luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Merge pull request #8186 from hashicorp/docs-cleanup

This commit is contained in:
Freddy 2020-06-25 11:44:24 -06:00 committed by GitHub
parent e67af2b292 36a9bb4133
commit 78751f4b97
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 527 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
website/pages/docs/acl/auth-methods/jwt.mdx
View File

@ -1,7 +1,7 @@
---
layout: docs
page_title: JWT Auth Method
sidebar_title: JWT <sup>Beta</sup>
sidebar_title: JWT
description: >-
The JWT auth method can be used to authenticate with Consul by providing a
JWT directly. The JWT is cryptographically verified using locally-provided
@ -9,7 +9,7 @@ description: >-
appropriate keys.
---
# JWT Auth Method <sup>Beta</sup>
# JWT Auth Method
-> **1.8.0+:** This feature is available in Consul versions 1.8.0 and newer.

4
website/pages/docs/acl/auth-methods/oidc.mdx
View File

@ -1,7 +1,7 @@
---
layout: docs
page_title: OIDC Auth Method
sidebar_title: OIDC <sup>Beta</sup>
sidebar_title: OIDC
description: >-
The OIDC auth method can be used to authenticate with Consul using OpenID
Connect (OIDC). This method allows authentication via a configured OIDC
@ -9,7 +9,7 @@ description: >-
Consul UI or the command line.
---
# OIDC Auth Method <sup>Beta</sup>
# OIDC Auth Method
<EnterpriseAlert />

228
website/pages/docs/agent/config-entries/ingress-gateway.mdx
View File

@ -43,11 +43,14 @@ description: >-
## Sample Config Entries
Set up a TCP listener for a single service:
<Tabs>
<Tab heading="HCL">
Set up a TCP listener on an ingress gateway named "us-east-ingress" to proxy traffic to the "db" service:
```hcl
Kind = "ingress-gateway"
Name = "ingress-service"
Name = "us-east-ingress"
Listeners = [
{
@ -62,13 +65,92 @@ Listeners = [
]
```
Set up a wildcard HTTP listener to proxy traffic to all available services,
make two services available over a custom port with user-provided hosts, and
enable TLS on every listener:
</Tab>
<Tab heading="HCL (Consul Enterprise)">
Set up a TCP listener on an ingress gateway named "us-east-ingress" in the default namespace
to proxy traffic to the "db" service in the ops namespace:
```hcl
Kind = "ingress-gateway"
Name = "ingress-service"
Name = "us-east-ingress"
Namespace = "default"
Listeners = [
{
Port = 3456
Protocol = "tcp"
Services = [
{
Namespace = "ops"
Name = "db"
}
]
}
]
```
</Tab>
<Tab heading="JSON">
Set up a TCP listener on an ingress gateway named "us-east-ingress" to proxy traffic to the "db" service:
```json
{
"Kind": "ingress-gateway",
"Name": "us-east-ingress",
"Listeners": [
{
"Port": 3456,
"Protocol": "tcp",
"Services": [
{
"Name": "db"
}
]
}
]
}
```
</Tab>
<Tab heading="JSON (Consul Enterprise)">
Set up a TCP listener on an ingress gateway named "us-east-ingress" in the default namespace
to proxy traffic to the "db" service in the ops namespace:
```json
{
"Kind": "ingress-gateway",
"Name": "us-east-ingress",
"Namespace": "default",
"Listeners": [
{
"Port": 3456,
"Protocol": "tcp",
"Services": [
{
"Namespace": "ops",
"Name": "db"
}
]
}
]
}
```
</Tab>
</Tabs>
<Tabs>
<Tab heading="HCL">
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the datacenter.
Also make two services available over a custom port with user-provided hosts, and enable TLS on every listener:
```hcl
Kind = "ingress-gateway"
Name = "us-east-ingress"
TLS {
Enabled = true
@ -101,6 +183,140 @@ Listeners = [
]
```
</Tab>
<Tab heading="HCL (Consul Enterprise)">
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the frontend namespace.
Also make two services in the frontend namespace available over a custom port with user-provided hosts, and enable TLS on every listener:
```hcl
Kind = "ingress-gateway"
Name = "us-east-ingress"
Namespace = "default"
TLS {
Enabled = true
}
Listeners = [
{
Port = 8080
Protocol = "http"
Services = [
{
Namespace = "frontend"
Name = "*"
}
]
},
{
Port = 4567
Protocol = "http"
Services = [
{
Namespace = "frontend"
Name = "api"
Hosts = ["foo.example.com", "foo.example.com:4567"]
},
{
Namespace = "frontend"
Name = "web"
Hosts = ["website.example.com", "website.example.com:4567"]
}
]
}
]
```
</Tab>
<Tab heading="JSON">
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the datacenter.
Also make two services available over a custom port with user-provided hosts, and enable TLS on every listener:
```json
{
"Kind": "ingress-gateway",
"Name": "us-east-ingress",
"TLS": {
"Enabled": true
},
"Listeners": [
{
"Port": 8080,
"Protocol": "http",
"Services": [
{
"Name": "*"
}
]
},
{
"Port": 4567,
"Protocol": "http",
"Services": [
{
"Name": "api",
"Hosts": ["foo.example.com", "foo.example.com:4567"]
},
{
"Name": "web",
"Hosts": ["website.example.com", "website.example.com:4567"]
}
]
}
]
}
```
</Tab>
<Tab heading="JSON (Consul Enterprise)">
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the frontend namespace.
Also make two services in the frontend namespace available over a custom port with user-provided hosts, and enable TLS on every listener:
```json
{
"Kind": "ingress-gateway",
"Name": "us-east-ingress",
"Namespace": "default",
"TLS": {
"Enabled": true
},
"Listeners": [
{
"Port": 8080,
"Protocol": "http",
"Services": [
{
"Namespace": "frontend",
"Name": "*"
}
]
},
{
"Port": 4567,
"Protocol": "http",
"Services": [
{
"Namespace": "frontend",
"Name": "api",
"Hosts": ["foo.example.com", "foo.example.com:4567"]
},
{
"Namespace": "frontend",
"Name": "web",
"Hosts": ["website.example.com", "website.example.com:4567"]
}
]
}
]
}
```
</Tab>
</Tabs>
## Available Fields
- `Kind` - Must be set to `ingress-gateway`

308
website/pages/docs/agent/config-entries/terminating-gateway.mdx
View File

@ -17,8 +17,8 @@ description: >-
and will apply to all instances of the gateway with that name.
~> [Configuration entries](/docs/agent/config-entries) are global in scope. A configuration entry for a gateway name applies
across all federated Consul datacenters. If ingress gateways in different Consul datacenters need to route to different
sets of services within their datacenter then the ingress gateways **must** be registered with different names.
across all federated Consul datacenters. If terminating gateways in different Consul datacenters need to route to different
sets of services within their datacenter then the terminating gateways **must** be registered with different names.
See [Terminating Gateway](/docs/connect/terminating-gateway) for more information.
@ -43,11 +43,15 @@ description: >-
## Sample Config Entries
Link gateway "us-west-gateway" with the billing service:
<Tabs>
<Tab heading="HCL">
Link gateway named "us-west-gateway" with the billing service:
```hcl
Kind = "terminating-gateway"
Name = "us-west-gateway"
Services = [
{
Name = "billing"
@ -55,27 +59,154 @@ Services = [
]
```
Link gateway "us-west-gateway" with the api service and specify a CA file for one-way TLS authentication:
</Tab>
<Tab heading="HCL (Consul Enterprise)">
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace:
```hcl
Kind = "terminating-gateway"
Name = "us-west-gateway"
Namespace = "default"
Services = [
{
Name = "api"
Namespace = "finance"
Name = "billing"
}
]
```
</Tab>
<Tab heading="JSON">
Link gateway named "us-west-gateway" with the billing service:
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Services": [
{
"Name": "billing"
}
]
}
```
</Tab>
<Tab heading="JSON (Consul Enterprise)">
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace:
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Namespace": "default",
"Services": [
{
"Namespace": "finance",
"Name": "billing"
}
]
}
```
</Tab>
</Tabs>
<Tabs>
<Tab heading="HCL">
Link gateway named "us-west-gateway" with the billing service and specify a CA file for one-way TLS authentication:
```hcl
Kind = "terminating-gateway"
Name = "us-west-gateway"
Services = [
{
Name = "billing"
CAFile = "/etc/certs/ca-chain.cert.pem"
}
]
```
Link gateway "us-west-gateway" with the payments service and specify a CA file, key file, and cert file for mutual TLS authentication:
</Tab>
<Tab heading="HCL (Consul Enterprise)">
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace,
and specify a CA file for one-way TLS authentication:
```hcl
Kind = "terminating-gateway"
Name = "us-west-gateway"
Namespace = "default"
Services = [
{
Name = "payments"
Namespace = "finance"
Name = "billing"
CAFile = "/etc/certs/ca-chain.cert.pem"
}
]
```
</Tab>
<Tab heading="JSON">
Link gateway named "us-west-gateway" with the billing service and specify a CA file for one-way TLS authentication:
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Services": [
{
"Name": "billing",
"CAFile": "/etc/certs/ca-chain.cert.pem"
}
]
}
```
</Tab>
<Tab heading="JSON (Consul Enterprise)">
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace,
and specify a CA file for one-way TLS authentication:
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Namespace": "default",
"Services": [
{
"Namespace": "finance",
"Name": "billing",
"CAFile": "/etc/certs/ca-chain.cert.pem"
}
]
}
```
</Tab>
</Tabs>
<Tabs>
<Tab heading="HCL">
Link gateway named "us-west-gateway" with the payments service and specify a CA file, key file, and cert file for mutual TLS authentication:
```hcl
Kind = "terminating-gateway"
Name = "us-west-gateway"
Services = [
{
Name = "billing"
CAFile = "/etc/certs/ca-chain.cert.pem"
KeyFile = "/etc/certs/gateway.key.pem"
CertFile = "/etc/certs/gateway.cert.pem"
@ -83,13 +214,110 @@ Services = [
]
```
Link gateway "us-west-gateway" with all services in the finance namespace, and configure default certificates for mutual TLS.
Also override the SNI and CA file used for connections to the billing service:
</Tab>
<Tab heading="HCL (Consul Enterprise)">
Link gateway named "us-west-gateway" in the default namespace with the payments service in the finance namespace.
Also specify a CA file, key file, and cert file for mutual TLS authentication:
```hcl
Kind = "terminating-gateway"
Name = "us-west-gateway"
Namespace = "default"
Services = [
{
Namespace = "finance"
Name = "billing"
CAFile = "/etc/certs/ca-chain.cert.pem"
KeyFile = "/etc/certs/gateway.key.pem"
CertFile = "/etc/certs/gateway.cert.pem"
}
]
```
</Tab>
<Tab heading="JSON">
Link gateway named "us-west-gateway" with the payments service and specify a CA file, key file, and cert file for mutual TLS authentication:
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Services": [
{
"Name": "billing",
"CAFile": "/etc/certs/ca-chain.cert.pem",
"KeyFile": "/etc/certs/gateway.key.pem",
"CertFile": "/etc/certs/gateway.cert.pem"
}
]
}
```
</Tab>
<Tab heading="JSON (Consul Enterprise)">
Link gateway named "us-west-gateway" in the default namespace with the payments service in the finance namespace.
Also specify a CA file, key file, and cert file for mutual TLS authentication:
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Namespace": "default",
"Services": [
{
"Namespace": "finance",
"Name": "billing",
"CAFile": "/etc/certs/ca-chain.cert.pem",
"KeyFile": "/etc/certs/gateway.key.pem",
"CertFile": "/etc/certs/gateway.cert.pem"
}
]
}
```
</Tab>
</Tabs>
<Tabs>
<Tab heading="HCL">
Link gateway named "us-west-gateway" with all services in the datacenter, and configure default certificates for mutual TLS.
Also override the SNI and CA file used for connections to the billing service:
```hcl
Kind = "terminating-gateway"
Name = "us-west-gateway"
Services = [
{
Name = "*"
CAFile = "/etc/common-certs/ca-chain.cert.pem"
KeyFile = "/etc/common-certs/gateway.key.pem"
CertFile = "/etc/common-certs/gateway.cert.pem"
},
{
Name = "billing"
CAFile = "/etc/billing-ca/ca-chain.cert.pem",
SNI = "billing.service.com"
}
]
```
</Tab>
<Tab heading="HCL (Consul Enterprise)">
Link gateway named "us-west-gateway" in the default namespace with all services in the finance namespace,
and configure default certificates for mutual TLS. Also override the SNI and CA file used for connections to the billing service:
```hcl
Kind = "terminating-gateway"
Name = "us-west-gateway"
Namespace = "default"
Services = [
{
Namespace = "finance"
@ -101,12 +329,72 @@ Services = [
{
Namespace = "finance"
Name = "billing"
CAFile = "/etc/billing-ca/ca-chain.cert.pem"
CAFile = "/etc/billing-ca/ca-chain.cert.pem",
SNI = "billing.service.com"
}
]
```
</Tab>
<Tab heading="JSON">
Link gateway named "us-west-gateway" with all services in the datacenter, and configure default certificates for mutual TLS.
Also override the SNI and CA file used for connections to the billing service:
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Services": [
{
"Name": "*",
"CAFile": "/etc/billing-ca/ca-chain.cert.pem",
"KeyFile": "/etc/certs/gateway.key.pem",
"CertFile": "/etc/certs/gateway.cert.pem",
"SNI": "billing.service.com"
},
{
"Name": "billing",
"CAFile": "/etc/billing-ca/ca-chain.cert.pem",
"SNI": "billing.service.com"
}
]
}
```
</Tab>
<Tab heading="JSON (Consul Enterprise)">
Link gateway named "us-west-gateway" in the default namespace with all services in the finance namespace,
and configure default certificates for mutual TLS. Also override the SNI and CA file used for connections to the billing service:
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Namespace": "default",
"Services": [
{
"Namespace": "finance",
"Name": "*",
"CAFile": "/etc/billing-ca/ca-chain.cert.pem",
"KeyFile": "/etc/certs/gateway.key.pem",
"CertFile": "/etc/certs/gateway.cert.pem",
"SNI": "billing.service.com"
},
{
"Namespace": "finance",
"Name": "billing",
"CAFile": "/etc/billing-ca/ca-chain.cert.pem",
"SNI": "billing.service.com"
}
]
}
```
</Tab>
</Tabs>
## Available Fields
- `Kind` - Must be set to `terminating-gateway`

2
website/pages/docs/connect/ingress-gateway.mdx
View File

@ -52,8 +52,6 @@ Currently, [Envoy](https://www.envoyproxy.io/) is the only proxy with ingress ga
For a complete example of how to allow external traffic inside your Consul service mesh,
review the [ingress gateway guide](https://learn.hashicorp.com/consul/developer-mesh/ingress-gateways).
5. **Optionally** use the [Consul L7 traffic management](/docs/connect/l7-traffic-management) for exposed services to route traffic.
## Ingress Gateway Configuration
Ingress gateways are configured in service definitions and registered with Consul like other services, with two exceptions.

2
website/pages/docs/connect/registration/service-registration.mdx
View File

@ -171,6 +171,8 @@ followed by documentation for each attribute.
- `destination_name` `(string: <required>)` - Specifies the name of the service
or prepared query to route connect to. The prepared query should be the name
or the ID of the prepared query.
- `destination_namespace` `(string: "")` - <EnterpriseAlert inline />
Specifies the namespace of the upstream service.
- `local_bind_port` `(int: <required>)` - Specifies the port to bind a local
listener to for the application to make outbound connections to this upstream.
- `local_bind_address` `(string: "")` - Specifies the address to bind a

2
website/pages/docs/connect/wan-federation-via-mesh-gateways.mdx
View File

@ -6,7 +6,7 @@ description: |-
WAN federation via mesh gateways allows for Consul servers in different datacenters to be federated exclusively through mesh gateways.
---
# WAN Federation via Mesh Gateways <sup>Beta</sup>
# WAN Federation via Mesh Gateways
-> **1.8.0+:** This feature is available in Consul versions 1.8.0 and higher