mirror of https://github.com/hashicorp/consul
Rearrange k8s connect docs to make space for gateways
parent
51c3a605ad
commit
864e7f6ae0
|
@ -231,7 +231,15 @@ export default [
|
||||||
name: 'Operations',
|
name: 'Operations',
|
||||||
content: ['upgrading', 'tls-on-existing-cluster', 'uninstalling'],
|
content: ['upgrading', 'tls-on-existing-cluster', 'uninstalling'],
|
||||||
},
|
},
|
||||||
'connect',
|
{
|
||||||
|
category: 'connect',
|
||||||
|
name: 'Connect Service Mesh',
|
||||||
|
content: [
|
||||||
|
'overview',
|
||||||
|
'ingress-gateways',
|
||||||
|
'terminating-gateways',
|
||||||
|
],
|
||||||
|
},
|
||||||
'service-sync',
|
'service-sync',
|
||||||
'dns',
|
'dns',
|
||||||
'ambassador',
|
'ambassador',
|
||||||
|
|
|
@ -101,4 +101,4 @@ The Consul Helm chart can automate much of Consul Connect's configuration, and
|
||||||
makes it easy to automatically inject Envoy sidecars into new pods when they are
|
makes it easy to automatically inject Envoy sidecars into new pods when they are
|
||||||
deployed. Learn about the [Helm chart](/docs/platform/k8s/helm) in general,
|
deployed. Learn about the [Helm chart](/docs/platform/k8s/helm) in general,
|
||||||
or if you are already familiar with it, check out it's
|
or if you are already familiar with it, check out it's
|
||||||
[connect specific configurations](/docs/platform/k8s/connect).
|
[connect specific configurations](/docs/platform/k8s/connect/overview).
|
||||||
|
|
|
@ -439,4 +439,4 @@ environment.
|
||||||
[services-nomad]: https://www.nomadproject.io/docs/job-specification/service.html
|
[services-nomad]: https://www.nomadproject.io/docs/job-specification/service.html
|
||||||
[sidecar]: https://docs.microsoft.com/en-us/azure/architecture/patterns/sidecar
|
[sidecar]: https://docs.microsoft.com/en-us/azure/architecture/patterns/sidecar
|
||||||
[sidecar_service]: https://www.consul.io/docs/connect/registration/sidecar-service.html
|
[sidecar_service]: https://www.consul.io/docs/connect/registration/sidecar-service.html
|
||||||
[services-k8s]: https://www.consul.io/docs/platform/k8s/connect.html#installation-and-configuration
|
[services-k8s]: https://www.consul.io/docs/platform/k8s/connect/overview.html#installation-and-configuration
|
||||||
|
|
|
@ -286,7 +286,7 @@ If you have tried the above troubleshooting steps and are still stuck, DataWire
|
||||||
[ingress controller]: https://blog.getambassador.io/kubernetes-ingress-nodeport-load-balancers-and-ingress-controllers-6e29f1c44f2d
|
[ingress controller]: https://blog.getambassador.io/kubernetes-ingress-nodeport-load-balancers-and-ingress-controllers-6e29f1c44f2d
|
||||||
[proxies]: /docs/connect/proxies
|
[proxies]: /docs/connect/proxies
|
||||||
[service sync]: /docs/k8s/service-sync
|
[service sync]: /docs/k8s/service-sync
|
||||||
[connect sidecar]: /docs/k8s/connect
|
[connect sidecar]: /docs/k8s/connect/overview
|
||||||
[install]: https://www.getambassador.io/user-guide/consul-connect-ambassador/
|
[install]: https://www.getambassador.io/user-guide/consul-connect-ambassador/
|
||||||
[ambassador-service.yaml]: https://www.getambassador.io/yaml/ambassador/ambassador-service.yaml
|
[ambassador-service.yaml]: https://www.getambassador.io/yaml/ambassador/ambassador-service.yaml
|
||||||
[request access]: https://d6e.co/slack
|
[request access]: https://d6e.co/slack
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
layout: docs
|
||||||
|
page_title: Ingress Gateways - Kubernetes
|
||||||
|
sidebar_title: Ingress Gateways
|
||||||
|
description: Configuring Ingress Gateways on Kubernetes
|
||||||
|
---
|
||||||
|
|
||||||
|
# Ingress Gateways on Kubernetes
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
layout: docs
|
layout: docs
|
||||||
page_title: Connect Service Mesh - Kubernetes
|
page_title: Connect Service Mesh - Kubernetes
|
||||||
sidebar_title: Connect - Service Mesh
|
sidebar_title: Overview
|
||||||
description: >-
|
description: >-
|
||||||
Connect is a feature built into to Consul that enables automatic
|
Connect is a feature built into to Consul that enables automatic
|
||||||
service-to-service authorization and connection encryption across your Consul
|
service-to-service authorization and connection encryption across your Consul
|
||||||
|
@ -26,7 +26,7 @@ automatically installed and configured using the
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
When the
|
When the
|
||||||
[Connect injector is installed](/docs/k8s/connect#installation-and-configuration),
|
[Connect injector is installed](/docs/k8s/connect/overview#installation-and-configuration),
|
||||||
the Connect sidecar can be automatically added to all pods. This sidecar can both
|
the Connect sidecar can be automatically added to all pods. This sidecar can both
|
||||||
accept and establish connections using Connect, enabling the pod to communicate
|
accept and establish connections using Connect, enabling the pod to communicate
|
||||||
to clients and dependencies exclusively over authorized and encrypted
|
to clients and dependencies exclusively over authorized and encrypted
|
||||||
|
@ -78,7 +78,7 @@ spec:
|
||||||
The only change for Connect is the addition of the
|
The only change for Connect is the addition of the
|
||||||
`consul.hashicorp.com/connect-inject` annotation. This enables injection
|
`consul.hashicorp.com/connect-inject` annotation. This enables injection
|
||||||
for this pod. The injector can also be
|
for this pod. The injector can also be
|
||||||
[configured](/docs/k8s/connect#installation-and-configuration)
|
[configured](/docs/k8s/connect/overview#installation-and-configuration)
|
||||||
to automatically inject unless explicitly disabled, but the default
|
to automatically inject unless explicitly disabled, but the default
|
||||||
installation requires opt-in using the annotation shown above.
|
installation requires opt-in using the annotation shown above.
|
||||||
|
|
||||||
|
@ -131,7 +131,7 @@ spec:
|
||||||
```
|
```
|
||||||
|
|
||||||
Pods must specify upstream dependencies with the
|
Pods must specify upstream dependencies with the
|
||||||
[`consul.hashicorp.com/connect-service-upstreams` annotation](/docs/k8s/connect#consul-hashicorp-com-connect-service-upstreams).
|
[`consul.hashicorp.com/connect-service-upstreams` annotation](/docs/k8s/connect/overview#consul-hashicorp-com-connect-service-upstreams).
|
||||||
This annotation declares the names of any upstream dependencies and a
|
This annotation declares the names of any upstream dependencies and a
|
||||||
local port for the proxy to listen on. When a connection is established to that local
|
local port for the proxy to listen on. When a connection is established to that local
|
||||||
port, the proxy establishes a connection to the target service
|
port, the proxy establishes a connection to the target service
|
||||||
|
@ -503,7 +503,7 @@ See [consul.hashicorp.com/connect-service-upstreams](#consul-hashicorp-com-conne
|
||||||
### Verifying the Installation
|
### Verifying the Installation
|
||||||
|
|
||||||
To verify the installation, run the
|
To verify the installation, run the
|
||||||
["Accepting Inbound Connections"](/docs/k8s/connect#accepting-inbound-connections)
|
["Accepting Inbound Connections"](/docs/k8s/connect/overview#accepting-inbound-connections)
|
||||||
example from the "Usage" section above. After running this example, run
|
example from the "Usage" section above. After running this example, run
|
||||||
`kubectl get pod static-server -o yaml`. In the raw YAML output, you should
|
`kubectl get pod static-server -o yaml`. In the raw YAML output, you should
|
||||||
see injected Connect containers and an annotation
|
see injected Connect containers and an annotation
|
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
layout: docs
|
||||||
|
page_title: Terminating Gateways - Kubernetes
|
||||||
|
sidebar_title: Terminating Gateways
|
||||||
|
description: Configuring Terminating Gateways on Kubernetes
|
||||||
|
---
|
||||||
|
|
||||||
|
# Terminating Gateways on Kubernetes
|
|
@ -398,7 +398,7 @@ and consider if they're appropriate for your deployment.
|
||||||
|
|
||||||
- `grpc` ((#v-client-grpc)) (`boolean: true`) - If true, agents will enable their GRPC listener on
|
- `grpc` ((#v-client-grpc)) (`boolean: true`) - If true, agents will enable their GRPC listener on
|
||||||
port 8502 and expose it to the host. This will use slightly more resources, but is
|
port 8502 and expose it to the host. This will use slightly more resources, but is
|
||||||
required for [Connect](/docs/k8s/connect).
|
required for [Connect](/docs/k8s/connect/overview).
|
||||||
|
|
||||||
- `exposeGossipPorts` ((#v-client-exposegossipports)) (`boolean: false`) - If true, the Helm chart
|
- `exposeGossipPorts` ((#v-client-exposegossipports)) (`boolean: false`) - If true, the Helm chart
|
||||||
will expose the clients' gossip ports as hostPorts. This is only necessary if pod IPs in the k8s cluster are not directly routable and the Consul servers are outside of the k8s cluster.
|
will expose the clients' gossip ports as hostPorts. This is only necessary if pod IPs in the k8s cluster are not directly routable and the Consul servers are outside of the k8s cluster.
|
||||||
|
@ -641,7 +641,7 @@ and consider if they're appropriate for your deployment.
|
||||||
- `additionalSpec` ((#v-ui-service-additionalspec)) (`string: null`) - Additional Service spec
|
- `additionalSpec` ((#v-ui-service-additionalspec)) (`string: null`) - Additional Service spec
|
||||||
values. This should be a multi-line string mapping directly to a Kubernetes `Service` object.
|
values. This should be a multi-line string mapping directly to a Kubernetes `Service` object.
|
||||||
|
|
||||||
- `connectInject` ((#v-connectinject)) - Values that configure running the [Connect injector](/docs/k8s/connect).
|
- `connectInject` ((#v-connectinject)) - Values that configure running the [Connect injector](/docs/k8s/connect/overview).
|
||||||
|
|
||||||
- `enabled` ((#v-connectinject-enabled)) (`boolean: false`) - If true, the chart will install all the
|
- `enabled` ((#v-connectinject-enabled)) (`boolean: false`) - If true, the chart will install all the
|
||||||
resources necessary for the Connect injector process to run. This will enable the injector but will
|
resources necessary for the Connect injector process to run. This will enable the injector but will
|
||||||
|
@ -651,7 +651,7 @@ and consider if they're appropriate for your deployment.
|
||||||
(including any tag) for the [consul-k8s](https://github.com/hashicorp/consul-k8s) binary.
|
(including any tag) for the [consul-k8s](https://github.com/hashicorp/consul-k8s) binary.
|
||||||
|
|
||||||
- `default` ((#v-connectinject-default)) (`boolean: false`) - If true, the injector will inject the
|
- `default` ((#v-connectinject-default)) (`boolean: false`) - If true, the injector will inject the
|
||||||
Connect sidecar into all pods by default. Otherwise, pods must specify the. [injection annotation](/docs/k8s/connect#consul-hashicorp-com-connect-inject)
|
Connect sidecar into all pods by default. Otherwise, pods must specify the. [injection annotation](/docs/k8s/connect/overview#consul-hashicorp-com-connect-inject)
|
||||||
to opt-in to Connect injection. If this is true, pods can use the same annotation
|
to opt-in to Connect injection. If this is true, pods can use the same annotation
|
||||||
to explicitly opt-out of injection.
|
to explicitly opt-out of injection.
|
||||||
|
|
||||||
|
@ -752,7 +752,7 @@ and consider if they're appropriate for your deployment.
|
||||||
configuration feature. Pods that have a Connect proxy injected will have their service automatically registered in this central configuration.
|
configuration feature. Pods that have a Connect proxy injected will have their service automatically registered in this central configuration.
|
||||||
|
|
||||||
- `defaultProtocol` ((#v-connectinject-centralconfig-defaultprotocol)) (`string: null`) - If
|
- `defaultProtocol` ((#v-connectinject-centralconfig-defaultprotocol)) (`string: null`) - If
|
||||||
defined, this value will be used as the default protocol type for all services registered with the central configuration. This can be overridden by using the [protocol annotation](/docs/k8s/connect#consul-hashicorp-com-connect-service-protocol) directly on any pod spec.
|
defined, this value will be used as the default protocol type for all services registered with the central configuration. This can be overridden by using the [protocol annotation](/docs/k8s/connect/overview#consul-hashicorp-com-connect-service-protocol) directly on any pod spec.
|
||||||
|
|
||||||
- `proxyDefaults` ((#v-connectinject-centralconfig-proxydefaults)) (`string: "{}"`) - This value is
|
- `proxyDefaults` ((#v-connectinject-centralconfig-proxydefaults)) (`string: "{}"`) - This value is
|
||||||
a raw json string that will be applied to all Connect proxy sidecar pods. It can include any valid configuration for the configured proxy.
|
a raw json string that will be applied to all Connect proxy sidecar pods. It can include any valid configuration for the configured proxy.
|
||||||
|
|
|
@ -109,7 +109,7 @@ The bootstrap token requires the following minimal permissions:
|
||||||
- `agent:read` if using WAN federation over mesh gateways
|
- `agent:read` if using WAN federation over mesh gateways
|
||||||
|
|
||||||
Next, configure external servers. The Helm chart will use this configuration to talk to the Consul server's API
|
Next, configure external servers. The Helm chart will use this configuration to talk to the Consul server's API
|
||||||
to create policies, tokens, and an auth method. If you are [enabling Consul Connect](/docs/k8s/connect.html),
|
to create policies, tokens, and an auth method. If you are [enabling Consul Connect](/docs/k8s/connect/overview),
|
||||||
`k8sAuthMethodHost` should be set to the address of your Kubernetes API server
|
`k8sAuthMethodHost` should be set to the address of your Kubernetes API server
|
||||||
so that the Consul servers can validate a Kubernetes service account token when using the [Kubernetes auth method](https://www.consul.io/docs/acl/auth-methods/kubernetes.html)
|
so that the Consul servers can validate a Kubernetes service account token when using the [Kubernetes auth method](https://www.consul.io/docs/acl/auth-methods/kubernetes.html)
|
||||||
with `consul login`.
|
with `consul login`.
|
||||||
|
|
|
@ -404,4 +404,4 @@ in the top left:
|
||||||
With your Kubernetes clusters federated, try out using Consul service mesh to
|
With your Kubernetes clusters federated, try out using Consul service mesh to
|
||||||
route between services deployed on each cluster by following our Learn Guide: [Secure and Route Service Mesh Communication Across Kubernetes](https://learn.hashicorp.com/consul/kubernetes/mesh-gateways#deploy-microservices).
|
route between services deployed on each cluster by following our Learn Guide: [Secure and Route Service Mesh Communication Across Kubernetes](https://learn.hashicorp.com/consul/kubernetes/mesh-gateways#deploy-microservices).
|
||||||
|
|
||||||
You can also read our in-depth documentation on [Consul Service Mesh In Kubernetes](/docs/k8s/connect).
|
You can also read our in-depth documentation on [Consul Service Mesh In Kubernetes](/docs/k8s/connect/overview).
|
||||||
|
|
|
@ -98,7 +98,7 @@ create a `config.yaml` file to override the default settings.
|
||||||
You can learn what settings are available by running `helm inspect values hashicorp/consul`
|
You can learn what settings are available by running `helm inspect values hashicorp/consul`
|
||||||
or by reading the [Helm Chart Reference](/docs/k8s/helm).
|
or by reading the [Helm Chart Reference](/docs/k8s/helm).
|
||||||
|
|
||||||
For example, if you want to enable the [Consul Connect](/docs/k8s/connect) feature,
|
For example, if you want to enable the [Consul Connect](/docs/k8s/connect/overview) feature,
|
||||||
use the following config file:
|
use the following config file:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
|
|
Loading…
Reference in New Issue