mirror of https://github.com/hashicorp/consul
Move cfg entry docs to under connect from agent (#9533)
Since all config entries are currently related to service mesh it's a much more natural place to look for them under Service Mesh than under Agent.pull/9563/head
parent
408fee901a
commit
b6d7bf1243
|
@ -118,8 +118,16 @@
|
|||
/downloads_tools /docs/download-tools 301!
|
||||
/docs/k8s/ambassador /docs/k8s/connect/ambassador 301!
|
||||
/docs/k8s/installation/overview /docs/k8s/installation/install 301!
|
||||
/docs/k8s/installation/muti-cluster/overview /docs/k8s/installation/multi-cluster 301!
|
||||
/docs/k8s/installation/multi-cluster/overview /docs/k8s/installation/multi-cluster 301!
|
||||
/docs/partnerships /docs/integrate/partnerships 301!
|
||||
/docs/agent/config-entries/ingress-gateway /docs/connect/config-entries/ingress-gateway 301!
|
||||
/docs/agent/config-entries/proxy-defaults /docs/connect/config-entries/proxy-defaults 301!
|
||||
/docs/agent/config-entries/service-defaults /docs/connect/config-entries/service-defaults 301!
|
||||
/docs/agent/config-entries/service-intentions /docs/connect/config-entries/service-intentions 301!
|
||||
/docs/agent/config-entries/service-resolver /docs/connect/config-entries/service-resolver 301!
|
||||
/docs/agent/config-entries/service-router /docs/connect/config-entries/service-router 301!
|
||||
/docs/agent/config-entries/service-splitter /docs/connect/config-entries/service-splitter 301!
|
||||
/docs/agent/config-entries/terminating-gateway /docs/connect/config-entries/terminating-gateway 301!
|
||||
|
||||
# CLI redirects
|
||||
/docs/commands /commands 301!
|
||||
|
|
|
@ -14,7 +14,7 @@ The `/connect/intentions` endpoint provide tools for managing
|
|||
|
||||
-> **1.9.0 and later:** Reading and writing intentions has been
|
||||
migrated to the
|
||||
[`service-intentions`](/docs/agent/config-entries/service-intentions)
|
||||
[`service-intentions`](/docs/connect/config-entries/service-intentions)
|
||||
config entry kind.
|
||||
|
||||
## Upsert Intention by Name ((#upsert-intention-by-name))
|
||||
|
@ -87,7 +87,7 @@ The table below shows this endpoint's support for
|
|||
the `Permissions` field.
|
||||
|
||||
- `Permissions` `(array<IntentionPermission>)` - The list of all [additional L7
|
||||
attributes](/docs/agent/config-entries/service-intentions#intentionpermission)
|
||||
attributes](/docs/connect/config-entries/service-intentions#intentionpermission)
|
||||
that extend the intention match criteria.
|
||||
|
||||
Permission precedence is applied top to bottom. For any given request the
|
||||
|
@ -131,7 +131,7 @@ true
|
|||
|
||||
-> **Deprecated** - This endpoint is deprecated in Consul 1.9.0 in favor of
|
||||
[upserting by name](#upsert-intention-by-name) or editing the
|
||||
[`service-intentions`](/docs/agent/config-entries/service-intentions) config
|
||||
[`service-intentions`](/docs/connect/config-entries/service-intentions) config
|
||||
entry for the destination.
|
||||
|
||||
This endpoint creates a new intention and returns its ID if it was created
|
||||
|
@ -234,7 +234,7 @@ $ curl \
|
|||
|
||||
-> **Deprecated** - This endpoint is deprecated in Consul 1.9.0 in favor of
|
||||
[upserting by name](#upsert-intention-by-name) or editing the
|
||||
[`service-intentions`](/docs/agent/config-entries/service-intentions) config
|
||||
[`service-intentions`](/docs/connect/config-entries/service-intentions) config
|
||||
entry for the destination.
|
||||
|
||||
This endpoint updates an intention with the given values.
|
||||
|
@ -363,7 +363,7 @@ $ curl \
|
|||
|
||||
-> **Deprecated** - This endpoint is deprecated in Consul 1.9.0 in favor of
|
||||
[reading by name](#read-specific-intention-by-name) or by viewing the
|
||||
[`service-intentions`](/docs/agent/config-entries/service-intentions)
|
||||
[`service-intentions`](/docs/connect/config-entries/service-intentions)
|
||||
config entry for the destination.
|
||||
|
||||
This endpoint reads a specific intention.
|
||||
|
@ -570,7 +570,7 @@ $ curl \
|
|||
|
||||
-> **Deprecated** - This endpoint is deprecated in Consul 1.9.0 in favor of
|
||||
[deleting by name](#delete-intention-by-name) or editing the
|
||||
[`service-intentions`](/docs/agent/config-entries/service-intentions) config
|
||||
[`service-intentions`](/docs/connect/config-entries/service-intentions) config
|
||||
entry for the destination.
|
||||
|
||||
This endpoint deletes a specific intention.
|
||||
|
|
|
@ -65,7 +65,7 @@ The table below shows this endpoint's support for
|
|||
### POST Body Parameters
|
||||
|
||||
- `OverrideConnectTimeout` `(duration: 0s)` - Overrides the final [connect
|
||||
timeout](/docs/agent/config-entries/service-resolver#connecttimeout) for
|
||||
timeout](/docs/connect/config-entries/service-resolver#connecttimeout) for
|
||||
any service resolved in the compiled chain.
|
||||
|
||||
This value comes from the `connect_timeout_ms` key in an [upstream
|
||||
|
@ -75,7 +75,7 @@ The table below shows this endpoint's support for
|
|||
parameter.
|
||||
|
||||
- `OverrideProtocol` `(string: "")` - Overrides the final
|
||||
[protocol](/docs/agent/config-entries/service-defaults#protocol) used in
|
||||
[protocol](/docs/connect/config-entries/service-defaults#protocol) used in
|
||||
the compiled discovery chain.
|
||||
|
||||
If the chain ordinarily would be TCP and an L7 protocol is passed here the
|
||||
|
|
|
@ -9,7 +9,7 @@ sidebar_title: create
|
|||
-> **Deprecated** - This command is deprecated in Consul 1.9.0 in favor of
|
||||
using the [config entry CLI command](/commands/config/write). To create an
|
||||
intention, create or modify a
|
||||
[`service-intentions`](/docs/agent/config-entries/service-intentions) config
|
||||
[`service-intentions`](/docs/connect/config-entries/service-intentions) config
|
||||
entry for the destination.
|
||||
|
||||
Command: `consul intention create`
|
||||
|
|
|
@ -12,7 +12,7 @@ The `intention delete` command deletes a matching intention.
|
|||
|
||||
-> **Deprecated** - The one argument form of this command is deprecated in
|
||||
Consul 1.9.0. Intentions no longer need IDs when represented as
|
||||
[`service-intentions`](/docs/agent/config-entries/service-intentions) config
|
||||
[`service-intentions`](/docs/connect/config-entries/service-intentions) config
|
||||
entries.
|
||||
|
||||
## Usage
|
||||
|
|
|
@ -12,7 +12,7 @@ The `intention get` command shows a single intention.
|
|||
|
||||
-> **Deprecated** - The one argument form of this command is deprecated in
|
||||
Consul 1.9.0. Intentions no longer need IDs when represented as
|
||||
[`service-intentions`](/docs/agent/config-entries/service-intentions) config
|
||||
[`service-intentions`](/docs/connect/config-entries/service-intentions) config
|
||||
entries.
|
||||
|
||||
## Usage
|
||||
|
|
|
@ -14,7 +14,7 @@ creating, updating, reading, deleting, checking, and managing intentions.
|
|||
This command is available in Consul 1.2 and later.
|
||||
|
||||
Intentions are managed primarily via
|
||||
[`service-intentions`](/docs/agent/config-entries/service-intentions) config
|
||||
[`service-intentions`](/docs/connect/config-entries/service-intentions) config
|
||||
entries after Consul 1.9. Intentions may also be managed via the [HTTP
|
||||
API](/api/connect/intentions).
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Configuration Entry Definitions
|
||||
page_title: Configuration Entries
|
||||
sidebar_title: Configuration Entries
|
||||
description: >-
|
||||
Consul allows storing configuration entries centrally to be used as defaults
|
||||
|
@ -38,46 +38,10 @@ metadata:
|
|||
name: <name of entry>
|
||||
```
|
||||
|
||||
The supported `Kind`/`kind` names for configuration entries are:
|
||||
## Supported Config Entries
|
||||
|
||||
- [`ingress-gateway`](/docs/agent/config-entries/ingress-gateway) - defines the
|
||||
configuration for an ingress gateway
|
||||
|
||||
- Kubernetes kind: [`IngressGateway`](/docs/agent/config-entries/ingress-gateway)
|
||||
|
||||
- [`proxy-defaults`](/docs/agent/config-entries/proxy-defaults) - controls
|
||||
proxy configuration
|
||||
|
||||
- Kubernetes kind: [`ProxyDefaults`](/docs/agent/config-entries/proxy-defaults)
|
||||
|
||||
- [`service-defaults`](/docs/agent/config-entries/service-defaults) - configures
|
||||
defaults for all the instances of a given service
|
||||
|
||||
- Kubernetes kind: [`ServiceDefaults`](/docs/agent/config-entries/service-defaults)
|
||||
|
||||
- [`service-intentions`](/docs/agent/config-entries/service-intentions) - defines
|
||||
the [intentions](/docs/connect/intentions) for a destination service
|
||||
|
||||
- Kubernetes kind: [`ServiceIntentions`](/docs/agent/config-entries/service-intentions)
|
||||
|
||||
- [`service-resolver`](/docs/agent/config-entries/service-resolver) - matches
|
||||
service instances with a specific Connect upstream discovery requests
|
||||
|
||||
- Kubernetes kind: [`ServiceResolver`](/docs/agent/config-entries/service-resolver)
|
||||
|
||||
- [`service-router`](/docs/agent/config-entries/service-router) - defines
|
||||
where to send layer 7 traffic based on the HTTP route
|
||||
|
||||
- Kubernetes kind: [`ServiceRouter`](/docs/agent/config-entries/service-router)
|
||||
|
||||
- [`service-splitter`](/docs/agent/config-entries/service-splitter) - defines
|
||||
how to divide requests for a single HTTP route based on percentages
|
||||
|
||||
- Kubernetes kind: [`ServiceSplitter`](/docs/agent/config-entries/service-splitter)
|
||||
|
||||
- [`terminating-gateway`](/docs/agent/config-entries/terminating-gateway) - defines the
|
||||
services associated with terminating gateway
|
||||
- Kubernetes kind: [`TerminatingGateway`](/docs/agent/config-entries/terminating-gateway)
|
||||
See [Service Mesh - Config Entries](/docs/connect/config-entries) for the list
|
||||
of supported config entries.
|
||||
|
||||
## Managing Configuration Entries In Kubernetes
|
||||
|
||||
|
@ -194,13 +158,3 @@ server gains leadership, it will attempt to initialize the configuration entries
|
|||
If a configuration entry does not already exist outside of the servers
|
||||
configuration, then it will create it. If a configuration entry does exist, that
|
||||
matches both `kind` and `name`, then the server will do nothing.
|
||||
|
||||
## Using Configuration Entries For Service Defaults
|
||||
|
||||
Outside of Kubernetes, when the agent is
|
||||
[configured](/docs/agent/options#enable_central_service_config) to enable
|
||||
central service configurations, it will look for service configuration defaults
|
||||
that match a registering service instance. If it finds any, the agent will merge
|
||||
those defaults with the service instance configuration. This allows for things
|
||||
like service protocol or proxy configuration to be defined globally and
|
||||
inherited by any affected service registrations.
|
|
@ -0,0 +1,52 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Configuration Entry Definitions
|
||||
sidebar_title: Configuration Entries
|
||||
description: >-
|
||||
Consul allows storing configuration entries centrally to be used as defaults
|
||||
for configuring other aspects of Consul.
|
||||
---
|
||||
|
||||
# Configuration Entries
|
||||
|
||||
Configuration entries can be used to configure the behavior of Consul Connect.
|
||||
|
||||
The following configuration entries are supported:
|
||||
|
||||
- [Ingress Gateway](/docs/connect/config-entries/ingress-gateway) - defines the
|
||||
configuration for an ingress gateway
|
||||
|
||||
- [Proxy Defaults](/docs/connect/config-entries/proxy-defaults) - controls
|
||||
proxy configuration
|
||||
|
||||
- [Service Defaults](/docs/connect/config-entries/service-defaults) - configures
|
||||
defaults for all the instances of a given service
|
||||
|
||||
- [Service Intentions](/docs/connect/config-entries/service-intentions) - defines
|
||||
the [intentions](/docs/connect/intentions) for a destination service
|
||||
|
||||
- [Service Resolver](/docs/connect/config-entries/service-resolver) - matches
|
||||
service instances with a specific Connect upstream discovery requests
|
||||
|
||||
- [Service Router](/docs/connect/config-entries/service-router) - defines
|
||||
where to send layer 7 traffic based on the HTTP route
|
||||
|
||||
- [Service Splitter](/docs/connect/config-entries/service-splitter) - defines
|
||||
how to divide requests for a single HTTP route based on percentages
|
||||
|
||||
- [Terminating Gateway](/docs/connect/config-entries/terminating-gateway) - defines the
|
||||
services associated with terminating gateway
|
||||
|
||||
## Managing Configuration Entries
|
||||
|
||||
See [Agent - Config Entries](/docs/agent/config-entries).
|
||||
|
||||
## Using Configuration Entries For Service Defaults
|
||||
|
||||
Outside of Kubernetes, when the agent is
|
||||
[configured](/docs/agent/options#enable_central_service_config) to enable
|
||||
central service configurations, it will look for service configuration defaults
|
||||
that match a registering service instance. If it finds any, the agent will merge
|
||||
those defaults with the service instance configuration. This allows for things
|
||||
like service protocol or proxy configuration to be defined globally and
|
||||
inherited by any affected service registrations.
|
|
@ -35,7 +35,7 @@ A wildcard specifier provides the following properties for an ingress
|
|||
gateway:
|
||||
|
||||
- All services with the same
|
||||
[protocol](/docs/agent/config-entries/ingress-gateway#protocol) as the
|
||||
[protocol](/docs/connect/config-entries/ingress-gateway#protocol) as the
|
||||
listener will be routable.
|
||||
- The ingress gateway will route traffic based on the host/authority header,
|
||||
expecting a value matching `<service-name>.ingress.*`, or if using namespaces,
|
|
@ -104,10 +104,10 @@ spec:
|
|||
type: `string: "tcp"`,
|
||||
description: `Sets the protocol of the service. This is used
|
||||
by Connect proxies for things like observability features and to unlock usage
|
||||
of the [\`service-splitter\`](/docs/agent/config-entries/service-splitter) and
|
||||
[\`service-router\`](/docs/agent/config-entries/service-router) config entries
|
||||
of the [\`service-splitter\`](/docs/connect/config-entries/service-splitter) and
|
||||
[\`service-router\`](/docs/connect/config-entries/service-router) config entries
|
||||
for a service. It also unlocks the ability to define L7 intentions via
|
||||
[\`service-intentions\`](/docs/agent/config-entries/service-intentions).
|
||||
[\`service-intentions\`](/docs/connect/config-entries/service-intentions).
|
||||
Supported values are one of \`tcp\`, \`http\`, \`http2\`, or \`grpc\`.`,
|
||||
},
|
||||
{
|
|
@ -30,8 +30,8 @@ global setting) by defining a low precedence intention for that destination.
|
|||
|
||||
L7 intentions within a config entry are restricted to only destination services
|
||||
that define their protocol as HTTP-based via a corresponding
|
||||
[`service-defaults`](/docs/agent/config-entries/service-defaults) config entry
|
||||
or globally via [`proxy-defaults`](/docs/agent/config-entries/proxy-defaults) .
|
||||
[`service-defaults`](/docs/connect/config-entries/service-defaults) config entry
|
||||
or globally via [`proxy-defaults`](/docs/connect/config-entries/proxy-defaults) .
|
||||
|
||||
## Sample Config Entries
|
||||
|
|
@ -26,16 +26,16 @@ service of the same name.
|
|||
|
||||
- Service router config entries are restricted to only services that define
|
||||
their protocol as HTTP-based via a corresponding
|
||||
[`service-defaults`](/docs/agent/config-entries/service-defaults) config
|
||||
[`service-defaults`](/docs/connect/config-entries/service-defaults) config
|
||||
entry or globally via
|
||||
[`proxy-defaults`](/docs/agent/config-entries/proxy-defaults) .
|
||||
[`proxy-defaults`](/docs/connect/config-entries/proxy-defaults) .
|
||||
|
||||
- Any route destination that omits the `ServiceSubset` field is eligible for
|
||||
splitting via a
|
||||
[`service-splitter`](/docs/agent/config-entries/service-splitter) should
|
||||
[`service-splitter`](/docs/connect/config-entries/service-splitter) should
|
||||
one be configured for that service, otherwise resolution proceeds according
|
||||
to any configured
|
||||
[`service-resolver`](/docs/agent/config-entries/service-resolver).
|
||||
[`service-resolver`](/docs/connect/config-entries/service-resolver).
|
||||
|
||||
## Sample Config Entries
|
||||
|
|
@ -30,15 +30,15 @@ resolution stage.
|
|||
|
||||
- Service splitter config entries are restricted to only services that define
|
||||
their protocol as http-based via a corresponding
|
||||
[`service-defaults`](/docs/agent/config-entries/service-defaults) config
|
||||
[`service-defaults`](/docs/connect/config-entries/service-defaults) config
|
||||
entry or globally via
|
||||
[`proxy-defaults`](/docs/agent/config-entries/proxy-defaults) .
|
||||
[`proxy-defaults`](/docs/connect/config-entries/proxy-defaults) .
|
||||
|
||||
- Any split destination that specifies a different `Service` field and omits
|
||||
the `ServiceSubset` field is eligible for further splitting should a splitter
|
||||
be configured for that other service, otherwise resolution proceeds according
|
||||
to any configured
|
||||
[`service-resolver`](/docs/agent/config-entries/service-resolver).
|
||||
[`service-resolver`](/docs/connect/config-entries/service-resolver).
|
||||
|
||||
## Sample Config Entries
|
||||
|
|
@ -25,10 +25,10 @@ See [Terminating Gateway](/docs/connect/terminating-gateway) for more informatio
|
|||
|
||||
## TLS Origination
|
||||
|
||||
By specifying a path to a [CA file](/docs/agent/config-entries/terminating-gateway#cafile) connections
|
||||
By specifying a path to a [CA file](/docs/connect/config-entries/terminating-gateway#cafile) connections
|
||||
from the terminating gateway will be encrypted using one-way TLS authentication. If a path to a
|
||||
[client certificate](/docs/agent/config-entries/terminating-gateway#certfile)
|
||||
and [private key](/docs/agent/config-entries/terminating-gateway#keyfile) are also specified connections
|
||||
[client certificate](/docs/connect/config-entries/terminating-gateway#certfile)
|
||||
and [private key](/docs/connect/config-entries/terminating-gateway#keyfile) are also specified connections
|
||||
from the terminating gateway will be encrypted using mutual TLS authentication.
|
||||
|
||||
If none of these are provided, Consul will **only** encrypt connections to the gateway and not
|
|
@ -18,22 +18,22 @@ a type of proxy and must be registered as a service in Consul, with the
|
|||
[kind](/api/agent/service#kind) set to "ingress-gateway". They are an
|
||||
entrypoint for outside traffic and allow you to define what services should be
|
||||
exposed and on what port. You configure an ingress gateway by defining a set of
|
||||
[listeners](/docs/agent/config-entries/ingress-gateway#listeners) that each map
|
||||
[listeners](/docs/connect/config-entries/ingress-gateway#listeners) that each map
|
||||
to a set of backing
|
||||
[services](/docs/agent/config-entries/ingress-gateway#services).
|
||||
[services](/docs/connect/config-entries/ingress-gateway#services).
|
||||
|
||||
To enable easier service discovery, a new Consul [DNS
|
||||
subdomain](/docs/discovery/dns#ingress-service-lookups) is provided, on
|
||||
`<service>.ingress.<domain>`.
|
||||
|
||||
For listeners with a
|
||||
[protocol](/docs/agent/config-entries/ingress-gateway#protocol) other than
|
||||
[protocol](/docs/connect/config-entries/ingress-gateway#protocol) other than
|
||||
`tcp`, multiple services can be specified for a single listener. In this
|
||||
case, the ingress gateway relies on host/authority headers to decide the
|
||||
service that should receive the traffic. The host used to match traffic
|
||||
defaults to the [Consul DNS ingress
|
||||
subdomain](/docs/discovery/dns#ingress-service-lookups), but can be changed using
|
||||
the [hosts](/docs/agent/config-entries/ingress-gateway#hosts) field.
|
||||
the [hosts](/docs/connect/config-entries/ingress-gateway#hosts) field.
|
||||
|
||||
![Ingress Gateway Architecture](/img/ingress-gateways.png)
|
||||
|
||||
|
|
|
@ -33,10 +33,10 @@ hold certificates to decrypt Consul Connect traffic directed at them and may be
|
|||
to linked services. Connections over the WAN or open internet should flow through [mesh gateways](/docs/connect/mesh-gateway)
|
||||
whenever possible since they are not capable of decrypting traffic or connecting directly to services.
|
||||
|
||||
By specifying a path to a [CA file](/docs/agent/config-entries/terminating-gateway#cafile) connections
|
||||
By specifying a path to a [CA file](/docs/connect/config-entries/terminating-gateway#cafile) connections
|
||||
from the terminating gateway will be encrypted using one-way TLS authentication. If a path to a
|
||||
[client certificate](/docs/agent/config-entries/terminating-gateway#certfile)
|
||||
and [private key](/docs/agent/config-entries/terminating-gateway#keyfile) are also specified connections
|
||||
[client certificate](/docs/connect/config-entries/terminating-gateway#certfile)
|
||||
and [private key](/docs/connect/config-entries/terminating-gateway#keyfile) are also specified connections
|
||||
from the terminating gateway will be encrypted using mutual TLS authentication.
|
||||
|
||||
If none of these are provided, Consul will **only** encrypt connections to the gateway and not
|
||||
|
@ -98,7 +98,7 @@ If the Consul client agent on the gateway's node is not configured to use the de
|
|||
must also provide `agent:read` for its node's name in order to discover the agent's gRPC port. gRPC is used to expose Envoy's xDS API to Envoy proxies.
|
||||
|
||||
Linking services to a terminating gateway is done with a `terminating-gateway`
|
||||
[configuration entry](/docs/agent/config-entries/terminating-gateway). This config entry can be applied via the
|
||||
[configuration entry](/docs/connect/config-entries/terminating-gateway). This config entry can be applied via the
|
||||
[CLI](/commands/config/write) or [API](/api/config#apply-configuration).
|
||||
|
||||
Gateways with the same name in Consul's service catalog are configured with a single configuration entry.
|
||||
|
|
|
@ -35,7 +35,7 @@ intentions to control Connect traffic authorization either at networking layer
|
|||
|
||||
- **Application-aware** - Some intentions may additionally enforce access based
|
||||
on [L7 request
|
||||
attributes](/docs/agent/config-entries/service-intentions#permissions) in
|
||||
attributes](/docs/connect/config-entries/service-intentions#permissions) in
|
||||
addition to connection identity. These may only be defined for services with
|
||||
a [protocol] that is HTTP-based. These can also be thought of as **L7
|
||||
intentions**.
|
||||
|
@ -59,16 +59,16 @@ denied by default.
|
|||
## Intention Basics
|
||||
|
||||
Intentions are managed primarily via
|
||||
[`service-intentions`](/docs/agent/config-entries/service-intentions) config
|
||||
[`service-intentions`](/docs/connect/config-entries/service-intentions) config
|
||||
entries or the UI. Some simpler tasks can also be achieved with the older
|
||||
[API](/api-docs/connect/intentions) or [CLI](/commands/intention). Please see
|
||||
the respective documentation for each for full details on options, flags, etc.
|
||||
|
||||
Below is an example of a basic
|
||||
[`service-intentions`](/docs/agent/config-entries/service-intentions) config
|
||||
[`service-intentions`](/docs/connect/config-entries/service-intentions) config
|
||||
entry representing two simple intentions. The full data model complete with
|
||||
more examples can be found in the
|
||||
[`service-intentions`](/docs/agent/config-entries/service-intentions) config
|
||||
[`service-intentions`](/docs/connect/config-entries/service-intentions) config
|
||||
entry documentation.
|
||||
|
||||
```hcl
|
||||
|
@ -160,7 +160,7 @@ top to bottom, with larger numbers being evaluated first.
|
|||
| `*` | `*` | `*` | `*` | 1 |
|
||||
|
||||
The precedence value can be read from a
|
||||
[field](/docs/agent/config-entries/service-intentions#precedence) on the
|
||||
[field](/docs/connect/config-entries/service-intentions#precedence) on the
|
||||
`service-intentions` config entry after it is modified. Precedence cannot be
|
||||
manually overridden today.
|
||||
|
||||
|
@ -240,6 +240,6 @@ connection authorization continues to work indefinitely. Changes to intentions
|
|||
will not be picked up until the partition heals, but will then automatically
|
||||
take effect when connectivity is restored.
|
||||
|
||||
[protocol]: /docs/agent/config-entries/service-defaults#protocol
|
||||
[protocol]: /docs/connect/config-entries/service-defaults#protocol
|
||||
[proxies]: /docs/connect/proxies
|
||||
[envoy]: /docs/connect/proxies/envoy
|
||||
|
|
|
@ -32,34 +32,34 @@ The configuration entries used in the discovery chain are designed to be simple
|
|||
to read and modify for narrowly tailored changes, but at discovery-time the
|
||||
various configuration entries interact in more complex ways. For example:
|
||||
|
||||
- If a [`service-resolver`](/docs/agent/config-entries/service-resolver)
|
||||
- If a [`service-resolver`](/docs/connect/config-entries/service-resolver)
|
||||
is created with a [service
|
||||
redirect](/docs/agent/config-entries/service-resolver#service) defined,
|
||||
redirect](/docs/connect/config-entries/service-resolver#service) defined,
|
||||
then all references made to the original service in any other configuration
|
||||
entry is replaced with the redirect destination.
|
||||
|
||||
- If a [`service-resolver`](/docs/agent/config-entries/service-resolver)
|
||||
- If a [`service-resolver`](/docs/connect/config-entries/service-resolver)
|
||||
is created with a [default
|
||||
subset](/docs/agent/config-entries/service-resolver#defaultsubset)
|
||||
subset](/docs/connect/config-entries/service-resolver#defaultsubset)
|
||||
defined then all references made to the original service in any other
|
||||
configuration entry that did not specify a subset will be replaced with the
|
||||
default.
|
||||
|
||||
- If a [`service-splitter`](/docs/agent/config-entries/service-splitter)
|
||||
- If a [`service-splitter`](/docs/connect/config-entries/service-splitter)
|
||||
is created with a [service
|
||||
split](/docs/agent/config-entries/service-splitter#splits), and the target service has its
|
||||
split](/docs/connect/config-entries/service-splitter#splits), and the target service has its
|
||||
own `service-splitter` then the overall effect is flattened and only a single
|
||||
aggregate traffic split is ultimately configured in the proxy.
|
||||
|
||||
- [`service-resolver`](/docs/agent/config-entries/service-resolver)
|
||||
- [`service-resolver`](/docs/connect/config-entries/service-resolver)
|
||||
redirect loops must be rejected as invalid.
|
||||
|
||||
- [`service-router`](/docs/agent/config-entries/service-router) and
|
||||
[`service-splitter`](/docs/agent/config-entries/service-splitter)
|
||||
- [`service-router`](/docs/connect/config-entries/service-router) and
|
||||
[`service-splitter`](/docs/connect/config-entries/service-splitter)
|
||||
configuration entries require an L7 compatible protocol be set for the
|
||||
service via either a
|
||||
[`service-defaults`](/docs/agent/config-entries/service-defaults) or
|
||||
[`proxy-defaults`](/docs/agent/config-entries/proxy-defaults) config
|
||||
[`service-defaults`](/docs/connect/config-entries/service-defaults) or
|
||||
[`proxy-defaults`](/docs/connect/config-entries/proxy-defaults) config
|
||||
entry. Violations must be rejected as invalid.
|
||||
|
||||
- If an [upstream
|
||||
|
@ -153,7 +153,7 @@ A single node in the compiled discovery chain.
|
|||
|
||||
- `Definition` `(ServiceRoute)` - Relevant portion of underlying
|
||||
`service-router`
|
||||
[route](/docs/agent/config-entries/service-router#routes).
|
||||
[route](/docs/connect/config-entries/service-router#routes).
|
||||
|
||||
- `NextNode` `(string)` - The name of the next node in the chain in [`Nodes`](#nodes).
|
||||
|
||||
|
@ -161,7 +161,7 @@ A single node in the compiled discovery chain.
|
|||
splits.
|
||||
|
||||
- `Weight` `(float32)` - Copy of underlying `service-splitter`
|
||||
[`weight`](/docs/agent/config-entries/service-splitter#weight) field.
|
||||
[`weight`](/docs/connect/config-entries/service-splitter#weight) field.
|
||||
|
||||
- `NextNode` `(string)` - The name of the next node in the chain in [`Nodes`](#nodes).
|
||||
|
||||
|
@ -172,21 +172,21 @@ A single node in the compiled discovery chain.
|
|||
defined for this node and the default was synthesized.
|
||||
|
||||
- `ConnectTimeout` `(duration)` - Copy of the underlying `service-resolver`
|
||||
[`ConnectTimeout`](/docs/agent/config-entries/service-resolver#connecttimeout)
|
||||
[`ConnectTimeout`](/docs/connect/config-entries/service-resolver#connecttimeout)
|
||||
field. If one is not defined the default of `5s` is returned.
|
||||
|
||||
- `Target` `(string)` - The name of the target to use found in [`Targets`](#targets).
|
||||
|
||||
- `Failover` `(DiscoveryFailover: <optional>)` - Compiled form of the
|
||||
underlying `service-resolver`
|
||||
[`Failover`](/docs/agent/config-entries/service-resolver#failover)
|
||||
[`Failover`](/docs/connect/config-entries/service-resolver#failover)
|
||||
definition to use for this request.
|
||||
|
||||
- `Targets` `(array<string>)` - List of targets found in
|
||||
[`Targets`](#targets) to failover to in order of preference.
|
||||
|
||||
- `LoadBalancer` `(LoadBalancer: <optional>`) - Copy of the underlying `service-resolver`
|
||||
[`LoadBalancer`](/docs/agent/config-entries/service-resolver#loadbalancer) field.
|
||||
[`LoadBalancer`](/docs/connect/config-entries/service-resolver#loadbalancer) field.
|
||||
|
||||
If a `service-splitter` splits between services with differing `LoadBalancer` configuration
|
||||
the first hash-based load balancing policy is copied.
|
||||
|
@ -198,7 +198,7 @@ A single node in the compiled discovery chain.
|
|||
- `Service` `(string)` - The service to query when resolving a list of service instances.
|
||||
|
||||
- `ServiceSubset` `(string: <optional>)` - The
|
||||
[subset](/docs/agent/config-entries/service-resolver#service-subsets) of
|
||||
[subset](/docs/connect/config-entries/service-resolver#service-subsets) of
|
||||
the service to resolve.
|
||||
|
||||
- `Namespace` `(string)` - The namespace to use when resolving a list of service instances.
|
||||
|
@ -207,7 +207,7 @@ A single node in the compiled discovery chain.
|
|||
|
||||
- `Subset` `(ServiceResolverSubset)` - Copy of the underlying
|
||||
`service-resolver`
|
||||
[`Subsets`](/docs/agent/config-entries/service-resolver#subsets)
|
||||
[`Subsets`](/docs/connect/config-entries/service-resolver#subsets)
|
||||
definition for this target.
|
||||
|
||||
- `Filter` `(string: "")` - The
|
||||
|
@ -236,4 +236,4 @@ A single node in the compiled discovery chain.
|
|||
- `Name` `(string)` - The unique name for this target for use when generating
|
||||
load balancer objects. This has a structure similar to [SNI](#sni), but will
|
||||
not be affected by SNI customizations such as
|
||||
[`ExternalSNI`](/docs/agent/config-entries/service-defaults#externalsni).
|
||||
[`ExternalSNI`](/docs/connect/config-entries/service-defaults#externalsni).
|
||||
|
|
|
@ -13,7 +13,7 @@ description: >-
|
|||
|
||||
Layer 7 traffic management allows operators to divide L7 traffic between
|
||||
different
|
||||
[subsets](/docs/agent/config-entries/service-resolver#service-subsets) of
|
||||
[subsets](/docs/connect/config-entries/service-resolver#service-subsets) of
|
||||
service instances when using Connect.
|
||||
|
||||
There are many ways you may wish to carve up a single datacenter's pool of
|
||||
|
@ -42,7 +42,7 @@ entry is missing, that stage will fall back on reasonable default behavior.
|
|||
|
||||
### Routing
|
||||
|
||||
A [`service-router`](/docs/agent/config-entries/service-router) config
|
||||
A [`service-router`](/docs/connect/config-entries/service-router) config
|
||||
entry kind is the first configurable stage.
|
||||
|
||||
A router config entry allows for a user to intercept traffic using L7 criteria
|
||||
|
@ -52,12 +52,12 @@ traffic to a different service or service subset.
|
|||
These config entries may only reference `service-splitter` or
|
||||
`service-resolver` entries.
|
||||
|
||||
[Examples](/docs/agent/config-entries/service-router#sample-config-entries)
|
||||
[Examples](/docs/connect/config-entries/service-router#sample-config-entries)
|
||||
can be found in the `service-router` documentation.
|
||||
|
||||
### Splitting
|
||||
|
||||
A [`service-splitter`](/docs/agent/config-entries/service-splitter) config
|
||||
A [`service-splitter`](/docs/connect/config-entries/service-splitter) config
|
||||
entry kind is the next stage after routing.
|
||||
|
||||
A splitter config entry allows for a user to choose to split incoming requests
|
||||
|
@ -77,12 +77,12 @@ union. For instance:
|
|||
---------------------
|
||||
splitter[effective_B]: A_v1=25%, A_v2=25%, B=50%
|
||||
|
||||
[Examples](/docs/agent/config-entries/service-splitter#sample-config-entries)
|
||||
[Examples](/docs/connect/config-entries/service-splitter#sample-config-entries)
|
||||
can be found in the `service-splitter` documentation.
|
||||
|
||||
### Resolution
|
||||
|
||||
A [`service-resolver`](/docs/agent/config-entries/service-resolver) config
|
||||
A [`service-resolver`](/docs/connect/config-entries/service-resolver) config
|
||||
entry kind is the last stage.
|
||||
|
||||
A resolver config entry allows for a user to define which instances of a
|
||||
|
@ -114,7 +114,7 @@ not intended to be a drop-in replacement currently.
|
|||
|
||||
These config entries may only reference other `service-resolver` entries.
|
||||
|
||||
[Examples](/docs/agent/config-entries/service-resolver#sample-config-entries)
|
||||
[Examples](/docs/connect/config-entries/service-resolver#sample-config-entries)
|
||||
can be found in the `service-resolver` documentation.
|
||||
|
||||
-> **Note:** `service-resolver` config entries kinds function at L4 (unlike
|
||||
|
|
|
@ -46,7 +46,7 @@ Find other possible metrics syncs in the [Connect Envoy documentation](/docs/con
|
|||
|
||||
### Service Protocol
|
||||
|
||||
You can specify the [service protocol](/docs/agent/config-entries/service-defaults#protocol)
|
||||
You can specify the [service protocol](/docs/connect/config-entries/service-defaults#protocol)
|
||||
in the `service-defaults` configuration entry. You can override it in the
|
||||
[service registration](/docs/agent/services). By default, proxies only give
|
||||
you L4 metrics. This protocol allows proxies to handle requests at the right L7
|
||||
|
|
|
@ -115,7 +115,7 @@ the ability to control some parts of the bootstrap config via proxy
|
|||
configuration options.
|
||||
|
||||
Users can add the following configuration items to the [global `proxy-defaults`
|
||||
configuration entry](/docs/agent/config-entries/proxy-defaults) or override them directly in the `proxy.config` field
|
||||
configuration entry](/docs/connect/config-entries/proxy-defaults) or override them directly in the `proxy.config` field
|
||||
of a [proxy service
|
||||
definition](/docs/connect/registration/service-registration) or
|
||||
[`sidecar_service`](/docs/connect/registration/sidecar-service) block.
|
||||
|
@ -124,7 +124,7 @@ definition](/docs/connect/registration/service-registration) or
|
|||
StatsD listener that Envoy should deliver metrics to. For example, this may be
|
||||
`udp://127.0.0.1:8125` if every host has a local StatsD listener. In this case
|
||||
users can configure this property once in the [global `proxy-defaults`
|
||||
configuration entry](/docs/agent/config-entries/proxy-defaults) for convenience. Currently, TCP is not supported.
|
||||
configuration entry](/docs/connect/config-entries/proxy-defaults) for convenience. Currently, TCP is not supported.
|
||||
|
||||
~> **Note:** currently the url **must use an ip address** not a dns name due
|
||||
to the way Envoy is setup for StatsD.
|
||||
|
@ -135,7 +135,7 @@ definition](/docs/connect/registration/service-registration) or
|
|||
pod in a Kubernetes cluster to learn of a pod-specific IP address for StatsD
|
||||
when the Envoy instance is bootstrapped while still allowing global
|
||||
configuration of all proxies to use StatsD in the [global `proxy-defaults`
|
||||
configuration entry](/docs/agent/config-entries/proxy-defaults). The env variable must contain a full valid URL
|
||||
configuration entry](/docs/connect/config-entries/proxy-defaults). The env variable must contain a full valid URL
|
||||
value as specified above and nothing else. It is not currently possible to use
|
||||
environment variables as only part of the URL.
|
||||
|
||||
|
@ -179,7 +179,7 @@ to configure appropriate proxy settings for that service's proxies and also for
|
|||
the upstream listeners of any downstream service.
|
||||
|
||||
One example is how users can define a service's protocol in a [`service-defaults` configuration
|
||||
entry](/docs/agent/config-entries/service-defaults). Agents with
|
||||
entry](/docs/connect/config-entries/service-defaults). Agents with
|
||||
[`enable_central_service_config`](/docs/agent/options#enable_central_service_config)
|
||||
set to true will automatically discover the protocol when configuring a proxy
|
||||
for a service. The proxy will discover the main protocol of the service it
|
||||
|
@ -200,7 +200,7 @@ To learn about other options that can be configured centrally see the
|
|||
These fields may also be overridden explicitly in the [proxy service
|
||||
definition](/docs/connect/registration/service-registration), or defined in
|
||||
the [global `proxy-defaults` configuration
|
||||
entry](/docs/agent/config-entries/proxy-defaults) to act as
|
||||
entry](/docs/connect/config-entries/proxy-defaults) to act as
|
||||
defaults that are inherited by all services.
|
||||
|
||||
- `protocol` - The protocol the service speaks. Connect's Envoy integration
|
||||
|
@ -227,9 +227,9 @@ defaults that are inherited by all services.
|
|||
metrics with `gRPC-status` trailer codes.
|
||||
|
||||
~> **Note:** The protocol of a service should ideally be configured via the
|
||||
[`protocol`](/docs/agent/config-entries/service-defaults#protocol)
|
||||
[`protocol`](/docs/connect/config-entries/service-defaults#protocol)
|
||||
field of a
|
||||
[`service-defaults`](/docs/agent/config-entries/service-defaults)
|
||||
[`service-defaults`](/docs/connect/config-entries/service-defaults)
|
||||
config entry for the service. Configuring it in a
|
||||
proxy config will not fully enable some [L7
|
||||
features](/docs/connect/l7-traffic-management).
|
||||
|
@ -256,9 +256,9 @@ definition](/docs/connect/registration/service-registration) or
|
|||
the upstream.
|
||||
|
||||
~> **Note:** The protocol of a service should ideally be configured via the
|
||||
[`protocol`](/docs/agent/config-entries/service-defaults#protocol)
|
||||
[`protocol`](/docs/connect/config-entries/service-defaults#protocol)
|
||||
field of a
|
||||
[`service-defaults`](/docs/agent/config-entries/service-defaults)
|
||||
[`service-defaults`](/docs/connect/config-entries/service-defaults)
|
||||
config entry for the upstream destination service. Configuring it in a
|
||||
proxy upstream config will not fully enable some [L7
|
||||
features](/docs/connect/l7-traffic-management).
|
||||
|
@ -270,9 +270,9 @@ definition](/docs/connect/registration/service-registration) or
|
|||
|
||||
~> **Note:** The connection timeout for a service should ideally be
|
||||
configured via the
|
||||
[`connect_timeout`](/docs/agent/config-entries/service-resolver#connecttimeout)
|
||||
[`connect_timeout`](/docs/connect/config-entries/service-resolver#connecttimeout)
|
||||
field of a
|
||||
[`service-resolver`](/docs/agent/config-entries/service-resolver)
|
||||
[`service-resolver`](/docs/connect/config-entries/service-resolver)
|
||||
config entry for the upstream destination service. Configuring it in a
|
||||
proxy upstream config will override any values defined in config entries.
|
||||
It is supported here for backwards compatibility with Consul versions prior to 1.6.0.
|
||||
|
@ -307,7 +307,7 @@ definition](/docs/connect/registration/service-registration) or
|
|||
These fields may also be overridden explicitly in the [proxy service
|
||||
definition](/docs/connect/registration/service-registration), or defined in
|
||||
the [global `proxy-defaults` configuration
|
||||
entry](/docs/agent/config-entries/proxy-defaults) to act as
|
||||
entry](/docs/connect/config-entries/proxy-defaults) to act as
|
||||
defaults that are inherited by all services.
|
||||
|
||||
Prior to 1.8.0 these settings were specific to Mesh Gateways. The deprecated
|
||||
|
@ -317,7 +317,7 @@ will continue to be supported.
|
|||
- `connect_timeout_ms` - The number of milliseconds to allow when making upstream
|
||||
connections before timing out. Defaults to 5000 (5 seconds). If the upstream
|
||||
service has the configuration option
|
||||
[`connect_timeout_ms`](/docs/agent/config-entries/service-resolver#connecttimeout)
|
||||
[`connect_timeout_ms`](/docs/connect/config-entries/service-resolver#connecttimeout)
|
||||
set for the `service-resolver`, that timeout value will take precedence over
|
||||
this gateway option.
|
||||
|
||||
|
@ -430,7 +430,7 @@ EOF
|
|||
|
||||
Users may add the following configuration items to the [global `proxy-defaults`
|
||||
configuration
|
||||
entry](/docs/agent/config-entries/proxy-defaults) or
|
||||
entry](/docs/connect/config-entries/proxy-defaults) or
|
||||
override them directly in the `proxy.config` field of a [proxy service
|
||||
definition](/docs/connect/registration/service-registration) or
|
||||
[`sidecar_service`](/docs/connect/registration/sidecar-service) block.
|
||||
|
@ -466,7 +466,7 @@ definition](/docs/connect/registration/service-registration) or
|
|||
|
||||
Users may add the following configuration items to the [global `proxy-defaults`
|
||||
configuration
|
||||
entry](/docs/agent/config-entries/proxy-defaults) or
|
||||
entry](/docs/connect/config-entries/proxy-defaults) or
|
||||
override them directly in the `proxy.config` field of a [proxy service
|
||||
definition](/docs/connect/registration/service-registration) or
|
||||
[`sidecar_service`](/docs/connect/registration/sidecar-service) block.
|
||||
|
@ -504,9 +504,9 @@ definition](/docs/connect/registration/service-registration) or
|
|||
[`sidecar_service`](/docs/connect/registration/sidecar-service) block.
|
||||
|
||||
~> **Note:** - When a
|
||||
[`service-router`](/docs/agent/config-entries/service-router),
|
||||
[`service-splitter`](/docs/agent/config-entries/service-splitter), or
|
||||
[`service-resolver`](/docs/agent/config-entries/service-resolver) config
|
||||
[`service-router`](/docs/connect/config-entries/service-router),
|
||||
[`service-splitter`](/docs/connect/config-entries/service-splitter), or
|
||||
[`service-resolver`](/docs/connect/config-entries/service-resolver) config
|
||||
entry exists for a service the below escape hatches are ignored and will log a
|
||||
warning.
|
||||
|
||||
|
@ -525,6 +525,6 @@ warning.
|
|||
customization of timeouts, circuit breaking, rate limits, load balancing
|
||||
strategy etc.
|
||||
|
||||
[protocol]: /docs/agent/config-entries/service-defaults#protocol
|
||||
[protocol]: /docs/connect/config-entries/service-defaults#protocol
|
||||
[intentions]: /docs/connect/intentions
|
||||
[intentions]: /docs/connect/intentions
|
||||
|
|
|
@ -203,7 +203,7 @@ populate endpoints in memory will need to poll the endpoint at a suitable and
|
|||
ideally configurable frequency.
|
||||
|
||||
-> **Note:** Long-term the [`service-resolver` config
|
||||
entries](/docs/agent/config-entries/service-resolver) are intended to replace
|
||||
entries](/docs/connect/config-entries/service-resolver) are intended to replace
|
||||
Prepared Queries in Consul entirely, but for now these are still used in some
|
||||
configurations.
|
||||
|
||||
|
@ -240,4 +240,4 @@ ID for the name specified in `-sidecar-for`.
|
|||
[`consul/connect/tls.go`]: https://github.com/hashicorp/consul/blob/v1.8.3/connect/tls.go#L232-L237
|
||||
[discovery chain]: /docs/connect/l7-traffic/discovery-chain
|
||||
[`usecache`]: https://github.com/hashicorp/consul/blob/v1.8.3/api/api.go#L99-L102
|
||||
[protocol]: /docs/agent/config-entries/service-defaults#protocol
|
||||
[protocol]: /docs/connect/config-entries/service-defaults#protocol
|
||||
|
|
|
@ -234,7 +234,7 @@ $ consul connect envoy -mesh-gateway -register \
|
|||
### Configure Sidecar Proxies to use Gateways
|
||||
|
||||
Next, create a [centralized
|
||||
configuration](/docs/agent/config-entries/proxy-defaults)
|
||||
configuration](/docs/connect/config-entries/proxy-defaults)
|
||||
file for all the sidecar proxies in both datacenters called
|
||||
`proxy-defaults.json`. This file will instruct the sidecar proxies to send all
|
||||
their inter-datacenter traffic through the gateways. It should contain the
|
||||
|
|
|
@ -183,7 +183,7 @@ $ consul config write l7_config/api_service_defaults.json
|
|||
```
|
||||
|
||||
Find more information on `service-defaults` configuration entries in the
|
||||
[documentation](/docs/agent/config-entries/service-defaults).
|
||||
[documentation](/docs/connect/config-entries/service-defaults).
|
||||
|
||||
-> **Automation Tip:** To automate interactions with configuration entries, use
|
||||
the HTTP API endpoint [`http://localhost:8500/v1/config`](/api/config).
|
||||
|
@ -232,7 +232,7 @@ $ consul config write l7_config/api_service_resolver.json
|
|||
```
|
||||
|
||||
Find more information about service resolvers in the
|
||||
[documentation](/docs/agent/config-entries/service-resolver).
|
||||
[documentation](/docs/connect/config-entries/service-resolver).
|
||||
|
||||
### Configure Service Splitting - 100% of traffic to Version 1
|
||||
|
||||
|
|
|
@ -170,7 +170,7 @@ Policies:
|
|||
|
||||
### Create the configuration entry for the terminating gateway
|
||||
|
||||
Once the tokens have been updated, create the [TerminatingGateway](/docs/agent/config-entries/terminating-gateway)
|
||||
Once the tokens have been updated, create the [TerminatingGateway](/docs/connect/config-entries/terminating-gateway)
|
||||
resource to configure the terminating gateway:
|
||||
|
||||
```hcl
|
||||
|
|
|
@ -18,14 +18,14 @@ cluster-wide defaults for the service mesh.
|
|||
|
||||
We currently support the follow configuration entry kinds:
|
||||
|
||||
- [`ProxyDefaults`](/docs/agent/config-entries/proxy-defaults)
|
||||
- [`ServiceDefaults`](/docs/agent/config-entries/service-defaults)
|
||||
- [`ServiceSplitter`](/docs/agent/config-entries/service-splitter)
|
||||
- [`ServiceRouter`](/docs/agent/config-entries/service-router)
|
||||
- [`ServiceResolver`](/docs/agent/config-entries/service-resolver)
|
||||
- [`ServiceIntentions`](/docs/agent/config-entries/service-intentions) (requires Consul >= 1.9.0)
|
||||
- [`IngressGateway`](/docs/agent/config-entries/ingress-gateway)
|
||||
- [`TerminatingGateway`](/docs/agent/config-entries/terminating-gateway)
|
||||
- [`ProxyDefaults`](/docs/connect/config-entries/proxy-defaults)
|
||||
- [`ServiceDefaults`](/docs/connect/config-entries/service-defaults)
|
||||
- [`ServiceSplitter`](/docs/connect/config-entries/service-splitter)
|
||||
- [`ServiceRouter`](/docs/connect/config-entries/service-router)
|
||||
- [`ServiceResolver`](/docs/connect/config-entries/service-resolver)
|
||||
- [`ServiceIntentions`](/docs/connect/config-entries/service-intentions) (requires Consul >= 1.9.0)
|
||||
- [`IngressGateway`](/docs/connect/config-entries/ingress-gateway)
|
||||
- [`TerminatingGateway`](/docs/connect/config-entries/terminating-gateway)
|
||||
|
||||
## Installation
|
||||
|
||||
|
|
|
@ -45,7 +45,7 @@ namespace with a query parameter of `?ns=*`.
|
|||
|
||||
Upgrading to Consul 1.9.0 will trigger a one-time background migration of
|
||||
[intentions](/docs/connect/intentions) into an equivalent set of
|
||||
[`service-intentions`](/docs/agent/config-entries/service-intentions) config
|
||||
[`service-intentions`](/docs/connect/config-entries/service-intentions) config
|
||||
entries. This process will wait until all of the Consul servers in the primary
|
||||
datacenter are running Consul 1.9.0+.
|
||||
|
||||
|
@ -73,22 +73,22 @@ re-created via the old endpoints. Fields that are being removed or changing
|
|||
behavior:
|
||||
|
||||
- `Intention.ID` after migration is stored in the
|
||||
[`LegacyID`](/docs/agent/config-entries/service-intentions#legacyid) field.
|
||||
[`LegacyID`](/docs/connect/config-entries/service-intentions#legacyid) field.
|
||||
After transitioning this field is cleared.
|
||||
|
||||
- `Intention.CreatedAt` after migration is stored in the
|
||||
[`LegacyCreateTime`](/docs/agent/config-entries/service-intentions#legacycreatetime)
|
||||
[`LegacyCreateTime`](/docs/connect/config-entries/service-intentions#legacycreatetime)
|
||||
field. After transitioning this field is cleared.
|
||||
|
||||
- `Intention.UpdatedAt` after migration is stored in the
|
||||
[`LegacyUpdateTime`](/docs/agent/config-entries/service-intentions#legacyupdatetime)
|
||||
[`LegacyUpdateTime`](/docs/connect/config-entries/service-intentions#legacyupdatetime)
|
||||
field. After transitioning this field is cleared.
|
||||
|
||||
- `Intention.Meta` after migration is stored in the
|
||||
[`LegacyMeta`](/docs/agent/config-entries/service-intentions#legacymeta)
|
||||
[`LegacyMeta`](/docs/connect/config-entries/service-intentions#legacymeta)
|
||||
field. To complete the transition, this field **must be cleared manually**
|
||||
and the metadata moved up to the enclosing config entry's
|
||||
[`Meta`](/docs/agent/config-entries/service-intentions#meta) field. This is
|
||||
[`Meta`](/docs/connect/config-entries/service-intentions#meta) field. This is
|
||||
not done automatically since it is potentially a lossy operation.
|
||||
|
||||
## Consul 1.8.0
|
||||
|
|
|
@ -56,6 +56,19 @@ export default [
|
|||
content: [
|
||||
'connect-internals',
|
||||
'configuration',
|
||||
{
|
||||
category: 'config-entries',
|
||||
content: [
|
||||
'ingress-gateway',
|
||||
'proxy-defaults',
|
||||
'service-defaults',
|
||||
'service-intentions',
|
||||
'service-resolver',
|
||||
'service-router',
|
||||
'service-splitter',
|
||||
'terminating-gateway',
|
||||
],
|
||||
},
|
||||
{
|
||||
category: 'proxies',
|
||||
content: ['envoy', 'built-in', 'integrate'],
|
||||
|
@ -207,23 +220,7 @@ export default [
|
|||
},
|
||||
{
|
||||
category: 'agent',
|
||||
content: [
|
||||
'options',
|
||||
{
|
||||
category: 'config-entries',
|
||||
content: [
|
||||
'ingress-gateway',
|
||||
'proxy-defaults',
|
||||
'service-defaults',
|
||||
'service-intentions',
|
||||
'service-resolver',
|
||||
'service-router',
|
||||
'service-splitter',
|
||||
'terminating-gateway',
|
||||
],
|
||||
},
|
||||
'telemetry',
|
||||
],
|
||||
content: ['options', 'config-entries', 'telemetry'],
|
||||
},
|
||||
{
|
||||
category: 'security',
|
||||
|
@ -241,10 +238,7 @@ export default [
|
|||
'encryption',
|
||||
{
|
||||
category: 'security-models',
|
||||
content: [
|
||||
'core',
|
||||
'nia',
|
||||
],
|
||||
content: ['core', 'nia'],
|
||||
},
|
||||
],
|
||||
},
|
||||
|
|
Loading…
Reference in New Issue