From b84884974285f0b5eef9f6db6099bdca0aa6304e Mon Sep 17 00:00:00 2001 From: David Yu Date: Fri, 4 Nov 2022 15:01:23 -0700 Subject: [PATCH] docs: cluster peering docs feedback (#15268) * docs: cluster peering docs feedback Co-authored-by: Nathan Coleman --- .../docs/connect/cluster-peering/k8s.mdx | 28 +++++++++++++------ 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/website/content/docs/connect/cluster-peering/k8s.mdx b/website/content/docs/connect/cluster-peering/k8s.mdx index 1bddbd5d3c..f57f286a78 100644 --- a/website/content/docs/connect/cluster-peering/k8s.mdx +++ b/website/content/docs/connect/cluster-peering/k8s.mdx @@ -237,6 +237,12 @@ The examples described in this section demonstrate how to export a service named +1. Deploy the `backend` service to the second cluster. + + ```shell-session + $ kubectl apply --context $CLUSTER2_CONTEXT --filename backend.yaml + ``` + 1. In `cluster-02`, create an `ExportedServices` custom resource. @@ -255,17 +261,17 @@ The examples described in this section demonstrate how to export a service named -1. Apply the service file and the `ExportedServices` resource to the second cluster. +1. Apply the `ExportedServices` resource to the second cluster. ```shell-session - $ kubectl apply --context $CLUSTER2_CONTEXT --filename backend.yaml --filename exportedsvc.yaml + $ kubectl apply --context $CLUSTER2_CONTEXT --filename exportedsvc.yaml ``` ### Authorize services for peers 1. Create service intentions for the second cluster. - + ```yaml apiVersion: consul.hashicorp.com/v1alpha1 @@ -287,7 +293,7 @@ The examples described in this section demonstrate how to export a service named 1. Apply the intentions to the second cluster. ```shell-session - $ kubectl --context $CLUSTER2_CONTEXT apply --filename intention.yml + $ kubectl --context $CLUSTER2_CONTEXT apply --filename intention.yaml ``` 1. Add the `"consul.hashicorp.com/connect-inject": "true"` annotation to your service's pods before deploying the workload so that the services in `cluster-01` can dial `backend` in `cluster-02`. To dial the upstream service from an application, configure the application so that that requests are sent to the correct DNS name as specified in [Service Virtual IP Lookups](/docs/discovery/dns#service-virtual-ip-lookups). In the following example, the annotation that allows the workload to join the mesh and the configuration provided to the workload that enables the workload to dial the upstream service using the correct DNS name is highlighted. @@ -364,6 +370,8 @@ The examples described in this section demonstrate how to export a service named 1. Run the following command in `frontend` and then check the output to confirm that you peered your clusters successfully. + + ```shell-session $ kubectl --context $CLUSTER1_CONTEXT exec -it $(kubectl --context $CLUSTER1_CONTEXT get pod -l app=frontend -o name) -- curl localhost:9090 @@ -401,6 +409,8 @@ The examples described in this section demonstrate how to export a service named "code": 200 } ``` + + ## End a peering connection @@ -423,10 +433,10 @@ To end a peering connection, delete both the `PeeringAcceptor` and `PeeringDiale 1. Exec into the server pod for the first cluster. ```shell-session - $ kubectl exec -it consul-server-0 -- /bin/sh + $ kubectl exec -it consul-server-0 --context $CLUSTER1_CONTEXT -- /bin/sh ``` - 1. Export an ACL token to access the `/health` HTP endpoint for services. The bootstrap token may be used if an ACL token is not already provisioned. + 1. If you've enabled ACLs, export an ACL token to access the `/health` HTP endpoint for services. The bootstrap token may be used if an ACL token is not already provisioned. ```shell-session $ export CONSUL_HTTP_TOKEN= @@ -435,8 +445,8 @@ To end a peering connection, delete both the `PeeringAcceptor` and `PeeringDiale 1. Query the the `/health` HTTP endpoint. The peered services should no longer appear. ```shell-session - $ curl "localhost:8500/v1/health/connect/backend?peer=cluster-02" - ``` + $ curl "localhost:8500/v1/health/connect/backend?peer=cluster-02" + ``` ## Recreate or reset a peering connection @@ -452,7 +462,7 @@ To recreate or reset the peering connection, you need to generate a new peering metadata: name: cluster-02 annotations: - consul.hashicorp.com/peering-version: 1 ## The peering version you want to set. + consul.hashicorp.com/peering-version: "1" ## The peering version you want to set, must be in quotes spec: peer: secret: