github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update config entry docs for CRDs (#10407) 

* Update mesh, proxy-defaults and service-defaults docs to properly
document Kubernetes YAML.

Co-authored-by: David Yu <dyu@hashicorp.com>
pull/10466/head
Luke Kysow 2021-06-22 16:56:53 -07:00 committed by GitHub
parent 17dc691c61
commit 1dcdd2516c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 395 additions and 193 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
website/content/docs/connect/config-entries/mesh.mdx
View File

@ -18,14 +18,15 @@ Settings in this config entry apply across all namespaces and federated datacent
## Sample Config Entries ## Sample Config Entries
### Only allow transparent proxies to dial addresses in the mesh. ### Mesh Destinations Only
Only allow transparent proxies to dial addresses in the mesh.
<Tabs> <Tabs>
<Tab heading="HCL"> <Tab heading="HCL">
```hcl ```hcl
Kind = "mesh" Kind = "mesh"
TransparentProxy { TransparentProxy {
MeshDestinationsOnly = true MeshDestinationsOnly = true
} }
@ -46,25 +47,103 @@ TransparentProxy {
} }
``` ```
</Tab>
<Tab heading="Kubernetes YAML">
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: Mesh
metadata:
name: mesh
spec:
transparentProxy:
meshDestinationsOnly: true
```
</Tab>
<Tab heading="Kubernetes YAML (Consul Enterprise)">
**NOTE:** A `Mesh` resource can be created in any Kubernetes
namespace but it will apply to proxies across **all** namespaces. Only one
`Mesh` resource can exist in the cluster.
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: Mesh
metadata:
name: mesh
spec:
transparentProxy:
meshDestinationsOnly: true
```
</Tab> </Tab>
</Tabs> </Tabs>
## Available Fields ## Available Fields
- `Kind` - Must be set to `mesh` <ConfigEntryReference
keys={[
- `Namespace` `(string: "default")` <EnterpriseAlert inline /> - Specifies the namespace the config entry will apply to. {
Must be set to `default` name: 'apiVersion',
description: 'Must be set to `consul.hashicorp.com/v1alpha1`',
- `Meta` `(map<string|string>: nil)` - Specifies arbitrary KV metadata pairs. hcl: false,
},
- `TransparentProxy` `(TransparentProxyConfig: <optional>)` - Controls configuration specific to proxies in {
`transparent` [mode](/docs/connect/config-entries/service-defaults#mode). Added in v1.10.0. name: 'Kind',
description: {
- `MeshDestinationsOnly` `(bool: false)` - Determines whether sidecar proxies operating in transparent mode can hcl: 'Must be set to `mesh`',
proxy traffic to IP addresses not registered in Consul's mesh. If enabled, traffic will only be proxied yaml: 'Must be set to `Mesh`',
to upstream proxies or Connect-native services. If disabled, requests will be proxied as-is to the },
original destination IP address. Consul will not encrypt the connection. },
{
name: 'Namespace',
type: `string: "default"`,
enterprise: true,
description:
'Must be set to default. Config will apply to all namespaces.',
yaml: false,
},
{
name: 'Meta',
type: 'map<string|string>: nil',
description:
'Specifies arbitrary KV metadata pairs. Added in Consul 1.8.4.',
yaml: false,
},
{
name: 'metadata',
children: [
{
name: 'name',
description: 'Must be set to `mesh`',
},
{
name: 'namespace',
description:
'If running Consul Open Source, the namespace is ignored (see [Kubernetes Namespaces in Consul OSS](/docs/k8s/crds#consul-oss)). If running Consul Enterprise see [Kubernetes Namespaces in Consul Enterprise](/docs/k8s/crds#consul-enterprise) for more details.',
},
],
hcl: false,
},
{
name: 'TransparentProxy',
type: 'TransparentProxyConfig: <optional>',
description:
'Controls configuration specific to proxies in `transparent` [mode](/docs/connect/config-entries/service-defaults#mode). Added in v1.10.0.',
children: [
{
name: 'MeshDestinationsOnly',
type: 'bool: false',
description: `Determines whether sidecar proxies operating in transparent mode can
proxy traffic to IP addresses not registered in Consul's mesh. If enabled, traffic will only be proxied
to upstream proxies or Connect-native services. If disabled, requests will be proxied as-is to the
original destination IP address. Consul will not encrypt the connection.`,
},
],
},
]}
/>
## ACLs ## ACLs

19
website/content/docs/connect/config-entries/proxy-defaults.mdx
View File

@ -213,11 +213,11 @@ spec:
{ {
name: 'Mode', name: 'Mode',
type: `string: ""`, type: `string: ""`,
description: `One of \`direct\` or \`transparent\`. description: `One of \`direct\` or \`transparent\`.
\`transparent\` represents that inbound and outbound application traffic is being \`transparent\` represents that inbound and outbound application traffic is being
captured and redirected through the proxy. This mode does not enable the traffic redirection captured and redirected through the proxy. This mode does not enable the traffic redirection
itself. Instead it signals Consul to configure Envoy as if traffic is already being redirected. itself. Instead it signals Consul to configure Envoy as if traffic is already being redirected.
\`direct\` represents that the proxy's listeners must be dialed directly by the local \`direct\` represents that the proxy's listeners must be dialed directly by the local
application and other proxies. application and other proxies.
Added in v1.10.0.`, Added in v1.10.0.`,
yaml: false, yaml: false,
@ -230,19 +230,19 @@ spec:
{ {
name: 'OutboundListenerPort', name: 'OutboundListenerPort',
type: 'int: "15001"', type: 'int: "15001"',
description: `The port the proxy should listen on for outbound traffic. This must be the port where description: `The port the proxy should listen on for outbound traffic. This must be the port where
outbound application traffic is captured and redirected to.`, outbound application traffic is captured and redirected to.`,
yaml: false,
}, },
{ {
name: 'DialedDirectly', name: 'DialedDirectly',
type: 'bool: false', type: 'bool: false',
description: `Determines whether this proxy instance's IP address can be dialed directly by transparent proxies. description: `Determines whether this proxy instance's IP address can be dialed directly by transparent proxies.
Typically transparent proxies dial upstreams using the "virtual" tagged address, which load balances Typically transparent proxies dial upstreams using the "virtual" tagged address, which load balances
across instances. Dialing individual instances can be helpful in cases like stateful services such across instances. Dialing individual instances can be helpful in cases like stateful services such
as a database cluster with a leader. `, as a database cluster with a leader. `,
}, },
], ],
yaml: false,
}, },
{ {
name: 'MeshGateway', name: 'MeshGateway',
@ -275,8 +275,7 @@ spec:
Envoy will expose listeners for these checks and will only accept connections originating from localhost or Consul's Envoy will expose listeners for these checks and will only accept connections originating from localhost or Consul's
[advertise address](/docs/agent/options#advertise). The port for these listeners are dynamically allocated from [advertise address](/docs/agent/options#advertise). The port for these listeners are dynamically allocated from
[expose_min_port](/docs/agent/options#expose_min_port) to [expose_max_port](/docs/agent/options#expose_max_port). [expose_min_port](/docs/agent/options#expose_min_port) to [expose_max_port](/docs/agent/options#expose_max_port).
This flag is useful when a Consul client cannot reach registered services over localhost. One example is when running This flag is useful when a Consul client cannot reach registered services over localhost.`,
Consul on Kubernetes, and Consul agents run in their own pods.`,
}, },
{ {
name: 'Paths', name: 'Paths',

456
website/content/docs/connect/config-entries/service-defaults.mdx
View File

@ -51,10 +51,12 @@ spec:
<Tabs> <Tabs>
<Tab heading="HCL"> <Tab heading="HCL">
<Tabs>
<Tab heading="Consul OSS">
Set default connection limits and mesh gateway mode across all upstreams Set default connection limits and mesh gateway mode across all upstreams
of "counting" and also override the mesh gateway mode used when dialing of "counting" and also override the mesh gateway mode used when dialing
the "dashboard" service in the "frontend" namespace. the "dashboard" service.
```hcl ```hcl
Kind = "service-defaults" Kind = "service-defaults"
@ -84,7 +86,7 @@ UpstreamConfig = {
``` ```
</Tab> </Tab>
<Tab heading="HCL (Consul Enterprise)"> <Tab heading="Consul Enterprise">
Set default connection limits and mesh gateway mode across all upstreams Set default connection limits and mesh gateway mode across all upstreams
of "counting" and also override the mesh gateway mode used when dialing of "counting" and also override the mesh gateway mode used when dialing
@ -119,6 +121,70 @@ UpstreamConfig = {
} }
``` ```
</Tab>
</Tabs>
</Tab>
<Tab heading="Kubernetes YAML">
<Tabs>
<Tab heading="Consul OSS">
Set default connection limits and mesh gateway mode across all upstreams
of "counting" and also override the mesh gateway mode used when dialing
the "dashboard" service.
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceDefaults
metadata:
name: counting
spec:
upstreamConfig:
defaults:
meshGateway:
mode: local
limits:
maxConnections: 512
maxPendingRequests: 512
maxConcurrentRequests: 512
overrides:
- name: dashboard
meshGateway:
mode: remote
```
</Tab>
<Tab heading="Consul Enterprise">
Set default connection limits and mesh gateway mode across all upstreams
of "counting" and also override the mesh gateway mode used when dialing
the "dashboard" service in the "frontend" namespace.
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceDefaults
metadata:
name: counting
namespace: product
spec:
upstreamConfig:
defaults:
meshGateway:
mode: local
limits:
maxConnections: 512
maxPendingRequests: 512
maxConcurrentRequests: 512
overrides:
- name: dashboard
namespace: frontend
meshGateway:
mode: remote
```
</Tab>
</Tabs>
</Tab> </Tab>
</Tabs> </Tabs>
@ -187,11 +253,11 @@ UpstreamConfig = {
{ {
name: 'Mode', name: 'Mode',
type: `string: ""`, type: `string: ""`,
description: `One of \`direct\` or \`transparent\`. description: `One of \`direct\` or \`transparent\`.
\`transparent\` represents that inbound and outbound application traffic is being \`transparent\` represents that inbound and outbound application traffic is being
captured and redirected through the proxy. This mode does not enable the traffic redirection captured and redirected through the proxy. This mode does not enable the traffic redirection
itself. Instead it signals Consul to configure Envoy as if traffic is already being redirected. itself. Instead it signals Consul to configure Envoy as if traffic is already being redirected.
\`direct\` represents that the proxy's listeners must be dialed directly by the local \`direct\` represents that the proxy's listeners must be dialed directly by the local
application and other proxies. application and other proxies.
Added in v1.10.0.`, Added in v1.10.0.`,
yaml: false, yaml: false,
@ -201,7 +267,7 @@ UpstreamConfig = {
type: 'UpstreamConfiguration: <optional>', type: 'UpstreamConfiguration: <optional>',
description: `Controls default configuration settings that apply across all upstreams, and per-upstream description: `Controls default configuration settings that apply across all upstreams, and per-upstream
configuration overrides. Note that per-upstream configuration applies across all federated datacenters configuration overrides. Note that per-upstream configuration applies across all federated datacenters
to the pairing of source and upstream destination services. to the pairing of source and upstream destination services.
Added in v1.10.0.`, Added in v1.10.0.`,
children: [ children: [
{ {
@ -237,89 +303,106 @@ UpstreamConfig = {
It is supported here for backwards compatibility with Consul versions prior to 1.6.0. It is supported here for backwards compatibility with Consul versions prior to 1.6.0.
`, `,
}, },
{ },
name: 'ConnectTimeoutMs', {
type: 'int: 5000', name: 'ConnectTimeoutMs',
description: type: 'int: 5000',
`The number of milliseconds to allow when making upstream connections before timing out. description: {
hcl: `The number of milliseconds to allow when making upstream connections before timing out.<br><br>
NOTE: The connect timeout of a service should ideally be configured via the NOTE: The connect timeout of a service should ideally be configured via the
[\`connect_timeout\`](/docs/connect/config-entries/service-resolver#connecttimeout) [\`connect_timeout\`](/docs/connect/config-entries/service-resolver#connecttimeout)
field of a field of a
[\`service-resolver\`](/docs/connect/config-entries/service-resolver) [\`service-resolver\`](/docs/connect/config-entries/service-resolver)
config entry for the upstream destination service. config entry for the upstream destination service.
Configuring it in a proxy upstream config will not fully enable some Configuring it in a proxy upstream config will not fully enable some
[L7 features](/docs/connect/l7-traffic-management). [L7 features](/docs/connect/l7-traffic-management).
It is supported here for backwards compatibility with Consul versions prior to 1.6.0. It is supported here for backwards compatibility with Consul versions prior to 1.6.0.
`, `,
yaml: `The number of milliseconds to allow when making upstream connections before timing out.<br><br>
NOTE: The connect timeout of a service should ideally be configured via the
[\`connectTimeout\`](/docs/connect/config-entries/service-resolver#connecttimeout)
field of a
[\`ServiceResolver\`](/docs/connect/config-entries/service-resolver)
CRD for the upstream destination service.
Configuring it in a proxy upstream config will not fully enable some
[L7 features](/docs/connect/l7-traffic-management).
It is supported here for backwards compatibility with Consul versions prior to 1.6.0.
`,
}, },
{ },
name: 'MeshGateway', {
type: 'MeshGatewayConfig: <optional>', name: 'MeshGateway',
description: `Controls the default type: 'MeshGatewayConfig: <optional>',
description: `Controls the default
[mesh gateway configuration](/docs/connect/mesh-gateway#connect-proxy-configuration) [mesh gateway configuration](/docs/connect/mesh-gateway#connect-proxy-configuration)
for this upstream.`, for this upstream.`,
children: [ children: [
{ {
name: 'Mode', name: 'Mode',
type: 'string: ""', type: 'string: ""',
description: 'One of `none`, `local`, or `remote`.', description: 'One of `none`, `local`, or `remote`.',
}, },
], ],
}, },
{ {
name: 'Limits', name: 'Limits',
type: 'Limits: <optional>', type: 'Limits: <optional>',
description: `A set of limits to apply when connecting to the upstream service. description: `A set of limits to apply when connecting to the upstream service.
These limits are applied on a per-service-instance basis. These limits are applied on a per-service-instance basis.
The following limits are respected.`, The following limits are respected.`,
children: [ children: [
{ {
name: 'MaxConnections', name: 'MaxConnections',
type: 'int: 0', type: 'int: 0',
description: `The maximum number of connections a service instance description: `The maximum number of connections a service instance
will be allowed to establish against the given upstream. Use this to limit will be allowed to establish against the given upstream. Use this to limit
HTTP/1.1 traffic, since HTTP/1.1 has a request per connection.`, HTTP/1.1 traffic, since HTTP/1.1 has a request per connection.`,
}, },
{ {
name: 'MaxPendingRequests', name: 'MaxPendingRequests',
type: 'int: 0', type: 'int: 0',
description: `The maximum number of requests that will be queued description: `The maximum number of requests that will be queued
while waiting for a connection to be established. For this configuration to while waiting for a connection to be established. For this configuration to
be respected, a L7 protocol must be defined in the \`protocol\` field.`, be respected, a L7 protocol must be defined in the \`protocol\` field.`,
}, },
{ {
name: 'MaxConcurrentRequests', name: 'MaxConcurrentRequests',
type: 'int: 0', type: 'int: 0',
description: `The maximum number of concurrent requests that description: `The maximum number of concurrent requests that
will be allowed at a single point in time. Use this to limit HTTP/2 traffic, will be allowed at a single point in time. Use this to limit HTTP/2 traffic,
since HTTP/2 has many requests per connection. For this configuration to be since HTTP/2 has many requests per connection. For this configuration to be
respected, a L7 protocol must be defined in the \`protocol\` field.`, respected, a L7 protocol must be defined in the \`protocol\` field.`,
}, },
], ],
}, },
{ {
name: 'PassiveHealthCheck', name: 'PassiveHealthCheck',
type: 'PassiveHealthCheck: <optional>', type: 'PassiveHealthCheck: <optional>',
description: `Passive health checks are used to remove hosts from description: `Passive health checks are used to remove hosts from
the upstream cluster which are unreachable or are returning errors..`, the upstream cluster which are unreachable or are returning errors..`,
children: [ children: [
{ {
name: 'Interval', name: 'Interval',
type: 'duration: 0s', type: 'duration: 0s',
description: `The time between checks. Each check will cause hosts which description: {
have exceeded \`max_failures\` to be removed from the load balancer, and hcl: `The time between checks. Each check will cause hosts which
any hosts which have passed their ejection time to be returned to the have exceeded \`max_failures\` to be removed from the load balancer, and
load balancer.`, any hosts which have passed their ejection time to be returned to the
load balancer.`,
yaml: `The time between checks. Each check will cause hosts which
have exceeded \`maxFailures\` to be removed from the load balancer, and
any hosts which have passed their ejection time to be returned to the
load balancer.`,
}, },
{ },
name: 'MaxFailures', {
type: 'int: 0', name: 'MaxFailures',
description: `The number of consecutive failures which cause a host to be type: 'int: 0',
description: `The number of consecutive failures which cause a host to be
removed from the load balancer.`, removed from the load balancer.`,
}, },
], ],
}, },
], ],
}, },
{ {
@ -327,107 +410,143 @@ UpstreamConfig = {
type: 'UpstreamConfig: <optional>', type: 'UpstreamConfig: <optional>',
description: `Default configuration that applies to all upstreams of the given service.`, description: `Default configuration that applies to all upstreams of the given service.`,
children: [ children: [
{ {
name: 'Protocol', name: 'Name',
type: 'string: ""', type: 'string: ""',
description: description: 'The upstream name to apply the configuration to.',
`The protocol for the upstream listener. },
{
NOTE: The protocol of a service should ideally be configured via the name: 'Namespace',
[\`protocol\`](/docs/connect/config-entries/service-defaults#protocol) type: 'string: ""',
field of a description: 'The namespace of the upstream.',
[\`service-defaults\`](/docs/connect/config-entries/service-defaults) },
config entry for the upstream destination service. Configuring it in a {
proxy upstream config will not fully enable some name: 'Protocol',
[L7 features](/docs/connect/l7-traffic-management). type: 'string: ""',
It is supported here for backwards compatibility with Consul versions prior to 1.6.0. description: {
`, hcl: `The protocol for the upstream listener.<br><br>
NOTE: The protocol of a service should ideally be configured via the
[\`protocol\`](/docs/connect/config-entries/service-defaults#protocol)
field of a
[\`service-defaults\`](/docs/connect/config-entries/service-defaults)
config entry for the upstream destination service. Configuring it in a
proxy upstream config will not fully enable some
[L7 features](/docs/connect/l7-traffic-management).
It is supported here for backwards compatibility with Consul versions prior to 1.6.0.
`,
yaml: `The protocol for the upstream listener.<br><br>
NOTE: The protocol of a service should ideally be configured via the
[\`protocol\`](/docs/connect/config-entries/service-defaults#protocol)
field of a
[\`ServiceDefaults\`](/docs/connect/config-entries/service-defaults)
CRD for the upstream destination service. Configuring it in a
proxy upstream config will not fully enable some
[L7 features](/docs/connect/l7-traffic-management).
It is supported here for backwards compatibility with Consul versions prior to 1.6.0.
`,
}, },
{ },
name: 'ConnectTimeoutMs', {
type: 'int: 5000', name: 'ConnectTimeoutMs',
description: type: 'int: 5000',
`The number of milliseconds to allow when making upstream connections before timing out. description: {
hcl: `The number of milliseconds to allow when making upstream connections before timing out.<br><br>
NOTE: The connect timeout of a service should ideally be configured via the NOTE: The connect timeout of a service should ideally be configured via the
[\`connect_timeout\`](/docs/connect/config-entries/service-resolver#connecttimeout) [\`connect_timeout\`](/docs/connect/config-entries/service-resolver#connecttimeout)
field of a field of a
[\`service-resolver\`](/docs/connect/config-entries/service-resolver) [\`service-resolver\`](/docs/connect/config-entries/service-resolver)
config entry for the upstream destination service. config entry for the upstream destination service.
Configuring it in a proxy upstream config will not fully enable some Configuring it in a proxy upstream config will not fully enable some
[L7 features](/docs/connect/l7-traffic-management). [L7 features](/docs/connect/l7-traffic-management).
It is supported here for backwards compatibility with Consul versions prior to 1.6.0. It is supported here for backwards compatibility with Consul versions prior to 1.6.0.
`, `,
yaml: `The number of milliseconds to allow when making upstream connections before timing out.<br><br>
NOTE: The connect timeout of a service should ideally be configured via the
[\`connectTimeout\`](/docs/connect/config-entries/service-resolver#connecttimeout)
field of a
[\`ServiceResolver\`](/docs/connect/config-entries/service-resolver)
CRD for the upstream destination service.
Configuring it in a proxy upstream config will not fully enable some
[L7 features](/docs/connect/l7-traffic-management).
It is supported here for backwards compatibility with Consul versions prior to 1.6.0.
`,
}, },
{ },
name: 'MeshGateway', {
type: 'MeshGatewayConfig: <optional>', name: 'MeshGateway',
description: `Controls the default type: 'MeshGatewayConfig: <optional>',
description: `Controls the default
[mesh gateway configuration](/docs/connect/mesh-gateway#connect-proxy-configuration) [mesh gateway configuration](/docs/connect/mesh-gateway#connect-proxy-configuration)
for this upstream.`, for this upstream.`,
children: [ children: [
{ {
name: 'Mode', name: 'Mode',
type: 'string: ""', type: 'string: ""',
description: 'One of `none`, `local`, or `remote`.', description: 'One of `none`, `local`, or `remote`.',
}, },
], ],
}, },
{ {
name: 'Limits', name: 'Limits',
type: 'Limits: <optional>', type: 'Limits: <optional>',
description: `A set of limits to apply when connecting to the upstream service. description: `A set of limits to apply when connecting to the upstream service.
These limits are applied on a per-service-instance basis. These limits are applied on a per-service-instance basis.
The following limits are respected.`, The following limits are respected.`,
children: [ children: [
{ {
name: 'MaxConnections', name: 'MaxConnections',
type: 'int: 0', type: 'int: 0',
description: `The maximum number of connections a service instance description: `The maximum number of connections a service instance
will be allowed to establish against the given upstream. Use this to limit will be allowed to establish against the given upstream. Use this to limit
HTTP/1.1 traffic, since HTTP/1.1 has a request per connection.`, HTTP/1.1 traffic, since HTTP/1.1 has a request per connection.`,
}, },
{ {
name: 'MaxPendingRequests', name: 'MaxPendingRequests',
type: 'int: 0', type: 'int: 0',
description: `The maximum number of requests that will be queued description: `The maximum number of requests that will be queued
while waiting for a connection to be established. For this configuration to while waiting for a connection to be established. For this configuration to
be respected, a L7 protocol must be defined in the \`protocol\` field.`, be respected, a L7 protocol must be defined in the \`protocol\` field.`,
}, },
{ {
name: 'MaxConcurrentRequests', name: 'MaxConcurrentRequests',
type: 'int: 0', type: 'int: 0',
description: `The maximum number of concurrent requests that description: `The maximum number of concurrent requests that
will be allowed at a single point in time. Use this to limit HTTP/2 traffic, will be allowed at a single point in time. Use this to limit HTTP/2 traffic,
since HTTP/2 has many requests per connection. For this configuration to be since HTTP/2 has many requests per connection. For this configuration to be
respected, a L7 protocol must be defined in the \`protocol\` field.`, respected, a L7 protocol must be defined in the \`protocol\` field.`,
}, },
], ],
}, },
{ {
name: 'PassiveHealthCheck', name: 'PassiveHealthCheck',
type: 'PassiveHealthCheck: <optional>', type: 'PassiveHealthCheck: <optional>',
description: `Passive health checks are used to remove hosts from description: `Passive health checks are used to remove hosts from
the upstream cluster which are unreachable or are returning errors..`, the upstream cluster which are unreachable or are returning errors..`,
children: [ children: [
{ {
name: 'Interval', name: 'Interval',
type: 'duration: 0s', type: 'duration: 0s',
description: `The time between checks. Each check will cause hosts which description: {
have exceeded \`max_failures\` to be removed from the load balancer, and hcl: `The time between checks. Each check will cause hosts which
any hosts which have passed their ejection time to be returned to the have exceeded \`max_failures\` to be removed from the load balancer, and
load balancer.`, any hosts which have passed their ejection time to be returned to the
load balancer.`,
yaml: `The time between checks. Each check will cause hosts which
have exceeded \`maxFailures\` to be removed from the load balancer, and
any hosts which have passed their ejection time to be returned to the
load balancer.`,
}, },
{ },
name: 'MaxFailures', {
type: 'int: 0', name: 'MaxFailures',
description: `The number of consecutive failures which cause a host to be type: 'int: 0',
description: `The number of consecutive failures which cause a host to be
removed from the load balancer.`, removed from the load balancer.`,
}, },
], ],
}, },
], ],
}, },
], ],
}, },
{ {
@ -438,19 +557,24 @@ UpstreamConfig = {
{ {
name: 'OutboundListenerPort', name: 'OutboundListenerPort',
type: 'int: "15001"', type: 'int: "15001"',
description: `The port the proxy should listen on for outbound traffic. This must be the port where description: `The port the proxy should listen on for outbound traffic. This must be the port where
outbound application traffic is redirected to.`, outbound application traffic is redirected to.`,
yaml: false,
}, },
{ {
name: 'DialedDirectly', name: 'DialedDirectly',
type: 'bool: false', type: 'bool: false',
description: `Determines whether this proxy instance's IP address can be dialed directly by transparent proxies. description: {
Typically transparent proxies dial upstreams using the "virtual" tagged address, which load balances hcl: `Determines whether this proxy instance's IP address can be dialed directly by transparent proxies.
across instances. Dialing individual instances can be helpful in cases like stateful services such Typically transparent proxies dial upstreams using the "virtual" tagged address, which load balances
as a database cluster with a leader. `, across instances. Dialing individual instances can be helpful in cases like stateful services such
as a database cluster with a leader.`,
yaml: `Determines whether the Pod IPs can be dialed directly (versus the Cluster IP).
Dialing Pod IPs can be helpful in cases like stateful services such
as a database cluster with a leader or with an ingress controller that dials Pod IPs instead of Cluster IPs.`,
},
}, },
], ],
yaml: false,
}, },
{ {
name: 'MeshGateway', name: 'MeshGateway',