Merge pull request #14357 from hashicorp/replace-learn-links

Update Learn links in prep for DevDot
This commit is contained in:
Tu Nguyen 2022-08-28 19:34:06 -07:00 committed by GitHub
commit 6ca0680f95
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
117 changed files with 434 additions and 294 deletions

View file

@ -14,7 +14,7 @@ The `/acl/auth-method` endpoints [create](#create-an-auth-method),
ACL auth methods in Consul.
For more information on how to setup ACLs, please check
the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
the [ACL tutorial](/consul/tutorials/security/access-control-setup-production?utm_source=docs).
## Create an Auth Method

View file

@ -14,7 +14,7 @@ The `/acl/binding-rule` endpoints [create](#create-a-binding-rule),
rules in Consul.
For more information on how to setup ACLs, please check
the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
the [ACL tutorial](/consul/tutorials/security/access-control-setup-production?utm_source=docs).
## Create a Binding Rule

View file

@ -11,7 +11,7 @@ description: The /acl endpoints manage the Consul's ACL system.
The `/acl` endpoints are used to manage ACL tokens and policies in Consul, [bootstrap the ACL system](#bootstrap-acls), [check ACL replication status](#check-acl-replication), and [translate rules](#translate-rules). There are additional pages for managing [tokens](/api-docs/acl/tokens) and [policies](/api-docs/acl/policies) with the `/acl` endpoints.
For more information on how to setup ACLs, please check
the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
the [ACL tutorial](/consul/tutorials/security/access-control-setup-production?utm_source=docs).
## Bootstrap ACLs
@ -80,7 +80,7 @@ consider the cluster in a potentially compromised state.
The returned token will have unrestricted privileges to manage all details of the system.
It can then be used to further configure the ACL system. Please check the
[ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production) for more details.
[ACL tutorial](/consul/tutorials/security/access-control-setup-production?utm_source=docs) for more details.
## Check ACL Replication
@ -88,7 +88,7 @@ This endpoint returns the status of the ACL replication processes in the
datacenter. This is intended to be used by operators or by automation checking
to discover the health of ACL replication.
Please check the [ACL Replication tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-replication-multiple-datacenters)
Please check the [ACL Replication tutorial](/consul/tutorials/security-operations/access-control-replication-multiple-datacenters?utm_source=docs)
for more details.
| Method | Path | Produces |

View file

@ -14,7 +14,7 @@ the new ACL [Token](/api-docs/acl/tokens) and [Policy](/api-docs/acl/policies) A
The legacy `/acl` endpoints to create, update, destroy, and query legacy ACL tokens in Consul.
For more information about ACLs, please check the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
For more information about ACLs, please check the [ACL tutorial](/consul/tutorials/security/access-control-setup-production?utm_source=docs).
## Create ACL Token

View file

@ -13,7 +13,7 @@ The `/acl/policy` endpoints [create](#create-a-policy), [read](#read-a-policy),
[delete](#delete-a-policy) ACL policies in Consul.
For more information on how to setup ACLs, please check
the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
the [ACL tutorial](/consul/tutorials/security/access-control-setup-production?utm_source=docs).
## Create a Policy

View file

@ -12,7 +12,7 @@ The `/acl/role` endpoints [create](#create-a-role), [read](#read-a-role),
[update](#update-a-role), [list](#list-roles) and [delete](#delete-a-role) ACL roles in Consul.
For more information on how to setup ACLs, please check
the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
the [ACL tutorial](/consul/tutorials/security/access-control-setup-production?utm_source=docs).
## Create a Role

View file

@ -12,7 +12,7 @@ The `/acl/token` endpoints [create](#create-a-token), [read](#read-a-token),
[update](#update-a-token), [list](#list-tokens), [clone](#clone-a-token) and [delete](#delete-a-token) ACL tokens in Consul.
For more information on how to setup ACLs, please check
the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
the [ACL tutorial](/consul/tutorials/security/access-control-setup-production?utm_source=docs).
## Create a Token

View file

@ -210,7 +210,7 @@ The corresponding CLI command is [`consul kv put`](/commands/kv/put).
session has locked the key.**
For an example of how to use the lock feature, check the
[Leader Election tutorial](https://learn.hashicorp.com/tutorials/consul/application-leader-elections).
[Leader Election tutorial](/consul/tutorials/developer-configuration/application-leader-elections?utm_source=docs).
- `release` `(string: "")` - Supply a session ID to use in a release operation. This is
useful when paired with `?acquire=` as it allows clients to yield a lock. This

View file

@ -24,7 +24,7 @@ datacenters, so not all servers need to be fully connected. This allows for
complex topologies among Consul datacenters like hub/spoke and more general
trees.
Please check the [Network Areas tutorial](https://learn.hashicorp.com/tutorials/consul/federation-network-areas) for more details.
Please check the [Network Areas tutorial](/consul/tutorials/datacenter-operations/federation-network-areas?utm_source=docs) for more details.
## Create Network Area

View file

@ -13,7 +13,7 @@ The `/operator/autopilot` endpoints allow for automatic operator-friendly
management of Consul servers including cleanup of dead servers, monitoring
the state of the Raft cluster, and stable server introduction.
Please check the [Autopilot tutorial](https://learn.hashicorp.com/tutorials/consul/autopilot-datacenter-operations) for more details.
Please check the [Autopilot tutorial](/consul/tutorials/datacenter-operations/autopilot-datacenter-operations?utm_source=docs) for more details.
## Read Configuration

View file

@ -17,7 +17,7 @@ If ACLs are enabled then a token with operator privileges may be required in
order to use this interface. Check the [ACL Rules documentation](/docs/security/acl/acl-rules#operator-rules)
for more information.
Check the [Outage Recovery](https://learn.hashicorp.com/tutorials/consul/recovery-outage) tutorial for some examples of
Check the [Outage Recovery](/consul/tutorials/datacenter-operations/recovery-outage?utm_source=docs) tutorial for some examples of
how these capabilities are used.
Please choose a sub-section in the navigation for more information.

View file

@ -18,7 +18,7 @@ The network area functionality described here is available only in
later. Network segments are operator-defined sections of agents on the LAN, typically
isolated from other segments by network configuration.
Please check the [Network Segments tutorial](https://learn.hashicorp.com/tutorials/consul/network-partition-datacenters) for more details.
Please check the [Network Segments tutorial](/consul/tutorials/datacenter-operations/network-partition-datacenters?utm_source=docs) for more details.
## List Network Segments

View file

@ -14,7 +14,7 @@ service. This is particularly useful in combination with Consul's
[DNS Interface](/docs/discovery/dns#prepared-query-lookups) as it allows for much richer queries than
would be possible given the limited entry points exposed by DNS.
Check the [Geo Failover tutorial](https://learn.hashicorp.com/tutorials/consul/automate-geo-failover) for details and
Check the [Geo Failover tutorial](/consul/tutorials/developer-discovery/automate-geo-failover?utm_source=docs) for details and
examples for using prepared queries to implement geo failover for services.
Check the [prepared query rules](/docs/security/acl/acl-rules#prepared-query-rules)

View file

@ -77,7 +77,7 @@ The table below shows this endpoint's support for
86400s). If provided, the session is invalidated if it is not renewed before
the TTL expires. The lowest practical TTL should be used to keep the number of
managed sessions low. When locks are forcibly expired, such as when following
the [leader election pattern](https://learn.hashicorp.com/tutorials/consul/application-leader-elections) in an application,
the [leader election pattern](/consul/tutorials/developer-configuration/application-leader-elections?utm_source=docs) in an application,
sessions may not be reaped for up to double this TTL, so long TTL
values (> 1 hour) should be avoided. Valid time units include "s", "m" and "h".

View file

@ -12,7 +12,7 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/acl/bootstrap](/api-docs/acl#boots
The `acl bootstrap` command will request Consul to generate a new token with unlimited privileges to use
for management purposes and output its details. This can only be done once and afterwards bootstrapping
will be disabled. If all tokens are lost and you need to bootstrap again you can follow the bootstrap
[reset procedure](https://learn.hashicorp.com/consul/security-networking/acl-troubleshooting?utm_source=consul.io&utm_medium=docs#reset-the-acl-system).
[reset procedure](/consul/tutorials/security/access-control-troubleshoot?utm_source=docs#reset-the-acl-system).
The table below shows this command's [required ACLs](/api#authentication). Configuration of
[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching)

View file

@ -66,7 +66,7 @@ Usage: `consul acl token update [options]`
specified grant equivalent or appropriate access for the existing clients using
this token. You can find examples on how to use the parameter in the [legacy
token
migration](https://learn.hashicorp.com/consul/day-2-agent-authentication/migrate-acl-tokens)
migration](/consul/tutorials/security-operations/access-control-token-migration?utm_source=docs)
guide.
- `-format={pretty|json}` - Command output format. The default value is `pretty`.

View file

@ -57,7 +57,7 @@ consul force-leave ec2-001-staging
```
When run on a server that is part of a
[WAN gossip pool](https://learn.hashicorp.com/consul/security-networking/datacenters),
[WAN gossip pool](/consul/tutorials/networking/federation-gossip-wan?utm_source=docs),
`force-leave` can remove failed servers in other datacenters from the WAN pool.
The identifying node-name in a WAN pool is `[node-name].[datacenter]`.

View file

@ -132,7 +132,7 @@ Success! Data written to: leaderboard/scores
```
~> **Warning**: For secret and sensitive values, you should consider using a
secret management solution like **[HashiCorp's Vault](https://learn.hashicorp.com/tutorials/vault/static-secrets?in=vault/secrets-management)**.
secret management solution like **[HashiCorp's Vault](/vault/tutorials/secrets-management/static-secrets?utm_source=docs)**.
While it is possible to encrypt data before writing it to Consul's KV store,
Consul provides no built-in support for encryption at-rest.

View file

@ -20,7 +20,7 @@ Consul Enterprise license management.
If ACLs are enabled then a token with operator privileges may be required in
order to use this command. Requests are forwarded internally to the leader
if required, so this can be run from any Consul node in a cluster. See the
[ACL Guide](https://learn.hashicorp.com/consul/security-networking/production-acls) for more information.
[ACL Guide](/consul/tutorials/security/access-control-setup-production?utm_source=docs) for more information.
```text
Usage: consul license <subcommand> [options] [args]

View file

@ -18,11 +18,11 @@ communication is disrupted, the child process is terminated.
The number of lock holders is configurable with the `-n` flag. By default,
a single holder is allowed, and a lock is used for mutual exclusion. This
uses the [leader election algorithm](https://learn.hashicorp.com/consul/developer-configuration/elections).
uses the [leader election algorithm](/consul/tutorials/developer-configuration/application-leader-elections?utm_source=docs).
If the lock holder count is more than one, then a semaphore is used instead.
A semaphore allows more than a single holder, but this is less efficient than
a simple lock. This follows the [semaphore algorithm](https://learn.hashicorp.com/consul/developer-configuration/semaphore).
a simple lock. This follows the [semaphore algorithm](/consul/tutorials/developer-configuration/distributed-semaphore?utm_source=docs).
All locks using the same prefix must agree on the value of `-n`. If conflicting
values of `-n` are provided, an error will be returned.

View file

@ -21,7 +21,7 @@ and relationships can be made between independent pairs of datacenters, so not a
need to be fully connected. This allows for complex topologies among Consul datacenters like
hub/spoke and more general trees.
See the [Network Areas Guide](https://learn.hashicorp.com/consul/day-2-operations/advanced-federation) for more details.
See the [Network Areas Guide](/consul/tutorials/datacenter-operations/federation-network-areas?utm_source=docs) for more details.
```text
Usage: consul operator area <subcommand> [options]

View file

@ -12,7 +12,7 @@ Command: `consul operator autopilot`
The Autopilot operator command is used to interact with Consul's Autopilot subsystem. The
command can be used to view or modify the current Autopilot configuration. See the
[Autopilot Guide](https://learn.hashicorp.com/consul/day-2-operations/autopilot) for more information about Autopilot.
[Autopilot Guide](/consul/tutorials/datacenter-operations/autopilot-datacenter-operations?utm_source=docs) for more information about Autopilot.
```text
Usage: consul operator autopilot <subcommand> [options]

View file

@ -18,9 +18,9 @@ outage and even loss of data.
If ACLs are enabled then a token with operator privileges may be required in
order to use this command. Requests are forwarded internally to the leader
if required, so this can be run from any Consul node in a cluster. See the
[ACL Guide](https://learn.hashicorp.com/consul/security-networking/production-acls) for more information.
[ACL Guide](/consul/tutorials/security/access-control-setup-production?utm_source=docs) for more information.
See the [Outage Recovery](https://learn.hashicorp.com/consul/day-2-operations/outage) guide for some examples of how
See the [Outage Recovery](/consul/tutorials/datacenter-operations/recovery-outage?utm_source=docs) guide for some examples of how
this command is used. For an API to perform these operations programmatically,
please see the documentation for the [Operator](/api-docs/operator)
endpoint.

View file

@ -106,7 +106,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
- `alt_domain` Equivalent to the [`-alt-domain` command-line flag](/docs/agent/config/cli-flags#_alt_domain)
- `audit` <EnterpriseAlert inline /> - Added in Consul 1.8, the audit object allow users to enable auditing
and configure a sink and filters for their audit logs. For more information, review the [audit log tutorial](https://learn.hashicorp.com/tutorials/consul/audit-logging).
and configure a sink and filters for their audit logs. For more information, review the [audit log tutorial](/consul/tutorials/datacenter-operations/audit-logging?utm_source=docs).
<CodeTabs heading="Example audit configuration">
@ -182,7 +182,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
respected on bootstrapping. If they are not provided, the defaults will be used.
In order to change the value of these options after bootstrapping, you will need
to use the [Consul Operator Autopilot](/commands/operator/autopilot)
command. For more information about Autopilot, review the [Autopilot tutorial](https://learn.hashicorp.com/tutorials/consul/autopilot-datacenter-operations).
command. For more information about Autopilot, review the [Autopilot tutorial](/consul/tutorials/datacenter-operations/autopilot-datacenter-operations?utm_source=docs).
The following sub-keys are available:
@ -495,7 +495,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
only works with API endpoints, not `/ui` or `/debug`, those must be disabled
with their respective configuration options. Any CLI commands that use disabled
endpoints will no longer function as well. For more general access control, Consul's
[ACL system](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production)
[ACL system](/consul/tutorials/security/access-control-setup-production?utm_source=docs)
should be used, but this option is useful for removing access to HTTP API endpoints
completely, or on specific agents. This is available in Consul 0.9.0 and later.
@ -940,7 +940,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
This designates the datacenter which is authoritative for ACL information. It must be provided to enable ACLs. All servers and datacenters must agree on the ACL datacenter. Setting it on the servers is all you need for cluster-level enforcement, but for the APIs to forward properly from the clients,
it must be set on them too. In Consul 0.8 and later, this also enables agent-level enforcement
of ACLs. Please review the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production) for more details.
of ACLs. Please review the [ACL tutorial](/consul/tutorials/security/access-control-setup-production?utm_source=docs) for more details.
- `acl_default_policy` ((#acl_default_policy_legacy)) - **Deprecated in Consul 1.4.0. See the [`acl.default_policy`](#acl_default_policy) field instead.**
Either "allow" or "deny"; defaults to "allow". The default policy controls the
@ -990,7 +990,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
- `acl_replication_token` ((#acl_replication_token_legacy)) - **Deprecated
in Consul 1.4.0. See the [`acl.tokens.replication`](#acl_tokens_replication) field
instead.** Only used for servers outside the [`primary_datacenter`](#primary_datacenter)
running Consul 0.7 or later. When provided, this will enable [ACL replication](https://learn.hashicorp.com/tutorials/consul/access-control-replication-multiple-datacenters)
running Consul 0.7 or later. When provided, this will enable [ACL replication](/consul/tutorials/security-operations/access-control-replication-multiple-datacenters?utm_source=docs)
using this ACL replication using this token to retrieve and replicate the ACLs
to the non-authoritative local datacenter. In Consul 0.9.1 and later you can enable
ACL replication using [`acl.enable_token_replication`](#acl_enable_token_replication) and then
@ -1225,7 +1225,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
## DNS and Domain Parameters
- `dns_config` This object allows a number of sub-keys
to be set which can tune how DNS queries are serviced. Check the tutorial on [DNS caching](https://learn.hashicorp.com/tutorials/consul/dns-caching) for more detail.
to be set which can tune how DNS queries are serviced. Check the tutorial on [DNS caching](/consul/tutorials/networking/dns-caching?utm_source=docs) for more detail.
The following sub-keys are available:

View file

@ -40,7 +40,7 @@ documented below in the
configuration reload.
You can test the following configuration options by following the
[Getting Started](https://learn.hashicorp.com/tutorials/consul/get-started-install?utm_source=consul.io&utm_medium=docs)
[Getting Started](/consul/tutorials/getting-started/get-started-install?utm_source=docs)
tutorials to install a local agent.
## Ports Used

View file

@ -73,11 +73,11 @@ Refer to the following sections for information about host, port, memory, and ot
- [Server Performance](/docs/install/performance)
- [Required Ports](/docs/install/ports)
The [Datacenter Deploy tutorial](https://learn.hashicorp.com/tutorials/consul/reference-architecture?in=consul/production-deploy#deployment-system-requirements) contains additional information, including licensing configuration, environment variables, and other details.
The [Datacenter Deploy tutorial](/consul/tutorials/production-deploy/reference-architecture?utm_source=docs) contains additional information, including licensing configuration, environment variables, and other details.
### Maximum Latency Network requirements
Consul uses the gossip protocol to share information across agents. To function properly, you cannot exceed the protocols maximum latency threshold. The latency threshold is calculated according to the total round trip time (RTT) for communication between all agents. Other network usages outside of Gossip are not bound by these latency requirements (i.e. client to server RPCs, HTTP API requests, xDS proxy configuration, DNS).
Consul uses the gossip protocol to share information across agents. To function properly, you cannot exceed the protocol's maximum latency threshold. The latency threshold is calculated according to the total round trip time (RTT) for communication between all agents. Other network usages outside of Gossip are not bound by these latency requirements (i.e. client to server RPCs, HTTP API requests, xDS proxy configuration, DNS).
For data sent between all Consul agents the following latency requirements must be met:
@ -97,7 +97,7 @@ The `-dev` flag is provided for learning purposes only.
We strongly advise against using it for production environments.
-> **Getting Started Tutorials**: You can test a local agent by following the
[Getting Started tutorials](https://learn.hashicorp.com/tutorials/consul/get-started-install?utm_source=consul.io&utm_medium=docs).
[Getting Started tutorials](/consul/tutorials/getting-started/get-started-install?utm_source=docs).
When starting Consul with the `-dev` flag, the only additional information Consul needs to run is the location of a directory for storing agent state data.
You can specify the location with the `-data-dir` flag or define the location in an external file and point the file with the `-config-file` flag.

View file

@ -27,13 +27,13 @@ it will dump the current telemetry information to the agent's `stderr`.
This telemetry information can be used for debugging or otherwise
getting a better view of what Consul is doing. Review the [Monitoring and
Metrics tutorial](https://learn.hashicorp.com/tutorials/consul/monitor-datacenter-health?utm_source=consul.io&utm_medium=docs) to learn how collect and interpret Consul data.
Metrics tutorial](/consul/tutorials/day-2-operations/monitor-datacenter-health?utm_source=docs) to learn how collect and interpret Consul data.
Additionally, if the [`telemetry` configuration options](/docs/agent/config/config-files#telemetry)
are provided, the telemetry information will be streamed to a
[statsite](http://github.com/armon/statsite) or [statsd](http://github.com/etsy/statsd) server where
it can be aggregated and flushed to Graphite or any other metrics store.
For a configuration example for Telegraf, review the [Monitoring with Telegraf tutorial](https://learn.hashicorp.com/tutorials/consul/monitor-health-telegraf?utm_source=consul.io&utm_medium=docs).
For a configuration example for Telegraf, review the [Monitoring with Telegraf tutorial](/consul/tutorials/day-2-operations/monitor-health-telegraf?utm_source=docs).
This
information can also be viewed with the [metrics endpoint](/api-docs/agent#view-metrics) in JSON
@ -456,7 +456,7 @@ These metrics are used to monitor the health of the Consul servers.
| `consul.raft.leader.dispatchNumLogs` | Measures the number of logs committed to disk in a batch. | logs | gauge |
| `consul.raft.leader.lastContact` | Measures the time since the leader was last able to contact the follower nodes when checking its leader lease. It can be used as a measure for how stable the Raft timing is and how close the leader is to timing out its lease.The lease timeout is 500 ms times the [`raft_multiplier` configuration](/docs/agent/config/config-files#raft_multiplier), so this telemetry value should not be getting close to that configured value, otherwise the Raft timing is marginal and might need to be tuned, or more powerful servers might be needed. See the [Server Performance](/docs/install/performance) guide for more details. | ms | timer |
| `consul.raft.leader.oldestLogAge` | The number of milliseconds since the _oldest_ log in the leader's log store was written. This can be important for replication health where write rate is high and the snapshot is large as followers may be unable to recover from a restart if restoring takes longer than the minimum value for the current leader. Compare this with `consul.raft.fsm.lastRestoreDuration` and `consul.raft.rpc.installSnapshot` to monitor. In normal usage this gauge value will grow linearly over time until a snapshot completes on the leader and the log is truncated. Note: this metric won't be emitted until the leader writes a snapshot. After an upgrade to Consul 1.10.0 it won't be emitted until the oldest log was written after the upgrade. | ms | gauge |
| `consul.raft.replication.heartbeat` | Measures the time taken to invoke appendEntries on a peer, so that it doesnt timeout on a periodic basis. | ms | timer |
| `consul.raft.replication.heartbeat` | Measures the time taken to invoke appendEntries on a peer, so that it doesn't timeout on a periodic basis. | ms | timer |
| `consul.raft.replication.appendEntries` | Measures the time it takes to replicate log entries to followers. This is a general indicator of the load pressure on the Consul servers, as well as the performance of the communication between the servers. | ms | timer |
| `consul.raft.replication.appendEntries.rpc` | Measures the time taken by the append entries RFC, to replicate the log entries of a leader agent onto its follower agent(s) | ms | timer |
| `consul.raft.replication.appendEntries.logs` | Measures the number of logs replicated to an agent, to bring it up to speed with the leader's logs. | logs appended/ interval | counter |

View file

@ -15,7 +15,7 @@ Consul API Gateway is an add-on for Consul that helps users control access to se
Consul API Gateway solves the following primary use cases:
- **Controlling access at the point of entry**: Consul API Gateway allows users to set the protocols of external connection requests and provide clients with TLS certificates from trusted providers (e.g., Verisign, Lets Encrypt).
- **Controlling access at the point of entry**: Consul API Gateway allows users to set the protocols of external connection requests and provide clients with TLS certificates from trusted providers (e.g., Verisign, Let's Encrypt).
- **Simplifying traffic management**: The Consul API Gateway can load balance requests across services and route traffic to the appropriate service by matching one or more criteria, such as hostname, path, header presence or value, and HTTP Method type (e.g., GET, POST, PATCH).
## How Does Consul API Gateway Work?
@ -42,4 +42,4 @@ are used, see the [documentation in our GitHub repo](https://github.com/hashicor
## Additional Resources
You can learn more about using Consul API Gateway by completing the [Consul API Gateway tutorial](https://learn.hashicorp.com/tutorials/consul/kubernetes-api-gateway).
You can learn more about using Consul API Gateway by completing the [Consul API Gateway tutorial](/consul/tutorials/developer-mesh/kubernetes-api-gateway?utm_source=docs).

View file

@ -31,7 +31,7 @@ Network coordinates manifest in several ways inside Consul:
- [Prepared queries](/api-docs/query) can automatically fail over services
to other Consul datacenters based on network round trip times. See the
[Geo Failover](https://learn.hashicorp.com/tutorials/consul/automate-geo-failover) for some examples.
[Geo Failover](/consul/tutorials/developer-discovery/automate-geo-failover?utm_source=docs) for some examples.
- The [Coordinate endpoint](/api-docs/coordinate) exposes raw network
coordinates for use in other applications.

View file

@ -36,7 +36,7 @@ Without a quorum, Consul experiences an outage:
it cannot provide most of its capabilities because they rely on
the availability of this state information.
If Consul has an outage, normal operation can be restored by following the
[outage recovery guide](https://learn.hashicorp.com/tutorials/consul/recovery-outage).
[outage recovery guide](/consul/tutorials/datacenter-operations/recovery-outage?utm_source=docs).
If Consul is deployed with 3 servers, the quorum size is 2. The deployment can lose 1
server and still maintain quorum, so it has a fault tolerance of 1.
@ -80,7 +80,7 @@ to protect your Consul datacenter from a single zone-level failure.
For example, if deploying 5 Consul servers across 3 availability zones, place no more than 2 servers in each zone.
If one zone fails, at most 2 servers are lost and quorum will be maintained by the 3 remaining servers.
To distribute your Consul servers across availability zones, modify your infrastructure configuration with your infrastructure provider. No change is needed to your Consul servers agent configuration.
To distribute your Consul servers across availability zones, modify your infrastructure configuration with your infrastructure provider. No change is needed to your Consul server's agent configuration.
Additionally, you should leverage resources that can automatically restore your compute instance,
such as autoscaling groups, virtual machine scale sets, or compute engine autoscaler.
@ -135,5 +135,5 @@ However, Consul redundancy zones can be used even without the backing of infrast
For more information on redundancy zones, refer to:
- [Redundancy zone documentation](/docs/enterprise/redundancy)
for a more detailed explanation
- [Redundancy zone tutorial](https://learn.hashicorp.com/tutorials/consul/redundancy-zones?in=consul/enterprise)
- [Redundancy zone tutorial](/consul/tutorials/datacenter-operations/redundancy-zones?utm_source=docs)
to learn how to use them

View file

@ -17,7 +17,7 @@ page documents the system architecture.
[glossary](/docs/install/glossary) of terms to help
clarify what is being discussed.
The architecture concepts in this document can be used with the [Reference Architecture guide](https://learn.hashicorp.com/tutorials/consul/reference-architecture?utm_source=consul.io&utm_medium=docs) when deploying Consul in production.
The architecture concepts in this document can be used with the [Reference Architecture guide](/consul/tutorials/production-deploy/reference-architecture?utm_source=docs) when deploying Consul in production.
## 10,000 foot view
@ -27,7 +27,7 @@ From a 10,000 foot altitude the architecture of Consul looks like this:
Let's break down this image and describe each piece. First of all, we can see
that there are two datacenters, labeled "one" and "two". Consul has first
class support for [multiple datacenters](https://learn.hashicorp.com/tutorials/consul/federation-gossip-wan) and
class support for [multiple datacenters](/consul/tutorials/networking/federation-gossip-wan?utm_source=docs) and
expects this to be the common case.
Within each datacenter, we have a mixture of clients and servers. It is expected
@ -67,7 +67,7 @@ an RPC request to the remote Consul servers for that resource and return the res
If the remote datacenter is not available, then those resources will also not be
available, but that won't otherwise affect the local datacenter. There are some special
situations where a limited subset of data can be replicated, such as with Consul's built-in
[ACL replication](https://learn.hashicorp.com/tutorials/consul/access-control-replication-multiple-datacenters) capability, or
[ACL replication](/consul/tutorials/security-operations/access-control-replication-multiple-datacenters?utm_source=docs) capability, or
external tools like [consul-replicate](https://github.com/hashicorp/consul-replicate).
In some places, client agents may cache data from the servers to make it

View file

@ -24,7 +24,7 @@ Service discovery provides benefits for all organizations, ranging from simplifi
## How does a service mesh work?
Service discovery uses a service's identity instead of traditional access information (IP address and port). This allows you to dynamically map services and track any changes within a service catalog. Service consumers (users or other services) then use DNS to dynamically retrieve other services access information from the service catalog. The lifecycle of a service may look like the following:
Service discovery uses a service's identity instead of traditional access information (IP address and port). This allows you to dynamically map services and track any changes within a service catalog. Service consumers (users or other services) then use DNS to dynamically retrieve other service's access information from the service catalog. The lifecycle of a service may look like the following:
A service consumer communicates with the “Web” service via a unique Consul DNS entry provided by the service catalog.
@ -79,7 +79,7 @@ You can implement service discovery systems across any type of infrastructure, w
Consul is a service networking solution that lets you automate network configurations, discover services, and enable secure connectivity across any cloud or runtime. With these features, Consul helps you solve the complex networking and security challenges of operating microservices and cloud infrastructure (multi-cloud and hybrid cloud). You can use these features independently or together to achieve [zero trust](https://www.hashicorp.com/solutions/zero-trust-security) security.
Consuls service discovery capabilities help you discover, track, and monitor the health of services within a network. Consul acts as a single source of truth that allows your services to query and communicate with each other.
Consul's service discovery capabilities help you discover, track, and monitor the health of services within a network. Consul acts as a single source of truth that allows your services to query and communicate with each other.
You can use Consul with virtual machines (VMs), containers, serverless technologies, or with container orchestration platforms, such as [Nomad](https://www.nomadproject.io/) and Kubernetes. Consul is platform agnostic which makes it a great fit for all environments, including legacy platforms.
@ -91,6 +91,6 @@ Get started with service discovery today by leveraging Consul on HCP, Consul on
Feel free to get started with Consul by exploring one of these Consul Learn tutorials:
[Getting Started with Consul on VMs](https://learn.hashicorp.com/collections/consul/getting-started)
[Getting Started with Consul on HCP](https://learn.hashicorp.com/collections/consul/cloud-get-started)
[Getting Started with Consul on Kubernetes](https://learn.hashicorp.com/collections/consul/gs-consul-service-mesh)
[Getting Started with Consul on VMs](/consul/tutorials/getting-started?utm_source=docs)
[Getting Started with Consul on HCP](/consul/tutorials/cloud-get-started?utm_source=docs)
[Getting Started with Consul on Kubernetes](/consul/tutorials/gs-consul-service-mesh?utm_source=docs)

View file

@ -111,7 +111,7 @@ Consul is platform agnostic which makes it a great fit for all environments, inc
Consul is available as a [self-install](/downloads) project or as a fully managed service mesh solution called [HCP Consul](https://portal.cloud.hashicorp.com/sign-in?utm_source=consul_docs).
HCP Consul enables users to discover and securely connect services without the added operational burden of maintaining a service mesh on their own.
You can learn more about Consul by visiting the Consul Learn [tutorials](https://learn.hashicorp.com/consul).
You can learn more about Consul by visiting the Consul Learn [tutorials](/consul/tutorials?utm_source=docs).
## Next

View file

@ -19,7 +19,7 @@ Please read the [certificate management overview](/docs/connect/ca)
page first to understand how Consul manages certificates with configurable
CA providers.
-> **NOTE**: A Learn [tutorial](https://learn.hashicorp.com/tutorials/consul/vault-pki-consul-connect-ca?in=consul/vault-secure) is available to help you configure Vault as the Consul Connect service mesh Certification Authority.
-> **NOTE**: A Learn [tutorial](/consul/tutorials/vault-secure/vault-pki-consul-connect-ca?utm_source=docs) is available to help you configure Vault as the Consul Connect service mesh Certification Authority.
## Requirements

View file

@ -159,7 +159,7 @@ Sources = [
</CodeBlockConfig>
If the peers name is not specified in `Peer`, then Consul assumes that the service is in the local cluster.
If the peer's name is not specified in `Peer`, then Consul assumes that the service is in the local cluster.
Then, add the configuration entry to your cluster.

View file

@ -74,7 +74,7 @@ via API.
!> **Security note:** Enabling Connect is enough to try the feature but doesn't
automatically ensure complete security. Please read the [Connect production
tutorial](https://learn.hashicorp.com/tutorials/consul/service-mesh-production-checklist) to understand the additional steps
tutorial](/consul/tutorials/developer-mesh/service-mesh-production-checklist?utm_source=docs) to understand the additional steps
needed for a secure deployment.
## Centralized Proxy and Service Configuration

View file

@ -15,7 +15,7 @@ but this information will help you understand how Consul service mesh behaves in
Consul Connect is the component shipped with Consul that enables service mesh functionality. The terms _Consul Connect_ and _Consul service mesh_ are used interchangeably throughout this documentation.
To try service mesh locally, complete the [Getting Started with Consul service
mesh](https://learn.hashicorp.com/tutorials/consul/service-mesh?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS)
mesh](/consul/tutorials/gs-consul-service-mesh/service-mesh?utm_source=docs)
tutorial.
## Mutual Transport Layer Security (mTLS)
@ -97,7 +97,7 @@ a long period of inactivity (3 days by default), the cache will empty itself.
A sidecar proxy's [upstream configuration](/docs/connect/registration/service-registration#upstream-configuration-reference)
may specify an alternative datacenter or a prepared query that can address services
in multiple datacenters (such as the [geo failover](https://learn.hashicorp.com/tutorials/consul/automate-geo-failover) pattern).
in multiple datacenters (such as the [geo failover](/consul/tutorials/developer-discovery/automate-geo-failover?utm_source=docs) pattern).
[Intentions](/docs/connect/intentions) verify connections between services by
source and destination name seamlessly across datacenters.

View file

@ -7,7 +7,7 @@ description: >-
# Connectivity Tasks
~> **Note**: The features shown below are extensions of Consuls service mesh capabilities. If you are not utilizing
~> **Note**: The features shown below are extensions of Consul's service mesh capabilities. If you are not utilizing
Consul service mesh then these features will not be relevant to your task.
## Service-to-service traffic between Consul datacenters
@ -26,7 +26,7 @@ As of Consul 1.8.0, mesh gateways can also forward gossip and RPC traffic betwee
This is enabled by [WAN federation via mesh gateways](/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways).
For more information about mesh gateways, review the [complete documentation](/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters)
and the [mesh gateway tutorial](https://learn.hashicorp.com/tutorials/consul/service-mesh-gateways).
and the [mesh gateway tutorial](/consul/tutorials/developer-mesh/service-mesh-gateways?utm_source=docs).
![Mesh Gateway Architecture](/img/mesh-gateways.png)
@ -40,11 +40,11 @@ services outside the Consul service mesh to services inside the service mesh.
These gateways allow you to define what services should be exposed, on what port, and by what hostname. You configure
an ingress gateway by defining a set of listeners that can map to different sets of backing services.
Ingress gateways are tightly integrated with Consuls L7 configuration and enable dynamic routing of HTTP requests by
Ingress gateways are tightly integrated with Consul's L7 configuration and enable dynamic routing of HTTP requests by
attributes like the request path.
For more information about ingress gateways, review the [complete documentation](/docs/connect/gateways/ingress-gateway)
and the [ingress gateway tutorial](https://learn.hashicorp.com/tutorials/consul/service-mesh-gateways).
and the [ingress gateway tutorial](/consul/tutorials/developer-mesh/service-mesh-gateways?utm_source=docs).
![Ingress Gateway Architecture](/img/ingress-gateways.png)
@ -60,11 +60,11 @@ infrastructure you do not control.
Terminating gateways effectively act as egress proxies that can represent one or more services. They terminate Connect
mTLS connections, enforce Consul intentions, and forward requests to the appropriate destination.
These gateways also simplify authorization from dynamic service addresses. Consuls intentions determine whether
These gateways also simplify authorization from dynamic service addresses. Consul's intentions determine whether
connections through the gateway are authorized. Then traditional tools like firewalls or IAM roles can authorize the
connections from the known gateway nodes to the destination services.
For more information about terminating gateways, review the [complete documentation](/docs/connect/gateways/terminating-gateway)
and the [terminating gateway tutorial](https://learn.hashicorp.com/tutorials/consul/teminating-gateways-connect-external-services).
and the [terminating gateway tutorial](/consul/tutorials/developer-mesh/terminating-gateways-connect-external-services?utm_source=docs).
![Terminating Gateway Architecture](/img/terminating-gateways.png)

View file

@ -31,7 +31,7 @@ Mesh gateways enable the following scenarios:
- **Service-to-service communication across datacenters**. Refer to [Enabling Service-to-service Traffic Across Datacenters](/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters) for additional information.
- **Service-to-service communication across admin partitions**. Since Consul 1.11.0, you can create administrative boundaries for single Consul deployments called "admin partitions". You can use mesh gateways to facilitate cross-partition communication. Refer to [Enabling Service-to-service Traffic Across Admin Partitions](/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions) for additional information.
-> **Mesh gateway tutorial**: Follow the [mesh gateway tutorial](https://learn.hashicorp.com/tutorials/consul/service-mesh-gateways) to learn concepts associated with mesh gateways.
-> **Mesh gateway tutorial**: Follow the [mesh gateway tutorial](/consul/tutorials/developer-mesh/service-mesh-gateways?utm_source=docs) to learn concepts associated with mesh gateways.
## Ingress Gateways
@ -44,11 +44,11 @@ to services in the mesh. To accept ingress traffic from the public internet, use
These gateways allow you to define what services should be exposed, on what port, and by what hostname. You configure
an ingress gateway by defining a set of listeners that can map to different sets of backing services.
Ingress gateways are tightly integrated with Consuls L7 configuration and enable dynamic routing of HTTP requests by
Ingress gateways are tightly integrated with Consul's L7 configuration and enable dynamic routing of HTTP requests by
attributes like the request path.
For more information about ingress gateways, review the [complete documentation](/docs/connect/gateways/ingress-gateway)
and the [ingress gateway tutorial](https://learn.hashicorp.com/tutorials/consul/service-mesh-ingress-gateways).
and the [ingress gateway tutorial](/consul/tutorials/developer-mesh/service-mesh-ingress-gateways?utm_source=docs).
![Ingress Gateway Architecture](/img/ingress-gateways.png)
@ -65,11 +65,11 @@ infrastructure you do not control.
Terminating gateways effectively act as egress proxies that can represent one or more services. They terminate Connect
mTLS connections, enforce Consul intentions, and forward requests to the appropriate destination.
These gateways also simplify authorization from dynamic service addresses. Consuls intentions determine whether
These gateways also simplify authorization from dynamic service addresses. Consul's intentions determine whether
connections through the gateway are authorized. Then traditional tools like firewalls or IAM roles can authorize the
connections from the known gateway nodes to the destination services.
For more information about terminating gateways, review the [complete documentation](/docs/connect/gateways/terminating-gateway)
and the [terminating gateway tutorial](https://learn.hashicorp.com/tutorials/consul/teminating-gateways-connect-external-services).
and the [terminating gateway tutorial](/consul/tutorials/developer-mesh/terminating-gateways-connect-external-services?utm_source=docs).
![Terminating Gateway Architecture](/img/terminating-gateways.png)

View file

@ -48,7 +48,7 @@ Currently, [Envoy](https://www.envoyproxy.io/) is the only proxy with ingress ga
## Running and Using an Ingress Gateway
For a complete example of how to allow external traffic inside your Consul service mesh,
review the [ingress gateway tutorial](https://learn.hashicorp.com/tutorials/consul/service-mesh-ingress-gateways).
review the [ingress gateway tutorial](/consul/tutorials/developer-mesh/service-mesh-ingress-gateways?utm_source=docs).
## Ingress Gateway Configuration

View file

@ -20,7 +20,7 @@ The following diagram describes the architecture for using mesh gateways for cro
![Mesh Gateway Architecture](/img/mesh-gateways.png)
-> **Mesh Gateway Tutorial**: Follow the [mesh gateway tutorial](https://learn.hashicorp.com/tutorials/consul/service-mesh-gateways) to learn important concepts associated with using mesh gateways for connecting services across datacenters.
-> **Mesh Gateway Tutorial**: Follow the [mesh gateway tutorial](/consul/tutorials/developer-mesh/service-mesh-gateways?utm_source=docs) to learn important concepts associated with using mesh gateways for connecting services across datacenters.
## Prerequisites
@ -32,7 +32,7 @@ Ensure that your Consul environment meets the following requirements.
* A local Consul agent is required to manage its configuration.
* Consul [Connect](/docs/agent/config/config-files#connect) must be enabled in both datacenters.
* Each [datacenter](/docs/agent/config/config-files#datacenter) must have a unique name.
* Each datacenters must be [WAN joined](https://learn.hashicorp.com/tutorials/consul/federation-gossip-wan).
* Each datacenters must be [WAN joined](/consul/tutorials/networking/federation-gossip-wan?utm_source=docs).
* The [primary datacenter](/docs/agent/config/config-files#primary_datacenter) must be set to the same value in both datacenters. This specifies which datacenter is the authority for Connect certificates and is required for services in all datacenters to establish mutual TLS with each other.
* [gRPC](/docs/agent/config/config-files#grpc_port) must be enabled.
* If you want to [enable gateways globally](/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters#enabling-gateways-globally) you must enable [centralized configuration](/docs/agent/config/config-files#enable_central_service_config).

View file

@ -15,7 +15,7 @@ WAN federation via mesh gateways allows for Consul servers in different datacent
to be federated exclusively through mesh gateways.
When setting up a
[multi-datacenter](https://learn.hashicorp.com/tutorials/consul/federation-gossip-wan)
[multi-datacenter](/consul/tutorials/networking/federation-gossip-wan?utm_source=docs)
Consul cluster, operators must ensure that all Consul servers in every
datacenter must be directly connectable over their WAN-advertised network
address from each other.
@ -63,7 +63,7 @@ means you could introduce a set of firewall rules prohibiting `10.0.0.0/24`
from sending any traffic at all to `10.1.2.0/24` for security isolation.
You may already have configured [mesh
gateways](https://learn.hashicorp.com/tutorials/consul/service-mesh-gateways)
gateways](/consul/tutorials/developer-mesh/service-mesh-gateways?utm_source=docs)
to allow for services in the service mesh to freely connect between datacenters
regardless of the lateral connectivity of the nodes hosting the Consul client
agents.
@ -102,7 +102,7 @@ each datacenter otherwise the WAN will become only partly connected.
There are a few necessary additional pieces of configuration beyond those
required for standing up a
[multi-datacenter](https://learn.hashicorp.com/tutorials/consul/federation-gossip-wan)
[multi-datacenter](/consul/tutorials/networking/federation-gossip-wan?utm_source=docs)
Consul cluster.
Consul servers in the _primary_ datacenter should add this snippet to the

View file

@ -19,7 +19,7 @@ and forward requests to the appropriate destination.
![Terminating Gateway Architecture](/img/terminating-gateways.png)
For additional use cases and usage patterns, review the tutorial for
[understanding terminating gateways](https://learn.hashicorp.com/tutorials/consul/service-mesh-terminating-gateways).
[understanding terminating gateways](/consul/tutorials/developer-mesh/service-mesh-terminating-gateways?utm_source=docs).
~> **Known limitations:** Terminating gateways currently do not support targeting service subsets with
[L7 configuration](/docs/connect/l7-traffic). They route to all instances of a service with no capabilities
@ -79,7 +79,7 @@ a terminating gateway as long as they discover upstreams with the
## Running and Using a Terminating Gateway
For a complete example of how to enable connections from services in the Consul service mesh to
services outside the mesh, review the [terminating gateway tutorial](https://learn.hashicorp.com/tutorials/consul/teminating-gateways-connect-external-services).
services outside the mesh, review the [terminating gateway tutorial](/consul/tutorials/developer-mesh/terminating-gateways-connect-external-services?utm_source=docs).
## Terminating Gateway Configuration
@ -129,4 +129,4 @@ After you define a service-defaults configuration entry for each destination, yo
If a service and a destination service-defaults have the same name, the terminating gateway will use the service.
For a complete example of how to register external services review the
[external services tutorial](https://learn.hashicorp.com/tutorials/consul/service-registration-external-services).
[external services tutorial](/consul/tutorials/developer-discovery/service-registration-external-services?utm_source=docs).

View file

@ -51,24 +51,24 @@ applications can also send open tracing data through Envoy.
There are several ways to try Connect in different environments.
- The [Getting Started with Consul Service Mesh collection](https://learn.hashicorp.com/tutorials/consul/service-mesh?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS)
- The [Getting Started with Consul Service Mesh collection](/consul/tutorials/gs-consul-service-mesh/service-mesh?utm_source=docs)
walks you through installing Consul as service mesh for Kubernetes using the Helm
chart, deploying services in the service mesh, and using intentions to secure service
communications.
- The [Getting Started With Consul Service Mesh for Kubernetes](https://learn.hashicorp.com/tutorials/consul/service-mesh-deploy?in=consul/gs-consul-service-mesh?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) guide walks you through installing Consul on Kubernetes to set up a service mesh for establishing communication between Kubernetes services.
- The [Getting Started With Consul Service Mesh for Kubernetes](/consul/tutorials/gs-consul-service-mesh/service-mesh-deploy?utm_source=docs) guide walks you through installing Consul on Kubernetes to set up a service mesh for establishing communication between Kubernetes services.
- The [Secure Service-to-Service Communication tutorial](https://learn.hashicorp.com/tutorials/consul/service-mesh-with-envoy-proxy?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS)
- The [Secure Service-to-Service Communication tutorial](/consul/tutorials/developer-mesh/service-mesh-with-envoy-proxy?utm_source=docs)
is a simple walk through of connecting two services on your local machine
using Consul Connect's built-in proxy and configuring your first intention. The guide also includes an introduction to
using Envoy as the Connect sidecar proxy.
- The [Kubernetes tutorial](https://learn.hashicorp.com/tutorials/consul/kubernetes-minikube?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS)
- The [Kubernetes tutorial](/consul/tutorials/kubernetes/kubernetes-minikube?utm_source=docs)
walks you through configuring Consul Connect in Kubernetes using the Helm
chart, and using intentions. You can run the guide on Minikube or an existing
Kubernetes cluster.
- The [observability tutorial](https://learn.hashicorp.com/tutorials/consul/kubernetes-layer7-observability?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS)
- The [observability tutorial](/consul/tutorials/service-mesh-observability/kubernetes-layer7-observability?utm_source=docs)
shows how to deploy a basic metrics collection and visualization pipeline on
a Minikube or Kubernetes cluster using the official Helm charts for Consul,
Prometheus, and Grafana.

View file

@ -46,7 +46,7 @@ Envoy 1.16.x and older releases are no longer supported (see [HCSEC-2022-07](htt
## Getting Started
To get started with Envoy and see a working example you can follow the [Using
Envoy with Connect](https://learn.hashicorp.com/tutorials/consul/service-mesh-with-envoy-proxy) tutorial.
Envoy with Connect](/consul/tutorials/developer-mesh/service-mesh-with-envoy-proxy?utm_source=docs) tutorial.
## Configuration

View file

@ -16,9 +16,6 @@ To simplify the configuration experience when deploying a sidecar for a service
instance, Consul 1.3 introduced a new field in the Connect block of the [service
definition](/docs/discovery/services).
To deploy a service and sidecar proxy locally, complete the
[Getting Started guide](https://learn.hashicorp.com/tutorials/consul/get-started-service-networking?utm_source=consul.io&utm_medium=docs).
The `connect.sidecar_service` field is a complete nested service definition on
which almost any regular service definition field can be set. The exceptions are
[noted below](#limitations). If used, the service definition is treated

View file

@ -12,9 +12,9 @@ description: |-
Connect enables secure service-to-service communication over mutual TLS. This
provides both in-transit data encryption as well as authorization. This page
will document how to secure Connect. To try Connect locally, complete the
[Getting Started guide](https://learn.hashicorp.com/tutorials/consul/service-mesh?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) or for a full security model reference,
[Getting Started guide](/consul/tutorials/gs-consul-service-mesh/service-mesh?utm_source=docs) or for a full security model reference,
see the dedicated [Consul security model](/docs/security) page. When
setting up Connect in production, review this [tutorial](https://learn.hashicorp.com/tutorials/consul/service-mesh-production-checklist?utm_source=consul.io&utm_medium=docs).
setting up Connect in production, review this [tutorial](/consul/tutorials/developer-mesh/service-mesh-production-checklist?utm_source=docs).
Connect will function in any Consul configuration. However, unless the checklist
below is satisfied, Connect is not providing the security guarantees it was
@ -36,7 +36,7 @@ configuration also forces all service-to-service communication to be explicitly
allowed via an allow [intention](/docs/connect/intentions).
To learn how to enable ACLs, please see the
[tutorial on ACLs](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
[tutorial on ACLs](/consul/tutorials/security/access-control-setup-production?utm_source=docs).
**If ACLs are enabled but are in default allow mode**, then services will be
able to communicate by default. Additionally, if a proper anonymous token

View file

@ -13,8 +13,148 @@ description: >-
One of the primary roles of the agent is management of system-level and application-level health
checks. A health check is considered to be application-level if it is associated with a
service. If not associated with a service, the check monitors the health of the entire node.
Review the [health checks tutorial](/consul/tutorials/developer-discovery/service-registration-health-checks?utm_source=docs)
to get a more complete example on how to leverage health check capabilities in Consul.
Review the [service health checks tutorial](https://learn.hashicorp.com/tutorials/consul/service-registration-health-checks)
A check is defined in a configuration file or added at runtime over the HTTP interface. Checks
created via the HTTP interface persist with that node.
There are several different kinds of checks:
- Script + Interval - These checks depend on invoking an external application
that performs the health check, exits with an appropriate exit code, and potentially
generates some output. A script is paired with an invocation interval (e.g.
every 30 seconds). This is similar to the Nagios plugin system. The output of
a script check is limited to 4KB. Output larger than this will be truncated.
By default, Script checks will be configured with a timeout equal to 30 seconds.
It is possible to configure a custom Script check timeout value by specifying the
`timeout` field in the check definition. When the timeout is reached on Windows,
Consul will wait for any child processes spawned by the script to finish. For any
other system, Consul will attempt to force-kill the script and any child processes
it has spawned once the timeout has passed.
In Consul 0.9.0 and later, script checks are not enabled by default. To use them you
can either use :
- [`enable_local_script_checks`](/docs/agent/config/cli-flags#_enable_local_script_checks):
enable script checks defined in local config files. Script checks defined via the HTTP
API will not be allowed.
- [`enable_script_checks`](/docs/agent/config/cli-flags#_enable_script_checks): enable
script checks regardless of how they are defined.
~> **Security Warning:** Enabling script checks in some configurations may
introduce a remote execution vulnerability which is known to be targeted by
malware. We strongly recommend `enable_local_script_checks` instead. See [this
blog post](https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations)
for more details.
- `HTTP + Interval` - These checks make an HTTP `GET` request to the specified URL,
waiting the specified `interval` amount of time between requests (eg. 30 seconds).
The status of the service depends on the HTTP response code: any `2xx` code is
considered passing, a `429 Too ManyRequests` is a warning, and anything else is
a failure. This type of check
should be preferred over a script that uses `curl` or another external process
to check a simple HTTP operation. By default, HTTP checks are `GET` requests
unless the `method` field specifies a different method. Additional header
fields can be set through the `header` field which is a map of lists of
strings, e.g. `{"x-foo": ["bar", "baz"]}`. By default, HTTP checks will be
configured with a request timeout equal to 10 seconds.
It is possible to configure a custom HTTP check timeout value by
specifying the `timeout` field in the check definition. The output of the
check is limited to roughly 4KB. Responses larger than this will be truncated.
HTTP checks also support TLS. By default, a valid TLS certificate is expected.
Certificate verification can be turned off by setting the `tls_skip_verify`
field to `true` in the check definition. When using TLS, the SNI will be set
automatically from the URL if it uses a hostname (as opposed to an IP address);
the value can be overridden by setting `tls_server_name`.
Consul follows HTTP redirects by default. Set the `disable_redirects` field to
`true` to disable redirects.
- `TCP + Interval` - These checks make a TCP connection attempt to the specified
IP/hostname and port, waiting `interval` amount of time between attempts
(e.g. 30 seconds). If no hostname
is specified, it defaults to "localhost". The status of the service depends on
whether the connection attempt is successful (ie - the port is currently
accepting connections). If the connection is accepted, the status is
`success`, otherwise the status is `critical`. In the case of a hostname that
resolves to both IPv4 and IPv6 addresses, an attempt will be made to both
addresses, and the first successful connection attempt will result in a
successful check. This type of check should be preferred over a script that
uses `netcat` or another external process to check a simple socket operation.
By default, TCP checks will be configured with a request timeout of 10 seconds.
It is possible to configure a custom TCP check timeout value by specifying the
`timeout` field in the check definition.
- `UDP + Interval` - These checks direct the client to periodically send UDP datagrams
to the specified IP/hostname and port. The duration specified in the `interval` field sets the amount of time
between attempts, such as `30s` to indicate 30 seconds. The check is logged as healthy if any response from the UDP server is received. Any other result sets the status to `critical`.
The default interval for, UDP checks is `10s`, but you can configure a custom UDP check timeout value by specifying the
`timeout` field in the check definition. If any timeout on read exists, the check is still considered healthy.
- `Time to Live (TTL)` ((#ttl)) - These checks retain their last known state
for a given TTL. The state of the check must be updated periodically over the HTTP
interface. If an external system fails to update the status within a given TTL,
the check is set to the failed state. This mechanism, conceptually similar to a
dead man's switch, relies on the application to directly report its health. For
example, a healthy app can periodically `PUT` a status update to the HTTP endpoint;
if the app fails, the TTL will expire and the health check enters a critical state.
The endpoints used to update health information for a given check are: [pass](/api-docs/agent/check#ttl-check-pass),
[warn](/api-docs/agent/check#ttl-check-warn), [fail](/api-docs/agent/check#ttl-check-fail),
and [update](/api-docs/agent/check#ttl-check-update). TTL checks also persist their
last known status to disk. This allows the Consul agent to restore the last known
status of the check across restarts. Persisted check status is valid through the
end of the TTL from the time of the last check.
- `Docker + Interval` - These checks depend on invoking an external application which
is packaged within a Docker Container. The application is triggered within the running
container via the Docker Exec API. We expect that the Consul agent user has access
to either the Docker HTTP API or the unix socket. Consul uses `$DOCKER_HOST` to
determine the Docker API endpoint. The application is expected to run, perform a health
check of the service running inside the container, and exit with an appropriate exit code.
The check should be paired with an invocation interval. The shell on which the check
has to be performed is configurable which makes it possible to run containers which
have different shells on the same host. Check output for Docker is limited to
4KB. Any output larger than this will be truncated. In Consul 0.9.0 and later, the agent
must be configured with [`enable_script_checks`](/docs/agent/config/cli-flags#_enable_script_checks)
set to `true` in order to enable Docker health checks.
- `gRPC + Interval` - These checks are intended for applications that support the standard
[gRPC health checking protocol](https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
The state of the check will be updated by probing the configured endpoint, waiting `interval`
amount of time between probes (eg. 30 seconds). By default, gRPC checks will be configured
with a default timeout of 10 seconds.
It is possible to configure a custom timeout value by specifying the `timeout` field in
the check definition. gRPC checks will default to not using TLS, but TLS can be enabled by
setting `grpc_use_tls` in the check definition. If TLS is enabled, then by default, a valid
TLS certificate is expected. Certificate verification can be turned off by setting the
`tls_skip_verify` field to `true` in the check definition.
To check on a specific service instead of the whole gRPC server, add the service identifier after the `gRPC` check's endpoint in the following format `/:service_identifier`.
- `H2ping + Interval` - These checks test an endpoint that uses http2
by connecting to the endpoint and sending a ping frame. TLS is assumed to be configured by default.
To disable TLS and use h2c, set `h2ping_use_tls` to `false`. If the ping is successful
within a specified timeout, then the check is updated as passing.
The timeout defaults to 10 seconds, but is configurable using the `timeout` field. If TLS is enabled a valid
certificate is required, unless `tls_skip_verify` is set to `true`.
The check will be run on the interval specified by the `interval` field.
- `Alias` - These checks alias the health state of another registered
node or service. The state of the check will be updated asynchronously, but is
nearly instant. For aliased services on the same agent, the local state is monitored
and no additional network resources are consumed. For other services and nodes,
the check maintains a blocking query over the agent's connection with a current
server and allows stale requests. If there are any errors in watching the aliased
node or service, the check state will be critical. For the blocking query, the
check will use the ACL token set on the service or check definition or otherwise
will fall back to the default ACL token set with the agent (`acl_token`).
## Check Definition
A script check:
=======
Review the [service health checks tutorial](/consul/tutorials/developer-discovery/service-registration-health-checks?utm_source=docs)
to get a more complete example on how to leverage health check capabilities in Consul.
## Registering a health check

View file

@ -35,7 +35,7 @@ as the DNS server for a node and provide a
[`recursors`](/docs/agent/config/config-files#recursors) configuration so that non-Consul queries
can also be resolved. The last method is to forward all queries for the "consul."
domain to a Consul agent from the existing DNS server. Review the
[DNS Forwarding tutorial](https://learn.hashicorp.com/tutorials/consul/dns-forwarding?utm_source=consul.io&utm_medium=docs) for examples.
[DNS Forwarding tutorial](/consul/tutorials/networking/dns-forwarding?utm_source=docs) for examples.
You can experiment with Consul's DNS server on the command line using tools such as `dig`:
@ -469,7 +469,7 @@ as there is no way for the query to specify a domain.
By default, all DNS results served by Consul set a 0 TTL value. This disables
caching of DNS results. However, there are many situations in which caching is
desirable for performance and scalability. This is discussed more in the tutorial
for [DNS caching](https://learn.hashicorp.com/tutorials/consul/dns-caching).
for [DNS caching](/consul/tutorials/networking/dns-caching?utm_source=docs).
## WAN Address Translation
@ -540,5 +540,5 @@ DNS lookups and required policies when ACLs are enabled:
For guidance on how to configure an appropriate token for DNS, refer to the
securing Consul with ACLs guides for:
- [Production Environments](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production#token-for-dns)
- [Development Environments](https://learn.hashicorp.com/tutorials/consul/access-control-setup#additional-acl-configuration)
- [Production Environments](/consul/tutorials/security/access-control-setup-production?utm_source=docs#token-for-dns)
- [Development Environments](/consul/tutorials/day-0/access-control-setup?utm_source=docs#enable-acls-on-consul-clients)

View file

@ -19,7 +19,7 @@ a health check. A health check associated with a service is considered to be an
application-level check. Define services in a configuration file or add it at
runtime using the HTTP interface.
Complete the [Getting Started tutorials](https://learn.hashicorp.com/tutorials/consul/get-started-service-discovery?utm_source=consul.io&utm_medium=docs) to get hands-on experience registering a simple service with a health check on your local machine.
Complete the [Getting Started tutorials](/consul/tutorials/getting-started/get-started-service-discovery?utm_source=docs) to get hands-on experience registering a simple service with a health check on your local machine.
## Service Definition

View file

@ -16,13 +16,13 @@ similarities to one.
The Consul KV datastore is located on the servers, but can be accessed by any
agent (client or server). The natively integrated [RPC
functionality](/docs/architecture) allows clients to forward
requests to servers, including key/value reads and writes. Part of Consuls
requests to servers, including key/value reads and writes. Part of Consul's
core design allows data to be replicated automatically across all the servers.
Having a quorum of servers will decrease the risk of data loss if an outage
occurs.
If you have not used Consul KV, check out this [Getting Started
tutorial](https://learn.hashicorp.com/tutorials/consul/get-started-key-value-store?utm_source=consul.io&utm_medium=docs) on HashiCorp
tutorial](/consul/tutorials/getting-started/get-started-key-value-store?utm_source=docs) on HashiCorp
Learn.
## Accessing the KV store
@ -30,7 +30,7 @@ Learn.
The KV store can be accessed by the [consul kv CLI
subcommands](/commands/kv), [HTTP API](/api-docs/kv), and Consul UI.
To restrict access, enable and configure
[ACLs](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
[ACLs](/consul/tutorials/security/access-control-setup-production?utm_source=docs).
Once the ACL system has been bootstrapped, users and services, will need a
valid token with KV [privileges](/docs/security/acl/acl-rules#key-value-rules) to
access the the data store, this includes even reads. We recommend creating a
@ -67,7 +67,7 @@ using the API and in shell scripts.
If you plan to use Consul KV as part of your configuration management process
review the [Consul
Template](https://learn.hashicorp.com/tutorials/consul/consul-template)
Template](/consul/tutorials/developer-configuration/consul-template?utm_source=docs)
tutorial on how to update configuration based on value updates in the KV. Consul
Template is based on Go Templates and allows for a series of scripted actions
to be initiated on value changes to a Consul key.
@ -89,10 +89,10 @@ increment to the `LockIndex` and the session value is updated to reflect the
session holding the lock. Review the session documentation for more information
on the [integration](/docs/dynamic-app-config/sessions#k-v-integration).
Review the following tutorials to learn how to use Consul sessions for [application leader election](https://learn.hashicorp.com/tutorials/consul/application-leader-elections) and
to [build distributed semaphores](https://learn.hashicorp.com/tutorials/consul/distributed-semaphore).
Review the following tutorials to learn how to use Consul sessions for [application leader election](/consul/tutorials/developer-configuration/application-leader-elections?utm_source=docs) and
to [build distributed semaphores](/consul/tutorials/developer-configuration/distributed-semaphore?utm_source=docs).
### Vault
If you plan to use Consul KV as a backend for Vault, please review [this
tutorial](https://learn.hashicorp.com/tutorials/vault/ha-with-consul).
tutorial](/vault/tutorials/day-one-consul/ha-with-consul?utm_source=docs).

View file

@ -139,7 +139,7 @@ the goal of Consul to protect against misbehaving clients.
The primitives provided by sessions and the locking mechanisms of the KV
store can be used to build client-side leader election algorithms.
These are covered in more detail in the [Leader Election guide](https://learn.hashicorp.com/tutorials/consul/application-leader-elections).
These are covered in more detail in the [Leader Election guide](/consul/tutorials/developer-configuration/application-leader-elections?utm_source=docs).
## Prepared Query Integration

View file

@ -52,7 +52,7 @@ This diagram shows the timeline of a task starting up and all its containers:
permissions for the service and its sidecar proxy. This token is written to a shared
volume for use by the `health-sync` container.
- It registers the service for the current task and its sidecar proxy with Consul.
- It runs `consul connect envoy -bootstrap` to generate Envoys bootstrap JSON file and
- It runs `consul connect envoy -bootstrap` to generate Envoy's bootstrap JSON file and
writes it to a shared volume.
- **T1:** The following containers start:
- `sidecar-proxy` starts using a custom entrypoint command, `consul-ecs envoy-entrypoint`.

View file

@ -31,8 +31,8 @@ For a detailed architecture overview, see the [Architecture](/docs/ecs/architect
There are several ways to get started with Consul with ECS.
* The [Serverless Consul Service Mesh with ECS and HCP](https://learn.hashicorp.com/tutorials/cloud/consul-ecs-hcp?in=consul/cloud-integrations) learn guide shows how to use Terraform to run Consul service mesh applications on ECS with managed Consul servers running in HashiCorp Cloud Platform (HCP).
* The [Service Mesh with ECS and Consul on EC2](https://learn.hashicorp.com/tutorials/consul/consul-ecs-ec2?in=consul/cloud-integrations) learn guide shows how to use Terraform to run Consul service mesh applications on ECS with Consul servers running on EC2 instances.
* The [Serverless Consul Service Mesh with ECS and HCP](/consul/tutorials/cloud-integrations/consul-ecs-hcp?utm_source=docs) learn guide shows how to use Terraform to run Consul service mesh applications on ECS with managed Consul servers running in HashiCorp Cloud Platform (HCP).
* The [Service Mesh with ECS and Consul on EC2](/consul/tutorials/cloud-integrations/consul-ecs-ec2?utm_source=docs) learn guide shows how to use Terraform to run Consul service mesh applications on ECS with Consul servers running on EC2 instances.
* The [Consul with Dev Server on Fargate](https://registry.terraform.io/modules/hashicorp/consul-ecs/aws/latest/examples/dev-server-fargate) example installation deploys a sample application in ECS using the Fargate launch type.
* The [Consul with Dev Server on EC2](https://registry.terraform.io/modules/hashicorp/consul-ecs/aws/latest/examples/dev-server-ec2) example installation deploys a sample application in ECS using the EC2 launch type.

View file

@ -13,7 +13,7 @@ This topic describes how to manually deploy the ACL controller, which will autom
* Your application tasks must include certain tags to be compatible with the ACL controller.
Refer to the [Task Tags](/docs/ecs/manual/install#task-tags) section of the installation page.
* You should be familiar with configuring Consul's secure features, including how to create ACL tokens and policies. Refer to the [Learn Guides about Consul Security](https://learn.hashicorp.com/collections/consul/security) for an introduction and the [ACL system](/docs/security/acl) documentation for more information.
* You should be familiar with configuring Consul's secure features, including how to create ACL tokens and policies. Refer to the [Learn Guides about Consul Security](/consul/tutorials/security?utm_source=docs) for an introduction and the [ACL system](/docs/security/acl) documentation for more information.
* If you are using Consul with multiple ECS clusters, each cluster requires its own instance of the ACL controller.
## Set Up Secrets

View file

@ -21,7 +21,7 @@ You should already have followed the [manual installation instructions](/docs/ec
You should be familiar with [specifying sensitive data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) on ECS.
You should be familiar with configuring Consul's secure features, including how to create ACL tokens and policies. Refer to the [ACL system documentation](/docs/security/acl) and [Day 1: Security tutorials](https://learn.hashicorp.com/collections/consul/security) for an introduction and additional information.
You should be familiar with configuring Consul's secure features, including how to create ACL tokens and policies. Refer to the [ACL system documentation](/docs/security/acl) and [Day 1: Security tutorials](/consul/tutorials/security?utm_source=docs) for an introduction and additional information.
## Auth Method

View file

@ -7,7 +7,7 @@ description: >-
# Installation with Terraform
This topic describes how to use HashiCorps Terraform modules to launch your application in AWS ECS as part of Consul service mesh. If you do not use Terraform, refer to the [Manual Installation](/docs/ecs/manual/install) page to install Consul on ECS without Terraform.
This topic describes how to use HashiCorp's Terraform modules to launch your application in AWS ECS as part of Consul service mesh. If you do not use Terraform, refer to the [Manual Installation](/docs/ecs/manual/install) page to install Consul on ECS without Terraform.
This topic does not include instructions for creating all AWS resources necessary to install Consul, such as a VPC or the ECS cluster. Refer to the guides in the [Getting Started](/docs/ecs#getting-started) section for complete and runnable examples.

View file

@ -24,8 +24,8 @@ Admin partitions exist a level above namespaces in the identity hierarchy. They
There are Learn tutorials available to help you get started with admin partitions.
- [Multi-Tenancy with Administrative Partitions](https://learn.hashicorp.com/tutorials/consul/consul-admin-partitions?in=consul/enterprise)
- [Multi Cluster Applications with Consul Enterprise Admin Partitions](https://learn.hashicorp.com/tutorials/consul/kubernetes-admin-partitions?in=consul/kubernetes)
- [Multi-Tenancy with Administrative Partitions](/consul/tutorials/enterprise/consul-admin-partitions?utm_source=docs)
- [Multi Cluster Applications with Consul Enterprise Admin Partitions](/consul/tutorials/kubernetes/kubernetes-admin-partitions?utm_source=docs)
### Default Admin Partition

View file

@ -2,7 +2,7 @@
layout: docs
page_title: Consul Enterprise Audit Logging
description: >-
Consul Enterprise provides the ability to write events of user behavior with Consuls API so operations and security users can perform legal compliance auditing.
Consul Enterprise provides the ability to write events of user behavior with Consul's API so operations and security users can perform legal compliance auditing.
---
# Audit Logging
@ -24,7 +24,7 @@ Audit logging enables security and compliance teams within an organization to ge
greater insight into Consul access and usage patterns.
For more experience leveraging Consul's audit logging functionality, explore our
HashiCorp Learn tutorial [Capture Consul Events with Audit Logging](https://learn.hashicorp.com/tutorials/consul/audit-logging).
HashiCorp Learn tutorial [Capture Consul Events with Audit Logging](/consul/tutorials/datacenter-operations/audit-logging?utm_source=docs).
For detailed configuration information on configuring the Consul Enterprise's audit
logging, review the Consul [Audit Log](/docs/agent/config/config-files#audit)

View file

@ -36,6 +36,6 @@ datacenter backups include (but are not limited to):
- Namespaces
For more experience leveraging Consul's snapshot functionality, we suggest you look through our HashiCorp
Learn tutorial for [Datacenter Backups in Consul](https://learn.hashicorp.com/tutorials/consul/backup-and-restore).
Learn tutorial for [Datacenter Backups in Consul](/consul/tutorials/production-deploy/backup-and-restore?utm_source=docs).
For detailed configuration information on configuring the Consul Enterprise's snapshot agent, review the
[Consul Snapshot Agent documentation](/commands/snapshot/agent).

View file

@ -26,7 +26,7 @@ desirable to have topologies like hub-and-spoke with central management
datacenters and "spoke" datacenters that can't interact with each other.
[Consul Enterprise](https://www.hashicorp.com/consul) offers a [network
area mechanism](https://learn.hashicorp.com/tutorials/consul/federation-network-areas) that allows operators to
area mechanism](/consul/tutorials/datacenter-operations/federation-network-areas?utm_source=docs) that allows operators to
federate Consul datacenters together on a pairwise basis, enabling
partially-connected network topologies. Once a link is created, Consul agents
can make queries to the remote datacenter in service of both API and DNS

View file

@ -29,7 +29,7 @@ Refer to the instructions on [upgrading to 1.10.x](/docs/upgrading/instructions/
## Q: Is there a tutorial available for the license configuration steps?
Please visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?in=consul/enterprise).
Please visit the [Enterprise License Tutorial](/consul/tutorials/enterprise/hashicorp-enterprise-license?utm_source=docs).
## Q: What resources are available?
@ -41,7 +41,7 @@ The list below is a great starting point for learning more about the license cha
- [License configuration values documentation](/docs/enterprise/license/overview#binaries-without-built-in-licenses)
- [Install a HashiCorp Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?in=consul/enterprise)
- [Install a HashiCorp Enterprise License Tutorial](/consul/tutorials/enterprise/hashicorp-enterprise-license?utm_source=docs)
## Q: Do these changes impact all customers/licenses?
@ -142,7 +142,7 @@ Please see the [upgrade requirements](faq#q-what-are-the-upgrade-requirements).
1. Run [`consul license get -signed`](/commands/license#get) to extract the license from their running cluster. Store the license in a secure location on disk.
1. Set up the necessary configuration so that when Consul Enterprise reboots it will have access to the required license. This could be via the client agent configuration file or an environment variable.
1. Visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?in=consul/enterprise) for detailed steps on how to install the license key.
1. Visit the [Enterprise License Tutorial](/consul/tutorials/enterprise/hashicorp-enterprise-license?utm_source=docs) for detailed steps on how to install the license key.
1. Follow the Consul upgrade [documentation](/docs/upgrading).
### Kubernetes
@ -163,14 +163,14 @@ Once you have the license then create a Kubernetes secret containing the license
1. Acquire a valid Consul Enterprise license. If you are an existing HashiCorp enterprise customer you may contact your organization's customer success manager (CSM) or email support-softwaredelivery@hashicorp.com for information on how to get your organization's enterprise license.
1. Store the license in a secure location on disk.
1. Set up the necessary configuration so that when Consul Enterprise reboots it will have the required license. This could be via the client agent configuration file or an environment variable.
Visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?in=consul/enterprise) for detailed steps on how to install the license key.
Visit the [Enterprise License Tutorial](/consul/tutorials/enterprise/hashicorp-enterprise-license?utm_source=docs) for detailed steps on how to install the license key.
1. Follow the Consul upgrade [documentation](/docs/upgrading).
### Kubernetes
1. Acquire a valid Consul Enterprise license. If you are an existing HashiCorp enterprise customer you may contact your organization's customer success manager (CSM) or email support-softwaredelivery@hashicorp.com for information on how to get your organization's enterprise license.
1. Set up the necessary configuration so that when Consul Enterprise reboots it will have the required license. This could be via the client agent configuration file or an environment variable.
Visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?in=consul/enterprise) for detailed steps on how to install the license key.
Visit the [Enterprise License Tutorial](/consul/tutorials/enterprise/hashicorp-enterprise-license?utm_source=docs) for detailed steps on how to install the license key.
1. Proceed with the `helm` [upgrade instructions](/docs/k8s/upgrade)
## Q: Will Consul downgrades/rollbacks work?

View file

@ -19,7 +19,7 @@ agent's configuration or environment. Also, prior to 1.10.0, server agents would
the license between themselves. This no longer occurs and the license must be present on each server agent
when it is started.
-> Visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?in=consul/enterprise) for detailed steps on how to install the license key.
-> Visit the [Enterprise License Tutorial](/consul/tutorials/enterprise/hashicorp-enterprise-license?utm_source=docs) for detailed steps on how to install the license key.
### Applying a License

View file

@ -21,8 +21,8 @@ to provide self-service through delegation of administrative privileges.
For more information on how to use namespaces with Consul Enterprise please review the following HashiCorp Learn Guides:
- [Register and Discover Services within Namespaces](https://learn.hashicorp.com/tutorials/consul/namespaces-share-datacenter-access) - Register multiple services within different namespaces in Consul.
- [Setup Secure Namespaces](https://learn.hashicorp.com/tutorials/consul/namespaces-secure-shared-access) - Secure resources within a namespace and delegate namespace ACL rights via ACL tokens.
- [Register and Discover Services within Namespaces](/consul/tutorials/namespaces/namespaces-share-datacenter-access?utm_source=docs) - Register multiple services within different namespaces in Consul.
- [Setup Secure Namespaces](/consul/tutorials/namespaces/namespaces-secure-shared-access?utm_source=docs) - Secure resources within a namespace and delegate namespace ACL rights via ACL tokens.
## Namespace Definition

View file

@ -34,7 +34,7 @@ connectivity between agent members on the same segment.
![Consul datacenter agent connectivity with network segments](/img/network-segments/consul-network-segments-multiple.png)
To get started with network segments you can review the tutorial on HashiCorp
Learn for [Network Segments](https://learn.hashicorp.com/tutorials/consul/network-partition-datacenters).
Learn for [Network Segments](/consul/tutorials/datacenter-operations/network-partition-datacenters?utm_source=docs).
-> **Info:** Network segments enable you to operate a Consul datacenter without full
mesh (LAN) connectivity between agents. To federate multiple Consul datacenters
@ -59,8 +59,8 @@ over the WAN. Consul clients make use of resources in federated clusters by
forwarding RPCs through the Consul servers in their local cluster, but they
never interact with remote Consul servers directly. There are currently two
inter-cluster network models which can be viewed on HashiCorp Learn:
[WAN gossip (OSS)](https://learn.hashicorp.com/tutorials/consul/federation-gossip-wan)
and [Network Areas (Enterprise)](https://learn.hashicorp.com/tutorials/consul/federation-network-areas).
[WAN gossip (OSS)](/consul/tutorials/networking/federation-gossip-wan?utm_source=docs)
and [Network Areas (Enterprise)](/consul/tutorials/datacenter-operations/federation-network-areas?utm_source=docs).
**LAN Gossip Pool**: A set of Consul agents that have full mesh connectivity
among themselves, and use Serf to maintain a shared view of the members of the
@ -83,7 +83,7 @@ Each additional segment is defined by:
Serf LAN listener on the server
~> **Note:** Prior to Consul 1.7.3, a Consul server agent configured with too
many network segments may not be able to start due to [limitations](https://learn.hashicorp.com/tutorials/consul/network-partition-datacenters#network-segments-limitations)
many network segments may not be able to start due to [limitations](/consul/tutorials/datacenter-operations/network-partition-datacenters?utm_source=docs#network-segments-limitations)
in Serf.
### Example Server Configuration

View file

@ -31,5 +31,5 @@ for server nodes while also providing (and expanding) the capabilities of
capabilities.
For more information, review the HashiCorp Learn tutorial on
[Redundancy Zones](https://learn.hashicorp.com/tutorials/consul/autopilot-datacenter-operations#redundancy-zones),
[Redundancy Zones](/consul/tutorials/datacenter-operations/autopilot-datacenter-operations?utm_source=docs#redundancy-zones),
as well as the documentation for [Consul Autopilot](/commands/operator/autopilot).

View file

@ -23,4 +23,4 @@ currently in a cluster. When an equal amount of new server nodes are joined runn
will be demoted to non voting members. Demotion of legacy server nodes will not occur until the voting members on the new version match.
Once this demotion occurs, the previous versioned servers can be removed from the cluster safely.
You can review more information about this functionality in the [Consul operator autopilot](/commands/operator/autopilot) documentation as well as on the HashiCorp Learn [Automated Upgrade](https://learn.hashicorp.com/tutorials/consul/autopilot-datacenter-operations#upgrade-migrations) tutorial.
You can review more information about this functionality in the [Consul operator autopilot](/commands/operator/autopilot) documentation as well as on the HashiCorp Learn [Automated Upgrade](/consul/tutorials/datacenter-operations/autopilot-datacenter-operations?utm_source=docs#upgrade-migrations) tutorial.

View file

@ -9,9 +9,9 @@ description: |-
# Consul Guides
~> The Consul guides have moved to the [HashiCorp Learn platform](https://learn.hashicorp.com/consul?utm_source=consul.io&utm_medium=docs&utm_content=guide-index).
~> The Consul guides have moved to the [HashiCorp Learn platform](/consul/tutorials?utm_source=docs&utm_content=guide-index).
[Guides](https://learn.hashicorp.com/consul?utm_source=consul.io&utm_medium=docs&utm_content=guide-index) are step by step command-line
[Guides](/consul/tutorials?utm_source=docs&utm_content=guide-index) are step by step command-line
walkthroughs that demonstrate how to perform common operations using Consul, and
complement the feature-focused Consul documentation.
@ -37,4 +37,4 @@ Tracks include:
- Service Configuration and Consul KV
- Cloud and Load Balancer Integrations
[**Explore the Learn platform**](https://learn.hashicorp.com/consul?utm_source=consul.io&utm_medium=docs&utm_content=guide-index)
[**Explore the Learn platform**](/consul/tutorials?utm_source=docs&utm_content=guide-index)

View file

@ -17,4 +17,4 @@ guides are located on the HashiCorp Learn site.
- Follow [the documentation](/docs/install) to install Consul either with a precompiled binary or from source.
- Read more about the [configuration options](/docs/agent/config) for Consul servers and clients.
- Get started using Consul with our step-by-step guides at [HashiCorp Learn](https://learn.hashicorp.com/consul).
- Get started using Consul with our step-by-step guides at [HashiCorp Learn](/consul/tutorials?utm_source=docs).

View file

@ -20,7 +20,7 @@ Downloading a precompiled binary is easiest, and we provide downloads over TLS
along with SHA256 sums to verify the binary. We also distribute a PGP signature
with the SHA256 sums that can be verified.
The [Getting Started guides](https://learn.hashicorp.com/tutorials/consul/get-started-install?utm_source=consul.io&utm_medium=docs) provide a quick walkthrough of installing and using Consul on your local machine.
The [Getting Started guides](/consul/tutorials/getting-started/get-started-install?utm_source=docs) provide a quick walkthrough of installing and using Consul on your local machine.
## Precompiled Binaries

View file

@ -112,9 +112,9 @@ Here are some general recommendations:
- For DNS-heavy workloads, configuring all Consul agents in a cluster with the
[`allow_stale`](/docs/agent/config/config-files#allow_stale) configuration option will allow reads to
scale across all Consul servers, not just the leader. Consul 0.7 and later enables stale reads
for DNS by default. See [Stale Reads](https://learn.hashicorp.com/tutorials/consul/dns-caching#stale-reads) in the
[DNS Caching](https://learn.hashicorp.com/tutorials/consul/dns-caching) guide for more details. It's also good to set
reasonable, non-zero [DNS TTL values](https://learn.hashicorp.com/tutorials/consul/dns-caching#ttl-values) if your clients will
for DNS by default. See [Stale Reads](/consul/tutorials/networking/dns-caching?utm_source=docs#stale-reads) in the
[DNS Caching](/consul/tutorials/networking/dns-caching?utm_source=docs) guide for more details. It's also good to set
reasonable, non-zero [DNS TTL values](/consul/tutorials/networking/dns-caching?utm_source=docs#ttl-values) if your clients will
respect them.
- In other applications that perform high volumes of reads against Consul, consider using the
@ -146,7 +146,7 @@ set size. You can determine the working set size by noting the value of
## Read/Write Tuning
Consul is write limited by disk I/O and read limited by CPU. Memory requirements will be dependent on the total size of KV pairs stored and should be sized according to that data (as should the hard drive storage). The limit on a keys value size is `512KB`.
Consul is write limited by disk I/O and read limited by CPU. Memory requirements will be dependent on the total size of KV pairs stored and should be sized according to that data (as should the hard drive storage). The limit on a key's value size is `512KB`.
-> Consul is write limited by disk I/O and read limited by CPU.
@ -166,7 +166,7 @@ It should be noted that `stale` is not appropriate for coordination where strong
**Read-heavy** clusters may take advantage of the [enhanced reading](/docs/enterprise/read-scale) feature (Enterprise) for better scalability. This feature allows additional servers to be introduced as non-voters. Being a non-voter, the server will still participate in data replication, but it will not block the leader from committing log entries.
Consuls agents use network sockets for communicating with the other nodes (gossip) and with the server agent. In addition, file descriptors are also opened for watch handlers, health checks, and log files. For a **write heavy** cluster, the `ulimit` size must be increased from the default value (`1024`) to prevent the leader from running out of file descriptors.
Consul's agents use network sockets for communicating with the other nodes (gossip) and with the server agent. In addition, file descriptors are also opened for watch handlers, health checks, and log files. For a **write heavy** cluster, the `ulimit` size must be increased from the default value (`1024`) to prevent the leader from running out of file descriptors.
To prevent any CPU spikes from a misconfigured client, RPC requests to the server should be [rate limited](/docs/agent/config/config-files#limits)

View file

@ -16,14 +16,14 @@ These Consul tools are created and managed by the dedicated engineers at HashiCo
- [Envconsul](https://github.com/hashicorp/envconsul) - Read and set environmental variables for processes from Consul.
- [Consul API Gateway](https://github.com/hashicorp/consul-api-gateway/) - dedicated ingress solution for intelligently routing traffic to applications running on a Consul Service Mesh.
- [Consul ESM](https://github.com/hashicorp/consul-esm) - Provides external service monitoring for Consul. A tutorial is available on [HashiCorp Learn](https://learn.hashicorp.com/tutorials/consul/service-registration-external-services).
- [Consul ESM](https://github.com/hashicorp/consul-esm) - Provides external service monitoring for Consul. A tutorial is available on [HashiCorp Learn](/consul/tutorials/developer-discovery/service-registration-external-services?utm_source=docs).
- [Consul Migrate](https://github.com/hashicorp/consul-migrate) - Data migration tool to handle Consul upgrades to 0.5.1+
- [Consul Replicate](https://github.com/hashicorp/consul-replicate) - Consul cross-DC KV replication daemon.
- [Consul Template](https://github.com/hashicorp/consul-template) - Generic template rendering and notifications with Consul. A step by step tutorial is available on [HashiCorp Learn](https://learn.hashicorp.com/tutorials/consul/consul-template).
- [Consul Template](https://github.com/hashicorp/consul-template) - Generic template rendering and notifications with Consul. A step by step tutorial is available on [HashiCorp Learn](/consul/tutorials/developer-configuration/consul-template?utm_source=docs).
- [Consul-Terraform Sync](https://github.com/hashicorp/consul-terraform-sync) -
enables dynamic updates to network infrastructure devices triggered by service
changes. A tutorial is available on [HashiCorp
Learn](https://learn.hashicorp.com/collections/consul/network-infrastructure-automation?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS)
Learn](/consul/tutorials/network-infrastructure-automation?utm_source=docs)
## Community Tools

View file

@ -6,7 +6,7 @@ description: Guide to partnership integrations for Consul NIA
# Network Infrastructure Automation Integration Program
HashiCorps Network Infrastructure Automation (NIA) Integration Program allows partners to build integrations that allow customers to automate dynamic application workflows leveraging network and security infrastructure at runtime. Detailed below is the approach to integrate your networking technology along with the clearly defined steps, links to information sources, and checkpoints.
HashiCorp's Network Infrastructure Automation (NIA) Integration Program allows partners to build integrations that allow customers to automate dynamic application workflows leveraging network and security infrastructure at runtime. Detailed below is the approach to integrate your networking technology along with the clearly defined steps, links to information sources, and checkpoints.
## Network Infrastructure Automation
@ -43,13 +43,13 @@ Consul-Terraform-Sync compatible Terraform module development process is fairly
- Consul [documentation](/docs)
- Consul-Terraform-Sync [documentation](/docs/nia)
- Writing Consul-Terraform-Sync compatible Terraform modules using our [guide](/docs/nia/terraform-modules) and [tutorial](https://learn.hashicorp.com/tutorials/consul/consul-terraform-sync-module?in=consul/network-infrastructure-automation)
- Writing Consul-Terraform-Sync compatible Terraform modules using our [guide](/docs/nia/terraform-modules) and [tutorial](/consul/tutorials/network-infrastructure-automation/consul-terraform-sync-module?utm_source=docs)
- Example Terraform Modules for reference: [PAN-OS](https://registry.terraform.io/modules/PaloAltoNetworks/dag-nia/panos/latest), [Simple Print Module](https://registry.terraform.io/modules/findkim/print/cts/latest) and a [Template to structure your Terraform Modules](https://github.com/hashicorp/consul-terraform-sync-template-module)
- Publishing to the Terraform Registry [guidelines](https://www.terraform.io/docs/registry/modules/publish.html)
### 3. Develop & Test
Terraform modules are written in HashiCorp Configuration Language (HCL). Writing [Terraform modules](https://www.terraform.io/docs/modules/index.html) or a [tutorial to build a module](https://learn.hashicorp.com/tutorials/terraform/module-create) are good resources to begin writing a new module.
Terraform modules are written in HashiCorp Configuration Language (HCL). Writing [Terraform modules](https://www.terraform.io/docs/modules/index.html) or a [tutorial to build a module](/terraform/tutorials/modules/module-create?utm_source=docs) are good resources to begin writing a new module.
Consul-Terraform-Sync compatible modules follow the [standard module structure](https://www.terraform.io/docs/modules/index.html#standard-module-structure). Modules can use syntax supported by Terraform version 0.13, or higher. Consul-Terraform-Sync is designed to integrate with any module that satisfies these [specifications](/docs/nia/terraform-modules#module-specifications). The guide will give you an introduction of the code structure and the basics of authoring a plugin that Terraform can interact with.
It is recommended that partners develop modules that cater to specific workflows on an individual platform in their product portfolio rather than having overarching modules that try to cover multiple workflows across different platforms. This is to keep the automation modular and adoptable by a broad set of users with varying network infrastructure topologies. Partners are encouraged to test the functionality of the modules against their supported platforms.
@ -78,7 +78,7 @@ All Consul-Terraform-Sync compatible modules follow a naming convention: `terraf
During the review process, HashiCorp will provide feedback on the newly developed Consul-Terraform-Sync compatible Terraform module. Please engage in the review process once one or two sample modules have been developed. Begin the process by emailing nia-integration-dev@hashicorp.com with a URL to the public GitHub repo containing the code.
HashiCorp will then review the module, and the documentation. The documentation should clearly indicate the compatibility with Consul-Terraform-Sync software version(s) and partner platforms software version(s).
HashiCorp will then review the module, and the documentation. The documentation should clearly indicate the compatibility with Consul-Terraform-Sync software version(s) and partner platform's software version(s).
Once the module development has been completed another email should be sent to nia-integration-dev@hashicorp.com along with a URL to the public GitHub repo containing the code requesting the final code review. HashiCorp will review the module and provide feedback about any changes that may be required. This is often an iterative process and can take some time to get done.

View file

@ -16,7 +16,7 @@ The program is intended to be largely self-service with links to resources, code
## Categories of Consul Integrations
By leveraging Consuls RESTful HTTP API system, prospective partners are able to build extensible integrations at the data plane, platform, and the infrastructure layer to extend Consuls functionalities. These integrations can be performed both with the open source version of Consul, Consul Enterprise, and HCP Consul.
By leveraging Consul's RESTful HTTP API system, prospective partners are able to build extensible integrations at the data plane, platform, and the infrastructure layer to extend Consul's functionalities. These integrations can be performed both with the open source version of Consul, Consul Enterprise, and HCP Consul.
**The Consul ecosystem of integrations:**
@ -26,19 +26,19 @@ By leveraging Consuls RESTful HTTP API system, prospective partners are able
</ImageConfig>
**Data Plane**: These integrations extend Consuls certificate management, secure ACL configuration, observability metrics and logging, and service discovery that allows for dynamic service mapping APM and logging tools, extend sidecar proxies to support Consul connect, and extend API gateways to allow Consul to route incoming traffic to the proxies for Connect-enabled services.
**Data Plane**: These integrations extend Consul's certificate management, secure ACL configuration, observability metrics and logging, and service discovery that allows for dynamic service mapping APM and logging tools, extend sidecar proxies to support Consul connect, and extend API gateways to allow Consul to route incoming traffic to the proxies for Connect-enabled services.
**Control Plane**: Consul has a client-server architecture and is the control plane for the service mesh.
**Platform**: These integrations leverage automation of Consul agent deployment, configuration, and management. Designed to be platform agnostic, Consul can be deployed in a variety of form factors, including major Public Cloud providers (AWS, GCP, Azure) as well as in bare-metal, virtual machine, and container (Docker, Kubernetes) environments. They include the Consul agent running in both client and server mode.
**Infrastructure**: There are two integration options in this category: natively through a direct integration with Consul or via Consul-Terraform-Sync (CTS). By leveraging Consuls powerful **Network Infrastructure Automation (NIA)*** capabilities through CTS, changes in an infrastructure are seamlessly automated when Consul detects a change in its service catalog. For example, these integrations could be used to automate IP updates of load balancers or firewall security policies by leveraging Consul service discovery.
**Infrastructure**: There are two integration options in this category: natively through a direct integration with Consul or via Consul-Terraform-Sync (CTS). By leveraging Consul's powerful **Network Infrastructure Automation (NIA)*** capabilities through CTS, changes in an infrastructure are seamlessly automated when Consul detects a change in its service catalog. For example, these integrations could be used to automate IP updates of load balancers or firewall security policies by leveraging Consul service discovery.
-> **Network Infrastructure Automation (NIA)***: These integrations leverage Consuls service catalog to seamlessly integrate with Consul-Terraform-Sync (CTS) to automate changes in network infrastructure via a publisher-subscriber method. More details can be found [here](/docs/integrate/nia-integration).
-> **Network Infrastructure Automation (NIA)***: These integrations leverage Consul's service catalog to seamlessly integrate with Consul-Terraform-Sync (CTS) to automate changes in network infrastructure via a publisher-subscriber method. More details can be found [here](/docs/integrate/nia-integration).
**HCP Consul**: HCP Consul is secure by default and offers an enterprise-level service level agreement (SLA) to deploy an organizations most important applications. Sign up for HCP Consul is free and available [here](https://cloud.hashicorp.com/products/consul).
**HCP Consul**: HCP Consul is secure by default and offers an enterprise-level service level agreement (SLA) to deploy an organization's most important applications. Sign up for HCP Consul is free and available [here](https://cloud.hashicorp.com/products/consul).
**Consul integration verification badges**: Partners will be issued the Consul Enterprise badge for integrations that work with [Consul Enterprise features](https://www.consul.io/docs/enterprise) such as namespaces. Partners will be issued the HCP Consul badge for integrations validated to work with [HCP Consul](https://cloud.hashicorp.com/docs/consul/features). Each badge would be displayed on HashiCorps partner page as well as be available for posting on the partners own website to provide better visibility and differentiation of the integration for joint customers.
**Consul integration verification badges**: Partners will be issued the Consul Enterprise badge for integrations that work with [Consul Enterprise features](https://www.consul.io/docs/enterprise) such as namespaces. Partners will be issued the HCP Consul badge for integrations validated to work with [HCP Consul](https://cloud.hashicorp.com/docs/consul/features). Each badge would be displayed on HashiCorp's partner page as well as be available for posting on the partner's own website to provide better visibility and differentiation of the integration for joint customers.
<span style={{display:'block', textAlign:'center'}}>
<ImageConfig inline height={192} width={192}>
@ -89,7 +89,7 @@ Here are links to resources, documentation, examples and best practices to guide
**API Gateway**
- [Ambassador Integration documentation](https://learn.hashicorp.com/tutorials/consul/service-mesh-gateway-ambassador)
- [Ambassador Integration documentation](/consul/tutorials/developer-mesh/service-mesh-gateway-ambassador?utm_source=docs)
- [F5 Terminating Gateway Integration Documentation](https://www.hashicorp.com/integrations/f5-networks/consul)
- [Traefik Integration with Consul Service Mesh](https://traefik.io/blog/integrating-consul-connect-service-mesh-with-traefik-2-5/)
- [Kong's Ingress Controller Integration with Consul](https://www.hashicorp.com/integrations/kong/consul)
@ -108,14 +108,14 @@ Here are links to resources, documentation, examples and best practices to guide
#### Platform:
- [Consul-AWS for AWS Cloud Map](https://learn.hashicorp.com/tutorials/consul/sync-aws-services)
- [Consul-AWS for AWS Cloud Map](/consul/tutorials/cloud-integrations/sync-aws-services?utm_source=docs)
- [Consul Integration with AWS ECS](/docs/ecs/get-started/install)
- [Consul Integration with Layer5 Meshery](https://www.hashicorp.com/integrations/layer5-io/consul)
- [Consul Integration with VMware Tanzu Application Service](https://learn.hashicorp.com/tutorials/consul/sync-pivotal-cloud-services)
- [Consul Integration with VMware Tanzu Application Service](/consul/tutorials/cloud-integrations/sync-pivotal-cloud-services?utm_source=docs)
#### Infrastructure:
-> **Note**: The types of integration areas below could be developed to natively work with Consul or through leveraging Consul-Terraform-Sync and Consuls network automation capabilities.
-> **Note**: The types of integration areas below could be developed to natively work with Consul or through leveraging Consul-Terraform-Sync and Consul's network automation capabilities.
**Firewalls**
@ -132,32 +132,32 @@ Here are links to resources, documentation, examples and best practices to guide
**Load Balancer**
- [Load Balancing with NGINX and Consul Template](https://learn.hashicorp.com/tutorials/consul/load-balancing-nginx)
- [Load Balancing with HAProxy Service Discovery](https://learn.hashicorp.com/tutorials/consul/load-balancing-haproxy)
- [Load Balancing with NGINX and Consul Template](/consul/tutorials/load-balancing/load-balancing-nginx?utm_source=docs)
- [Load Balancing with HAProxy Service Discovery](/consul/tutorials/load-balancing/load-balancing-haproxy?utm_source=docs)
**Network Infrastructure Automation \(using CTS\):**
- [Automate F5 BIG-IP with Consul NIA](https://learn.hashicorp.com/tutorials/consul/consul-terraform-sync-f5-bigip-fast?in=consul/network-infrastructure-automation)
- [Automate F5 BIG-IP with Consul NIA](/consul/tutorials/network-infrastructure-automation/consul-terraform-sync-f5-bigip-fast?utm_source=docs)
- [Automate VMware Advanced Load Balancers (Avi) with Consul NIA](https://www.hashicorp.com/integrations/_vmware/consul)
**Application Delivery Controllers \(ADC\):**
- [Automate A10 ADC with Consul NIA](https://learn.hashicorp.com/tutorials/consul/consul-terraform-sync-a10-adc?in=consul/network-infrastructure-automation)
- [Automate A10 ADC with Consul NIA](/consul/tutorials/network-infrastructure-automation/consul-terraform-sync-a10-adc?utm_source=docs)
- [Automate Citrix ADC with Consul NIA](https://www.hashicorp.com/integrations/citrix-adc/consul)
### 3. Develop and Test
The only knowledge necessary to write a plugin is basic command-line skills and knowledge of the [Go programming language](http://www.golang.org). Use the plugin interface to develop your integration. All integrations should contain unit and acceptance testing.
**HCP Consul**: The process to configure a testing instance of HCP consul [is very simple](https://learn.hashicorp.com/tutorials/cloud/get-started-consul). HCP has been designed as a HashiCorp managed service so configuration is minimal as only Consul client agents need to be installed. Furthermore, HashiCorp provides all new users an initial credit which should last approximately 2 months using a [development cluster](https://cloud.hashicorp.com/pricing/consul). When deployed with AWS free tier services, there should be no cost beyond the time spent by the designated tester.
**HCP Consul**: The process to configure a testing instance of HCP consul [is very simple](/consul/tutorials/cloud-get-started/get-started-consul?utm_source=docs). HCP has been designed as a HashiCorp managed service so configuration is minimal as only Consul client agents need to be installed. Furthermore, HashiCorp provides all new users an initial credit which should last approximately 2 months using a [development cluster](https://cloud.hashicorp.com/pricing/consul). When deployed with AWS free tier services, there should be no cost beyond the time spent by the designated tester.
Please note that HCP Consul is currently only deployed on AWS so the partners application should be able to be deployed or run in AWS. For more information, please refer to [Peering an HVN to an AWS VPC for HCP Consul](https://www.youtube.com/watch?v=vuKjkIGYZlU).
Please note that HCP Consul is currently only deployed on AWS so the partner's application should be able to be deployed or run in AWS. For more information, please refer to [Peering an HVN to an AWS VPC for HCP Consul](https://www.youtube.com/watch?v=vuKjkIGYZlU).
#### HCP Consul Resource Links:
- [Getting Started with HCP Consul](https://learn.hashicorp.com/tutorials/cloud/get-started-consul?in=consul/cloud-get-started)
- [Getting Started with HCP Consul](/consul/tutorials/cloud-get-started/get-started-consul?utm_source=docs)
- [Peering an HVN to a VPC for HCP Consul](https://www.youtube.com/watch?v=vuKjkIGYZlU)
- [Connecting a Consul Client to HCP Consul](https://learn.hashicorp.com/tutorials/cloud/consul-client-virtual-machines?in=consul/cloud-get-started)
- [Connecting a Consul Client to HCP Consul](/consul/tutorials/cloud-get-started/consul-client-aws-ec2?utm_source=docs)
- [Monitoring HCP Consul with Datadog](https://docs.datadoghq.com/integrations/guide/hcp-consul/)
**Consul Enterprise**: An integration qualifies for Consul Enterprise when it is tested and compatible with Consul Enterprise Namespaces.

View file

@ -10,7 +10,7 @@ description: >-
# ACL System ((#version_8_acls))
This content has been moved into the [ACL Guide](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
This content has been moved into the [ACL Guide](/consul/tutorials/security/access-control-setup-production?utm_source=docs).
See [Complete ACL Coverage in Consul 0.8](/docs/security/acl/acl-legacy) for details
about ACL changes in Consul 0.8 and later.

View file

@ -17,7 +17,7 @@ to existing software, and how you can get started using it. If you are familiar
with the basics of Consul, the [documentation](/docs) provides a more
detailed reference of available features. If you're ready to get hands-on
experience, deploy Consul locally with our
[HashiCorp Learn tutorial](https://learn.hashicorp.com/tutorials/consul/get-started-install).
[HashiCorp Learn tutorial](/consul/tutorials/getting-started/get-started-install?utm_source=docs).
## Why Consul?
@ -115,5 +115,5 @@ forward the request to the remote datacenter and return the result.
## Next Steps
Continue onwards with [HashiCorp Learn](https://learn.hashicorp.com/tutorials/consul/get-started-install)
Continue onwards with [HashiCorp Learn](/consul/tutorials/getting-started/get-started-install?utm_source=docs)
to learn more about Consul and how to get Consul up and running.

View file

@ -10,7 +10,7 @@ description: >-
This topic describes the architecture, components, and resources associated with Consul deployments to Kubernetes. Consul employs the same architectural design on Kubernetes as it does with other platforms (see [Architecture](/docs/architecture)), but Kubernetes provides additional benefits that make operating a Consul cluster easier.
Refer to the standard [production deployment guide](https://learn.hashicorp.com/consul/datacenter-deploy/deployment-guide) for important information, regardless of the deployment platform.
Refer to the standard [production deployment guide](/consul/tutorials?utm_source=docs/datacenter-deploy/deployment-guide) for important information, regardless of the deployment platform.
## Server Agents

View file

@ -178,7 +178,7 @@ $ kubectl apply --filename service-intentions.yaml
serviceintentions.consul.hashicorp.com/ingress-gateway created
```
For detailed instructions on how to configure zero-trust networking with intentions please refer to this [guide](https://learn.hashicorp.com/tutorials/consul/service-mesh-zero-trust-network).
For detailed instructions on how to configure zero-trust networking with intentions please refer to this [guide](/consul/tutorials/service-mesh-security/service-mesh-zero-trust-network?utm_source=docs).
## Deploying your application to Kubernetes

View file

@ -108,7 +108,7 @@ global:
## Metrics in the UI Topology Visualization
Consuls built-in UI has a topology visualization for services part of the Consul Service Mesh. The topology visualization has the ability to fetch basic metrics from a metrics provider for each service and display those metrics as part of the [topology visualization](/docs/connect/observability/ui-visualization).
Consul's built-in UI has a topology visualization for services part of the Consul Service Mesh. The topology visualization has the ability to fetch basic metrics from a metrics provider for each service and display those metrics as part of the [topology visualization](/docs/connect/observability/ui-visualization).
The diagram below illustrates how the UI displays service metrics for a sample application:
@ -137,7 +137,7 @@ The Prometheus deployment is designed to allow quick bootstrapping for trial and
Prometheus will be installed in the same namespace as Consul, and will be installed
and uninstalled along with the Consul installation.
Grafana can optionally be utilized with Prometheus to display metrics. The installation and configuration of Grafana must be managed separately from the Consul Helm chart. The [Layer 7 Observability with Prometheus, Grafana, and Kubernetes](https://learn.hashicorp.com/tutorials/consul/kubernetes-layer7-observability?in=consul/kubernetes)) tutorial provides an installation walkthrough using Helm.
Grafana can optionally be utilized with Prometheus to display metrics. The installation and configuration of Grafana must be managed separately from the Consul Helm chart. The [Layer 7 Observability with Prometheus, Grafana, and Kubernetes](/consul/tutorials/service-mesh-observability/kubernetes-layer7-observability?utm_source=docs?in=consul/kubernetes)) tutorial provides an installation walkthrough using Helm.
```yaml
prometheus:

View file

@ -360,7 +360,7 @@ Use these links to navigate to a particular top-level stanza.
See https://www.consul.io/docs/agent/config/cli-flags#_recursor for more details.
If this is an empty array (the default), then Consul DNS will only resolve queries for the Consul top level domain (by default `.consul`).
- `tls` ((#v-global-tls)) - Enables TLS (https://learn.hashicorp.com/tutorials/consul/tls-encryption-secure)
- `tls` ((#v-global-tls)) - Enables TLS (/consul/tutorials/security/tls-encryption-secure?utm_source=docs)
across the cluster to verify authenticity of the Consul servers and clients.
Requires Consul v1.4.1+.
@ -527,7 +527,7 @@ Use these links to navigate to a particular top-level stanza.
- `metrics` ((#v-global-metrics)) - Configures metrics for Consul service mesh
- `enabled` ((#v-global-metrics-enabled)) (`boolean: false`) - Configures the Helm charts components
- `enabled` ((#v-global-metrics-enabled)) (`boolean: false`) - Configures the Helm chart's components
to expose Prometheus metrics for the Consul service mesh. By default
this includes gateway metrics and sidecar metrics.
@ -621,8 +621,7 @@ Use these links to navigate to a particular top-level stanza.
Vault Secrets backend:
If you are using Vault as a secrets backend, a Vault Policy must be created which allows `["create", "update"]`
capabilities on the PKI issuing endpoint, which is usually of the form `pki/issue/consul-server`.
Please see the following guide for steps to generate a compatible certificate:
https://learn.hashicorp.com/tutorials/consul/vault-pki-consul-secure-tls
Please refer the [Consul and Vault tutorial](/consul/tutorials/vault-secure/vault-pki-consul-secure-tls?utm_source=docs) for steps to generate a compatible certificate.
Note: when using TLS, both the `server.serverCert` and `global.tls.caCert` which points to the CA endpoint of this PKI engine
must be provided.

View file

@ -40,33 +40,33 @@ There are several ways to try Consul with Kubernetes in different environments.
**Tutorials**
- The [Getting Started with Consul Service Mesh track](https://learn.hashicorp.com/tutorials/consul/service-mesh-deploy?in=consul/gs-consul-service-mesh?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS)
- The [Getting Started with Consul Service Mesh track](/consul/tutorials/gs-consul-service-mesh/service-mesh-deploy?utm_source=docs)
provides guidance for installing Consul as service mesh for Kubernetes using the Helm
chart, deploying services in the service mesh, and using intentions to secure service
communications.
- The [Migrate to Microservices with Consul Service Mesh on Kubernetes](https://learn.hashicorp.com/collections/consul/microservices?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS)
- The [Migrate to Microservices with Consul Service Mesh on Kubernetes](/consul/tutorials/microservices?utm_source=docs)
collection uses an example application written by a fictional company to illustrate why and how organizations can
migrate from monolith to microservices using Consul service mesh on Kubernetes. The case study in this collection
should provide information valuable for understanding how to develop services that leverage Consul during any stage
of your microservices journey.
- The [Consul and Minikube guide](https://learn.hashicorp.com/tutorials/consul/kubernetes-minikube?utm_source=consul.io&utm_medium=docs) is a quick step-by-step guide for deploying Consul with the official Helm chart on a local instance of Minikube.
- The [Consul and Minikube guide](/consul/tutorials/kubernetes/kubernetes-minikube?utm_source=docs) is a quick step-by-step guide for deploying Consul with the official Helm chart on a local instance of Minikube.
- Review production best practices and cloud-specific configurations for deploying Consul on managed Kubernetes runtimes.
- The [Consul on Azure Kubernetes Service (AKS) tutorial](https://learn.hashicorp.com/tutorials/consul/kubernetes-aks-azure?utm_source=consul.io&utm_medium=docs) is a complete step-by-step guide on how to deploy Consul on AKS. The guide also allows you to practice deploying two microservices.
- The [Consul on Amazon Elastic Kubernetes Service (EKS) tutorial](https://learn.hashicorp.com/tutorials/consul/kubernetes-eks-aws?utm_source=consul.io&utm_medium=docs) is a complete step-by-step guide on how to deploy Consul on EKS. Additionally, it provides guidance on interacting with your datacenter with the Consul UI, CLI, and API.
- The [Consul on Google Kubernetes Engine (GKE) tutorial](https://learn.hashicorp.com/tutorials/consul/kubernetes-gke-google?utm_source=consul.io&utm_medium=docs) is a complete step-by-step guide on how to deploy Consul on GKE. Additionally, it provides guidance on interacting with your datacenter with the Consul UI, CLI, and API.
- The [Consul on Azure Kubernetes Service (AKS) tutorial](/consul/tutorials/kubernetes/kubernetes-aks-azure?utm_source=docs) is a complete step-by-step guide on how to deploy Consul on AKS. The guide also allows you to practice deploying two microservices.
- The [Consul on Amazon Elastic Kubernetes Service (EKS) tutorial](/consul/tutorials/kubernetes/kubernetes-eks-aws?utm_source=docs) is a complete step-by-step guide on how to deploy Consul on EKS. Additionally, it provides guidance on interacting with your datacenter with the Consul UI, CLI, and API.
- The [Consul on Google Kubernetes Engine (GKE) tutorial](/consul/tutorials/kubernetes/kubernetes-gke-google?utm_source=docs) is a complete step-by-step guide on how to deploy Consul on GKE. Additionally, it provides guidance on interacting with your datacenter with the Consul UI, CLI, and API.
- The [Consul and Kubernetes Reference Architecture](https://learn.hashicorp.com/tutorials/consul/kubernetes-reference-architecture?utm_source=consul.io&utm_medium=docs) guide provides recommended practices for production.
- The [Consul and Kubernetes Reference Architecture](/consul/tutorials/kubernetes/kubernetes-reference-architecture?utm_source=docs) guide provides recommended practices for production.
- The [Consul and Kubernetes Deployment](https://learn.hashicorp.com/tutorials/consul/kubernetes-deployment-guide?utm_source=consul.io&utm_medium=docs) tutorial covers the necessary steps to install and configure a new Consul cluster on Kubernetes in production.
- The [Consul and Kubernetes Deployment](/consul/tutorials/kubernetes/kubernetes-deployment-guide?utm_source=docs) tutorial covers the necessary steps to install and configure a new Consul cluster on Kubernetes in production.
- The [Secure Consul and Registered Services on Kubernetes](https://learn.hashicorp.com/tutorials/consul/kubernetes-secure-agents?in=consul/kubernetes) tutorial covers
- The [Secure Consul and Registered Services on Kubernetes](/consul/tutorials/kubernetes/kubernetes-secure-agents?utm_source=docs) tutorial covers
the necessary steps to secure a Consul cluster running on Kubernetes in production.
- The [Layer 7 Observability with Consul Service Mesh](https://learn.hashicorp.com/tutorials/consul/kubernetes-layer7-observability) tutorial covers monitoring a
- The [Layer 7 Observability with Consul Service Mesh](/consul/tutorials/service-mesh-observability/kubernetes-layer7-observability?utm_source=docs) tutorial covers monitoring a
Consul service mesh running on Kubernetes with Prometheus and Grafana.
**Documentation**

View file

@ -23,7 +23,7 @@ You can install Consul on Kubernetes using the following methods:
Refer to the [architecture](/docs/k8s/installation/install#architecture) section to learn more about the general architecture of Consul on Kubernetes.
For a hands-on experience with Consul as a service mesh
for Kubernetes, follow the [Getting Started with Consul service
mesh](https://learn.hashicorp.com/tutorials/consul/service-mesh-deploy?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) tutorial.
mesh](/consul/tutorials/gs-consul-service-mesh/service-mesh-deploy?utm_source=docs) tutorial.
## Consul K8s CLI Installation
@ -103,7 +103,7 @@ The [Homebrew](https://brew.sh) package manager is required to complete the foll
We recommend using the Consul Helm chart to install Consul on Kubernetes for multi-cluster installations that involve cross-partition of cross datacenter communication. The Helm chart installs and configures all necessary components to run Consul. The configuration enables you to run a server cluster, a client cluster, or both.
Step-by-step tutorials for how to deploy Consul to Kubernetes, please see
our [Deploy to Kubernetes](https://learn.hashicorp.com/collections/consul/kubernetes-deploy)
our [Deploy to Kubernetes](/consul/tutorials/kubernetes-deploy?utm_source=docs)
collection. This collection includes configuration caveats for single-node deployments.
The Helm chart exposes several useful configurations and automatically
@ -380,7 +380,7 @@ spec:
## Next Steps
If you are still considering a move to Kubernetes, or to Consul on Kubernetes specifically, our [Migrate to Microservices with Consul Service Mesh on Kubernetes](https://learn.hashicorp.com/collections/consul/microservices?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS)
If you are still considering a move to Kubernetes, or to Consul on Kubernetes specifically, our [Migrate to Microservices with Consul Service Mesh on Kubernetes](/consul/tutorials/microservices?utm_source=docs)
collection uses an example application written by a fictional company to illustrate why and how organizations can
migrate from monolith to microservices using Consul service mesh on Kubernetes. The case study in this collection
should provide information valuable for understanding how to develop services that leverage Consul during any stage

View file

@ -11,7 +11,7 @@ description: >-
~> This topic requires familiarity with [Mesh Gateways](/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters) and [WAN Federation Via Mesh Gateways](/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways).
-> Looking for a step-by-step guide? Please follow our Learn tutorial: [Secure and Route Service Mesh Communication Across Kubernetes](https://learn.hashicorp.com/tutorials/consul/kubernetes-mesh-gateways).
-> Looking for a step-by-step guide? Please follow our Learn tutorial: [Secure and Route Service Mesh Communication Across Kubernetes](/consul/tutorials/kubernetes/kubernetes-mesh-gateways?utm_source=docs).
This page describes how to federate multiple Kubernetes clusters. See [Multi-Cluster Overview](/docs/k8s/installation/multi-cluster)
for more information on use-cases and how it works.
@ -466,11 +466,11 @@ in the top left:
## Next Steps
With your Kubernetes clusters federated, try out using Consul service mesh to
route between services deployed on each cluster by following our Learn tutorial: [Secure and Route Service Mesh Communication Across Kubernetes](https://learn.hashicorp.com/tutorials/consul/kubernetes-mesh-gateways#deploy-microservices).
route between services deployed on each cluster by following our Learn tutorial: [Secure and Route Service Mesh Communication Across Kubernetes](/consul/tutorials/kubernetes/kubernetes-mesh-gateways?utm_source=docs#deploy-microservices).
You can also read our in-depth documentation on [Consul Service Mesh In Kubernetes](/docs/k8s/connect).
If you are still considering a move to Kubernetes, or to Consul on Kubernetes specifically, our [Migrate to Microservices with Consul Service Mesh on Kubernetes](https://learn.hashicorp.com/collections/consul/microservices?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS)
If you are still considering a move to Kubernetes, or to Consul on Kubernetes specifically, our [Migrate to Microservices with Consul Service Mesh on Kubernetes](/consul/tutorials/microservices?utm_source=docs)
collection uses an example application written by a fictional company to illustrate why and how organizations can
migrate from monolith to microservices using Consul service mesh on Kubernetes. The case study in this collection
should provide information valuable for understanding how to develop services that leverage Consul during any stage

View file

@ -144,7 +144,7 @@ acls {
```
-> **NOTE:** You'll also need to set up additional ACL tokens as needed by the
ACL system. See tutorial [Secure Consul with Access Control Lists (ACLs)](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production#apply-individual-tokens-to-agents)
ACL system. See tutorial [Secure Consul with Access Control Lists (ACLs)](/consul/tutorials/security/access-control-setup-production?utm_source=docs#apply-individual-tokens-to-agents)
for more information.
### Gossip Encryption Key

View file

@ -36,7 +36,7 @@ The two data centers will federated using mesh gateways. This communication top
In this setup, you will deploy Vault server in the primary datacenter (dc1) Kubernetes cluster, which is also the primary Consul datacenter. You will configure your Vault Helm installation in the secondary datacenter (dc2) Kubernetes cluster to use it as an external server. This way there will be a single vault server cluster that will be used by both Consul datacenters.
~> **Note**: For demonstration purposes, you will deploy a Vault server in dev mode. For production installations, this is not recommended. Please visit the [Vault Deployment Guide](https://learn.hashicorp.com/tutorials/vault/raft-deployment-guide?in=vault/day-one-raft) for guidance on how to install Vault in a production setting.
~> **Note**: For demonstration purposes, you will deploy a Vault server in dev mode. For production installations, this is not recommended. Please visit the [Vault Deployment Guide](/vault/tutorials/raft/raft-deployment-guide?utm_source=docs) for guidance on how to install Vault in a production setting.
1. Change your current Kubernetes context to target the primary datacenter (dc1).

View file

@ -93,7 +93,7 @@ for both in-cluster and out-of-cluster authentication. If `kubectl` works,
then the sync program should work.
For Consul, if ACLs are configured on the cluster, a Consul
[ACL token](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production)
[ACL token](/consul/tutorials/security/access-control-setup-production?utm_source=docs)
will need to be provided. Review the [ACL rules](/docs/security/acl/acl-rules)
when creating this token so that it only allows the necessary privileges. The catalog
sync process accepts this token by using the [`CONSUL_HTTP_TOKEN`](/commands#consul_http_token)

View file

@ -64,7 +64,7 @@ If you intend to invoke Lambda services through a terminating gateway, the gatew
* [Terminating gateways documentation](/docs/connect/gateways#terminating-gateways)
* [Terminating gateways on Kubernetes documentation](/docs/k8s/connect/terminating-gateways)
* [Connect External Services to Consul With Terminating Gateways tutorial](https://learn.hashicorp.com/tutorials/consul/terminating-gateways-connect-external-services)
* [Connect External Services to Consul With Terminating Gateways tutorial](/consul/tutorials/developer-mesh/terminating-gateways-connect-external-services?utm_source=docs)
To register a Lambda service with a terminating gateway, add the service to the
`Services` field of the terminating gateway's `terminating-gateway`
@ -75,8 +75,8 @@ configuration entry.
You can set up a mesh gateway so that you can invoke Lambda services across datacenters and admin partitions. The mesh gateway must be running and registered in the relevant Consul datacenters and partitions. Refer to the following documentation and tutorials for instructions on how to set up mesh gateways:
* [Mesh gateway documentation](/docs/connect/gateways#mesh-gateways)
* [Connect Services Across Datacenters with Mesh Gateways tutorial](https://learn.hashicorp.com/tutorials/consul/service-mesh-gateways)
* [Secure Service Mesh Communication Across Kubernetes Clusters tutorial](https://learn.hashicorp.com/tutorials/consul/kubernetes-mesh-gateways?in=consul/kubernetes)
* [Connect Services Across Datacenters with Mesh Gateways tutorial](/consul/tutorials/developer-mesh/service-mesh-gateways?utm_source=docs)
* [Secure Service Mesh Communication Across Kubernetes Clusters tutorial](/consul/tutorials/kubernetes/kubernetes-mesh-gateways?utm_source=docs?in=consul/kubernetes)
When using admin partitions, you must add Lambda services to the `Services`
field of [the `exported-services` configuration
@ -124,7 +124,7 @@ The following diagram shows the flow of events from EventBridge into Consul:
#### Optional: Store the CA Certificate in Parameter Store
When Lambda registrator makes a request to Consul's [HTTP API](/api-docs) over HTTPS and the Consul API is signed by a custom CA, Lambda registrator uses the CA certificate stored in AWS Parameter Store (refer to the [Parameter Store documentation](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html) for additional information) to verify the authenticity of the Consul API. You can apply the following Terraform configuration to store Consuls server CA in Parameter Store:
When Lambda registrator makes a request to Consul's [HTTP API](/api-docs) over HTTPS and the Consul API is signed by a custom CA, Lambda registrator uses the CA certificate stored in AWS Parameter Store (refer to the [Parameter Store documentation](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html) for additional information) to verify the authenticity of the Consul API. You can apply the following Terraform configuration to store Consul's server CA in Parameter Store:
```hcl
resource "aws_ssm_parameter" "ca-cert" {
@ -278,6 +278,6 @@ The following tags are supported. In all cases, the `<PREFIX>` should be
| - | - |
| `<PREFIX>/enabled` | Determines if Consul configures the service as an AWS Lambda. |
| `<PREFIX>/payload-passthrough` | Determines if the body Envoy receives is converted to JSON or directly passed to Lambda. |
| `<PREFIX>/arn` | Specifies the [AWS ARN](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) for the services Lambda. |
| `<PREFIX>/arn` | Specifies the [AWS ARN](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) for the service's Lambda. |
| `<PREFIX>/invocation-mode` | Determines if Consul configures the Lambda to be invoked using the `synchronous` or `asynchronous` [invocation mode](https://docs.aws.amazon.com/lambda/latest/operatorguide/invocation-modes.html). |
| `<PREFIX>/region` | Specifies the AWS region the Lambda is running in. |

View file

@ -55,6 +55,6 @@ Each driver includes a set of providers that [enables support](/docs/nia/terrafo
## Security Guidelines
The [Secure Consul-Terraform-Sync for Production](https://learn.hashicorp.com/tutorials/consul/consul-terraform-sync-secure?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS)
The [Secure Consul-Terraform-Sync for Production](/consul/tutorials/network-infrastructure-automation/consul-terraform-sync-secure?utm_source=docs)
tutorial contains a checklist of best practices to secure your
CTS installation for a production environment.

View file

@ -128,7 +128,7 @@ consul {
| `service_registration` | Optional| [service_registration](/docs/nia/configuration#service-registration) | Options for how CTS will register itself as a service with a health check to Consul. ||
##### ACL Requirements
The following table describes the ACL policies required by CTS. For more information, refer to the [Secure Consul-Terraform-Sync for Production](https://learn.hashicorp.com/tutorials/consul/consul-terraform-sync-secure?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS#configure-acl-privileges-for-consul-terraform-sync) tutorial.
The following table describes the ACL policies required by CTS. For more information, refer to the [Secure Consul-Terraform-Sync for Production](/consul/tutorials/network-infrastructure-automation/consul-terraform-sync-secure?utm_source=docs#configure-acl-privileges-for-consul-terraform-sync) tutorial.
| Policy | Resources |
| ------ | --------- |
@ -271,7 +271,7 @@ task {
- `source` - (string: required) **Deprecated in CTS 0.5.0 and will be removed in a future major release. See the `module` field instead.**
- `module` - (string: required) Module is the location the driver uses to discover the Terraform module used for automation. The module's source can be local or remote on the [Terraform Registry](https://registry.terraform.io/) or private module registry. Read more on [Terraform module source and other supported types here](https://www.terraform.io/docs/modules/sources.html).
- To use a private module with the [`terraform` driver](#terraform-driver), run the command [`terraform login [hostname]`](https://learn.hashicorp.com/tutorials/terraform/cloud-login) to authenticate the local Terraform CLI prior to starting CTS.
- To use a private module with the [`terraform` driver](#terraform-driver), run the command [`terraform login [hostname]`](/terraform/tutorials/cloud/cloud-login?utm_source=docs) to authenticate the local Terraform CLI prior to starting CTS.
- To use a private module with the [`terraform_cloud` driver](#terraform-cloud-driver), no extra steps are needed.
```hcl
@ -622,7 +622,7 @@ driver "terraform" {
- `backend` - (obj) The backend stores [Terraform state files](https://www.terraform.io/docs/state/index.html) for each task. This option is similar to the [Terraform backend configuration](https://www.terraform.io/docs/configuration/backend.html). CTS supports Terraform backends used as a state store.
- Supported backend options: [azurerm](https://www.terraform.io/docs/backends/types/azurerm.html), [consul](https://www.terraform.io/docs/backends/types/consul.html), [cos](https://www.terraform.io/docs/backends/types/cos.html), [gcs](https://www.terraform.io/docs/backends/types/gcs.html), [kubernetes](https://www.terraform.io/docs/backends/types/kubernetes.html), [local](https://www.terraform.io/docs/backends/types/local.html), [manta](https://www.terraform.io/docs/backends/types/manta.html), [pg](https://www.terraform.io/docs/backends/types/pg.html) (Terraform v0.14+), [s3](https://www.terraform.io/docs/backends/types/s3.html). Visit the Terraform documentation links for details on backend configuration options.
- If omitted, CTS will generate default values and use configurations from the [`consul` block](#consul) to configure [Consul as the backend](https://www.terraform.io/docs/backends/types/consul.html), which stores Terraform statefiles in the Consul KV. The [ACL token provided for Consul authentication](#consul) is used to read and write to the KV store and requires [Consul KV privileges](https://learn.hashicorp.com/tutorials/consul/consul-terraform-sync-secure?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS#configure-acl-privileges-for-consul-terraform-sync). The Consul KV path is the base path to store state files for tasks. The full path of each state file will have the task identifier appended to the end of the path, e.g. `consul-terraform-sync/terraform-env:task-name`.
- If omitted, CTS will generate default values and use configurations from the [`consul` block](#consul) to configure [Consul as the backend](https://www.terraform.io/docs/backends/types/consul.html), which stores Terraform statefiles in the Consul KV. The [ACL token provided for Consul authentication](#consul) is used to read and write to the KV store and requires [Consul KV privileges](/consul/tutorials/network-infrastructure-automation/consul-terraform-sync-secure?utm_source=docs#configure-acl-privileges-for-consul-terraform-sync). The Consul KV path is the base path to store state files for tasks. The full path of each state file will have the task identifier appended to the end of the path, e.g. `consul-terraform-sync/terraform-env:task-name`.
- The remote enhanced backend is not supported with the Terraform driver to run operations in Terraform Cloud. Use the [Terraform Cloud driver](#terraform-cloud-driver) to integrate CTS with Terraform Cloud for remote workspaces and remote operations.
- `log` - (bool) Enable all Terraform output (stderr and stdout) to be included in the CTS log. This is useful for debugging and development purposes. It may be difficult to work with log aggregators that expect uniform log format.
- `path` - (string) The file path to install Terraform or discover an existing Terraform binary. If omitted, Terraform will be installed in the same directory as the CTS daemon. To resolve an incompatible Terraform version or to change versions will require removing the existing binary or change to a different path.

View file

@ -53,7 +53,7 @@ If a license needs to be manually set, choose one of the following methods (in o
```
~> **Note**: the [options to set the license and the order of precedence](/docs/enterprise/license/overview#binaries-without-built-in-licenses) are the same as Consul Enterprise server agents.
Visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?in=consul/enterprise) for detailed steps on how to install the license key.
Visit the [Enterprise License Tutorial](/consul/tutorials/enterprise/hashicorp-enterprise-license?utm_source=docs) for detailed steps on how to install the license key.
### Updating the License Manually
To update the license when it expires or is near the expiration date and automatic license retrieval is disabled:

View file

@ -11,7 +11,7 @@ Network Infrastructure Automation (NIA) enables dynamic updates to network infra
CTS executes one or more automation tasks with the most recent service variable values from the Consul service catalog. Each task consists of a runbook automation written as a CTS compatible Terraform module using resources and data sources for the underlying network infrastructure. The `consul-terraform-sync` daemon runs on the same node as a Consul agent.
CTS is available as an open source and enterprise distribution. Follow the [Network Infrastructure Automation introduction tutorial](https://learn.hashicorp.com/tutorials/consul/consul-terraform-sync-intro?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) to get started with CTS OSS or read more about [CTS Enterprise](/docs/nia/enterprise).
CTS is available as an open source and enterprise distribution. Follow the [Network Infrastructure Automation introduction tutorial](/consul/tutorials/network-infrastructure-automation/consul-terraform-sync-intro?utm_source=docs) to get started with CTS OSS or read more about [CTS Enterprise](/docs/nia/enterprise).
## Use Cases
@ -61,7 +61,7 @@ CTS is available as an open source and enterprise distribution. Follow the [Netw
## Getting Started With Network Infrastructure Automation
The [Network Infrastructure Automation (NIA)](https://learn.hashicorp.com/collections/consul/network-infrastructure-automation?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS)
The [Network Infrastructure Automation (NIA)](/consul/tutorials/network-infrastructure-automation?utm_source=docs)
collection contains examples on how to configure CTS to
perform Network Infrastructure Automation. The collection contains also a
tutorial to secure your CTS configuration for a production

View file

@ -7,7 +7,7 @@ description: >-
# Install Consul-Terraform-Sync
Refer to the [introduction](https://learn.hashicorp.com/tutorials/consul/consul-terraform-sync-intro?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) tutorial for details about installing, configuring, and running Consul-Terraform-Sync (CTS) on your local machine with the Terraform driver.
Refer to the [introduction](/consul/tutorials/network-infrastructure-automation/consul-terraform-sync-intro?utm_source=docs) tutorial for details about installing, configuring, and running Consul-Terraform-Sync (CTS) on your local machine with the Terraform driver.
## Install Consul-Terraform-Sync

View file

@ -25,13 +25,13 @@ Below are several steps towards a minimum Consul setup required for running CTS.
CTS is a daemon that runs alongside Consul, similar to other Consul ecosystem tools like Consul Template. CTS is not included with the Consul binary and needs to be installed separately.
To install a local Consul agent, refer to the [Getting Started: Install Consul Tutorial](https://learn.hashicorp.com/tutorials/consul/get-started-install).
To install a local Consul agent, refer to the [Getting Started: Install Consul Tutorial](/consul/tutorials/getting-started/get-started-install?utm_source=docs).
For information on compatible Consul versions, refer to the [Consul compatibility matrix](/docs/nia/compatibility#consul).
### Run an Agent
The Consul agent must be running in order to dynamically update network devices. To run the local Consul agent, you can run Consul in development mode which can be started with `consul agent -dev` for simplicity. For more details on running Consul agent, refer to the [Getting Started: Run the Consul Agent Tutorial](https://learn.hashicorp.com/tutorials/consul/get-started-agent?in=consul/getting-started).
The Consul agent must be running in order to dynamically update network devices. To run the local Consul agent, you can run Consul in development mode which can be started with `consul agent -dev` for simplicity. For more details on running Consul agent, refer to the [Getting Started: Run the Consul Agent Tutorial](/consul/tutorials/getting-started/get-started-agent?utm_source=docs).
When running a Consul agent with CTS in production, we suggest to keep a few considerations in mind. CTS uses [blocking queries](/api-docs/features/blocking) to monitor task dependencies, like changes to registered services. This results in multiple long running TCP connections between CTS and the agent to poll changes for each dependency. Monitoring a high number of services may quickly hit the default Consul agent connection limits.
@ -58,13 +58,13 @@ The above example registers a service named "web" with your Consul agent. This r
For more details on registering a service by HTTP API request, refer to the [register service API docs](/api-docs/agent/service#register-service).
For more details on registering a service by loading a service definition, refer to the [Getting Started: Register a Service with Consul Service Discovery Tutorial](https://learn.hashicorp.com/tutorials/consul/get-started-service-discovery?in=consul/getting-started).
For more details on registering a service by loading a service definition, refer to the [Getting Started: Register a Service with Consul Service Discovery Tutorial](/consul/tutorials/getting-started/get-started-service-discovery?utm_source=docs?in=consul/getting-started).
### Run a Cluster
The previous steps of installing and running a single Consul agent then registering a single service is sufficient to meaningfully start running CTS.
If you would like to run a Consul cluster rather than a single agent, refer to [Getting Started: Create a Local Consul Datacenter](https://learn.hashicorp.com/tutorials/consul/get-started-create-datacenter?in=consul/getting-started). This will walk you through the steps of running multiple Consul agents and then joining them together into a cluster.
If you would like to run a Consul cluster rather than a single agent, refer to [Getting Started: Create a Local Consul Datacenter](/consul/tutorials/getting-started/get-started-create-datacenter?utm_source=docs). This will walk you through the steps of running multiple Consul agents and then joining them together into a cluster.
## Network Infrastructure (using a Terraform Provider)
@ -76,7 +76,7 @@ To find providers for the infrastructure platforms you use, browse the providers
### How to Create a Provider
If there is no existing Terraform provider, a new Terraform provider can be [created](https://learn.hashicorp.com/tutorials/terraform/provider-setup) and [published](https://www.terraform.io/docs/registry/providers/publishing.html). The provider can then be used within a network integration task by authoring a compatible Terraform module.
If there is no existing Terraform provider, a new Terraform provider can be [created](/terraform/tutorials/providers/provider-setup?utm_source=docs) and [published](https://www.terraform.io/docs/registry/providers/publishing.html). The provider can then be used within a network integration task by authoring a compatible Terraform module.
## Network Integration (using a Terraform Module)

View file

@ -31,4 +31,4 @@ description: >-
CTS allows you to inspect your configuration before applying any change and to run in once mode, meaning that you can verify the changes are correctly applied in a test run before running it in unsupervised daemon mode.
To learn more on these options check the [Consul-Terraform-Sync Run Modes and Status Inspection](https://learn.hashicorp.com/tutorials/consul/consul-terraform-sync-run-and-inspect?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) tutorial.
To learn more on these options check the [Consul-Terraform-Sync Run Modes and Status Inspection](/consul/tutorials/network-infrastructure-automation/consul-terraform-sync-run-and-inspect?utm_source=docs) tutorial.

View file

@ -120,7 +120,7 @@ The services module input operates by monitoring the [Health List Nodes For Serv
| `node_tagged_addresses` | List of explicit LAN and WAN IP addresses for the agent |
| `node_meta` | List of user-defined metadata key/value pairs for the node |
Below is an example configuration for a task that will execute on a schedule and provide information about the services matching the `regexp` parameter to the tasks module.
Below is an example configuration for a task that will execute on a schedule and provide information about the services matching the `regexp` parameter to the task's module.
```hcl
task {
@ -228,7 +228,7 @@ task {
## How to Create a Compatible Terraform Module
You can read more on how to [create a module](https://www.terraform.io/docs/modules/index.html) or work through a [tutorial to build a module](https://learn.hashicorp.com/tutorials/terraform/module-create). CTS is designed to integrate with any module that satisfies the specifications in the following section.
You can read more on how to [create a module](https://www.terraform.io/docs/modules/index.html) or work through a [tutorial to build a module](/terraform/tutorials/modules/module-create?utm_source=docs). CTS is designed to integrate with any module that satisfies the specifications in the following section.
The repository [hashicorp/consul-terraform-sync-template-module](https://github.com/hashicorp/consul-terraform-sync-template-module) can be cloned and used as a starting point for structuring a compatible Terraform module. The template repository has the files described in the next steps prepared.

View file

@ -41,7 +41,7 @@ This release includes the following features and capabilities:
1. Deploy 1 or more logical API Gateways per Kubernetes cluster
1. Support for HTTP, HTTPS, TCP, and TCP+TLS
1. Support for HTTP versions 1.1 and 2
1. Load balance across a services instances
1. Load balance across a service's instances
1. Listeners load TLS certificates, signed by any CA, from Kubernetes secret storage
1. Route HTTP/S traffic to Services based on matching:
- Hostname

View file

@ -15,7 +15,7 @@ description: >-
releases of Consul API Gateway, users could route requests from the API
Gateway across various namespaces without providing any sort of explicit
permissions. While this meant that any service connected to the service mesh
was reachable, it didnt allow users to set the more granular restrictions or
was reachable, it didn't allow users to set the more granular restrictions or
permissions that they may expect.
This version of API Gateway implements Cross Namespace Reference Policies

View file

@ -15,9 +15,9 @@ description: >-
- **Streaming Enabled by Default for Service Health:** Streaming is a major architectural enhancement in how update notifications for blocking queries are delivered within the cluster which significantly reduces CPU and network bandwidth usage for large-scale Consul deployments. In Consul 1.10, streaming is now available for the service health HTTP endpoint and is enabled by default.
- **Redesigned UI and Observability Enhancements:** The Consul UI has been redesigned with a new sidebar layout. Additionally, Kubernetes users now have the ability to deploy Prometheus via the Consul Helm chart which automatically integrates it with Consuls Service Visualization UI for displaying traffic metrics between services. Lastly, Pod and Envoy metrics can now be exposed to Prometheus using Kubernetes annotations via a single aggregated endpoint.
- **Redesigned UI and Observability Enhancements:** The Consul UI has been redesigned with a new sidebar layout. Additionally, Kubernetes users now have the ability to deploy Prometheus via the Consul Helm chart which automatically integrates it with Consul's Service Visualization UI for displaying traffic metrics between services. Lastly, Pod and Envoy metrics can now be exposed to Prometheus using Kubernetes annotations via a single aggregated endpoint.
- **Deprecation of Legacy ACL System:** In Consul 1.4, we upgraded to a new Access Controls (ACLs) system. This upgrade made improvements in Consuls ACL system handles the API, Tokens, and Policies. With Consul 1.10, the legacy system is officially deprecated, and will be removed from Consul in a later release. We strongly recommend that users begin the process of migrating to the newer ACL system.
- **Deprecation of Legacy ACL System:** In Consul 1.4, we upgraded to a new Access Controls (ACLs) system. This upgrade made improvements in Consul's ACL system handles the API, Tokens, and Policies. With Consul 1.10, the legacy system is officially deprecated, and will be removed from Consul in a later release. We strongly recommend that users begin the process of migrating to the newer ACL system.
## What's Changed

View file

@ -21,7 +21,7 @@ description: >-
## What's Changed
- The legacy ACL system that was deprecated in Consul 1.4.0 has been removed. Before upgrading you should verify that all tokens and policies have been migrated to the newer ACL system. See the [Migrate Legacy ACL Tokens Learn Guide](https://learn.hashicorp.com/tutorials/consul/access-control-token-migration) for more information.
- The legacy ACL system that was deprecated in Consul 1.4.0 has been removed. Before upgrading you should verify that all tokens and policies have been migrated to the newer ACL system. See the [Migrate Legacy ACL Tokens Learn Guide](/consul/tutorials/security-operations/access-control-token-migration?utm_source=docs) for more information.
- The `agent_master` ACL token has been renamed to `agent_recovery` ACL token. In addition, the `consul acl set-agent-token master` command has been replaced with `consul acl set-agent-token recovery`. See [ACL Agent Recovery Token](/docs/security/acl/acl-tokens#acl-agent-recovery-token) and [Consul ACL Set Agent Token](/commands/acl/set-agent-token) for more information.

View file

@ -9,7 +9,7 @@ description: >-
## Release Highlights
- **Application-Aware Intentions:** A new set of capabilities that extends Consuls intentions model to support Layer 7 request information. Intentions now provide the ability for operators to construct policies which evaluate application-layer information such as HTTP Path, Headers, or Method in addition to service identity when authorizing HTTP-based (HTTP/1.1, HTTP/2, gRPC) service-to-service communication.
- **Application-Aware Intentions:** A new set of capabilities that extends Consul's intentions model to support Layer 7 request information. Intentions now provide the ability for operators to construct policies which evaluate application-layer information such as HTTP Path, Headers, or Method in addition to service identity when authorizing HTTP-based (HTTP/1.1, HTTP/2, gRPC) service-to-service communication.
- **Service Mesh Visualization:** This addition provides a new topology tab to the Consul UI which displays topology diagrams and key service mesh metrics like request, error rates, and timing metrics. These new features will assist developers and operators in verifying configuration and troubleshooting issues within the service mesh. The UI also supports deep linking into your external metrics dashboards.
@ -17,7 +17,7 @@ description: >-
- **Custom Resources for Kubernetes:** Consul now provides a Kubernetes-first experience through CRDs to allow practitioners to easily configure Consul service mesh via Kubernetes-style objects.
- **Deploy Consul in OpenShift:** Enable installing Consul via Helm chart in OpenShift. Weve now ensured that Consul Kubernetes runs on OpenShift securely by ensuring that Consul runs as non-root and also provided a set of SecurityContextConstraints to deploy Consul securely.
- **Deploy Consul in OpenShift:** Enable installing Consul via Helm chart in OpenShift. We've now ensured that Consul Kubernetes runs on OpenShift securely by ensuring that Consul runs as non-root and also provided a set of SecurityContextConstraints to deploy Consul securely.
- Installing Consul on OpenShift should now be as simple as running a Helm install with the `global.openshift.enabled` set to `true`.
- **Active Health Checks for Consul on Kubernetes:** Consul service mesh now integrates with Kubernetes Readiness probes. This provides the ability to natively detect health status from Kubernetes via Readiness probe, and is then used for directing service mesh traffic.

Some files were not shown because too many files have changed in this diff Show more