open-nomad/nomad/structs/config
Seth Hoenig 4d71f22a11 consul/connect: add support for running connect native tasks
This PR adds the capability of running Connect Native Tasks on Nomad,
particularly when TLS and ACLs are enabled on Consul.

The `connect` stanza now includes a `native` parameter, which can be
set to the name of task that backs the Connect Native Consul service.

There is a new Client configuration parameter for the `consul` stanza
called `share_ssl`. Like `allow_unauthenticated` the default value is
true, but recommended to be disabled in production environments. When
enabled, the Nomad Client's Consul TLS information is shared with
Connect Native tasks through the normal Consul environment variables.
This does NOT include auth or token information.

If Consul ACLs are enabled, Service Identity Tokens are automatically
and injected into the Connect Native task through the CONSUL_HTTP_TOKEN
environment variable.

Any of the automatically set environment variables can be overridden by
the Connect Native task using the `env` stanza.

Fixes #6083
2020-06-22 14:07:44 -05:00
..
audit.go Audit config, seams for enterprise audit features 2020-03-23 13:47:42 -04:00
audit_test.go update audit examples to an endpoint that is audited 2020-03-30 10:03:11 -04:00
autopilot.go implement MinQuorum 2020-02-16 16:04:59 -06:00
autopilot_test.go implement MinQuorum 2020-02-16 16:04:59 -06:00
consul.go consul/connect: add support for running connect native tasks 2020-06-22 14:07:44 -05:00
consul_test.go command, docs: create and document consul token configuration for connect acls (gh-6716) 2020-01-31 19:02:53 -06:00
limits.go core: add limits to unauthorized connections 2020-01-30 10:38:25 -08:00
limits_test.go core: add limits to unauthorized connections 2020-01-30 10:38:25 -08:00
plugins.go tag HCL bookkeeping keys with json:"-" to keep them out of the api 2019-04-30 10:29:14 -04:00
plugins_test.go Plugin config parsing 2018-08-29 17:06:01 -07:00
README.md Create a nomad/structs/config to break an import cycle. 2016-06-10 15:48:36 -04:00
sentinel.go sync 2017-09-19 10:08:23 -05:00
tls.go tag HCL bookkeeping keys with json:"-" to keep them out of the api 2019-04-30 10:29:14 -04:00
tls_test.go add support for tls PreferServerCipherSuites 2018-05-25 13:20:00 -04:00
vault.go command, docs: create and document consul token configuration for connect acls (gh-6716) 2020-01-31 19:02:53 -06:00
vault_test.go fix for dynamically reloading vault 2018-06-07 15:34:18 -04:00

Overview

nomad/structs/config is a package for configuration structs that are shared among packages that needs the same struct definitions, but can't import each other without creating a cyle. This config package must be terminal in the import graph (or very close to terminal in the dependency graph).