luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Merge pull request #11543 from hashicorp/envoy-token 

docs: added more information to help endusers with proxies and ACL
This commit is contained in:
mrspanishviking 2021-11-11 08:37:12 -08:00 committed by GitHub
parent e57fc8c38f a7bda35a3f
commit dadb7a7c33
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
website/content/docs/connect/proxies/integrate.mdx
View File

@ -169,18 +169,43 @@ to read configurations for that service. If you use the Go [`api` package], then
the environment variables will be read and the client configured for you the environment variables will be read and the client configured for you
automatically. automatically.
Alternatively, you may also use the flags `-token` or `-token-file` to provide the Consul ACL token.
<CodeTabs heading="Providing a Consul ACL Token" tabs={[ "Envoy", "Proxy" ]}>
<CodeBlockConfig language="shell-session">
```shell
consul connect envoy -sidecar-for "web" -token-file=/etc/consul.d/consul.token
```
</CodeBlockConfig>
<CodeBlockConfig >
```shell
$ consul connect proxy -sidecar-for "web" -token-file=/etc/consul.d/consul.token
```
</CodeBlockConfig>
</CodeTabs>
If TLS is enabled on Consul, you will also need to add the following environment variables _prior_ to starting the proxy: If TLS is enabled on Consul, you will also need to add the following environment variables _prior_ to starting the proxy:
- [`CONSUL_CACERT`](/commands#consul_cacert) - [`CONSUL_CACERT`](/commands#consul_cacert)
- [`CONSUL_CLIENT_CERT`](/commands#consul_client_cert) - [`CONSUL_CLIENT_CERT`](/commands#consul_client_cert)
- [`CONSUL_CLIENT_KEY`](/commands#consul_client_key) - [`CONSUL_CLIENT_KEY`](/commands#consul_client_key)
The `CONSUL_CACERT`, `CONSUL_CLIENT_CERT` and `CONSUL_CLIENT_KEY` can also be provided as CLI flags. Refer to the [`consul connect proxy` documentation](/commands/connect/proxy) for details.
The proxy service ID comes from the user. See [`consul connect envoy`](/commands/connect/envoy#examples) for an example. You can use the `-proxy-id` flag to specify the ID of the proxy service you have already registered with the local agent. The proxy service ID comes from the user. See [`consul connect envoy`](/commands/connect/envoy#examples) for an example. You can use the `-proxy-id` flag to specify the ID of the proxy service you have already registered with the local agent.
Alternatively, you can start the service using the `-sidecar-for=<service>` option. This option queries Consul for a proxy that is registered as a sidecar for the specified `<service>`. If exactly one service associated with the proxy is returned, the ID will be used to start the proxy. Your controller only needs to accept `-proxy-id` as an argument; the Consul CLI will resolve the Alternatively, you can start the service using the `-sidecar-for=<service>` option. This option queries Consul for a proxy that is registered as a sidecar for the specified `<service>`. If exactly one service associated with the proxy is returned, the ID will be used to start the proxy. Your controller only needs to accept `-proxy-id` as an argument; the Consul CLI will resolve the
ID for the name specified in `-sidecar-for` flag. ID for the name specified in `-sidecar-for` flag.
[`/v1/agent/connect/ca/leaf/`]: /api/agent/connect#service-leaf-certificate [`/v1/agent/connect/ca/leaf/`]: /api/agent/connect#service-leaf-certificate
[`/v1/agent/connect/ca/roots`]: /api/agent/connect#certificate-authority-ca-roots [`/v1/agent/connect/ca/roots`]: /api/agent/connect#certificate-authority-ca-roots
[`/v1/health/connect/:service_id`]: /api/health#list-nodes-for-connect-capable-service [`/v1/health/connect/:service_id`]: /api/health#list-nodes-for-connect-capable-service