mirror of https://github.com/status-im/consul.git
Merge pull request #14643 from hashicorp/docs/search-metadata-headers
docs: Search Description Refresh
This commit is contained in:
commit
2398fbead5
|
@ -1,12 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Configuration Entries
|
||||
page_title: How to Use Configuration Entries
|
||||
description: >-
|
||||
Consul allows storing configuration entries centrally to be used as defaults
|
||||
for configuring other aspects of Consul.
|
||||
Configuration entries define the behavior of Consul service mesh components. Learn how to use the `consul config` command to create, manage, and delete configuration entries.
|
||||
---
|
||||
|
||||
# Configuration Entries
|
||||
# How to Use Configuration Entries
|
||||
|
||||
Configuration entries can be created to provide cluster-wide defaults for
|
||||
various aspects of Consul.
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Consul Agent CLI Reference
|
||||
page_title: Agents: CLI Reference
|
||||
description: >-
|
||||
This topic describes the supported options for configuring Consul agents on the command line.
|
||||
Add flags to the `consul agent` command to configure agent properties and actions from the CLI. Learn about configurable options and how to format them with examples.
|
||||
---
|
||||
|
||||
# Command-line Options ((#commandline_options))
|
||||
# Agents Command-line Reference ((#commandline_options))
|
||||
|
||||
-> **Note:** Some CLI arguments may be different from HCL keys. See [Configuration Key Reference](/docs/agent/config/config-files#config_key_reference) for equivalent HCL Keys.
|
||||
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Consul Agent Configuration Reference
|
||||
page_title: Agents: Configuration File Reference
|
||||
description: >-
|
||||
This topic describes the supported parameters for configuring Consul agents in HCL and JSON configuration files.
|
||||
Use agent configuration files to assign attributes to agents and configure multiple agents at once. Learn about agent configuration file parameters and formatting with this reference page and sample code.
|
||||
---
|
||||
|
||||
# Configuration Files ((#configuration_files))
|
||||
# Agents Configuration File Reference ((#configuration_files))
|
||||
|
||||
You can create one or more files to configure the Consul agent on startup. We recommend
|
||||
grouping similar configurations into separate files, such as ACL parameters, to make it
|
||||
|
|
|
@ -1,13 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Configuration
|
||||
page_title: Agents: Configuration Explained
|
||||
description: >-
|
||||
The agent has various configuration options that can be specified via the
|
||||
command-line or via configuration files. All of the configuration options are
|
||||
completely optional. Defaults are specified with their descriptions.
|
||||
Agent configuration is the process of defining server and client agent properties with CLI flags and configuration files. Learn what properties can be configured on reload and how Consul sets precedence for configuration settings.
|
||||
---
|
||||
|
||||
# Configuration
|
||||
# Agent Configuration
|
||||
|
||||
The agent has various configuration options that can be specified via
|
||||
the command-line or via configuration files. All of the configuration
|
||||
|
|
|
@ -1,13 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Agent
|
||||
page_title: Agents Overview
|
||||
description: >-
|
||||
The Consul agent is the core process of Consul. The agent maintains membership
|
||||
information, registers services, runs checks, responds to queries, and more.
|
||||
The agent must run on every node that is part of a Consul cluster.
|
||||
Agents maintain register services, respond to queries, maintain datacenter membership information, and make most of Consul’s functions possible. Learn how to start, stop, and configure agents, as well as their requirements and lifecycle.
|
||||
---
|
||||
|
||||
# Consul Agent
|
||||
# Agents Overview
|
||||
|
||||
This topic provides an overview of the Consul agent, which is the core process of Consul.
|
||||
The agent maintains membership information, registers services, runs checks, responds to queries, and more.
|
||||
|
|
|
@ -1,11 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: RPC
|
||||
page_title: Legacy RPC Protocol
|
||||
description: >-
|
||||
The Consul agent provides a complete RPC mechanism that can be used to control
|
||||
the agent programmatically. This RPC mechanism is the same one used by the CLI
|
||||
but can be used by other applications to easily leverage the power of Consul
|
||||
without directly embedding.
|
||||
Consul agents originally could be controlled through the RPC protocol. This feature was deprecated in version 0.8 in favor of the HTTP API. Learn about agent RPC interactions and how they worked.
|
||||
---
|
||||
|
||||
# RPC Protocol
|
||||
|
|
|
@ -1,13 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Sentinel in Consul
|
||||
page_title: Sentinel ACL Policies (Enterprise)
|
||||
description: >-
|
||||
Consul Enterprise uses Sentinel to augment the built-in ACL system to provide
|
||||
advanced policy enforcement. Sentinel policies can currently execute on KV
|
||||
modify and service registration.
|
||||
Sentinel allows you to include conditional logic in access control policies. Learn how Consul can use Sentinel policies to extend the ACL system's capabilities for controlling key-value (KV) write access.
|
||||
---
|
||||
|
||||
# Sentinel Overview
|
||||
# Sentinel for KV ACL Policy Enforcement
|
||||
|
||||
<EnterpriseAlert />
|
||||
|
||||
|
|
|
@ -1,13 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Telemetry
|
||||
page_title: Agents: Enable Metrics
|
||||
description: >-
|
||||
The Consul agent collects various runtime metrics about the performance of
|
||||
different libraries and subsystems. These metrics are aggregated on a ten
|
||||
second interval and are retained for one minute.
|
||||
Configure agent telemetry to collect operations metrics you can use to debug and observe Consul behavior and performance. Learn about configuration options, the metrics you can collect, and why they're important.
|
||||
---
|
||||
|
||||
# Telemetry
|
||||
# Agent Telemetry
|
||||
|
||||
The Consul agent collects various runtime metrics about the performance of
|
||||
different libraries and subsystems. These metrics are aggregated on a ten
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Anti-Entropy
|
||||
description: |
|
||||
This section details the process and use of anti-entropy in Consul.
|
||||
page_title: Anti-Entropy Enforcement
|
||||
description: >-
|
||||
Anti-entropy keeps distributed systems consistent. Learn how Consul uses an anti-entropy mechanism to periodically sync agent states with the service catalog to prevent the catalog from becoming stale.
|
||||
---
|
||||
|
||||
# Anti-Entropy
|
||||
# Anti-Entropy Enforcement
|
||||
|
||||
Consul uses an advanced method of maintaining service and health information.
|
||||
This page details how services and checks are registered, how the catalog is
|
||||
|
|
|
@ -1,10 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Consensus Protocol
|
||||
page_title: Consensus Protocol | Raft
|
||||
description: >-
|
||||
Consul uses a consensus protocol to provide Consistency as defined by CAP. The
|
||||
consensus protocol is based on Raft: In search of an Understandable Consensus
|
||||
Algorithm. For a visual explanation of Raft, see The Secret Lives of Data.
|
||||
Consul ensures a consistent state using the Raft protocol. A quorum, or a majority of server agents with one leader, agree to state changes before committing to the state log. Learn how Raft works in Consul to ensure state consistency and how that state can be read with different consistency modes to balance read latency and consistency.
|
||||
---
|
||||
|
||||
# Consensus Protocol
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Network Coordinates
|
||||
description: A Decentralized Network Coordinate System, with several improvements based on several follow-on papers.
|
||||
description: >-
|
||||
Network coordinates are node locations in network tomography used to estimate round trip time (RTT). Learn how network coordinates manifest in Consul, how it calculates RTT, and how to work with coordinates to sort catalog information by nearness to a given node.
|
||||
---
|
||||
|
||||
# Network Coordinates
|
||||
|
|
|
@ -1,12 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Gossip Protocol
|
||||
page_title: Gossip Protocol | Serf
|
||||
description: >-
|
||||
Consul uses a gossip protocol to manage membership and broadcast messages to
|
||||
the cluster. All of this is provided through the use of the Serf library. The
|
||||
gossip protocol used by Serf is based on SWIM: Scalable Weakly-consistent
|
||||
Infection-style Process Group Membership Protocol, with a few minor
|
||||
adaptations.
|
||||
Consul agents manage membership in datacenters and WAN federations using the Serf protocol. Learn about the differences between LAN and WAN gossip pools and how `serfHealth` affects health checks.
|
||||
---
|
||||
|
||||
# Gossip Protocol
|
||||
|
|
|
@ -1,16 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Improving Consul Resilience
|
||||
page_title: Fault Tolerance in Consul
|
||||
description: >-
|
||||
Fault tolerance is the ability of a system to continue operating without interruption
|
||||
despite the failure of one or more components. Consul's resilience, or fault tolerance,
|
||||
is determined by the configuring of its voting server agents. Recommended strategies for
|
||||
increasing Consul's fault tolerance include using 3 or 5 voting server agents, spreading
|
||||
server agents across infrastructure availability zones, and using Consul Enterprise
|
||||
redundancy zones to enable backup voting servers to automatically replace lost voters.
|
||||
Fault tolerance is a system's ability to operate without interruption despite component failure. Learn how a set of Consul servers provide fault tolerance through use of a quorum, and how to further improve control plane resilience through use of infrastructure zones and Enterprise redundancy zones.
|
||||
---
|
||||
|
||||
# Improving Consul Resilience
|
||||
# Fault Tolerance
|
||||
|
||||
Fault tolerance is the ability of a system to continue operating without interruption
|
||||
despite the failure of one or more components.
|
||||
|
|
|
@ -2,12 +2,10 @@
|
|||
layout: docs
|
||||
page_title: Consul Architecture
|
||||
description: >-
|
||||
Consul is a complex system that has many different moving parts. To help users
|
||||
and developers of Consul form a mental model of how it works, this page
|
||||
documents the system architecture.
|
||||
Consul datacenters consist of clusters of server agents (control plane) and client agents deployed alongside service instances (dataplane). Learn how these components and their different communication methods make Consul possible.
|
||||
---
|
||||
|
||||
# Consul Architecture
|
||||
# Consul Internals Overview
|
||||
|
||||
Consul is a complex system that has many different moving parts. To help
|
||||
users and developers of Consul form a mental model of how it works, this
|
||||
|
|
|
@ -1,14 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Jepsen Testing
|
||||
page_title: Consistency Verification | Jepsen Testing Results
|
||||
description: >-
|
||||
Jepsen is a tool, written by Kyle Kingsbury, designed to test the partition
|
||||
tolerance of distributed systems. It creates network partitions while fuzzing
|
||||
the system with random operations. The results are analyzed to see if the
|
||||
system violates any of the consistency properties it claims to have.
|
||||
Jepsen is a tool to measure the reliability and consistency of distributed systems across network partitions. Learn about the Jepsen testing performed on Consul to ensure it gracefully recovers from partitions and maintains consistent state.
|
||||
---
|
||||
|
||||
# Jepsen Testing
|
||||
# Jepsen Testing Results
|
||||
|
||||
[Jepsen](http://aphyr.com/posts/281-call-me-maybe-carly-rae-jepsen-and-the-perils-of-network-partitions)
|
||||
is a tool, written by Kyle Kingsbury, designed to test the partition
|
||||
|
|
|
@ -1,9 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Service Discovery
|
||||
page_title: Service Discovery Explained
|
||||
description: >-
|
||||
Learn what service discovery is, its benefits, and how it works.
|
||||
Service mesh can solve many of the modern challenges that exist in multi-platform and multi-cloud application architectures, ranging from security to application resiliency.
|
||||
Service discovery dynamically tracks and monitors service instances on your network and makes them discoverable through DNS queries. Learn about the benefits of service discovery and how it works.
|
||||
---
|
||||
|
||||
# What is service discovery?
|
||||
|
|
|
@ -1,9 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Service Mesh
|
||||
page_title: Service Mesh Explained
|
||||
description: >-
|
||||
Learn what a service mesh is, its benefits, and how it works.
|
||||
A service mesh can solve many of the modern challenges that exist in multi-platform and multi-cloud application architectures, ranging from security to application resiliency.
|
||||
Service mesh is a dedicated network layer for secure, resilient, observable microservice communication. Learn about using Consul's service mesh to solve service networking challenges in application architectures and manage complexity in multi-cloud, hybrid cloud, and multi-platform environments.
|
||||
---
|
||||
|
||||
# What is a service mesh?
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Connect - Certificate Management
|
||||
page_title: Service Mesh Certificate Authority: AWS Certificate Manager
|
||||
description: >-
|
||||
Consul can be used with AWS Certificate Manager Private CA to manage and sign
|
||||
certificates.
|
||||
You can use the AWS Certificate Manager Private Certificate Authority as the Consul service mesh's certificate authority to secure your service mesh. Learn how to configure the AWS ACM Private CA, its limitations in Consul, and cost planning considerations.
|
||||
---
|
||||
|
||||
# AWS Certificate Manager Private CA as a Connect CA
|
||||
# AWS Certificate Manager as a Service Mesh Certificate Authority
|
||||
|
||||
Consul can be used with [AWS Certificate Manager (ACM) Private Certificate
|
||||
Authority
|
||||
|
|
|
@ -1,14 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Connect - Certificate Management
|
||||
page_title: Certificate Authority: Built-in Service Mesh CA
|
||||
description: >-
|
||||
Consul ships with a built-in CA system so that Connect can be easily enabled
|
||||
out of the box. The built-in CA generates and stores the root certificate and
|
||||
private key on Consul servers. It can also be configured with a custom
|
||||
certificate and private key if needed.
|
||||
Consul has a built-in service mesh certificate authority that can be used to secure your service mesh without needing a separate CA system. Learn how to configure the built-in service mesh CA as a root CA or an intermediate CA connected to an existing PKI system.
|
||||
---
|
||||
|
||||
# Built-In CA
|
||||
# Built-In Certificate Authority for Service Mesh
|
||||
|
||||
Consul ships with a built-in CA system so that Connect can be
|
||||
easily enabled out of the box. The built-in CA generates and stores the
|
||||
|
|
|
@ -1,10 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Connect - Certificate Management
|
||||
description: An overview of the Connect Certificate Authority mechanisms.
|
||||
page_title: Service Mesh Certificate Authority: Overview
|
||||
description: >-
|
||||
Consul uses a certificate authority (CA) to generate, use, manage, sign, and store certificates for your service mesh. Learn about certificate management, including configuration, root cert rotation, cross-signing, and regenerating the CA.
|
||||
---
|
||||
|
||||
# Connect Certificate Management
|
||||
# Service Mesh Certificate Authority Overview
|
||||
|
||||
Certificate management in Connect is done centrally through the Consul
|
||||
servers using the configured CA (Certificate Authority) provider. A CA provider
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Connect - Certificate Management
|
||||
page_title: Service Mesh Certificate Authority: Vault
|
||||
description: >-
|
||||
Consul can be used with Vault to manage and sign certificates. The Vault CA
|
||||
provider uses the Vault PKI secrets engine to generate and sign certificates.
|
||||
You can use a Vault PKI secrets engine as the Consul service mesh's certificate authority to secure your service mesh. Learn how to configure the Vault CA as a root CA or an intermediate CA connected to an existing PKI system, and how to manage PKI paths with either Vault or Consul.
|
||||
---
|
||||
|
||||
# Vault as a Connect CA
|
||||
# Vault as a Service Mesh Certificate Authority
|
||||
|
||||
Consul can be used with [Vault](https://www.vaultproject.io) to
|
||||
manage and sign certificates.
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Create and Manage Peering Connections
|
||||
page_title: Cluster Peering: Create and Manage Connections
|
||||
description: >-
|
||||
This page describes how to use the Consul CLI to create, manage, and delete peering connections for cluster peering.
|
||||
Generate a peering token to establish communication, export services, and authorize requests for cluster peering connections. Learn how to create, list, read, check, and delete peering connections.
|
||||
---
|
||||
|
||||
# Create and Manage Peering Connections
|
||||
# Create and Manage Cluster Peering Connections
|
||||
|
||||
~> **Cluster peering is currently in beta:** Functionality associated with cluster peering is subject to change. You should never use the beta release in secure environments or production scenarios. Features in beta may have performance issues, scaling issues, and limited support.<br /><br />Cluster peering is not currently available in the HCP Consul offering.
|
||||
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: What is Cluster Peering?
|
||||
page_title: Service Mesh: What is Cluster Peering?
|
||||
description: >-
|
||||
This page details the cluster peering process for connecting Consul clusters across datacenters, including differences between cluster peering and the similar concept of WAN federation.
|
||||
Cluster peering establishes communication between independent clusters in Consul, allowing services to interact across datacenters. Learn about the cluster peering process, differences with WAN federation for multi-datacenter deployments, and technical constraints.
|
||||
---
|
||||
|
||||
# What is Cluster Peering?
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
layout: docs
|
||||
page_title: Cluster Peering on Kubernetes
|
||||
description: >-
|
||||
This page describes how to create peering connections, deploy services, export cluster services, and end peering connections for Consul cluster peering using Kubernetes (K8s).
|
||||
If you use Consul on Kubernetes, learn how to enable cluster peering, create peering CRDs, and then manage peering connections in consul-k8s.
|
||||
---
|
||||
|
||||
# Cluster Peering on Kubernetes
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: 'Configuration Entry Kind: Exported Services'
|
||||
page_title: Exported Services: Configuration Entry Reference
|
||||
description: >-
|
||||
The exported-services configuration entry enables you to export services from a single file.
|
||||
Settings in this configuration entry can apply to services in any namespace of the specified partition. Write access to the mesh resource is required.
|
||||
An exported services configuration entry defines the availability of a cluster's services to cluster peers and local admin partitions. Learn about `"exported-services"` config entry parameters and exporting services to other datacenters.
|
||||
---
|
||||
|
||||
# Exported Services
|
||||
# Exported Services Configuration Entry
|
||||
|
||||
This topic describes the `exported-services` configuration entry type. The `exported-services` configuration entry enables Consul to export service instances to other clusters from a single file and connect services across clusters. For additional information, refer to [Cluster Peering](/docs/connect/cluster-peering) and [Admin Partitions](/docs/enterprise/admin-partitions).
|
||||
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Configuration Entry Definitions
|
||||
page_title: Configuration Entry Overview
|
||||
description: >-
|
||||
Consul allows storing configuration entries centrally to be used as defaults
|
||||
for configuring other aspects of Consul.
|
||||
Configuration entries define service mesh behaviors in order to secure and manage traffic. Learn about Consul’s different config entry kinds and get links to configuration reference pages.
|
||||
---
|
||||
|
||||
# Configuration Entries
|
||||
# Configuration Entry Overview
|
||||
|
||||
Configuration entries can be used to configure the behavior of Consul Connect.
|
||||
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: 'Configuration Entry Kind: Ingress Gateway'
|
||||
page_title: Ingress Gateway: Configuration Entry Reference
|
||||
description: >-
|
||||
The `ingress-gateway` config entry kind allows for configuring Ingress gateways
|
||||
with listeners that expose a set of services outside the Consul service mesh.
|
||||
The ingress gateway configuration entry kind defines behavior to secure incoming communication between the service mesh and external sources. Use the reference guide to learn about `"ingress-gateway"` config entry parameters and exposing TCP and HTTP listeners.
|
||||
---
|
||||
|
||||
# Ingress Gateway
|
||||
# Ingress Gateway Configuration Entry
|
||||
|
||||
This topic provides reference information for the `ingress-gateway` configuration entry.
|
||||
|
||||
|
|
|
@ -1,14 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: 'Configuration Entry Kind: Mesh'
|
||||
page_title: Mesh: Configuration Entry Reference
|
||||
description: >-
|
||||
The mesh config entry kind allows for globally defining default
|
||||
configuration across all services mesh proxies.
|
||||
Settings in this config entry apply across all namespaces and federated datacenters.
|
||||
Currently, only one mesh entry is supported.
|
||||
The mesh configuration entry kind defines global default settings like TLS version requirements for proxies inside the service mesh. Use the reference guide to learn about `""mesh""` config entry parameters and how to control communication with services outside of the mesh.
|
||||
---
|
||||
|
||||
# Mesh
|
||||
# Mesh Configuration Entry
|
||||
|
||||
-> **v1.10.0+:** This configuration entry is supported in Consul versions 1.10.0+.
|
||||
|
||||
|
|
|
@ -1,14 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: 'Configuration Entry Kind: Proxy Defaults'
|
||||
page_title: Proxy Defaults: Configuration Entry Reference
|
||||
description: >-
|
||||
The proxy-defaults config entry kind allows for configuring global config
|
||||
defaults across all services for Connect proxy configuration. Currently, only
|
||||
one global entry is supported.
|
||||
The proxy defaults configuration entry kind defines default behaviors for sidecar proxies in the service mesh. Use the reference guide to learn about `""proxy-defaults""` config entry parameters and how to expose HTTP paths through Envoy.
|
||||
---
|
||||
|
||||
# Proxy Defaults
|
||||
|
||||
# Proxy Defaults Configuration Entry
|
||||
|
||||
The `proxy-defaults` configuration entry (`ProxyDefaults` on Kubernetes) allows you
|
||||
to configure global defaults across all services for Connect proxy
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: 'Configuration Entry Kind: Service Defaults'
|
||||
page_title: Service Defaults: Configuration Entry Reference
|
||||
description: >-
|
||||
The service-defaults config entry kind controls default global values for a
|
||||
service, such as its protocol.
|
||||
The service defaults configuration entry kind defines sets of default configurations that apply to all services in the mesh. Use the examples learn how to define a default protocol, default upstream configuration, and default terminating gateway.
|
||||
---
|
||||
|
||||
# Service Defaults
|
||||
# Service Defaults Configuration Entry
|
||||
|
||||
-> **v1.8.4+:** On Kubernetes, the `ServiceDefaults` custom resource is supported in Consul versions 1.8.4+.<br />
|
||||
**v1.5.0+:** On other platforms, this config entry is supported in Consul versions 1.5.0+.
|
||||
|
|
|
@ -1,13 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: 'Configuration Entry Kind: Service Intentions'
|
||||
page_title: Service Intentions: Configuration Entry Reference
|
||||
description: >-
|
||||
The service-intentions config entry kind controls Connect traffic
|
||||
authorization for both networking layer 4 (e.g. TCP) and networking layer 7
|
||||
(e.g. HTTP).
|
||||
The service intentions configuration entry kind defines the communication permissions between service types. Use the reference guide to learn about `""service-intentions""` config entry parameters and how to authorize L4 and L7 communication int he service mesh with intentions.
|
||||
---
|
||||
|
||||
# Service Intentions ((#service-intentions))
|
||||
# Service Intentions Configuration Entry ((#service-intentions))
|
||||
|
||||
-> **1.9.0+:** This config entry is available in Consul versions 1.9.0 and newer.
|
||||
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: 'Configuration Entry Kind: Service Resolver'
|
||||
page_title: Service Resolver: Configuration Entry Reference
|
||||
description: >-
|
||||
The `service-resolver` config entry kind controls which service instances
|
||||
should satisfy Connect upstream discovery requests for a given service name.
|
||||
The service resolver configuration entry kind defines subsets of service instances that satisfy upstream discovery requests. Use the reference guide to learn about `""service-resolver""` config entry parameters and how filtering by service subsets helps route traffic based on properties like version number.
|
||||
---
|
||||
|
||||
# Service Resolver
|
||||
# Service Resolver Configuration Entry
|
||||
|
||||
-> **v1.8.4+:** On Kubernetes, the `ServiceResolver` custom resource is supported in Consul versions 1.8.4+.<br />
|
||||
**v1.6.0+:** On other platforms, this config entry is supported in Consul versions 1.6.0+.
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: 'Configuration Entry Kind: Service Router'
|
||||
page_title: Service Router: Configuration Entry Reference
|
||||
description: >-
|
||||
The service-router config entry kind controls Connect traffic routing and
|
||||
manipulation at networking layer 7 (e.g. HTTP).
|
||||
The service router configuration entry kind defines where the service mesh routes requests based on L7 network information such as header or path. Use the reference guide to learn about `""service-router""` config entry parameters and how behaviors like request timeouts, retry behavior, header modification, and path rewriting can be applied to a request based on its header or path information.
|
||||
---
|
||||
|
||||
# Service Router
|
||||
# Service Router Configuration Entry
|
||||
|
||||
The `service-router` config entry kind (`ServiceRouter` on Kubernetes) controls Connect traffic routing and
|
||||
manipulation at networking layer 7 (e.g. HTTP).
|
||||
|
|
|
@ -1,14 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: 'Configuration Entry Kind: Service Splitter'
|
||||
page_title: Service Splitter: Configuration Entry Reference
|
||||
description: >-
|
||||
The service-splitter config entry kind controls how to split incoming Connect
|
||||
requests across different subsets of a single service (like during staged
|
||||
canary rollouts), or perhaps across different services (like during a v2
|
||||
rewrite or other type of codebase migration).
|
||||
The service splitter configuration entry kind defines how to divide service mesh traffic between service instances. Use the reference guide to learn about `""service-splitter""` config entry parameters and how it can be used for traffic management behaviors like canary rollouts, blue green deployment, and load balancing across environments.
|
||||
---
|
||||
|
||||
# Service Splitter
|
||||
# Service Splitter Configuration Entry
|
||||
|
||||
-> **v1.8.4+:** On Kubernetes, the `ServiceSplitter` custom resource is supported in Consul versions 1.8.4+.<br />
|
||||
**v1.6.0+:** On other platforms, this config entry is supported in Consul versions 1.6.0+.
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: 'Configuration Entry Kind: Terminating Gateway'
|
||||
page_title: Terminating Gateway: Configuration Entry Reference
|
||||
description: >-
|
||||
The `terminating-gateway` config entry kind allows for configuring terminating gateways
|
||||
to proxy traffic from services in the Consul service mesh to services outside the mesh.
|
||||
The terminating gateway configuration entry kind defines behavior to secure outgoing communication between the service mesh and non-mesh services. Use the reference guide to learn about `""terminating-gateway""` config entry parameters and connecting from your service mesh to external or non-mesh services registered with Consul.
|
||||
---
|
||||
|
||||
# Terminating Gateway
|
||||
# Terminating Gateway Configuration Entry
|
||||
|
||||
-> **v1.8.4+:** On Kubernetes, the `TerminatingGateway` custom resource is supported in Consul versions 1.8.4+.<br />
|
||||
**v1.8.0+:** On other platforms, this config entry is supported in Consul versions 1.8.0+.
|
||||
|
|
|
@ -1,13 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Connect - Configuration
|
||||
page_title: Service Mesh Configuration: Overview
|
||||
description: >-
|
||||
A Connect-aware proxy enables unmodified applications to use Connect. A
|
||||
per-service proxy sidecar transparently handles inbound and outbound service
|
||||
connections, automatically wrapping and verifying TLS connections.
|
||||
Learn how to enable and configure Consul's service mesh capabilities in agent configurations, and how to integrate with schedulers like Kubernetes and Nomad. ""Connect"" is the subsystem that provides Consul’s service mesh capabilities.
|
||||
---
|
||||
|
||||
# Service Mesh Configuration
|
||||
# Service Mesh Configuration Overview
|
||||
|
||||
There are many configuration options exposed for Consul service mesh. The only option
|
||||
that must be set is the `connect.enabled` option on Consul servers to enable Consul service mesh.
|
||||
|
|
|
@ -1,9 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: How Connect Works
|
||||
page_title: Service Mesh: How it Works
|
||||
description: >-
|
||||
This page details the internals of Consul Connect: mutual TLS, agent caching
|
||||
and performance, intention and certificate authority replication.
|
||||
Consul's service mesh enforces secure service communication using mutual TLS (mTLS) encryption and explicit authorization. Learn how the service mesh certificate authorities, intentions, and agents work together in the ""Connect"" subsystem to provide Consul’s service mesh capabilities.
|
||||
---
|
||||
|
||||
# How Service Mesh Works
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Connectivity Tasks
|
||||
page_title: Gateway Types
|
||||
description: >-
|
||||
Tasks related to connectivity into, out of, and between Consul service meshes.
|
||||
Ingress, terminating, and mesh gateways are proxies that direct traffic into, out of, and inside of Consul's service mesh. Learn how these gateways enable different kinds of service-to-service communication.
|
||||
---
|
||||
|
||||
# Connectivity Tasks
|
||||
# Types of Gateway Connections in a Service Mesh
|
||||
|
||||
~> **Note**: The features shown below are extensions of Consul's service mesh capabilities. If you are not utilizing
|
||||
Consul service mesh then these features will not be relevant to your task.
|
||||
|
|
|
@ -1,15 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Connect - Development and Debugging
|
||||
page_title: Service Mesh Debugging
|
||||
description: >-
|
||||
It is often necessary to connect to a service for development or debugging. If
|
||||
a service only exposes a Connect listener, then we need a way to establish a
|
||||
mutual TLS connection to the service. The `consul connect proxy` command can
|
||||
be used for this task on any machine with access to a Consul agent (local or
|
||||
remote).
|
||||
Use the `consul connect proxy` command to connect to services or masquerade as other services for development and debugging purposes. Example code demonstrates connecting to services that are part of the service mesh as listeners only.
|
||||
---
|
||||
|
||||
# Developing and Debugging Connect Services
|
||||
# Service Mesh Debugging
|
||||
|
||||
It is often necessary to connect to a service for development or debugging.
|
||||
If a service only exposes a Connect listener, then we need a way to establish
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Distributed Tracing
|
||||
page_title: Service Mesh Distributed Tracing
|
||||
description: >-
|
||||
Distributed tracing is a way to track and correlate requests across microservices.
|
||||
Distributed tracing tracks the path of a request as it traverses the service mesh. Consul supports distributed tracing for applications that have it implemented. Learn how to integrate tracing libraries in your application and configure Consul to participate in that tracing.
|
||||
---
|
||||
|
||||
# Distributed Tracing
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Gateways
|
||||
page_title: Gateways Overview
|
||||
description: >-
|
||||
Gateways provide connectivity into, out of, and between Consul service meshes.
|
||||
Gateways are proxies that direct traffic into, out of, and inside of Consul's service mesh. They secure communication with external or non-mesh network resources and enable services on different runtimes, cloud providers, or with overlapping IP addresses to communicate with each other.
|
||||
---
|
||||
|
||||
# Gateways
|
||||
# Gateways Overview
|
||||
|
||||
This topic provides an overview of the gateway features shipped with Consul. Gateways provide connectivity into, out of, and between Consul service meshes. You can configure the following types of gateways:
|
||||
|
||||
|
|
|
@ -1,9 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Using Ingress Gateways to Connect External Traffic to Internal Services
|
||||
page_title: Ingress Gateway | Service Mesh
|
||||
description: >-
|
||||
This topic describes how ingress gateways enable traffic from external services to reach services inside the Consul service mesh.
|
||||
It provides guidance on how to use Envoy and how to plug into your preferred gateway.
|
||||
Ingress gateways listen for requests from external network locations and route authorized traffic to destinations in the service mesh. Use custom TLS certificates with ingress gateways through Envoy's gRPC Secret Discovery Service (SDS).
|
||||
---
|
||||
|
||||
# Ingress Gateways
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Service-to-service Traffic Across Datacenters
|
||||
page_title: Mesh Gateways between Datacenters
|
||||
description: >-
|
||||
This topic describes how to configure mesh gateways to route a service's data to upstreams
|
||||
in other datacenters. It describes how to use Envoy and how you can integrate with your preferred gateway.
|
||||
Mesh gateways are specialized proxies that route data between services that cannot communicate directly. Learn how to enable service-to-service traffic across datacenters and review example configuration entries.
|
||||
---
|
||||
|
||||
# Service-to-service Traffic Across Datacenters
|
||||
# Mesh Gateways between Datacenters
|
||||
|
||||
-> **1.6.0+:** This feature is available in Consul versions 1.6.0 and newer.
|
||||
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Service-to-service Traffic Across Partitions
|
||||
page_title: Mesh Gateways between Admin Partitions
|
||||
description: >-
|
||||
This topic describes how to configure mesh gateways to route a service's data to upstreams
|
||||
in other partitions. It describes how to use Envoy and how you can integrate with your preferred gateway.
|
||||
Mesh gateways are specialized proxies that route data between services that cannot communicate directly with upstreams. Learn how to enable service-to-service traffic across admin partitions and review example configuration entries.
|
||||
---
|
||||
|
||||
# Service-to-service Traffic Across Partitions
|
||||
# Mesh Gateways between Admin Partitions
|
||||
|
||||
-> **Consul Enterprise 1.11.0+:** Admin partitions are supported in Consul Enterprise versions 1.11.0 and newer.
|
||||
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Service-to-service Traffic Across Peered Clusters
|
||||
page_title: Mesh Gateways between Peered Clusters
|
||||
description: >-
|
||||
This topic describes how to configure mesh gateways to route a service's data to upstreams
|
||||
in clusters that have a peering connection.
|
||||
Mesh gateways are specialized proxies that route data between services that cannot communicate directly. Learn how to enable service-to-service traffic across clusters in different datacenters or admin partitions that have an established peering connection.
|
||||
---
|
||||
|
||||
# Service-to-service Traffic Across Peered Clusters
|
||||
# Mesh Gateways between Peered Clusters
|
||||
|
||||
~> **Cluster peering is currently in beta**: Functionality associated with cluster peering is subject to change. You should never use the beta release in secure environments or production scenarios. Features in beta may have performance issues, scaling issues, and limited support.
|
||||
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: WAN Federation via Mesh Gateways
|
||||
description: |-
|
||||
WAN federation via mesh gateways allows for Consul servers in different datacenters to be federated exclusively through mesh gateways.
|
||||
page_title: Mesh Gateways for WAN Federation
|
||||
description: >-
|
||||
You can use mesh gateways to simplify the networking requirements for WAN federated Consul datacenters. Mesh gateways reduce cross-datacenter connection paths, ports, and communication protocols.
|
||||
---
|
||||
|
||||
# WAN Federation via Mesh Gateways
|
||||
# Mesh Gateways for WAN Federation
|
||||
|
||||
-> **1.8.0+:** This feature is available in Consul versions 1.8.0 and higher
|
||||
|
||||
|
|
|
@ -1,10 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Internal <> External Services - Terminating Gateways
|
||||
page_title: Terminating Gateway | Service Mesh
|
||||
description: >-
|
||||
A terminating gateway enables traffic from services in the Consul
|
||||
service mesh to services outside the mesh. This section details
|
||||
how to configure and run a terminating gateway.
|
||||
Terminating gateways send requests from inside the service mesh to external network locations and services outside the mesh. Learn about requirements and terminating gateway interactions with Consul's service catalog.
|
||||
---
|
||||
|
||||
# Terminating Gateways
|
||||
|
|
|
@ -1,9 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Service Mesh
|
||||
description: |-
|
||||
Consul Connect provides service-to-service connection authorization and
|
||||
encryption using mutual TLS.
|
||||
page_title: Service Mesh on Consul
|
||||
description: >-
|
||||
Consul’s service mesh makes application and microservice networking secure and observable with identity-based authentication, mutual TLS (mTLS) encryption, and explicit service-to-service authorization enforced by sidecar proxies. Learn how Consul’s service mesh works and get started on VMs or Kubernetes.
|
||||
---
|
||||
|
||||
# Consul Service Mesh
|
||||
|
|
|
@ -1,10 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Service-to-service permissions - Intentions (Legacy Mode)
|
||||
page_title: Intentions (Legacy Mode)
|
||||
description: >-
|
||||
Intentions define access control for services via Connect and are used to
|
||||
control which services may establish connections. Intentions can be managed
|
||||
via the API, CLI, or UI.
|
||||
Intentions define service communication permissions in the service mesh. As of version 1.9, Consul uses a new system for creating and managing intentions. Learn how intentions worked in earlier versions of Consul with this legacy documentation.
|
||||
---
|
||||
|
||||
# Intentions in Legacy Mode
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Service-to-service permissions - Intentions
|
||||
page_title: Service Mesh Intentions
|
||||
description: >-
|
||||
Intentions define access control for services via Connect and are used to
|
||||
control which services may establish connections or make requests.
|
||||
Intentions define communication permissions in the service mesh between microservices. Learn about configuration basics, wildcard intentions, precedence and match order, and protecting intention management with ACLs.
|
||||
---
|
||||
|
||||
# Intentions
|
||||
# Service Mesh Intentions
|
||||
|
||||
-> **1.9.0 and later:** This guide only applies in Consul versions 1.9.0 and
|
||||
later. The documentation for the legacy intentions system is
|
||||
|
|
|
@ -1,13 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Discovery Chain
|
||||
page_title: Service Mesh Traffic Management: Discovery Chain
|
||||
description: >-
|
||||
The service discovery process can be modeled as a "discovery chain" which
|
||||
passes through three distinct stages: routing, splitting, and resolution. Each
|
||||
of these stages is controlled by a set of configuration entries.
|
||||
The discovery chain compiles service router, splitter, and resolver configuration entries to direct traffic to specific instances in a service mesh. Learn about compiled discovery chain results, including discovery graph nodes and targets.
|
||||
---
|
||||
|
||||
# Discovery Chain
|
||||
# Discovery Chain for Service Mesh Traffic Management
|
||||
|
||||
-> **1.6.0+:** This feature is available in Consul versions 1.6.0 and newer.
|
||||
|
||||
|
|
|
@ -1,14 +1,13 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Connect - L7 Traffic Management
|
||||
page_title: Service Mesh Traffic Management: Overview
|
||||
description: >-
|
||||
Layer 7 traffic management allows operators to divide L7 traffic between
|
||||
different subsets of service instances when using Connect.
|
||||
Consul can route, split, and resolve Layer 7 traffic in a service mesh to support workflows like canary testing and blue/green deployments. Learn about the three configuration entry kinds that define L7 traffic management behavior in Consul.
|
||||
---
|
||||
|
||||
-> **1.6.0+:** This feature is available in Consul versions 1.6.0 and newer.
|
||||
|
||||
# L7 Traffic Management
|
||||
# Service Mesh Traffic Management Overview
|
||||
|
||||
Layer 7 traffic management allows operators to divide L7 traffic between
|
||||
different
|
||||
|
|
|
@ -1,14 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Connect - Native Application Integration - Go
|
||||
page_title: Service Mesh Native App Integration: Go Apps
|
||||
description: >-
|
||||
We provide a library that makes it drop-in simple to integrate Connect with
|
||||
most Go applications. For most Go applications, Connect can be natively
|
||||
integrated in just a single line of code excluding imports and struct
|
||||
initialization.
|
||||
Consul's service mesh supports native integrations of Go applications into the service mesh through a Go library. Example code demonstrates how to connect your Go applications to the service mesh.
|
||||
---
|
||||
|
||||
# Connect-Native Integration with Go
|
||||
# Service Mesh Native Integration for Go Applications
|
||||
|
||||
-> **Note:** When calling `ConnectAuthorize()` on incoming connections this library
|
||||
will return _deny_ if `Permissions` are defined on the matching intention.
|
||||
|
|
|
@ -1,13 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Connect - Native Application Integration
|
||||
page_title: Service Mesh Native App Integration: Overview
|
||||
description: >-
|
||||
Applications can natively integrate with the Connect API to support accepting
|
||||
and establishing connections to other Connect services without the overhead of
|
||||
a proxy sidecar.
|
||||
When using sidecar proxies is not possible, applications can natively integrate with Consul service mesh, but have reduced access to service mesh features. Learn how “Connect-Native” apps use mTLS to authenticate with Consul and how to add integrations to service registrations.
|
||||
---
|
||||
|
||||
# Connect-Native App Integration
|
||||
# Service Mesh Native App Integration Overview
|
||||
|
||||
~> **Note:** The Native App Integration does not support many of the Connect service
|
||||
mesh features, and is not under active development.
|
||||
|
|
|
@ -1,13 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Connect - Nomad
|
||||
page_title: Sevice Mesh: Nomad Integration
|
||||
description: >-
|
||||
Connect can be used with [Nomad](https://www.nomadproject.io) to provide
|
||||
secure service-to-service communication between Nomad jobs. The ability to use
|
||||
the dynamic port feature of Nomad makes Connect particularly easy to use.
|
||||
Consul's service mesh can be applied to provide secure communication between services managed by Nomad's scheduler and orchestrator functions, including Nomad jobs and task groups. Use the guide and reference documentation to learn more.
|
||||
---
|
||||
|
||||
# Connect on Nomad
|
||||
# Consul and Nomad Integration
|
||||
|
||||
Consul Connect can be used with [Nomad](https://www.nomadproject.io) to provide
|
||||
secure service-to-service communication between Nomad jobs and task groups.
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Connect - Observability
|
||||
description: |-
|
||||
This page documents the configurations necessary for L7 observability using
|
||||
Consul Connect.
|
||||
page_title: Service Mesh Observability: Overview
|
||||
description: >-
|
||||
To use Consul's observability features, configure sidecar proxies in the service mesh to collect and emit L7 metrics. Learn about configuring metrics destinations and a service's protocol and upstreams.
|
||||
---
|
||||
|
||||
# Observability
|
||||
# Service Mesh Observability Overview
|
||||
|
||||
In order to take advantage of Connect's L7 observability features you will need
|
||||
to:
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Connect - UI Visualization
|
||||
description: |-
|
||||
This page describes how to set up and customize the Service Mesh Topology
|
||||
visualization in Consul's UI.
|
||||
page_title: Service Mesh Observability: UI Visualization
|
||||
description: >-
|
||||
Consul's UI can display a service's topology and associated metrics from the service mesh. Learn how to configure the UI to collect metrics from your metrics provider, modify access for metrics proxies, and integrate custom metrics providers.
|
||||
---
|
||||
|
||||
# UI Visualization
|
||||
# Service Mesh Observability: UI Visualization
|
||||
|
||||
-> Coming here from "Configure metrics dashboard" or "Configure dashboard"? See [Configuring Dashboard URLs](#configuring-dashboard-urls).
|
||||
|
||||
|
|
|
@ -1,10 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Connect - Built-in Proxy
|
||||
description: Consul Connect comes with a built-in proxy for testing and development.
|
||||
page_title: Built-in Proxy Configuration | Service Mesh
|
||||
description: >-
|
||||
Consul includes a built-in L4 proxy with limited capabilities to use for development and testing only. Use the built-in proxy config key reference to learn about the options you can configure.
|
||||
---
|
||||
|
||||
# Built-In Proxy Options
|
||||
# Built-in Proxy Configuration for Service Mesh
|
||||
|
||||
~> **Note:** The built-in proxy is not supported for production deployments. It does not
|
||||
support many of the Connect service mesh features, and is not under active development.
|
||||
|
|
|
@ -1,10 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Connect - Envoy Integration
|
||||
description: Consul Connect has first-class support for configuring Envoy proxy.
|
||||
page_title: Envoy Proxy Configuration | Service Mesh
|
||||
description: >-
|
||||
Consul supports Envoy proxies to direct traffic throughout the service mesh. Learn about Consul versions and their Envoy support, and use the reference guide to review options for bootstrap configuration, dynamic configuration, and advanced topics like escape hatch overrides.
|
||||
---
|
||||
|
||||
# Envoy Integration
|
||||
# Envoy Proxy Configuration for Service Mesh
|
||||
|
||||
Consul Connect has first class support for using
|
||||
[Envoy](https://www.envoyproxy.io) as a proxy. Consul configures Envoy by
|
||||
|
|
|
@ -1,13 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Connect - Proxies
|
||||
page_title: Service Mesh Proxy Overview
|
||||
description: >-
|
||||
A Connect-aware proxy enables unmodified applications to use Connect. This
|
||||
section details how to use either Envoy or Consul's built-in L4 proxy, and
|
||||
describes how you can plug in a proxy of your choice.
|
||||
In Consul service mesh, each service has a sidecar proxy that secures connections with other services in the mesh without modifying the underlying application code. You can use the built-in proxy, Envoy, or a custom proxy to handle communication and verify TLS connections.
|
||||
---
|
||||
|
||||
# Connect Proxies
|
||||
# Service Mesh Proxy Overview
|
||||
|
||||
A Connect-aware proxy enables unmodified applications to use Connect. A
|
||||
per-service proxy sidecar transparently handles inbound and outbound service
|
||||
|
|
|
@ -1,13 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Connect - Proxy Integration
|
||||
page_title: Custom Proxy Configuration | Service Mesh
|
||||
description: >-
|
||||
A Connect-aware proxy enables unmodified applications to use Connect. A
|
||||
per-service proxy sidecar transparently handles inbound and outbound service
|
||||
connections, automatically wrapping and verifying TLS connections.
|
||||
Consul supports custom proxy integrations for service discovery and sidecar instantiation. Learn about proxy requirements for service mesh operations, as well as how to authorize inbound and outbound connections for your custom proxy.
|
||||
---
|
||||
|
||||
# Connect Custom Proxy Integration
|
||||
# Custom Proxy Configuration for Service Mesh
|
||||
|
||||
This topic describes the process and API endpoints you can use to extend proxies for integration with Consul.
|
||||
|
||||
|
|
|
@ -1,13 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Connect - Deprecated Managed Proxies
|
||||
description: |-
|
||||
Consul 1.2 launched its Connect Beta period with a feature named Managed
|
||||
Proxies which are now deprecated. This page describes how they worked and why
|
||||
they are no longer supported.
|
||||
page_title: Managed Proxy for Connect (Legacy)
|
||||
description: >-
|
||||
Consul's service mesh originally included a proxy manager that was deprecated in version 1.6. Learn about the reasons for its deprecation and how it worked with this legacy documentation.
|
||||
---
|
||||
|
||||
# Managed Proxy Deprecation
|
||||
# Managed Proxy for Connect Legacy Documentation
|
||||
|
||||
Consul Connect was first released as a beta feature in Consul 1.2.0. The initial
|
||||
release included a feature called "Managed Proxies". Managed proxies were
|
||||
|
|
|
@ -1,13 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Connect - Proxy Registration
|
||||
page_title: Service Mesh Proxy Registration Overview
|
||||
description: >-
|
||||
To make connect aware of proxies you will need to register them as Consul
|
||||
services. This section describes the process and options for proxy
|
||||
registration.
|
||||
To make Consul aware of proxies in your service mesh, you must register them. Learn about methods for configuring and registering sidecar proxies.
|
||||
---
|
||||
|
||||
# Proxy Registration
|
||||
# Service Mesh Proxy Overview
|
||||
|
||||
To make Connect aware of proxies you will need to register them in a [service
|
||||
definition](/docs/discovery/services), just like you would register any other service with Consul. This section outlines your options for registering Connect proxies, either using independent registrations, or in nested sidecar registrations.
|
||||
|
|
|
@ -1,13 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Connect - Service Registration
|
||||
page_title: Register a Service Mesh Proxy Outside of a Service Registration
|
||||
description: >-
|
||||
A per-service proxy sidecar transparently handles inbound and outbound service
|
||||
connections. You can register these sidecars with reasonable defaults by nesting
|
||||
their definitions in the service definition.
|
||||
You can register a service mesh sidecar proxy separately from the registration of the service instance it fronts. Learn about proxy configuration options and how to format them with examples.
|
||||
---
|
||||
|
||||
# Proxy Service Registration
|
||||
# Register a Service Mesh Proxy Outside of a Service Registration
|
||||
|
||||
This topic describes how to declare a proxy as a `connect-proxy` in service definitions. The `kind` must be declared and information about the service they represent must be provided to function as a Consul service mesh proxy.
|
||||
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Connect - Sidecar Service Registration
|
||||
description: |-
|
||||
Sidecar service registrations provide a convenient shorthand for registering a
|
||||
sidecar proxy inline with a regular service definition.
|
||||
page_title: Register a Service Mesh Proxy in a Service Registration
|
||||
description: >-
|
||||
You can register a service instance and its sidecar proxy at the same time. Learn about default settings, customizable parameters, limitations, and lifecycle behaviors of the sidecar proxy.
|
||||
---
|
||||
|
||||
# Sidecar Service Registration
|
||||
# Register a Service Mesh Proxy in a Service Registration
|
||||
|
||||
Connect proxies are typically deployed as "sidecars" that run on the same node
|
||||
as the single service instance that they handle traffic for. They might be on
|
||||
|
|
|
@ -1,13 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Connect - Security
|
||||
description: |-
|
||||
Connect enables secure service-to-service communication over mutual TLS. This
|
||||
provides both in-transit data encryption as well as authorization. This page
|
||||
will document how to secure Connect.
|
||||
page_title: Service Mesh Security: Best Practices
|
||||
description: >-
|
||||
Consul provides secure service mesh communication by default. Additional configuration can improve network security by preventing unauthorized access and traffic sniffing. Review security considerations, our recommendations, and best practices.
|
||||
---
|
||||
|
||||
# Connect Security
|
||||
# Best Practices for Service Mesh Security
|
||||
|
||||
Connect enables secure service-to-service communication over mutual TLS. This
|
||||
provides both in-transit data encryption as well as authorization. This page
|
||||
|
|
|
@ -1,13 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Connect - Transparent Proxy
|
||||
sidebar_title: Transparent Proxy
|
||||
description: |-
|
||||
Transparent proxy is used to direct inbound and outbound traffic to services via the Envoy proxy and configure
|
||||
upstreams via intentions.
|
||||
page_title: Service Mesh: Enable Transparent Proxy Mode
|
||||
description: >-
|
||||
Learn how transparent proxy enables Consul on Kubernetes to direct inbound and outbound traffic through the service mesh. Use transparent proxying to increase application security without configuring individual upstream services.
|
||||
---
|
||||
|
||||
# Transparent Proxy
|
||||
# Enable Transparent Proxy Mode
|
||||
|
||||
This topic describes how to use Consul’s transparent proxy feature, which allows applications to communicate through the service mesh without modifying their configurations. Transparent proxy also hardens application security by preventing direct inbound connections that bypass the mesh.
|
||||
|
||||
|
|
|
@ -1,14 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Monitor Services - Check Definitions
|
||||
page_title: Configure Health Checks
|
||||
description: >-
|
||||
One of the primary roles of the agent is management of system- and
|
||||
application-level health checks. A health check is considered to be
|
||||
application-level if it is associated with a service. A check is defined in a
|
||||
configuration file or added at runtime over the HTTP interface.
|
||||
Agents can be configured to periodically perform custom checks on the health of a service instance or node. Learn about the types of health checks and how to define them in agent and service configuration files.
|
||||
---
|
||||
|
||||
# Checks
|
||||
# Health Checks
|
||||
|
||||
One of the primary roles of the agent is management of system-level and application-level health
|
||||
checks. A health check is considered to be application-level if it is associated with a
|
||||
|
|
|
@ -1,13 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Find Services - DNS Interface
|
||||
page_title: Find services with DNS
|
||||
description: >-
|
||||
One of the primary query interfaces for Consul is DNS. The DNS interface
|
||||
allows applications to make use of service discovery without any high-touch
|
||||
integration with Consul.
|
||||
For service discovery use cases, Domain Name Service (DNS) is the main interface to look up, query, and address Consul nodes and services. Learn how a Consul DNS lookup can help you find services by tag, name, namespace, partition, datacenter, or domain.
|
||||
---
|
||||
|
||||
# DNS Interface
|
||||
# Query services with DNS
|
||||
|
||||
One of the primary query interfaces for Consul is DNS.
|
||||
The DNS interface allows applications to make use of service
|
||||
|
|
|
@ -1,16 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Register Services - Service Definitions
|
||||
page_title: Register Services with Service Definitions
|
||||
description: >-
|
||||
One of the main goals of service discovery is to provide a catalog of
|
||||
available services. To that end, the agent provides a simple service
|
||||
definition format to declare the availability of a service and to potentially
|
||||
associate it with a health check. A health check is considered to be
|
||||
application level if it is associated with a service. A service is defined in
|
||||
a configuration file or added at runtime over the HTTP interface.
|
||||
Define and register services and their health checks with Consul to make a service available for service discovery or service mesh access. Learn how to format service definitions with this reference page and sample code.
|
||||
---
|
||||
|
||||
# Services
|
||||
# Register Services with Service Definitions
|
||||
|
||||
One of the main goals of service discovery is to provide a catalog of available
|
||||
services. To that end, the agent provides a simple service definition format
|
||||
|
|
|
@ -94,4 +94,4 @@ to [build distributed semaphores](https://learn.hashicorp.com/consul/developer-c
|
|||
### Vault
|
||||
|
||||
If you plan to use Consul KV as a backend for Vault, please review [this
|
||||
tutorial](https://learn.hashicorp.com/tutorials/vault/ha-with-consul).
|
||||
tutorial](/vault/tutorials/day-one-consul/ha-with-consul?utm_source=docs).
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Consul Enterprise Admin Partitions
|
||||
description: Consul Enterprise enables you to create partitions that can be administrated across namespaces.
|
||||
page_title: Admin Partitions (Enterprise)
|
||||
description: >-
|
||||
Admin partitions define boundaries between services managed by separate teams, enabling a service mesh across k8s clusters controlled by a single Consul server. Learn about their requirements and how to deploy admin partitions on Kubernetes.
|
||||
---
|
||||
|
||||
# Consul Enterprise Admin Partitions
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Consul Enterprise Audit Logging
|
||||
page_title: Audit Logging (Enterprise)
|
||||
description: >-
|
||||
Consul Enterprise provides the ability to write events of user behavior with Consul's API so operations and security users can perform legal compliance auditing.
|
||||
Audit logging secures Consul by capturing a record of HTTP API access and usage. Learn how to format agent configuration files to enable audit logs and specify the path to save logs to.
|
||||
---
|
||||
|
||||
# Audit Logging
|
||||
|
|
|
@ -1,10 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Consul Enterprise Automated Backups
|
||||
page_title: Automated Backups (Enterprise)
|
||||
description: >-
|
||||
Consul Enterprise provides a highly available service that manages taking
|
||||
snapshots, rotation and sending backup files offsite to Amazon S3 (or
|
||||
S3-compatible endpoints), Google Cloud Storage, or Azure Blob Storage.
|
||||
Learn about launching the snapshot agent to automatically backup files to a cloud storage provider so that you can restore Consul servers. Supported providers include: Amazon S3, Google Cloud Storage, and Azure Blob Storage.
|
||||
---
|
||||
|
||||
# Automated Backups
|
||||
|
|
|
@ -1,10 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Consul Enterprise Advanced Federation
|
||||
page_title: Federated Network Areas (Enterprise)
|
||||
description: >-
|
||||
Consul Enterprise enables you to federate Consul datacenters together on a
|
||||
pairwise basis, enabling partially-connected network topologies like
|
||||
hub-and-spoke.
|
||||
Network areas connect individual datacenters in a WAN federation, providing an alternative to connecting every datacenter. Learn how to support hub-and-spoke network topologies in a WAN federated Consul deployment.
|
||||
---
|
||||
|
||||
# Consul Enterprise Advanced Federation
|
||||
|
|
|
@ -2,8 +2,7 @@
|
|||
layout: docs
|
||||
page_title: Consul Enterprise
|
||||
description: >-
|
||||
Consul Enterprise features a number of capabilities beyond the open source
|
||||
offering that may be beneficial in certain workflows.
|
||||
Consul Enterprise is a paid offering that extends Consul’s open source functions to support large and complex deployments. Learn about scaling infrastructure, simplifying operations, and making networks more resilient with Enterprise.
|
||||
---
|
||||
|
||||
# Consul Enterprise
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Consul Enterprise License FAQ
|
||||
description: Frequently Asked Questions pertaining to Consul Enterprise Licensing.
|
||||
page_title: Enterprise License FAQ
|
||||
description: >-
|
||||
Review frequently asked questions (FAQs) about Consul Enterprise licenses to learn more about how licenses work, what happens when they expire, and how to get a trial license.
|
||||
---
|
||||
|
||||
# Frequently Asked Questions (FAQ)
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Consul Enterprise License
|
||||
description: Consul Enterprise License Overview.
|
||||
page_title: Enterprise Licenses
|
||||
description: >-
|
||||
Consul Enterprise server, client, and snapshot agents require a license on startup in order to use Enterprise features. Learn how to apply licenses using environment variables or configuration files.
|
||||
---
|
||||
|
||||
# Consul Enterprise License
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Consul Enterprise Namespaces
|
||||
description: Consul Enterprise enables data isolation with Namespaces.
|
||||
page_title: Namespaces (Enterprise)
|
||||
description: >-
|
||||
Namespaces reduce operational challenges in large deployments. Learn how to define a namespace so that multiple users or teams can access and use the same datacenter without impacting each other.
|
||||
---
|
||||
|
||||
# Consul Enterprise Namespaces
|
||||
|
|
|
@ -1,9 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Consul Enterprise Network Segments
|
||||
description: |-
|
||||
Consul Enterprise enables you create separate LAN gossip pools within one
|
||||
cluster to segment network groups.
|
||||
page_title: Network Segments (Enterprise)
|
||||
description: >-
|
||||
Network segments enable LAN gossip in a datacenter when network rules or firewalls prevent specific sets of clients from communicating directly. Learn about configuring server and client agents to operate in segmented networks.
|
||||
---
|
||||
|
||||
# Network Segments
|
||||
|
|
|
@ -1,9 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Consul Enterprise Enhanced Read Scalability
|
||||
page_title: Read Replicas (Enterprise)
|
||||
description: >-
|
||||
Consul Enterprise supports increased read scalability without impacting write
|
||||
latency by introducing read replicas.
|
||||
Learn how you can add non-voting servers to datacenters as read replicas to provide enhanced read scalability without impacting write latency.
|
||||
---
|
||||
|
||||
# Enhanced Read Scalability with Read Replicas
|
||||
|
|
|
@ -1,9 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Consul Enterprise Redundancy Zones
|
||||
page_title: Redundancy Zones (Enterprise)
|
||||
description: >-
|
||||
Consul Enterprise redundancy zones enable hot standby servers on a per
|
||||
availability zone basis.
|
||||
Redundancy zones are regions of a cluster containing "hot standby" servers, or non-voting servers that can replace voting servers in the event of a failure. Learn about redundancy zones and how they improve resiliency and increase fault tolerance without affecting latency.
|
||||
---
|
||||
|
||||
# Redundancy Zones
|
||||
|
|
|
@ -1,10 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Sentinel in Consul
|
||||
page_title: Sentinel in Consul (Enterprise)
|
||||
description: >-
|
||||
Consul Enterprise uses Sentinel to augment the built-in ACL system to provide
|
||||
advanced policy enforcement. Sentinel policies can currently execute on KV
|
||||
modify and service registration.
|
||||
Sentinel is an access-control-policy-as-code framework and language. Learn how Consul can use Sentinel policies to extend the ACL system's capabilities and further secure your clusters by controlling key-value (KV) store write access.
|
||||
---
|
||||
|
||||
# Sentinel in Consul
|
||||
|
|
|
@ -1,10 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Consul Enterprise Automated Upgrades
|
||||
page_title: Automated Upgrades (Enterprise)
|
||||
description: >-
|
||||
Consul Enterprise supports an upgrade pattern that allows operators to deploy
|
||||
a complete cluster of new servers and then just wait for the upgrade to
|
||||
complete.
|
||||
Automated upgrades simplify the process for updating Consul. Learn how Consul can gracefully transition from existing server agents to a new set of server agents without Consul downtime.
|
||||
---
|
||||
|
||||
# Automated Upgrades
|
||||
|
|
|
@ -1,15 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Bootstrapping a Datacenter
|
||||
page_title: Bootstrap a Datacenter
|
||||
description: >-
|
||||
An agent can run in both client and server mode. Server nodes are responsible
|
||||
for running the consensus protocol and storing the cluster state. Before a
|
||||
Consul cluster can begin to service requests, a server node must be elected
|
||||
leader. Thus, the first nodes that are started are generally the server nodes.
|
||||
Bootstrapping is the process of joining these server nodes into a cluster.
|
||||
Bootstrapping a datacenter is the initial deployment process in Consul that starts server agents and joins them together. Learn how to automatically or manually join servers in a cluster.
|
||||
---
|
||||
|
||||
# Bootstrapping a Datacenter
|
||||
# Bootstrap a Datacenter
|
||||
|
||||
An agent can run in either client or server mode. Server nodes are responsible for running the
|
||||
[consensus protocol](/docs/architecture/consensus) and storing the cluster state.
|
||||
|
|
|
@ -1,9 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Cloud Auto-join
|
||||
page_title: Auto-join a Cloud Provider
|
||||
description: >-
|
||||
Consul supports automatically joining a Consul datacenter using cloud metadata
|
||||
on various providers.
|
||||
Auto-join enables agents to automatically join other agents running in the cloud. To configure auto-join, specify agent addresses with compute node metadata for the cloud provider instead of an IP address. Use the CLI or an agent configuration file to configure cloud auto-join.
|
||||
---
|
||||
|
||||
# Cloud Auto-join
|
||||
|
|
|
@ -2,8 +2,7 @@
|
|||
layout: docs
|
||||
page_title: Glossary
|
||||
description: >-
|
||||
This page collects brief definitions of some of the technical terms used in
|
||||
the documentation.
|
||||
The glossary is a list of technical terms with a specific meaning in Consul. Use the glossary to understand Consul concepts and study for the certification exam.
|
||||
---
|
||||
|
||||
# Consul Vocabulary
|
||||
|
|
|
@ -1,9 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Get Started
|
||||
description: |-
|
||||
Installing Consul is simple. You can download a precompiled binary, compile
|
||||
from source or run on Kubernetes. This page details these methods.
|
||||
page_title: Install Consul
|
||||
description: >-
|
||||
Install Consul to get started with service discovery and service mesh. Follow the installation instructions to download the precompiled binary, or use Go to compile from source.
|
||||
---
|
||||
|
||||
# Install Consul
|
||||
|
|
|
@ -1,11 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Manual Bootstrapping
|
||||
page_title: Manually Bootstrap a Datacenter
|
||||
description: >-
|
||||
When deploying Consul to a datacenter for the first time, there is an initial
|
||||
bootstrapping that must be done. As of Consul 0.4, an automatic bootstrapping
|
||||
is available and is the recommended approach. However, older versions only
|
||||
support a manual bootstrap that is documented here.
|
||||
Manually bootstrap a datacenter to deploy your Consul servers and join them together for the first time. For Consul v0.4+, we recommend automatic bootstrapping instead.
|
||||
---
|
||||
|
||||
# Manually Bootstrapping a Datacenter
|
||||
|
|
|
@ -1,10 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Server Performance
|
||||
page_title: Server Performance Requirements
|
||||
description: >-
|
||||
Consul requires different amounts of compute resources, depending on cluster
|
||||
size and expected workload. This guide provides guidance on choosing compute
|
||||
resources.
|
||||
Consul servers require sufficient compute resources to communicate and process data quickly. Learn about Consul's minimum server requirements and recommendations for different workloads.
|
||||
---
|
||||
|
||||
# Server Performance
|
||||
|
|
|
@ -2,8 +2,7 @@
|
|||
layout: docs
|
||||
page_title: Required Ports
|
||||
description: >-
|
||||
Before starting Consul it is important to have the necessary bind ports
|
||||
accessible.
|
||||
Consul requires multiple ports for directing DNS, HTTP, gRPC, gossip, and sidecar proxy requests. Learn about required and optional ports, and how Consul uses them for specific communication functions.
|
||||
---
|
||||
|
||||
# Required Ports
|
||||
|
|
|
@ -1,9 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Consul Tools
|
||||
description: |-
|
||||
From this page you can download various tools for Consul. These tools are
|
||||
maintained by HashiCorp and the Consul Community.
|
||||
description: >-
|
||||
Consul's capabilities can be extended through integration with other tools. Learn about Consul-related tools created by HashiCorp and by the Consul community.
|
||||
---
|
||||
|
||||
# Download Consul Tools
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Network Infrastructure Automation Integration Program
|
||||
description: Guide to partnership integrations for Consul NIA
|
||||
page_title: Network Infrastructure Automation (NIA) Integration Program
|
||||
description: >-
|
||||
The Network Infrastructure Automation (NIA) Integration Program allows partners to develop Terraform modules for Consul-Terraform-Sync (CTS) that HashiCorp reviews to consider publishing as officially verified. Learn about how to participate in the program.
|
||||
---
|
||||
|
||||
# Network Infrastructure Automation Integration Program
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Consul Integration Program
|
||||
description: Guide to partnership integrations for Consul.
|
||||
description: >-
|
||||
The Consul Integration Program allows approved partners to develop Consul integrations that HashiCorp reviews to consider publishing as officially verified. Learn about how to participate in the program.
|
||||
---
|
||||
|
||||
# Consul Integration Program
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Internals
|
||||
page_title: Internals Overview
|
||||
description: >-
|
||||
This section covers some of the internals of Consul, such as the architecture,
|
||||
consensus and gossip protocols, and security model.
|
||||
To enhance your understanding of how to use, troubleshoot, and secure Consul, learn more about Consul's internal properties and how it works under the hood.
|
||||
---
|
||||
|
||||
# Consul Internals
|
||||
# Consul Internals Overview
|
||||
|
||||
This section covers some of the internals of Consul. Understanding the internals of Consul is necessary to successfully
|
||||
use it in production.
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
layout: docs
|
||||
page_title: Annotations and Labels
|
||||
description: >-
|
||||
The list of available labels and annotations for running Consul on Kubernetes.
|
||||
Annotations and labels configure Consul sidecar properties and injection behavior when scheduling Kubernetes clusters. Learn about the annotations and labels that enable Consul’s service mesh and secure upstream communication on k8s in this reference guide.
|
||||
---
|
||||
|
||||
# Annotations and Labels
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Consul on Kubernetes Architecture
|
||||
page_title: Consul on Kubernetes Control Plane Architecture
|
||||
description: >-
|
||||
A high level overview of Consul on Kubernetes Architecture
|
||||
When running on Kubernetes, Consul’s control plane architecture does not change significantly. Server agents are deployed as a StatefulSet with a persistent volume, while client agents run as a k8s DaemonSet with an exposed API port.
|
||||
---
|
||||
|
||||
|
||||
|
|
|
@ -1,10 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Compatibility Matrix
|
||||
description: Compatibility Matrix for Consul Kubernetes
|
||||
page_title: Consul on Kubernetes Version Compatibility
|
||||
description: >-
|
||||
New releases require corresponding version updates to Consul on Kubernetes and its Helm chart. Review the compatibility matrix for Consul and consul-k8s and additional notes for integrating Vault and third-party platforms.
|
||||
---
|
||||
|
||||
# Compatibility Matrix for Consul on Kubernetes
|
||||
# Consul on Kubernetes Version Compatibility
|
||||
|
||||
For every release of Consul on Kubernetes, a Helm chart, `consul-k8s-control-plane` binary and a `consul-k8s` CLI binary is built and distributed through a single version. When deploying via Helm, the recommended best path for upgrading Consul on Kubernetes, is to upgrade using the same `consul-k8s-control-plane` version as the Helm Chart, as the Helm Chart and Control Plane binary are tightly coupled.
|
||||
|
||||
|
|
|
@ -1,10 +1,11 @@
|
|||
---
|
||||
"---
|
||||
layout: docs
|
||||
page_title: Configuring a Connect CA Provider
|
||||
description: Configuring a Connect CA Provider
|
||||
---
|
||||
page_title: Configure Certificate Authority (CA) for Consul on Kubernetes
|
||||
description: >-
|
||||
Consul includes a built-in CA, but when bootstrapping a cluster on k8s, you can configure your service mesh to use a custom certificate provider instead. Learn how to configure Vault as an external CA in primary and secondary datacenters and manually rotate Vault tokens.
|
||||
---"
|
||||
|
||||
# Configuring a Connect CA Provider
|
||||
# Configure Certificate Authority (CA) for Consul on Kubernetes
|
||||
|
||||
~> **NOTE:** The instructions below should only be used for initially bootstrapping a cluster with **Consul K8s 0.38.0+.**
|
||||
To update the Connect CA provider on an existing cluster or to update any properties, such as tokens, of the CA provider,
|
||||
|
|
|
@ -1,10 +1,11 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Kubernetes Health Checks
|
||||
description: Configuring Kubernetes Health Checks
|
||||
page_title: Configure Health Checks for Consul on Kubernetes
|
||||
description: >-
|
||||
Kubernetes has built-in health probes you can sync with Consul's health checks to ensure service mesh traffic is routed to healthy pods. Learn how to register a TTL Health check and use mutating webhooks to redirect k8s liveness, readiness, and startup probes through Envoy proxies.
|
||||
---
|
||||
|
||||
# Kubernetes Health Checks in Consul on Kubernetes
|
||||
# Configure Health Checks for Consul on Kubernetes
|
||||
|
||||
~> This topic requires familiarity with [Kubernetes Health Checks](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/).
|
||||
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue