Fix broken links in Consul docs (#16640)
* Fix broken links in Consul docs * more broken link fixes * more 404 fixes * 404 fixes * broken link fix --------- Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
This commit is contained in:
parent
83968aed9e
commit
77ff9265a6
|
@ -157,7 +157,7 @@ information.
|
||||||
- `-segment` ((#\_segment)) <EnterpriseAlert inline /> - This flag is used to set
|
- `-segment` ((#\_segment)) <EnterpriseAlert inline /> - This flag is used to set
|
||||||
the name of the network segment the agent belongs to. An agent can only join and
|
the name of the network segment the agent belongs to. An agent can only join and
|
||||||
communicate with other agents within its network segment. Ensure the [join
|
communicate with other agents within its network segment. Ensure the [join
|
||||||
operation uses the correct port for this segment](/consul/docs/enterprise/network-segments#join_a_client_to_a_segment).
|
operation uses the correct port for this segment](/consul/docs/enterprise/network-segments/create-network-segment#configure-clients-to-join-segments).
|
||||||
Review the [Network Segments documentation](/consul/docs/enterprise/network-segments/create-network-segment)
|
Review the [Network Segments documentation](/consul/docs/enterprise/network-segments/create-network-segment)
|
||||||
for more details. By default, this is an empty string, which is the `<default>`
|
for more details. By default, this is an empty string, which is the `<default>`
|
||||||
network segment.
|
network segment.
|
||||||
|
@ -490,7 +490,7 @@ information.
|
||||||
the data directory. This is useful when running multiple Consul agents on the same
|
the data directory. This is useful when running multiple Consul agents on the same
|
||||||
host for testing. This defaults to false in Consul prior to version 0.8.5 and in
|
host for testing. This defaults to false in Consul prior to version 0.8.5 and in
|
||||||
0.8.5 and later defaults to true, so you must opt-in for host-based IDs. Host-based
|
0.8.5 and later defaults to true, so you must opt-in for host-based IDs. Host-based
|
||||||
IDs are generated using [gopsutil](https://github.com/shirou/gopsutil/tree/master/v3/host), which
|
IDs are generated using [gopsutil](https://github.com/shirou/gopsutil/), which
|
||||||
is shared with HashiCorp's [Nomad](https://www.nomadproject.io/), so if you opt-in
|
is shared with HashiCorp's [Nomad](https://www.nomadproject.io/), so if you opt-in
|
||||||
to host-based IDs then Consul and Nomad will use information on the host to automatically
|
to host-based IDs then Consul and Nomad will use information on the host to automatically
|
||||||
assign the same ID in both systems.
|
assign the same ID in both systems.
|
||||||
|
|
|
@ -924,7 +924,7 @@ Refer to the [formatting specification](https://golang.org/pkg/time/#ParseDurati
|
||||||
[`acl.tokens.agent_recovery`](#acl_tokens_agent_recovery).**
|
[`acl.tokens.agent_recovery`](#acl_tokens_agent_recovery).**
|
||||||
|
|
||||||
- `config_file_service_registration` ((#acl_tokens_config_file_service_registration)) - Specifies the ACL
|
- `config_file_service_registration` ((#acl_tokens_config_file_service_registration)) - Specifies the ACL
|
||||||
token the agent uses to register services and checks from [service](/consul/docs/services/usage/define-services) and [check](/consul/docs/usage/checks) definitions
|
token the agent uses to register services and checks from [service](/consul/docs/services/usage/define-services) and [check](/consul/docs/services/usage/checks) definitions
|
||||||
specified in configuration files or fragments passed to the agent using the `-hcl`
|
specified in configuration files or fragments passed to the agent using the `-hcl`
|
||||||
flag.
|
flag.
|
||||||
|
|
||||||
|
|
|
@ -62,7 +62,7 @@ its consequences during outage situations). Reaping is similar to leaving,
|
||||||
causing all associated services to be deregistered.
|
causing all associated services to be deregistered.
|
||||||
|
|
||||||
## Limit traffic rates
|
## Limit traffic rates
|
||||||
You can define a set of rate limiting configurations that help operators protect Consul servers from excessive or peak usage. The configurations enable you to gracefully degrade Consul servers to avoid a global interruption of service. Consul supports global server rate limiting, which lets configure Consul servers to deny requests that exceed the read or write limits. Refer to [Traffic Rate Limits Overview](/consul/docs/agent/limits/limit-traffic-rates).
|
You can define a set of rate limiting configurations that help operators protect Consul servers from excessive or peak usage. The configurations enable you to gracefully degrade Consul servers to avoid a global interruption of service. Consul supports global server rate limiting, which lets configure Consul servers to deny requests that exceed the read or write limits. Refer to [Traffic Rate Limits Overview](/consul/docs/agent/limits).
|
||||||
|
|
||||||
## Requirements
|
## Requirements
|
||||||
|
|
||||||
|
|
|
@ -23,7 +23,7 @@ The overall process for enabling the WAL LogStore backend for one server consist
|
||||||
|
|
||||||
## Requirements
|
## Requirements
|
||||||
|
|
||||||
- Consul v1.15 or later is required for all servers in the datacenter. Refer to the [standard upgrade procedure](/consul/docs/upgrading/general-process) and the [1.15 upgrade notes](/consul/docs/upgrading/upgrade-specific#consul-1-15-x) for additional information.
|
- Consul v1.15 or later is required for all servers in the datacenter. Refer to the [standard upgrade procedure](/consul/docs/upgrading/instructions/general-process) and the [1.15 upgrade notes](/consul/docs/upgrading/upgrade-specific#consul-1-15-x) for additional information.
|
||||||
- A Consul cluster with at least three nodes are required to safely test the WAL backend without downtime.
|
- A Consul cluster with at least three nodes are required to safely test the WAL backend without downtime.
|
||||||
|
|
||||||
We recommend taking the following additional measures:
|
We recommend taking the following additional measures:
|
||||||
|
|
|
@ -7,7 +7,7 @@ description: >-
|
||||||
|
|
||||||
# Monitor Raft metrics and logs for WAL
|
# Monitor Raft metrics and logs for WAL
|
||||||
|
|
||||||
This topic describes how to monitor Raft metrics and logs if you are testing the WAL backend. We strongly recommend monitoring the Consul cluster, especially the target server, for evidence that the WAL backend is not functioning correctly. Refer to [Enable the experimental WAL LogStore backend](/consul/docs/agent/wal-logstore/index) for additional information about the WAL backend.
|
This topic describes how to monitor Raft metrics and logs if you are testing the WAL backend. We strongly recommend monitoring the Consul cluster, especially the target server, for evidence that the WAL backend is not functioning correctly. Refer to [Enable the experimental WAL LogStore backend](/consul/docs/agent/wal-logstore/enable) for additional information about the WAL backend.
|
||||||
|
|
||||||
!> **Upgrade warning:** The WAL LogStore backend is experimental.
|
!> **Upgrade warning:** The WAL LogStore backend is experimental.
|
||||||
|
|
||||||
|
|
|
@ -168,7 +168,7 @@ The following example creates a route named `example-route` in namespace `gatewa
|
||||||
|
|
||||||
### rules.filters
|
### rules.filters
|
||||||
|
|
||||||
The `filters` block defines steps for processing requests. You can configure filters to modify the properties of matching incoming requests and enable Consul API Gateway features, such as rewriting path prefixes (refer to [Reroute HTTP requests](/consul/docs/api-gateway/usage#reroute-http-requests) for additional information).
|
The `filters` block defines steps for processing requests. You can configure filters to modify the properties of matching incoming requests and enable Consul API Gateway features, such as rewriting path prefixes (refer to [Reroute HTTP requests](/consul/docs/api-gateway/usage/reroute-http-requests) for additional information).
|
||||||
|
|
||||||
* Type: Array of objects
|
* Type: Array of objects
|
||||||
* Required: Optional
|
* Required: Optional
|
||||||
|
@ -203,7 +203,7 @@ Specifies rules for rewriting the URL of incoming requests when `rules.filters.t
|
||||||
|
|
||||||
### rules.filters.urlRewrite.path
|
### rules.filters.urlRewrite.path
|
||||||
|
|
||||||
Specifies a list of objects that determine how Consul API Gateway rewrites URL paths (refer to [Reroute HTTP requests](/consul/docs/api-gateway/usage#reroute-http-requests) for additional information).
|
Specifies a list of objects that determine how Consul API Gateway rewrites URL paths (refer to [Reroute HTTP requests](/consul/docs/api-gateway/usage/reroute-http-requests) for additional information).
|
||||||
|
|
||||||
The following table describes the parameters for `path`:
|
The following table describes the parameters for `path`:
|
||||||
|
|
||||||
|
|
|
@ -18,7 +18,7 @@ This topic describes how to configure Consul API Gateway to route traffic to ser
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
Specify the following fields in your `MeshService` configuration to use this feature. Refer to the [MeshService configuration reference](/consul/docs/api-gateway/configuration/mesh) for details about the parameters.
|
Specify the following fields in your `MeshService` configuration to use this feature. Refer to the [MeshService configuration reference](/consul/docs/api-gateway/configuration/meshservice) for details about the parameters.
|
||||||
|
|
||||||
- [`name`](/consul/docs/api-gateway/configuration/meshservice#name)
|
- [`name`](/consul/docs/api-gateway/configuration/meshservice#name)
|
||||||
- [`peer`](/consul/docs/api-gateway/configuration/meshservice#peer)
|
- [`peer`](/consul/docs/api-gateway/configuration/meshservice#peer)
|
||||||
|
|
|
@ -51,7 +51,7 @@ To mitigate these risks, we recommend a maximum of 5,000 Consul client agents in
|
||||||
|
|
||||||
1. Run exactly one Consul agent per host in the infrastructure.
|
1. Run exactly one Consul agent per host in the infrastructure.
|
||||||
1. Break up the single Consul datacenter into multiple smaller datacenters.
|
1. Break up the single Consul datacenter into multiple smaller datacenters.
|
||||||
1. Enterprise users can define [network segments](/consul/docs/enterprise/network-segments) to divide the single gossip pool in the Consul datacenter into multiple smaller pools.
|
1. Enterprise users can define [network segments](/consul/docs/enterprise/network-segments/network-segments-overview) to divide the single gossip pool in the Consul datacenter into multiple smaller pools.
|
||||||
|
|
||||||
If appropriate for your use case, we recommend breaking up a single Consul datacenter into multiple smaller datacenters. Running multiple datacenters reduces your network’s blast radius more than applying network segments.
|
If appropriate for your use case, we recommend breaking up a single Consul datacenter into multiple smaller datacenters. Running multiple datacenters reduces your network’s blast radius more than applying network segments.
|
||||||
|
|
||||||
|
|
|
@ -19,10 +19,13 @@ To use cluster peering features, make sure your Consul environment meets the fol
|
||||||
|
|
||||||
In addition, the following service mesh components are required in order to establish cluster peering connections:
|
In addition, the following service mesh components are required in order to establish cluster peering connections:
|
||||||
|
|
||||||
- [Mesh gateways](#mesh-gateway-requirements)
|
- [Cluster peering technical specifications](#cluster-peering-technical-specifications)
|
||||||
- [Sidecar proxies](#sidecar-proxy-requirements)
|
- [Requirements](#requirements)
|
||||||
- [Exported services](#exported-service-requirements)
|
- [Mesh gateway requirements](#mesh-gateway-requirements)
|
||||||
- [ACLs](#acl-requirements)
|
- [Mesh gateway modes](#mesh-gateway-modes)
|
||||||
|
- [Sidecar proxy requirements](#sidecar-proxy-requirements)
|
||||||
|
- [Exported service requirements](#exported-service-requirements)
|
||||||
|
- [ACL requirements](#acl-requirements)
|
||||||
|
|
||||||
### Mesh gateway requirements
|
### Mesh gateway requirements
|
||||||
|
|
||||||
|
@ -45,7 +48,7 @@ Refer to [mesh gateway modes](/consul/docs/connect/gateways/mesh-gateway#modes)
|
||||||
|
|
||||||
## Sidecar proxy requirements
|
## Sidecar proxy requirements
|
||||||
|
|
||||||
The Envoy proxies that function as sidecars in your service mesh require configuration in order to properly route traffic to peers. Sidecar proxies are defined in the [service definition](/consul/docs/services/usage/defin-services).
|
The Envoy proxies that function as sidecars in your service mesh require configuration in order to properly route traffic to peers. Sidecar proxies are defined in the [service definition](/consul/docs/services/usage/define-services).
|
||||||
|
|
||||||
- Configure the `proxy.upstreams` parameters to route traffic to the correct service, namespace, and peer. Refer to the [`upstreams`](/consul/docs/connect/registration/service-registration#upstream-configuration-reference) documentation for details.
|
- Configure the `proxy.upstreams` parameters to route traffic to the correct service, namespace, and peer. Refer to the [`upstreams`](/consul/docs/connect/registration/service-registration#upstream-configuration-reference) documentation for details.
|
||||||
- The `proxy.upstreams.destination_name` parameter is always required.
|
- The `proxy.upstreams.destination_name` parameter is always required.
|
||||||
|
@ -56,7 +59,7 @@ The Envoy proxies that function as sidecars in your service mesh require configu
|
||||||
|
|
||||||
The `exported-services` configuration entry is required in order for services to communicate across partitions with cluster peering connections.
|
The `exported-services` configuration entry is required in order for services to communicate across partitions with cluster peering connections.
|
||||||
|
|
||||||
Basic guidance on using the `exported-services` configuration entry is included in [Establish cluster peering connections](/consul/docs/connect/cluster-peering/usage/create-cluster-peering).
|
Basic guidance on using the `exported-services` configuration entry is included in [Establish cluster peering connections](/consul/docs/k8s/connect/cluster-peering/usage/establish-peering).
|
||||||
|
|
||||||
Refer to the [`exported-services` configuration entry](/consul/docs/connect/config-entries/exported-services) reference for more information.
|
Refer to the [`exported-services` configuration entry](/consul/docs/connect/config-entries/exported-services) reference for more information.
|
||||||
|
|
||||||
|
|
|
@ -125,7 +125,7 @@ For more information, including optional flags and parameters, refer to the [`co
|
||||||
$ curl --request DELETE --header "X-Consul-Token: b23b3cad-5ea1-4413-919e-c76884b9ad60" http://127.0.0.1:8500/v1/peering/cluster-02
|
$ curl --request DELETE --header "X-Consul-Token: b23b3cad-5ea1-4413-919e-c76884b9ad60" http://127.0.0.1:8500/v1/peering/cluster-02
|
||||||
```
|
```
|
||||||
|
|
||||||
This endpoint does not return a response. For more information, including optional parameters, refer to the [`/peering` endpoint reference](/consul/api-docs/peering/consul/api-docs/peering#delete-a-peering-connection).
|
This endpoint does not return a response. For more information, including optional parameters, refer to the [`/peering` endpoint reference](/consul/api-docs/peering#delete-a-peering-connection).
|
||||||
</Tab>
|
</Tab>
|
||||||
<Tab heading="Consul UI" group="ui">
|
<Tab heading="Consul UI" group="ui">
|
||||||
|
|
||||||
|
|
|
@ -697,7 +697,7 @@ You can configure the following parameters in the `EnvoyExtensions` block:
|
||||||
|
|
||||||
### `Destination[]`
|
### `Destination[]`
|
||||||
|
|
||||||
Configures the destination for service traffic through terminating gateways. Refer to [Terminating Gateway](/consul/docs/connect/terminating-gateway) for additional information.
|
Configures the destination for service traffic through terminating gateways. Refer to [Terminating Gateway](/consul/docs/connect/gateways/terminating-gateway) for additional information.
|
||||||
|
|
||||||
You can configure the following parameters in the `Destination` block:
|
You can configure the following parameters in the `Destination` block:
|
||||||
|
|
||||||
|
@ -1082,7 +1082,7 @@ You can configure the following parameters in the `EnvoyExtensions` block:
|
||||||
|
|
||||||
### `spec.destination`
|
### `spec.destination`
|
||||||
|
|
||||||
Map of configurations that specify one or more destinations for service traffic routed through terminating gateways. Refer to [Terminating Gateway](/consul/docs/connect/terminating-gateway) for additional information.
|
Map of configurations that specify one or more destinations for service traffic routed through terminating gateways. Refer to [Terminating Gateway](/consul/docs/connect/gateways/terminating-gateway) for additional information.
|
||||||
|
|
||||||
#### Values
|
#### Values
|
||||||
|
|
||||||
|
|
|
@ -499,9 +499,9 @@ When using cluster peering connections, intentions secure your deployments with
|
||||||
type: 'string: ""',
|
type: 'string: ""',
|
||||||
description: {
|
description: {
|
||||||
hcl:
|
hcl:
|
||||||
"Specifies the [peer](/consul/docs/connect/cluster-peering/index.mdx) of the source service. `Peer` is mutually exclusive with `Partition`.",
|
"Specifies the [peer](/consul/docs/connect/cluster-peering) of the source service. `Peer` is mutually exclusive with `Partition`.",
|
||||||
yaml:
|
yaml:
|
||||||
"Specifies the [peer](/consul/docs/connect/cluster-peering/index.mdx) of the source service. `peer` is mutually exclusive with `partition`.",
|
"Specifies the [peer](/consul/docs/connect/cluster-peering) of the source service. `peer` is mutually exclusive with `partition`.",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
|
@ -7,7 +7,7 @@ description: >-
|
||||||
|
|
||||||
# Consul Dataplane CLI Reference
|
# Consul Dataplane CLI Reference
|
||||||
|
|
||||||
The `consul-dataplane` command interacts with the binary for [simplified service mesh with Consul Dataplane](/consul/docs/k8s/dataplane). Use this command to install Consul Dataplane, configure its Envoy proxies, and secure Dataplane deployments.
|
The `consul-dataplane` command interacts with the binary for [simplified service mesh with Consul Dataplane](/consul/docs/connect/dataplane). Use this command to install Consul Dataplane, configure its Envoy proxies, and secure Dataplane deployments.
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
|
|
|
@ -435,7 +435,7 @@ Specifies rule for rewriting the URL of incoming requests when an incoming reque
|
||||||
|
|
||||||
### Rules[].Filters.URLRewrite.Path
|
### Rules[].Filters.URLRewrite.Path
|
||||||
|
|
||||||
Specifies a path that determines how Consul API Gateway rewrites a URL path. Refer to [Reroute HTTP requests](/consul/docs/api-gateway/usage#reroute-http-requests) for additional information.
|
Specifies a path that determines how Consul API Gateway rewrites a URL path. Refer to [Reroute HTTP requests](/consul/docs/api-gateway/usage/reroute-http-requests) for additional information.
|
||||||
|
|
||||||
#### Values
|
#### Values
|
||||||
|
|
||||||
|
|
|
@ -111,7 +111,7 @@ If TLS is enabled on Consul, you will also need to add the following environment
|
||||||
|
|
||||||
- [`CONSUL_CACERT`](/consul/commands#consul_cacert)
|
- [`CONSUL_CACERT`](/consul/commands#consul_cacert)
|
||||||
- [`CONSUL_CLIENT_CERT`](/consul/commands#consul_client_cert)
|
- [`CONSUL_CLIENT_CERT`](/consul/commands#consul_client_cert)
|
||||||
- [`CONSUL_CLIENT_KEY`](//consulcommands#consul_client_key)
|
- [`CONSUL_CLIENT_KEY`](/consul/commands#consul_client_key)
|
||||||
- [`CONSUL_HTTP_SSL`](/consul/commands#consul_http_ssl)
|
- [`CONSUL_HTTP_SSL`](/consul/commands#consul_http_ssl)
|
||||||
|
|
||||||
## Bootstrap Configuration
|
## Bootstrap Configuration
|
||||||
|
@ -194,7 +194,7 @@ The [Advanced Configuration](#advanced-configuration) section describes addition
|
||||||
|
|
||||||
### Bootstrap Envoy on Windows VMs
|
### Bootstrap Envoy on Windows VMs
|
||||||
|
|
||||||
> Complete the [Connect Services on Windows Workloads to Consul Service Mesh tutorial](https://consul.io/consu/tutorials/consul-windows-workloads?utm_source=docs) to learn how to deploy Consul and use its service mesh on Windows VMs.
|
> Complete the [Connect Services on Windows Workloads to Consul Service Mesh tutorial](/consul/tutorials/developer-mesh/consul-windows-workloads) to learn how to deploy Consul and use its service mesh on Windows VMs.
|
||||||
|
|
||||||
If you are running Consul on a Windows VM, attempting to bootstrap Envoy with the `consul connect envoy` command returns the following output:
|
If you are running Consul on a Windows VM, attempting to bootstrap Envoy with the `consul connect envoy` command returns the following output:
|
||||||
|
|
||||||
|
|
|
@ -138,7 +138,7 @@ documentation for details about supported configuration parameters.
|
||||||
|
|
||||||
### Service Discovery
|
### Service Discovery
|
||||||
|
|
||||||
Proxies can use Consul's [service discovery API](https://consul.io/%60/v1/health/connect/:service_id%60) to return all available, Connect-capable endpoints for a given service. This endpoint supports a `cached` query parameter, which uses [agent caching](/consul/api-docs/features/caching) to improve
|
Proxies can use Consul's [service discovery API](/consul/api-docs/health#list-service-instances-for-connect-enabled-service) to return all available, Connect-capable endpoints for a given service. This endpoint supports a `cached` query parameter, which uses [agent caching](/consul/api-docs/features/caching) to improve
|
||||||
performance. The API package provides a [`UseCache`] query option to leverage caching.
|
performance. The API package provides a [`UseCache`] query option to leverage caching.
|
||||||
In addition to performance improvements, using the cache makes the mesh more resilient to Consul server outages. This is because the mesh "fails static" with the last known set of service instances still used, rather than errors on new connections.
|
In addition to performance improvements, using the cache makes the mesh more resilient to Consul server outages. This is because the mesh "fails static" with the last known set of service instances still used, rather than errors on new connections.
|
||||||
|
|
||||||
|
|
|
@ -108,8 +108,9 @@ The following table describes the required input variables for the `acl-controll
|
||||||
| `name_prefix` | string | AWS resources created by the `acl-controller` module will include this prefix in the resource name. |
|
| `name_prefix` | string | AWS resources created by the `acl-controller` module will include this prefix in the resource name. |
|
||||||
|
|
||||||
<EnterpriseAlert>
|
<EnterpriseAlert>
|
||||||
If you are using Consul Enterprise, see <a href="/docs/ecs/enterprise#admin-partitions-and-namespaces">Admin Partitions and Namespaces</a> for
|
|
||||||
additional configuration required to support Consul Enterprise on ECS.
|
If you are using Consul Enterprise, see the [Admin Partitions and Namespaces requirements documentation](/consul/docs/ecs/requirements) for additional configuration required to support Consul Enterprise on ECS.
|
||||||
|
|
||||||
</EnterpriseAlert>
|
</EnterpriseAlert>
|
||||||
|
|
||||||
## Deploy your services
|
## Deploy your services
|
||||||
|
|
|
@ -138,7 +138,7 @@ When a customer deploys new clusters to a 1.10.0+ent release, they need to have
|
||||||
|
|
||||||
New Consul cluster deployments using 1.10.0+ent will need to have a valid license on servers to successfully deploy.
|
New Consul cluster deployments using 1.10.0+ent will need to have a valid license on servers to successfully deploy.
|
||||||
This valid license must be on-disk (auto-loaded) or as an environment variable.
|
This valid license must be on-disk (auto-loaded) or as an environment variable.
|
||||||
Please see the [upgrade requirements](https://consul.io/faq#q-what-are-the-upgrade-requirements).
|
Please see the [upgrade requirements](/consul/docs/enterprise/license/faq#q-what-are-the-upgrade-requirements).
|
||||||
|
|
||||||
## Q: What is the migration path for customers who want to migrate from their existing license-as-applied-via-the-CLI flow to the license on disk flow?
|
## Q: What is the migration path for customers who want to migrate from their existing license-as-applied-via-the-CLI flow to the license on disk flow?
|
||||||
|
|
||||||
|
@ -183,7 +183,7 @@ When downgrading to a version of Consul before 1.10.0+ent, customers will need t
|
||||||
|
|
||||||
## Q: Are there potential pitfalls when downgrading or upgrading Consul server instances?
|
## Q: Are there potential pitfalls when downgrading or upgrading Consul server instances?
|
||||||
|
|
||||||
~> Verify that you meet the [upgrade requirements](https://consul.io/faq#q-what-are-the-upgrade-requirements).
|
~> Verify that you meet the [upgrade requirements](/consul/docs/enterprise/license/faq#q-what-are-the-upgrade-requirements).
|
||||||
|
|
||||||
Assume a scenario where there are three Consul server nodes:
|
Assume a scenario where there are three Consul server nodes:
|
||||||
|
|
||||||
|
|
|
@ -34,7 +34,7 @@ or via a configuration file:
|
||||||
|
|
||||||
## Auto-join with Network Segments <EnterpriseAlert inline />
|
## Auto-join with Network Segments <EnterpriseAlert inline />
|
||||||
|
|
||||||
In order to use cloud auto-join with [Network Segments](/consul/docs/enterprise/network-segments),
|
In order to use cloud auto-join with [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview),
|
||||||
you must reconfigure the Consul agent's Serf LAN port to match that of the
|
you must reconfigure the Consul agent's Serf LAN port to match that of the
|
||||||
segment you wish to join.
|
segment you wish to join.
|
||||||
|
|
||||||
|
|
|
@ -15,7 +15,7 @@ These Consul tools are created and managed by the dedicated engineers at HashiCo
|
||||||
|
|
||||||
- [Envconsul](https://github.com/hashicorp/envconsul) - Read and set environmental variables for processes from Consul.
|
- [Envconsul](https://github.com/hashicorp/envconsul) - Read and set environmental variables for processes from Consul.
|
||||||
- [Consul API Gateway](https://github.com/hashicorp/consul-api-gateway/) - dedicated ingress solution for intelligently routing traffic to applications running on a Consul Service Mesh.
|
- [Consul API Gateway](https://github.com/hashicorp/consul-api-gateway/) - dedicated ingress solution for intelligently routing traffic to applications running on a Consul Service Mesh.
|
||||||
- [Consul ESM](https://github.com/hashicorp/consul-esm) - Provides external service monitoring for Consul. Complete the [tutorial](https://consul.io/(https://learn.hashicorp.com/tutorials/consul/service-registration-external-services?utm_source=docs)) to learn more.
|
- [Consul ESM](https://github.com/hashicorp/consul-esm) - Provides external service monitoring for Consul. Complete the [tutorial](/consul/tutorials/developer-discovery/service-registration-external-services?utm_source=docs) to learn more.
|
||||||
- [Consul Migrate](https://github.com/hashicorp/consul-migrate) - Data migration tool to handle Consul upgrades to 0.5.1+
|
- [Consul Migrate](https://github.com/hashicorp/consul-migrate) - Data migration tool to handle Consul upgrades to 0.5.1+
|
||||||
- [Consul Replicate](https://github.com/hashicorp/consul-replicate) - Consul cross-DC KV replication daemon.
|
- [Consul Replicate](https://github.com/hashicorp/consul-replicate) - Consul cross-DC KV replication daemon.
|
||||||
- [Consul Template](https://github.com/hashicorp/consul-template) - Generic template rendering and notifications with Consul. Complete the [tutorial](/consul/tutorials/developer-configuration/consul-template?utm_source=docs) to the learn more.
|
- [Consul Template](https://github.com/hashicorp/consul-template) - Generic template rendering and notifications with Consul. Complete the [tutorial](/consul/tutorials/developer-configuration/consul-template?utm_source=docs) to the learn more.
|
||||||
|
@ -54,7 +54,6 @@ These Consul tools are created and managed by the amazing members of the Consul
|
||||||
- [gradle-consul-plugin](https://github.com/amirkibbar/red-apple) - A Consul Gradle plugin
|
- [gradle-consul-plugin](https://github.com/amirkibbar/red-apple) - A Consul Gradle plugin
|
||||||
- [hashi-ui](https://github.com/jippi/hashi-ui) - A modern user interface for the Consul and Nomad
|
- [hashi-ui](https://github.com/jippi/hashi-ui) - A modern user interface for the Consul and Nomad
|
||||||
- [HashiBox](https://github.com/nunchistudio/hashibox) - Vagrant environment to simulate highly-available cloud with Consul, Nomad, Vault, and optional support for Waypoint. OSS & Enterprise supported.
|
- [HashiBox](https://github.com/nunchistudio/hashibox) - Vagrant environment to simulate highly-available cloud with Consul, Nomad, Vault, and optional support for Waypoint. OSS & Enterprise supported.
|
||||||
- [helios-consul](https://github.com/SVT/helios-consul) - Service registrar plugin for Helios
|
|
||||||
- [Jenkins Consul Plugin](https://plugins.jenkins.io/consul) - Jenkins plugin for service discovery and K/V store
|
- [Jenkins Consul Plugin](https://plugins.jenkins.io/consul) - Jenkins plugin for service discovery and K/V store
|
||||||
- [marathon-consul](https://github.com/allegro/marathon-consul) - Service registry bridge for Marathon
|
- [marathon-consul](https://github.com/allegro/marathon-consul) - Service registry bridge for Marathon
|
||||||
- [marathon-consul](https://github.com/CiscoCloud/marathon-consul) - Bridge from Marathon apps to the Consul K/V store
|
- [marathon-consul](https://github.com/CiscoCloud/marathon-consul) - Bridge from Marathon apps to the Consul K/V store
|
||||||
|
|
|
@ -89,7 +89,7 @@ Here are links to resources, documentation, examples and best practices to guide
|
||||||
- [Monitoring Consul with Datadog APM](https://www.datadoghq.com/blog/consul-datadog/)
|
- [Monitoring Consul with Datadog APM](https://www.datadoghq.com/blog/consul-datadog/)
|
||||||
- [Monitor HCP Consul with New Relic Instant Observability](https://github.com/newrelic-experimental/hashicorp-quickstart-annex/blob/main/hcp-consul/README.md)
|
- [Monitor HCP Consul with New Relic Instant Observability](https://github.com/newrelic-experimental/hashicorp-quickstart-annex/blob/main/hcp-consul/README.md)
|
||||||
- [HCP Consul and CloudFabrix AIOps Integration](https://bot-docs.cloudfabrix.io/Bots/consul/?h=consul)
|
- [HCP Consul and CloudFabrix AIOps Integration](https://bot-docs.cloudfabrix.io/Bots/consul/?h=consul)
|
||||||
- [Consul and SnappyFlow Full Stack Observability](https://docs.snappyflow.io/docs/integrations/hcp_consul)
|
- [Consul and SnappyFlow Full Stack Observability](https://docs.snappyflow.io/docs/Integrations/hcp_consul)
|
||||||
|
|
||||||
**Network Performance Monitoring (NPM)**
|
**Network Performance Monitoring (NPM)**
|
||||||
|
|
||||||
|
|
|
@ -10,7 +10,4 @@ description: >-
|
||||||
|
|
||||||
# ACL System ((#version_8_acls))
|
# ACL System ((#version_8_acls))
|
||||||
|
|
||||||
This content has been moved into the [ACL Guide](/consul/tutorials/security/access-control-setup-production).
|
This content has been moved into the [ACL Guide](/consul/tutorials/security/access-control-setup-production).
|
||||||
|
|
||||||
See [Complete ACL Coverage in Consul 0.8](/consul/docs/security/acl/acl-legacy) for details
|
|
||||||
about ACL changes in Consul 0.8 and later.
|
|
|
@ -11,7 +11,7 @@ You can use this Helm chart to deploy Consul Enterprise by following a few extra
|
||||||
|
|
||||||
Find the license file that you received in your welcome email. It should have a `.hclic` extension. You will use the contents of this file to create a Kubernetes secret before installing the Helm chart.
|
Find the license file that you received in your welcome email. It should have a `.hclic` extension. You will use the contents of this file to create a Kubernetes secret before installing the Helm chart.
|
||||||
|
|
||||||
-> **Note:** This guide assumes you are storing your license as a Kubernetes Secret. If you would like to store the enterprise license in Vault, please reference [Storing the Enterprise License in Vault](/consul/docs/k8s/deployment-configuration/vault/data-integration/enterprise-license).
|
-> **Note:** This guide assumes you are storing your license as a Kubernetes Secret. If you would like to store the enterprise license in Vault, please reference [Storing the Enterprise License in Vault](/consul/docs/k8s/deployment-configurations/vault/data-integration/enterprise-license).
|
||||||
|
|
||||||
You can use the following commands to create the secret with name `consul-ent-license` and key `key`:
|
You can use the following commands to create the secret with name `consul-ent-license` and key `key`:
|
||||||
|
|
||||||
|
|
|
@ -11,7 +11,7 @@ One of the primary query interfaces to Consul is the
|
||||||
[DNS interface](/consul/docs/services/discovery/dns-overview). You can configure Consul DNS in
|
[DNS interface](/consul/docs/services/discovery/dns-overview). You can configure Consul DNS in
|
||||||
Kubernetes using a
|
Kubernetes using a
|
||||||
[stub-domain configuration](https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#configure-stub-domain-and-upstream-dns-servers)
|
[stub-domain configuration](https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#configure-stub-domain-and-upstream-dns-servers)
|
||||||
if using KubeDNS or a [proxy configuration](https://coredns.io/plugins/proxy/) if using CoreDNS.
|
if using KubeDNS or a [proxy configuration](https://coredns.io/plugins/forward/) if using CoreDNS.
|
||||||
|
|
||||||
Once configured, DNS requests in the form `<consul-service-name>.service.consul` will
|
Once configured, DNS requests in the form `<consul-service-name>.service.consul` will
|
||||||
resolve for services in Consul. This will work from all Kubernetes namespaces.
|
resolve for services in Consul. This will work from all Kubernetes namespaces.
|
||||||
|
|
|
@ -59,7 +59,7 @@ There are several ways to try Consul with Kubernetes in different environments.
|
||||||
|
|
||||||
- The [Consul and Kubernetes Deployment](/consul/tutorials/kubernetes/kubernetes-deployment-guide?utm_source=docs) tutorial covers the necessary steps to install and configure a new Consul cluster on Kubernetes in production.
|
- The [Consul and Kubernetes Deployment](/consul/tutorials/kubernetes/kubernetes-deployment-guide?utm_source=docs) tutorial covers the necessary steps to install and configure a new Consul cluster on Kubernetes in production.
|
||||||
|
|
||||||
- The [Secure Consul and Registered Services on Kubernetes](https://consul.io/consul/tutorials/kubernetes/kubernetes-secure-agents?utm_source=docs) tutorial covers
|
- The [Secure Consul and Registered Services on Kubernetes](/consul/tutorials/kubernetes/kubernetes-secure-agents?utm_source=docs) tutorial covers
|
||||||
the necessary steps to secure a Consul cluster running on Kubernetes in production.
|
the necessary steps to secure a Consul cluster running on Kubernetes in production.
|
||||||
|
|
||||||
- The [Layer 7 Observability with Consul Service Mesh](/consul/tutorials/kubernetes/kubernetes-layer7-observability) tutorial covers monitoring a
|
- The [Layer 7 Observability with Consul Service Mesh](/consul/tutorials/kubernetes/kubernetes-layer7-observability) tutorial covers monitoring a
|
||||||
|
|
|
@ -85,7 +85,7 @@ or read the [Helm Chart Reference](/consul/docs/k8s/helm).
|
||||||
|
|
||||||
### Minimal `values.yaml` for Consul service mesh
|
### Minimal `values.yaml` for Consul service mesh
|
||||||
|
|
||||||
The following `values.yaml` config file contains the minimum required settings to enable [Consul Service Mesh](https://consul.io/(/docs/k8s/connect)):
|
The following `values.yaml` config file contains the minimum required settings to enable [Consul Service Mesh](/consul/docs/k8s/connect):
|
||||||
|
|
||||||
<CodeBlockConfig filename="values.yaml">
|
<CodeBlockConfig filename="values.yaml">
|
||||||
|
|
||||||
|
|
|
@ -31,7 +31,7 @@ description: >-
|
||||||
to rewrite the URL path in a client's HTTP request before sending the request
|
to rewrite the URL path in a client's HTTP request before sending the request
|
||||||
to a service. For example, you could configure the gateway to change the path
|
to a service. For example, you could configure the gateway to change the path
|
||||||
from `//store/checkout` to `//cart/checkout`. Refer to the [usage
|
from `//store/checkout` to `//cart/checkout`. Refer to the [usage
|
||||||
documentation](/consul/docs/api-gateway/usage) for additional information.
|
documentation](/consul/docs/connect/gateways/api-gateway/usage) for additional information.
|
||||||
|
|
||||||
## What has Changed
|
## What has Changed
|
||||||
|
|
||||||
|
|
|
@ -13,7 +13,7 @@ description: >-
|
||||||
|
|
||||||
- **Per listener TLS Config**: It is now possible to configure TLS differently for each of Consul's listeners, such as HTTPS, gRPC, and the internal multiplexed RPC listener, using the `tls` stanza. Refer to [TLS Configuration Reference](/consul/docs/agent/config/config-files#tls-configuration-reference) for more details.
|
- **Per listener TLS Config**: It is now possible to configure TLS differently for each of Consul's listeners, such as HTTPS, gRPC, and the internal multiplexed RPC listener, using the `tls` stanza. Refer to [TLS Configuration Reference](/consul/docs/agent/config/config-files#tls-configuration-reference) for more details.
|
||||||
|
|
||||||
- **AWS Lambda**: Adds the ability to invoke AWS Lambdas through terminating gateways, which allows for cross-datacenter communication, transparent proxy, and intentions with Consul Service Mesh. Refer to [AWS Lambda](/consul/docs]/lambda) and [Invoke Lambda Functions](/consul/docs/lambda/invocation) for more details.
|
- **AWS Lambda**: Adds the ability to invoke AWS Lambdas through terminating gateways, which allows for cross-datacenter communication, transparent proxy, and intentions with Consul Service Mesh. Refer to [AWS Lambda](/consul/docs/lambda) and [Invoke Lambda Functions](/consul/docs/lambda/invocation) for more details.
|
||||||
|
|
||||||
- **Mesh-wide TLS min/max versions and cipher suites**: Using the [Mesh](/consul/docs/connect/config-entries/mesh#tls) Config Entry or CRD, it is now possible to set TLS min/max versions and cipher suites for both inbound and outbound mTLS connections.
|
- **Mesh-wide TLS min/max versions and cipher suites**: Using the [Mesh](/consul/docs/connect/config-entries/mesh#tls) Config Entry or CRD, it is now possible to set TLS min/max versions and cipher suites for both inbound and outbound mTLS connections.
|
||||||
|
|
||||||
|
|
|
@ -76,14 +76,13 @@ The Kubernetes service account corresponding to the configured
|
||||||
[`ServiceAccountJWT`](/consul/docs/security/acl/auth-methods/kubernetes#serviceaccountjwt)
|
[`ServiceAccountJWT`](/consul/docs/security/acl/auth-methods/kubernetes#serviceaccountjwt)
|
||||||
needs to have access to two Kubernetes APIs:
|
needs to have access to two Kubernetes APIs:
|
||||||
|
|
||||||
- [**TokenReview**](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#create-tokenreview-v1-authentication-k8s-io)
|
- [**TokenReview**](https://kubernetes.io/docs/reference/kubernetes-api/authentication-resources/token-review-v1/)
|
||||||
|
|
||||||
-> Kubernetes should be running with `--service-account-lookup`. This is
|
-> Kubernetes should be running with `--service-account-lookup`. This is
|
||||||
defaulted to true in Kubernetes 1.7, but any versions prior should ensure
|
defaulted to true in Kubernetes 1.7, but any versions prior should ensure
|
||||||
the Kubernetes API server is started with this setting.
|
the Kubernetes API server is started with this setting.
|
||||||
|
|
||||||
- [**ServiceAccount**](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#read-serviceaccount-v1-core)
|
- [**ServiceAccount**](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#service-account-tokens)
|
||||||
(`get`)
|
|
||||||
|
|
||||||
The following is an example
|
The following is an example
|
||||||
[RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)
|
[RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)
|
||||||
|
|
|
@ -73,7 +73,7 @@ parameters are required to properly configure an auth method of type
|
||||||
|
|
||||||
- `JWTSupportedAlgs` `(array<string>)` - JWTSupportedAlgs is a list of
|
- `JWTSupportedAlgs` `(array<string>)` - JWTSupportedAlgs is a list of
|
||||||
supported signing algorithms. Defaults to `RS256`. ([Available
|
supported signing algorithms. Defaults to `RS256`. ([Available
|
||||||
algorithms](https://github.com/hashicorp/consul/blob/main/vendor/github.com/coreos/go-oidc/jose.go#L7))
|
algorithms](https://github.com/hashicorp/consul/blob/main/internal/go-sso/oidcauth/jwt.go))
|
||||||
|
|
||||||
- `BoundAudiences` `(array<string>)` - List of `aud` claims that are valid for
|
- `BoundAudiences` `(array<string>)` - List of `aud` claims that are valid for
|
||||||
login; any match is sufficient.
|
login; any match is sufficient.
|
||||||
|
|
|
@ -327,7 +327,7 @@ This returns the unique virtual IP for any service mesh-capable service. Each se
|
||||||
|
|
||||||
The peer name is an optional. The DNS uses it to query for the virtual IP of a service imported from the specified peer.
|
The peer name is an optional. The DNS uses it to query for the virtual IP of a service imported from the specified peer.
|
||||||
|
|
||||||
Consul adds virtual IPs to the [`tagged_addresses`](/consul/services/configuration/services-configuration-reference#tagged-addresses) field in the service definition under the `consul-virtual` tag.
|
Consul adds virtual IPs to the [`tagged_addresses`](/consul/docs/services/configuration/services-configuration-reference#tagged_addresses) field in the service definition under the `consul-virtual` tag.
|
||||||
|
|
||||||
#### Service virtual IP lookups for Consul Enterprise
|
#### Service virtual IP lookups for Consul Enterprise
|
||||||
|
|
||||||
|
|
|
@ -245,7 +245,7 @@ Responses larger than 4KB are truncated. The HTTP response determines the status
|
||||||
TCP checks establish connections to the specified IPs or hosts. If the check successfully establishes a connection, the service status is reported as `success`. If the IP or host does not accept the connection, the service status is reported as `critical`. We recommend TCP checks over [script checks](#script-checks) that use netcat or another external process to check a socket operation.
|
TCP checks establish connections to the specified IPs or hosts. If the check successfully establishes a connection, the service status is reported as `success`. If the IP or host does not accept the connection, the service status is reported as `critical`. We recommend TCP checks over [script checks](#script-checks) that use netcat or another external process to check a socket operation.
|
||||||
|
|
||||||
### TCP check configuration
|
### TCP check configuration
|
||||||
Add a `tcp` field to the `check` block in your service definition file and specify the address, including port number, for the check to call. All other fields are optional. Refer to [Health Checks Configuration Reference](/consul/docs/services/configuration/health-checks-configuration) for information about all health check configurations.
|
Add a `tcp` field to the `check` block in your service definition file and specify the address, including port number, for the check to call. All other fields are optional. Refer to [Health Checks Configuration Reference](/consul/docs/services/configuration/checks-configuration-reference) for information about all health check configurations.
|
||||||
|
|
||||||
In the following example, a TCP check named `SSH TCP on port 22` attempts to connect to `localhost:22` every 10 seconds:
|
In the following example, a TCP check named `SSH TCP on port 22` attempts to connect to `localhost:22` every 10 seconds:
|
||||||
|
|
||||||
|
|
|
@ -138,7 +138,7 @@ You can add a `check` or `checks` block to your service configuration to define
|
||||||
|
|
||||||
### Register a service
|
### Register a service
|
||||||
|
|
||||||
You can register your service using the [`consul services` command](/consul/commands/services) or by calling the [`/agent/services` API endpoint](/consul/api-docs/agent/services). Refer to [Register Services and Health Checks](/consul/docs/services/usage/register-services-checks) for details.
|
You can register your service using the [`consul services` command](/consul/commands/services) or by calling the [`/agent/services` API endpoint](/consul/api-docs/agent/service). Refer to [Register Services and Health Checks](/consul/docs/services/usage/register-services-checks) for details.
|
||||||
|
|
||||||
## Define service defaults
|
## Define service defaults
|
||||||
If Consul service mesh is enabled in your network, you can define default values for services in your mesh by creating and applying a `service-defaults` configuration entry containing. Refer to [Service Mesh Configuration Overview](/consul/docs/connect/configuration) for additional information.
|
If Consul service mesh is enabled in your network, you can define default values for services in your mesh by creating and applying a `service-defaults` configuration entry containing. Refer to [Service Mesh Configuration Overview](/consul/docs/connect/configuration) for additional information.
|
||||||
|
|
|
@ -7,7 +7,7 @@ description: ->
|
||||||
|
|
||||||
# Register services and health checks
|
# Register services and health checks
|
||||||
|
|
||||||
This topic describes how to register services and health checks with Consul in networks running on virtual machines (VM). Refer to [Define Services](/consul/usage/services/usage/define-services) and [Define Health Checks](/consul/usage/services/usage/checks) for information about how to define services and health checks.
|
This topic describes how to register services and health checks with Consul in networks running on virtual machines (VM). Refer to [Define Services](/consul/docs/services/usage/define-services) and [Define Health Checks](/consul/docs/services/usage/checks) for information about how to define services and health checks.
|
||||||
|
|
||||||
## Overview
|
## Overview
|
||||||
Register services and health checks in VM environments by providing the service definition to a Consul agent. You can use several different methods to register services and health checks.
|
Register services and health checks in VM environments by providing the service definition to a Consul agent. You can use several different methods to register services and health checks.
|
||||||
|
@ -65,4 +65,4 @@ Send a `PUT` request to the `/agent/check/register` API endpoint to dynamically
|
||||||
$ curl --request PUT --data @payload.json http://localhost:8500/v1/agent/check/register
|
$ curl --request PUT --data @payload.json http://localhost:8500/v1/agent/check/register
|
||||||
```
|
```
|
||||||
|
|
||||||
Refer to [Check - Agent HTTP API](/consul/api-docs/check/service) for additional information about the `check` endpoint.
|
Refer to [Check - Agent HTTP API](/consul/api-docs/agent/check) for additional information about the `check` endpoint.
|
||||||
|
|
|
@ -18,8 +18,8 @@ as part of this upgrade. The 1.6.x series is the last series that had support fo
|
||||||
ACL tokens, so this migration _must_ happen before upgrading past the 1.6.x release series.
|
ACL tokens, so this migration _must_ happen before upgrading past the 1.6.x release series.
|
||||||
Here is some documentation that may prove useful for reference during this upgrade process:
|
Here is some documentation that may prove useful for reference during this upgrade process:
|
||||||
|
|
||||||
- [ACL System in Legacy Mode](/consul/docs/security/acl/acl-legacy) - You can find
|
- [Upgrading Legacy ACL tokens](/consul/tutorials/security-operations/access-control-token-migration) - You can find
|
||||||
information about legacy configuration options and differences between modes here.
|
information about upgrading legacy ACL tokens and differences between modes here.
|
||||||
- [Configuration](/consul/docs/agent/config) - You can find more details
|
- [Configuration](/consul/docs/agent/config) - You can find more details
|
||||||
around legacy ACL and new ACL configuration options here. Legacy ACL config options
|
around legacy ACL and new ACL configuration options here. Legacy ACL config options
|
||||||
will be listed as deprecates as of 1.4.0.
|
will be listed as deprecates as of 1.4.0.
|
||||||
|
|
Loading…
Reference in New Issue