From b0cbecae7d7f2796419ea52137f02c1a7a178715 Mon Sep 17 00:00:00 2001 From: boruszak Date: Tue, 27 Sep 2022 15:16:39 -0500 Subject: [PATCH 01/10] Bootstrap Consul on Windows VMs instructions --- .../content/docs/connect/proxies/envoy.mdx | 29 ++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/website/content/docs/connect/proxies/envoy.mdx b/website/content/docs/connect/proxies/envoy.mdx index 86856a6f95..0cb53fa7fe 100644 --- a/website/content/docs/connect/proxies/envoy.mdx +++ b/website/content/docs/connect/proxies/envoy.mdx @@ -112,7 +112,7 @@ Envoy requires an initial bootstrap configuration file. The easiest way to create this is using the [`consul connect envoy` command](/commands/connect/envoy). The command can either output the bootstrap configuration directly to stdout, or generate the configuration and issue an `exec` command -to the Envoy binary as a convenience wrapper. +to the Envoy binary as a convenience wrapper. For more information about using `exec` to bootstrap Envoy, refer to [Exec Security Details](/consul/commands/connect/envoy#exec-security-details). Because some Envoy configuration options, such as metrics and tracing sinks, can only be specified via the bootstrap configuration, Connect as of Consul 1.5.0 adds @@ -174,6 +174,33 @@ definition](/docs/connect/registration/service-registration) or The [Advanced Configuration](#advanced-configuration) section describes additional configurations that allow incremental or complete control over the bootstrap configuration generated. +### Bootstrap Consul on Windows VMs + +If you are running Consul on a Windows VM, the `consul connect envoy` command returns the following output: + +```shell-session hideClipboard +Directly running Envoy is only supported on linux and macOS since envoy itself doesn't build on other plataforms currently. +Use the -bootstrap option to generate the JSON to use when running envoy on a supported OS or via a container or VM. +``` + +To bootstrap Envoy on Windows VMs, you must generate the bootstrap configuration as a .json file and then manually edit it to add both your ACL token and a valid access log path. + +First, add the `-bootstrap` option to the command and save the output to a file: + +```shell-session +$ consul connect envoy -bootstrap > bootstrap.json +``` + +Then, open `bootstrap.json` and add your ACL token and log path to the file. + +To complete the bootstrap process, start Envoy and include the path to `bootstrap.json`: + +```shell-session +envoy -c +``` + +~> **Tip**: The `bootstrap.json` file contains your ACL token. Because the file is no longer needed after bootstrapping is complete, delete it to protect your network. + ## Dynamic Configuration Consul automatically generates Envoy's dynamic configuration based on its From b0fc58474ab3d49bc7b0d5546ecbf4f2e3b943e7 Mon Sep 17 00:00:00 2001 From: boruszak Date: Tue, 27 Sep 2022 15:42:05 -0500 Subject: [PATCH 02/10] Fixes --- website/content/docs/connect/proxies/envoy.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/website/content/docs/connect/proxies/envoy.mdx b/website/content/docs/connect/proxies/envoy.mdx index 0cb53fa7fe..65912ed171 100644 --- a/website/content/docs/connect/proxies/envoy.mdx +++ b/website/content/docs/connect/proxies/envoy.mdx @@ -176,7 +176,7 @@ The [Advanced Configuration](#advanced-configuration) section describes addition ### Bootstrap Consul on Windows VMs -If you are running Consul on a Windows VM, the `consul connect envoy` command returns the following output: +If you are running Consul on a Windows VM, attempting to bootstrap Envoy with the `consul connect envoy` command returns the following output: ```shell-session hideClipboard Directly running Envoy is only supported on linux and macOS since envoy itself doesn't build on other plataforms currently. @@ -196,10 +196,10 @@ Then, open `bootstrap.json` and add your ACL token and log path to the file. To complete the bootstrap process, start Envoy and include the path to `bootstrap.json`: ```shell-session -envoy -c +envoy -c bootstrap.json ``` -~> **Tip**: The `bootstrap.json` file contains your ACL token. Because the file is no longer needed after bootstrapping is complete, delete it to protect your network. +~> **Security Note**: The bootstrap JSON contains the ACL token and should be handled as a secret. Because this token authorizes the identity of any service it has `service:write` permissions for, it can be used to access upstream services. ## Dynamic Configuration From 10cfc9bbb47520384f84562e295a7f9c40c5f844 Mon Sep 17 00:00:00 2001 From: boruszak Date: Fri, 30 Sep 2022 09:51:58 -0500 Subject: [PATCH 03/10] Codeblock Added --- .../content/docs/connect/proxies/envoy.mdx | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/website/content/docs/connect/proxies/envoy.mdx b/website/content/docs/connect/proxies/envoy.mdx index 65912ed171..3f0fd36548 100644 --- a/website/content/docs/connect/proxies/envoy.mdx +++ b/website/content/docs/connect/proxies/envoy.mdx @@ -192,6 +192,36 @@ $ consul connect envoy -bootstrap > bootstrap.json ``` Then, open `bootstrap.json` and add your ACL token and log path to the file. + + +```json + "admin": { + "access_log_path": "/dev/null", + "address": { + "socket_address": { + "address": "127.0.0.1", + "port_value": 19000 + } + } + }, + ## ... + "dynamic_resources": { + ## ... + "ads_config": { + ## ... + "grpc_services": { + "initial_metadata": [ + { + "key": "x-consul-token", + "value": "" + } + ], + ## ... + } + } + } +} +``` To complete the bootstrap process, start Envoy and include the path to `bootstrap.json`: From ebc069aeb66b6c68d6d0d8a0cfaa4b96299aa875 Mon Sep 17 00:00:00 2001 From: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Date: Fri, 30 Sep 2022 09:52:53 -0500 Subject: [PATCH 04/10] Apply suggestions from code review Co-authored-by: Tu Nguyen Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> --- website/content/docs/connect/proxies/envoy.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/website/content/docs/connect/proxies/envoy.mdx b/website/content/docs/connect/proxies/envoy.mdx index 3f0fd36548..5728b34fb9 100644 --- a/website/content/docs/connect/proxies/envoy.mdx +++ b/website/content/docs/connect/proxies/envoy.mdx @@ -174,7 +174,7 @@ definition](/docs/connect/registration/service-registration) or The [Advanced Configuration](#advanced-configuration) section describes additional configurations that allow incremental or complete control over the bootstrap configuration generated. -### Bootstrap Consul on Windows VMs +### Bootstrap Envoy on Windows VMs If you are running Consul on a Windows VM, attempting to bootstrap Envoy with the `consul connect envoy` command returns the following output: @@ -191,7 +191,7 @@ First, add the `-bootstrap` option to the command and save the output to a file: $ consul connect envoy -bootstrap > bootstrap.json ``` -Then, open `bootstrap.json` and add your ACL token and log path to the file. +Then, open `bootstrap.json` and update the following sections with your ACL token and log path. ```json @@ -226,7 +226,7 @@ Then, open `bootstrap.json` and add your ACL token and log path to the file. To complete the bootstrap process, start Envoy and include the path to `bootstrap.json`: ```shell-session -envoy -c bootstrap.json +$ envoy -c bootstrap.json ``` ~> **Security Note**: The bootstrap JSON contains the ACL token and should be handled as a secret. Because this token authorizes the identity of any service it has `service:write` permissions for, it can be used to access upstream services. From 2d72feffdad6ad670951609376a8c74ec619d3ef Mon Sep 17 00:00:00 2001 From: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Date: Fri, 30 Sep 2022 09:58:03 -0500 Subject: [PATCH 05/10] Update website/content/docs/connect/proxies/envoy.mdx --- website/content/docs/connect/proxies/envoy.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/connect/proxies/envoy.mdx b/website/content/docs/connect/proxies/envoy.mdx index 5728b34fb9..b55418095e 100644 --- a/website/content/docs/connect/proxies/envoy.mdx +++ b/website/content/docs/connect/proxies/envoy.mdx @@ -185,7 +185,7 @@ Use the -bootstrap option to generate the JSON to use when running envoy on a su To bootstrap Envoy on Windows VMs, you must generate the bootstrap configuration as a .json file and then manually edit it to add both your ACL token and a valid access log path. -First, add the `-bootstrap` option to the command and save the output to a file: +To generate the bootstrap configuration file, add the `-bootstrap` option to the command and then save the output to a file: ```shell-session $ consul connect envoy -bootstrap > bootstrap.json From 57154548f872893b857d73789140cd4abc0adbcb Mon Sep 17 00:00:00 2001 From: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Date: Fri, 30 Sep 2022 09:59:21 -0500 Subject: [PATCH 06/10] Update website/content/docs/connect/proxies/envoy.mdx --- website/content/docs/connect/proxies/envoy.mdx | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/website/content/docs/connect/proxies/envoy.mdx b/website/content/docs/connect/proxies/envoy.mdx index b55418095e..efc83395b6 100644 --- a/website/content/docs/connect/proxies/envoy.mdx +++ b/website/content/docs/connect/proxies/envoy.mdx @@ -192,6 +192,7 @@ $ consul connect envoy -bootstrap > bootstrap.json ``` Then, open `bootstrap.json` and update the following sections with your ACL token and log path. + ```json @@ -221,9 +222,6 @@ Then, open `bootstrap.json` and update the following sections with your ACL toke } } } -``` - -To complete the bootstrap process, start Envoy and include the path to `bootstrap.json`: ```shell-session $ envoy -c bootstrap.json From 722881fb4032981f29d628b3d3b38c0fcddc1cc8 Mon Sep 17 00:00:00 2001 From: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Date: Fri, 30 Sep 2022 10:01:43 -0500 Subject: [PATCH 07/10] Update website/content/docs/connect/proxies/envoy.mdx --- website/content/docs/connect/proxies/envoy.mdx | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/website/content/docs/connect/proxies/envoy.mdx b/website/content/docs/connect/proxies/envoy.mdx index efc83395b6..b6eae4678b 100644 --- a/website/content/docs/connect/proxies/envoy.mdx +++ b/website/content/docs/connect/proxies/envoy.mdx @@ -222,6 +222,10 @@ Then, open `bootstrap.json` and update the following sections with your ACL toke } } } +``` + + +To complete the bootstrap process, start Envoy and include the path to `bootstrap.json`: ```shell-session $ envoy -c bootstrap.json From 64dcb64d31d822b1a5f1df01e499dd68ac62434f Mon Sep 17 00:00:00 2001 From: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Date: Mon, 3 Oct 2022 13:54:08 -0500 Subject: [PATCH 08/10] Update website/content/docs/connect/proxies/envoy.mdx --- website/content/docs/connect/proxies/envoy.mdx | 2 ++ 1 file changed, 2 insertions(+) diff --git a/website/content/docs/connect/proxies/envoy.mdx b/website/content/docs/connect/proxies/envoy.mdx index b6eae4678b..b1082ee838 100644 --- a/website/content/docs/connect/proxies/envoy.mdx +++ b/website/content/docs/connect/proxies/envoy.mdx @@ -176,6 +176,8 @@ The [Advanced Configuration](#advanced-configuration) section describes addition ### Bootstrap Envoy on Windows VMs +> Complete the [Connect Services on Windows Workloads to Consul Service Mesh tutorial](/tutorials/consul/consul-on-windows-workloads) to learn how to deploy Consul and use its service mesh on Windows VMs. + If you are running Consul on a Windows VM, attempting to bootstrap Envoy with the `consul connect envoy` command returns the following output: ```shell-session hideClipboard From c1fedba08e1ac332dabb604b9e958072dbbf4c52 Mon Sep 17 00:00:00 2001 From: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Date: Mon, 3 Oct 2022 13:59:41 -0500 Subject: [PATCH 09/10] Update website/content/docs/connect/proxies/envoy.mdx --- website/content/docs/connect/proxies/envoy.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/connect/proxies/envoy.mdx b/website/content/docs/connect/proxies/envoy.mdx index b1082ee838..0d5067e5d0 100644 --- a/website/content/docs/connect/proxies/envoy.mdx +++ b/website/content/docs/connect/proxies/envoy.mdx @@ -176,7 +176,7 @@ The [Advanced Configuration](#advanced-configuration) section describes addition ### Bootstrap Envoy on Windows VMs -> Complete the [Connect Services on Windows Workloads to Consul Service Mesh tutorial](/tutorials/consul/consul-on-windows-workloads) to learn how to deploy Consul and use its service mesh on Windows VMs. +> Complete the [Connect Services on Windows Workloads to Consul Service Mesh tutorial](https://learn.hashicorp.com/tutorials/consul/consul-on-windows-workloads) to learn how to deploy Consul and use its service mesh on Windows VMs. If you are running Consul on a Windows VM, attempting to bootstrap Envoy with the `consul connect envoy` command returns the following output: From 6b4d15f23399267bbc34af3d3e5496383cf9ac4b Mon Sep 17 00:00:00 2001 From: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Date: Mon, 3 Oct 2022 14:03:00 -0500 Subject: [PATCH 10/10] Update website/content/docs/connect/proxies/envoy.mdx --- website/content/docs/connect/proxies/envoy.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/connect/proxies/envoy.mdx b/website/content/docs/connect/proxies/envoy.mdx index 0d5067e5d0..0e7f843227 100644 --- a/website/content/docs/connect/proxies/envoy.mdx +++ b/website/content/docs/connect/proxies/envoy.mdx @@ -176,7 +176,7 @@ The [Advanced Configuration](#advanced-configuration) section describes addition ### Bootstrap Envoy on Windows VMs -> Complete the [Connect Services on Windows Workloads to Consul Service Mesh tutorial](https://learn.hashicorp.com/tutorials/consul/consul-on-windows-workloads) to learn how to deploy Consul and use its service mesh on Windows VMs. +> Complete the [Connect Services on Windows Workloads to Consul Service Mesh tutorial](https://learn.hashicorp.com/tutorials/consul/consul-on-windows-workloads?utm_source=docs) to learn how to deploy Consul and use its service mesh on Windows VMs. If you are running Consul on a Windows VM, attempting to bootstrap Envoy with the `consul connect envoy` command returns the following output: