Merge pull request #11037 from hashicorp/docs/mesh-header-manip
Document HTTP Header manipulation options added in #10613
This commit is contained in:
commit
51769d1f95
|
@ -397,9 +397,13 @@ spec:
|
||||||
<Tabs>
|
<Tabs>
|
||||||
<Tab heading="Consul OSS">
|
<Tab heading="Consul OSS">
|
||||||
|
|
||||||
Set up a HTTP listener on an ingress gateway named "us-east-ingress" to proxy
|
Set up an HTTP listener on an ingress gateway named "us-east-ingress" to proxy
|
||||||
traffic to a virtual service named "api".
|
traffic to a virtual service named "api".
|
||||||
|
|
||||||
|
Additionally, ensure internal-only debug headers are stripped before responding
|
||||||
|
to external clients, and that requests to internal services are labelled to
|
||||||
|
indicate which gateway they came through.
|
||||||
|
|
||||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
|
@ -413,6 +417,14 @@ Listeners = [
|
||||||
Services = [
|
Services = [
|
||||||
{
|
{
|
||||||
Name = "api"
|
Name = "api"
|
||||||
|
RequestHeaders {
|
||||||
|
Add {
|
||||||
|
"x-gateway" = "us-east-ingress"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ResponseHeaders {
|
||||||
|
Remove = ["x-debug"]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -430,6 +442,7 @@ spec:
|
||||||
protocol: http
|
protocol: http
|
||||||
services:
|
services:
|
||||||
- name: api
|
- name: api
|
||||||
|
# HTTP Header manipulation is not yet supported in Kubernetes CRD
|
||||||
```
|
```
|
||||||
|
|
||||||
```json
|
```json
|
||||||
|
@ -442,7 +455,15 @@ spec:
|
||||||
"Protocol": "http",
|
"Protocol": "http",
|
||||||
"Services": [
|
"Services": [
|
||||||
{
|
{
|
||||||
"Name": "api"
|
"Name": "api",
|
||||||
|
"RequestHeaders": {
|
||||||
|
"Add": {
|
||||||
|
"x-gateway": "us-east-ingress"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"ResponseHeaders": {
|
||||||
|
"Remove": ["x-debug"]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -455,9 +476,13 @@ spec:
|
||||||
</Tab>
|
</Tab>
|
||||||
<Tab heading="Consul Enterprise">
|
<Tab heading="Consul Enterprise">
|
||||||
|
|
||||||
Set up a HTTP listener on an ingress gateway named "us-east-ingress" in the
|
Set up an HTTP listener on an ingress gateway named "us-east-ingress" in the
|
||||||
default namespace to proxy traffic to a virtual service named "api".
|
default namespace to proxy traffic to a virtual service named "api".
|
||||||
|
|
||||||
|
Additionally, ensure internal-only debug headers are stripped before responding
|
||||||
|
to external clients, and that requests to internal services are labelled to
|
||||||
|
indicate which gateway they came through.
|
||||||
|
|
||||||
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
|
@ -473,6 +498,14 @@ Listeners = [
|
||||||
{
|
{
|
||||||
Name = "api"
|
Name = "api"
|
||||||
Namespace = "frontend"
|
Namespace = "frontend"
|
||||||
|
RequestHeaders {
|
||||||
|
Add {
|
||||||
|
"x-gateway" = "us-east-ingress"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ResponseHeaders {
|
||||||
|
Remove = ["x-debug"]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -492,6 +525,7 @@ spec:
|
||||||
services:
|
services:
|
||||||
- name: api
|
- name: api
|
||||||
namespace: frontend
|
namespace: frontend
|
||||||
|
# HTTP Header manipulation is not yet supported in Kubernetes CRD
|
||||||
```
|
```
|
||||||
|
|
||||||
```json
|
```json
|
||||||
|
@ -506,7 +540,15 @@ spec:
|
||||||
"Services": [
|
"Services": [
|
||||||
{
|
{
|
||||||
"Name": "api",
|
"Name": "api",
|
||||||
"Namespace": "frontend"
|
"Namespace": "frontend",
|
||||||
|
"RequestHeaders": {
|
||||||
|
"Add": {
|
||||||
|
"x-gateway": "us-east-ingress"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"ResponseHeaders": {
|
||||||
|
"Remove": ["x-debug"]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -838,6 +880,22 @@ spec:
|
||||||
records. For example, \`*.example.com\` is valid, while \`example.*\` and
|
records. For example, \`*.example.com\` is valid, while \`example.*\` and
|
||||||
\`*-suffix.example.com\` are not.`,
|
\`*-suffix.example.com\` are not.`,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
yaml: false,
|
||||||
|
name: 'RequestHeaders',
|
||||||
|
type: 'HTTPHeaderModifiers: <optional>',
|
||||||
|
description: `A set of [HTTP-specific header modification rules](/docs/connect/config-entries/service-router#httpheadermodifiers)
|
||||||
|
that will be applied to requests routed to this service.
|
||||||
|
This cannot be used with a \`tcp\` listener.`,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
yaml: false,
|
||||||
|
name: 'ResponseHeaders',
|
||||||
|
type: 'HTTPHeaderModifiers: <optional>',
|
||||||
|
description: `A set of [HTTP-specific header modification rules](/docs/connect/config-entries/service-router#httpheadermodifiers)
|
||||||
|
that will be applied to responses from this service.
|
||||||
|
This cannot be used with a \`tcp\` listener.`,
|
||||||
|
},
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
|
|
|
@ -574,6 +574,71 @@ spec:
|
||||||
description:
|
description:
|
||||||
'A list of HTTP response status codes that are eligible for retry.',
|
'A list of HTTP response status codes that are eligible for retry.',
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
yaml: false,
|
||||||
|
name: 'RequestHeaders',
|
||||||
|
type: 'HTTPHeaderModifiers: <optional>',
|
||||||
|
description: `A set of [HTTP-specific header modification rules](/docs/connect/config-entries/service-router#httpheadermodifiers)
|
||||||
|
that will be applied to requests routed to this service.
|
||||||
|
This cannot be used with a \`tcp\` listener.`,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
yaml: false,
|
||||||
|
name: 'ResponseHeaders',
|
||||||
|
type: 'HTTPHeaderModifiers: <optional>',
|
||||||
|
description: `A set of [HTTP-specific header modification rules](/docs/connect/config-entries/service-router#httpheadermodifiers)
|
||||||
|
that will be applied to responses from this service.
|
||||||
|
This cannot be used with a \`tcp\` listener.`,
|
||||||
|
},
|
||||||
|
]}
|
||||||
|
/>
|
||||||
|
|
||||||
|
|
||||||
|
### `HTTPHeaderModifiers`
|
||||||
|
|
||||||
|
<ConfigEntryReference
|
||||||
|
topLevel={false}
|
||||||
|
yaml={false}
|
||||||
|
keys={[
|
||||||
|
{
|
||||||
|
hcl: false,
|
||||||
|
name: 'Unsupported',
|
||||||
|
type: '',
|
||||||
|
description: `HTTP Header modification is not yet supported in our Kubernetes CRDs.`,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
yaml: false,
|
||||||
|
name: 'Add',
|
||||||
|
type: 'map<string|string>: optional',
|
||||||
|
description: `The set of key/value pairs that specify header values to add.
|
||||||
|
Use header names as keys. Header names are _not_ case-sensitive.
|
||||||
|
If header values with the same name already exist, the value set here will
|
||||||
|
be appended and both will be present.
|
||||||
|
If Envoy is used as the proxy, the value may contain
|
||||||
|
[variable placeholders](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#custom-request-response-headers) for example
|
||||||
|
\`%DOWNSTREAM_REMOTE_ADDRESS%\` to interpolate dynamic request
|
||||||
|
metadata into the value added.`,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
yaml: false,
|
||||||
|
name: 'Set',
|
||||||
|
type: 'map<string|string>: optional',
|
||||||
|
description: `The set of key/value pairs that specify header values to add.
|
||||||
|
Use header names as keys. Header names are _not_ case-sensitive.
|
||||||
|
If header values with the same name already exist, the value set here will
|
||||||
|
_replace_ them.
|
||||||
|
If Envoy is used as the proxy, the value may contain
|
||||||
|
[variable placeholders](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#custom-request-response-headers) for example
|
||||||
|
\`%DOWNSTREAM_REMOTE_ADDRESS%\` to interpolate dynamic request
|
||||||
|
metadata into the value added.`,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
yaml: false,
|
||||||
|
name: 'Remove',
|
||||||
|
type: 'array<string>: optional',
|
||||||
|
description: `The set of header names to remove. Only headers
|
||||||
|
whose names are a <i>case-insensitive</i> exact match will be removed`,
|
||||||
|
},
|
||||||
]}
|
]}
|
||||||
/>
|
/>
|
||||||
|
|
||||||
|
|
|
@ -146,6 +146,68 @@ spec:
|
||||||
|
|
||||||
</CodeTabs>
|
</CodeTabs>
|
||||||
|
|
||||||
|
|
||||||
|
### Set HTTP Headers
|
||||||
|
|
||||||
|
Split traffic between two subsets with extra headers added so clients can tell
|
||||||
|
which version (not yet supported in Kubernetes CRD):
|
||||||
|
|
||||||
|
<CodeTabs tabs={[ "HCL", "JSON" ]}>
|
||||||
|
|
||||||
|
```hcl
|
||||||
|
Kind = "service-splitter"
|
||||||
|
Name = "web"
|
||||||
|
Splits = [
|
||||||
|
{
|
||||||
|
Weight = 90
|
||||||
|
ServiceSubset = "v1"
|
||||||
|
ResponseHeaders {
|
||||||
|
Set {
|
||||||
|
"X-Web-Version": "v1"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Weight = 10
|
||||||
|
ServiceSubset = "v2"
|
||||||
|
ResponseHeaders {
|
||||||
|
Set {
|
||||||
|
"X-Web-Version": "v2"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
]
|
||||||
|
```
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"Kind": "service-splitter",
|
||||||
|
"Name": "web",
|
||||||
|
"Splits": [
|
||||||
|
{
|
||||||
|
"Weight": 90,
|
||||||
|
"ServiceSubset": "v1",
|
||||||
|
"ResponseHeaders": {
|
||||||
|
"Set": {
|
||||||
|
"X-Web-Version": "v1"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"Weight": 10,
|
||||||
|
"ServiceSubset": "v2",
|
||||||
|
"ResponseHeaders": {
|
||||||
|
"Set": {
|
||||||
|
"X-Web-Version": "v2"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
</CodeTabs>
|
||||||
|
|
||||||
## Available Fields
|
## Available Fields
|
||||||
|
|
||||||
<ConfigEntryReference
|
<ConfigEntryReference
|
||||||
|
@ -231,6 +293,22 @@ spec:
|
||||||
description:
|
description:
|
||||||
'The namespace to resolve the service from instead of the current namespace. If empty the current namespace is assumed.',
|
'The namespace to resolve the service from instead of the current namespace. If empty the current namespace is assumed.',
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
yaml: false,
|
||||||
|
name: 'RequestHeaders',
|
||||||
|
type: 'HTTPHeaderModifiers: <optional>',
|
||||||
|
description: `A set of [HTTP-specific header modification rules](/docs/connect/config-entries/service-router#httpheadermodifiers)
|
||||||
|
that will be applied to requests routed to this split.
|
||||||
|
This cannot be used with a \`tcp\` listener.`,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
yaml: false,
|
||||||
|
name: 'ResponseHeaders',
|
||||||
|
type: 'HTTPHeaderModifiers: <optional>',
|
||||||
|
description: `A set of [HTTP-specific header modification rules](/docs/connect/config-entries/service-router#httpheadermodifiers)
|
||||||
|
that will be applied to responses from this split.
|
||||||
|
This cannot be used with a \`tcp\` listener.`,
|
||||||
|
},
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
]}
|
]}
|
||||||
|
|
Loading…
Reference in New Issue