Update namespace docs for config entries (#7420)

pull/7413/head
Freddy 2020-03-09 14:51:21 -06:00 committed by GitHub
parent 382d33bb7e
commit 602aa742d8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 56 additions and 61 deletions

View File

@ -52,11 +52,9 @@ The table below shows this endpoint's support for
non-zero, the entry is only set if the current index matches the `ModifyIndex` non-zero, the entry is only set if the current index matches the `ModifyIndex`
of that entry. of that entry.
- `ns` `(string: "")` - **(Enterprise Only)** Specifies the namespace in which the - `ns` `(string: "")` - **(Enterprise Only)** Specifies the namespace the config
service and checks will be registered. This value may be provided by either the entry will apply to. This value may be provided by either the `ns` URL query
`ns` URL query parameter or in the `X-Consul-Namespace` header. Additionally, parameter or in the `X-Consul-Namespace` header. If not provided at all,
the namespace may be provided within the `Service` or `Check` fields but if
present in multiple places, they must all be the same. If not provided at all,
the namespace will be inherited from the request's ACL token or will default the namespace will be inherited from the request's ACL token or will default
to the `default` namespace. Added in Consul 1.7.0. to the `default` namespace. Added in Consul 1.7.0.
@ -117,13 +115,10 @@ The table below shows this endpoint's support for
- `name` `(string: <required>)` - Specifies the name of the entry to read. This - `name` `(string: <required>)` - Specifies the name of the entry to read. This
is specified as part of the URL. is specified as part of the URL.
- `ns` `(string: "")` - **(Enterprise Only)** Specifies the namespace in which the - `ns` `(string: "")` - **(Enterprise Only)** Specifies the namespace to query.
service and checks will be registered. This value may be provided by either the This value may be provided by either the `ns` URL query parameter or in the
`ns` URL query parameter or in the `X-Consul-Namespace` header. Additionally, `X-Consul-Namespace` header. If not provided at all, the namespace will be inherited from
the namespace may be provided within the `Service` or `Check` fields but if the request's ACL token or will default to the `default` namespace. Added in Consul 1.7.0.
present in multiple places, they must all be the same. If not provided at all,
the namespace will be inherited from the request's ACL token or will default
to the `default` namespace. Added in Consul 1.7.0.
### Sample Request ### Sample Request
@ -179,13 +174,10 @@ The table below shows this endpoint's support for
- `kind` `(string: <required>)` - Specifies the kind of the entry to list. This - `kind` `(string: <required>)` - Specifies the kind of the entry to list. This
is specified as part of the URL. is specified as part of the URL.
- `ns` `(string: "")` - **(Enterprise Only)** Specifies the namespace in which the - `ns` `(string: "")` - **(Enterprise Only)** Specifies the namespace to query.
service and checks will be registered. This value may be provided by either the This value may be provided by either the `ns` URL query parameter or in the
`ns` URL query parameter or in the `X-Consul-Namespace` header. Additionally, `X-Consul-Namespace` header. If not provided at all, the namespace will be inherited from
the namespace may be provided within the `Service` or `Check` fields but if the request's ACL token or will default to the `default` namespace. Added in Consul 1.7.0.
present in multiple places, they must all be the same. If not provided at all,
the namespace will be inherited from the request's ACL token or will default
to the `default` namespace. Added in Consul 1.7.0.
### Sample Request ### Sample Request
@ -253,13 +245,10 @@ The table below shows this endpoint's support for
- `name` `(string: <required>)` - Specifies the name of the entry to delete. This - `name` `(string: <required>)` - Specifies the name of the entry to delete. This
is specified as part of the URL. is specified as part of the URL.
- `ns` `(string: "")` - **(Enterprise Only)** Specifies the namespace in which the - `ns` `(string: "")` - **(Enterprise Only)** Specifies the namespace to delete from.
service and checks will be registered. This value may be provided by either the This value may be provided by either the `ns` URL query parameter or in the
`ns` URL query parameter or in the `X-Consul-Namespace` header. Additionally, `X-Consul-Namespace` header. If not provided at all, the namespace will be inherited
the namespace may be provided within the `Service` or `Check` fields but if from the request's ACL token or will default to the `default` namespace. Added in Consul 1.7.0.
present in multiple places, they must all be the same. If not provided at all,
the namespace will be inherited from the request's ACL token or will default
to the `default` namespace. Added in Consul 1.7.0.
### Sample Request ### Sample Request

View File

@ -14,17 +14,18 @@ one global entry is supported.
## Sample Config Entries ## Sample Config Entries
Set the default protocol for all sidecar proxies: Set the default protocol for all sidecar proxies in the default namespace:
```hcl ```hcl
kind = "proxy-defaults" kind = "proxy-defaults"
name = "global" name = "global"
namespace = "default"
config { config {
protocol = "http" protocol = "http"
} }
``` ```
Set proxy-specific defaults: Set proxy-specific defaults :
```hcl ```hcl
kind = "proxy-defaults" kind = "proxy-defaults"
@ -41,6 +42,8 @@ config {
- `Name` - Must be set to `global` - `Name` - Must be set to `global`
- `Namespace` `(string: "default")` - **Enterprise Only** Specifies the namespace the config entry will apply to.
- `Config` `(map[string]arbitrary)` - An arbitrary map of configuration values used by Connect proxies. - `Config` `(map[string]arbitrary)` - An arbitrary map of configuration values used by Connect proxies.
The available configurations depend on the Connect proxy you use. Any values The available configurations depend on the Connect proxy you use. Any values
that your proxy allows can be configured globally here. To that your proxy allows can be configured globally here. To
@ -59,23 +62,23 @@ config {
[expose path configuration](/docs/connect/registration/service-registration.html#expose-paths-configuration-reference) [expose path configuration](/docs/connect/registration/service-registration.html#expose-paths-configuration-reference)
for Envoy. Added in v1.6.2. for Envoy. Added in v1.6.2.
Exposing paths through Envoy enables a service to protect itself by only listening on localhost, while still allowing Exposing paths through Envoy enables a service to protect itself by only listening on localhost, while still allowing
non-Connect-enabled applications to contact an HTTP endpoint. non-Connect-enabled applications to contact an HTTP endpoint.
Some examples include: exposing a `/metrics` path for Prometheus or `/healthz` for kubelet liveness checks. Some examples include: exposing a `/metrics` path for Prometheus or `/healthz` for kubelet liveness checks.
- `Checks` `(bool: false)` - If enabled, all HTTP and gRPC checks registered with the agent are exposed through Envoy. - `Checks` `(bool: false)` - If enabled, all HTTP and gRPC checks registered with the agent are exposed through Envoy.
Envoy will expose listeners for these checks and will only accept connections originating from localhost or Consul's Envoy will expose listeners for these checks and will only accept connections originating from localhost or Consul's
[advertise address](/docs/agent/options.html#advertise). The port for these listeners are dynamically allocated from [advertise address](/docs/agent/options.html#advertise). The port for these listeners are dynamically allocated from
[expose_min_port](/docs/agent/options.html#expose_min_port) to [expose_max_port](/docs/agent/options.html#expose_max_port). [expose_min_port](/docs/agent/options.html#expose_min_port) to [expose_max_port](/docs/agent/options.html#expose_max_port).
This flag is useful when a Consul client cannot reach registered services over localhost. One example is when running This flag is useful when a Consul client cannot reach registered services over localhost. One example is when running
Consul on Kubernetes, and Consul agents run in their own pods. Consul on Kubernetes, and Consul agents run in their own pods.
- `Paths` `array<Path>: []` - A list of paths to expose through Envoy. - `Paths` `array<Path>: []` - A list of paths to expose through Envoy.
- `Path` `(string: "")` - The HTTP path to expose. The path must be prefixed by a slash. ie: `/metrics`. - `Path` `(string: "")` - The HTTP path to expose. The path must be prefixed by a slash. ie: `/metrics`.
- `LocalPathPort` `(int: 0)` - The port where the local service is listening for connections to the path. - `LocalPathPort` `(int: 0)` - The port where the local service is listening for connections to the path.
- `ListenerPort` `(int: 0)` - The port where the proxy will listen for connections. This port must be available - `ListenerPort` `(int: 0)` - The port where the proxy will listen for connections. This port must be available
for the listener to be set up. If the port is not free then Envoy will not expose a listener for the path, for the listener to be set up. If the port is not free then Envoy will not expose a listener for the path,
but the proxy registration will not fail. but the proxy registration will not fail.
- `Protocol` `(string: "http")` - Sets the protocol of the listener. One of `http` or `http2`. For gRPC use `http2`. - `Protocol` `(string: "http")` - Sets the protocol of the listener. One of `http` or `http2`. For gRPC use `http2`.
## ACLs ## ACLs

View File

@ -13,11 +13,12 @@ service, such as its protocol.
## Sample Config Entries ## Sample Config Entries
Set the default protocol for a service to HTTP: Set the default protocol for a service in the default namespace to HTTP:
```hcl ```hcl
Kind = "service-defaults" Kind = "service-defaults"
Name = "web" Name = "web"
Namespace = "default"
Protocol = "http" Protocol = "http"
``` ```
@ -27,6 +28,8 @@ Protocol = "http"
- `Name` `(string: <required>)` - Set to the name of the service being configured. - `Name` `(string: <required>)` - Set to the name of the service being configured.
- `Namespace` `(string: "default")` - **Enterprise Only** Specifies the namespace the config entry will apply to.
- `Protocol` `(string: "tcp")` - Sets the protocol of the service. This is used - `Protocol` `(string: "tcp")` - Sets the protocol of the service. This is used
by Connect proxies for things like observability features and to unlock usage by Connect proxies for things like observability features and to unlock usage
of the [`service-splitter`](/docs/agent/config-entries/service-splitter.html) and of the [`service-splitter`](/docs/agent/config-entries/service-splitter.html) and
@ -48,23 +51,23 @@ Protocol = "http"
[expose path configuration](/docs/connect/registration/service-registration.html#expose-paths-configuration-reference) [expose path configuration](/docs/connect/registration/service-registration.html#expose-paths-configuration-reference)
for Envoy. Added in v1.6.2. for Envoy. Added in v1.6.2.
Exposing paths through Envoy enables a service to protect itself by only listening on localhost, while still allowing Exposing paths through Envoy enables a service to protect itself by only listening on localhost, while still allowing
non-Connect-enabled applications to contact an HTTP endpoint. non-Connect-enabled applications to contact an HTTP endpoint.
Some examples include: exposing a `/metrics` path for Prometheus or `/healthz` for kubelet liveness checks. Some examples include: exposing a `/metrics` path for Prometheus or `/healthz` for kubelet liveness checks.
- `Checks` `(bool: false)` - If enabled, all HTTP and gRPC checks registered with the agent are exposed through Envoy. - `Checks` `(bool: false)` - If enabled, all HTTP and gRPC checks registered with the agent are exposed through Envoy.
Envoy will expose listeners for these checks and will only accept connections originating from localhost or Consul's Envoy will expose listeners for these checks and will only accept connections originating from localhost or Consul's
[advertise address](/docs/agent/options.html#advertise). The port for these listeners are dynamically allocated from [advertise address](/docs/agent/options.html#advertise). The port for these listeners are dynamically allocated from
[expose_min_port](/docs/agent/options.html#expose_min_port) to [expose_max_port](/docs/agent/options.html#expose_max_port). [expose_min_port](/docs/agent/options.html#expose_min_port) to [expose_max_port](/docs/agent/options.html#expose_max_port).
This flag is useful when a Consul client cannot reach registered services over localhost. One example is when running This flag is useful when a Consul client cannot reach registered services over localhost. One example is when running
Consul on Kubernetes, and Consul agents run in their own pods. Consul on Kubernetes, and Consul agents run in their own pods.
- `Paths` `array<Path>: []` - A list of paths to expose through Envoy. - `Paths` `array<Path>: []` - A list of paths to expose through Envoy.
- `Path` `(string: "")` - The HTTP path to expose. The path must be prefixed by a slash. ie: `/metrics`. - `Path` `(string: "")` - The HTTP path to expose. The path must be prefixed by a slash. ie: `/metrics`.
- `LocalPathPort` `(int: 0)` - The port where the local service is listening for connections to the path. - `LocalPathPort` `(int: 0)` - The port where the local service is listening for connections to the path.
- `ListenerPort` `(int: 0)` - The port where the proxy will listen for connections. This port must be available for - `ListenerPort` `(int: 0)` - The port where the proxy will listen for connections. This port must be available for
the listener to be set up. If the port is not free then Envoy will not expose a listener for the path, the listener to be set up. If the port is not free then Envoy will not expose a listener for the path,
but the proxy registration will not fail. but the proxy registration will not fail.
- `Protocol` `(string: "http")` - Sets the protocol of the listener. One of `http` or `http2`. For gRPC use `http2`. - `Protocol` `(string: "http")` - Sets the protocol of the listener. One of `http` or `http2`. For gRPC use `http2`.
## ACLs ## ACLs