mirror of https://github.com/hashicorp/consul
Add tabs to config entry examples
parent
9e77922daa
commit
394b1f2e7f
|
@ -43,11 +43,14 @@ description: >-
|
|||
|
||||
## Sample Config Entries
|
||||
|
||||
Set up a TCP listener for a single service:
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
|
||||
Set up a TCP listener on an ingress gateway named "us-east-ingress" to proxy traffic to the "db" service:
|
||||
|
||||
```hcl
|
||||
Kind = "ingress-gateway"
|
||||
Name = "ingress-service"
|
||||
Name = "us-east-ingress"
|
||||
|
||||
Listeners = [
|
||||
{
|
||||
|
@ -62,13 +65,92 @@ Listeners = [
|
|||
]
|
||||
```
|
||||
|
||||
Set up a wildcard HTTP listener to proxy traffic to all available services,
|
||||
make two services available over a custom port with user-provided hosts, and
|
||||
enable TLS on every listener:
|
||||
</Tab>
|
||||
<Tab heading="HCL (Consul Enterprise)">
|
||||
|
||||
Set up a TCP listener on an ingress gateway named "us-east-ingress" in the default namespace
|
||||
to proxy traffic to the "db" service in the ops namespace:
|
||||
|
||||
```hcl
|
||||
Kind = "ingress-gateway"
|
||||
Name = "ingress-service"
|
||||
Name = "us-east-ingress"
|
||||
Namespace = "default"
|
||||
|
||||
Listeners = [
|
||||
{
|
||||
Port = 3456
|
||||
Protocol = "tcp"
|
||||
Services = [
|
||||
{
|
||||
Namespace = "ops"
|
||||
Name = "db"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="JSON">
|
||||
|
||||
Set up a TCP listener on an ingress gateway named "us-east-ingress" to proxy traffic to the "db" service:
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "ingress-gateway",
|
||||
"Name": "us-east-ingress",
|
||||
"Listeners": [
|
||||
{
|
||||
"Port": 3456,
|
||||
"Protocol": "tcp",
|
||||
"Services": [
|
||||
{
|
||||
"Name": "db"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="JSON (Consul Enterprise)">
|
||||
|
||||
Set up a TCP listener on an ingress gateway named "us-east-ingress" in the default namespace
|
||||
to proxy traffic to the "db" service in the ops namespace:
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "ingress-gateway",
|
||||
"Name": "us-east-ingress",
|
||||
"Namespace": "default",
|
||||
"Listeners": [
|
||||
{
|
||||
"Port": 3456,
|
||||
"Protocol": "tcp",
|
||||
"Services": [
|
||||
{
|
||||
"Namespace": "ops",
|
||||
"Name": "db"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
|
||||
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the datacenter.
|
||||
Also make two services available over a custom port with user-provided hosts, and enable TLS on every listener:
|
||||
|
||||
```hcl
|
||||
Kind = "ingress-gateway"
|
||||
Name = "us-east-ingress"
|
||||
|
||||
TLS {
|
||||
Enabled = true
|
||||
|
@ -101,6 +183,140 @@ Listeners = [
|
|||
]
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="HCL (Consul Enterprise)">
|
||||
|
||||
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the frontend namespace.
|
||||
Also make two services in the frontend namespace available over a custom port with user-provided hosts, and enable TLS on every listener:
|
||||
|
||||
```hcl
|
||||
Kind = "ingress-gateway"
|
||||
Name = "us-east-ingress"
|
||||
Namespace = "default"
|
||||
|
||||
TLS {
|
||||
Enabled = true
|
||||
}
|
||||
|
||||
Listeners = [
|
||||
{
|
||||
Port = 8080
|
||||
Protocol = "http"
|
||||
Services = [
|
||||
{
|
||||
Namespace = "frontend"
|
||||
Name = "*"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
Port = 4567
|
||||
Protocol = "http"
|
||||
Services = [
|
||||
{
|
||||
Namespace = "frontend"
|
||||
Name = "api"
|
||||
Hosts = ["foo.example.com", "foo.example.com:4567"]
|
||||
},
|
||||
{
|
||||
Namespace = "frontend"
|
||||
Name = "web"
|
||||
Hosts = ["website.example.com", "website.example.com:4567"]
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="JSON">
|
||||
|
||||
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the datacenter.
|
||||
Also make two services available over a custom port with user-provided hosts, and enable TLS on every listener:
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "ingress-gateway",
|
||||
"Name": "us-east-ingress",
|
||||
"TLS": {
|
||||
"Enabled": true
|
||||
},
|
||||
"Listeners": [
|
||||
{
|
||||
"Port": 8080,
|
||||
"Protocol": "http",
|
||||
"Services": [
|
||||
{
|
||||
"Name": "*"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"Port": 4567,
|
||||
"Protocol": "http",
|
||||
"Services": [
|
||||
{
|
||||
"Name": "api",
|
||||
"Hosts": ["foo.example.com", "foo.example.com:4567"]
|
||||
},
|
||||
{
|
||||
"Name": "web",
|
||||
"Hosts": ["website.example.com", "website.example.com:4567"]
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="JSON (Consul Enterprise)">
|
||||
|
||||
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the frontend namespace.
|
||||
Also make two services in the frontend namespace available over a custom port with user-provided hosts, and enable TLS on every listener:
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "ingress-gateway",
|
||||
"Name": "us-east-ingress",
|
||||
"Namespace": "default",
|
||||
"TLS": {
|
||||
"Enabled": true
|
||||
},
|
||||
"Listeners": [
|
||||
{
|
||||
"Port": 8080,
|
||||
"Protocol": "http",
|
||||
"Services": [
|
||||
{
|
||||
"Namespace": "frontend",
|
||||
"Name": "*"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"Port": 4567,
|
||||
"Protocol": "http",
|
||||
"Services": [
|
||||
{
|
||||
"Namespace": "frontend",
|
||||
"Name": "api",
|
||||
"Hosts": ["foo.example.com", "foo.example.com:4567"]
|
||||
},
|
||||
{
|
||||
"Namespace": "frontend",
|
||||
"Name": "web",
|
||||
"Hosts": ["website.example.com", "website.example.com:4567"]
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
|
||||
## Available Fields
|
||||
|
||||
- `Kind` - Must be set to `ingress-gateway`
|
||||
|
|
|
@ -17,8 +17,8 @@ description: >-
|
|||
and will apply to all instances of the gateway with that name.
|
||||
|
||||
~> [Configuration entries](/docs/agent/config-entries) are global in scope. A configuration entry for a gateway name applies
|
||||
across all federated Consul datacenters. If ingress gateways in different Consul datacenters need to route to different
|
||||
sets of services within their datacenter then the ingress gateways **must** be registered with different names.
|
||||
across all federated Consul datacenters. If terminating gateways in different Consul datacenters need to route to different
|
||||
sets of services within their datacenter then the terminating gateways **must** be registered with different names.
|
||||
|
||||
See [Terminating Gateway](/docs/connect/terminating-gateway) for more information.
|
||||
|
||||
|
@ -43,11 +43,15 @@ description: >-
|
|||
|
||||
## Sample Config Entries
|
||||
|
||||
Link gateway "us-west-gateway" with the billing service:
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
|
||||
Link gateway named "us-west-gateway" with the billing service:
|
||||
|
||||
```hcl
|
||||
Kind = "terminating-gateway"
|
||||
Name = "us-west-gateway"
|
||||
|
||||
Services = [
|
||||
{
|
||||
Name = "billing"
|
||||
|
@ -55,27 +59,176 @@ Services = [
|
|||
]
|
||||
```
|
||||
|
||||
Link gateway "us-west-gateway" with the api service and specify a CA file for one-way TLS authentication:
|
||||
</Tab>
|
||||
<Tab heading="HCL (Consul Enterprise)">
|
||||
|
||||
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace:
|
||||
|
||||
```hcl
|
||||
Kind = "terminating-gateway"
|
||||
Name = "us-west-gateway"
|
||||
Namespace = "default"
|
||||
|
||||
Services = [
|
||||
{
|
||||
Name = "api"
|
||||
Namespace = "finance"
|
||||
Name = "billing"
|
||||
}
|
||||
]
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="JSON">
|
||||
|
||||
Link gateway named "us-west-gateway" with the billing service:
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "terminating-gateway",
|
||||
"Name": "us-west-gateway",
|
||||
"Services": [
|
||||
{
|
||||
"Name": "billing"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="JSON (Consul Enterprise)">
|
||||
|
||||
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace:
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "terminating-gateway",
|
||||
"Name": "us-west-gateway",
|
||||
"Namespace": "default",
|
||||
"Services": [
|
||||
{
|
||||
"Namespace": "finance",
|
||||
"Name": "billing"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
|
||||
Link gateway named "us-west-gateway" with the billing service and specify a CA file for one-way TLS authentication:
|
||||
|
||||
```hcl
|
||||
Kind = "terminating-gateway"
|
||||
Name = "us-west-gateway"
|
||||
|
||||
Services = [
|
||||
{
|
||||
Name = "billing"
|
||||
CAFile = "/etc/certs/ca-chain.cert.pem"
|
||||
}
|
||||
]
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="HCL (Consul Enterprise)">
|
||||
|
||||
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace,
|
||||
and specify a CA file for one-way TLS authentication:
|
||||
|
||||
```hcl
|
||||
Kind = "terminating-gateway"
|
||||
Name = "us-west-gateway"
|
||||
Namespace = "default"
|
||||
|
||||
Services = [
|
||||
{
|
||||
Namespace = "finance"
|
||||
Name = "billing"
|
||||
CAFile = "/etc/certs/ca-chain.cert.pem"
|
||||
}
|
||||
]
|
||||
```
|
||||
|
||||
Link gateway "us-west-gateway" with the payments service and specify a CA file, key file, and cert file for mutual TLS authentication:
|
||||
</Tab>
|
||||
<Tab heading="JSON">
|
||||
|
||||
Link gateway named "us-west-gateway" with the billing service and specify a CA file for one-way TLS authentication:
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "terminating-gateway",
|
||||
"Name": "us-west-gateway",
|
||||
"Services": [
|
||||
{
|
||||
"Name": "billing",
|
||||
"CAFile": "/etc/certs/ca-chain.cert.pem"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="JSON (Consul Enterprise)">
|
||||
|
||||
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace,
|
||||
and specify a CA file for one-way TLS authentication:
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "terminating-gateway",
|
||||
"Name": "us-west-gateway",
|
||||
"Namespace": "default",
|
||||
"Services": [
|
||||
{
|
||||
"Namespace": "finance",
|
||||
"Name": "billing",
|
||||
"CAFile": "/etc/certs/ca-chain.cert.pem"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
|
||||
Link gateway named "us-west-gateway" with the payments service and specify a CA file, key file, and cert file for mutual TLS authentication:
|
||||
|
||||
```hcl
|
||||
Kind = "terminating-gateway"
|
||||
Name = "us-west-gateway"
|
||||
|
||||
Services = [
|
||||
{
|
||||
Name = "payments"
|
||||
Name = "billing"
|
||||
CAFile = "/etc/certs/ca-chain.cert.pem"
|
||||
KeyFile = "/etc/certs/gateway.key.pem"
|
||||
CertFile = "/etc/certs/gateway.cert.pem"
|
||||
}
|
||||
]
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="HCL (Consul Enterprise)">
|
||||
|
||||
Link gateway named "us-west-gateway" in the default namespace with the payments service in the finance namespace.
|
||||
Also specify a CA file, key file, and cert file for mutual TLS authentication:
|
||||
|
||||
```hcl
|
||||
Kind = "terminating-gateway"
|
||||
Name = "us-west-gateway"
|
||||
Namespace = "default"
|
||||
|
||||
Services = [
|
||||
{
|
||||
Namespace = "finance"
|
||||
Name = "billing"
|
||||
CAFile = "/etc/certs/ca-chain.cert.pem"
|
||||
KeyFile = "/etc/certs/gateway.key.pem"
|
||||
CertFile = "/etc/certs/gateway.cert.pem"
|
||||
|
@ -83,13 +236,88 @@ Services = [
|
|||
]
|
||||
```
|
||||
|
||||
Link gateway "us-west-gateway" with all services in the finance namespace, and configure default certificates for mutual TLS.
|
||||
</Tab>
|
||||
<Tab heading="JSON">
|
||||
|
||||
Link gateway named "us-west-gateway" with the payments service and specify a CA file, key file, and cert file for mutual TLS authentication:
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "terminating-gateway",
|
||||
"Name": "us-west-gateway",
|
||||
"Services": [
|
||||
{
|
||||
"Name": "billing",
|
||||
"CAFile": "/etc/certs/ca-chain.cert.pem",
|
||||
"KeyFile": "/etc/certs/gateway.key.pem",
|
||||
"CertFile": "/etc/certs/gateway.cert.pem"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="JSON (Consul Enterprise)">
|
||||
|
||||
Link gateway named "us-west-gateway" in the default namespace with the payments service in the finance namespace.
|
||||
Also specify a CA file, key file, and cert file for mutual TLS authentication:
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "terminating-gateway",
|
||||
"Name": "us-west-gateway",
|
||||
"Namespace": "default",
|
||||
"Services": [
|
||||
{
|
||||
"Namespace": "finance",
|
||||
"Name": "billing",
|
||||
"CAFile": "/etc/certs/ca-chain.cert.pem",
|
||||
"KeyFile": "/etc/certs/gateway.key.pem",
|
||||
"CertFile": "/etc/certs/gateway.cert.pem"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
|
||||
Link gateway named "us-west-gateway" with all services in the datacenter, and configure default certificates for mutual TLS.
|
||||
Also override the SNI and CA file used for connections to the billing service:
|
||||
|
||||
```hcl
|
||||
Kind = "terminating-gateway"
|
||||
Name = "us-west-gateway"
|
||||
|
||||
Services = [
|
||||
{
|
||||
Name = "*"
|
||||
CAFile = "/etc/common-certs/ca-chain.cert.pem"
|
||||
KeyFile = "/etc/common-certs/gateway.key.pem"
|
||||
CertFile = "/etc/common-certs/gateway.cert.pem"
|
||||
},
|
||||
{
|
||||
Name = "billing"
|
||||
CAFile = "/etc/billing-ca/ca-chain.cert.pem",
|
||||
SNI = "billing.service.com"
|
||||
}
|
||||
]
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="HCL (Consul Enterprise)">
|
||||
|
||||
Link gateway named "us-west-gateway" in the default namespace with all services in the finance namespace,
|
||||
and configure default certificates for mutual TLS. Also override the SNI and CA file used for connections to the billing service:
|
||||
|
||||
```hcl
|
||||
Kind = "terminating-gateway"
|
||||
Name = "us-west-gateway"
|
||||
Namespace = "default"
|
||||
|
||||
Services = [
|
||||
{
|
||||
Namespace = "finance"
|
||||
|
@ -101,12 +329,72 @@ Services = [
|
|||
{
|
||||
Namespace = "finance"
|
||||
Name = "billing"
|
||||
CAFile = "/etc/billing-ca/ca-chain.cert.pem"
|
||||
SNI = "billing.service.com"
|
||||
CAFile = "/etc/billing-ca/ca-chain.cert.pem",
|
||||
SNI = "billing.service.com"
|
||||
}
|
||||
]
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="JSON">
|
||||
|
||||
Link gateway named "us-west-gateway" with all services in the datacenter, and configure default certificates for mutual TLS.
|
||||
Also override the SNI and CA file used for connections to the billing service:
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "terminating-gateway",
|
||||
"Name": "us-west-gateway",
|
||||
"Services": [
|
||||
{
|
||||
"Name": "*",
|
||||
"CAFile": "/etc/billing-ca/ca-chain.cert.pem",
|
||||
"KeyFile": "/etc/certs/gateway.key.pem",
|
||||
"CertFile": "/etc/certs/gateway.cert.pem",
|
||||
"SNI": "billing.service.com"
|
||||
},
|
||||
{
|
||||
"Name": "billing",
|
||||
"CAFile": "/etc/billing-ca/ca-chain.cert.pem",
|
||||
"SNI": "billing.service.com"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="JSON (Consul Enterprise)">
|
||||
|
||||
Link gateway named "us-west-gateway" in the default namespace with all services in the finance namespace,
|
||||
and configure default certificates for mutual TLS. Also override the SNI and CA file used for connections to the billing service:
|
||||
|
||||
```json
|
||||
{
|
||||
"Kind": "terminating-gateway",
|
||||
"Name": "us-west-gateway",
|
||||
"Namespace": "default",
|
||||
"Services": [
|
||||
{
|
||||
"Namespace": "finance",
|
||||
"Name": "*",
|
||||
"CAFile": "/etc/billing-ca/ca-chain.cert.pem",
|
||||
"KeyFile": "/etc/certs/gateway.key.pem",
|
||||
"CertFile": "/etc/certs/gateway.cert.pem",
|
||||
"SNI": "billing.service.com"
|
||||
},
|
||||
{
|
||||
"Namespace": "finance",
|
||||
"Name": "billing",
|
||||
"CAFile": "/etc/billing-ca/ca-chain.cert.pem",
|
||||
"SNI": "billing.service.com"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
|
||||
## Available Fields
|
||||
|
||||
- `Kind` - Must be set to `terminating-gateway`
|
||||
|
|
Loading…
Reference in New Issue