f399fd2add
CatalogDestinationsOnly is a passthrough that would enable dialing addresses outside of Consul's catalog. However, when this flag is set to true only _connect_ endpoints for services can be dialed. This flag is being renamed to signal that non-Connect endpoints can't be dialed by transparent proxies when the value is set to true.
77 lines
2.2 KiB
Plaintext
77 lines
2.2 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: 'Configuration Entry Kind: Mesh'
|
|
description: >-
|
|
The mesh config entry kind allows for globally defining default
|
|
configuration across all services mesh proxies.
|
|
Settings in this config entry apply across all namespaces and federated datacenters.
|
|
Currently, only one mesh entry is supported.
|
|
---
|
|
|
|
# Mesh <sup>Beta</sup>
|
|
|
|
-> **v1.10.0+:** This config entry is supported in Consul versions 1.10.0+.
|
|
|
|
The `mesh` config entry kind allows for globally defining
|
|
default configuration that applies to all service mesh proxies.
|
|
Settings in this config entry apply across all namespaces and federated datacenters.
|
|
|
|
## Sample Config Entries
|
|
|
|
### Only allow transparent proxies to dial addresses in the mesh.
|
|
|
|
<Tabs>
|
|
<Tab heading="HCL">
|
|
|
|
```hcl
|
|
Kind = "mesh"
|
|
|
|
TransparentProxy {
|
|
MeshDestinationsOnly = true
|
|
}
|
|
```
|
|
|
|
</Tab>
|
|
<Tab heading="HCL (Consul Enterprise)">
|
|
|
|
**NOTE:** The `mesh` config entry can only be created in the `default`
|
|
namespace and it will apply to proxies across **all** namespaces.
|
|
|
|
```hcl
|
|
Kind = "mesh"
|
|
Namespace = "default" # Can only be set to "default".
|
|
|
|
TransparentProxy {
|
|
MeshDestinationsOnly = true
|
|
}
|
|
```
|
|
|
|
</Tab>
|
|
</Tabs>
|
|
|
|
## Available Fields
|
|
|
|
- `Kind` - Must be set to `mesh`
|
|
|
|
- `Namespace` `(string: "default")` <EnterpriseAlert inline /> - Specifies the namespace the config entry will apply to.
|
|
Must be set to `default`
|
|
|
|
- `Meta` `(map<string|string>: nil)` - Specifies arbitrary KV metadata pairs.
|
|
|
|
- `TransparentProxy` `(TransparentProxyConfig: <optional>)` - Controls configuration specific to proxies in
|
|
`transparent` [mode](/docs/connect/config-entries/service-defaults#mode). Added in v1.10.0.
|
|
|
|
- `MeshDestinationsOnly` `(bool: false)` - Determines whether sidecar proxies operating in transparent mode can
|
|
proxy traffic to IP addresses not registered in Consul's mesh. If enabled, traffic will only be proxied
|
|
to upstream proxies or Connect-native services. If disabled, requests will be proxied as-is to the
|
|
original destination IP address. Consul will not encrypt the connection.
|
|
|
|
## ACLs
|
|
|
|
Configuration entries may be protected by [ACLs](/docs/security/acl).
|
|
|
|
Reading a `mesh` config entry requires no specific privileges.
|
|
|
|
Creating, updating, or deleting a `mesh` config entry requires
|
|
`operator:write`.
|