mirror of https://github.com/hashicorp/consul
docs: Add JSON examples to all config entries
This commit adds example JSON configs for several config entry resources were missing examples in this language. The examples have been updated to use the new CodeTabs resource instead of the Tab component.pull/10839/head
parent
b01fa1f924
commit
005e193e55
|
@ -67,7 +67,7 @@ The table below shows this endpoint's support for
|
|||
|
||||
### Sample Payload
|
||||
|
||||
```javascript
|
||||
```json
|
||||
{
|
||||
"Kind": "service-defaults",
|
||||
"Name": "web",
|
||||
|
|
|
@ -47,13 +47,13 @@ A wildcard specifier cannot be set on a listener of protocol `tcp`.
|
|||
|
||||
### TCP listener
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
<Tabs>
|
||||
<Tab heading="Consul OSS">
|
||||
|
||||
Set up a TCP listener on an ingress gateway named "us-east-ingress" to proxy traffic to the "db" service:
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "ingress-gateway"
|
||||
Name = "us-east-ingress"
|
||||
|
@ -71,12 +71,47 @@ Listeners = [
|
|||
]
|
||||
```
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: IngressGateway
|
||||
metadata:
|
||||
name: us-east-ingress
|
||||
spec:
|
||||
listeners:
|
||||
- port: 3456
|
||||
protocol: tcp
|
||||
services:
|
||||
- name: db
|
||||
```
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "ingress-gateway",
|
||||
"Name": "us-east-ingress",
|
||||
"Listeners": [
|
||||
{
|
||||
"Port": 3456,
|
||||
"Protocol": "tcp",
|
||||
"Services": [
|
||||
{
|
||||
"Name": "db"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
Set up a TCP listener on an ingress gateway named "us-east-ingress" in the default namespace
|
||||
to proxy traffic to the "db" service in the ops namespace:
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "ingress-gateway"
|
||||
Name = "us-east-ingress"
|
||||
|
@ -96,34 +131,6 @@ Listeners = [
|
|||
]
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</Tab>
|
||||
<Tab heading="Kubernetes YAML">
|
||||
<Tabs>
|
||||
<Tab heading="Consul OSS">
|
||||
|
||||
Set up a TCP listener on an ingress gateway named "us-east-ingress" to proxy traffic to the "db" service:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: IngressGateway
|
||||
metadata:
|
||||
name: us-east-ingress
|
||||
spec:
|
||||
listeners:
|
||||
- port: 3456
|
||||
protocol: tcp
|
||||
services:
|
||||
- name: db
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
Set up a TCP listener on an ingress gateway named "us-east-ingress" in the default namespace
|
||||
to proxy traffic to the "db" service in the ops namespace:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: IngressGateway
|
||||
|
@ -139,39 +146,6 @@ spec:
|
|||
namespace: ops
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</Tab>
|
||||
<Tab heading="JSON">
|
||||
<Tabs>
|
||||
<Tab heading="Consul OSS">
|
||||
|
||||
Set up a TCP listener on an ingress gateway named "us-east-ingress" to proxy traffic to the "db" service:
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "ingress-gateway",
|
||||
"Name": "us-east-ingress",
|
||||
"Listeners": [
|
||||
{
|
||||
"Port": 3456,
|
||||
"Protocol": "tcp",
|
||||
"Services": [
|
||||
{
|
||||
"Name": "db"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
Set up a TCP listener on an ingress gateway named "us-east-ingress" in the default namespace
|
||||
to proxy traffic to the "db" service in the ops namespace:
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "ingress-gateway",
|
||||
|
@ -192,21 +166,21 @@ to proxy traffic to the "db" service in the ops namespace:
|
|||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</CodeTabs>
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
|
||||
### Wildcard HTTP listener
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
<Tabs>
|
||||
<Tab heading="Consul OSS">
|
||||
|
||||
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the datacenter.
|
||||
Also make two services available over a custom port with user-provided hosts, and enable TLS on every listener:
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "ingress-gateway"
|
||||
Name = "us-east-ingress"
|
||||
|
@ -242,12 +216,73 @@ Listeners = [
|
|||
]
|
||||
```
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: IngressGateway
|
||||
metadata:
|
||||
name: us-east-ingress
|
||||
spec:
|
||||
tls:
|
||||
enabled: true
|
||||
listeners:
|
||||
- port: 8080
|
||||
protocol: http
|
||||
services:
|
||||
- name: '*'
|
||||
- port: 4567
|
||||
protocol: http
|
||||
services:
|
||||
- name: api
|
||||
hosts: ['foo.example.com', 'foo.example.com:4567']
|
||||
- name: web
|
||||
hosts: ['website.example.com', 'website.example.com:4567']
|
||||
```
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "ingress-gateway",
|
||||
"Name": "us-east-ingress",
|
||||
"TLS": {
|
||||
"Enabled": true
|
||||
},
|
||||
"Listeners": [
|
||||
{
|
||||
"Port": 8080,
|
||||
"Protocol": "http",
|
||||
"Services": [
|
||||
{
|
||||
"Name": "*"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"Port": 4567,
|
||||
"Protocol": "http",
|
||||
"Services": [
|
||||
{
|
||||
"Name": "api",
|
||||
"Hosts": ["foo.example.com", "foo.example.com:4567"]
|
||||
},
|
||||
{
|
||||
"Name": "web",
|
||||
"Hosts": ["website.example.com", "website.example.com:4567"]
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the frontend namespace.
|
||||
Also make two services in the frontend namespace available over a custom port with user-provided hosts, and enable TLS on every listener:
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "ingress-gateway"
|
||||
Name = "us-east-ingress"
|
||||
|
@ -287,44 +322,6 @@ Listeners = [
|
|||
]
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</Tab>
|
||||
<Tab heading="Kubernetes YAML">
|
||||
<Tabs>
|
||||
<Tab heading="Consul OSS">
|
||||
|
||||
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the datacenter.
|
||||
Also make two services available over a custom port with user-provided hosts, and enable TLS on every listener:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: IngressGateway
|
||||
metadata:
|
||||
name: us-east-ingress
|
||||
spec:
|
||||
tls:
|
||||
enabled: true
|
||||
listeners:
|
||||
- port: 8080
|
||||
protocol: http
|
||||
services:
|
||||
- name: '*'
|
||||
- port: 4567
|
||||
protocol: http
|
||||
services:
|
||||
- name: api
|
||||
hosts: ['foo.example.com', 'foo.example.com:4567']
|
||||
- name: web
|
||||
hosts: ['website.example.com', 'website.example.com:4567']
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the frontend namespace.
|
||||
Also make two services in the frontend namespace available over a custom port with user-provided hosts, and enable TLS on every listener:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: IngressGateway
|
||||
|
@ -351,57 +348,6 @@ spec:
|
|||
hosts: ['website.example.com', 'website.example.com:4567']
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</Tab>
|
||||
<Tab heading="JSON">
|
||||
<Tabs>
|
||||
<Tab heading="Consul OSS">
|
||||
|
||||
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the datacenter.
|
||||
Also make two services available over a custom port with user-provided hosts, and enable TLS on every listener:
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "ingress-gateway",
|
||||
"Name": "us-east-ingress",
|
||||
"TLS": {
|
||||
"Enabled": true
|
||||
},
|
||||
"Listeners": [
|
||||
{
|
||||
"Port": 8080,
|
||||
"Protocol": "http",
|
||||
"Services": [
|
||||
{
|
||||
"Name": "*"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"Port": 4567,
|
||||
"Protocol": "http",
|
||||
"Services": [
|
||||
{
|
||||
"Name": "api",
|
||||
"Hosts": ["foo.example.com", "foo.example.com:4567"]
|
||||
},
|
||||
{
|
||||
"Name": "web",
|
||||
"Hosts": ["website.example.com", "website.example.com:4567"]
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the frontend namespace.
|
||||
Also make two services in the frontend namespace available over a custom port with user-provided hosts, and enable TLS on every listener:
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "ingress-gateway",
|
||||
|
@ -441,21 +387,21 @@ Also make two services in the frontend namespace available over a custom port wi
|
|||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</CodeTabs>
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
|
||||
### HTTP listener with path-based routing
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
<Tabs>
|
||||
<Tab heading="Consul OSS">
|
||||
|
||||
Set up a HTTP listener on an ingress gateway named "us-east-ingress" to proxy
|
||||
traffic to a virtual service named "api".
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "ingress-gateway"
|
||||
Name = "us-east-ingress"
|
||||
|
@ -473,12 +419,47 @@ Listeners = [
|
|||
]
|
||||
```
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: IngressGateway
|
||||
metadata:
|
||||
name: us-east-ingress
|
||||
spec:
|
||||
listeners:
|
||||
- port: 80
|
||||
protocol: http
|
||||
services:
|
||||
- name: api
|
||||
```
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "ingress-gateway",
|
||||
"Name": "us-east-ingress",
|
||||
"Listeners": [
|
||||
{
|
||||
"Port": 80,
|
||||
"Protocol": "http",
|
||||
"Services": [
|
||||
{
|
||||
"Name": "api"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
Set up a HTTP listener on an ingress gateway named "us-east-ingress" in the
|
||||
default namespace to proxy traffic to a virtual service named "api".
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "ingress-gateway"
|
||||
Name = "us-east-ingress"
|
||||
|
@ -498,35 +479,6 @@ Listeners = [
|
|||
]
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</Tab>
|
||||
<Tab heading="Kubernetes YAML">
|
||||
<Tabs>
|
||||
<Tab heading="Consul OSS">
|
||||
|
||||
Set up a HTTP listener on an ingress gateway named "us-east-ingress" to proxy
|
||||
traffic to a virtual service named "api".
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: IngressGateway
|
||||
metadata:
|
||||
name: us-east-ingress
|
||||
spec:
|
||||
listeners:
|
||||
- port: 80
|
||||
protocol: http
|
||||
services:
|
||||
- name: api
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
Set up a HTTP listener on an ingress gateway named "us-east-ingress" in the
|
||||
default namespace to proxy traffic to a virtual service named "api".
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: IngressGateway
|
||||
|
@ -542,40 +494,6 @@ spec:
|
|||
namespace: frontend
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</Tab>
|
||||
<Tab heading="JSON">
|
||||
<Tabs>
|
||||
<Tab heading="Consul OSS">
|
||||
|
||||
Set up a HTTP listener on an ingress gateway named "us-east-ingress" to proxy
|
||||
traffic to a virtual service named "api".
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "ingress-gateway",
|
||||
"Name": "us-east-ingress",
|
||||
"Listeners": [
|
||||
{
|
||||
"Port": 80,
|
||||
"Protocol": "http",
|
||||
"Services": [
|
||||
{
|
||||
"Name": "api"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
Set up a HTTP listener on an ingress gateway named "us-east-ingress" in the
|
||||
default namespace to proxy traffic to a virtual service named "api".
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "ingress-gateway",
|
||||
|
@ -596,8 +514,8 @@ default namespace to proxy traffic to a virtual service named "api".
|
|||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</CodeTabs>
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
|
||||
|
@ -606,11 +524,11 @@ service for L7 configuration only. A `service-router` (`ServiceRouter` on Kubern
|
|||
virtual service which uses path-based routing to route requests to different
|
||||
backend services:
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
<Tabs>
|
||||
<Tab heading="Consul OSS">
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "service-router"
|
||||
Name = "api"
|
||||
|
@ -640,48 +558,6 @@ Routes = [
|
|||
]
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
```hcl
|
||||
Kind = "service-router"
|
||||
Name = "api"
|
||||
Namespace = "default"
|
||||
Routes = [
|
||||
{
|
||||
Match {
|
||||
HTTP {
|
||||
PathPrefix = "/billing"
|
||||
}
|
||||
}
|
||||
|
||||
Destination {
|
||||
Service = "billing-api"
|
||||
Namespace = "frontend"
|
||||
}
|
||||
},
|
||||
{
|
||||
Match {
|
||||
HTTP {
|
||||
PathPrefix = "/payments"
|
||||
}
|
||||
}
|
||||
|
||||
Destination {
|
||||
Service = "payments-api"
|
||||
Namespace = "frontend"
|
||||
}
|
||||
}
|
||||
]
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</Tab>
|
||||
<Tab heading="Kubernetes YAML">
|
||||
<Tabs>
|
||||
<Tab heading="Consul OSS">
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: ServiceRouter
|
||||
|
@ -701,38 +577,6 @@ spec:
|
|||
service: payments-api
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: ServiceRouter
|
||||
metadata:
|
||||
name: api
|
||||
namespace: default
|
||||
spec:
|
||||
routes:
|
||||
- match:
|
||||
http:
|
||||
pathPrefix: '/billing'
|
||||
destination:
|
||||
service: billing-api
|
||||
namespace: frontend
|
||||
- match:
|
||||
http:
|
||||
pathPrefix: '/payments'
|
||||
destination:
|
||||
service: payments-api
|
||||
namespace: frontend
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</Tab>
|
||||
<Tab heading="JSON">
|
||||
<Tabs>
|
||||
<Tab heading="Consul OSS">
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "service-router",
|
||||
|
@ -762,9 +606,67 @@ spec:
|
|||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "service-router"
|
||||
Name = "api"
|
||||
Namespace = "default"
|
||||
Routes = [
|
||||
{
|
||||
Match {
|
||||
HTTP {
|
||||
PathPrefix = "/billing"
|
||||
}
|
||||
}
|
||||
|
||||
Destination {
|
||||
Service = "billing-api"
|
||||
Namespace = "frontend"
|
||||
}
|
||||
},
|
||||
{
|
||||
Match {
|
||||
HTTP {
|
||||
PathPrefix = "/payments"
|
||||
}
|
||||
}
|
||||
|
||||
Destination {
|
||||
Service = "payments-api"
|
||||
Namespace = "frontend"
|
||||
}
|
||||
}
|
||||
]
|
||||
```
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: ServiceRouter
|
||||
metadata:
|
||||
name: api
|
||||
namespace: default
|
||||
spec:
|
||||
routes:
|
||||
- match:
|
||||
http:
|
||||
pathPrefix: '/billing'
|
||||
destination:
|
||||
service: billing-api
|
||||
namespace: frontend
|
||||
- match:
|
||||
http:
|
||||
pathPrefix: '/payments'
|
||||
destination:
|
||||
service: payments-api
|
||||
namespace: frontend
|
||||
```
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "service-router",
|
||||
|
@ -797,8 +699,8 @@ spec:
|
|||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</CodeTabs>
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
|
||||
|
|
|
@ -23,7 +23,9 @@ Settings in this config entry apply across all namespaces and federated datacent
|
|||
Only allow transparent proxies to dial addresses in the mesh.
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
<Tab heading="Consul OSS">
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "mesh"
|
||||
|
@ -32,12 +34,35 @@ TransparentProxy {
|
|||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="HCL (Consul Enterprise)">
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: Mesh
|
||||
metadata:
|
||||
name: mesh
|
||||
spec:
|
||||
transparentProxy:
|
||||
meshDestinationsOnly: true
|
||||
```
|
||||
|
||||
**NOTE:** The `mesh` config entry can only be created in the `default`
|
||||
```json
|
||||
{
|
||||
"Kind": "mesh",
|
||||
"TransparentProxy": {
|
||||
"MeshDestinationsOnly": true
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
-> **Note**: The `mesh` config entry can only be created in the `default`
|
||||
namespace and it will apply to proxies across **all** namespaces.
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "mesh"
|
||||
Namespace = "default" # Can only be set to "default".
|
||||
|
@ -47,9 +72,6 @@ TransparentProxy {
|
|||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Kubernetes YAML">
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: Mesh
|
||||
|
@ -60,23 +82,18 @@ spec:
|
|||
meshDestinationsOnly: true
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Kubernetes YAML (Consul Enterprise)">
|
||||
|
||||
**NOTE:** A `Mesh` resource can be created in any Kubernetes
|
||||
namespace but it will apply to proxies across **all** namespaces. Only one
|
||||
`Mesh` resource can exist in the cluster.
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: Mesh
|
||||
metadata:
|
||||
name: mesh
|
||||
spec:
|
||||
transparentProxy:
|
||||
meshDestinationsOnly: true
|
||||
```json
|
||||
{
|
||||
"Kind": "mesh",
|
||||
"Namespace": "default",
|
||||
"TransparentProxy": {
|
||||
"MeshDestinationsOnly": true
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
|
||||
|
|
|
@ -20,11 +20,15 @@ one global entry is supported.
|
|||
|
||||
### Default protocol
|
||||
|
||||
Set the default protocol for all sidecar proxies:
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
<Tab heading="Consul OSS">
|
||||
|
||||
Set the default protocol for all sidecar proxies:
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "proxy-defaults"
|
||||
Name = "global"
|
||||
|
@ -33,14 +37,36 @@ Config {
|
|||
}
|
||||
```
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: ProxyDefaults
|
||||
metadata:
|
||||
name: global
|
||||
spec:
|
||||
config:
|
||||
protocol: http
|
||||
```
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "proxy-defaults",
|
||||
"Name": "global",
|
||||
"Config": {
|
||||
"protocol": "http"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
</Tab>
|
||||
<Tab heading="HCL (Consul Enterprise)">
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
Set the default protocol for all sidecar proxies.
|
||||
|
||||
**NOTE:** The `proxy-defaults` config entry can only be created in the `default`
|
||||
-> **NOTE:** The `proxy-defaults` config entry can only be created in the `default`
|
||||
namespace and it will configure proxies in **all** namespaces.
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "proxy-defaults"
|
||||
Name = "global"
|
||||
|
@ -50,46 +76,39 @@ Config {
|
|||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Kubernetes YAML">
|
||||
|
||||
Set the default protocol for all sidecar proxies:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: ProxyDefaults
|
||||
metadata:
|
||||
name: global
|
||||
namespace: default
|
||||
spec:
|
||||
config:
|
||||
protocol: http
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Kubernetes YAML (Consul Enterprise)">
|
||||
|
||||
Set the default protocol for all sidecar proxies:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: ProxyDefaults
|
||||
metadata:
|
||||
name: global
|
||||
spec:
|
||||
config:
|
||||
protocol: http
|
||||
```json
|
||||
{
|
||||
"Kind": "proxy-defaults",
|
||||
"Name": "global",
|
||||
"Namespace": "default",
|
||||
"Config": {
|
||||
"protocol": "http"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
|
||||
### Prometheus
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
|
||||
Expose prometheus metrics:
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "proxy-defaults"
|
||||
Name = "global"
|
||||
|
@ -98,11 +117,6 @@ Config {
|
|||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Kubernetes YAML">
|
||||
|
||||
Expose prometheus metrics:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: ProxyDefaults
|
||||
|
@ -113,16 +127,24 @@ spec:
|
|||
envoy_prometheus_bind_addr: '0.0.0.0:9102'
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
```json
|
||||
{
|
||||
"Kind": "proxy-defaults",
|
||||
"Name": "global",
|
||||
"Config": {
|
||||
"envoy_prometheus_bind_addr": "0.0.0.0:9102"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
### Proxy-specific defaults
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
|
||||
Set proxy-specific defaults:
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "proxy-defaults"
|
||||
Name = "global"
|
||||
|
@ -132,11 +154,6 @@ Config {
|
|||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Kubernetes YAML">
|
||||
|
||||
Set proxy-specific defaults:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: ProxyDefaults
|
||||
|
@ -148,8 +165,18 @@ spec:
|
|||
handshake_timeout_ms: 10000
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
```json
|
||||
{
|
||||
"Kind": "proxy-defaults",
|
||||
"Name": "global",
|
||||
"Config": {
|
||||
"local_connect_timeout_ms": 1000,
|
||||
"handshake_timeout_ms": 10000
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
## Available Fields
|
||||
|
||||
|
@ -207,8 +234,8 @@ spec:
|
|||
description: `An arbitrary map of configuration values used by Connect proxies.
|
||||
The available configurations depend on the Connect proxy you use.
|
||||
Any values that your proxy allows can be configured globally here. To explore these options please see the documentation for your chosen proxy.
|
||||
<ul><li>[Envoy](/docs/connect/proxies/envoy#bootstrap-configuration)</li>
|
||||
<li>[Consul's built-in proxy](/docs/connect/proxies/built-in)</li></ul>`,
|
||||
<ul><li>[Envoy](/docs/connect/proxies/envoy#proxy-config-options)</li>
|
||||
<li>[Consul's built-in proxy](/docs/connect/proxies/built-in#proxy-config-key-reference)</li></ul>`,
|
||||
},
|
||||
{
|
||||
name: 'Mode',
|
||||
|
|
|
@ -24,11 +24,10 @@ config entry. However, if the protocol value is specified in a service defaults
|
|||
config entry for a given service, that value will take precedence over the
|
||||
globally configured value from proxy defaults.
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
|
||||
Set the default protocol for a service in the default namespace to HTTP:
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "service-defaults"
|
||||
Name = "web"
|
||||
|
@ -36,11 +35,6 @@ Namespace = "default"
|
|||
Protocol = "http"
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Kubernetes YAML">
|
||||
|
||||
Set the default protocol for a service in the default namespace to HTTP:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: ServiceDefaults
|
||||
|
@ -50,20 +44,28 @@ spec:
|
|||
protocol: http
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
```json
|
||||
{
|
||||
"Kind": "service-defaults",
|
||||
"Name": "web",
|
||||
"Namespace": "default",
|
||||
"Protocol": "http"
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
### Upstream configuration <sup>Beta</sup>
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
<Tabs>
|
||||
<Tab heading="Consul OSS">
|
||||
|
||||
Set default connection limits and mesh gateway mode across all upstreams
|
||||
of "counting" and also override the mesh gateway mode used when dialing
|
||||
of "counting", and also override the mesh gateway mode used when dialing
|
||||
the "dashboard" service.
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "service-defaults"
|
||||
Name = "counting"
|
||||
|
@ -91,6 +93,55 @@ UpstreamConfig = {
|
|||
}
|
||||
```
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: ServiceDefaults
|
||||
metadata:
|
||||
name: counting
|
||||
spec:
|
||||
upstreamConfig:
|
||||
defaults:
|
||||
meshGateway:
|
||||
mode: local
|
||||
limits:
|
||||
maxConnections: 512
|
||||
maxPendingRequests: 512
|
||||
maxConcurrentRequests: 512
|
||||
overrides:
|
||||
- name: dashboard
|
||||
meshGateway:
|
||||
mode: remote
|
||||
```
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "service-defaults",
|
||||
"Name": "counting",
|
||||
"UpstreamConfig": {
|
||||
"Defaults": {
|
||||
"MeshGateway": {
|
||||
"Mode": "local"
|
||||
},
|
||||
"Limits": {
|
||||
"MaxConnections": 512,
|
||||
"MaxPendingRequests": 512,
|
||||
"MaxConcurrentRequests": 512
|
||||
}
|
||||
},
|
||||
"Overrides": [
|
||||
{
|
||||
"Name": "dashboard",
|
||||
"MeshGateway": {
|
||||
"Mode": "remote"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
|
@ -98,6 +149,8 @@ Set default connection limits and mesh gateway mode across all upstreams
|
|||
of "counting" and also override the mesh gateway mode used when dialing
|
||||
the "dashboard" service in the "frontend" namespace.
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "service-defaults"
|
||||
Name = "counting"
|
||||
|
@ -127,46 +180,6 @@ UpstreamConfig = {
|
|||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</Tab>
|
||||
|
||||
<Tab heading="Kubernetes YAML">
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="Consul OSS">
|
||||
|
||||
Set default connection limits and mesh gateway mode across all upstreams
|
||||
of "counting" and also override the mesh gateway mode used when dialing
|
||||
the "dashboard" service.
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: ServiceDefaults
|
||||
metadata:
|
||||
name: counting
|
||||
spec:
|
||||
upstreamConfig:
|
||||
defaults:
|
||||
meshGateway:
|
||||
mode: local
|
||||
limits:
|
||||
maxConnections: 512
|
||||
maxPendingRequests: 512
|
||||
maxConcurrentRequests: 512
|
||||
overrides:
|
||||
- name: dashboard
|
||||
meshGateway:
|
||||
mode: remote
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
Set default connection limits and mesh gateway mode across all upstreams
|
||||
of "counting" and also override the mesh gateway mode used when dialing
|
||||
the "dashboard" service in the "frontend" namespace.
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: ServiceDefaults
|
||||
|
@ -189,8 +202,36 @@ spec:
|
|||
mode: remote
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
```json
|
||||
{
|
||||
"Kind": "service-defaults",
|
||||
"Name": "counting",
|
||||
"Namespace": "product",
|
||||
"UpstreamConfig": {
|
||||
"Defaults": {
|
||||
"MeshGateway": {
|
||||
"Mode": "local"
|
||||
},
|
||||
"Limits": {
|
||||
"MaxConnections": 512,
|
||||
"MaxPendingRequests": 512,
|
||||
"MaxConcurrentRequests": 512
|
||||
}
|
||||
},
|
||||
"Overrides": [
|
||||
{
|
||||
"Name": "dashboard",
|
||||
"Namespace": "frontend",
|
||||
"MeshGateway": {
|
||||
"Mode": "remote"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
```
|
||||
</CodeTabs>
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
|
||||
|
|
|
@ -36,11 +36,10 @@ or globally via [`proxy-defaults`](/docs/connect/config-entries/proxy-defaults)
|
|||
|
||||
### REST Access
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
|
||||
Grant some clients more REST access than others:
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "service-intentions"
|
||||
Name = "api"
|
||||
|
@ -74,11 +73,6 @@ Sources = [
|
|||
]
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Kubernetes YAML">
|
||||
|
||||
Grant some clients more REST access than others:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: ServiceIntentions
|
||||
|
@ -104,18 +98,48 @@ spec:
|
|||
# unmatched connections and requests. Typically this will be DENY.
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
```json
|
||||
{
|
||||
"Kind": "service-intentions",
|
||||
"Name": "api",
|
||||
"Sources": [
|
||||
{
|
||||
"Name": "admin-dashboard",
|
||||
"Permissions": [
|
||||
{
|
||||
"Action": "allow",
|
||||
"HTTP": {
|
||||
"PathPrefix": "/v2",
|
||||
"Methods": ["GET", "PUT", "POST", "DELETE", "HEAD"]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"Name": "report-generator",
|
||||
"Permissions": [
|
||||
{
|
||||
"Action": "allow",
|
||||
"HTTP": {
|
||||
"PathPrefix": "/v2/widgets",
|
||||
"Methods": ["GET"]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
</CodeTabs>
|
||||
|
||||
### gRPC
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
|
||||
Selectively deny some gRPC service methods. Since gRPC method calls [are
|
||||
HTTP/2](https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md), we can
|
||||
use an HTTP path match rule to control traffic:
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "service-intentions"
|
||||
Name = "billing"
|
||||
|
@ -156,13 +180,6 @@ Sources = [
|
|||
]
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Kubernetes YAML">
|
||||
|
||||
Selectively deny some gRPC service methods. Since gRPC method calls [are
|
||||
HTTP/2](https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md), we can
|
||||
use an HTTP path match rule to control traffic:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: ServiceIntentions
|
||||
|
@ -192,16 +209,51 @@ spec:
|
|||
# unmatched connections and requests. Typically this will be DENY.
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
```json
|
||||
{
|
||||
"Kind": "service-intentions",
|
||||
"Name": "billing",
|
||||
"Sources": [
|
||||
{
|
||||
"Name": "frontend-web",
|
||||
"Permissions": [
|
||||
{
|
||||
"Action": "deny",
|
||||
"HTTP": {
|
||||
"PathExact": "/mycompany.BillingService/IssueRefund"
|
||||
}
|
||||
},
|
||||
{
|
||||
"Action": "allow",
|
||||
"HTTP": {
|
||||
"PathPrefix": "/mycompany.BillingService/"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"Name": "support-portal",
|
||||
"Permissions": [
|
||||
{
|
||||
"Action": "allow",
|
||||
"HTTP": {
|
||||
"PathPrefix": "/mycompany.BillingService/"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
### L4 and L7
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
|
||||
You can mix and match L4 and L7 intentions per source:
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "service-intentions"
|
||||
Name = "api"
|
||||
|
@ -231,11 +283,6 @@ Sources = [
|
|||
]
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Kubernetes YAML">
|
||||
|
||||
You can mix and match L4 and L7 intentions per source:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: ServiceIntentions
|
||||
|
@ -259,8 +306,35 @@ spec:
|
|||
# unmatched connections and requests. Typically this will be DENY.
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
```json
|
||||
{
|
||||
"Kind": "service-intentions",
|
||||
"Name": "api",
|
||||
"Sources": [
|
||||
{
|
||||
"Name": "hackathon-project",
|
||||
"Action": "deny"
|
||||
},
|
||||
{
|
||||
"Name": "web",
|
||||
"Action": "allow"
|
||||
},
|
||||
{
|
||||
"Name": "nightly-reconciler",
|
||||
"Permissions": [
|
||||
{
|
||||
"Action": "allow",
|
||||
"HTTP": {
|
||||
"PathExact": "/v1/reconcile-data",
|
||||
"Methods": ["POST"]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
</CodeTabs>
|
||||
|
||||
## Available Fields
|
||||
|
||||
|
|
|
@ -27,54 +27,62 @@ and discovery terminates.
|
|||
|
||||
### Filter on service version
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
|
||||
Create service subsets based on a version metadata and override the defaults:
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "service-resolver"
|
||||
Name = "web"
|
||||
DefaultSubset = "v1"
|
||||
Subsets = {
|
||||
"v1" = {
|
||||
v1 = {
|
||||
Filter = "Service.Meta.version == v1"
|
||||
}
|
||||
"v2" = {
|
||||
v2 = {
|
||||
Filter = "Service.Meta.version == v2"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Kubernetes YAML">
|
||||
|
||||
Create service subsets based on a version metadata and override the defaults:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: ServiceResolver
|
||||
metadata:
|
||||
name: web
|
||||
spec:
|
||||
defaultSubset: 'v1'
|
||||
defaultSubset: v1
|
||||
subsets:
|
||||
'v1':
|
||||
v1:
|
||||
filter: 'Service.Meta.version == v1'
|
||||
'v2':
|
||||
v2:
|
||||
filter: 'Service.Meta.version == v2'
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
```json
|
||||
{
|
||||
"Kind": "service-resolver",
|
||||
"Name": "web",
|
||||
"DefaultSubset": "v1",
|
||||
"Subsets": {
|
||||
"v1": {
|
||||
"Filter": "Service.Meta.version == v1"
|
||||
},
|
||||
"v2": {
|
||||
"Filter": "Service.Meta.version == v2"
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
### Other datacenters
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
|
||||
Expose a set of services in another datacenter as a virtual service:
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "service-resolver"
|
||||
Name = "web-dc2"
|
||||
|
@ -84,11 +92,6 @@ Redirect {
|
|||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Kubernetes YAML">
|
||||
|
||||
Expose a set of services in another datacenter as a virtual service:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: ServiceResolver
|
||||
|
@ -100,32 +103,39 @@ spec:
|
|||
datacenter: dc2
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
```json
|
||||
{
|
||||
"Kind": "service-resolver",
|
||||
"Name": "web-dc2",
|
||||
"Redirect": {
|
||||
"Service": "web",
|
||||
"Datacenter": "dc2"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
### Datacenter failover
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
Enable failover for subset 'v2' to 'dc2', and all other subsets to dc3 or dc4:
|
||||
|
||||
Enable failover for all subsets:
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "service-resolver"
|
||||
Name = "web"
|
||||
ConnectTimeout = "15s"
|
||||
Failover = {
|
||||
v2 = {
|
||||
Datacenters = ["dc2"]
|
||||
}
|
||||
"*" = {
|
||||
Datacenters = ["dc3", "dc4"]
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Kubernetes YAML">
|
||||
|
||||
Enable failover for all subsets:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: ServiceResolver
|
||||
|
@ -134,20 +144,36 @@ metadata:
|
|||
spec:
|
||||
connectTimeout: 15s
|
||||
failover:
|
||||
v2:
|
||||
datacenters: ['dc2']
|
||||
'*':
|
||||
datacenters: ['dc3', 'dc4']
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
```json
|
||||
{
|
||||
"Kind": "service-resolver",
|
||||
"Name": "web",
|
||||
"ConnectTimeout": "15s",
|
||||
"Failover": {
|
||||
"v2": {
|
||||
"Datacenters": ["dc2"]
|
||||
},
|
||||
"*": {
|
||||
"Datacenters": ["dc3", "dc4"]
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
### Consistent load balancing
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
|
||||
Apply consistent load balancing for requests based on `x-user-id` header:
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "service-resolver"
|
||||
Name = "web"
|
||||
|
@ -163,11 +189,6 @@ LoadBalancer = {
|
|||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Kubernetes YAML">
|
||||
|
||||
Apply consistent load balancing for requests based on `x-user-id` header:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: ServiceResolver
|
||||
|
@ -181,8 +202,23 @@ spec:
|
|||
fieldValue: x-user-id
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
```json
|
||||
{
|
||||
"Kind": "service-resolver",
|
||||
"Name": "web",
|
||||
"LoadBalancer": {
|
||||
"Policy": "maglev",
|
||||
"HashPolicies": [
|
||||
{
|
||||
"Field": "header",
|
||||
"FieldValue": "x-user-id"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
## Available Fields
|
||||
|
||||
|
|
|
@ -40,11 +40,10 @@ service of the same name.
|
|||
|
||||
### Path prefix matching
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
|
||||
Route HTTP requests with a path starting with `/admin` to a different service:
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "service-router"
|
||||
Name = "web"
|
||||
|
@ -64,11 +63,6 @@ Routes = [
|
|||
]
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Kubernetes YAML">
|
||||
|
||||
Route HTTP requests with a path starting with `/admin` to a different service:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: ServiceRouter
|
||||
|
@ -84,15 +78,32 @@ spec:
|
|||
# NOTE: a default catch-all will send unmatched traffic to "web"
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
```json
|
||||
{
|
||||
"Kind": "service-router",
|
||||
"Name": "web",
|
||||
"Routes": [
|
||||
{
|
||||
"Match": {
|
||||
"HTTP": {
|
||||
"PathPrefix": "/admin"
|
||||
}
|
||||
},
|
||||
"Destination": {
|
||||
"Service": "admin"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
### Header/query parameter matching
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
Route HTTP requests with a special URL parameter or header to a canary subset:
|
||||
|
||||
Route HTTP requests with a special url parameter or header to a canary subset:
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "service-router"
|
||||
|
@ -134,11 +145,6 @@ Routes = [
|
|||
]
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Kubernetes YAML">
|
||||
|
||||
Route HTTP requests with a special url parameter or header to a canary subset:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: ServiceRouter
|
||||
|
@ -165,17 +171,56 @@ spec:
|
|||
# NOTE: a default catch-all will send unmatched traffic to "web"
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
```json
|
||||
{
|
||||
"Kind": "service-router",
|
||||
"Name": "web",
|
||||
"Routes": [
|
||||
{
|
||||
"Match": {
|
||||
"HTTP": {
|
||||
"Header": [
|
||||
{
|
||||
"Name": "x-debug",
|
||||
"Exact": "1"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"Destination": {
|
||||
"Service": "web",
|
||||
"ServiceSubset": "canary"
|
||||
}
|
||||
},
|
||||
{
|
||||
"Match": {
|
||||
"HTTP": {
|
||||
"QueryParam": [
|
||||
{
|
||||
"Name": "x-debug",
|
||||
"Exact": "1"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"Destination": {
|
||||
"Service": "web",
|
||||
"ServiceSubset": "canary"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
### gRPC routing
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
|
||||
Re-route a gRPC method to another service. Since gRPC method calls [are
|
||||
HTTP/2](https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md), we can use an HTTP path match rule to re-route traffic:
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "service-router"
|
||||
Name = "billing"
|
||||
|
@ -195,12 +240,6 @@ Routes = [
|
|||
]
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Kubernetes YAML">
|
||||
|
||||
Re-route a gRPC method to another service. Since gRPC method calls [are
|
||||
HTTP/2](https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md), we can use an HTTP path match rule to re-route traffic:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: ServiceRouter
|
||||
|
@ -216,8 +255,26 @@ spec:
|
|||
# NOTE: a default catch-all will send unmatched traffic to "billing"
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
```json
|
||||
{
|
||||
"Kind": "service-router",
|
||||
"Name": "billing",
|
||||
"Routes": [
|
||||
{
|
||||
"Match": {
|
||||
"HTTP": {
|
||||
"PathExact": "/mycompany.BillingService/GenerateInvoice"
|
||||
}
|
||||
},
|
||||
"Destination": {
|
||||
"Service": "invoice-generator"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
## Available Fields
|
||||
|
||||
|
|
|
@ -43,11 +43,10 @@ resolution stage.
|
|||
|
||||
### Two subsets of same service
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
|
||||
Split traffic between two subsets of the same service:
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "service-splitter"
|
||||
Name = "web"
|
||||
|
@ -63,11 +62,6 @@ Splits = [
|
|||
]
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Kubernetes YAML">
|
||||
|
||||
Split traffic between two subsets of the same service:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: ServiceSplitter
|
||||
|
@ -81,16 +75,31 @@ spec:
|
|||
serviceSubset: v2
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
```json
|
||||
{
|
||||
"Kind": "service-splitter",
|
||||
"Name": "web",
|
||||
"Splits": [
|
||||
{
|
||||
"Weight": 90,
|
||||
"ServiceSubset": "v1"
|
||||
},
|
||||
{
|
||||
"Weight": 10,
|
||||
"ServiceSubset": "v2"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
### Two different services
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
|
||||
Split traffic between two services:
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "service-splitter"
|
||||
Name = "web"
|
||||
|
@ -106,11 +115,6 @@ Splits = [
|
|||
]
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Kubernetes YAML">
|
||||
|
||||
Split traffic between two services:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: ServiceSplitter
|
||||
|
@ -124,8 +128,23 @@ spec:
|
|||
service: web-rewrite
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
```json
|
||||
{
|
||||
"Kind": "service-splitter",
|
||||
"Name": "web",
|
||||
"Splits": [
|
||||
{
|
||||
"Weight": 50
|
||||
},
|
||||
{
|
||||
"Weight": 50,
|
||||
"Service": "web-rewrite"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
## Available Fields
|
||||
|
||||
|
|
|
@ -44,12 +44,16 @@ traffic from the mesh to those services will be evenly load-balanced between the
|
|||
|
||||
## Sample Config Entries
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
### Access an external service
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="Consul OSS">
|
||||
|
||||
Link gateway named "us-west-gateway" with the billing service:
|
||||
Link gateway named "us-west-gateway" with the billing service.
|
||||
|
||||
Connections to the external service will be unencrypted.
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "terminating-gateway"
|
||||
|
@ -62,10 +66,38 @@ Services = [
|
|||
]
|
||||
```
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: TerminatingGateway
|
||||
metadata:
|
||||
name: us-west-gateway
|
||||
spec:
|
||||
services:
|
||||
- name: billing
|
||||
```
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "terminating-gateway",
|
||||
"Name": "us-west-gateway",
|
||||
"Services": [
|
||||
{
|
||||
"Name": "billing"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace:
|
||||
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace.
|
||||
|
||||
Connections to the external service will be unencrypted.
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "terminating-gateway"
|
||||
|
@ -80,30 +112,6 @@ Services = [
|
|||
]
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</Tab>
|
||||
<Tab heading="Kubernetes YAML">
|
||||
<Tabs>
|
||||
<Tab heading="Consul OSS">
|
||||
|
||||
Link gateway named "us-west-gateway" with the billing service:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: TerminatingGateway
|
||||
metadata:
|
||||
name: us-west-gateway
|
||||
spec:
|
||||
services:
|
||||
- name: billing
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: TerminatingGateway
|
||||
|
@ -115,32 +123,6 @@ spec:
|
|||
namespace: finance
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</Tab>
|
||||
<Tab heading="JSON">
|
||||
<Tabs>
|
||||
<Tab heading="Consul OSS">
|
||||
|
||||
Link gateway named "us-west-gateway" with the billing service:
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "terminating-gateway",
|
||||
"Name": "us-west-gateway",
|
||||
"Services": [
|
||||
{
|
||||
"Name": "billing"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace:
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "terminating-gateway",
|
||||
|
@ -155,17 +137,23 @@ Link gateway named "us-west-gateway" in the default namespace with the billing s
|
|||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</CodeTabs>
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
### Access an external service over TLS
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="Consul OSS">
|
||||
|
||||
Link gateway named "us-west-gateway" with the billing service and specify a CA file for one-way TLS authentication:
|
||||
Link gateway named "us-west-gateway" with the billing service, and specify a CA
|
||||
file to be used for one-way TLS authentication.
|
||||
|
||||
-> **Note**: The `CAFile` parameter must be specified _and_ point to a valid CA
|
||||
bundle in order to properly initiate a TLS connection to the destination service.
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "terminating-gateway"
|
||||
|
@ -179,11 +167,42 @@ Services = [
|
|||
]
|
||||
```
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: TerminatingGateway
|
||||
metadata:
|
||||
name: us-west-gateway
|
||||
spec:
|
||||
services:
|
||||
- name: billing
|
||||
caFile: /etc/certs/ca-chain.cert.pem
|
||||
```
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "terminating-gateway",
|
||||
"Name": "us-west-gateway",
|
||||
"Services": [
|
||||
{
|
||||
"Name": "billing",
|
||||
"CAFile": "/etc/certs/ca-chain.cert.pem"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace,
|
||||
and specify a CA file for one-way TLS authentication:
|
||||
and specify a CA file to be used for one-way TLS authentication.
|
||||
|
||||
-> **Note**: The `CAFile` parameter must be specified _and_ point to a valid CA
|
||||
bundle in order to properly initiate a TLS connection to the destination service.
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "terminating-gateway"
|
||||
|
@ -199,32 +218,6 @@ Services = [
|
|||
]
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</Tab>
|
||||
<Tab heading="Kubernetes YAML">
|
||||
<Tabs>
|
||||
<Tab heading="Consul OSS">
|
||||
|
||||
Link gateway named "us-west-gateway" with the billing service and specify a CA file for one-way TLS authentication:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: TerminatingGateway
|
||||
metadata:
|
||||
name: us-west-gateway
|
||||
spec:
|
||||
services:
|
||||
- name: billing
|
||||
caFile: /etc/certs/ca-chain.cert.pem
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace,
|
||||
and specify a CA file for one-way TLS authentication:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: TerminatingGateway
|
||||
|
@ -237,34 +230,6 @@ spec:
|
|||
caFile: /etc/certs/ca-chain.cert.pem
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</Tab>
|
||||
<Tab heading="JSON">
|
||||
<Tabs>
|
||||
<Tab heading="Consul OSS">
|
||||
|
||||
Link gateway named "us-west-gateway" with the billing service and specify a CA file for one-way TLS authentication:
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "terminating-gateway",
|
||||
"Name": "us-west-gateway",
|
||||
"Services": [
|
||||
{
|
||||
"Name": "billing",
|
||||
"CAFile": "/etc/certs/ca-chain.cert.pem"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace,
|
||||
and specify a CA file for one-way TLS authentication:
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "terminating-gateway",
|
||||
|
@ -280,17 +245,23 @@ and specify a CA file for one-way TLS authentication:
|
|||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</CodeTabs>
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
### Access an external service over mutual TLS
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="Consul OSS">
|
||||
|
||||
Link gateway named "us-west-gateway" with the payments service and specify a CA file, key file, and cert file for mutual TLS authentication:
|
||||
Link gateway named "us-west-gateway" with the billing service, and specify a CA
|
||||
file, key file, and cert file to be used for mutual TLS authentication.
|
||||
|
||||
-> **Note**: The `CAFile` parameter must be specified _and_ point to a valid CA
|
||||
bundle in order to properly initiate a TLS connection to the destination service.
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "terminating-gateway"
|
||||
|
@ -306,11 +277,46 @@ Services = [
|
|||
]
|
||||
```
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: TerminatingGateway
|
||||
metadata:
|
||||
name: us-west-gateway
|
||||
spec:
|
||||
services:
|
||||
- name: billing
|
||||
caFile: /etc/certs/ca-chain.cert.pem
|
||||
keyFile: /etc/certs/gateway.key.pem
|
||||
certFile: /etc/certs/gateway.cert.pem
|
||||
```
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "terminating-gateway",
|
||||
"Name": "us-west-gateway",
|
||||
"Services": [
|
||||
{
|
||||
"Name": "billing",
|
||||
"CAFile": "/etc/certs/ca-chain.cert.pem",
|
||||
"KeyFile": "/etc/certs/gateway.key.pem",
|
||||
"CertFile": "/etc/certs/gateway.cert.pem"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
Link gateway named "us-west-gateway" in the default namespace with the payments service in the finance namespace.
|
||||
Also specify a CA file, key file, and cert file for mutual TLS authentication:
|
||||
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace.
|
||||
Also specify a CA file, key file, and cert file to be used for mutual TLS authentication.
|
||||
|
||||
-> **Note**: The `CAFile` parameter must be specified _and_ point to a valid CA
|
||||
bundle in order to properly initiate a TLS connection to the destination service.
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
```hcl
|
||||
Kind = "terminating-gateway"
|
||||
|
@ -328,34 +334,6 @@ Services = [
|
|||
]
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</Tab>
|
||||
<Tab heading="Kubernetes YAML">
|
||||
<Tabs>
|
||||
<Tab heading="Consul OSS">
|
||||
|
||||
Link gateway named "us-west-gateway" with the payments service and specify a CA file, key file, and cert file for mutual TLS authentication:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: TerminatingGateway
|
||||
metadata:
|
||||
name: us-west-gateway
|
||||
spec:
|
||||
services:
|
||||
- name: billing
|
||||
caFile: /etc/certs/ca-chain.cert.pem
|
||||
keyFile: /etc/certs/gateway.key.pem
|
||||
certFile: /etc/certs/gateway.cert.pem
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
Link gateway named "us-west-gateway" in the default namespace with the payments service in the finance namespace.
|
||||
Also specify a CA file, key file, and cert file for mutual TLS authentication:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: TerminatingGateway
|
||||
|
@ -370,36 +348,6 @@ spec:
|
|||
certFile: /etc/certs/gateway.cert.pem
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</Tab>
|
||||
<Tab heading="JSON">
|
||||
<Tabs>
|
||||
<Tab heading="Consul OSS">
|
||||
|
||||
Link gateway named "us-west-gateway" with the payments service and specify a CA file, key file, and cert file for mutual TLS authentication:
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "terminating-gateway",
|
||||
"Name": "us-west-gateway",
|
||||
"Services": [
|
||||
{
|
||||
"Name": "billing",
|
||||
"CAFile": "/etc/certs/ca-chain.cert.pem",
|
||||
"KeyFile": "/etc/certs/gateway.key.pem",
|
||||
"CertFile": "/etc/certs/gateway.cert.pem"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
Link gateway named "us-west-gateway" in the default namespace with the payments service in the finance namespace.
|
||||
Also specify a CA file, key file, and cert file for mutual TLS authentication:
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "terminating-gateway",
|
||||
|
@ -417,18 +365,23 @@ Also specify a CA file, key file, and cert file for mutual TLS authentication:
|
|||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</CodeTabs>
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
### Override connection parameters for a specific service
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="Consul OSS">
|
||||
|
||||
Link gateway named "us-west-gateway" with all services in the datacenter, and configure default certificates for mutual TLS.
|
||||
Also override the SNI and CA file used for connections to the billing service:
|
||||
|
||||
Override the SNI and CA file used for connections to the billing service.
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
<CodeBlockConfig highlight="11-15">
|
||||
|
||||
```hcl
|
||||
Kind = "terminating-gateway"
|
||||
|
@ -449,11 +402,65 @@ Services = [
|
|||
]
|
||||
```
|
||||
|
||||
</CodeBlockConfig>
|
||||
|
||||
<CodeBlockConfig highlight="11-13">
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: TerminatingGateway
|
||||
metadata:
|
||||
name: us-west-gateway
|
||||
spec:
|
||||
services:
|
||||
- name: '*'
|
||||
caFile: /etc/common-certs/ca-chain.cert.pem
|
||||
keyFile: /etc/common-certs/gateway.key.pem
|
||||
certFile: /etc/common-certs/gateway.cert.pem
|
||||
- name: billing
|
||||
caFile: /etc/billing-ca/ca-chain.cert.pem
|
||||
sni: billing.service.com
|
||||
```
|
||||
|
||||
</CodeBlockConfig>
|
||||
|
||||
<CodeBlockConfig highlight="11-15">
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "terminating-gateway",
|
||||
"Name": "us-west-gateway",
|
||||
"Services": [
|
||||
{
|
||||
"Name": "*",
|
||||
"CAFile": "/etc/common-certs/ca-chain.cert.pem",
|
||||
"KeyFile": "/etc/common-certs/gateway.key.pem",
|
||||
"CertFile": "/etc/common-certs/gateway.cert.pem"
|
||||
},
|
||||
{
|
||||
"Name": "billing",
|
||||
"CAFile": "/etc/billing-ca/ca-chain.cert.pem",
|
||||
"SNI": "billing.service.com"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</CodeBlockConfig>
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
Link gateway named "us-west-gateway" in the default namespace with all services in the finance namespace,
|
||||
and configure default certificates for mutual TLS. Also override the SNI and CA file used for connections to the billing service:
|
||||
and configure default certificates for mutual TLS.
|
||||
|
||||
Override the SNI and CA file used for connections to the billing service:
|
||||
|
||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||
|
||||
<CodeBlockConfig highlight="13-18">
|
||||
|
||||
```hcl
|
||||
Kind = "terminating-gateway"
|
||||
|
@ -471,43 +478,15 @@ Services = [
|
|||
{
|
||||
Namespace = "finance"
|
||||
Name = "billing"
|
||||
CAFile = "/etc/billing-ca/ca-chain.cert.pem",
|
||||
CAFile = "/etc/billing-ca/ca-chain.cert.pem"
|
||||
SNI = "billing.service.com"
|
||||
}
|
||||
]
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</Tab>
|
||||
<Tab heading="Kubernetes YAML">
|
||||
<Tabs>
|
||||
<Tab heading="Consul OSS">
|
||||
</CodeBlockConfig>
|
||||
|
||||
Link gateway named "us-west-gateway" with all services in the datacenter, and configure default certificates for mutual TLS.
|
||||
Also override the SNI and CA file used for connections to the billing service:
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
kind: TerminatingGateway
|
||||
metadata:
|
||||
name: us-west-gateway
|
||||
spec:
|
||||
services:
|
||||
- name: '*'
|
||||
caFile: /etc/common-certs/ca-chain.cert.pem
|
||||
keyFile: /etc/common-certs/gateway.key.pem
|
||||
certFile: /etc/common-certs/gateway.cert.pem
|
||||
- name: billing
|
||||
caFile: /etc/billing-ca/ca-chain.cert.pem
|
||||
sni: billing.service.com
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
Link gateway named "us-west-gateway" in the default namespace with all services in the finance namespace,
|
||||
and configure default certificates for mutual TLS. Also override the SNI and CA file used for connections to the billing service:
|
||||
<CodeBlockConfig highlight="12-15">
|
||||
|
||||
```yaml
|
||||
apiVersion: consul.hashicorp.com/v1alpha1
|
||||
|
@ -527,42 +506,9 @@ spec:
|
|||
sni: billing.service.com
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</Tab>
|
||||
<Tab heading="JSON">
|
||||
<Tabs>
|
||||
<Tab heading="Consul OSS">
|
||||
</CodeBlockConfig>
|
||||
|
||||
Link gateway named "us-west-gateway" with all services in the datacenter, and configure default certificates for mutual TLS.
|
||||
Also override the SNI and CA file used for connections to the billing service:
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "terminating-gateway",
|
||||
"Name": "us-west-gateway",
|
||||
"Services": [
|
||||
{
|
||||
"Name": "*",
|
||||
"CAFile": "/etc/billing-ca/ca-chain.cert.pem",
|
||||
"KeyFile": "/etc/certs/gateway.key.pem",
|
||||
"CertFile": "/etc/certs/gateway.cert.pem",
|
||||
"SNI": "billing.service.com"
|
||||
},
|
||||
{
|
||||
"Name": "billing",
|
||||
"CAFile": "/etc/billing-ca/ca-chain.cert.pem",
|
||||
"SNI": "billing.service.com"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="Consul Enterprise">
|
||||
|
||||
Link gateway named "us-west-gateway" in the default namespace with all services in the finance namespace,
|
||||
and configure default certificates for mutual TLS. Also override the SNI and CA file used for connections to the billing service:
|
||||
<CodeBlockConfig highlight="13-18">
|
||||
|
||||
```json
|
||||
{
|
||||
|
@ -573,10 +519,9 @@ and configure default certificates for mutual TLS. Also override the SNI and CA
|
|||
{
|
||||
"Namespace": "finance",
|
||||
"Name": "*",
|
||||
"CAFile": "/etc/billing-ca/ca-chain.cert.pem",
|
||||
"KeyFile": "/etc/certs/gateway.key.pem",
|
||||
"CertFile": "/etc/certs/gateway.cert.pem",
|
||||
"SNI": "billing.service.com"
|
||||
"CAFile": "/etc/common-certs/ca-chain.cert.pem",
|
||||
"KeyFile": "/etc/common-certs/gateway.key.pem",
|
||||
"CertFile": "/etc/common-certs/gateway.cert.pem"
|
||||
},
|
||||
{
|
||||
"Namespace": "finance",
|
||||
|
@ -588,8 +533,10 @@ and configure default certificates for mutual TLS. Also override the SNI and CA
|
|||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</CodeBlockConfig>
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
|
||||
|
|
Loading…
Reference in New Issue