fix a bunch of broken links

This commit is contained in:
Jeff Escalante 2020-08-18 18:22:29 -04:00
parent 14545999c6
commit 46a7884eb5
No known key found for this signature in database
GPG Key ID: 32D23C61AB5450DB
18 changed files with 158 additions and 127 deletions

View File

@ -101,4 +101,4 @@ The Consul Helm chart can automate much of Consul Connect's configuration, and
makes it easy to automatically inject Envoy sidecars into new pods when they are makes it easy to automatically inject Envoy sidecars into new pods when they are
deployed. Learn about the [Helm chart](/docs/platform/k8s/helm) in general, deployed. Learn about the [Helm chart](/docs/platform/k8s/helm) in general,
or if you are already familiar with it, check out it's or if you are already familiar with it, check out it's
[connect specific configurations](/docs/platform/k8s/connect/overview). [connect specific configurations](/docs/platform/k8s/connect).

View File

@ -10,7 +10,7 @@ description: |-
-> **1.8.0+:** This feature is available in Consul versions 1.8.0 and higher -> **1.8.0+:** This feature is available in Consul versions 1.8.0 and higher
~> This topic requires familiarity with [mesh gateways](/docs/connect/mesh-gateway). ~> This topic requires familiarity with [mesh gateways](/docs/connect/gateways/mesh-gateway).
WAN federation via mesh gateways allows for Consul servers in different datacenters WAN federation via mesh gateways allows for Consul servers in different datacenters
to be federated exclusively through mesh gateways. to be federated exclusively through mesh gateways.

View File

@ -423,7 +423,7 @@ environment.
[counting-1.json]: https://raw.githubusercontent.com/hashicorp/demo-consul-101/master/demo-config-localhost/counting-1.json [counting-1.json]: https://raw.githubusercontent.com/hashicorp/demo-consul-101/master/demo-config-localhost/counting-1.json
[dashboard service]: https://github.com/hashicorp/demo-consul-101/releases/download/0.0.2/dashboard-service_linux_amd64.zip [dashboard service]: https://github.com/hashicorp/demo-consul-101/releases/download/0.0.2/dashboard-service_linux_amd64.zip
[dashboard.json]: https://raw.githubusercontent.com/hashicorp/demo-consul-101/master/demo-config-localhost/dashboard.json [dashboard.json]: https://raw.githubusercontent.com/hashicorp/demo-consul-101/master/demo-config-localhost/dashboard.json
[default acl policy]: https://www.consul.io/docs/agent/options.html#acl_default_policy [default acl policy]: https://www.consul.io/docs/agent/options#acl_default_policy
[demo-consul-101 project]: https://github.com/hashicorp/demo-consul-101 [demo-consul-101 project]: https://github.com/hashicorp/demo-consul-101
[dev agent]: https://learn.hashicorp.com/consul/getting-started/agent [dev agent]: https://learn.hashicorp.com/consul/getting-started/agent
[docker guide]: https://learn.hashicorp.com/consul/day-0/containers-guide [docker guide]: https://learn.hashicorp.com/consul/day-0/containers-guide
@ -432,11 +432,11 @@ environment.
[img-flow]: /static/img/consul/connect-getting-started/consul_connect_demo_service_flow.png [img-flow]: /static/img/consul/connect-getting-started/consul_connect_demo_service_flow.png
[img-screenshot1]: /static/img/consul/connect-getting-started/screenshot1.png [img-screenshot1]: /static/img/consul/connect-getting-started/screenshot1.png
[img-screenshot2]: /static/img/consul/connect-getting-started/screenshot2.png [img-screenshot2]: /static/img/consul/connect-getting-started/screenshot2.png
[intention]: https://www.consul.io/docs/connect/intentions.html [intention]: https://www.consul.io/docs/connect/intentions
[services-api]: https://www.consul.io/api/agent/service.html#register-service [services-api]: https://www.consul.io/api/agent/service#register-service
[services-cli]: https://www.consul.io/docs/commands/services.html [services-cli]: https://www.consul.io/docs/commands/services
[services-config]: https://www.consul.io/docs/agent/services.html#service-definition [services-config]: https://www.consul.io/docs/agent/services#service-definition
[services-nomad]: https://www.nomadproject.io/docs/job-specification/service.html [services-nomad]: https://www.nomadproject.io/docs/job-specification/service
[sidecar]: https://docs.microsoft.com/en-us/azure/architecture/patterns/sidecar [sidecar]: https://docs.microsoft.com/en-us/azure/architecture/patterns/sidecar
[sidecar_service]: https://www.consul.io/docs/connect/registration/sidecar-service.html [sidecar_service]: https://www.consul.io/docs/connect/registration/sidecar-service
[services-k8s]: https://www.consul.io/docs/platform/k8s/connect/overview.html#installation-and-configuration [services-k8s]: https://www.consul.io/docs/platform/k8s/connect#installation-and-configuration

View File

@ -80,4 +80,4 @@ $ consul -v
Consul currently supports all 'evergreen' browsers, as they are generally on Consul currently supports all 'evergreen' browsers, as they are generally on
up-to-date versions. For more information on supported browsers, please see our up-to-date versions. For more information on supported browsers, please see our
[FAQ](/faq.mdx) [FAQ](/docs/faq)

View File

@ -286,7 +286,7 @@ If you have tried the above troubleshooting steps and are still stuck, DataWire
[ingress controller]: https://blog.getambassador.io/kubernetes-ingress-nodeport-load-balancers-and-ingress-controllers-6e29f1c44f2d [ingress controller]: https://blog.getambassador.io/kubernetes-ingress-nodeport-load-balancers-and-ingress-controllers-6e29f1c44f2d
[proxies]: /docs/connect/proxies [proxies]: /docs/connect/proxies
[service sync]: /docs/k8s/service-sync [service sync]: /docs/k8s/service-sync
[connect sidecar]: /docs/k8s/connect/overview [connect sidecar]: /docs/k8s/connect
[install]: https://www.getambassador.io/user-guide/consul-connect-ambassador/ [install]: https://www.getambassador.io/user-guide/consul-connect-ambassador/
[ambassador-service.yaml]: https://www.getambassador.io/yaml/ambassador/ambassador-service.yaml [ambassador-service.yaml]: https://www.getambassador.io/yaml/ambassador/ambassador-service.yaml
[request access]: https://d6e.co/slack [request access]: https://d6e.co/slack

View File

@ -88,20 +88,20 @@ global:
name: consul name: consul
server: server:
extraVolumes: extraVolumes:
- type: secret - type: secret
name: vault-config name: vault-config
load: true load: true
items: items:
- key: config - key: config
path: vault-config.json path: vault-config.json
- type: secret - type: secret
name: vault-ca name: vault-ca
load: false load: false
connectInject: connectInject:
enabled: true enabled: true
``` ```
Finally, [install](/docs/k8s/installation/overview#installing-consul) the Helm chart using the above config file: Finally, [install](/docs/k8s/installation#installing-consul) the Helm chart using the above config file:
```shell-session ```shell-session
$ helm install consul -f config.yaml hashicorp/consul $ helm install consul -f config.yaml hashicorp/consul

View File

@ -21,12 +21,12 @@ your cluster, making configuration for Kubernetes automatic.
This functionality is provided by the This functionality is provided by the
[consul-k8s project](https://github.com/hashicorp/consul-k8s) and can be [consul-k8s project](https://github.com/hashicorp/consul-k8s) and can be
automatically installed and configured using the automatically installed and configured using the
[Consul Helm chart](/docs/k8s/installation/overview). [Consul Helm chart](/docs/k8s/installation).
## Usage ## Usage
When the When the
[Connect injector is installed](/docs/k8s/connect/overview#installation-and-configuration), [Connect injector is installed](/docs/k8s/connect#installation-and-configuration),
the Connect sidecar can be automatically added to all pods. This sidecar can both the Connect sidecar can be automatically added to all pods. This sidecar can both
accept and establish connections using Connect, enabling the pod to communicate accept and establish connections using Connect, enabling the pod to communicate
to clients and dependencies exclusively over authorized and encrypted to clients and dependencies exclusively over authorized and encrypted
@ -78,7 +78,7 @@ spec:
The only change for Connect is the addition of the The only change for Connect is the addition of the
`consul.hashicorp.com/connect-inject` annotation. This enables injection `consul.hashicorp.com/connect-inject` annotation. This enables injection
for this pod. The injector can also be for this pod. The injector can also be
[configured](/docs/k8s/connect/overview#installation-and-configuration) [configured](/docs/k8s/connect#installation-and-configuration)
to automatically inject unless explicitly disabled, but the default to automatically inject unless explicitly disabled, but the default
installation requires opt-in using the annotation shown above. installation requires opt-in using the annotation shown above.
@ -131,7 +131,7 @@ spec:
``` ```
Pods must specify upstream dependencies with the Pods must specify upstream dependencies with the
[`consul.hashicorp.com/connect-service-upstreams` annotation](/docs/k8s/connect/overview#consul-hashicorp-com-connect-service-upstreams). [`consul.hashicorp.com/connect-service-upstreams` annotation](/docs/k8s/connect#consul-hashicorp-com-connect-service-upstreams).
This annotation declares the names of any upstream dependencies and a This annotation declares the names of any upstream dependencies and a
local port for the proxy to listen on. When a connection is established to that local local port for the proxy to listen on. When a connection is established to that local
port, the proxy establishes a connection to the target service port, the proxy establishes a connection to the target service
@ -332,7 +332,7 @@ provided by the
[consul-k8s project](https://github.com/hashicorp/consul-k8s). [consul-k8s project](https://github.com/hashicorp/consul-k8s).
This enables the automatic pod mutation shown in the usage section above. This enables the automatic pod mutation shown in the usage section above.
Installation of the mutating admission webhook is automated using the Installation of the mutating admission webhook is automated using the
[Helm chart](/docs/k8s/installation/overview). [Helm chart](/docs/k8s/installation).
To install the Connect injector, enable the Connect injection feature using To install the Connect injector, enable the Connect injection feature using
[Helm values](/docs/k8s/helm#configuration-values) and [Helm values](/docs/k8s/helm#configuration-values) and
@ -505,7 +505,7 @@ See [consul.hashicorp.com/connect-service-upstreams](#consul-hashicorp-com-conne
### Verifying the Installation ### Verifying the Installation
To verify the installation, run the To verify the installation, run the
["Accepting Inbound Connections"](/docs/k8s/connect/overview#accepting-inbound-connections) ["Accepting Inbound Connections"](/docs/k8s/connect#accepting-inbound-connections)
example from the "Usage" section above. After running this example, run example from the "Usage" section above. After running this example, run
`kubectl get pod static-server -o yaml`. In the raw YAML output, you should `kubectl get pod static-server -o yaml`. In the raw YAML output, you should
see injected Connect containers and an annotation see injected Connect containers and an annotation

View File

@ -16,14 +16,15 @@ See [Ingress Gateways](/docs/connect/ingress-gateway) for more information on us
Adding an ingress gateway is a multi-step process that consists of the following steps: Adding an ingress gateway is a multi-step process that consists of the following steps:
* Setting the helm chart configuration - Setting the helm chart configuration
* Deploying the helm chart - Deploying the helm chart
* Configuring the gateway - Configuring the gateway
* Defining an Intention (if ACLs are enabled) - Defining an Intention (if ACLs are enabled)
* Deploying your application to Kubernetes - Deploying your application to Kubernetes
* Connecting to your application - Connecting to your application
## Setting the helm chart configuration ## Setting the helm chart configuration
When deploying the helm chart you must provide helm with a custom yaml file that contains your environment configuration. When deploying the helm chart you must provide helm with a custom yaml file that contains your environment configuration.
```yaml ```yaml
@ -38,25 +39,25 @@ ingressGateways:
service: service:
type: LoadBalancer type: LoadBalancer
``` ```
~> *Note:* this will create a public unauthenticated LoadBalancer in your cluster, please take appropriate security considerations.
~> _Note:_ this will create a public unauthenticated LoadBalancer in your cluster, please take appropriate security considerations.
The yaml snippet is the launching point for a valid configuration that must be supplied when installing using the [official consul-helm chart](https://hub.helm.sh/charts/hashicorp/consul). The yaml snippet is the launching point for a valid configuration that must be supplied when installing using the [official consul-helm chart](https://hub.helm.sh/charts/hashicorp/consul).
Information on additional options can be found in the [Helm reference](/docs/k8s/helm). Configuration options for ingress gateways reside under the [ingressGateways](/docs/k8s/helm#v-ingressgateways) entry. Information on additional options can be found in the [Helm reference](/docs/k8s/helm). Configuration options for ingress gateways reside under the [ingressGateways](/docs/k8s/helm#v-ingressgateways) entry.
The gateways stanza is where you will define and configure the set of ingress gateways you want deployed to your environment. The gateways stanza is where you will define and configure the set of ingress gateways you want deployed to your environment.
The only required field for each entry is `name`, though entries may contain any of the fields found in the `defaults` stanza. The only required field for each entry is `name`, though entries may contain any of the fields found in the `defaults` stanza.
Values in this section override the values from the defaults stanza for the given ingress gateway with one exception: Values in this section override the values from the defaults stanza for the given ingress gateway with one exception:
the annotations from the defaults stanza will be *appended* to any user-defined annotations defined in the gateways stanza rather than being overridden. the annotations from the defaults stanza will be _appended_ to any user-defined annotations defined in the gateways stanza rather than being overridden.
Please refer to the ingress gateway configuration [documentation](/docs/k8s/helm#v-ingressgateways-defaults) for a detailed explanation of each option. Please refer to the ingress gateway configuration [documentation](/docs/k8s/helm#v-ingressgateways-defaults) for a detailed explanation of each option.
-> *Note*: Make sure any ports that will be used as listeners in the ingress gateway's Consul config entry are included -> _Note_: Make sure any ports that will be used as listeners in the ingress gateway's Consul config entry are included
in the `ports` object for each gateway. By default ports 8080 and 8443 are exposed for traffic. in the `ports` object for each gateway. By default ports 8080 and 8443 are exposed for traffic.
## Deploying the helm chart ## Deploying the helm chart
Ensure you have the latest consul-helm chart and install Consul via helm using the following Ensure you have the latest consul-helm chart and install Consul via helm using the following
[guide](/docs/k8s/installation/overview#installing-consul) while being sure to provide the yaml configuration [guide](/docs/k8s/installation#installing-consul) while being sure to provide the yaml configuration
as previously discussed. as previously discussed.
## Configuring the gateway ## Configuring the gateway
@ -64,8 +65,8 @@ as previously discussed.
Now that Consul has been installed with ingress gateways enabled, you must add the corresponding configuration to Consul. This requires you to use the Consul CLI. Now that Consul has been installed with ingress gateways enabled, you must add the corresponding configuration to Consul. This requires you to use the Consul CLI.
Configuring the ingress gateway requires: Configuring the ingress gateway requires:
* Accessing the Consul server - Accessing the Consul server
* Submitting an Ingress Gateway configuration entry to Consul - Submitting an Ingress Gateway configuration entry to Consul
### Accessing the Consul server ### Accessing the Consul server
@ -74,17 +75,20 @@ You can access the Consul server directly from your host via `kubectl port-forwa
```shell-session ```shell-session
$ kubectl port-forward consul-server-0 8500 & $ kubectl port-forward consul-server-0 8500 &
``` ```
If TLS is enabled use port 8501. If TLS is enabled use port 8501.
-> Download the latest Consul binary from [Downloads](/downloads.html). -> Download the latest Consul binary from [Downloads](/downloads.html).
[https://releases.hashicorp.com/consul/](https://releases.hashicorp.com/consul/) [https://releases.hashicorp.com/consul/](https://releases.hashicorp.com/consul/)
If TLS is enabled set: If TLS is enabled set:
```shell-session ```shell-session
$ export CONSUL_HTTP_ADDR=https://localhost:8501 $ export CONSUL_HTTP_ADDR=https://localhost:8501
``` ```
If ACLs are enabled set : If ACLs are enabled set :
```shell-session ```shell-session
$ export CONSUL_HTTP_TOKEN=$(kubectl get secret consul-bootstrap-acl-token -o jsonpath={.data.token} | base64 -D) $ export CONSUL_HTTP_TOKEN=$(kubectl get secret consul-bootstrap-acl-token -o jsonpath={.data.token} | base64 -D)
$ export CONSUL_HTTP_SSL_VERIFY=false $ export CONSUL_HTTP_SSL_VERIFY=false
@ -129,6 +133,7 @@ If TLS is enabled, use :
If ACLs are enabled, you must define an [intention](/docs/connect/intentions) to allow the ingress gateway to access the upstream services defined in the config entry. If ACLs are enabled, you must define an [intention](/docs/connect/intentions) to allow the ingress gateway to access the upstream services defined in the config entry.
To create an intention that allows the ingress gateway to route to the service `static-server`, run: To create an intention that allows the ingress gateway to route to the service `static-server`, run:
```shell-session ```shell-session
$ consul intention create ingress-gateway static-server $ consul intention create ingress-gateway static-server
``` ```
@ -136,6 +141,7 @@ $ consul intention create ingress-gateway static-server
For detailed instructions on how to configure zero-trust networking with intentions please refer to this [guide](https://learn.hashicorp.com/tutorials/consul/service-mesh-zero-trust-network). For detailed instructions on how to configure zero-trust networking with intentions please refer to this [guide](https://learn.hashicorp.com/tutorials/consul/service-mesh-zero-trust-network).
## Deploying your application to Kubernetes ## Deploying your application to Kubernetes
Now you will deploy a sample application which echoes “hello world” Now you will deploy a sample application which echoes “hello world”
```yaml ```yaml
@ -198,7 +204,7 @@ ingressGateways:
gateways: gateways:
- name: ingress-gateway - name: ingress-gateway
service: service:
type: LoadBalancer type: LoadBalancer
``` ```
And run Helm upgrade: And run Helm upgrade:

View File

@ -21,10 +21,10 @@ your components, you should be running a compatible version by default.
Adding a terminating gateway is a multi-step process: Adding a terminating gateway is a multi-step process:
* Update the helm chart with terminating gateway config options - Update the helm chart with terminating gateway config options
* Deploying the helm chart - Deploying the helm chart
* Accessing the Consul agent - Accessing the Consul agent
* Register external services with Consul - Register external services with Consul
## Update the helm chart with terminating gateway config options ## Update the helm chart with terminating gateway config options
@ -42,7 +42,7 @@ terminatingGateways:
## Deploying the helm chart ## Deploying the helm chart
Ensure you have the latest consul-helm chart and install Consul via helm using the following Ensure you have the latest consul-helm chart and install Consul via helm using the following
[guide](/docs/k8s/installation/overview#installing-consul) while being sure to provide the yaml configuration [guide](/docs/k8s/installation#installing-consul) while being sure to provide the yaml configuration
as previously discussed. as previously discussed.
## Accessing the Consul agent ## Accessing the Consul agent
@ -52,7 +52,9 @@ You can access the Consul server directly from your host via `kubectl port-forwa
```shell-session ```shell-session
$ kubectl port-foward consul-server-0 8500 & $ kubectl port-foward consul-server-0 8500 &
``` ```
If TLS is enabled use port 8501: If TLS is enabled use port 8501:
```shell-session ```shell-session
$ kubectl port-foward consul-server-0 8501 & $ kubectl port-foward consul-server-0 8501 &
``` ```
@ -63,12 +65,16 @@ $ kubectl port-foward consul-server-0 8501 &
```shell-session ```shell-session
$ export CONSUL_HTTP_ADDR=http://localhost:8500 $ export CONSUL_HTTP_ADDR=http://localhost:8500
``` ```
If TLS is enabled set: If TLS is enabled set:
```shell-session ```shell-session
$ export CONSUL_HTTP_ADDR=https://localhost:8501 $ export CONSUL_HTTP_ADDR=https://localhost:8501
$ export CONSUL_HTTP_SSL_VERIFY=false $ export CONSUL_HTTP_SSL_VERIFY=false
``` ```
If ACLs are enabled also set: If ACLs are enabled also set:
```shell-session ```shell-session
$ export CONSUL_HTTP_TOKEN=$(kubectl get secret consul-bootstrap-acl-token -o jsonpath={.data.token} | base64 -D) $ export CONSUL_HTTP_TOKEN=$(kubectl get secret consul-bootstrap-acl-token -o jsonpath={.data.token} | base64 -D)
``` ```
@ -76,46 +82,52 @@ $ export CONSUL_HTTP_TOKEN=$(kubectl get secret consul-bootstrap-acl-token -o js
## Register external services with Consul ## Register external services with Consul
Registering the external services with Consul is a multi-step process: Registering the external services with Consul is a multi-step process:
* Register external services with Consul
* Update the terminating gateway ACL token if ACLs are enabled
* Create the configuration entry for the terminating gateway
* Create intentions to allow access from services in the mesh to external service
* Define upstream annotations for any services that need to talk to the external services
- Register external services with Consul
- Update the terminating gateway ACL token if ACLs are enabled
- Create the configuration entry for the terminating gateway
- Create intentions to allow access from services in the mesh to external service
- Define upstream annotations for any services that need to talk to the external services
### Register external services with Consul ### Register external services with Consul
Create a sample external service and register it with Consul. Create a sample external service and register it with Consul.
```json ```json
{ {
"Node": "legacy_node", "Node": "legacy_node",
"Address": "example.com", "Address": "example.com",
"NodeMeta": { "NodeMeta": {
"external-node": "true", "external-node": "true",
"external-probe": "true" "external-probe": "true"
}, },
"Service": { "Service": {
"ID": "example-https", "ID": "example-https",
"Service": "example-https", "Service": "example-https",
"Port": 443 "Port": 443
} }
} }
``` ```
Register the external service with Consul: Register the external service with Consul:
```shell-session ```shell-session
$ curl --request PUT --data @external.json -k $CONSUL_HTTP_ADDR/v1/catalog/register $ curl --request PUT --data @external.json -k $CONSUL_HTTP_ADDR/v1/catalog/register
``` ```
If ACLs and TLS are enabled : If ACLs and TLS are enabled :
```shell-session ```shell-session
$ curl --request PUT --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" --data @external.json -k $CONSUL_HTTP_ADDR/v1/catalog/register $ curl --request PUT --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" --data @external.json -k $CONSUL_HTTP_ADDR/v1/catalog/register
``` ```
### Update terminating gateway ACL token if ACLs are enabled ### Update terminating gateway ACL token if ACLs are enabled
If ACLs are enabled, update the terminating gateway acl token to have `service: write` permissions on all of the services If ACLs are enabled, update the terminating gateway acl token to have `service: write` permissions on all of the services
being represented by the gateway: being represented by the gateway:
* Create a new policy that includes these permissions
* Update the existing token to include the new policy - Create a new policy that includes these permissions
- Update the existing token to include the new policy
~> The CLI command should be run with the `-merge-policies`, `-merge-roles` and `-merge-service-identities` so ~> The CLI command should be run with the `-merge-policies`, `-merge-roles` and `-merge-service-identities` so
nothing is removed from the terminating gateway token nothing is removed from the terminating gateway token
@ -125,21 +137,28 @@ service "example-https" {
policy = "write" policy = "write"
} }
``` ```
```shell-session ```shell-session
$ consul acl policy create -name "example-https-write-policy" -rules @write-policy.hcl $ consul acl policy create -name "example-https-write-policy" -rules @write-policy.hcl
``` ```
Now fetch the id of the terminating gateway token Now fetch the id of the terminating gateway token
```shell-session ```shell-session
$ consul acl token list | grep terminating-gateway-terminating-gateway-token $ consul acl token list | grep terminating-gateway-terminating-gateway-token
``` ```
Update the terminating gateway acl token with the new policy Update the terminating gateway acl token with the new policy
```shell-session ```shell-session
$ consul acl token update -id <token-id> -policy-name example-https-write-policy -merge-policies -merge-roles -merge-service-identities $ consul acl token update -id <token-id> -policy-name example-https-write-policy -merge-policies -merge-roles -merge-service-identities
``` ```
### Create the configuration entry for the terminating gateway ### Create the configuration entry for the terminating gateway
Once the tokens have been updated, next write the Consul [config](/docs/agent/config-entries/terminating-gateway) Once the tokens have been updated, next write the Consul [config](/docs/agent/config-entries/terminating-gateway)
entry for the terminating gateway: entry for the terminating gateway:
```hcl ```hcl
Kind = "terminating-gateway" Kind = "terminating-gateway"
Name = "terminating-gateway" Name = "terminating-gateway"
@ -150,20 +169,24 @@ Services = [
} }
] ]
``` ```
~> If TLS is enabled a `CAFile` must be provided, it must point to the system trust store of the terminating gateway ~> If TLS is enabled a `CAFile` must be provided, it must point to the system trust store of the terminating gateway
container. container.
Submit the terminating gateway entry with the Consul CLI using this command. Submit the terminating gateway entry with the Consul CLI using this command.
```shell-session ```shell-session
$ consul config write terminating-gateway.hcl $ consul config write terminating-gateway.hcl
``` ```
If using ACLs and TLS, create intentions to allow access from services in the mesh to the external service If using ACLs and TLS, create intentions to allow access from services in the mesh to the external service
```shell-session ```shell-session
$ consul intention create -allow static-client example-https $ consul intention create -allow static-client example-https
``` ```
### Define the external services as upstreams for services in the mesh ### Define the external services as upstreams for services in the mesh
Finally define and deploy the external services as upstreams for the internal mesh services that wish to talk to them. Finally define and deploy the external services as upstreams for the internal mesh services that wish to talk to them.
An example deployment is provided which will serve as a static client for the terminating gateway service. An example deployment is provided which will serve as a static client for the terminating gateway service.
@ -188,25 +211,27 @@ spec:
labels: labels:
app: static-client app: static-client
annotations: annotations:
"consul.hashicorp.com/connect-inject": "true" 'consul.hashicorp.com/connect-inject': 'true'
"consul.hashicorp.com/connect-service-upstreams": "example-https:1234" 'consul.hashicorp.com/connect-service-upstreams': 'example-https:1234'
spec: spec:
containers: containers:
# This name will be the service name in Consul. # This name will be the service name in Consul.
- name: static-client - name: static-client
image: tutum/curl:latest image: tutum/curl:latest
command: [ "/bin/sh", "-c", "--" ] command: ['/bin/sh', '-c', '--']
args: [ "while true; do sleep 30; done;" ] args: ['while true; do sleep 30; done;']
# If ACLs are enabled, the serviceAccountName must match the Consul service name. # If ACLs are enabled, the serviceAccountName must match the Consul service name.
serviceAccountName: static-client serviceAccountName: static-client
``` ```
Run the service via `kubectl apply`: Run the service via `kubectl apply`:
```shell-session ```shell-session
$ kubectl apply -f static-client.yaml $ kubectl apply -f static-client.yaml
``` ```
You can verify connectivity of the static-client and terminating gateway via a curl command: You can verify connectivity of the static-client and terminating gateway via a curl command:
```shell-session ```shell-session
$ kubectl exec deploy/static-client -- curl -vvvs -H "Host: example-https.com" http://localhost:1234/ $ kubectl exec deploy/static-client -- curl -vvvs -H "Host: example-https.com" http://localhost:1234/
``` ```

View File

@ -194,11 +194,11 @@ and consider if they're appropriate for your deployment.
# Resources are defined as a YAML map: # Resources are defined as a YAML map:
resources: resources:
requests: requests:
memory: "25Mi" memory: '25Mi'
cpu: "20m" cpu: '20m'
limits: limits:
memory: "50Mi" memory: '50Mi'
cpu: "20m" cpu: '20m'
``` ```
- `server` ((#v-server)) - Values that configure running a Consul server within Kubernetes. - `server` ((#v-server)) - Values that configure running a Consul server within Kubernetes.
@ -419,7 +419,7 @@ and consider if they're appropriate for your deployment.
- `grpc` ((#v-client-grpc)) (`boolean: true`) - If true, agents will enable their GRPC listener on - `grpc` ((#v-client-grpc)) (`boolean: true`) - If true, agents will enable their GRPC listener on
port 8502 and expose it to the host. This will use slightly more resources, but is port 8502 and expose it to the host. This will use slightly more resources, but is
required for [Connect](/docs/k8s/connect/overview). required for [Connect](/docs/k8s/connect).
- `exposeGossipPorts` ((#v-client-exposegossipports)) (`boolean: false`) - If true, the Helm chart - `exposeGossipPorts` ((#v-client-exposegossipports)) (`boolean: false`) - If true, the Helm chart
will expose the clients' gossip ports as hostPorts. This is only necessary if pod IPs in the k8s cluster are not directly routable and the Consul servers are outside of the k8s cluster. will expose the clients' gossip ports as hostPorts. This is only necessary if pod IPs in the k8s cluster are not directly routable and the Consul servers are outside of the k8s cluster.
@ -662,7 +662,7 @@ and consider if they're appropriate for your deployment.
- `additionalSpec` ((#v-ui-service-additionalspec)) (`string: null`) - Additional Service spec - `additionalSpec` ((#v-ui-service-additionalspec)) (`string: null`) - Additional Service spec
values. This should be a multi-line string mapping directly to a Kubernetes `Service` object. values. This should be a multi-line string mapping directly to a Kubernetes `Service` object.
- `connectInject` ((#v-connectinject)) - Values that configure running the [Connect injector](/docs/k8s/connect/overview). - `connectInject` ((#v-connectinject)) - Values that configure running the [Connect injector](/docs/k8s/connect).
- `enabled` ((#v-connectinject-enabled)) (`boolean: false`) - If true, the chart will install all the - `enabled` ((#v-connectinject-enabled)) (`boolean: false`) - If true, the chart will install all the
resources necessary for the Connect injector process to run. This will enable the injector but will resources necessary for the Connect injector process to run. This will enable the injector but will
@ -672,7 +672,7 @@ and consider if they're appropriate for your deployment.
(including any tag) for the [consul-k8s](https://github.com/hashicorp/consul-k8s) binary. (including any tag) for the [consul-k8s](https://github.com/hashicorp/consul-k8s) binary.
- `default` ((#v-connectinject-default)) (`boolean: false`) - If true, the injector will inject the - `default` ((#v-connectinject-default)) (`boolean: false`) - If true, the injector will inject the
Connect sidecar into all pods by default. Otherwise, pods must specify the. [injection annotation](/docs/k8s/connect/overview#consul-hashicorp-com-connect-inject) Connect sidecar into all pods by default. Otherwise, pods must specify the. [injection annotation](/docs/k8s/connect#consul-hashicorp-com-connect-inject)
to opt-in to Connect injection. If this is true, pods can use the same annotation to opt-in to Connect injection. If this is true, pods can use the same annotation
to explicitly opt-out of injection. to explicitly opt-out of injection.
@ -773,7 +773,7 @@ and consider if they're appropriate for your deployment.
configuration feature. Pods that have a Connect proxy injected will have their service automatically registered in this central configuration. configuration feature. Pods that have a Connect proxy injected will have their service automatically registered in this central configuration.
- `defaultProtocol` ((#v-connectinject-centralconfig-defaultprotocol)) (`string: null`) - If - `defaultProtocol` ((#v-connectinject-centralconfig-defaultprotocol)) (`string: null`) - If
defined, this value will be used as the default protocol type for all services registered with the central configuration. This can be overridden by using the [protocol annotation](/docs/k8s/connect/overview#consul-hashicorp-com-connect-service-protocol) directly on any pod spec. defined, this value will be used as the default protocol type for all services registered with the central configuration. This can be overridden by using the [protocol annotation](/docs/k8s/connect#consul-hashicorp-com-connect-service-protocol) directly on any pod spec.
- `proxyDefaults` ((#v-connectinject-centralconfig-proxydefaults)) (`string: "{}"`) - This value is - `proxyDefaults` ((#v-connectinject-centralconfig-proxydefaults)) (`string: "{}"`) - This value is
a raw json string that will be applied to all Connect proxy sidecar pods. It can include any valid configuration for the configured proxy. a raw json string that will be applied to all Connect proxy sidecar pods. It can include any valid configuration for the configured proxy.
@ -797,11 +797,11 @@ and consider if they're appropriate for your deployment.
# Resources are defined as a YAML map: # Resources are defined as a YAML map:
resources: resources:
requests: requests:
memory: "25Mi" memory: '25Mi'
cpu: "20m" cpu: '20m'
limits: limits:
memory: "50Mi" memory: '50Mi'
cpu: "20m" cpu: '20m'
``` ```
- `sidecarProxy` ((#v-connectinject-sidecarproxy)) - Configure the sidecar proxy that is injected into each Connect pod. - `sidecarProxy` ((#v-connectinject-sidecarproxy)) - Configure the sidecar proxy that is injected into each Connect pod.
@ -811,17 +811,17 @@ and consider if they're appropriate for your deployment.
[ResourceRequirements](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) object. [ResourceRequirements](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) object.
By default, each key is set to `null`, which results in no resource limits. By default, each key is set to `null`, which results in no resource limits.
These defaults can be overridden on a per-pod basis via [annotation](/docs/k8s/connect/overview#consul-hashicorp-com-sidecar-proxy). These defaults can be overridden on a per-pod basis via [annotation](/docs/k8s/connect#consul-hashicorp-com-sidecar-proxy).
```yaml ```yaml
# Recommended defaults # Recommended defaults
resources: resources:
requests: requests:
memory: "100Mi" memory: '100Mi'
cpu: "100m" cpu: '100m'
limits: limits:
memory: "100Mi" memory: '100Mi'
cpu: "100m" cpu: '100m'
``` ```
- `meshGateway` ((#v-meshgateway)) - Configure mesh gateways. - `meshGateway` ((#v-meshgateway)) - Configure mesh gateways.
@ -933,11 +933,11 @@ and consider if they're appropriate for your deployment.
# Resources are defined as a YAML map: # Resources are defined as a YAML map:
resources: resources:
requests: requests:
memory: "25Mi" memory: '25Mi'
cpu: "50m" cpu: '50m'
limits: limits:
memory: "150Mi" memory: '150Mi'
cpu: "50m" cpu: '50m'
``` ```
- `affinity` ((#v-meshgateway-affinity)) (`string`) - Affinity setting for gateway pods. See values file for default. - `affinity` ((#v-meshgateway-affinity)) (`string`) - Affinity setting for gateway pods. See values file for default.
@ -989,11 +989,11 @@ and consider if they're appropriate for your deployment.
# Resources are defined as a YAML map: # Resources are defined as a YAML map:
resources: resources:
requests: requests:
memory: "25Mi" memory: '25Mi'
cpu: "50m" cpu: '50m'
limits: limits:
memory: "150Mi" memory: '150Mi'
cpu: "50m" cpu: '50m'
``` ```
- `affinity` ((#v-ingressgateways-defaults-affinity)) (`string`) - Affinity setting for gateway pods. See values file for default. - `affinity` ((#v-ingressgateways-defaults-affinity)) (`string`) - Affinity setting for gateway pods. See values file for default.
@ -1049,11 +1049,11 @@ and consider if they're appropriate for your deployment.
# Resources are defined as a YAML map: # Resources are defined as a YAML map:
resources: resources:
requests: requests:
memory: "25Mi" memory: '25Mi'
cpu: "50m" cpu: '50m'
limits: limits:
memory: "150Mi" memory: '150Mi'
cpu: "50m" cpu: '50m'
``` ```
- `affinity` ((#v-terminatinggateways-defaults-affinity)) (`string`) - Affinity setting for gateway pods. See values file for default. - `affinity` ((#v-terminatinggateways-defaults-affinity)) (`string`) - Affinity setting for gateway pods. See values file for default.

View File

@ -70,12 +70,12 @@ There are several ways to try Consul with Kubernetes in different environments.
- The [Consul and Kubernetes Deployment](https://learn.hashicorp.com/tutorials/consul/kubernetes-deployment-guide?utm_source=consul.io&utm_medium=docs) tutorial covers the necessary steps to install and configure a new Consul cluster on Kubernetes in production. - The [Consul and Kubernetes Deployment](https://learn.hashicorp.com/tutorials/consul/kubernetes-deployment-guide?utm_source=consul.io&utm_medium=docs) tutorial covers the necessary steps to install and configure a new Consul cluster on Kubernetes in production.
- The [Secure Consul and Registered Services on Kubernetes](https://learn.hashicorp.com/tutorials/consul/kubernetes-secure-agents?in=consul/kubernetes) tutorial covers - The [Secure Consul and Registered Services on Kubernetes](https://learn.hashicorp.com/tutorials/consul/kubernetes-secure-agents?in=consul/kubernetes) tutorial covers
the necessary steps to secure a Consul cluster running on Kubernetes in production. the necessary steps to secure a Consul cluster running on Kubernetes in production.
- The [Layer 7 Observability with Consul Service Mesh](https://learn.hashicorp.com/tutorials/consul/kubernetes-layer7-observability) tutorial covers monitoring a - The [Layer 7 Observability with Consul Service Mesh](https://learn.hashicorp.com/tutorials/consul/kubernetes-layer7-observability) tutorial covers monitoring a
Consul service mesh running on Kubernetes with Prometheus and Grafana. Consul service mesh running on Kubernetes with Prometheus and Grafana.
**Documentation** **Documentation**
- [Installing Consul](/docs/k8s/installation/overview) covers how to install Consul using the Helm chart. - [Installing Consul](/docs/k8s/installation) covers how to install Consul using the Helm chart.
- [Helm Chart Reference](/docs/k8s/helm) describes the different options for configuring the Helm chart. - [Helm Chart Reference](/docs/k8s/helm) describes the different options for configuring the Helm chart.

View File

@ -55,7 +55,7 @@ You may also consider adopting Consul Enterprise for
-> **Note:** Consul on Kubernetes currently does not support external servers that require mutual authentication -> **Note:** Consul on Kubernetes currently does not support external servers that require mutual authentication
for the HTTPS clients of the Consul servers, that is when servers have either for the HTTPS clients of the Consul servers, that is when servers have either
`verify_incoming` or `verify_incoming_https` set to `true`. `verify_incoming` or `verify_incoming_https` set to `true`.
As noted in the [Security Model](docs/internals/security#secure-configuration), As noted in the [Security Model](/docs/internals/security#secure-configuration),
that setting isn't strictly necessary to support Consul's threat model as it is recommended that that setting isn't strictly necessary to support Consul's threat model as it is recommended that
all requests contain a valid ACL token. all requests contain a valid ACL token.
@ -116,7 +116,7 @@ The bootstrap token requires the following minimal permissions:
- `agent:read` if using WAN federation over mesh gateways - `agent:read` if using WAN federation over mesh gateways
Next, configure external servers. The Helm chart will use this configuration to talk to the Consul server's API Next, configure external servers. The Helm chart will use this configuration to talk to the Consul server's API
to create policies, tokens, and an auth method. If you are [enabling Consul Connect](/docs/k8s/connect/overview), to create policies, tokens, and an auth method. If you are [enabling Consul Connect](/docs/k8s/connect),
`k8sAuthMethodHost` should be set to the address of your Kubernetes API server `k8sAuthMethodHost` should be set to the address of your Kubernetes API server
so that the Consul servers can validate a Kubernetes service account token when using the [Kubernetes auth method](https://www.consul.io/docs/acl/auth-methods/kubernetes.html) so that the Consul servers can validate a Kubernetes service account token when using the [Kubernetes auth method](https://www.consul.io/docs/acl/auth-methods/kubernetes.html)
with `consul login`. with `consul login`.

View File

@ -18,7 +18,7 @@ a server running inside or outside of Kubernetes.
This page starts with a large how-to section for various specific tasks. This page starts with a large how-to section for various specific tasks.
To learn more about the general architecture of Consul on Kubernetes, scroll To learn more about the general architecture of Consul on Kubernetes, scroll
down to the [architecture](/docs/k8s/installation/overview.html#architecture) section. down to the [architecture](/docs/k8s/installation#architecture) section.
If you would like to get hands-on experience testing Consul as a service mesh If you would like to get hands-on experience testing Consul as a service mesh
for Kubernetes, check the guides in the [Getting Started with Consul service for Kubernetes, check the guides in the [Getting Started with Consul service
mesh](https://learn.hashicorp.com/consul/gs-consul-service-mesh/understand-consul-service-mesh?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) track. mesh](https://learn.hashicorp.com/consul/gs-consul-service-mesh/understand-consul-service-mesh?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) track.
@ -98,7 +98,7 @@ create a `config.yaml` file to override the default settings.
You can learn what settings are available by running `helm inspect values hashicorp/consul` You can learn what settings are available by running `helm inspect values hashicorp/consul`
or by reading the [Helm Chart Reference](/docs/k8s/helm). or by reading the [Helm Chart Reference](/docs/k8s/helm).
For example, if you want to enable the [Consul Connect](/docs/k8s/connect/overview) feature, For example, if you want to enable the [Consul Connect](/docs/k8s/connect) feature,
use the following config file: use the following config file:
```yaml ```yaml
@ -185,7 +185,7 @@ has important caching behavior, and allows you to use the simpler
[`/agent` endpoints for services and checks](/api/agent). [`/agent` endpoints for services and checks](/api/agent).
For Consul installed via the Helm chart, a client agent is installed on For Consul installed via the Helm chart, a client agent is installed on
each Kubernetes node. This is explained in the [architecture](/docs/k8s/installation/overview#client-agents) each Kubernetes node. This is explained in the [architecture](/docs/k8s/installation#client-agents)
section. To access the agent, you may use the section. To access the agent, you may use the
[downward API](https://kubernetes.io/docs/tasks/inject-data-application/downward-api-volume-expose-pod-information/). [downward API](https://kubernetes.io/docs/tasks/inject-data-application/downward-api-volume-expose-pod-information/).
@ -297,7 +297,7 @@ The clients expose the Consul HTTP API via a static port (default 8500)
bound to the host port. This enables all other pods on the node to connect bound to the host port. This enables all other pods on the node to connect
to the node-local agent using the host IP that can be retrieved via the to the node-local agent using the host IP that can be retrieved via the
Kubernetes downward API. See Kubernetes downward API. See
[accessing the Consul HTTP API](/docs/k8s/installation/overview#accessing-the-consul-http-api) [accessing the Consul HTTP API](/docs/k8s/installation#accessing-the-consul-http-api)
for an example. for an example.
There is a major limitation to this: there is no way to bind to a local-only There is a major limitation to this: there is no way to bind to a local-only

View File

@ -10,11 +10,11 @@ description: >-
-> **1.8.0+:** This feature is available in Consul versions 1.8.0 and higher -> **1.8.0+:** This feature is available in Consul versions 1.8.0 and higher
~> This topic requires familiarity with [Mesh Gateways](/docs/connect/mesh-gateway) and [WAN Federation Via Mesh Gateways](/docs/connect/wan-federation-via-mesh-gateways). ~> This topic requires familiarity with [Mesh Gateways](/docs/connect/mesh-gateway) and [WAN Federation Via Mesh Gateways](/docs/connect/gateways/wan-federation-via-mesh-gateways).
-> Looking for a step-by-step guide? Please follow our Learn tutorial: [Secure and Route Service Mesh Communication Across Kubernetes](https://learn.hashicorp.com/tutorials/consul/kubernetes-mesh-gateways). -> Looking for a step-by-step guide? Please follow our Learn tutorial: [Secure and Route Service Mesh Communication Across Kubernetes](https://learn.hashicorp.com/tutorials/consul/kubernetes-mesh-gateways).
This page describes how to federate multiple Kubernetes clusters. See [Multi-Cluster Overview](/docs/k8s/installation/multi-cluster/overview) This page describes how to federate multiple Kubernetes clusters. See [Multi-Cluster Overview](/docs/k8s/installation/multi-cluster)
for more information on use-cases and how it works. for more information on use-cases and how it works.
## Primary Datacenter ## Primary Datacenter
@ -113,7 +113,7 @@ Modifications:
mesh gateway, for example using a Node Port service or a custom DNS entry, mesh gateway, for example using a Node Port service or a custom DNS entry,
see the [Helm reference](/docs/k8s/helm#v-meshgateway) for that setting. see the [Helm reference](/docs/k8s/helm#v-meshgateway) for that setting.
With your `config.yaml` ready to go, follow our [Installation Guide](/docs/k8s/installation/overview With your `config.yaml` ready to go, follow our [Installation Guide](/docs/k8s/installation)
to install Consul on your primary cluster and then skip ahead to the [Federation Secret](#federation-secret) to install Consul on your primary cluster and then skip ahead to the [Federation Secret](#federation-secret)
section. section.
@ -152,7 +152,7 @@ If you've set `enableAutoEncrypt: true`, this is also supported.
creates a Kubernetes Load Balancer service. If you wish to customize the creates a Kubernetes Load Balancer service. If you wish to customize the
mesh gateway, see the [Helm reference](/docs/k8s/helm#v-meshgateway) for that setting. mesh gateway, see the [Helm reference](/docs/k8s/helm#v-meshgateway) for that setting.
With the above settings added to your existing config, follow the [Upgrading](/localhost:3000/docs/k8s/operations/upgrading) With the above settings added to your existing config, follow the [Upgrading](/docs/k8s/operations/upgrading)
guide to upgrade your cluster and then come back to the [Federation Secret](#federation-secret) section. guide to upgrade your cluster and then come back to the [Federation Secret](#federation-secret) section.
-> **NOTE:** You must be using consul-helm 0.21.0+. To update, run `helm repo update`. -> **NOTE:** You must be using consul-helm 0.21.0+. To update, run `helm repo update`.
@ -244,7 +244,7 @@ The automatically generated federation secret contains:
## Secondary Cluster(s) ## Secondary Cluster(s)
With the primary cluster up and running, and the [federation secret](/docs/installation/multi-cluster#federation-secret) imported With the primary cluster up and running, and the [federation secret](/docs/k8s/installation/multi-cluster#federation-secret) imported
into the secondary cluster, we can now install Consul into the secondary into the secondary cluster, we can now install Consul into the secondary
cluster. cluster.
@ -337,7 +337,7 @@ Modifications:
mesh gateway, for example using a Node Port service or a custom DNS entry, mesh gateway, for example using a Node Port service or a custom DNS entry,
see the [Helm reference](/docs/k8s/helm#v-meshgateway) for that setting. see the [Helm reference](/docs/k8s/helm#v-meshgateway) for that setting.
With your `config.yaml` ready to go, follow our [Installation Guide](/docs/k8s/installation/overview) With your `config.yaml` ready to go, follow our [Installation Guide](/docs/k8s/installation)
to install Consul on your secondary cluster(s). to install Consul on your secondary cluster(s).
## Verifying Federation ## Verifying Federation
@ -375,7 +375,7 @@ You can switch kubectl contexts and run the same command in `dc2` with the flag
### Consul UI ### Consul UI
We can also use the Consul UI to verify federation. We can also use the Consul UI to verify federation.
See [Viewing the Consul UI](docs/k8s/installation/overview#viewing-the-consul-ui) See [Viewing the Consul UI](/docs/k8s/installation#viewing-the-consul-ui)
for instructions on how to view the UI. for instructions on how to view the UI.
~> NOTE: If ACLs are enabled, your kubectl context must be in the primary datacenter ~> NOTE: If ACLs are enabled, your kubectl context must be in the primary datacenter
@ -391,4 +391,4 @@ in the top left:
With your Kubernetes clusters federated, try out using Consul service mesh to With your Kubernetes clusters federated, try out using Consul service mesh to
route between services deployed on each cluster by following our Learn tutorial: [Secure and Route Service Mesh Communication Across Kubernetes](https://learn.hashicorp.com/tutorials/consul/kubernetes-mesh-gateways#deploy-microservices). route between services deployed on each cluster by following our Learn tutorial: [Secure and Route Service Mesh Communication Across Kubernetes](https://learn.hashicorp.com/tutorials/consul/kubernetes-mesh-gateways#deploy-microservices).
You can also read our in-depth documentation on [Consul Service Mesh In Kubernetes](/docs/k8s/connect/overview). You can also read our in-depth documentation on [Consul Service Mesh In Kubernetes](/docs/k8s/connect).

View File

@ -10,11 +10,11 @@ description: >-
-> **1.8.0+:** This feature is available in Consul versions 1.8.0 and higher -> **1.8.0+:** This feature is available in Consul versions 1.8.0 and higher
~> This topic requires familiarity with [Mesh Gateways](/docs/connect/mesh-gateway) and [WAN Federation Via Mesh Gateways](/docs/connect/wan-federation-via-mesh-gateways). ~> This topic requires familiarity with [Mesh Gateways](/docs/connect/mesh-gateway) and [WAN Federation Via Mesh Gateways](/docs/connect/gateways/wan-federation-via-mesh-gateways).
Consul datacenters running on non-kubernetes platforms like VMs or bare metal can Consul datacenters running on non-kubernetes platforms like VMs or bare metal can
be federated with Kubernetes datacenters. Just like with Kubernetes, one datacenter be federated with Kubernetes datacenters. Just like with Kubernetes, one datacenter
must be the [primary](/docs/k8s/installation/multi-cluster/installation#primary-datacenter). must be the [primary](/docs/k8s/installation/multi-cluster#primary-datacenter).
## Kubernetes as the Primary ## Kubernetes as the Primary
@ -285,7 +285,7 @@ server:
name of your primary datacenter running on VMs and with the IPs of your mesh name of your primary datacenter running on VMs and with the IPs of your mesh
gateways running on VMs. gateways running on VMs.
With your config file ready to go, follow our [Installation Guide](/docs/k8s/installation/overview With your config file ready to go, follow our [Installation Guide](/docs/k8s/installation)
to install Consul on your secondary cluster(s). to install Consul on your secondary cluster(s).
## Next Steps ## Next Steps

View File

@ -9,7 +9,7 @@ description: Installing Consul on Self Hosted Kubernetes
Except for creating persistent volumes (see below), installing Consul on your Except for creating persistent volumes (see below), installing Consul on your
self-hosted Kubernetes cluster is the same process as installing Consul on a self-hosted Kubernetes cluster is the same process as installing Consul on a
cloud-hosted Kubernetes cluster. See the [Installation Overview](/docs/k8s/installation/overview) cloud-hosted Kubernetes cluster. See the [Installation Overview](/docs/k8s/installation)
for install instructions. for install instructions.
## Predefined Persistent Volume Claims (PVCs) ## Predefined Persistent Volume Claims (PVCs)

View File

@ -35,7 +35,7 @@ This upgrade will trigger a rolling update of the clients, as well as any
other `consul-k8s` components, such as sync catalog or client snapshot deployments. other `consul-k8s` components, such as sync catalog or client snapshot deployments.
1. Perform a rolling upgrade of the servers, as described in 1. Perform a rolling upgrade of the servers, as described in
[Upgrade Consul Servers](/docs/k8s/upgrading#upgrading-consul-servers). [Upgrade Consul Servers](/docs/k8s/operations/upgrading#upgrading-consul-servers).
1. Repeat steps 1 and 2, turning on TLS verification by setting `global.tls.verify` 1. Repeat steps 1 and 2, turning on TLS verification by setting `global.tls.verify`
to `true`. to `true`.
@ -72,7 +72,7 @@ applications to it.
``` ```
In this configuration, we're setting `server.updatePartition` to the number of In this configuration, we're setting `server.updatePartition` to the number of
server replicas as described in [Upgrade Consul Servers](/docs/k8s/upgrading#upgrading-consul-servers) server replicas as described in [Upgrade Consul Servers](/docs/k8s/operations/upgrading#upgrading-consul-servers)
and `client.updateStrategy` to `OnDelete` to manually trigger an upgrade of the clients. and `client.updateStrategy` to `OnDelete` to manually trigger an upgrade of the clients.
1. Run `helm upgrade` with the above config file. The upgrade will trigger an update of all 1. Run `helm upgrade` with the above config file. The upgrade will trigger an update of all
@ -95,7 +95,7 @@ applications to it.
the sidecar proxy. Also, Kubernetes should schedule these applications on the new node pool. the sidecar proxy. Also, Kubernetes should schedule these applications on the new node pool.
1. Perform a rolling upgrade of the servers described in 1. Perform a rolling upgrade of the servers described in
[Upgrade Consul Servers](/docs/k8s/upgrading#upgrading-consul-servers). [Upgrade Consul Servers](/docs/k8s/operations/upgrading#upgrading-consul-servers).
1. If everything is healthy, delete the old node pool. 1. If everything is healthy, delete the old node pool.

View File

@ -15,7 +15,7 @@ services are available to Consul agents and services in Consul can be available
as first-class Kubernetes services. This functionality is provided by the as first-class Kubernetes services. This functionality is provided by the
[consul-k8s project](https://github.com/hashicorp/consul-k8s) and can be [consul-k8s project](https://github.com/hashicorp/consul-k8s) and can be
automatically installed and configured using the automatically installed and configured using the
[Consul Helm chart](/docs/k8s/installation/overview). [Consul Helm chart](/docs/k8s/installation).
**Why sync Kubernetes services to Consul?** Kubernetes services synced to the **Why sync Kubernetes services to Consul?** Kubernetes services synced to the
Consul catalog enable Kubernetes services to be accessed by any node that Consul catalog enable Kubernetes services to be accessed by any node that
@ -132,7 +132,7 @@ instances to be equal to the nodes running the target pods.
By default it will use the external IP of the node but this can be configured via By default it will use the external IP of the node but this can be configured via
the [`nodePortSyncType` helm option](/docs/k8s/helm#v-synccatalog-nodeportsynctype). the [`nodePortSyncType` helm option](/docs/k8s/helm#v-synccatalog-nodeportsynctype).
The service instance's port will be set to the *first* defined node port of the service unless The service instance's port will be set to the _first_ defined node port of the service unless
set specifically via the `consul.hashicorp.com/service-port` annotation (see [Service Ports](/docs/k8s/service-sync#service-ports)). set specifically via the `consul.hashicorp.com/service-port` annotation (see [Service Ports](/docs/k8s/service-sync#service-ports)).
#### LoadBalancer #### LoadBalancer
@ -142,7 +142,7 @@ the external IP of the created load balancer. Because this is already a load
balancer, only one service instance will be registered with Consul rather balancer, only one service instance will be registered with Consul rather
than registering each individual pod endpoint. than registering each individual pod endpoint.
The service instance's port will be set to the *first* defined port of the The service instance's port will be set to the _first_ defined port of the
service unless set specifically via the `consul.hashicorp.com/service-port` annotation (see [Service Ports](/docs/k8s/service-sync#service-ports)). service unless set specifically via the `consul.hashicorp.com/service-port` annotation (see [Service Ports](/docs/k8s/service-sync#service-ports)).
#### External IPs #### External IPs
@ -157,7 +157,7 @@ If an external IP list is present, a service instance in Consul will be created
for each external IP. It is assumed that if an external IP is present that it for each external IP. It is assumed that if an external IP is present that it
is routable and configured by some other system. is routable and configured by some other system.
The service instance's port will be set to the *first* defined port of the The service instance's port will be set to the _first_ defined port of the
service unless set specifically via the `consul.hashicorp.com/service-port` annotation (see [Service Ports](/docs/k8s/service-sync#service-ports)). service unless set specifically via the `consul.hashicorp.com/service-port` annotation (see [Service Ports](/docs/k8s/service-sync#service-ports)).
#### ClusterIP #### ClusterIP