luxolus/open-consul
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity
open-consul/website/content/docs/connect/config-entries/mesh.mdx
Blake Covarrubias 6f1fa59005 docs: Add JSON examples to all config entries 
This commit adds example JSON configs for several config entry
resources were missing examples in this language.

The examples have been updated to use the new CodeTabs resource
instead of the Tab component.
2021-08-10 15:34:28 -07:00

173 lines
4 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: 'Configuration Entry Kind: Mesh'
description: >-
The mesh config entry kind allows for globally defining default
configuration across all services mesh proxies.
Settings in this config entry apply across all namespaces and federated datacenters.
Currently, only one mesh entry is supported.
---
# Mesh
-> **v1.10.0+:** This config entry is supported in Consul versions 1.10.0+.
The `mesh` config entry kind allows for globally defining
default configuration that applies to all service mesh proxies.
Settings in this config entry apply across all namespaces and federated datacenters.
## Sample Config Entries
### Mesh Destinations Only
Only allow transparent proxies to dial addresses in the mesh.
<Tabs>
<Tab heading="Consul OSS">
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "mesh"
TransparentProxy {
MeshDestinationsOnly = true
}
```
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: Mesh
metadata:
name: mesh
spec:
transparentProxy:
meshDestinationsOnly: true
```
```json
{
"Kind": "mesh",
"TransparentProxy": {
"MeshDestinationsOnly": true
}
}
```
</CodeTabs>
</Tab>
<Tab heading="Consul Enterprise">
-> **Note**: The `mesh` config entry can only be created in the `default`
namespace and it will apply to proxies across **all** namespaces.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "mesh"
Namespace = "default" # Can only be set to "default".
TransparentProxy {
MeshDestinationsOnly = true
}
```
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: Mesh
metadata:
name: mesh
spec:
transparentProxy:
meshDestinationsOnly: true
```
```json
{
"Kind": "mesh",
"Namespace": "default",
"TransparentProxy": {
"MeshDestinationsOnly": true
}
}
```
</CodeTabs>
</Tab>
</Tabs>
## Available Fields
<ConfigEntryReference
keys={[
{
name: 'apiVersion',
description: 'Must be set to `consul.hashicorp.com/v1alpha1`',
hcl: false,
},
{
name: 'Kind',
description: {
hcl: 'Must be set to `mesh`',
yaml: 'Must be set to `Mesh`',
},
},
{
name: 'Namespace',
type: `string: "default"`,
enterprise: true,
description:
'Must be set to default. Config will apply to all namespaces.',
yaml: false,
},
{
name: 'Meta',
type: 'map<string|string>: nil',
description:
'Specifies arbitrary KV metadata pairs. Added in Consul 1.8.4.',
yaml: false,
},
{
name: 'metadata',
children: [
{
name: 'name',
description: 'Must be set to `mesh`',
},
{
name: 'namespace',
description:
'If running Consul Open Source, the namespace is ignored (see [Kubernetes Namespaces in Consul OSS](/docs/k8s/crds#consul-oss)). If running Consul Enterprise see [Kubernetes Namespaces in Consul Enterprise](/docs/k8s/crds#consul-enterprise) for more details.',
},
],
hcl: false,
},
{
name: 'TransparentProxy',
type: 'TransparentProxyConfig: <optional>',
description:
'Controls configuration specific to proxies in `transparent` [mode](/docs/connect/config-entries/service-defaults#mode). Added in v1.10.0.',
children: [
{
name: 'MeshDestinationsOnly',
type: 'bool: false',
description: `Determines whether sidecar proxies operating in transparent mode can
proxy traffic to IP addresses not registered in Consul's mesh. If enabled, traffic will only be proxied
to upstream proxies or Connect-native services. If disabled, requests will be proxied as-is to the
original destination IP address. Consul will not encrypt the connection.`,
},
],
},
]}
/>
## ACLs
Configuration entries may be protected by [ACLs](/docs/security/acl).
Reading a `mesh` config entry requires no specific privileges.
Creating, updating, or deleting a `mesh` config entry requires
`operator:write`.
Reference in a new issue View git blame Copy permalink