mirror of https://github.com/hashicorp/consul
Added guideLinks prop for UseCaseLayout component and linked terminating gateways guide from documentation. (#7998)
parent
80c34f0461
commit
9795b19e27
|
@ -4,7 +4,12 @@ import ConsulEnterpriseComparison from '../../components/enterprise-comparison/c
|
|||
import Head from 'next/head'
|
||||
import HashiHead from '@hashicorp/react-head'
|
||||
|
||||
export default function UseCaseLayout({ title, description, children }) {
|
||||
export default function UseCaseLayout({
|
||||
title,
|
||||
description,
|
||||
guideLink,
|
||||
children,
|
||||
}) {
|
||||
const pageTitle = `Consul ${title}`
|
||||
return (
|
||||
<>
|
||||
|
@ -20,7 +25,7 @@ export default function UseCaseLayout({ title, description, children }) {
|
|||
links={[
|
||||
{
|
||||
text: 'Explore HashiCorp Learn',
|
||||
url: 'https://learn.hashicorp.com/consul',
|
||||
url: guideLink,
|
||||
type: 'outbound',
|
||||
},
|
||||
{
|
||||
|
|
|
@ -10,7 +10,7 @@ description: >-
|
|||
|
||||
# Terminating Gateways <sup> Beta </sup>
|
||||
|
||||
-> **1.8.0+:** This feature is available in Consul versions 1.8.0 and newer.
|
||||
-> **1.8.0+:** This feature is available in Consul versions 1.8.0 and newer.
|
||||
|
||||
Terminating gateways enable connections from services in the Consul service mesh to
|
||||
services outside the mesh. These gateways effectively act as Connect proxies that can
|
||||
|
@ -19,10 +19,13 @@ and forward requests to the appropriate destination.
|
|||
|
||||
![Terminating Gateway Architecture](/img/terminating-gateways.png)
|
||||
|
||||
For a complete example of how to enable connections from services in the Consul service mesh to
|
||||
services outside the mesh, review the [terminating gateway guide](https://learn.hashicorp.com/consul/developer-mesh/terminating-gateways).
|
||||
|
||||
~> **Beta limitations:** Terminating Gateways currently do not support targeting service subsets with
|
||||
[L7 configuration](/docs/connect/l7-traffic-management). They route to all instances of a service with no capabilities
|
||||
for filtering by instance. Terminating Gateways also currently do not support routing to services with a hostname
|
||||
defined as a their address. The service address registered with Consul, that the gateway will route traffic to, **must** be a resolved IP address.
|
||||
defined as a their address. The service address registered with Consul, that the gateway will route traffic to, **must** be a resolved IP address.
|
||||
|
||||
## Security Considerations
|
||||
|
||||
|
@ -40,7 +43,7 @@ from the terminating gateway will be encrypted using mutual TLS authentication.
|
|||
If none of these are provided, Consul will **only** encrypt connections to the gateway and not
|
||||
from the gateway to the destination service.
|
||||
|
||||
-> **Note:** If certificates and keys are configured the terminating gateway will upgrade HTTP connections to TLS.
|
||||
-> **Note:** If certificates and keys are configured the terminating gateway will upgrade HTTP connections to TLS.
|
||||
Client applications can issue plain HTTP requests even when connecting to servers that require HTTPS.
|
||||
|
||||
## Prerequisites
|
||||
|
@ -74,22 +77,23 @@ a terminating gateway as long as they discover upstreams with the
|
|||
You must complete the following steps to configure a terminating gateway to proxy traffic from services in the Consul service mesh:
|
||||
|
||||
1. On a host with a Consul client agent, start an Envoy proxy using the [envoy subcommand](/docs/commands/connect/envoy#terminating-gateways) and
|
||||
specifying the `terminating` gateway type:
|
||||
```shell
|
||||
$ consul connect envoy -gateway=terminating -register -service us-west-gateway \
|
||||
-address '{{ GetInterfaceIP "eth0" }}:8443'
|
||||
```
|
||||
specifying the `terminating` gateway type:
|
||||
|
||||
2. Create and apply a `terminating-gateway` [configuration entry](/docs/agent/config-entries/terminating-gateway) that defines
|
||||
a set of services that the gateway will proxy traffic to. The config entry can be applied via the
|
||||
[CLI](/docs/commands/config/write) or [API](/api/config#apply-configuration).
|
||||
```shell
|
||||
$ consul connect envoy -gateway=terminating -register -service us-west-gateway \
|
||||
-address '{{ GetInterfaceIP "eth0" }}:8443'
|
||||
```
|
||||
|
||||
3. Ensure that [Consul intentions](/docs/commands/intention) are set up to allow connections from the source services in the mesh
|
||||
to the gateway's linked services. The intentions must reference the destination service's name and not the gateway itself.
|
||||
2. Create and apply a `terminating-gateway` [configuration entry](/docs/agent/config-entries/terminating-gateway) that defines
|
||||
a set of services that the gateway will proxy traffic to. The config entry can be applied via the
|
||||
[CLI](/docs/commands/config/write) or [API](/api/config#apply-configuration).
|
||||
|
||||
3. Ensure that [Consul intentions](/docs/commands/intention) are set up to allow connections from the source services in the mesh
|
||||
to the gateway's linked services. The intentions must reference the destination service's name and not the gateway itself.
|
||||
|
||||
4. Ensure necessary [upstreams](/docs/connect/registration/service-registration#upstream-configuration-reference)
|
||||
have been added to service definitions of the source services in the Consul service mesh. Each source service that needs
|
||||
to connect to a service proxied by a terminating gateway will need to add the external service as an upstream destination.
|
||||
have been added to service definitions of the source services in the Consul service mesh. Each source service that needs
|
||||
to connect to a service proxied by a terminating gateway will need to add the external service as an upstream destination.
|
||||
|
||||
## Terminating Gateway Configuration
|
||||
|
||||
|
@ -108,7 +112,7 @@ If the Consul client agent on the gateway's node is not configured to use the de
|
|||
must also provide `agent:read` for its node's name in order to discover the agent's gRPC port. gRPC is used to expose Envoy's xDS API to Envoy proxies.
|
||||
|
||||
Linking services to a terminating gateway is done with a `terminating-gateway`
|
||||
[configuration entry](/docs/agent/config-entries/terminating-gateway). This config entry can be applied via the
|
||||
[configuration entry](/docs/agent/config-entries/terminating-gateway). This config entry can be applied via the
|
||||
[CLI](/docs/commands/config/write) or [API](/api/config#apply-configuration).
|
||||
|
||||
Gateways with the same name in Consul's service catalog are configured with a single configuration entry.
|
||||
|
@ -118,8 +122,8 @@ Adding replicas of a gateway that routes to a particular set of services require
|
|||
the same gateway name with the `service` flag.
|
||||
|
||||
~> [Configuration entries](/docs/agent/config-entries) are global in scope. A configuration entry for a gateway name applies
|
||||
across all federated Consul datacenters. If terminating gateways in different Consul datacenters need to route to different
|
||||
sets of services within their datacenter then the terminating gateways **must** be registered with different names.
|
||||
across all federated Consul datacenters. If terminating gateways in different Consul datacenters need to route to different
|
||||
sets of services within their datacenter then the terminating gateways **must** be registered with different names.
|
||||
|
||||
The services that the terminating gateway will proxy for must be registered with Consul, even the services outside the mesh. They must also be registered
|
||||
in the same Consul datacenter as the terminating gateway. Otherwise the terminating gateway will not be able to
|
||||
|
|
|
@ -7,6 +7,7 @@ export default function MultiPlatformServiceMeshPage() {
|
|||
<UseCaseLayout
|
||||
title="Multi-Platform Service Mesh"
|
||||
description="Create a consistent platform for modern application networking and security with identity based authorization, L7 traffic management, and service-to-service encryption."
|
||||
guideLink="https://learn.hashicorp.com/consul/gs-consul-service-mesh/understand-consul-service-mesh"
|
||||
>
|
||||
<TextSplitWithImage
|
||||
textSplit={{
|
||||
|
|
|
@ -6,6 +6,7 @@ export default function NetworkMiddlewareAutomationPage() {
|
|||
<UseCaseLayout
|
||||
title="Network Middleware Automation"
|
||||
description="Reduce the time to deploy applications and eliminate manual processes by automating complex networking tasks. Enable operators to easily deploy, manage and optimize network middleware."
|
||||
guideLink="https://learn.hashicorp.com/consul?track=integrations"
|
||||
>
|
||||
<TextSplitWithImage
|
||||
textSplit={{
|
||||
|
|
|
@ -8,6 +8,7 @@ export default function ServiceDiscoveryAndHealthCheckingPage() {
|
|||
<UseCaseLayout
|
||||
title="Service Discovery and Health Checking"
|
||||
description="Discover, Register and Resolve services for application workloads across any cloud. Automatically add and remove services based on health checking."
|
||||
guideLink="https://learn.hashicorp.com/consul/getting-started/services#update-services"
|
||||
>
|
||||
<TextSplitWithImage
|
||||
textSplit={{
|
||||
|
|
Loading…
Reference in New Issue