mirror of https://github.com/hashicorp/consul
Backport of Fix broken links in Consul docs into release/1.15.x (#16768)
* backport of commitpull/16864/headfba9e901d6
* backport of commitfbdeaf2ebe
* cherry pick and fix merge conflict --------- Co-authored-by: Eddie Rowe <74205376+eddie-rowe@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
parent
ca148fc0c0
commit
6cbd5035e5
|
@ -157,7 +157,7 @@ information.
|
|||
- `-segment` ((#\_segment)) <EnterpriseAlert inline /> - This flag is used to set
|
||||
the name of the network segment the agent belongs to. An agent can only join and
|
||||
communicate with other agents within its network segment. Ensure the [join
|
||||
operation uses the correct port for this segment](/consul/docs/enterprise/network-segments#join_a_client_to_a_segment).
|
||||
operation uses the correct port for this segment](/consul/docs/enterprise/network-segments/create-network-segment#configure-clients-to-join-segments).
|
||||
Review the [Network Segments documentation](/consul/docs/enterprise/network-segments/create-network-segment)
|
||||
for more details. By default, this is an empty string, which is the `<default>`
|
||||
network segment.
|
||||
|
@ -490,7 +490,7 @@ information.
|
|||
the data directory. This is useful when running multiple Consul agents on the same
|
||||
host for testing. This defaults to false in Consul prior to version 0.8.5 and in
|
||||
0.8.5 and later defaults to true, so you must opt-in for host-based IDs. Host-based
|
||||
IDs are generated using [gopsutil](https://github.com/shirou/gopsutil/tree/master/v3/host), which
|
||||
IDs are generated using [gopsutil](https://github.com/shirou/gopsutil/), which
|
||||
is shared with HashiCorp's [Nomad](https://www.nomadproject.io/), so if you opt-in
|
||||
to host-based IDs then Consul and Nomad will use information on the host to automatically
|
||||
assign the same ID in both systems.
|
||||
|
|
|
@ -924,7 +924,7 @@ Refer to the [formatting specification](https://golang.org/pkg/time/#ParseDurati
|
|||
[`acl.tokens.agent_recovery`](#acl_tokens_agent_recovery).**
|
||||
|
||||
- `config_file_service_registration` ((#acl_tokens_config_file_service_registration)) - Specifies the ACL
|
||||
token the agent uses to register services and checks from [service](/consul/docs/services/usage/define-services) and [check](/consul/docs/usage/checks) definitions
|
||||
token the agent uses to register services and checks from [service](/consul/docs/services/usage/define-services) and [check](/consul/docs/services/usage/checks) definitions
|
||||
specified in configuration files or fragments passed to the agent using the `-hcl`
|
||||
flag.
|
||||
|
||||
|
|
|
@ -62,7 +62,8 @@ its consequences during outage situations). Reaping is similar to leaving,
|
|||
causing all associated services to be deregistered.
|
||||
|
||||
## Limit traffic rates
|
||||
You can define a set of rate limiting configurations that help operators protect Consul servers from excessive or peak usage. The configurations enable you to gracefully degrade Consul servers to avoid a global interruption of service. You can allocate a set of resources to different Consul users and eliminate the risks that some users consuming too many resources pose to others. Consul supports global server rate limiting, which lets configure Consul servers to deny requests that exceed the read or write limits. Refer to [Traffic Rate Limits Overview](/consul/docs/agent/limits/limit-traffic-rates).
|
||||
|
||||
You can define a set of rate limiting configurations that help operators protect Consul servers from excessive or peak usage. The configurations enable you to gracefully degrade Consul servers to avoid a global interruption of service. Consul supports global server rate limiting, which lets configure Consul servers to deny requests that exceed the read or write limits. Refer to [Traffic Rate Limits Overview](/consul/docs/agent/limits).
|
||||
|
||||
## Requirements
|
||||
|
||||
|
|
|
@ -23,7 +23,7 @@ The overall process for enabling the WAL LogStore backend for one server consist
|
|||
|
||||
## Requirements
|
||||
|
||||
- Consul v1.15 or later is required for all servers in the datacenter. Refer to the [standard upgrade procedure](/consul/docs/upgrading/general-process) and the [1.15 upgrade notes](/consul/docs/upgrading/upgrade-specific#consul-1-15-x) for additional information.
|
||||
- Consul v1.15 or later is required for all servers in the datacenter. Refer to the [standard upgrade procedure](/consul/docs/upgrading/instructions/general-process) and the [1.15 upgrade notes](/consul/docs/upgrading/upgrade-specific#consul-1-15-x) for additional information.
|
||||
- A Consul cluster with at least three nodes are required to safely test the WAL backend without downtime.
|
||||
|
||||
We recommend taking the following additional measures:
|
||||
|
|
|
@ -7,7 +7,7 @@ description: >-
|
|||
|
||||
# Monitor Raft metrics and logs for WAL
|
||||
|
||||
This topic describes how to monitor Raft metrics and logs if you are testing the WAL backend. We strongly recommend monitoring the Consul cluster, especially the target server, for evidence that the WAL backend is not functioning correctly. Refer to [Enable the experimental WAL LogStore backend](/consul/docs/agent/wal-logstore/index) for additional information about the WAL backend.
|
||||
This topic describes how to monitor Raft metrics and logs if you are testing the WAL backend. We strongly recommend monitoring the Consul cluster, especially the target server, for evidence that the WAL backend is not functioning correctly. Refer to [Enable the experimental WAL LogStore backend](/consul/docs/agent/wal-logstore/enable) for additional information about the WAL backend.
|
||||
|
||||
!> **Upgrade warning:** The WAL LogStore backend is experimental.
|
||||
|
||||
|
|
|
@ -168,7 +168,7 @@ The following example creates a route named `example-route` in namespace `gatewa
|
|||
|
||||
### rules.filters
|
||||
|
||||
The `filters` block defines steps for processing requests. You can configure filters to modify the properties of matching incoming requests and enable Consul API Gateway features, such as rewriting path prefixes (refer to [Reroute HTTP requests](/consul/docs/api-gateway/usage#reroute-http-requests) for additional information).
|
||||
The `filters` block defines steps for processing requests. You can configure filters to modify the properties of matching incoming requests and enable Consul API Gateway features, such as rewriting path prefixes (refer to [Reroute HTTP requests](/consul/docs/api-gateway/usage/reroute-http-requests) for additional information).
|
||||
|
||||
* Type: Array of objects
|
||||
* Required: Optional
|
||||
|
@ -203,7 +203,7 @@ Specifies rules for rewriting the URL of incoming requests when `rules.filters.t
|
|||
|
||||
### rules.filters.urlRewrite.path
|
||||
|
||||
Specifies a list of objects that determine how Consul API Gateway rewrites URL paths (refer to [Reroute HTTP requests](/consul/docs/api-gateway/usage#reroute-http-requests) for additional information).
|
||||
Specifies a list of objects that determine how Consul API Gateway rewrites URL paths (refer to [Reroute HTTP requests](/consul/docs/api-gateway/usage/reroute-http-requests) for additional information).
|
||||
|
||||
The following table describes the parameters for `path`:
|
||||
|
||||
|
|
|
@ -18,7 +18,7 @@ This topic describes how to configure Consul API Gateway to route traffic to ser
|
|||
|
||||
## Configuration
|
||||
|
||||
Specify the following fields in your `MeshService` configuration to use this feature. Refer to the [MeshService configuration reference](/consul/docs/api-gateway/configuration/mesh) for details about the parameters.
|
||||
Specify the following fields in your `MeshService` configuration to use this feature. Refer to the [MeshService configuration reference](/consul/docs/api-gateway/configuration/meshservice) for details about the parameters.
|
||||
|
||||
- [`name`](/consul/docs/api-gateway/configuration/meshservice#name)
|
||||
- [`peer`](/consul/docs/api-gateway/configuration/meshservice#peer)
|
||||
|
|
|
@ -51,7 +51,7 @@ To mitigate these risks, we recommend a maximum of 5,000 Consul client agents in
|
|||
|
||||
1. Run exactly one Consul agent per host in the infrastructure.
|
||||
1. Break up the single Consul datacenter into multiple smaller datacenters.
|
||||
1. Enterprise users can define [network segments](/consul/docs/enterprise/network-segments) to divide the single gossip pool in the Consul datacenter into multiple smaller pools.
|
||||
1. Enterprise users can define [network segments](/consul/docs/enterprise/network-segments/network-segments-overview) to divide the single gossip pool in the Consul datacenter into multiple smaller pools.
|
||||
|
||||
If appropriate for your use case, we recommend breaking up a single Consul datacenter into multiple smaller datacenters. Running multiple datacenters reduces your network’s blast radius more than applying network segments.
|
||||
|
||||
|
|
|
@ -62,7 +62,7 @@ Refer to [mesh gateway modes](/consul/docs/connect/gateways/mesh-gateway#modes)
|
|||
|
||||
## Sidecar proxy specifications
|
||||
|
||||
The Envoy proxies that function as sidecars in your service mesh require configuration in order to properly route traffic to peers. Sidecar proxies are defined in the [service definition](/consul/docs/services/usage/defin-services).
|
||||
The Envoy proxies that function as sidecars in your service mesh require configuration in order to properly route traffic to peers. Sidecar proxies are defined in the [service definition](/consul/docs/services/usage/define-services).
|
||||
|
||||
- Configure the `proxy.upstreams` parameters to route traffic to the correct service, namespace, and peer. Refer to the [`upstreams`](/consul/docs/connect/registration/service-registration#upstream-configuration-reference) documentation for details.
|
||||
- The `proxy.upstreams.destination_name` parameter is always required.
|
||||
|
|
|
@ -125,7 +125,7 @@ For more information, including optional flags and parameters, refer to the [`co
|
|||
$ curl --request DELETE --header "X-Consul-Token: b23b3cad-5ea1-4413-919e-c76884b9ad60" http://127.0.0.1:8500/v1/peering/cluster-02
|
||||
```
|
||||
|
||||
This endpoint does not return a response. For more information, including optional parameters, refer to the [`/peering` endpoint reference](/consul/api-docs/peering/consul/api-docs/peering#delete-a-peering-connection).
|
||||
This endpoint does not return a response. For more information, including optional parameters, refer to the [`/peering` endpoint reference](/consul/api-docs/peering#delete-a-peering-connection).
|
||||
</Tab>
|
||||
<Tab heading="Consul UI" group="ui">
|
||||
|
||||
|
|
|
@ -697,7 +697,7 @@ You can configure the following parameters in the `EnvoyExtensions` block:
|
|||
|
||||
### `Destination[]`
|
||||
|
||||
Configures the destination for service traffic through terminating gateways. Refer to [Terminating Gateway](/consul/docs/connect/terminating-gateway) for additional information.
|
||||
Configures the destination for service traffic through terminating gateways. Refer to [Terminating Gateway](/consul/docs/connect/gateways/terminating-gateway) for additional information.
|
||||
|
||||
You can configure the following parameters in the `Destination` block:
|
||||
|
||||
|
@ -1082,7 +1082,7 @@ You can configure the following parameters in the `EnvoyExtensions` block:
|
|||
|
||||
### `spec.destination`
|
||||
|
||||
Map of configurations that specify one or more destinations for service traffic routed through terminating gateways. Refer to [Terminating Gateway](/consul/docs/connect/terminating-gateway) for additional information.
|
||||
Map of configurations that specify one or more destinations for service traffic routed through terminating gateways. Refer to [Terminating Gateway](/consul/docs/connect/gateways/terminating-gateway) for additional information.
|
||||
|
||||
#### Values
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@ description: >-
|
|||
|
||||
# Consul Dataplane CLI Reference
|
||||
|
||||
The `consul-dataplane` command interacts with the binary for [simplified service mesh with Consul Dataplane](/consul/docs/k8s/dataplane). Use this command to install Consul Dataplane, configure its Envoy proxies, and secure Dataplane deployments.
|
||||
The `consul-dataplane` command interacts with the binary for [simplified service mesh with Consul Dataplane](/consul/docs/connect/dataplane). Use this command to install Consul Dataplane, configure its Envoy proxies, and secure Dataplane deployments.
|
||||
|
||||
## Usage
|
||||
|
||||
|
|
|
@ -435,7 +435,7 @@ Specifies rule for rewriting the URL of incoming requests when an incoming reque
|
|||
|
||||
### Rules[].Filters.URLRewrite.Path
|
||||
|
||||
Specifies a path that determines how Consul API Gateway rewrites a URL path. Refer to [Reroute HTTP requests](/consul/docs/api-gateway/usage#reroute-http-requests) for additional information.
|
||||
Specifies a path that determines how Consul API Gateway rewrites a URL path. Refer to [Reroute HTTP requests](/consul/docs/api-gateway/usage/reroute-http-requests) for additional information.
|
||||
|
||||
#### Values
|
||||
|
||||
|
|
|
@ -111,7 +111,7 @@ If TLS is enabled on Consul, you will also need to add the following environment
|
|||
|
||||
- [`CONSUL_CACERT`](/consul/commands#consul_cacert)
|
||||
- [`CONSUL_CLIENT_CERT`](/consul/commands#consul_client_cert)
|
||||
- [`CONSUL_CLIENT_KEY`](//consulcommands#consul_client_key)
|
||||
- [`CONSUL_CLIENT_KEY`](/consul/commands#consul_client_key)
|
||||
- [`CONSUL_HTTP_SSL`](/consul/commands#consul_http_ssl)
|
||||
|
||||
## Bootstrap Configuration
|
||||
|
@ -194,7 +194,7 @@ The [Advanced Configuration](#advanced-configuration) section describes addition
|
|||
|
||||
### Bootstrap Envoy on Windows VMs
|
||||
|
||||
> Complete the [Connect Services on Windows Workloads to Consul Service Mesh tutorial](https://consul.io/consu/tutorials/consul-windows-workloads?utm_source=docs) to learn how to deploy Consul and use its service mesh on Windows VMs.
|
||||
> Complete the [Connect Services on Windows Workloads to Consul Service Mesh tutorial](/consul/tutorials/developer-mesh/consul-windows-workloads) to learn how to deploy Consul and use its service mesh on Windows VMs.
|
||||
|
||||
If you are running Consul on a Windows VM, attempting to bootstrap Envoy with the `consul connect envoy` command returns the following output:
|
||||
|
||||
|
|
|
@ -138,7 +138,7 @@ documentation for details about supported configuration parameters.
|
|||
|
||||
### Service Discovery
|
||||
|
||||
Proxies can use Consul's [service discovery API](https://consul.io/%60/v1/health/connect/:service_id%60) to return all available, Connect-capable endpoints for a given service. This endpoint supports a `cached` query parameter, which uses [agent caching](/consul/api-docs/features/caching) to improve
|
||||
Proxies can use Consul's [service discovery API](/consul/api-docs/health#list-service-instances-for-connect-enabled-service) to return all available, Connect-capable endpoints for a given service. This endpoint supports a `cached` query parameter, which uses [agent caching](/consul/api-docs/features/caching) to improve
|
||||
performance. The API package provides a [`UseCache`] query option to leverage caching.
|
||||
In addition to performance improvements, using the cache makes the mesh more resilient to Consul server outages. This is because the mesh "fails static" with the last known set of service instances still used, rather than errors on new connections.
|
||||
|
||||
|
|
|
@ -108,8 +108,9 @@ The following table describes the required input variables for the `acl-controll
|
|||
| `name_prefix` | string | AWS resources created by the `acl-controller` module will include this prefix in the resource name. |
|
||||
|
||||
<EnterpriseAlert>
|
||||
If you are using Consul Enterprise, see <a href="/docs/ecs/enterprise#admin-partitions-and-namespaces">Admin Partitions and Namespaces</a> for
|
||||
additional configuration required to support Consul Enterprise on ECS.
|
||||
|
||||
If you are using Consul Enterprise, see the [Admin Partitions and Namespaces requirements documentation](/consul/docs/ecs/requirements) for additional configuration required to support Consul Enterprise on ECS.
|
||||
|
||||
</EnterpriseAlert>
|
||||
|
||||
## Deploy your services
|
||||
|
|
|
@ -138,7 +138,7 @@ When a customer deploys new clusters to a 1.10.0+ent release, they need to have
|
|||
|
||||
New Consul cluster deployments using 1.10.0+ent will need to have a valid license on servers to successfully deploy.
|
||||
This valid license must be on-disk (auto-loaded) or as an environment variable.
|
||||
Please see the [upgrade requirements](https://consul.io/faq#q-what-are-the-upgrade-requirements).
|
||||
Please see the [upgrade requirements](/consul/docs/enterprise/license/faq#q-what-are-the-upgrade-requirements).
|
||||
|
||||
## Q: What is the migration path for customers who want to migrate from their existing license-as-applied-via-the-CLI flow to the license on disk flow?
|
||||
|
||||
|
@ -183,7 +183,7 @@ When downgrading to a version of Consul before 1.10.0+ent, customers will need t
|
|||
|
||||
## Q: Are there potential pitfalls when downgrading or upgrading Consul server instances?
|
||||
|
||||
~> Verify that you meet the [upgrade requirements](https://consul.io/faq#q-what-are-the-upgrade-requirements).
|
||||
~> Verify that you meet the [upgrade requirements](/consul/docs/enterprise/license/faq#q-what-are-the-upgrade-requirements).
|
||||
|
||||
Assume a scenario where there are three Consul server nodes:
|
||||
|
||||
|
|
|
@ -34,7 +34,7 @@ or via a configuration file:
|
|||
|
||||
## Auto-join with Network Segments <EnterpriseAlert inline />
|
||||
|
||||
In order to use cloud auto-join with [Network Segments](/consul/docs/enterprise/network-segments),
|
||||
In order to use cloud auto-join with [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview),
|
||||
you must reconfigure the Consul agent's Serf LAN port to match that of the
|
||||
segment you wish to join.
|
||||
|
||||
|
|
|
@ -15,7 +15,7 @@ These Consul tools are created and managed by the dedicated engineers at HashiCo
|
|||
|
||||
- [Envconsul](https://github.com/hashicorp/envconsul) - Read and set environmental variables for processes from Consul.
|
||||
- [Consul API Gateway](https://github.com/hashicorp/consul-api-gateway/) - dedicated ingress solution for intelligently routing traffic to applications running on a Consul Service Mesh.
|
||||
- [Consul ESM](https://github.com/hashicorp/consul-esm) - Provides external service monitoring for Consul. Complete the [tutorial](https://consul.io/(https://learn.hashicorp.com/tutorials/consul/service-registration-external-services?utm_source=docs)) to learn more.
|
||||
- [Consul ESM](https://github.com/hashicorp/consul-esm) - Provides external service monitoring for Consul. Complete the [tutorial](/consul/tutorials/developer-discovery/service-registration-external-services?utm_source=docs) to learn more.
|
||||
- [Consul Migrate](https://github.com/hashicorp/consul-migrate) - Data migration tool to handle Consul upgrades to 0.5.1+
|
||||
- [Consul Replicate](https://github.com/hashicorp/consul-replicate) - Consul cross-DC KV replication daemon.
|
||||
- [Consul Template](https://github.com/hashicorp/consul-template) - Generic template rendering and notifications with Consul. Complete the [tutorial](/consul/tutorials/developer-configuration/consul-template?utm_source=docs) to the learn more.
|
||||
|
@ -54,7 +54,6 @@ These Consul tools are created and managed by the amazing members of the Consul
|
|||
- [gradle-consul-plugin](https://github.com/amirkibbar/red-apple) - A Consul Gradle plugin
|
||||
- [hashi-ui](https://github.com/jippi/hashi-ui) - A modern user interface for the Consul and Nomad
|
||||
- [HashiBox](https://github.com/nunchistudio/hashibox) - Vagrant environment to simulate highly-available cloud with Consul, Nomad, Vault, and optional support for Waypoint. OSS & Enterprise supported.
|
||||
- [helios-consul](https://github.com/SVT/helios-consul) - Service registrar plugin for Helios
|
||||
- [Jenkins Consul Plugin](https://plugins.jenkins.io/consul) - Jenkins plugin for service discovery and K/V store
|
||||
- [marathon-consul](https://github.com/allegro/marathon-consul) - Service registry bridge for Marathon
|
||||
- [marathon-consul](https://github.com/CiscoCloud/marathon-consul) - Bridge from Marathon apps to the Consul K/V store
|
||||
|
|
|
@ -89,7 +89,7 @@ Here are links to resources, documentation, examples and best practices to guide
|
|||
- [Monitoring Consul with Datadog APM](https://www.datadoghq.com/blog/consul-datadog/)
|
||||
- [Monitor HCP Consul with New Relic Instant Observability](https://github.com/newrelic-experimental/hashicorp-quickstart-annex/blob/main/hcp-consul/README.md)
|
||||
- [HCP Consul and CloudFabrix AIOps Integration](https://bot-docs.cloudfabrix.io/Bots/consul/?h=consul)
|
||||
- [Consul and SnappyFlow Full Stack Observability](https://docs.snappyflow.io/docs/integrations/hcp_consul)
|
||||
- [Consul and SnappyFlow Full Stack Observability](https://docs.snappyflow.io/docs/Integrations/hcp_consul)
|
||||
|
||||
**Network Performance Monitoring (NPM)**
|
||||
|
||||
|
|
|
@ -10,7 +10,4 @@ description: >-
|
|||
|
||||
# ACL System ((#version_8_acls))
|
||||
|
||||
This content has been moved into the [ACL Guide](/consul/tutorials/security/access-control-setup-production).
|
||||
|
||||
See [Complete ACL Coverage in Consul 0.8](/consul/docs/security/acl/acl-legacy) for details
|
||||
about ACL changes in Consul 0.8 and later.
|
||||
This content has been moved into the [ACL Guide](/consul/tutorials/security/access-control-setup-production).
|
|
@ -11,7 +11,7 @@ You can use this Helm chart to deploy Consul Enterprise by following a few extra
|
|||
|
||||
Find the license file that you received in your welcome email. It should have a `.hclic` extension. You will use the contents of this file to create a Kubernetes secret before installing the Helm chart.
|
||||
|
||||
-> **Note:** This guide assumes you are storing your license as a Kubernetes Secret. If you would like to store the enterprise license in Vault, please reference [Storing the Enterprise License in Vault](/consul/docs/k8s/deployment-configuration/vault/data-integration/enterprise-license).
|
||||
-> **Note:** This guide assumes you are storing your license as a Kubernetes Secret. If you would like to store the enterprise license in Vault, please reference [Storing the Enterprise License in Vault](/consul/docs/k8s/deployment-configurations/vault/data-integration/enterprise-license).
|
||||
|
||||
You can use the following commands to create the secret with name `consul-ent-license` and key `key`:
|
||||
|
||||
|
|
|
@ -11,7 +11,7 @@ One of the primary query interfaces to Consul is the
|
|||
[DNS interface](/consul/docs/services/discovery/dns-overview). You can configure Consul DNS in
|
||||
Kubernetes using a
|
||||
[stub-domain configuration](https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#configure-stub-domain-and-upstream-dns-servers)
|
||||
if using KubeDNS or a [proxy configuration](https://coredns.io/plugins/proxy/) if using CoreDNS.
|
||||
if using KubeDNS or a [proxy configuration](https://coredns.io/plugins/forward/) if using CoreDNS.
|
||||
|
||||
Once configured, DNS requests in the form `<consul-service-name>.service.consul` will
|
||||
resolve for services in Consul. This will work from all Kubernetes namespaces.
|
||||
|
|
|
@ -59,7 +59,7 @@ There are several ways to try Consul with Kubernetes in different environments.
|
|||
|
||||
- The [Consul and Kubernetes Deployment](/consul/tutorials/kubernetes/kubernetes-deployment-guide?utm_source=docs) tutorial covers the necessary steps to install and configure a new Consul cluster on Kubernetes in production.
|
||||
|
||||
- The [Secure Consul and Registered Services on Kubernetes](https://consul.io/consul/tutorials/kubernetes/kubernetes-secure-agents?utm_source=docs) tutorial covers
|
||||
- The [Secure Consul and Registered Services on Kubernetes](/consul/tutorials/kubernetes/kubernetes-secure-agents?utm_source=docs) tutorial covers
|
||||
the necessary steps to secure a Consul cluster running on Kubernetes in production.
|
||||
|
||||
- The [Layer 7 Observability with Consul Service Mesh](/consul/tutorials/kubernetes/kubernetes-layer7-observability) tutorial covers monitoring a
|
||||
|
|
|
@ -85,7 +85,7 @@ or read the [Helm Chart Reference](/consul/docs/k8s/helm).
|
|||
|
||||
### Minimal `values.yaml` for Consul service mesh
|
||||
|
||||
The following `values.yaml` config file contains the minimum required settings to enable [Consul Service Mesh](https://consul.io/(/docs/k8s/connect)):
|
||||
The following `values.yaml` config file contains the minimum required settings to enable [Consul Service Mesh](/consul/docs/k8s/connect):
|
||||
|
||||
<CodeBlockConfig filename="values.yaml">
|
||||
|
||||
|
|
|
@ -31,7 +31,7 @@ description: >-
|
|||
to rewrite the URL path in a client's HTTP request before sending the request
|
||||
to a service. For example, you could configure the gateway to change the path
|
||||
from `//store/checkout` to `//cart/checkout`. Refer to the [usage
|
||||
documentation](/consul/docs/api-gateway/usage) for additional information.
|
||||
documentation](/consul/docs/connect/gateways/api-gateway/usage) for additional information.
|
||||
|
||||
## What has Changed
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ description: >-
|
|||
|
||||
- **Per listener TLS Config**: It is now possible to configure TLS differently for each of Consul's listeners, such as HTTPS, gRPC, and the internal multiplexed RPC listener, using the `tls` stanza. Refer to [TLS Configuration Reference](/consul/docs/agent/config/config-files#tls-configuration-reference) for more details.
|
||||
|
||||
- **AWS Lambda**: Adds the ability to invoke AWS Lambdas through terminating gateways, which allows for cross-datacenter communication, transparent proxy, and intentions with Consul Service Mesh. Refer to [AWS Lambda](/consul/docs]/lambda) and [Invoke Lambda Functions](/consul/docs/lambda/invocation) for more details.
|
||||
- **AWS Lambda**: Adds the ability to invoke AWS Lambdas through terminating gateways, which allows for cross-datacenter communication, transparent proxy, and intentions with Consul Service Mesh. Refer to [AWS Lambda](/consul/docs/lambda) and [Invoke Lambda Functions](/consul/docs/lambda/invocation) for more details.
|
||||
|
||||
- **Mesh-wide TLS min/max versions and cipher suites**: Using the [Mesh](/consul/docs/connect/config-entries/mesh#tls) Config Entry or CRD, it is now possible to set TLS min/max versions and cipher suites for both inbound and outbound mTLS connections.
|
||||
|
||||
|
|
|
@ -76,14 +76,13 @@ The Kubernetes service account corresponding to the configured
|
|||
[`ServiceAccountJWT`](/consul/docs/security/acl/auth-methods/kubernetes#serviceaccountjwt)
|
||||
needs to have access to two Kubernetes APIs:
|
||||
|
||||
- [**TokenReview**](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#create-tokenreview-v1-authentication-k8s-io)
|
||||
- [**TokenReview**](https://kubernetes.io/docs/reference/kubernetes-api/authentication-resources/token-review-v1/)
|
||||
|
||||
-> Kubernetes should be running with `--service-account-lookup`. This is
|
||||
defaulted to true in Kubernetes 1.7, but any versions prior should ensure
|
||||
the Kubernetes API server is started with this setting.
|
||||
|
||||
- [**ServiceAccount**](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#read-serviceaccount-v1-core)
|
||||
(`get`)
|
||||
- [**ServiceAccount**](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#service-account-tokens)
|
||||
|
||||
The following is an example
|
||||
[RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)
|
||||
|
|
|
@ -73,7 +73,7 @@ parameters are required to properly configure an auth method of type
|
|||
|
||||
- `JWTSupportedAlgs` `(array<string>)` - JWTSupportedAlgs is a list of
|
||||
supported signing algorithms. Defaults to `RS256`. ([Available
|
||||
algorithms](https://github.com/hashicorp/consul/blob/main/vendor/github.com/coreos/go-oidc/jose.go#L7))
|
||||
algorithms](https://github.com/hashicorp/consul/blob/main/internal/go-sso/oidcauth/jwt.go))
|
||||
|
||||
- `BoundAudiences` `(array<string>)` - List of `aud` claims that are valid for
|
||||
login; any match is sufficient.
|
||||
|
|
|
@ -327,7 +327,7 @@ This returns the unique virtual IP for any service mesh-capable service. Each se
|
|||
|
||||
The peer name is an optional. The DNS uses it to query for the virtual IP of a service imported from the specified peer.
|
||||
|
||||
Consul adds virtual IPs to the [`tagged_addresses`](/consul/services/configuration/services-configuration-reference#tagged-addresses) field in the service definition under the `consul-virtual` tag.
|
||||
Consul adds virtual IPs to the [`tagged_addresses`](/consul/docs/services/configuration/services-configuration-reference#tagged_addresses) field in the service definition under the `consul-virtual` tag.
|
||||
|
||||
#### Service virtual IP lookups for Consul Enterprise
|
||||
|
||||
|
|
|
@ -245,7 +245,7 @@ Responses larger than 4KB are truncated. The HTTP response determines the status
|
|||
TCP checks establish connections to the specified IPs or hosts. If the check successfully establishes a connection, the service status is reported as `success`. If the IP or host does not accept the connection, the service status is reported as `critical`. We recommend TCP checks over [script checks](#script-checks) that use netcat or another external process to check a socket operation.
|
||||
|
||||
### TCP check configuration
|
||||
Add a `tcp` field to the `check` block in your service definition file and specify the address, including port number, for the check to call. All other fields are optional. Refer to [Health Checks Configuration Reference](/consul/docs/services/configuration/health-checks-configuration) for information about all health check configurations.
|
||||
Add a `tcp` field to the `check` block in your service definition file and specify the address, including port number, for the check to call. All other fields are optional. Refer to [Health Checks Configuration Reference](/consul/docs/services/configuration/checks-configuration-reference) for information about all health check configurations.
|
||||
|
||||
In the following example, a TCP check named `SSH TCP on port 22` attempts to connect to `localhost:22` every 10 seconds:
|
||||
|
||||
|
|
|
@ -138,7 +138,7 @@ You can add a `check` or `checks` block to your service configuration to define
|
|||
|
||||
### Register a service
|
||||
|
||||
You can register your service using the [`consul services` command](/consul/commands/services) or by calling the [`/agent/services` API endpoint](/consul/api-docs/agent/services). Refer to [Register Services and Health Checks](/consul/docs/services/usage/register-services-checks) for details.
|
||||
You can register your service using the [`consul services` command](/consul/commands/services) or by calling the [`/agent/services` API endpoint](/consul/api-docs/agent/service). Refer to [Register Services and Health Checks](/consul/docs/services/usage/register-services-checks) for details.
|
||||
|
||||
## Define service defaults
|
||||
If Consul service mesh is enabled in your network, you can define default values for services in your mesh by creating and applying a `service-defaults` configuration entry containing. Refer to [Service Mesh Configuration Overview](/consul/docs/connect/configuration) for additional information.
|
||||
|
|
|
@ -7,7 +7,7 @@ description: ->
|
|||
|
||||
# Register services and health checks
|
||||
|
||||
This topic describes how to register services and health checks with Consul in networks running on virtual machines (VM). Refer to [Define Services](/consul/usage/services/usage/define-services) and [Define Health Checks](/consul/usage/services/usage/checks) for information about how to define services and health checks.
|
||||
This topic describes how to register services and health checks with Consul in networks running on virtual machines (VM). Refer to [Define Services](/consul/docs/services/usage/define-services) and [Define Health Checks](/consul/docs/services/usage/checks) for information about how to define services and health checks.
|
||||
|
||||
## Overview
|
||||
Register services and health checks in VM environments by providing the service definition to a Consul agent. You can use several different methods to register services and health checks.
|
||||
|
@ -65,4 +65,4 @@ Send a `PUT` request to the `/agent/check/register` API endpoint to dynamically
|
|||
$ curl --request PUT --data @payload.json http://localhost:8500/v1/agent/check/register
|
||||
```
|
||||
|
||||
Refer to [Check - Agent HTTP API](/consul/api-docs/check/service) for additional information about the `check` endpoint.
|
||||
Refer to [Check - Agent HTTP API](/consul/api-docs/agent/check) for additional information about the `check` endpoint.
|
||||
|
|
|
@ -18,8 +18,8 @@ as part of this upgrade. The 1.6.x series is the last series that had support fo
|
|||
ACL tokens, so this migration _must_ happen before upgrading past the 1.6.x release series.
|
||||
Here is some documentation that may prove useful for reference during this upgrade process:
|
||||
|
||||
- [ACL System in Legacy Mode](/consul/docs/security/acl/acl-legacy) - You can find
|
||||
information about legacy configuration options and differences between modes here.
|
||||
- [Upgrading Legacy ACL tokens](/consul/tutorials/security-operations/access-control-token-migration) - You can find
|
||||
information about upgrading legacy ACL tokens and differences between modes here.
|
||||
- [Configuration](/consul/docs/agent/config) - You can find more details
|
||||
around legacy ACL and new ACL configuration options here. Legacy ACL config options
|
||||
will be listed as deprecates as of 1.4.0.
|
||||
|
|
Loading…
Reference in New Issue