurrently AND be hitting an empty consul cache.

Instead of seeing a great coalescing opportunity for cutting down on
redundant Policy resolutions, in practice it's far more likely given
node densities that you'd see requests for the same token concurrently
than you would for two tokens sharing a policy concurrently (to a degree
that would warrant the overhead of the current variation of
singleflighting.

Given that, this patch switches the Policy resolution process to only
singleflight by requesting token (but keeps the cache as by-policy).
2019-03-14 09:35:34 -05:00
Kyle Havlovitz 8ae6547934 Update state store test for changing node ID 2019-03-13 17:05:31 -07:00
Kyle Havlovitz dd7688db31 Update memberlist for the node renaming change 2019-03-13 15:55:54 -07:00
Kyle Havlovitz 6932b06f97 Add a test for changing a failed node's ID 2019-03-13 15:39:07 -07:00
kaitlincarter-hc aec25fde59
[docs] Deploying Consul with Kubernetes (#5471)
* Adding new K8s guide.

* Update website/source/docs/guides/kuberenetes-deployment.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/kuberenetes-deployment.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* updating based on feedback.

* Couple updates based on feedback.

* Update website/source/docs/guides/kuberenetes-deployment.html.md

* updating value file.
2019-03-13 16:56:00 -05:00
Rebecca Zanzig 34e9eab0d6 Add docs for using Helm `--set` to create extraConfig variables (#5474)
* Add docs for using Helm `--set` to create extraConfig variables

Based on info provided for `consul-helm` issue 74.

* fixing formatting
2019-03-13 16:25:09 -05:00
Alvin Huang 31ae343dba
add sentinel redir (#5484) 2019-03-13 14:11:24 -04:00
kaitlincarter-hc 51acd28d3b
[docs] Move Sentinel documentation (#5478)
* Moving sentinel doc

* updating links, fixing headings.

* Update website/source/docs/agent/acl-rules.html.md
2019-03-13 12:47:25 -05:00
Alvin Huang cb1967259e
Merge pull request #5483 from hashicorp/add-bootstrap-redir
update bootstrap redirect
2019-03-13 11:53:45 -04:00
Alvin Huang d5d586af96
update bootstrap redirect 2019-03-13 11:25:54 -04:00
kaitlincarter-hc 1333bfe324
[docs] Bootstrapping Guide -> Install docs (#5473)
* moved the bootstrapping guide to the docs.

* More edits for consistency.

* Added arch link
2019-03-13 10:12:52 -05:00
Paul Banks a7528db560
Update CHANGELOG.md 2019-03-13 13:18:55 +00:00
Hans Hasselberg 7e11dd82aa
agent: enable reloading of tls config (#5419)
This PR introduces reloading tls configuration. Consul will now be able to reload the TLS configuration which previously required a restart. It is not yet possible to turn TLS ON or OFF with these changes. Only when TLS is already turned on, the configuration can be reloaded. Most importantly the certificates and CAs.
2019-03-13 10:29:06 +01:00
Reid Beels cd1aa9b426 Remove misleading encrypt param documentation (#5452)
According to https://www.consul.io/docs/agent/options.html#_encrypt, the `encrypt` param specifies the 16-byte key to use, not the path to a config file containing the key.
2019-03-12 10:26:40 -05:00
R.B. Boyer 2e175be41b
acl: correctly extend the cache for acl identities during resolution (#5475) 2019-03-12 10:23:43 -05:00
Alvin Huang 21fcfcad7f
Merge pull request #5451 from hashicorp/update_go_discover_for_azure
Update go-discover vendor
2019-03-11 16:39:39 -04:00
Lowe Schmidt e293045751 Typo fix (segement > segment) (#5469) 2019-03-11 16:25:19 +01:00
Paul Banks ec7d700bf4
Update CHANGELOG.md 2019-03-11 14:49:49 +00:00
Aestek 4bea29f15a [catalog] Update the node's services indexes on update (#5458)
Node updates were not updating the service indexes, which are used for
service related queries. This caused the X-Consul-Index to stay the same
after a node update as seen from a service query even though the node
data is returned in heath queries. If that happened in between queries
the client would miss this change.
We now update the indexes of the services on the node when it is
updated.

Fixes: #5450
2019-03-11 14:48:19 +00:00
Masato Yamazaki 23bc8636c1 website: delete duplication of "are" (#5464) 2019-03-11 10:42:15 +01:00
petems a505e6e9da Update go-discover vendor
* Adds note about use of ENV variables for auto-join on Azure
2019-03-08 22:57:48 +00:00
Alvin Huang 9c08893ae4
Merge pull request #5453 from hashicorp/circleci2.0-config
refactor circleci config to 2.0
2019-03-08 16:10:57 -05:00
Alvin Huang 329d8b7cfb refactor circleci config to 2.0 2019-03-08 16:03:40 -05:00
Rebecca Zanzig 8d98032ed9
Merge pull request #5445 from hashicorp/docs/helm-annotations
Add docs for new Helm `annotations` options
2019-03-08 12:11:30 -08:00