docs: Add JSON examples to all config entries

This commit adds example JSON configs for several config entry
resources were missing examples in this language.

The examples have been updated to use the new CodeTabs resource
instead of the Tab component.
This commit is contained in:
Blake Covarrubias 2021-06-12 17:53:50 -07:00 committed by Blake Covarrubias
parent 41b2f08695
commit 6f1fa59005
10 changed files with 931 additions and 811 deletions

View File

@ -67,7 +67,7 @@ The table below shows this endpoint's support for
### Sample Payload ### Sample Payload
```javascript ```json
{ {
"Kind": "service-defaults", "Kind": "service-defaults",
"Name": "web", "Name": "web",

View File

@ -47,13 +47,13 @@ A wildcard specifier cannot be set on a listener of protocol `tcp`.
### TCP listener ### TCP listener
<Tabs>
<Tab heading="HCL">
<Tabs> <Tabs>
<Tab heading="Consul OSS"> <Tab heading="Consul OSS">
Set up a TCP listener on an ingress gateway named "us-east-ingress" to proxy traffic to the "db" service: Set up a TCP listener on an ingress gateway named "us-east-ingress" to proxy traffic to the "db" service:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "ingress-gateway" Kind = "ingress-gateway"
Name = "us-east-ingress" Name = "us-east-ingress"
@ -71,12 +71,47 @@ Listeners = [
] ]
``` ```
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: IngressGateway
metadata:
name: us-east-ingress
spec:
listeners:
- port: 3456
protocol: tcp
services:
- name: db
```
```json
{
"Kind": "ingress-gateway",
"Name": "us-east-ingress",
"Listeners": [
{
"Port": 3456,
"Protocol": "tcp",
"Services": [
{
"Name": "db"
}
]
}
]
}
```
</CodeTabs>
</Tab> </Tab>
<Tab heading="Consul Enterprise"> <Tab heading="Consul Enterprise">
Set up a TCP listener on an ingress gateway named "us-east-ingress" in the default namespace Set up a TCP listener on an ingress gateway named "us-east-ingress" in the default namespace
to proxy traffic to the "db" service in the ops namespace: to proxy traffic to the "db" service in the ops namespace:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "ingress-gateway" Kind = "ingress-gateway"
Name = "us-east-ingress" Name = "us-east-ingress"
@ -96,34 +131,6 @@ Listeners = [
] ]
``` ```
</Tab>
</Tabs>
</Tab>
<Tab heading="Kubernetes YAML">
<Tabs>
<Tab heading="Consul OSS">
Set up a TCP listener on an ingress gateway named "us-east-ingress" to proxy traffic to the "db" service:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: IngressGateway
metadata:
name: us-east-ingress
spec:
listeners:
- port: 3456
protocol: tcp
services:
- name: db
```
</Tab>
<Tab heading="Consul Enterprise">
Set up a TCP listener on an ingress gateway named "us-east-ingress" in the default namespace
to proxy traffic to the "db" service in the ops namespace:
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
kind: IngressGateway kind: IngressGateway
@ -139,39 +146,6 @@ spec:
namespace: ops namespace: ops
``` ```
</Tab>
</Tabs>
</Tab>
<Tab heading="JSON">
<Tabs>
<Tab heading="Consul OSS">
Set up a TCP listener on an ingress gateway named "us-east-ingress" to proxy traffic to the "db" service:
```json
{
"Kind": "ingress-gateway",
"Name": "us-east-ingress",
"Listeners": [
{
"Port": 3456,
"Protocol": "tcp",
"Services": [
{
"Name": "db"
}
]
}
]
}
```
</Tab>
<Tab heading="Consul Enterprise">
Set up a TCP listener on an ingress gateway named "us-east-ingress" in the default namespace
to proxy traffic to the "db" service in the ops namespace:
```json ```json
{ {
"Kind": "ingress-gateway", "Kind": "ingress-gateway",
@ -192,21 +166,21 @@ to proxy traffic to the "db" service in the ops namespace:
} }
``` ```
</Tab> </CodeTabs>
</Tabs>
</Tab> </Tab>
</Tabs> </Tabs>
### Wildcard HTTP listener ### Wildcard HTTP listener
<Tabs>
<Tab heading="HCL">
<Tabs> <Tabs>
<Tab heading="Consul OSS"> <Tab heading="Consul OSS">
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the datacenter. Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the datacenter.
Also make two services available over a custom port with user-provided hosts, and enable TLS on every listener: Also make two services available over a custom port with user-provided hosts, and enable TLS on every listener:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "ingress-gateway" Kind = "ingress-gateway"
Name = "us-east-ingress" Name = "us-east-ingress"
@ -242,12 +216,73 @@ Listeners = [
] ]
``` ```
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: IngressGateway
metadata:
name: us-east-ingress
spec:
tls:
enabled: true
listeners:
- port: 8080
protocol: http
services:
- name: '*'
- port: 4567
protocol: http
services:
- name: api
hosts: ['foo.example.com', 'foo.example.com:4567']
- name: web
hosts: ['website.example.com', 'website.example.com:4567']
```
```json
{
"Kind": "ingress-gateway",
"Name": "us-east-ingress",
"TLS": {
"Enabled": true
},
"Listeners": [
{
"Port": 8080,
"Protocol": "http",
"Services": [
{
"Name": "*"
}
]
},
{
"Port": 4567,
"Protocol": "http",
"Services": [
{
"Name": "api",
"Hosts": ["foo.example.com", "foo.example.com:4567"]
},
{
"Name": "web",
"Hosts": ["website.example.com", "website.example.com:4567"]
}
]
}
]
}
```
</CodeTabs>
</Tab> </Tab>
<Tab heading="Consul Enterprise"> <Tab heading="Consul Enterprise">
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the frontend namespace. Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the frontend namespace.
Also make two services in the frontend namespace available over a custom port with user-provided hosts, and enable TLS on every listener: Also make two services in the frontend namespace available over a custom port with user-provided hosts, and enable TLS on every listener:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "ingress-gateway" Kind = "ingress-gateway"
Name = "us-east-ingress" Name = "us-east-ingress"
@ -287,44 +322,6 @@ Listeners = [
] ]
``` ```
</Tab>
</Tabs>
</Tab>
<Tab heading="Kubernetes YAML">
<Tabs>
<Tab heading="Consul OSS">
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the datacenter.
Also make two services available over a custom port with user-provided hosts, and enable TLS on every listener:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: IngressGateway
metadata:
name: us-east-ingress
spec:
tls:
enabled: true
listeners:
- port: 8080
protocol: http
services:
- name: '*'
- port: 4567
protocol: http
services:
- name: api
hosts: ['foo.example.com', 'foo.example.com:4567']
- name: web
hosts: ['website.example.com', 'website.example.com:4567']
```
</Tab>
<Tab heading="Consul Enterprise">
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the frontend namespace.
Also make two services in the frontend namespace available over a custom port with user-provided hosts, and enable TLS on every listener:
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
kind: IngressGateway kind: IngressGateway
@ -351,57 +348,6 @@ spec:
hosts: ['website.example.com', 'website.example.com:4567'] hosts: ['website.example.com', 'website.example.com:4567']
``` ```
</Tab>
</Tabs>
</Tab>
<Tab heading="JSON">
<Tabs>
<Tab heading="Consul OSS">
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the datacenter.
Also make two services available over a custom port with user-provided hosts, and enable TLS on every listener:
```json
{
"Kind": "ingress-gateway",
"Name": "us-east-ingress",
"TLS": {
"Enabled": true
},
"Listeners": [
{
"Port": 8080,
"Protocol": "http",
"Services": [
{
"Name": "*"
}
]
},
{
"Port": 4567,
"Protocol": "http",
"Services": [
{
"Name": "api",
"Hosts": ["foo.example.com", "foo.example.com:4567"]
},
{
"Name": "web",
"Hosts": ["website.example.com", "website.example.com:4567"]
}
]
}
]
}
```
</Tab>
<Tab heading="Consul Enterprise">
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the frontend namespace.
Also make two services in the frontend namespace available over a custom port with user-provided hosts, and enable TLS on every listener:
```json ```json
{ {
"Kind": "ingress-gateway", "Kind": "ingress-gateway",
@ -441,21 +387,21 @@ Also make two services in the frontend namespace available over a custom port wi
} }
``` ```
</Tab> </CodeTabs>
</Tabs>
</Tab> </Tab>
</Tabs> </Tabs>
### HTTP listener with path-based routing ### HTTP listener with path-based routing
<Tabs>
<Tab heading="HCL">
<Tabs> <Tabs>
<Tab heading="Consul OSS"> <Tab heading="Consul OSS">
Set up a HTTP listener on an ingress gateway named "us-east-ingress" to proxy Set up a HTTP listener on an ingress gateway named "us-east-ingress" to proxy
traffic to a virtual service named "api". traffic to a virtual service named "api".
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "ingress-gateway" Kind = "ingress-gateway"
Name = "us-east-ingress" Name = "us-east-ingress"
@ -473,12 +419,47 @@ Listeners = [
] ]
``` ```
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: IngressGateway
metadata:
name: us-east-ingress
spec:
listeners:
- port: 80
protocol: http
services:
- name: api
```
```json
{
"Kind": "ingress-gateway",
"Name": "us-east-ingress",
"Listeners": [
{
"Port": 80,
"Protocol": "http",
"Services": [
{
"Name": "api"
}
]
}
]
}
```
</CodeTabs>
</Tab> </Tab>
<Tab heading="Consul Enterprise"> <Tab heading="Consul Enterprise">
Set up a HTTP listener on an ingress gateway named "us-east-ingress" in the Set up a HTTP listener on an ingress gateway named "us-east-ingress" in the
default namespace to proxy traffic to a virtual service named "api". default namespace to proxy traffic to a virtual service named "api".
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "ingress-gateway" Kind = "ingress-gateway"
Name = "us-east-ingress" Name = "us-east-ingress"
@ -498,35 +479,6 @@ Listeners = [
] ]
``` ```
</Tab>
</Tabs>
</Tab>
<Tab heading="Kubernetes YAML">
<Tabs>
<Tab heading="Consul OSS">
Set up a HTTP listener on an ingress gateway named "us-east-ingress" to proxy
traffic to a virtual service named "api".
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: IngressGateway
metadata:
name: us-east-ingress
spec:
listeners:
- port: 80
protocol: http
services:
- name: api
```
</Tab>
<Tab heading="Consul Enterprise">
Set up a HTTP listener on an ingress gateway named "us-east-ingress" in the
default namespace to proxy traffic to a virtual service named "api".
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
kind: IngressGateway kind: IngressGateway
@ -542,40 +494,6 @@ spec:
namespace: frontend namespace: frontend
``` ```
</Tab>
</Tabs>
</Tab>
<Tab heading="JSON">
<Tabs>
<Tab heading="Consul OSS">
Set up a HTTP listener on an ingress gateway named "us-east-ingress" to proxy
traffic to a virtual service named "api".
```json
{
"Kind": "ingress-gateway",
"Name": "us-east-ingress",
"Listeners": [
{
"Port": 80,
"Protocol": "http",
"Services": [
{
"Name": "api"
}
]
}
]
}
```
</Tab>
<Tab heading="Consul Enterprise">
Set up a HTTP listener on an ingress gateway named "us-east-ingress" in the
default namespace to proxy traffic to a virtual service named "api".
```json ```json
{ {
"Kind": "ingress-gateway", "Kind": "ingress-gateway",
@ -596,8 +514,8 @@ default namespace to proxy traffic to a virtual service named "api".
} }
``` ```
</Tab> </CodeTabs>
</Tabs>
</Tab> </Tab>
</Tabs> </Tabs>
@ -606,11 +524,11 @@ service for L7 configuration only. A `service-router` (`ServiceRouter` on Kubern
virtual service which uses path-based routing to route requests to different virtual service which uses path-based routing to route requests to different
backend services: backend services:
<Tabs>
<Tab heading="HCL">
<Tabs> <Tabs>
<Tab heading="Consul OSS"> <Tab heading="Consul OSS">
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "service-router" Kind = "service-router"
Name = "api" Name = "api"
@ -640,48 +558,6 @@ Routes = [
] ]
``` ```
</Tab>
<Tab heading="Consul Enterprise">
```hcl
Kind = "service-router"
Name = "api"
Namespace = "default"
Routes = [
{
Match {
HTTP {
PathPrefix = "/billing"
}
}
Destination {
Service = "billing-api"
Namespace = "frontend"
}
},
{
Match {
HTTP {
PathPrefix = "/payments"
}
}
Destination {
Service = "payments-api"
Namespace = "frontend"
}
}
]
```
</Tab>
</Tabs>
</Tab>
<Tab heading="Kubernetes YAML">
<Tabs>
<Tab heading="Consul OSS">
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceRouter kind: ServiceRouter
@ -701,38 +577,6 @@ spec:
service: payments-api service: payments-api
``` ```
</Tab>
<Tab heading="Consul Enterprise">
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceRouter
metadata:
name: api
namespace: default
spec:
routes:
- match:
http:
pathPrefix: '/billing'
destination:
service: billing-api
namespace: frontend
- match:
http:
pathPrefix: '/payments'
destination:
service: payments-api
namespace: frontend
```
</Tab>
</Tabs>
</Tab>
<Tab heading="JSON">
<Tabs>
<Tab heading="Consul OSS">
```json ```json
{ {
"Kind": "service-router", "Kind": "service-router",
@ -762,9 +606,67 @@ spec:
} }
``` ```
</CodeTabs>
</Tab> </Tab>
<Tab heading="Consul Enterprise"> <Tab heading="Consul Enterprise">
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "service-router"
Name = "api"
Namespace = "default"
Routes = [
{
Match {
HTTP {
PathPrefix = "/billing"
}
}
Destination {
Service = "billing-api"
Namespace = "frontend"
}
},
{
Match {
HTTP {
PathPrefix = "/payments"
}
}
Destination {
Service = "payments-api"
Namespace = "frontend"
}
}
]
```
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceRouter
metadata:
name: api
namespace: default
spec:
routes:
- match:
http:
pathPrefix: '/billing'
destination:
service: billing-api
namespace: frontend
- match:
http:
pathPrefix: '/payments'
destination:
service: payments-api
namespace: frontend
```
```json ```json
{ {
"Kind": "service-router", "Kind": "service-router",
@ -797,8 +699,8 @@ spec:
} }
``` ```
</Tab> </CodeTabs>
</Tabs>
</Tab> </Tab>
</Tabs> </Tabs>

View File

@ -23,7 +23,9 @@ Settings in this config entry apply across all namespaces and federated datacent
Only allow transparent proxies to dial addresses in the mesh. Only allow transparent proxies to dial addresses in the mesh.
<Tabs> <Tabs>
<Tab heading="HCL"> <Tab heading="Consul OSS">
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "mesh" Kind = "mesh"
@ -32,12 +34,35 @@ TransparentProxy {
} }
``` ```
</Tab> ```yaml
<Tab heading="HCL (Consul Enterprise)"> apiVersion: consul.hashicorp.com/v1alpha1
kind: Mesh
metadata:
name: mesh
spec:
transparentProxy:
meshDestinationsOnly: true
```
**NOTE:** The `mesh` config entry can only be created in the `default` ```json
{
"Kind": "mesh",
"TransparentProxy": {
"MeshDestinationsOnly": true
}
}
```
</CodeTabs>
</Tab>
<Tab heading="Consul Enterprise">
-> **Note**: The `mesh` config entry can only be created in the `default`
namespace and it will apply to proxies across **all** namespaces. namespace and it will apply to proxies across **all** namespaces.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "mesh" Kind = "mesh"
Namespace = "default" # Can only be set to "default". Namespace = "default" # Can only be set to "default".
@ -47,9 +72,6 @@ TransparentProxy {
} }
``` ```
</Tab>
<Tab heading="Kubernetes YAML">
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
kind: Mesh kind: Mesh
@ -60,23 +82,18 @@ spec:
meshDestinationsOnly: true meshDestinationsOnly: true
``` ```
</Tab> ```json
<Tab heading="Kubernetes YAML (Consul Enterprise)"> {
"Kind": "mesh",
**NOTE:** A `Mesh` resource can be created in any Kubernetes "Namespace": "default",
namespace but it will apply to proxies across **all** namespaces. Only one "TransparentProxy": {
`Mesh` resource can exist in the cluster. "MeshDestinationsOnly": true
}
```yaml }
apiVersion: consul.hashicorp.com/v1alpha1
kind: Mesh
metadata:
name: mesh
spec:
transparentProxy:
meshDestinationsOnly: true
``` ```
</CodeTabs>
</Tab> </Tab>
</Tabs> </Tabs>

View File

@ -20,11 +20,15 @@ one global entry is supported.
### Default protocol ### Default protocol
Set the default protocol for all sidecar proxies:
<Tabs> <Tabs>
<Tab heading="HCL"> <Tab heading="Consul OSS">
Set the default protocol for all sidecar proxies: Set the default protocol for all sidecar proxies:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "proxy-defaults" Kind = "proxy-defaults"
Name = "global" Name = "global"
@ -33,14 +37,36 @@ Config {
} }
``` ```
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ProxyDefaults
metadata:
name: global
spec:
config:
protocol: http
```
```json
{
"Kind": "proxy-defaults",
"Name": "global",
"Config": {
"protocol": "http"
}
}
```
</CodeTabs>
</Tab> </Tab>
<Tab heading="HCL (Consul Enterprise)"> <Tab heading="Consul Enterprise">
Set the default protocol for all sidecar proxies. -> **NOTE:** The `proxy-defaults` config entry can only be created in the `default`
**NOTE:** The `proxy-defaults` config entry can only be created in the `default`
namespace and it will configure proxies in **all** namespaces. namespace and it will configure proxies in **all** namespaces.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "proxy-defaults" Kind = "proxy-defaults"
Name = "global" Name = "global"
@ -50,46 +76,39 @@ Config {
} }
``` ```
</Tab>
<Tab heading="Kubernetes YAML">
Set the default protocol for all sidecar proxies:
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
kind: ProxyDefaults kind: ProxyDefaults
metadata: metadata:
name: global name: global
namespace: default
spec: spec:
config: config:
protocol: http protocol: http
``` ```
</Tab> ```json
<Tab heading="Kubernetes YAML (Consul Enterprise)"> {
"Kind": "proxy-defaults",
Set the default protocol for all sidecar proxies: "Name": "global",
"Namespace": "default",
```yaml "Config": {
apiVersion: consul.hashicorp.com/v1alpha1 "protocol": "http"
kind: ProxyDefaults }
metadata: }
name: global
spec:
config:
protocol: http
``` ```
</CodeTabs>
</Tab> </Tab>
</Tabs> </Tabs>
### Prometheus ### Prometheus
<Tabs>
<Tab heading="HCL">
Expose prometheus metrics: Expose prometheus metrics:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "proxy-defaults" Kind = "proxy-defaults"
Name = "global" Name = "global"
@ -98,11 +117,6 @@ Config {
} }
``` ```
</Tab>
<Tab heading="Kubernetes YAML">
Expose prometheus metrics:
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
kind: ProxyDefaults kind: ProxyDefaults
@ -113,16 +127,24 @@ spec:
envoy_prometheus_bind_addr: '0.0.0.0:9102' envoy_prometheus_bind_addr: '0.0.0.0:9102'
``` ```
</Tab> ```json
</Tabs> {
"Kind": "proxy-defaults",
"Name": "global",
"Config": {
"envoy_prometheus_bind_addr": "0.0.0.0:9102"
}
}
```
</CodeTabs>
### Proxy-specific defaults ### Proxy-specific defaults
<Tabs>
<Tab heading="HCL">
Set proxy-specific defaults: Set proxy-specific defaults:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "proxy-defaults" Kind = "proxy-defaults"
Name = "global" Name = "global"
@ -132,11 +154,6 @@ Config {
} }
``` ```
</Tab>
<Tab heading="Kubernetes YAML">
Set proxy-specific defaults:
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
kind: ProxyDefaults kind: ProxyDefaults
@ -148,8 +165,18 @@ spec:
handshake_timeout_ms: 10000 handshake_timeout_ms: 10000
``` ```
</Tab> ```json
</Tabs> {
"Kind": "proxy-defaults",
"Name": "global",
"Config": {
"local_connect_timeout_ms": 1000,
"handshake_timeout_ms": 10000
}
}
```
</CodeTabs>
## Available Fields ## Available Fields
@ -207,8 +234,8 @@ spec:
description: `An arbitrary map of configuration values used by Connect proxies. description: `An arbitrary map of configuration values used by Connect proxies.
The available configurations depend on the Connect proxy you use. The available configurations depend on the Connect proxy you use.
Any values that your proxy allows can be configured globally here. To explore these options please see the documentation for your chosen proxy. Any values that your proxy allows can be configured globally here. To explore these options please see the documentation for your chosen proxy.
<ul><li>[Envoy](/docs/connect/proxies/envoy#bootstrap-configuration)</li> <ul><li>[Envoy](/docs/connect/proxies/envoy#proxy-config-options)</li>
<li>[Consul's built-in proxy](/docs/connect/proxies/built-in)</li></ul>`, <li>[Consul's built-in proxy](/docs/connect/proxies/built-in#proxy-config-key-reference)</li></ul>`,
}, },
{ {
name: 'Mode', name: 'Mode',

View File

@ -24,11 +24,10 @@ config entry. However, if the protocol value is specified in a service defaults
config entry for a given service, that value will take precedence over the config entry for a given service, that value will take precedence over the
globally configured value from proxy defaults. globally configured value from proxy defaults.
<Tabs>
<Tab heading="HCL">
Set the default protocol for a service in the default namespace to HTTP: Set the default protocol for a service in the default namespace to HTTP:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "service-defaults" Kind = "service-defaults"
Name = "web" Name = "web"
@ -36,11 +35,6 @@ Namespace = "default"
Protocol = "http" Protocol = "http"
``` ```
</Tab>
<Tab heading="Kubernetes YAML">
Set the default protocol for a service in the default namespace to HTTP:
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceDefaults kind: ServiceDefaults
@ -50,20 +44,28 @@ spec:
protocol: http protocol: http
``` ```
</Tab> ```json
</Tabs> {
"Kind": "service-defaults",
"Name": "web",
"Namespace": "default",
"Protocol": "http"
}
```
</CodeTabs>
### Upstream configuration ### Upstream configuration
<Tabs>
<Tab heading="HCL">
<Tabs> <Tabs>
<Tab heading="Consul OSS"> <Tab heading="Consul OSS">
Set default connection limits and mesh gateway mode across all upstreams Set default connection limits and mesh gateway mode across all upstreams
of "counting" and also override the mesh gateway mode used when dialing of "counting", and also override the mesh gateway mode used when dialing
the "dashboard" service. the "dashboard" service.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "service-defaults" Kind = "service-defaults"
Name = "counting" Name = "counting"
@ -91,6 +93,55 @@ UpstreamConfig = {
} }
``` ```
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceDefaults
metadata:
name: counting
spec:
upstreamConfig:
defaults:
meshGateway:
mode: local
limits:
maxConnections: 512
maxPendingRequests: 512
maxConcurrentRequests: 512
overrides:
- name: dashboard
meshGateway:
mode: remote
```
```json
{
"Kind": "service-defaults",
"Name": "counting",
"UpstreamConfig": {
"Defaults": {
"MeshGateway": {
"Mode": "local"
},
"Limits": {
"MaxConnections": 512,
"MaxPendingRequests": 512,
"MaxConcurrentRequests": 512
}
},
"Overrides": [
{
"Name": "dashboard",
"MeshGateway": {
"Mode": "remote"
}
}
]
}
}
```
</CodeTabs>
</Tab> </Tab>
<Tab heading="Consul Enterprise"> <Tab heading="Consul Enterprise">
@ -98,6 +149,8 @@ Set default connection limits and mesh gateway mode across all upstreams
of "counting" and also override the mesh gateway mode used when dialing of "counting" and also override the mesh gateway mode used when dialing
the "dashboard" service in the "frontend" namespace. the "dashboard" service in the "frontend" namespace.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "service-defaults" Kind = "service-defaults"
Name = "counting" Name = "counting"
@ -127,46 +180,6 @@ UpstreamConfig = {
} }
``` ```
</Tab>
</Tabs>
</Tab>
<Tab heading="Kubernetes YAML">
<Tabs>
<Tab heading="Consul OSS">
Set default connection limits and mesh gateway mode across all upstreams
of "counting" and also override the mesh gateway mode used when dialing
the "dashboard" service.
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceDefaults
metadata:
name: counting
spec:
upstreamConfig:
defaults:
meshGateway:
mode: local
limits:
maxConnections: 512
maxPendingRequests: 512
maxConcurrentRequests: 512
overrides:
- name: dashboard
meshGateway:
mode: remote
```
</Tab>
<Tab heading="Consul Enterprise">
Set default connection limits and mesh gateway mode across all upstreams
of "counting" and also override the mesh gateway mode used when dialing
the "dashboard" service in the "frontend" namespace.
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceDefaults kind: ServiceDefaults
@ -189,8 +202,36 @@ spec:
mode: remote mode: remote
``` ```
</Tab> ```json
</Tabs> {
"Kind": "service-defaults",
"Name": "counting",
"Namespace": "product",
"UpstreamConfig": {
"Defaults": {
"MeshGateway": {
"Mode": "local"
},
"Limits": {
"MaxConnections": 512,
"MaxPendingRequests": 512,
"MaxConcurrentRequests": 512
}
},
"Overrides": [
{
"Name": "dashboard",
"Namespace": "frontend",
"MeshGateway": {
"Mode": "remote"
}
}
]
}
}
```
</CodeTabs>
</Tab> </Tab>
</Tabs> </Tabs>

View File

@ -36,11 +36,10 @@ or globally via [`proxy-defaults`](/docs/connect/config-entries/proxy-defaults)
### REST Access ### REST Access
<Tabs>
<Tab heading="HCL">
Grant some clients more REST access than others: Grant some clients more REST access than others:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "service-intentions" Kind = "service-intentions"
Name = "api" Name = "api"
@ -74,11 +73,6 @@ Sources = [
] ]
``` ```
</Tab>
<Tab heading="Kubernetes YAML">
Grant some clients more REST access than others:
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceIntentions kind: ServiceIntentions
@ -104,18 +98,48 @@ spec:
# unmatched connections and requests. Typically this will be DENY. # unmatched connections and requests. Typically this will be DENY.
``` ```
</Tab> ```json
</Tabs> {
"Kind": "service-intentions",
"Name": "api",
"Sources": [
{
"Name": "admin-dashboard",
"Permissions": [
{
"Action": "allow",
"HTTP": {
"PathPrefix": "/v2",
"Methods": ["GET", "PUT", "POST", "DELETE", "HEAD"]
}
}
]
},
{
"Name": "report-generator",
"Permissions": [
{
"Action": "allow",
"HTTP": {
"PathPrefix": "/v2/widgets",
"Methods": ["GET"]
}
}
]
}
]
}
```
</CodeTabs>
### gRPC ### gRPC
<Tabs>
<Tab heading="HCL">
Selectively deny some gRPC service methods. Since gRPC method calls [are Selectively deny some gRPC service methods. Since gRPC method calls [are
HTTP/2](https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md), we can HTTP/2](https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md), we can
use an HTTP path match rule to control traffic: use an HTTP path match rule to control traffic:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "service-intentions" Kind = "service-intentions"
Name = "billing" Name = "billing"
@ -156,13 +180,6 @@ Sources = [
] ]
``` ```
</Tab>
<Tab heading="Kubernetes YAML">
Selectively deny some gRPC service methods. Since gRPC method calls [are
HTTP/2](https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md), we can
use an HTTP path match rule to control traffic:
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceIntentions kind: ServiceIntentions
@ -192,16 +209,51 @@ spec:
# unmatched connections and requests. Typically this will be DENY. # unmatched connections and requests. Typically this will be DENY.
``` ```
</Tab> ```json
</Tabs> {
"Kind": "service-intentions",
"Name": "billing",
"Sources": [
{
"Name": "frontend-web",
"Permissions": [
{
"Action": "deny",
"HTTP": {
"PathExact": "/mycompany.BillingService/IssueRefund"
}
},
{
"Action": "allow",
"HTTP": {
"PathPrefix": "/mycompany.BillingService/"
}
}
]
},
{
"Name": "support-portal",
"Permissions": [
{
"Action": "allow",
"HTTP": {
"PathPrefix": "/mycompany.BillingService/"
}
}
]
}
]
}
```
</CodeTabs>
### L4 and L7 ### L4 and L7
<Tabs>
<Tab heading="HCL">
You can mix and match L4 and L7 intentions per source: You can mix and match L4 and L7 intentions per source:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "service-intentions" Kind = "service-intentions"
Name = "api" Name = "api"
@ -231,11 +283,6 @@ Sources = [
] ]
``` ```
</Tab>
<Tab heading="Kubernetes YAML">
You can mix and match L4 and L7 intentions per source:
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceIntentions kind: ServiceIntentions
@ -259,8 +306,35 @@ spec:
# unmatched connections and requests. Typically this will be DENY. # unmatched connections and requests. Typically this will be DENY.
``` ```
</Tab> ```json
</Tabs> {
"Kind": "service-intentions",
"Name": "api",
"Sources": [
{
"Name": "hackathon-project",
"Action": "deny"
},
{
"Name": "web",
"Action": "allow"
},
{
"Name": "nightly-reconciler",
"Permissions": [
{
"Action": "allow",
"HTTP": {
"PathExact": "/v1/reconcile-data",
"Methods": ["POST"]
}
}
]
}
]
}
```
</CodeTabs>
## Available Fields ## Available Fields

View File

@ -27,54 +27,62 @@ and discovery terminates.
### Filter on service version ### Filter on service version
<Tabs>
<Tab heading="HCL">
Create service subsets based on a version metadata and override the defaults: Create service subsets based on a version metadata and override the defaults:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "service-resolver" Kind = "service-resolver"
Name = "web" Name = "web"
DefaultSubset = "v1" DefaultSubset = "v1"
Subsets = { Subsets = {
"v1" = { v1 = {
Filter = "Service.Meta.version == v1" Filter = "Service.Meta.version == v1"
} }
"v2" = { v2 = {
Filter = "Service.Meta.version == v2" Filter = "Service.Meta.version == v2"
} }
} }
``` ```
</Tab>
<Tab heading="Kubernetes YAML">
Create service subsets based on a version metadata and override the defaults:
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceResolver kind: ServiceResolver
metadata: metadata:
name: web name: web
spec: spec:
defaultSubset: 'v1' defaultSubset: v1
subsets: subsets:
'v1': v1:
filter: 'Service.Meta.version == v1' filter: 'Service.Meta.version == v1'
'v2': v2:
filter: 'Service.Meta.version == v2' filter: 'Service.Meta.version == v2'
``` ```
</Tab> ```json
</Tabs> {
"Kind": "service-resolver",
"Name": "web",
"DefaultSubset": "v1",
"Subsets": {
"v1": {
"Filter": "Service.Meta.version == v1"
},
"v2": {
"Filter": "Service.Meta.version == v2"
}
}
}
```
</CodeTabs>
### Other datacenters ### Other datacenters
<Tabs>
<Tab heading="HCL">
Expose a set of services in another datacenter as a virtual service: Expose a set of services in another datacenter as a virtual service:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "service-resolver" Kind = "service-resolver"
Name = "web-dc2" Name = "web-dc2"
@ -84,11 +92,6 @@ Redirect {
} }
``` ```
</Tab>
<Tab heading="Kubernetes YAML">
Expose a set of services in another datacenter as a virtual service:
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceResolver kind: ServiceResolver
@ -100,32 +103,39 @@ spec:
datacenter: dc2 datacenter: dc2
``` ```
</Tab> ```json
</Tabs> {
"Kind": "service-resolver",
"Name": "web-dc2",
"Redirect": {
"Service": "web",
"Datacenter": "dc2"
}
}
```
</CodeTabs>
### Datacenter failover ### Datacenter failover
<Tabs> Enable failover for subset 'v2' to 'dc2', and all other subsets to dc3 or dc4:
<Tab heading="HCL">
Enable failover for all subsets: <CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "service-resolver" Kind = "service-resolver"
Name = "web" Name = "web"
ConnectTimeout = "15s" ConnectTimeout = "15s"
Failover = { Failover = {
v2 = {
Datacenters = ["dc2"]
}
"*" = { "*" = {
Datacenters = ["dc3", "dc4"] Datacenters = ["dc3", "dc4"]
} }
} }
``` ```
</Tab>
<Tab heading="Kubernetes YAML">
Enable failover for all subsets:
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceResolver kind: ServiceResolver
@ -134,20 +144,36 @@ metadata:
spec: spec:
connectTimeout: 15s connectTimeout: 15s
failover: failover:
v2:
datacenters: ['dc2']
'*': '*':
datacenters: ['dc3', 'dc4'] datacenters: ['dc3', 'dc4']
``` ```
</Tab> ```json
</Tabs> {
"Kind": "service-resolver",
"Name": "web",
"ConnectTimeout": "15s",
"Failover": {
"v2": {
"Datacenters": ["dc2"]
},
"*": {
"Datacenters": ["dc3", "dc4"]
}
}
}
```
</CodeTabs>
### Consistent load balancing ### Consistent load balancing
<Tabs>
<Tab heading="HCL">
Apply consistent load balancing for requests based on `x-user-id` header: Apply consistent load balancing for requests based on `x-user-id` header:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "service-resolver" Kind = "service-resolver"
Name = "web" Name = "web"
@ -163,11 +189,6 @@ LoadBalancer = {
} }
``` ```
</Tab>
<Tab heading="Kubernetes YAML">
Apply consistent load balancing for requests based on `x-user-id` header:
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceResolver kind: ServiceResolver
@ -181,8 +202,23 @@ spec:
fieldValue: x-user-id fieldValue: x-user-id
``` ```
</Tab> ```json
</Tabs> {
"Kind": "service-resolver",
"Name": "web",
"LoadBalancer": {
"Policy": "maglev",
"HashPolicies": [
{
"Field": "header",
"FieldValue": "x-user-id"
}
]
}
}
```
</CodeTabs>
## Available Fields ## Available Fields

View File

@ -40,11 +40,10 @@ service of the same name.
### Path prefix matching ### Path prefix matching
<Tabs>
<Tab heading="HCL">
Route HTTP requests with a path starting with `/admin` to a different service: Route HTTP requests with a path starting with `/admin` to a different service:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "service-router" Kind = "service-router"
Name = "web" Name = "web"
@ -64,11 +63,6 @@ Routes = [
] ]
``` ```
</Tab>
<Tab heading="Kubernetes YAML">
Route HTTP requests with a path starting with `/admin` to a different service:
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceRouter kind: ServiceRouter
@ -84,15 +78,32 @@ spec:
# NOTE: a default catch-all will send unmatched traffic to "web" # NOTE: a default catch-all will send unmatched traffic to "web"
``` ```
</Tab> ```json
</Tabs> {
"Kind": "service-router",
"Name": "web",
"Routes": [
{
"Match": {
"HTTP": {
"PathPrefix": "/admin"
}
},
"Destination": {
"Service": "admin"
}
}
]
}
```
</CodeTabs>
### Header/query parameter matching ### Header/query parameter matching
<Tabs> Route HTTP requests with a special URL parameter or header to a canary subset:
<Tab heading="HCL">
Route HTTP requests with a special url parameter or header to a canary subset: <CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "service-router" Kind = "service-router"
@ -134,11 +145,6 @@ Routes = [
] ]
``` ```
</Tab>
<Tab heading="Kubernetes YAML">
Route HTTP requests with a special url parameter or header to a canary subset:
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceRouter kind: ServiceRouter
@ -165,17 +171,56 @@ spec:
# NOTE: a default catch-all will send unmatched traffic to "web" # NOTE: a default catch-all will send unmatched traffic to "web"
``` ```
</Tab> ```json
</Tabs> {
"Kind": "service-router",
"Name": "web",
"Routes": [
{
"Match": {
"HTTP": {
"Header": [
{
"Name": "x-debug",
"Exact": "1"
}
]
}
},
"Destination": {
"Service": "web",
"ServiceSubset": "canary"
}
},
{
"Match": {
"HTTP": {
"QueryParam": [
{
"Name": "x-debug",
"Exact": "1"
}
]
}
},
"Destination": {
"Service": "web",
"ServiceSubset": "canary"
}
}
]
}
```
</CodeTabs>
### gRPC routing ### gRPC routing
<Tabs>
<Tab heading="HCL">
Re-route a gRPC method to another service. Since gRPC method calls [are Re-route a gRPC method to another service. Since gRPC method calls [are
HTTP/2](https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md), we can use an HTTP path match rule to re-route traffic: HTTP/2](https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md), we can use an HTTP path match rule to re-route traffic:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "service-router" Kind = "service-router"
Name = "billing" Name = "billing"
@ -195,12 +240,6 @@ Routes = [
] ]
``` ```
</Tab>
<Tab heading="Kubernetes YAML">
Re-route a gRPC method to another service. Since gRPC method calls [are
HTTP/2](https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md), we can use an HTTP path match rule to re-route traffic:
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceRouter kind: ServiceRouter
@ -216,8 +255,26 @@ spec:
# NOTE: a default catch-all will send unmatched traffic to "billing" # NOTE: a default catch-all will send unmatched traffic to "billing"
``` ```
</Tab> ```json
</Tabs> {
"Kind": "service-router",
"Name": "billing",
"Routes": [
{
"Match": {
"HTTP": {
"PathExact": "/mycompany.BillingService/GenerateInvoice"
}
},
"Destination": {
"Service": "invoice-generator"
}
}
]
}
```
</CodeTabs>
## Available Fields ## Available Fields

View File

@ -43,11 +43,10 @@ resolution stage.
### Two subsets of same service ### Two subsets of same service
<Tabs>
<Tab heading="HCL">
Split traffic between two subsets of the same service: Split traffic between two subsets of the same service:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "service-splitter" Kind = "service-splitter"
Name = "web" Name = "web"
@ -63,11 +62,6 @@ Splits = [
] ]
``` ```
</Tab>
<Tab heading="Kubernetes YAML">
Split traffic between two subsets of the same service:
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceSplitter kind: ServiceSplitter
@ -81,16 +75,31 @@ spec:
serviceSubset: v2 serviceSubset: v2
``` ```
</Tab> ```json
</Tabs> {
"Kind": "service-splitter",
"Name": "web",
"Splits": [
{
"Weight": 90,
"ServiceSubset": "v1"
},
{
"Weight": 10,
"ServiceSubset": "v2"
}
]
}
```
</CodeTabs>
### Two different services ### Two different services
<Tabs>
<Tab heading="HCL">
Split traffic between two services: Split traffic between two services:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "service-splitter" Kind = "service-splitter"
Name = "web" Name = "web"
@ -106,11 +115,6 @@ Splits = [
] ]
``` ```
</Tab>
<Tab heading="Kubernetes YAML">
Split traffic between two services:
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceSplitter kind: ServiceSplitter
@ -124,8 +128,23 @@ spec:
service: web-rewrite service: web-rewrite
``` ```
</Tab> ```json
</Tabs> {
"Kind": "service-splitter",
"Name": "web",
"Splits": [
{
"Weight": 50
},
{
"Weight": 50,
"Service": "web-rewrite"
}
]
}
```
</CodeTabs>
## Available Fields ## Available Fields

View File

@ -44,12 +44,16 @@ traffic from the mesh to those services will be evenly load-balanced between the
## Sample Config Entries ## Sample Config Entries
<Tabs> ### Access an external service
<Tab heading="HCL">
<Tabs> <Tabs>
<Tab heading="Consul OSS"> <Tab heading="Consul OSS">
Link gateway named "us-west-gateway" with the billing service: Link gateway named "us-west-gateway" with the billing service.
Connections to the external service will be unencrypted.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "terminating-gateway" Kind = "terminating-gateway"
@ -62,10 +66,38 @@ Services = [
] ]
``` ```
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: TerminatingGateway
metadata:
name: us-west-gateway
spec:
services:
- name: billing
```
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Services": [
{
"Name": "billing"
}
]
}
```
</CodeTabs>
</Tab> </Tab>
<Tab heading="Consul Enterprise"> <Tab heading="Consul Enterprise">
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace: Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace.
Connections to the external service will be unencrypted.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "terminating-gateway" Kind = "terminating-gateway"
@ -80,30 +112,6 @@ Services = [
] ]
``` ```
</Tab>
</Tabs>
</Tab>
<Tab heading="Kubernetes YAML">
<Tabs>
<Tab heading="Consul OSS">
Link gateway named "us-west-gateway" with the billing service:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: TerminatingGateway
metadata:
name: us-west-gateway
spec:
services:
- name: billing
```
</Tab>
<Tab heading="Consul Enterprise">
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace:
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
kind: TerminatingGateway kind: TerminatingGateway
@ -115,32 +123,6 @@ spec:
namespace: finance namespace: finance
``` ```
</Tab>
</Tabs>
</Tab>
<Tab heading="JSON">
<Tabs>
<Tab heading="Consul OSS">
Link gateway named "us-west-gateway" with the billing service:
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Services": [
{
"Name": "billing"
}
]
}
```
</Tab>
<Tab heading="Consul Enterprise">
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace:
```json ```json
{ {
"Kind": "terminating-gateway", "Kind": "terminating-gateway",
@ -155,17 +137,23 @@ Link gateway named "us-west-gateway" in the default namespace with the billing s
} }
``` ```
</Tab> </CodeTabs>
</Tabs>
</Tab> </Tab>
</Tabs> </Tabs>
<Tabs> ### Access an external service over TLS
<Tab heading="HCL">
<Tabs> <Tabs>
<Tab heading="Consul OSS"> <Tab heading="Consul OSS">
Link gateway named "us-west-gateway" with the billing service and specify a CA file for one-way TLS authentication: Link gateway named "us-west-gateway" with the billing service, and specify a CA
file to be used for one-way TLS authentication.
-> **Note**: The `CAFile` parameter must be specified _and_ point to a valid CA
bundle in order to properly initiate a TLS connection to the destination service.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "terminating-gateway" Kind = "terminating-gateway"
@ -179,11 +167,42 @@ Services = [
] ]
``` ```
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: TerminatingGateway
metadata:
name: us-west-gateway
spec:
services:
- name: billing
caFile: /etc/certs/ca-chain.cert.pem
```
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Services": [
{
"Name": "billing",
"CAFile": "/etc/certs/ca-chain.cert.pem"
}
]
}
```
</CodeTabs>
</Tab> </Tab>
<Tab heading="Consul Enterprise"> <Tab heading="Consul Enterprise">
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace, Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace,
and specify a CA file for one-way TLS authentication: and specify a CA file to be used for one-way TLS authentication.
-> **Note**: The `CAFile` parameter must be specified _and_ point to a valid CA
bundle in order to properly initiate a TLS connection to the destination service.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "terminating-gateway" Kind = "terminating-gateway"
@ -199,32 +218,6 @@ Services = [
] ]
``` ```
</Tab>
</Tabs>
</Tab>
<Tab heading="Kubernetes YAML">
<Tabs>
<Tab heading="Consul OSS">
Link gateway named "us-west-gateway" with the billing service and specify a CA file for one-way TLS authentication:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: TerminatingGateway
metadata:
name: us-west-gateway
spec:
services:
- name: billing
caFile: /etc/certs/ca-chain.cert.pem
```
</Tab>
<Tab heading="Consul Enterprise">
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace,
and specify a CA file for one-way TLS authentication:
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
kind: TerminatingGateway kind: TerminatingGateway
@ -237,34 +230,6 @@ spec:
caFile: /etc/certs/ca-chain.cert.pem caFile: /etc/certs/ca-chain.cert.pem
``` ```
</Tab>
</Tabs>
</Tab>
<Tab heading="JSON">
<Tabs>
<Tab heading="Consul OSS">
Link gateway named "us-west-gateway" with the billing service and specify a CA file for one-way TLS authentication:
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Services": [
{
"Name": "billing",
"CAFile": "/etc/certs/ca-chain.cert.pem"
}
]
}
```
</Tab>
<Tab heading="Consul Enterprise">
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace,
and specify a CA file for one-way TLS authentication:
```json ```json
{ {
"Kind": "terminating-gateway", "Kind": "terminating-gateway",
@ -280,17 +245,23 @@ and specify a CA file for one-way TLS authentication:
} }
``` ```
</Tab> </CodeTabs>
</Tabs>
</Tab> </Tab>
</Tabs> </Tabs>
<Tabs> ### Access an external service over mutual TLS
<Tab heading="HCL">
<Tabs> <Tabs>
<Tab heading="Consul OSS"> <Tab heading="Consul OSS">
Link gateway named "us-west-gateway" with the payments service and specify a CA file, key file, and cert file for mutual TLS authentication: Link gateway named "us-west-gateway" with the billing service, and specify a CA
file, key file, and cert file to be used for mutual TLS authentication.
-> **Note**: The `CAFile` parameter must be specified _and_ point to a valid CA
bundle in order to properly initiate a TLS connection to the destination service.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "terminating-gateway" Kind = "terminating-gateway"
@ -306,11 +277,46 @@ Services = [
] ]
``` ```
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: TerminatingGateway
metadata:
name: us-west-gateway
spec:
services:
- name: billing
caFile: /etc/certs/ca-chain.cert.pem
keyFile: /etc/certs/gateway.key.pem
certFile: /etc/certs/gateway.cert.pem
```
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Services": [
{
"Name": "billing",
"CAFile": "/etc/certs/ca-chain.cert.pem",
"KeyFile": "/etc/certs/gateway.key.pem",
"CertFile": "/etc/certs/gateway.cert.pem"
}
]
}
```
</CodeTabs>
</Tab> </Tab>
<Tab heading="Consul Enterprise"> <Tab heading="Consul Enterprise">
Link gateway named "us-west-gateway" in the default namespace with the payments service in the finance namespace. Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace.
Also specify a CA file, key file, and cert file for mutual TLS authentication: Also specify a CA file, key file, and cert file to be used for mutual TLS authentication.
-> **Note**: The `CAFile` parameter must be specified _and_ point to a valid CA
bundle in order to properly initiate a TLS connection to the destination service.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
Kind = "terminating-gateway" Kind = "terminating-gateway"
@ -328,34 +334,6 @@ Services = [
] ]
``` ```
</Tab>
</Tabs>
</Tab>
<Tab heading="Kubernetes YAML">
<Tabs>
<Tab heading="Consul OSS">
Link gateway named "us-west-gateway" with the payments service and specify a CA file, key file, and cert file for mutual TLS authentication:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: TerminatingGateway
metadata:
name: us-west-gateway
spec:
services:
- name: billing
caFile: /etc/certs/ca-chain.cert.pem
keyFile: /etc/certs/gateway.key.pem
certFile: /etc/certs/gateway.cert.pem
```
</Tab>
<Tab heading="Consul Enterprise">
Link gateway named "us-west-gateway" in the default namespace with the payments service in the finance namespace.
Also specify a CA file, key file, and cert file for mutual TLS authentication:
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
kind: TerminatingGateway kind: TerminatingGateway
@ -370,36 +348,6 @@ spec:
certFile: /etc/certs/gateway.cert.pem certFile: /etc/certs/gateway.cert.pem
``` ```
</Tab>
</Tabs>
</Tab>
<Tab heading="JSON">
<Tabs>
<Tab heading="Consul OSS">
Link gateway named "us-west-gateway" with the payments service and specify a CA file, key file, and cert file for mutual TLS authentication:
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Services": [
{
"Name": "billing",
"CAFile": "/etc/certs/ca-chain.cert.pem",
"KeyFile": "/etc/certs/gateway.key.pem",
"CertFile": "/etc/certs/gateway.cert.pem"
}
]
}
```
</Tab>
<Tab heading="Consul Enterprise">
Link gateway named "us-west-gateway" in the default namespace with the payments service in the finance namespace.
Also specify a CA file, key file, and cert file for mutual TLS authentication:
```json ```json
{ {
"Kind": "terminating-gateway", "Kind": "terminating-gateway",
@ -417,18 +365,23 @@ Also specify a CA file, key file, and cert file for mutual TLS authentication:
} }
``` ```
</Tab> </CodeTabs>
</Tabs>
</Tab> </Tab>
</Tabs> </Tabs>
<Tabs> ### Override connection parameters for a specific service
<Tab heading="HCL">
<Tabs> <Tabs>
<Tab heading="Consul OSS"> <Tab heading="Consul OSS">
Link gateway named "us-west-gateway" with all services in the datacenter, and configure default certificates for mutual TLS. Link gateway named "us-west-gateway" with all services in the datacenter, and configure default certificates for mutual TLS.
Also override the SNI and CA file used for connections to the billing service:
Override the SNI and CA file used for connections to the billing service.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
<CodeBlockConfig highlight="11-15">
```hcl ```hcl
Kind = "terminating-gateway" Kind = "terminating-gateway"
@ -449,11 +402,65 @@ Services = [
] ]
``` ```
</CodeBlockConfig>
<CodeBlockConfig highlight="11-13">
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: TerminatingGateway
metadata:
name: us-west-gateway
spec:
services:
- name: '*'
caFile: /etc/common-certs/ca-chain.cert.pem
keyFile: /etc/common-certs/gateway.key.pem
certFile: /etc/common-certs/gateway.cert.pem
- name: billing
caFile: /etc/billing-ca/ca-chain.cert.pem
sni: billing.service.com
```
</CodeBlockConfig>
<CodeBlockConfig highlight="11-15">
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Services": [
{
"Name": "*",
"CAFile": "/etc/common-certs/ca-chain.cert.pem",
"KeyFile": "/etc/common-certs/gateway.key.pem",
"CertFile": "/etc/common-certs/gateway.cert.pem"
},
{
"Name": "billing",
"CAFile": "/etc/billing-ca/ca-chain.cert.pem",
"SNI": "billing.service.com"
}
]
}
```
</CodeBlockConfig>
</CodeTabs>
</Tab> </Tab>
<Tab heading="Consul Enterprise"> <Tab heading="Consul Enterprise">
Link gateway named "us-west-gateway" in the default namespace with all services in the finance namespace, Link gateway named "us-west-gateway" in the default namespace with all services in the finance namespace,
and configure default certificates for mutual TLS. Also override the SNI and CA file used for connections to the billing service: and configure default certificates for mutual TLS.
Override the SNI and CA file used for connections to the billing service:
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
<CodeBlockConfig highlight="13-18">
```hcl ```hcl
Kind = "terminating-gateway" Kind = "terminating-gateway"
@ -471,43 +478,15 @@ Services = [
{ {
Namespace = "finance" Namespace = "finance"
Name = "billing" Name = "billing"
CAFile = "/etc/billing-ca/ca-chain.cert.pem", CAFile = "/etc/billing-ca/ca-chain.cert.pem"
SNI = "billing.service.com" SNI = "billing.service.com"
} }
] ]
``` ```
</Tab> </CodeBlockConfig>
</Tabs>
</Tab>
<Tab heading="Kubernetes YAML">
<Tabs>
<Tab heading="Consul OSS">
Link gateway named "us-west-gateway" with all services in the datacenter, and configure default certificates for mutual TLS. <CodeBlockConfig highlight="12-15">
Also override the SNI and CA file used for connections to the billing service:
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: TerminatingGateway
metadata:
name: us-west-gateway
spec:
services:
- name: '*'
caFile: /etc/common-certs/ca-chain.cert.pem
keyFile: /etc/common-certs/gateway.key.pem
certFile: /etc/common-certs/gateway.cert.pem
- name: billing
caFile: /etc/billing-ca/ca-chain.cert.pem
sni: billing.service.com
```
</Tab>
<Tab heading="Consul Enterprise">
Link gateway named "us-west-gateway" in the default namespace with all services in the finance namespace,
and configure default certificates for mutual TLS. Also override the SNI and CA file used for connections to the billing service:
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
@ -527,42 +506,9 @@ spec:
sni: billing.service.com sni: billing.service.com
``` ```
</Tab> </CodeBlockConfig>
</Tabs>
</Tab>
<Tab heading="JSON">
<Tabs>
<Tab heading="Consul OSS">
Link gateway named "us-west-gateway" with all services in the datacenter, and configure default certificates for mutual TLS. <CodeBlockConfig highlight="13-18">
Also override the SNI and CA file used for connections to the billing service:
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Services": [
{
"Name": "*",
"CAFile": "/etc/billing-ca/ca-chain.cert.pem",
"KeyFile": "/etc/certs/gateway.key.pem",
"CertFile": "/etc/certs/gateway.cert.pem",
"SNI": "billing.service.com"
},
{
"Name": "billing",
"CAFile": "/etc/billing-ca/ca-chain.cert.pem",
"SNI": "billing.service.com"
}
]
}
```
</Tab>
<Tab heading="Consul Enterprise">
Link gateway named "us-west-gateway" in the default namespace with all services in the finance namespace,
and configure default certificates for mutual TLS. Also override the SNI and CA file used for connections to the billing service:
```json ```json
{ {
@ -573,10 +519,9 @@ and configure default certificates for mutual TLS. Also override the SNI and CA
{ {
"Namespace": "finance", "Namespace": "finance",
"Name": "*", "Name": "*",
"CAFile": "/etc/billing-ca/ca-chain.cert.pem", "CAFile": "/etc/common-certs/ca-chain.cert.pem",
"KeyFile": "/etc/certs/gateway.key.pem", "KeyFile": "/etc/common-certs/gateway.key.pem",
"CertFile": "/etc/certs/gateway.cert.pem", "CertFile": "/etc/common-certs/gateway.cert.pem"
"SNI": "billing.service.com"
}, },
{ {
"Namespace": "finance", "Namespace": "finance",
@ -588,8 +533,10 @@ and configure default certificates for mutual TLS. Also override the SNI and CA
} }
``` ```
</Tab> </CodeBlockConfig>
</Tabs>
</CodeTabs>
</Tab> </Tab>
</Tabs> </Tabs>