Added guideLinks prop for UseCaseLayout component and linked terminating gateways guide from documentation. (#7998)

pull/8002/head
Derek Strickland 2020-06-02 10:40:07 -04:00 committed by GitHub
parent 80c34f0461
commit 9795b19e27
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 32 additions and 20 deletions

View File

@ -4,7 +4,12 @@ import ConsulEnterpriseComparison from '../../components/enterprise-comparison/c
import Head from 'next/head'
import HashiHead from '@hashicorp/react-head'
export default function UseCaseLayout({ title, description, children }) {
export default function UseCaseLayout({
title,
description,
guideLink,
children,
}) {
const pageTitle = `Consul ${title}`
return (
<>
@ -20,7 +25,7 @@ export default function UseCaseLayout({ title, description, children }) {
links={[
{
text: 'Explore HashiCorp Learn',
url: 'https://learn.hashicorp.com/consul',
url: guideLink,
type: 'outbound',
},
{

View File

@ -10,7 +10,7 @@ description: >-
# Terminating Gateways <sup> Beta </sup>
-> **1.8.0+:** This feature is available in Consul versions 1.8.0 and newer.
-> **1.8.0+:** This feature is available in Consul versions 1.8.0 and newer.
Terminating gateways enable connections from services in the Consul service mesh to
services outside the mesh. These gateways effectively act as Connect proxies that can
@ -19,10 +19,13 @@ and forward requests to the appropriate destination.
![Terminating Gateway Architecture](/img/terminating-gateways.png)
For a complete example of how to enable connections from services in the Consul service mesh to
services outside the mesh, review the [terminating gateway guide](https://learn.hashicorp.com/consul/developer-mesh/terminating-gateways).
~> **Beta limitations:** Terminating Gateways currently do not support targeting service subsets with
[L7 configuration](/docs/connect/l7-traffic-management). They route to all instances of a service with no capabilities
for filtering by instance. Terminating Gateways also currently do not support routing to services with a hostname
defined as a their address. The service address registered with Consul, that the gateway will route traffic to, **must** be a resolved IP address.
defined as a their address. The service address registered with Consul, that the gateway will route traffic to, **must** be a resolved IP address.
## Security Considerations
@ -40,7 +43,7 @@ from the terminating gateway will be encrypted using mutual TLS authentication.
If none of these are provided, Consul will **only** encrypt connections to the gateway and not
from the gateway to the destination service.
-> **Note:** If certificates and keys are configured the terminating gateway will upgrade HTTP connections to TLS.
-> **Note:** If certificates and keys are configured the terminating gateway will upgrade HTTP connections to TLS.
Client applications can issue plain HTTP requests even when connecting to servers that require HTTPS.
## Prerequisites
@ -74,22 +77,23 @@ a terminating gateway as long as they discover upstreams with the
You must complete the following steps to configure a terminating gateway to proxy traffic from services in the Consul service mesh:
1. On a host with a Consul client agent, start an Envoy proxy using the [envoy subcommand](/docs/commands/connect/envoy#terminating-gateways) and
specifying the `terminating` gateway type:
```shell
$ consul connect envoy -gateway=terminating -register -service us-west-gateway \
-address '{{ GetInterfaceIP "eth0" }}:8443'
```
specifying the `terminating` gateway type:
2. Create and apply a `terminating-gateway` [configuration entry](/docs/agent/config-entries/terminating-gateway) that defines
a set of services that the gateway will proxy traffic to. The config entry can be applied via the
[CLI](/docs/commands/config/write) or [API](/api/config#apply-configuration).
```shell
$ consul connect envoy -gateway=terminating -register -service us-west-gateway \
-address '{{ GetInterfaceIP "eth0" }}:8443'
```
3. Ensure that [Consul intentions](/docs/commands/intention) are set up to allow connections from the source services in the mesh
to the gateway's linked services. The intentions must reference the destination service's name and not the gateway itself.
2. Create and apply a `terminating-gateway` [configuration entry](/docs/agent/config-entries/terminating-gateway) that defines
a set of services that the gateway will proxy traffic to. The config entry can be applied via the
[CLI](/docs/commands/config/write) or [API](/api/config#apply-configuration).
3. Ensure that [Consul intentions](/docs/commands/intention) are set up to allow connections from the source services in the mesh
to the gateway's linked services. The intentions must reference the destination service's name and not the gateway itself.
4. Ensure necessary [upstreams](/docs/connect/registration/service-registration#upstream-configuration-reference)
have been added to service definitions of the source services in the Consul service mesh. Each source service that needs
to connect to a service proxied by a terminating gateway will need to add the external service as an upstream destination.
have been added to service definitions of the source services in the Consul service mesh. Each source service that needs
to connect to a service proxied by a terminating gateway will need to add the external service as an upstream destination.
## Terminating Gateway Configuration
@ -108,7 +112,7 @@ If the Consul client agent on the gateway's node is not configured to use the de
must also provide `agent:read` for its node's name in order to discover the agent's gRPC port. gRPC is used to expose Envoy's xDS API to Envoy proxies.
Linking services to a terminating gateway is done with a `terminating-gateway`
[configuration entry](/docs/agent/config-entries/terminating-gateway). This config entry can be applied via the
[configuration entry](/docs/agent/config-entries/terminating-gateway). This config entry can be applied via the
[CLI](/docs/commands/config/write) or [API](/api/config#apply-configuration).
Gateways with the same name in Consul's service catalog are configured with a single configuration entry.
@ -118,8 +122,8 @@ Adding replicas of a gateway that routes to a particular set of services require
the same gateway name with the `service` flag.
~> [Configuration entries](/docs/agent/config-entries) are global in scope. A configuration entry for a gateway name applies
across all federated Consul datacenters. If terminating gateways in different Consul datacenters need to route to different
sets of services within their datacenter then the terminating gateways **must** be registered with different names.
across all federated Consul datacenters. If terminating gateways in different Consul datacenters need to route to different
sets of services within their datacenter then the terminating gateways **must** be registered with different names.
The services that the terminating gateway will proxy for must be registered with Consul, even the services outside the mesh. They must also be registered
in the same Consul datacenter as the terminating gateway. Otherwise the terminating gateway will not be able to

View File

@ -7,6 +7,7 @@ export default function MultiPlatformServiceMeshPage() {
<UseCaseLayout
title="Multi-Platform Service Mesh"
description="Create a consistent platform for modern application networking and security with identity based authorization, L7 traffic management, and service-to-service encryption."
guideLink="https://learn.hashicorp.com/consul/gs-consul-service-mesh/understand-consul-service-mesh"
>
<TextSplitWithImage
textSplit={{

View File

@ -6,6 +6,7 @@ export default function NetworkMiddlewareAutomationPage() {
<UseCaseLayout
title="Network Middleware Automation"
description="Reduce the time to deploy applications and eliminate manual processes by automating complex networking tasks. Enable operators to easily deploy, manage and optimize network middleware."
guideLink="https://learn.hashicorp.com/consul?track=integrations"
>
<TextSplitWithImage
textSplit={{

View File

@ -8,6 +8,7 @@ export default function ServiceDiscoveryAndHealthCheckingPage() {
<UseCaseLayout
title="Service Discovery and Health Checking"
description="Discover, Register and Resolve services for application workloads across any cloud. Automatically add and remove services based on health checking."
guideLink="https://learn.hashicorp.com/consul/getting-started/services#update-services"
>
<TextSplitWithImage
textSplit={{