mirror of https://github.com/hashicorp/consul
Update namespace docs for config entries (#7420)
parent
382d33bb7e
commit
602aa742d8
|
@ -52,11 +52,9 @@ The table below shows this endpoint's support for
|
||||||
non-zero, the entry is only set if the current index matches the `ModifyIndex`
|
non-zero, the entry is only set if the current index matches the `ModifyIndex`
|
||||||
of that entry.
|
of that entry.
|
||||||
|
|
||||||
- `ns` `(string: "")` - **(Enterprise Only)** Specifies the namespace in which the
|
- `ns` `(string: "")` - **(Enterprise Only)** Specifies the namespace the config
|
||||||
service and checks will be registered. This value may be provided by either the
|
entry will apply to. This value may be provided by either the `ns` URL query
|
||||||
`ns` URL query parameter or in the `X-Consul-Namespace` header. Additionally,
|
parameter or in the `X-Consul-Namespace` header. If not provided at all,
|
||||||
the namespace may be provided within the `Service` or `Check` fields but if
|
|
||||||
present in multiple places, they must all be the same. If not provided at all,
|
|
||||||
the namespace will be inherited from the request's ACL token or will default
|
the namespace will be inherited from the request's ACL token or will default
|
||||||
to the `default` namespace. Added in Consul 1.7.0.
|
to the `default` namespace. Added in Consul 1.7.0.
|
||||||
|
|
||||||
|
@ -117,13 +115,10 @@ The table below shows this endpoint's support for
|
||||||
- `name` `(string: <required>)` - Specifies the name of the entry to read. This
|
- `name` `(string: <required>)` - Specifies the name of the entry to read. This
|
||||||
is specified as part of the URL.
|
is specified as part of the URL.
|
||||||
|
|
||||||
- `ns` `(string: "")` - **(Enterprise Only)** Specifies the namespace in which the
|
- `ns` `(string: "")` - **(Enterprise Only)** Specifies the namespace to query.
|
||||||
service and checks will be registered. This value may be provided by either the
|
This value may be provided by either the `ns` URL query parameter or in the
|
||||||
`ns` URL query parameter or in the `X-Consul-Namespace` header. Additionally,
|
`X-Consul-Namespace` header. If not provided at all, the namespace will be inherited from
|
||||||
the namespace may be provided within the `Service` or `Check` fields but if
|
the request's ACL token or will default to the `default` namespace. Added in Consul 1.7.0.
|
||||||
present in multiple places, they must all be the same. If not provided at all,
|
|
||||||
the namespace will be inherited from the request's ACL token or will default
|
|
||||||
to the `default` namespace. Added in Consul 1.7.0.
|
|
||||||
|
|
||||||
### Sample Request
|
### Sample Request
|
||||||
|
|
||||||
|
@ -179,13 +174,10 @@ The table below shows this endpoint's support for
|
||||||
- `kind` `(string: <required>)` - Specifies the kind of the entry to list. This
|
- `kind` `(string: <required>)` - Specifies the kind of the entry to list. This
|
||||||
is specified as part of the URL.
|
is specified as part of the URL.
|
||||||
|
|
||||||
- `ns` `(string: "")` - **(Enterprise Only)** Specifies the namespace in which the
|
- `ns` `(string: "")` - **(Enterprise Only)** Specifies the namespace to query.
|
||||||
service and checks will be registered. This value may be provided by either the
|
This value may be provided by either the `ns` URL query parameter or in the
|
||||||
`ns` URL query parameter or in the `X-Consul-Namespace` header. Additionally,
|
`X-Consul-Namespace` header. If not provided at all, the namespace will be inherited from
|
||||||
the namespace may be provided within the `Service` or `Check` fields but if
|
the request's ACL token or will default to the `default` namespace. Added in Consul 1.7.0.
|
||||||
present in multiple places, they must all be the same. If not provided at all,
|
|
||||||
the namespace will be inherited from the request's ACL token or will default
|
|
||||||
to the `default` namespace. Added in Consul 1.7.0.
|
|
||||||
|
|
||||||
### Sample Request
|
### Sample Request
|
||||||
|
|
||||||
|
@ -253,13 +245,10 @@ The table below shows this endpoint's support for
|
||||||
- `name` `(string: <required>)` - Specifies the name of the entry to delete. This
|
- `name` `(string: <required>)` - Specifies the name of the entry to delete. This
|
||||||
is specified as part of the URL.
|
is specified as part of the URL.
|
||||||
|
|
||||||
- `ns` `(string: "")` - **(Enterprise Only)** Specifies the namespace in which the
|
- `ns` `(string: "")` - **(Enterprise Only)** Specifies the namespace to delete from.
|
||||||
service and checks will be registered. This value may be provided by either the
|
This value may be provided by either the `ns` URL query parameter or in the
|
||||||
`ns` URL query parameter or in the `X-Consul-Namespace` header. Additionally,
|
`X-Consul-Namespace` header. If not provided at all, the namespace will be inherited
|
||||||
the namespace may be provided within the `Service` or `Check` fields but if
|
from the request's ACL token or will default to the `default` namespace. Added in Consul 1.7.0.
|
||||||
present in multiple places, they must all be the same. If not provided at all,
|
|
||||||
the namespace will be inherited from the request's ACL token or will default
|
|
||||||
to the `default` namespace. Added in Consul 1.7.0.
|
|
||||||
|
|
||||||
### Sample Request
|
### Sample Request
|
||||||
|
|
||||||
|
|
|
@ -14,17 +14,18 @@ one global entry is supported.
|
||||||
|
|
||||||
## Sample Config Entries
|
## Sample Config Entries
|
||||||
|
|
||||||
Set the default protocol for all sidecar proxies:
|
Set the default protocol for all sidecar proxies in the default namespace:
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
kind = "proxy-defaults"
|
kind = "proxy-defaults"
|
||||||
name = "global"
|
name = "global"
|
||||||
|
namespace = "default"
|
||||||
config {
|
config {
|
||||||
protocol = "http"
|
protocol = "http"
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
Set proxy-specific defaults:
|
Set proxy-specific defaults :
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
kind = "proxy-defaults"
|
kind = "proxy-defaults"
|
||||||
|
@ -41,6 +42,8 @@ config {
|
||||||
|
|
||||||
- `Name` - Must be set to `global`
|
- `Name` - Must be set to `global`
|
||||||
|
|
||||||
|
- `Namespace` `(string: "default")` - **Enterprise Only** Specifies the namespace the config entry will apply to.
|
||||||
|
|
||||||
- `Config` `(map[string]arbitrary)` - An arbitrary map of configuration values used by Connect proxies.
|
- `Config` `(map[string]arbitrary)` - An arbitrary map of configuration values used by Connect proxies.
|
||||||
The available configurations depend on the Connect proxy you use. Any values
|
The available configurations depend on the Connect proxy you use. Any values
|
||||||
that your proxy allows can be configured globally here. To
|
that your proxy allows can be configured globally here. To
|
||||||
|
@ -59,23 +62,23 @@ config {
|
||||||
[expose path configuration](/docs/connect/registration/service-registration.html#expose-paths-configuration-reference)
|
[expose path configuration](/docs/connect/registration/service-registration.html#expose-paths-configuration-reference)
|
||||||
for Envoy. Added in v1.6.2.
|
for Envoy. Added in v1.6.2.
|
||||||
|
|
||||||
Exposing paths through Envoy enables a service to protect itself by only listening on localhost, while still allowing
|
Exposing paths through Envoy enables a service to protect itself by only listening on localhost, while still allowing
|
||||||
non-Connect-enabled applications to contact an HTTP endpoint.
|
non-Connect-enabled applications to contact an HTTP endpoint.
|
||||||
Some examples include: exposing a `/metrics` path for Prometheus or `/healthz` for kubelet liveness checks.
|
Some examples include: exposing a `/metrics` path for Prometheus or `/healthz` for kubelet liveness checks.
|
||||||
|
|
||||||
- `Checks` `(bool: false)` - If enabled, all HTTP and gRPC checks registered with the agent are exposed through Envoy.
|
- `Checks` `(bool: false)` - If enabled, all HTTP and gRPC checks registered with the agent are exposed through Envoy.
|
||||||
Envoy will expose listeners for these checks and will only accept connections originating from localhost or Consul's
|
Envoy will expose listeners for these checks and will only accept connections originating from localhost or Consul's
|
||||||
[advertise address](/docs/agent/options.html#advertise). The port for these listeners are dynamically allocated from
|
[advertise address](/docs/agent/options.html#advertise). The port for these listeners are dynamically allocated from
|
||||||
[expose_min_port](/docs/agent/options.html#expose_min_port) to [expose_max_port](/docs/agent/options.html#expose_max_port).
|
[expose_min_port](/docs/agent/options.html#expose_min_port) to [expose_max_port](/docs/agent/options.html#expose_max_port).
|
||||||
This flag is useful when a Consul client cannot reach registered services over localhost. One example is when running
|
This flag is useful when a Consul client cannot reach registered services over localhost. One example is when running
|
||||||
Consul on Kubernetes, and Consul agents run in their own pods.
|
Consul on Kubernetes, and Consul agents run in their own pods.
|
||||||
- `Paths` `array<Path>: []` - A list of paths to expose through Envoy.
|
- `Paths` `array<Path>: []` - A list of paths to expose through Envoy.
|
||||||
- `Path` `(string: "")` - The HTTP path to expose. The path must be prefixed by a slash. ie: `/metrics`.
|
- `Path` `(string: "")` - The HTTP path to expose. The path must be prefixed by a slash. ie: `/metrics`.
|
||||||
- `LocalPathPort` `(int: 0)` - The port where the local service is listening for connections to the path.
|
- `LocalPathPort` `(int: 0)` - The port where the local service is listening for connections to the path.
|
||||||
- `ListenerPort` `(int: 0)` - The port where the proxy will listen for connections. This port must be available
|
- `ListenerPort` `(int: 0)` - The port where the proxy will listen for connections. This port must be available
|
||||||
for the listener to be set up. If the port is not free then Envoy will not expose a listener for the path,
|
for the listener to be set up. If the port is not free then Envoy will not expose a listener for the path,
|
||||||
but the proxy registration will not fail.
|
but the proxy registration will not fail.
|
||||||
- `Protocol` `(string: "http")` - Sets the protocol of the listener. One of `http` or `http2`. For gRPC use `http2`.
|
- `Protocol` `(string: "http")` - Sets the protocol of the listener. One of `http` or `http2`. For gRPC use `http2`.
|
||||||
|
|
||||||
## ACLs
|
## ACLs
|
||||||
|
|
||||||
|
|
|
@ -13,11 +13,12 @@ service, such as its protocol.
|
||||||
|
|
||||||
## Sample Config Entries
|
## Sample Config Entries
|
||||||
|
|
||||||
Set the default protocol for a service to HTTP:
|
Set the default protocol for a service in the default namespace to HTTP:
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
Kind = "service-defaults"
|
Kind = "service-defaults"
|
||||||
Name = "web"
|
Name = "web"
|
||||||
|
Namespace = "default"
|
||||||
Protocol = "http"
|
Protocol = "http"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -27,6 +28,8 @@ Protocol = "http"
|
||||||
|
|
||||||
- `Name` `(string: <required>)` - Set to the name of the service being configured.
|
- `Name` `(string: <required>)` - Set to the name of the service being configured.
|
||||||
|
|
||||||
|
- `Namespace` `(string: "default")` - **Enterprise Only** Specifies the namespace the config entry will apply to.
|
||||||
|
|
||||||
- `Protocol` `(string: "tcp")` - Sets the protocol of the service. This is used
|
- `Protocol` `(string: "tcp")` - Sets the protocol of the service. This is used
|
||||||
by Connect proxies for things like observability features and to unlock usage
|
by Connect proxies for things like observability features and to unlock usage
|
||||||
of the [`service-splitter`](/docs/agent/config-entries/service-splitter.html) and
|
of the [`service-splitter`](/docs/agent/config-entries/service-splitter.html) and
|
||||||
|
@ -48,23 +51,23 @@ Protocol = "http"
|
||||||
[expose path configuration](/docs/connect/registration/service-registration.html#expose-paths-configuration-reference)
|
[expose path configuration](/docs/connect/registration/service-registration.html#expose-paths-configuration-reference)
|
||||||
for Envoy. Added in v1.6.2.
|
for Envoy. Added in v1.6.2.
|
||||||
|
|
||||||
Exposing paths through Envoy enables a service to protect itself by only listening on localhost, while still allowing
|
Exposing paths through Envoy enables a service to protect itself by only listening on localhost, while still allowing
|
||||||
non-Connect-enabled applications to contact an HTTP endpoint.
|
non-Connect-enabled applications to contact an HTTP endpoint.
|
||||||
Some examples include: exposing a `/metrics` path for Prometheus or `/healthz` for kubelet liveness checks.
|
Some examples include: exposing a `/metrics` path for Prometheus or `/healthz` for kubelet liveness checks.
|
||||||
|
|
||||||
- `Checks` `(bool: false)` - If enabled, all HTTP and gRPC checks registered with the agent are exposed through Envoy.
|
- `Checks` `(bool: false)` - If enabled, all HTTP and gRPC checks registered with the agent are exposed through Envoy.
|
||||||
Envoy will expose listeners for these checks and will only accept connections originating from localhost or Consul's
|
Envoy will expose listeners for these checks and will only accept connections originating from localhost or Consul's
|
||||||
[advertise address](/docs/agent/options.html#advertise). The port for these listeners are dynamically allocated from
|
[advertise address](/docs/agent/options.html#advertise). The port for these listeners are dynamically allocated from
|
||||||
[expose_min_port](/docs/agent/options.html#expose_min_port) to [expose_max_port](/docs/agent/options.html#expose_max_port).
|
[expose_min_port](/docs/agent/options.html#expose_min_port) to [expose_max_port](/docs/agent/options.html#expose_max_port).
|
||||||
This flag is useful when a Consul client cannot reach registered services over localhost. One example is when running
|
This flag is useful when a Consul client cannot reach registered services over localhost. One example is when running
|
||||||
Consul on Kubernetes, and Consul agents run in their own pods.
|
Consul on Kubernetes, and Consul agents run in their own pods.
|
||||||
- `Paths` `array<Path>: []` - A list of paths to expose through Envoy.
|
- `Paths` `array<Path>: []` - A list of paths to expose through Envoy.
|
||||||
- `Path` `(string: "")` - The HTTP path to expose. The path must be prefixed by a slash. ie: `/metrics`.
|
- `Path` `(string: "")` - The HTTP path to expose. The path must be prefixed by a slash. ie: `/metrics`.
|
||||||
- `LocalPathPort` `(int: 0)` - The port where the local service is listening for connections to the path.
|
- `LocalPathPort` `(int: 0)` - The port where the local service is listening for connections to the path.
|
||||||
- `ListenerPort` `(int: 0)` - The port where the proxy will listen for connections. This port must be available for
|
- `ListenerPort` `(int: 0)` - The port where the proxy will listen for connections. This port must be available for
|
||||||
the listener to be set up. If the port is not free then Envoy will not expose a listener for the path,
|
the listener to be set up. If the port is not free then Envoy will not expose a listener for the path,
|
||||||
but the proxy registration will not fail.
|
but the proxy registration will not fail.
|
||||||
- `Protocol` `(string: "http")` - Sets the protocol of the listener. One of `http` or `http2`. For gRPC use `http2`.
|
- `Protocol` `(string: "http")` - Sets the protocol of the listener. One of `http` or `http2`. For gRPC use `http2`.
|
||||||
|
|
||||||
## ACLs
|
## ACLs
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue