website: address feedback

pull/4275/head
Mitchell Hashimoto 7 years ago committed by Jack Pearkes
parent 85d6502ab3
commit 6ea59241d1

@ -19,13 +19,19 @@ can easily integrate with Connect. There is no custom protocol in use;
any language that supports TLS can accept and establish Connect-based any language that supports TLS can accept and establish Connect-based
connections. connections.
We currently provide an easy-to-use [Go integration](/docs/connect/native/go.html)
to assist with the getting the proper certificates, verifying connections,
etc. We plan to add helper libraries for other languages in the future.
However, without library support, it is still possible for any major language
to integrate with Connect.
## Overview ## Overview
The primary work involved in natively integrating with Connect is The primary work involved in natively integrating with Connect is
[acquiring the proper TLS certificate](/api/agent/connect.html#service-leaf-certificate), [acquiring the proper TLS certificate](/api/agent/connect.html#service-leaf-certificate),
[verifying TLS certificates](/api/agent/connect.html#certificate-authority-ca-roots), [verifying TLS certificates](/api/agent/connect.html#certificate-authority-ca-roots),
and [authorizing inbound connections](/api/agent/connect.html#authorize). and [authorizing inbound connections](/api/agent/connect.html#authorize).
All of this is done using Consul's HTTP API using the previously-linked APIs. All of this is done using the Consul HTTP APIs linked above.
An overview of the sequence is shown below. The diagram and the following An overview of the sequence is shown below. The diagram and the following
details may seem complex, but this is a _regular mutual TLS connection_ with details may seem complex, but this is a _regular mutual TLS connection_ with

@ -66,7 +66,8 @@ func main() {
The first step is to create a Consul API client. This is almost always the The first step is to create a Consul API client. This is almost always the
default configuration with an ACL token set, since you want to communicate default configuration with an ACL token set, since you want to communicate
to the local agent. The Go library will use this client to request certificates, to the local agent. The default configuration will also read the ACL token
from environment variables if set. The Go library will use this client to request certificates,
authorize connections, and more. authorize connections, and more.
Next, `connect.NewService` is called to create a service structure representing Next, `connect.NewService` is called to create a service structure representing
@ -77,8 +78,8 @@ create one service and reuse that one service for all servers and clients.
Finally, a standard `*http.Server` is created. The magic line is the `TLSConfig` Finally, a standard `*http.Server` is created. The magic line is the `TLSConfig`
value. This is set to a TLS configuration returned by the service structure. value. This is set to a TLS configuration returned by the service structure.
This TLS configuration is configured to automatically load certificates This TLS configuration is configured to automatically load certificates
in the background, cache them, and authorize inbound connections. This in the background, cache them, and authorize inbound connections. The service
also automatically handles maintaining blocking queries to update certificates structure automatically handles maintaining blocking queries to update certificates
in the background if they change. in the background if they change.
Since the service returns a standard `*tls.Config`, _any_ server that supports Since the service returns a standard `*tls.Config`, _any_ server that supports
@ -151,7 +152,7 @@ Next, we call `svc.HTTPClient()` to return a specially configured
`*http.Client`. This client will automatically established Connect-based `*http.Client`. This client will automatically established Connect-based
connections using Consul service discovery. connections using Consul service discovery.
Finally, we perform an HTTP `GET` request to a hypothetical user service. Finally, we perform an HTTP `GET` request to a hypothetical userinfo service.
The HTTP client configuration automatically sends the correct client The HTTP client configuration automatically sends the correct client
certificate, verifies the server certificate, and manages background certificate, verifies the server certificate, and manages background
goroutines for updating our certificates as necessary. goroutines for updating our certificates as necessary.
@ -192,7 +193,7 @@ func main() {
// Connect to the "userinfo" Consul service. // Connect to the "userinfo" Consul service.
conn, _ := svc.Dial(context.Background(), &connect.ConsulResolver{ conn, _ := svc.Dial(context.Background(), &connect.ConsulResolver{
Client: client, Client: client,
Name: "userinfo", Name: "userinfo",
}) })
} }
``` ```

Loading…
Cancel
Save