docs: Add JSON examples to all config entries

This commit adds example JSON configs for several config entry
resources were missing examples in this language.

The examples have been updated to use the new CodeTabs resource
instead of the Tab component.
pull/10839/head
Blake Covarrubias 2021-06-12 17:53:50 -07:00 committed by hc-github-team-consul-core
parent b01fa1f924
commit 005e193e55
10 changed files with 931 additions and 811 deletions

View File

@ -67,7 +67,7 @@ The table below shows this endpoint's support for
### Sample Payload
```javascript
```json
{
"Kind": "service-defaults",
"Name": "web",

View File

@ -47,13 +47,13 @@ A wildcard specifier cannot be set on a listener of protocol `tcp`.
### TCP listener
<Tabs>
<Tab heading="HCL">
<Tabs>
<Tab heading="Consul OSS">
Set up a TCP listener on an ingress gateway named "us-east-ingress" to proxy traffic to the "db" service:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "ingress-gateway"
Name = "us-east-ingress"
@ -71,12 +71,47 @@ Listeners = [
]
```
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: IngressGateway
metadata:
name: us-east-ingress
spec:
listeners:
- port: 3456
protocol: tcp
services:
- name: db
```
```json
{
"Kind": "ingress-gateway",
"Name": "us-east-ingress",
"Listeners": [
{
"Port": 3456,
"Protocol": "tcp",
"Services": [
{
"Name": "db"
}
]
}
]
}
```
</CodeTabs>
</Tab>
<Tab heading="Consul Enterprise">
Set up a TCP listener on an ingress gateway named "us-east-ingress" in the default namespace
to proxy traffic to the "db" service in the ops namespace:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "ingress-gateway"
Name = "us-east-ingress"
@ -96,34 +131,6 @@ Listeners = [
]
```
</Tab>
</Tabs>
</Tab>
<Tab heading="Kubernetes YAML">
<Tabs>
<Tab heading="Consul OSS">
Set up a TCP listener on an ingress gateway named "us-east-ingress" to proxy traffic to the "db" service:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: IngressGateway
metadata:
name: us-east-ingress
spec:
listeners:
- port: 3456
protocol: tcp
services:
- name: db
```
</Tab>
<Tab heading="Consul Enterprise">
Set up a TCP listener on an ingress gateway named "us-east-ingress" in the default namespace
to proxy traffic to the "db" service in the ops namespace:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: IngressGateway
@ -139,39 +146,6 @@ spec:
namespace: ops
```
</Tab>
</Tabs>
</Tab>
<Tab heading="JSON">
<Tabs>
<Tab heading="Consul OSS">
Set up a TCP listener on an ingress gateway named "us-east-ingress" to proxy traffic to the "db" service:
```json
{
"Kind": "ingress-gateway",
"Name": "us-east-ingress",
"Listeners": [
{
"Port": 3456,
"Protocol": "tcp",
"Services": [
{
"Name": "db"
}
]
}
]
}
```
</Tab>
<Tab heading="Consul Enterprise">
Set up a TCP listener on an ingress gateway named "us-east-ingress" in the default namespace
to proxy traffic to the "db" service in the ops namespace:
```json
{
"Kind": "ingress-gateway",
@ -192,21 +166,21 @@ to proxy traffic to the "db" service in the ops namespace:
}
```
</Tab>
</Tabs>
</CodeTabs>
</Tab>
</Tabs>
### Wildcard HTTP listener
<Tabs>
<Tab heading="HCL">
<Tabs>
<Tab heading="Consul OSS">
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the datacenter.
Also make two services available over a custom port with user-provided hosts, and enable TLS on every listener:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "ingress-gateway"
Name = "us-east-ingress"
@ -242,12 +216,73 @@ Listeners = [
]
```
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: IngressGateway
metadata:
name: us-east-ingress
spec:
tls:
enabled: true
listeners:
- port: 8080
protocol: http
services:
- name: '*'
- port: 4567
protocol: http
services:
- name: api
hosts: ['foo.example.com', 'foo.example.com:4567']
- name: web
hosts: ['website.example.com', 'website.example.com:4567']
```
```json
{
"Kind": "ingress-gateway",
"Name": "us-east-ingress",
"TLS": {
"Enabled": true
},
"Listeners": [
{
"Port": 8080,
"Protocol": "http",
"Services": [
{
"Name": "*"
}
]
},
{
"Port": 4567,
"Protocol": "http",
"Services": [
{
"Name": "api",
"Hosts": ["foo.example.com", "foo.example.com:4567"]
},
{
"Name": "web",
"Hosts": ["website.example.com", "website.example.com:4567"]
}
]
}
]
}
```
</CodeTabs>
</Tab>
<Tab heading="Consul Enterprise">
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the frontend namespace.
Also make two services in the frontend namespace available over a custom port with user-provided hosts, and enable TLS on every listener:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "ingress-gateway"
Name = "us-east-ingress"
@ -287,44 +322,6 @@ Listeners = [
]
```
</Tab>
</Tabs>
</Tab>
<Tab heading="Kubernetes YAML">
<Tabs>
<Tab heading="Consul OSS">
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the datacenter.
Also make two services available over a custom port with user-provided hosts, and enable TLS on every listener:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: IngressGateway
metadata:
name: us-east-ingress
spec:
tls:
enabled: true
listeners:
- port: 8080
protocol: http
services:
- name: '*'
- port: 4567
protocol: http
services:
- name: api
hosts: ['foo.example.com', 'foo.example.com:4567']
- name: web
hosts: ['website.example.com', 'website.example.com:4567']
```
</Tab>
<Tab heading="Consul Enterprise">
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the frontend namespace.
Also make two services in the frontend namespace available over a custom port with user-provided hosts, and enable TLS on every listener:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: IngressGateway
@ -351,57 +348,6 @@ spec:
hosts: ['website.example.com', 'website.example.com:4567']
```
</Tab>
</Tabs>
</Tab>
<Tab heading="JSON">
<Tabs>
<Tab heading="Consul OSS">
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the datacenter.
Also make two services available over a custom port with user-provided hosts, and enable TLS on every listener:
```json
{
"Kind": "ingress-gateway",
"Name": "us-east-ingress",
"TLS": {
"Enabled": true
},
"Listeners": [
{
"Port": 8080,
"Protocol": "http",
"Services": [
{
"Name": "*"
}
]
},
{
"Port": 4567,
"Protocol": "http",
"Services": [
{
"Name": "api",
"Hosts": ["foo.example.com", "foo.example.com:4567"]
},
{
"Name": "web",
"Hosts": ["website.example.com", "website.example.com:4567"]
}
]
}
]
}
```
</Tab>
<Tab heading="Consul Enterprise">
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the frontend namespace.
Also make two services in the frontend namespace available over a custom port with user-provided hosts, and enable TLS on every listener:
```json
{
"Kind": "ingress-gateway",
@ -441,21 +387,21 @@ Also make two services in the frontend namespace available over a custom port wi
}
```
</Tab>
</Tabs>
</CodeTabs>
</Tab>
</Tabs>
### HTTP listener with path-based routing
<Tabs>
<Tab heading="HCL">
<Tabs>
<Tab heading="Consul OSS">
Set up a HTTP listener on an ingress gateway named "us-east-ingress" to proxy
traffic to a virtual service named "api".
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "ingress-gateway"
Name = "us-east-ingress"
@ -473,12 +419,47 @@ Listeners = [
]
```
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: IngressGateway
metadata:
name: us-east-ingress
spec:
listeners:
- port: 80
protocol: http
services:
- name: api
```
```json
{
"Kind": "ingress-gateway",
"Name": "us-east-ingress",
"Listeners": [
{
"Port": 80,
"Protocol": "http",
"Services": [
{
"Name": "api"
}
]
}
]
}
```
</CodeTabs>
</Tab>
<Tab heading="Consul Enterprise">
Set up a HTTP listener on an ingress gateway named "us-east-ingress" in the
default namespace to proxy traffic to a virtual service named "api".
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "ingress-gateway"
Name = "us-east-ingress"
@ -498,35 +479,6 @@ Listeners = [
]
```
</Tab>
</Tabs>
</Tab>
<Tab heading="Kubernetes YAML">
<Tabs>
<Tab heading="Consul OSS">
Set up a HTTP listener on an ingress gateway named "us-east-ingress" to proxy
traffic to a virtual service named "api".
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: IngressGateway
metadata:
name: us-east-ingress
spec:
listeners:
- port: 80
protocol: http
services:
- name: api
```
</Tab>
<Tab heading="Consul Enterprise">
Set up a HTTP listener on an ingress gateway named "us-east-ingress" in the
default namespace to proxy traffic to a virtual service named "api".
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: IngressGateway
@ -542,40 +494,6 @@ spec:
namespace: frontend
```
</Tab>
</Tabs>
</Tab>
<Tab heading="JSON">
<Tabs>
<Tab heading="Consul OSS">
Set up a HTTP listener on an ingress gateway named "us-east-ingress" to proxy
traffic to a virtual service named "api".
```json
{
"Kind": "ingress-gateway",
"Name": "us-east-ingress",
"Listeners": [
{
"Port": 80,
"Protocol": "http",
"Services": [
{
"Name": "api"
}
]
}
]
}
```
</Tab>
<Tab heading="Consul Enterprise">
Set up a HTTP listener on an ingress gateway named "us-east-ingress" in the
default namespace to proxy traffic to a virtual service named "api".
```json
{
"Kind": "ingress-gateway",
@ -596,8 +514,8 @@ default namespace to proxy traffic to a virtual service named "api".
}
```
</Tab>
</Tabs>
</CodeTabs>
</Tab>
</Tabs>
@ -606,11 +524,11 @@ service for L7 configuration only. A `service-router` (`ServiceRouter` on Kubern
virtual service which uses path-based routing to route requests to different
backend services:
<Tabs>
<Tab heading="HCL">
<Tabs>
<Tab heading="Consul OSS">
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "service-router"
Name = "api"
@ -640,48 +558,6 @@ Routes = [
]
```
</Tab>
<Tab heading="Consul Enterprise">
```hcl
Kind = "service-router"
Name = "api"
Namespace = "default"
Routes = [
{
Match {
HTTP {
PathPrefix = "/billing"
}
}
Destination {
Service = "billing-api"
Namespace = "frontend"
}
},
{
Match {
HTTP {
PathPrefix = "/payments"
}
}
Destination {
Service = "payments-api"
Namespace = "frontend"
}
}
]
```
</Tab>
</Tabs>
</Tab>
<Tab heading="Kubernetes YAML">
<Tabs>
<Tab heading="Consul OSS">
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceRouter
@ -701,38 +577,6 @@ spec:
service: payments-api
```
</Tab>
<Tab heading="Consul Enterprise">
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceRouter
metadata:
name: api
namespace: default
spec:
routes:
- match:
http:
pathPrefix: '/billing'
destination:
service: billing-api
namespace: frontend
- match:
http:
pathPrefix: '/payments'
destination:
service: payments-api
namespace: frontend
```
</Tab>
</Tabs>
</Tab>
<Tab heading="JSON">
<Tabs>
<Tab heading="Consul OSS">
```json
{
"Kind": "service-router",
@ -762,9 +606,67 @@ spec:
}
```
</CodeTabs>
</Tab>
<Tab heading="Consul Enterprise">
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "service-router"
Name = "api"
Namespace = "default"
Routes = [
{
Match {
HTTP {
PathPrefix = "/billing"
}
}
Destination {
Service = "billing-api"
Namespace = "frontend"
}
},
{
Match {
HTTP {
PathPrefix = "/payments"
}
}
Destination {
Service = "payments-api"
Namespace = "frontend"
}
}
]
```
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceRouter
metadata:
name: api
namespace: default
spec:
routes:
- match:
http:
pathPrefix: '/billing'
destination:
service: billing-api
namespace: frontend
- match:
http:
pathPrefix: '/payments'
destination:
service: payments-api
namespace: frontend
```
```json
{
"Kind": "service-router",
@ -797,8 +699,8 @@ spec:
}
```
</Tab>
</Tabs>
</CodeTabs>
</Tab>
</Tabs>

View File

@ -23,7 +23,9 @@ Settings in this config entry apply across all namespaces and federated datacent
Only allow transparent proxies to dial addresses in the mesh.
<Tabs>
<Tab heading="HCL">
<Tab heading="Consul OSS">
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "mesh"
@ -32,12 +34,35 @@ TransparentProxy {
}
```
</Tab>
<Tab heading="HCL (Consul Enterprise)">
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: Mesh
metadata:
name: mesh
spec:
transparentProxy:
meshDestinationsOnly: true
```
**NOTE:** The `mesh` config entry can only be created in the `default`
```json
{
"Kind": "mesh",
"TransparentProxy": {
"MeshDestinationsOnly": true
}
}
```
</CodeTabs>
</Tab>
<Tab heading="Consul Enterprise">
-> **Note**: The `mesh` config entry can only be created in the `default`
namespace and it will apply to proxies across **all** namespaces.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "mesh"
Namespace = "default" # Can only be set to "default".
@ -47,9 +72,6 @@ TransparentProxy {
}
```
</Tab>
<Tab heading="Kubernetes YAML">
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: Mesh
@ -60,23 +82,18 @@ spec:
meshDestinationsOnly: true
```
</Tab>
<Tab heading="Kubernetes YAML (Consul Enterprise)">
**NOTE:** A `Mesh` resource can be created in any Kubernetes
namespace but it will apply to proxies across **all** namespaces. Only one
`Mesh` resource can exist in the cluster.
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: Mesh
metadata:
name: mesh
spec:
transparentProxy:
meshDestinationsOnly: true
```json
{
"Kind": "mesh",
"Namespace": "default",
"TransparentProxy": {
"MeshDestinationsOnly": true
}
}
```
</CodeTabs>
</Tab>
</Tabs>

View File

@ -20,11 +20,15 @@ one global entry is supported.
### Default protocol
Set the default protocol for all sidecar proxies:
<Tabs>
<Tab heading="HCL">
<Tab heading="Consul OSS">
Set the default protocol for all sidecar proxies:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "proxy-defaults"
Name = "global"
@ -33,14 +37,36 @@ Config {
}
```
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ProxyDefaults
metadata:
name: global
spec:
config:
protocol: http
```
```json
{
"Kind": "proxy-defaults",
"Name": "global",
"Config": {
"protocol": "http"
}
}
```
</CodeTabs>
</Tab>
<Tab heading="HCL (Consul Enterprise)">
<Tab heading="Consul Enterprise">
Set the default protocol for all sidecar proxies.
**NOTE:** The `proxy-defaults` config entry can only be created in the `default`
-> **NOTE:** The `proxy-defaults` config entry can only be created in the `default`
namespace and it will configure proxies in **all** namespaces.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "proxy-defaults"
Name = "global"
@ -50,46 +76,39 @@ Config {
}
```
</Tab>
<Tab heading="Kubernetes YAML">
Set the default protocol for all sidecar proxies:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ProxyDefaults
metadata:
name: global
namespace: default
spec:
config:
protocol: http
```
</Tab>
<Tab heading="Kubernetes YAML (Consul Enterprise)">
Set the default protocol for all sidecar proxies:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ProxyDefaults
metadata:
name: global
spec:
config:
protocol: http
```json
{
"Kind": "proxy-defaults",
"Name": "global",
"Namespace": "default",
"Config": {
"protocol": "http"
}
}
```
</CodeTabs>
</Tab>
</Tabs>
### Prometheus
<Tabs>
<Tab heading="HCL">
Expose prometheus metrics:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "proxy-defaults"
Name = "global"
@ -98,11 +117,6 @@ Config {
}
```
</Tab>
<Tab heading="Kubernetes YAML">
Expose prometheus metrics:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ProxyDefaults
@ -113,16 +127,24 @@ spec:
envoy_prometheus_bind_addr: '0.0.0.0:9102'
```
</Tab>
</Tabs>
```json
{
"Kind": "proxy-defaults",
"Name": "global",
"Config": {
"envoy_prometheus_bind_addr": "0.0.0.0:9102"
}
}
```
</CodeTabs>
### Proxy-specific defaults
<Tabs>
<Tab heading="HCL">
Set proxy-specific defaults:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "proxy-defaults"
Name = "global"
@ -132,11 +154,6 @@ Config {
}
```
</Tab>
<Tab heading="Kubernetes YAML">
Set proxy-specific defaults:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ProxyDefaults
@ -148,8 +165,18 @@ spec:
handshake_timeout_ms: 10000
```
</Tab>
</Tabs>
```json
{
"Kind": "proxy-defaults",
"Name": "global",
"Config": {
"local_connect_timeout_ms": 1000,
"handshake_timeout_ms": 10000
}
}
```
</CodeTabs>
## Available Fields
@ -207,8 +234,8 @@ spec:
description: `An arbitrary map of configuration values used by Connect proxies.
The available configurations depend on the Connect proxy you use.
Any values that your proxy allows can be configured globally here. To explore these options please see the documentation for your chosen proxy.
<ul><li>[Envoy](/docs/connect/proxies/envoy#bootstrap-configuration)</li>
<li>[Consul's built-in proxy](/docs/connect/proxies/built-in)</li></ul>`,
<ul><li>[Envoy](/docs/connect/proxies/envoy#proxy-config-options)</li>
<li>[Consul's built-in proxy](/docs/connect/proxies/built-in#proxy-config-key-reference)</li></ul>`,
},
{
name: 'Mode',

View File

@ -24,11 +24,10 @@ config entry. However, if the protocol value is specified in a service defaults
config entry for a given service, that value will take precedence over the
globally configured value from proxy defaults.
<Tabs>
<Tab heading="HCL">
Set the default protocol for a service in the default namespace to HTTP:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "service-defaults"
Name = "web"
@ -36,11 +35,6 @@ Namespace = "default"
Protocol = "http"
```
</Tab>
<Tab heading="Kubernetes YAML">
Set the default protocol for a service in the default namespace to HTTP:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceDefaults
@ -50,20 +44,28 @@ spec:
protocol: http
```
</Tab>
</Tabs>
```json
{
"Kind": "service-defaults",
"Name": "web",
"Namespace": "default",
"Protocol": "http"
}
```
</CodeTabs>
### Upstream configuration <sup>Beta</sup>
<Tabs>
<Tab heading="HCL">
<Tabs>
<Tab heading="Consul OSS">
Set default connection limits and mesh gateway mode across all upstreams
of "counting" and also override the mesh gateway mode used when dialing
of "counting", and also override the mesh gateway mode used when dialing
the "dashboard" service.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "service-defaults"
Name = "counting"
@ -91,6 +93,55 @@ UpstreamConfig = {
}
```
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceDefaults
metadata:
name: counting
spec:
upstreamConfig:
defaults:
meshGateway:
mode: local
limits:
maxConnections: 512
maxPendingRequests: 512
maxConcurrentRequests: 512
overrides:
- name: dashboard
meshGateway:
mode: remote
```
```json
{
"Kind": "service-defaults",
"Name": "counting",
"UpstreamConfig": {
"Defaults": {
"MeshGateway": {
"Mode": "local"
},
"Limits": {
"MaxConnections": 512,
"MaxPendingRequests": 512,
"MaxConcurrentRequests": 512
}
},
"Overrides": [
{
"Name": "dashboard",
"MeshGateway": {
"Mode": "remote"
}
}
]
}
}
```
</CodeTabs>
</Tab>
<Tab heading="Consul Enterprise">
@ -98,6 +149,8 @@ Set default connection limits and mesh gateway mode across all upstreams
of "counting" and also override the mesh gateway mode used when dialing
the "dashboard" service in the "frontend" namespace.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "service-defaults"
Name = "counting"
@ -127,46 +180,6 @@ UpstreamConfig = {
}
```
</Tab>
</Tabs>
</Tab>
<Tab heading="Kubernetes YAML">
<Tabs>
<Tab heading="Consul OSS">
Set default connection limits and mesh gateway mode across all upstreams
of "counting" and also override the mesh gateway mode used when dialing
the "dashboard" service.
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceDefaults
metadata:
name: counting
spec:
upstreamConfig:
defaults:
meshGateway:
mode: local
limits:
maxConnections: 512
maxPendingRequests: 512
maxConcurrentRequests: 512
overrides:
- name: dashboard
meshGateway:
mode: remote
```
</Tab>
<Tab heading="Consul Enterprise">
Set default connection limits and mesh gateway mode across all upstreams
of "counting" and also override the mesh gateway mode used when dialing
the "dashboard" service in the "frontend" namespace.
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceDefaults
@ -189,8 +202,36 @@ spec:
mode: remote
```
</Tab>
</Tabs>
```json
{
"Kind": "service-defaults",
"Name": "counting",
"Namespace": "product",
"UpstreamConfig": {
"Defaults": {
"MeshGateway": {
"Mode": "local"
},
"Limits": {
"MaxConnections": 512,
"MaxPendingRequests": 512,
"MaxConcurrentRequests": 512
}
},
"Overrides": [
{
"Name": "dashboard",
"Namespace": "frontend",
"MeshGateway": {
"Mode": "remote"
}
}
]
}
}
```
</CodeTabs>
</Tab>
</Tabs>

View File

@ -36,11 +36,10 @@ or globally via [`proxy-defaults`](/docs/connect/config-entries/proxy-defaults)
### REST Access
<Tabs>
<Tab heading="HCL">
Grant some clients more REST access than others:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "service-intentions"
Name = "api"
@ -74,11 +73,6 @@ Sources = [
]
```
</Tab>
<Tab heading="Kubernetes YAML">
Grant some clients more REST access than others:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceIntentions
@ -104,18 +98,48 @@ spec:
# unmatched connections and requests. Typically this will be DENY.
```
</Tab>
</Tabs>
```json
{
"Kind": "service-intentions",
"Name": "api",
"Sources": [
{
"Name": "admin-dashboard",
"Permissions": [
{
"Action": "allow",
"HTTP": {
"PathPrefix": "/v2",
"Methods": ["GET", "PUT", "POST", "DELETE", "HEAD"]
}
}
]
},
{
"Name": "report-generator",
"Permissions": [
{
"Action": "allow",
"HTTP": {
"PathPrefix": "/v2/widgets",
"Methods": ["GET"]
}
}
]
}
]
}
```
</CodeTabs>
### gRPC
<Tabs>
<Tab heading="HCL">
Selectively deny some gRPC service methods. Since gRPC method calls [are
HTTP/2](https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md), we can
use an HTTP path match rule to control traffic:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "service-intentions"
Name = "billing"
@ -156,13 +180,6 @@ Sources = [
]
```
</Tab>
<Tab heading="Kubernetes YAML">
Selectively deny some gRPC service methods. Since gRPC method calls [are
HTTP/2](https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md), we can
use an HTTP path match rule to control traffic:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceIntentions
@ -192,16 +209,51 @@ spec:
# unmatched connections and requests. Typically this will be DENY.
```
</Tab>
</Tabs>
```json
{
"Kind": "service-intentions",
"Name": "billing",
"Sources": [
{
"Name": "frontend-web",
"Permissions": [
{
"Action": "deny",
"HTTP": {
"PathExact": "/mycompany.BillingService/IssueRefund"
}
},
{
"Action": "allow",
"HTTP": {
"PathPrefix": "/mycompany.BillingService/"
}
}
]
},
{
"Name": "support-portal",
"Permissions": [
{
"Action": "allow",
"HTTP": {
"PathPrefix": "/mycompany.BillingService/"
}
}
]
}
]
}
```
</CodeTabs>
### L4 and L7
<Tabs>
<Tab heading="HCL">
You can mix and match L4 and L7 intentions per source:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "service-intentions"
Name = "api"
@ -231,11 +283,6 @@ Sources = [
]
```
</Tab>
<Tab heading="Kubernetes YAML">
You can mix and match L4 and L7 intentions per source:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceIntentions
@ -259,8 +306,35 @@ spec:
# unmatched connections and requests. Typically this will be DENY.
```
</Tab>
</Tabs>
```json
{
"Kind": "service-intentions",
"Name": "api",
"Sources": [
{
"Name": "hackathon-project",
"Action": "deny"
},
{
"Name": "web",
"Action": "allow"
},
{
"Name": "nightly-reconciler",
"Permissions": [
{
"Action": "allow",
"HTTP": {
"PathExact": "/v1/reconcile-data",
"Methods": ["POST"]
}
}
]
}
]
}
```
</CodeTabs>
## Available Fields

View File

@ -27,54 +27,62 @@ and discovery terminates.
### Filter on service version
<Tabs>
<Tab heading="HCL">
Create service subsets based on a version metadata and override the defaults:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "service-resolver"
Name = "web"
DefaultSubset = "v1"
Subsets = {
"v1" = {
v1 = {
Filter = "Service.Meta.version == v1"
}
"v2" = {
v2 = {
Filter = "Service.Meta.version == v2"
}
}
```
</Tab>
<Tab heading="Kubernetes YAML">
Create service subsets based on a version metadata and override the defaults:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceResolver
metadata:
name: web
spec:
defaultSubset: 'v1'
defaultSubset: v1
subsets:
'v1':
v1:
filter: 'Service.Meta.version == v1'
'v2':
v2:
filter: 'Service.Meta.version == v2'
```
</Tab>
</Tabs>
```json
{
"Kind": "service-resolver",
"Name": "web",
"DefaultSubset": "v1",
"Subsets": {
"v1": {
"Filter": "Service.Meta.version == v1"
},
"v2": {
"Filter": "Service.Meta.version == v2"
}
}
}
```
</CodeTabs>
### Other datacenters
<Tabs>
<Tab heading="HCL">
Expose a set of services in another datacenter as a virtual service:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "service-resolver"
Name = "web-dc2"
@ -84,11 +92,6 @@ Redirect {
}
```
</Tab>
<Tab heading="Kubernetes YAML">
Expose a set of services in another datacenter as a virtual service:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceResolver
@ -100,32 +103,39 @@ spec:
datacenter: dc2
```
</Tab>
</Tabs>
```json
{
"Kind": "service-resolver",
"Name": "web-dc2",
"Redirect": {
"Service": "web",
"Datacenter": "dc2"
}
}
```
</CodeTabs>
### Datacenter failover
<Tabs>
<Tab heading="HCL">
Enable failover for subset 'v2' to 'dc2', and all other subsets to dc3 or dc4:
Enable failover for all subsets:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "service-resolver"
Name = "web"
ConnectTimeout = "15s"
Failover = {
v2 = {
Datacenters = ["dc2"]
}
"*" = {
Datacenters = ["dc3", "dc4"]
}
}
```
</Tab>
<Tab heading="Kubernetes YAML">
Enable failover for all subsets:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceResolver
@ -134,20 +144,36 @@ metadata:
spec:
connectTimeout: 15s
failover:
v2:
datacenters: ['dc2']
'*':
datacenters: ['dc3', 'dc4']
```
</Tab>
</Tabs>
```json
{
"Kind": "service-resolver",
"Name": "web",
"ConnectTimeout": "15s",
"Failover": {
"v2": {
"Datacenters": ["dc2"]
},
"*": {
"Datacenters": ["dc3", "dc4"]
}
}
}
```
</CodeTabs>
### Consistent load balancing
<Tabs>
<Tab heading="HCL">
Apply consistent load balancing for requests based on `x-user-id` header:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "service-resolver"
Name = "web"
@ -163,11 +189,6 @@ LoadBalancer = {
}
```
</Tab>
<Tab heading="Kubernetes YAML">
Apply consistent load balancing for requests based on `x-user-id` header:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceResolver
@ -181,8 +202,23 @@ spec:
fieldValue: x-user-id
```
</Tab>
</Tabs>
```json
{
"Kind": "service-resolver",
"Name": "web",
"LoadBalancer": {
"Policy": "maglev",
"HashPolicies": [
{
"Field": "header",
"FieldValue": "x-user-id"
}
]
}
}
```
</CodeTabs>
## Available Fields

View File

@ -40,11 +40,10 @@ service of the same name.
### Path prefix matching
<Tabs>
<Tab heading="HCL">
Route HTTP requests with a path starting with `/admin` to a different service:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "service-router"
Name = "web"
@ -64,11 +63,6 @@ Routes = [
]
```
</Tab>
<Tab heading="Kubernetes YAML">
Route HTTP requests with a path starting with `/admin` to a different service:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceRouter
@ -84,15 +78,32 @@ spec:
# NOTE: a default catch-all will send unmatched traffic to "web"
```
</Tab>
</Tabs>
```json
{
"Kind": "service-router",
"Name": "web",
"Routes": [
{
"Match": {
"HTTP": {
"PathPrefix": "/admin"
}
},
"Destination": {
"Service": "admin"
}
}
]
}
```
</CodeTabs>
### Header/query parameter matching
<Tabs>
<Tab heading="HCL">
Route HTTP requests with a special URL parameter or header to a canary subset:
Route HTTP requests with a special url parameter or header to a canary subset:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "service-router"
@ -134,11 +145,6 @@ Routes = [
]
```
</Tab>
<Tab heading="Kubernetes YAML">
Route HTTP requests with a special url parameter or header to a canary subset:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceRouter
@ -165,17 +171,56 @@ spec:
# NOTE: a default catch-all will send unmatched traffic to "web"
```
</Tab>
</Tabs>
```json
{
"Kind": "service-router",
"Name": "web",
"Routes": [
{
"Match": {
"HTTP": {
"Header": [
{
"Name": "x-debug",
"Exact": "1"
}
]
}
},
"Destination": {
"Service": "web",
"ServiceSubset": "canary"
}
},
{
"Match": {
"HTTP": {
"QueryParam": [
{
"Name": "x-debug",
"Exact": "1"
}
]
}
},
"Destination": {
"Service": "web",
"ServiceSubset": "canary"
}
}
]
}
```
</CodeTabs>
### gRPC routing
<Tabs>
<Tab heading="HCL">
Re-route a gRPC method to another service. Since gRPC method calls [are
HTTP/2](https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md), we can use an HTTP path match rule to re-route traffic:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "service-router"
Name = "billing"
@ -195,12 +240,6 @@ Routes = [
]
```
</Tab>
<Tab heading="Kubernetes YAML">
Re-route a gRPC method to another service. Since gRPC method calls [are
HTTP/2](https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md), we can use an HTTP path match rule to re-route traffic:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceRouter
@ -216,8 +255,26 @@ spec:
# NOTE: a default catch-all will send unmatched traffic to "billing"
```
</Tab>
</Tabs>
```json
{
"Kind": "service-router",
"Name": "billing",
"Routes": [
{
"Match": {
"HTTP": {
"PathExact": "/mycompany.BillingService/GenerateInvoice"
}
},
"Destination": {
"Service": "invoice-generator"
}
}
]
}
```
</CodeTabs>
## Available Fields

View File

@ -43,11 +43,10 @@ resolution stage.
### Two subsets of same service
<Tabs>
<Tab heading="HCL">
Split traffic between two subsets of the same service:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "service-splitter"
Name = "web"
@ -63,11 +62,6 @@ Splits = [
]
```
</Tab>
<Tab heading="Kubernetes YAML">
Split traffic between two subsets of the same service:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceSplitter
@ -81,16 +75,31 @@ spec:
serviceSubset: v2
```
</Tab>
</Tabs>
```json
{
"Kind": "service-splitter",
"Name": "web",
"Splits": [
{
"Weight": 90,
"ServiceSubset": "v1"
},
{
"Weight": 10,
"ServiceSubset": "v2"
}
]
}
```
</CodeTabs>
### Two different services
<Tabs>
<Tab heading="HCL">
Split traffic between two services:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "service-splitter"
Name = "web"
@ -106,11 +115,6 @@ Splits = [
]
```
</Tab>
<Tab heading="Kubernetes YAML">
Split traffic between two services:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceSplitter
@ -124,8 +128,23 @@ spec:
service: web-rewrite
```
</Tab>
</Tabs>
```json
{
"Kind": "service-splitter",
"Name": "web",
"Splits": [
{
"Weight": 50
},
{
"Weight": 50,
"Service": "web-rewrite"
}
]
}
```
</CodeTabs>
## Available Fields

View File

@ -44,12 +44,16 @@ traffic from the mesh to those services will be evenly load-balanced between the
## Sample Config Entries
<Tabs>
<Tab heading="HCL">
### Access an external service
<Tabs>
<Tab heading="Consul OSS">
Link gateway named "us-west-gateway" with the billing service:
Link gateway named "us-west-gateway" with the billing service.
Connections to the external service will be unencrypted.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "terminating-gateway"
@ -62,10 +66,38 @@ Services = [
]
```
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: TerminatingGateway
metadata:
name: us-west-gateway
spec:
services:
- name: billing
```
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Services": [
{
"Name": "billing"
}
]
}
```
</CodeTabs>
</Tab>
<Tab heading="Consul Enterprise">
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace:
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace.
Connections to the external service will be unencrypted.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "terminating-gateway"
@ -80,30 +112,6 @@ Services = [
]
```
</Tab>
</Tabs>
</Tab>
<Tab heading="Kubernetes YAML">
<Tabs>
<Tab heading="Consul OSS">
Link gateway named "us-west-gateway" with the billing service:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: TerminatingGateway
metadata:
name: us-west-gateway
spec:
services:
- name: billing
```
</Tab>
<Tab heading="Consul Enterprise">
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: TerminatingGateway
@ -115,32 +123,6 @@ spec:
namespace: finance
```
</Tab>
</Tabs>
</Tab>
<Tab heading="JSON">
<Tabs>
<Tab heading="Consul OSS">
Link gateway named "us-west-gateway" with the billing service:
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Services": [
{
"Name": "billing"
}
]
}
```
</Tab>
<Tab heading="Consul Enterprise">
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace:
```json
{
"Kind": "terminating-gateway",
@ -155,17 +137,23 @@ Link gateway named "us-west-gateway" in the default namespace with the billing s
}
```
</Tab>
</Tabs>
</CodeTabs>
</Tab>
</Tabs>
<Tabs>
<Tab heading="HCL">
### Access an external service over TLS
<Tabs>
<Tab heading="Consul OSS">
Link gateway named "us-west-gateway" with the billing service and specify a CA file for one-way TLS authentication:
Link gateway named "us-west-gateway" with the billing service, and specify a CA
file to be used for one-way TLS authentication.
-> **Note**: The `CAFile` parameter must be specified _and_ point to a valid CA
bundle in order to properly initiate a TLS connection to the destination service.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "terminating-gateway"
@ -179,11 +167,42 @@ Services = [
]
```
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: TerminatingGateway
metadata:
name: us-west-gateway
spec:
services:
- name: billing
caFile: /etc/certs/ca-chain.cert.pem
```
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Services": [
{
"Name": "billing",
"CAFile": "/etc/certs/ca-chain.cert.pem"
}
]
}
```
</CodeTabs>
</Tab>
<Tab heading="Consul Enterprise">
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace,
and specify a CA file for one-way TLS authentication:
and specify a CA file to be used for one-way TLS authentication.
-> **Note**: The `CAFile` parameter must be specified _and_ point to a valid CA
bundle in order to properly initiate a TLS connection to the destination service.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "terminating-gateway"
@ -199,32 +218,6 @@ Services = [
]
```
</Tab>
</Tabs>
</Tab>
<Tab heading="Kubernetes YAML">
<Tabs>
<Tab heading="Consul OSS">
Link gateway named "us-west-gateway" with the billing service and specify a CA file for one-way TLS authentication:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: TerminatingGateway
metadata:
name: us-west-gateway
spec:
services:
- name: billing
caFile: /etc/certs/ca-chain.cert.pem
```
</Tab>
<Tab heading="Consul Enterprise">
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace,
and specify a CA file for one-way TLS authentication:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: TerminatingGateway
@ -237,34 +230,6 @@ spec:
caFile: /etc/certs/ca-chain.cert.pem
```
</Tab>
</Tabs>
</Tab>
<Tab heading="JSON">
<Tabs>
<Tab heading="Consul OSS">
Link gateway named "us-west-gateway" with the billing service and specify a CA file for one-way TLS authentication:
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Services": [
{
"Name": "billing",
"CAFile": "/etc/certs/ca-chain.cert.pem"
}
]
}
```
</Tab>
<Tab heading="Consul Enterprise">
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace,
and specify a CA file for one-way TLS authentication:
```json
{
"Kind": "terminating-gateway",
@ -280,17 +245,23 @@ and specify a CA file for one-way TLS authentication:
}
```
</Tab>
</Tabs>
</CodeTabs>
</Tab>
</Tabs>
<Tabs>
<Tab heading="HCL">
### Access an external service over mutual TLS
<Tabs>
<Tab heading="Consul OSS">
Link gateway named "us-west-gateway" with the payments service and specify a CA file, key file, and cert file for mutual TLS authentication:
Link gateway named "us-west-gateway" with the billing service, and specify a CA
file, key file, and cert file to be used for mutual TLS authentication.
-> **Note**: The `CAFile` parameter must be specified _and_ point to a valid CA
bundle in order to properly initiate a TLS connection to the destination service.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "terminating-gateway"
@ -306,11 +277,46 @@ Services = [
]
```
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: TerminatingGateway
metadata:
name: us-west-gateway
spec:
services:
- name: billing
caFile: /etc/certs/ca-chain.cert.pem
keyFile: /etc/certs/gateway.key.pem
certFile: /etc/certs/gateway.cert.pem
```
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Services": [
{
"Name": "billing",
"CAFile": "/etc/certs/ca-chain.cert.pem",
"KeyFile": "/etc/certs/gateway.key.pem",
"CertFile": "/etc/certs/gateway.cert.pem"
}
]
}
```
</CodeTabs>
</Tab>
<Tab heading="Consul Enterprise">
Link gateway named "us-west-gateway" in the default namespace with the payments service in the finance namespace.
Also specify a CA file, key file, and cert file for mutual TLS authentication:
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace.
Also specify a CA file, key file, and cert file to be used for mutual TLS authentication.
-> **Note**: The `CAFile` parameter must be specified _and_ point to a valid CA
bundle in order to properly initiate a TLS connection to the destination service.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "terminating-gateway"
@ -328,34 +334,6 @@ Services = [
]
```
</Tab>
</Tabs>
</Tab>
<Tab heading="Kubernetes YAML">
<Tabs>
<Tab heading="Consul OSS">
Link gateway named "us-west-gateway" with the payments service and specify a CA file, key file, and cert file for mutual TLS authentication:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: TerminatingGateway
metadata:
name: us-west-gateway
spec:
services:
- name: billing
caFile: /etc/certs/ca-chain.cert.pem
keyFile: /etc/certs/gateway.key.pem
certFile: /etc/certs/gateway.cert.pem
```
</Tab>
<Tab heading="Consul Enterprise">
Link gateway named "us-west-gateway" in the default namespace with the payments service in the finance namespace.
Also specify a CA file, key file, and cert file for mutual TLS authentication:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: TerminatingGateway
@ -370,36 +348,6 @@ spec:
certFile: /etc/certs/gateway.cert.pem
```
</Tab>
</Tabs>
</Tab>
<Tab heading="JSON">
<Tabs>
<Tab heading="Consul OSS">
Link gateway named "us-west-gateway" with the payments service and specify a CA file, key file, and cert file for mutual TLS authentication:
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Services": [
{
"Name": "billing",
"CAFile": "/etc/certs/ca-chain.cert.pem",
"KeyFile": "/etc/certs/gateway.key.pem",
"CertFile": "/etc/certs/gateway.cert.pem"
}
]
}
```
</Tab>
<Tab heading="Consul Enterprise">
Link gateway named "us-west-gateway" in the default namespace with the payments service in the finance namespace.
Also specify a CA file, key file, and cert file for mutual TLS authentication:
```json
{
"Kind": "terminating-gateway",
@ -417,18 +365,23 @@ Also specify a CA file, key file, and cert file for mutual TLS authentication:
}
```
</Tab>
</Tabs>
</CodeTabs>
</Tab>
</Tabs>
<Tabs>
<Tab heading="HCL">
### Override connection parameters for a specific service
<Tabs>
<Tab heading="Consul OSS">
Link gateway named "us-west-gateway" with all services in the datacenter, and configure default certificates for mutual TLS.
Also override the SNI and CA file used for connections to the billing service:
Override the SNI and CA file used for connections to the billing service.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
<CodeBlockConfig highlight="11-15">
```hcl
Kind = "terminating-gateway"
@ -449,11 +402,65 @@ Services = [
]
```
</CodeBlockConfig>
<CodeBlockConfig highlight="11-13">
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: TerminatingGateway
metadata:
name: us-west-gateway
spec:
services:
- name: '*'
caFile: /etc/common-certs/ca-chain.cert.pem
keyFile: /etc/common-certs/gateway.key.pem
certFile: /etc/common-certs/gateway.cert.pem
- name: billing
caFile: /etc/billing-ca/ca-chain.cert.pem
sni: billing.service.com
```
</CodeBlockConfig>
<CodeBlockConfig highlight="11-15">
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Services": [
{
"Name": "*",
"CAFile": "/etc/common-certs/ca-chain.cert.pem",
"KeyFile": "/etc/common-certs/gateway.key.pem",
"CertFile": "/etc/common-certs/gateway.cert.pem"
},
{
"Name": "billing",
"CAFile": "/etc/billing-ca/ca-chain.cert.pem",
"SNI": "billing.service.com"
}
]
}
```
</CodeBlockConfig>
</CodeTabs>
</Tab>
<Tab heading="Consul Enterprise">
Link gateway named "us-west-gateway" in the default namespace with all services in the finance namespace,
and configure default certificates for mutual TLS. Also override the SNI and CA file used for connections to the billing service:
and configure default certificates for mutual TLS.
Override the SNI and CA file used for connections to the billing service:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
<CodeBlockConfig highlight="13-18">
```hcl
Kind = "terminating-gateway"
@ -471,43 +478,15 @@ Services = [
{
Namespace = "finance"
Name = "billing"
CAFile = "/etc/billing-ca/ca-chain.cert.pem",
CAFile = "/etc/billing-ca/ca-chain.cert.pem"
SNI = "billing.service.com"
}
]
```
</Tab>
</Tabs>
</Tab>
<Tab heading="Kubernetes YAML">
<Tabs>
<Tab heading="Consul OSS">
</CodeBlockConfig>
Link gateway named "us-west-gateway" with all services in the datacenter, and configure default certificates for mutual TLS.
Also override the SNI and CA file used for connections to the billing service:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: TerminatingGateway
metadata:
name: us-west-gateway
spec:
services:
- name: '*'
caFile: /etc/common-certs/ca-chain.cert.pem
keyFile: /etc/common-certs/gateway.key.pem
certFile: /etc/common-certs/gateway.cert.pem
- name: billing
caFile: /etc/billing-ca/ca-chain.cert.pem
sni: billing.service.com
```
</Tab>
<Tab heading="Consul Enterprise">
Link gateway named "us-west-gateway" in the default namespace with all services in the finance namespace,
and configure default certificates for mutual TLS. Also override the SNI and CA file used for connections to the billing service:
<CodeBlockConfig highlight="12-15">
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
@ -527,42 +506,9 @@ spec:
sni: billing.service.com
```
</Tab>
</Tabs>
</Tab>
<Tab heading="JSON">
<Tabs>
<Tab heading="Consul OSS">
</CodeBlockConfig>
Link gateway named "us-west-gateway" with all services in the datacenter, and configure default certificates for mutual TLS.
Also override the SNI and CA file used for connections to the billing service:
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Services": [
{
"Name": "*",
"CAFile": "/etc/billing-ca/ca-chain.cert.pem",
"KeyFile": "/etc/certs/gateway.key.pem",
"CertFile": "/etc/certs/gateway.cert.pem",
"SNI": "billing.service.com"
},
{
"Name": "billing",
"CAFile": "/etc/billing-ca/ca-chain.cert.pem",
"SNI": "billing.service.com"
}
]
}
```
</Tab>
<Tab heading="Consul Enterprise">
Link gateway named "us-west-gateway" in the default namespace with all services in the finance namespace,
and configure default certificates for mutual TLS. Also override the SNI and CA file used for connections to the billing service:
<CodeBlockConfig highlight="13-18">
```json
{
@ -573,10 +519,9 @@ and configure default certificates for mutual TLS. Also override the SNI and CA
{
"Namespace": "finance",
"Name": "*",
"CAFile": "/etc/billing-ca/ca-chain.cert.pem",
"KeyFile": "/etc/certs/gateway.key.pem",
"CertFile": "/etc/certs/gateway.cert.pem",
"SNI": "billing.service.com"
"CAFile": "/etc/common-certs/ca-chain.cert.pem",
"KeyFile": "/etc/common-certs/gateway.key.pem",
"CertFile": "/etc/common-certs/gateway.cert.pem"
},
{
"Namespace": "finance",
@ -588,8 +533,10 @@ and configure default certificates for mutual TLS. Also override the SNI and CA
}
```
</Tab>
</Tabs>
</CodeBlockConfig>
</CodeTabs>
</Tab>
</Tabs>