diff --git a/website/content/docs/k8s/annotations-and-labels.mdx b/website/content/docs/k8s/annotations-and-labels.mdx index e8b55dc31f..1e4d5533c2 100644 --- a/website/content/docs/k8s/annotations-and-labels.mdx +++ b/website/content/docs/k8s/annotations-and-labels.mdx @@ -67,27 +67,27 @@ Resource annotations could be used on the Kubernetes pod to control connect-inje - `consul.hashicorp.com/connect-service-upstreams` - The list of upstream services that this pod needs to connect to via Connect along with a static local port to listen for those connections. When transparent proxy is enabled, - this annotation is optional. - - - There are a few formats this annotation can take: - - - Unlabeled: - Use the unlabeled annotation format to specify a service name, Consul Enterprise namespaces and partitions, - and datacenters. To use [cluster peering](/docs/connect/cluster-peering/k8s) with upstreams, use the following labeled format. - - Service name: Place the service name at the beginning of the annotation to specify the upstream service. You can also append the datacenter where the service is deployed (optional). - ```yaml - annotations: - "consul.hashicorp.com/connect-service-upstreams":"[service-name]:[port]:[optional datacenter]" - ``` - - - Namespace (requires Consul Enterprise 1.7+): Upstream services may be running in different a namespace. Place the upstream namespace after the service name. Refer to [Consul Enterprise Namespaces](#consul-enterprise-namespaces) for additional details about configuring the injector. - ```yaml - annotations: - "consul.hashicorp.com/connect-service-upstreams":"[service-name].[service-namespace]:[port]:[optional datacenter]" - ``` - If the namespace is not specified, the annotation will default to the namespace of the source service. - - If you are not using Consul Enterprise 1.7+, Consul will interpret the value placed in the namespace position as part of the service name. + this annotation is optional. There are a few formats this annotation can take: + + - Unlabeled: + Use the unlabeled annotation format to specify a service name, Consul Enterprise namespaces and partitions, and + datacenters. To use [cluster peering](/docs/connect/cluster-peering/k8s) with upstreams, use the following + labeled format. + - Service name: Place the service name at the beginning of the annotation to specify the upstream service. You can + also append the datacenter where the service is deployed (optional). + ```yaml + annotations: + "consul.hashicorp.com/connect-service-upstreams":"[service-name]:[port]:[optional datacenter]" + ``` + - Namespace (requires Consul Enterprise 1.7+): Upstream services may be running in different a namespace. Place + the upstream namespace after the service name. Refer to [Consul Enterprise + Namespaces](#consul-enterprise-namespaces) for additional details about configuring the injector. + ```yaml + annotations: + "consul.hashicorp.com/connect-service-upstreams":"[service-name].[service-namespace]:[port]:[optional datacenter]" + ``` + If the namespace is not specified, the annotation will default to the namespace of the source service. + If you are not using Consul Enterprise 1.7+, Consul will interpret the value placed in the namespace position as part of the service name. - Admin partitions (requires Consul Enterprise 1.11+): Upstream services may be running in a different partition. You must specify the namespace when specifying a partition. Place the partition name after the namespace. If you specify the name of the datacenter (optional), it must be the local datacenter. Communicating across partitions using this method is only supported within a @@ -97,61 +97,62 @@ Resource annotations could be used on the Kubernetes pod to control connect-inje annotations: "consul.hashicorp.com/connect-service-upstreams":"[service-name].[service-namespace].[service-partition]:[port]:[optional datacenter]" ``` - - [Prepared queries](/docs/connect/proxies#dynamic-upstreams-require-native-integration): Prepend the annotation with `prepared_query` and place the name of the query at the beginning of the string. + - [Prepared queries](/docs/connect/proxies#dynamic-upstreams-require-native-integration): Prepend the annotation + with `prepared_query` and place the name of the query at the beginning of the string. + ```yaml + annotations: + 'consul.hashicorp.com/connect-service-upstreams': 'prepared_query:[query name]:[port]' + ``` + + - Labeled (requires consul-k8s v0.45.0+): + The labeled format is required when using the cluster peering feature and specifying an upstream in another + peer. You can specify a Consul Enterprise namespace, partition, or datacenter. The format supports only one peer, datacenter, or partition. + - Service name: Place the service name at the beginning of the annotation followed by `.svc` to specify the upstream service. ```yaml annotations: - 'consul.hashicorp.com/connect-service-upstreams': 'prepared_query:[query name]:[port]' + "consul.hashicorp.com/connect-service-upstreams":"[service-name].svc:[port]" ``` - - - Labeled (requires consul-k8s v0.45.0+): - The labeled format is required when using the cluster peering feature and specifying an upstream in another - peer. You can specify a Consul Enterprise namespace, partition, or datacenter. The format supports only one peer, datacenter, or partition. - - Service name: Place the service name at the beginning of the annotation followed by `.svc` to specify the upstream service. - ```yaml - annotations: - "consul.hashicorp.com/connect-service-upstreams":"[service-name].svc:[port]" - ``` - - Peer or datacenter: Place the peer or datacenter after `svc.` followed by either `peer` or `dc` and the port number. - ```yaml - annotations: - "consul.hashicorp.com/connect-service-upstreams":"[service-name].svc.[service-peer].peer:[port]" - ``` - ```yaml - annotations: - "consul.hashicorp.com/connect-service-upstreams":"[service-name].svc.[service-dc].dc:[port]" - ``` - - Namespace (required Consul Enterprise): Place the namespace after `svc.` followed by `ns` and the port number. - ```yaml - annotations: - "consul.hashicorp.com/connect-service-upstreams":"[service-name].svc.[service-namespace].ns:[port]" - ``` - When specifying a peer, datacenter, or admin partition when namespaces are enabled, you must - provide the namespace and a peer, datacenter, or partition. - ```yaml - annotations: - "consul.hashicorp.com/connect-service-upstreams":"[service-name].svc.[service-namespace].ns.[service-peer].peer:[port]" - ``` - ```yaml - annotations: - "consul.hashicorp.com/connect-service-upstreams":"[service-name].svc.[service-namespace].ns.[service-partition].ap:[port]" - ``` - ```yaml - annotations: - "consul.hashicorp.com/connect-service-upstreams":"[service-name].svc.[service-namespace].ns.[service-dc].dc:[port]" - ``` - - - Multiple upstreams: Delimit multiple services or upstreams with commas. You can specify any of the unlabeled, labeled, or prepared query formats when using the supported versions for the formats. - + - Peer or datacenter: Place the peer or datacenter after `svc.` followed by either `peer` or `dc` and the port number. ```yaml annotations: - "consul.hashicorp.com/connect-service-upstreams":"[service-name]:[port]:[optional datacenter],[service-name]:[port]:[optional datacenter]" + "consul.hashicorp.com/connect-service-upstreams":"[service-name].svc.[service-peer].peer:[port]" + ``` + ```yaml + annotations: + "consul.hashicorp.com/connect-service-upstreams":"[service-name].svc.[service-dc].dc:[port]" + ``` + - Namespace (required Consul Enterprise): Place the namespace after `svc.` followed by `ns` and the port number. + ```yaml + annotations: + "consul.hashicorp.com/connect-service-upstreams":"[service-name].svc.[service-namespace].ns:[port]" + ``` + When specifying a peer, datacenter, or admin partition when namespaces are enabled, you must + provide the namespace and a peer, datacenter, or partition. + ```yaml + annotations: + "consul.hashicorp.com/connect-service-upstreams":"[service-name].svc.[service-namespace].ns.[service-peer].peer:[port]" + ``` + ```yaml + annotations: + "consul.hashicorp.com/connect-service-upstreams":"[service-name].svc.[service-namespace].ns.[service-partition].ap:[port]" ``` - ```yaml annotations: - "consul.hashicorp.com/connect-service-upstreams":"[service-name]:[port]:[optional datacenter],prepared_query:[query name]:[port],[service-name].svc:[port]" + "consul.hashicorp.com/connect-service-upstreams":"[service-name].svc.[service-namespace].ns.[service-dc].dc:[port]" ``` + - Multiple upstreams: Delimit multiple services or upstreams with commas. You can specify any of the unlabeled, labeled, or prepared query formats when using the supported versions for the formats. + + ```yaml + annotations: + "consul.hashicorp.com/connect-service-upstreams":"[service-name]:[port]:[optional datacenter],[service-name]:[port]:[optional datacenter]" + ``` + + ```yaml + annotations: + "consul.hashicorp.com/connect-service-upstreams":"[service-name]:[port]:[optional datacenter],prepared_query:[query name]:[port],[service-name].svc:[port]" + ``` + - `consul.hashicorp.com/envoy-extra-args` - A space-separated list of [arguments](https://www.envoyproxy.io/docs/envoy/latest/operations/cli) to be passed to the injected envoy binary.