Merge pull request #14643 from hashicorp/docs/search-metadata-headers

docs: Search Description Refresh
This commit is contained in:
Jeff Boruszak 2022-09-15 15:49:45 -05:00 committed by GitHub
commit 2398fbead5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
138 changed files with 391 additions and 524 deletions

View File

@ -1,12 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Configuration Entries page_title: How to Use Configuration Entries
description: >- description: >-
Consul allows storing configuration entries centrally to be used as defaults Configuration entries define the behavior of Consul service mesh components. Learn how to use the `consul config` command to create, manage, and delete configuration entries.
for configuring other aspects of Consul.
--- ---
# Configuration Entries # How to Use Configuration Entries
Configuration entries can be created to provide cluster-wide defaults for Configuration entries can be created to provide cluster-wide defaults for
various aspects of Consul. various aspects of Consul.

View File

@ -1,11 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Consul Agent CLI Reference page_title: Agents: CLI Reference
description: >- description: >-
This topic describes the supported options for configuring Consul agents on the command line. Add flags to the `consul agent` command to configure agent properties and actions from the CLI. Learn about configurable options and how to format them with examples.
--- ---
# Command-line Options ((#commandline_options)) # Agents Command-line Reference ((#commandline_options))
-> **Note:** Some CLI arguments may be different from HCL keys. See [Configuration Key Reference](/docs/agent/config/config-files#config_key_reference) for equivalent HCL Keys. -> **Note:** Some CLI arguments may be different from HCL keys. See [Configuration Key Reference](/docs/agent/config/config-files#config_key_reference) for equivalent HCL Keys.

View File

@ -1,11 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Consul Agent Configuration Reference page_title: Agents: Configuration File Reference
description: >- description: >-
This topic describes the supported parameters for configuring Consul agents in HCL and JSON configuration files. Use agent configuration files to assign attributes to agents and configure multiple agents at once. Learn about agent configuration file parameters and formatting with this reference page and sample code.
--- ---
# Configuration Files ((#configuration_files)) # Agents Configuration File Reference ((#configuration_files))
You can create one or more files to configure the Consul agent on startup. We recommend You can create one or more files to configure the Consul agent on startup. We recommend
grouping similar configurations into separate files, such as ACL parameters, to make it grouping similar configurations into separate files, such as ACL parameters, to make it

View File

@ -1,13 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Configuration page_title: Agents: Configuration Explained
description: >- description: >-
The agent has various configuration options that can be specified via the Agent configuration is the process of defining server and client agent properties with CLI flags and configuration files. Learn what properties can be configured on reload and how Consul sets precedence for configuration settings.
command-line or via configuration files. All of the configuration options are
completely optional. Defaults are specified with their descriptions.
--- ---
# Configuration # Agent Configuration
The agent has various configuration options that can be specified via The agent has various configuration options that can be specified via
the command-line or via configuration files. All of the configuration the command-line or via configuration files. All of the configuration

View File

@ -1,13 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Agent page_title: Agents Overview
description: >- description: >-
The Consul agent is the core process of Consul. The agent maintains membership Agents maintain register services, respond to queries, maintain datacenter membership information, and make most of Consuls functions possible. Learn how to start, stop, and configure agents, as well as their requirements and lifecycle.
information, registers services, runs checks, responds to queries, and more.
The agent must run on every node that is part of a Consul cluster.
--- ---
# Consul Agent # Agents Overview
This topic provides an overview of the Consul agent, which is the core process of Consul. This topic provides an overview of the Consul agent, which is the core process of Consul.
The agent maintains membership information, registers services, runs checks, responds to queries, and more. The agent maintains membership information, registers services, runs checks, responds to queries, and more.

View File

@ -1,11 +1,8 @@
--- ---
layout: docs layout: docs
page_title: RPC page_title: Legacy RPC Protocol
description: >- description: >-
The Consul agent provides a complete RPC mechanism that can be used to control Consul agents originally could be controlled through the RPC protocol. This feature was deprecated in version 0.8 in favor of the HTTP API. Learn about agent RPC interactions and how they worked.
the agent programmatically. This RPC mechanism is the same one used by the CLI
but can be used by other applications to easily leverage the power of Consul
without directly embedding.
--- ---
# RPC Protocol # RPC Protocol

View File

@ -1,13 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Sentinel in Consul page_title: Sentinel ACL Policies (Enterprise)
description: >- description: >-
Consul Enterprise uses Sentinel to augment the built-in ACL system to provide Sentinel allows you to include conditional logic in access control policies. Learn how Consul can use Sentinel policies to extend the ACL system's capabilities for controlling key-value (KV) write access.
advanced policy enforcement. Sentinel policies can currently execute on KV
modify and service registration.
--- ---
# Sentinel Overview # Sentinel for KV ACL Policy Enforcement
<EnterpriseAlert /> <EnterpriseAlert />

View File

@ -1,13 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Telemetry page_title: Agents: Enable Metrics
description: >- description: >-
The Consul agent collects various runtime metrics about the performance of Configure agent telemetry to collect operations metrics you can use to debug and observe Consul behavior and performance. Learn about configuration options, the metrics you can collect, and why they're important.
different libraries and subsystems. These metrics are aggregated on a ten
second interval and are retained for one minute.
--- ---
# Telemetry # Agent Telemetry
The Consul agent collects various runtime metrics about the performance of The Consul agent collects various runtime metrics about the performance of
different libraries and subsystems. These metrics are aggregated on a ten different libraries and subsystems. These metrics are aggregated on a ten

View File

@ -1,11 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Anti-Entropy page_title: Anti-Entropy Enforcement
description: | description: >-
This section details the process and use of anti-entropy in Consul. Anti-entropy keeps distributed systems consistent. Learn how Consul uses an anti-entropy mechanism to periodically sync agent states with the service catalog to prevent the catalog from becoming stale.
--- ---
# Anti-Entropy # Anti-Entropy Enforcement
Consul uses an advanced method of maintaining service and health information. Consul uses an advanced method of maintaining service and health information.
This page details how services and checks are registered, how the catalog is This page details how services and checks are registered, how the catalog is

View File

@ -1,10 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Consensus Protocol page_title: Consensus Protocol | Raft
description: >- description: >-
Consul uses a consensus protocol to provide Consistency as defined by CAP. The Consul ensures a consistent state using the Raft protocol. A quorum, or a majority of server agents with one leader, agree to state changes before committing to the state log. Learn how Raft works in Consul to ensure state consistency and how that state can be read with different consistency modes to balance read latency and consistency.
consensus protocol is based on Raft: In search of an Understandable Consensus
Algorithm. For a visual explanation of Raft, see The Secret Lives of Data.
--- ---
# Consensus Protocol # Consensus Protocol

View File

@ -1,7 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Network Coordinates page_title: Network Coordinates
description: A Decentralized Network Coordinate System, with several improvements based on several follow-on papers. description: >-
Network coordinates are node locations in network tomography used to estimate round trip time (RTT). Learn how network coordinates manifest in Consul, how it calculates RTT, and how to work with coordinates to sort catalog information by nearness to a given node.
--- ---
# Network Coordinates # Network Coordinates

View File

@ -1,12 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Gossip Protocol page_title: Gossip Protocol | Serf
description: >- description: >-
Consul uses a gossip protocol to manage membership and broadcast messages to Consul agents manage membership in datacenters and WAN federations using the Serf protocol. Learn about the differences between LAN and WAN gossip pools and how `serfHealth` affects health checks.
the cluster. All of this is provided through the use of the Serf library. The
gossip protocol used by Serf is based on SWIM: Scalable Weakly-consistent
Infection-style Process Group Membership Protocol, with a few minor
adaptations.
--- ---
# Gossip Protocol # Gossip Protocol

View File

@ -1,16 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Improving Consul Resilience page_title: Fault Tolerance in Consul
description: >- description: >-
Fault tolerance is the ability of a system to continue operating without interruption Fault tolerance is a system's ability to operate without interruption despite component failure. Learn how a set of Consul servers provide fault tolerance through use of a quorum, and how to further improve control plane resilience through use of infrastructure zones and Enterprise redundancy zones.
despite the failure of one or more components. Consul's resilience, or fault tolerance,
is determined by the configuring of its voting server agents. Recommended strategies for
increasing Consul's fault tolerance include using 3 or 5 voting server agents, spreading
server agents across infrastructure availability zones, and using Consul Enterprise
redundancy zones to enable backup voting servers to automatically replace lost voters.
--- ---
# Improving Consul Resilience # Fault Tolerance
Fault tolerance is the ability of a system to continue operating without interruption Fault tolerance is the ability of a system to continue operating without interruption
despite the failure of one or more components. despite the failure of one or more components.

View File

@ -2,12 +2,10 @@
layout: docs layout: docs
page_title: Consul Architecture page_title: Consul Architecture
description: >- description: >-
Consul is a complex system that has many different moving parts. To help users Consul datacenters consist of clusters of server agents (control plane) and client agents deployed alongside service instances (dataplane). Learn how these components and their different communication methods make Consul possible.
and developers of Consul form a mental model of how it works, this page
documents the system architecture.
--- ---
# Consul Architecture # Consul Internals Overview
Consul is a complex system that has many different moving parts. To help Consul is a complex system that has many different moving parts. To help
users and developers of Consul form a mental model of how it works, this users and developers of Consul form a mental model of how it works, this

View File

@ -1,14 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Jepsen Testing page_title: Consistency Verification | Jepsen Testing Results
description: >- description: >-
Jepsen is a tool, written by Kyle Kingsbury, designed to test the partition Jepsen is a tool to measure the reliability and consistency of distributed systems across network partitions. Learn about the Jepsen testing performed on Consul to ensure it gracefully recovers from partitions and maintains consistent state.
tolerance of distributed systems. It creates network partitions while fuzzing
the system with random operations. The results are analyzed to see if the
system violates any of the consistency properties it claims to have.
--- ---
# Jepsen Testing # Jepsen Testing Results
[Jepsen](http://aphyr.com/posts/281-call-me-maybe-carly-rae-jepsen-and-the-perils-of-network-partitions) [Jepsen](http://aphyr.com/posts/281-call-me-maybe-carly-rae-jepsen-and-the-perils-of-network-partitions)
is a tool, written by Kyle Kingsbury, designed to test the partition is a tool, written by Kyle Kingsbury, designed to test the partition

View File

@ -1,9 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Service Discovery page_title: Service Discovery Explained
description: >- description: >-
Learn what service discovery is, its benefits, and how it works. Service discovery dynamically tracks and monitors service instances on your network and makes them discoverable through DNS queries. Learn about the benefits of service discovery and how it works.
Service mesh can solve many of the modern challenges that exist in multi-platform and multi-cloud application architectures, ranging from security to application resiliency.
--- ---
# What is service discovery? # What is service discovery?

View File

@ -1,9 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Service Mesh page_title: Service Mesh Explained
description: >- description: >-
Learn what a service mesh is, its benefits, and how it works. Service mesh is a dedicated network layer for secure, resilient, observable microservice communication. Learn about using Consul's service mesh to solve service networking challenges in application architectures and manage complexity in multi-cloud, hybrid cloud, and multi-platform environments.
A service mesh can solve many of the modern challenges that exist in multi-platform and multi-cloud application architectures, ranging from security to application resiliency.
--- ---
# What is a service mesh? # What is a service mesh?

View File

@ -1,12 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Connect - Certificate Management page_title: Service Mesh Certificate Authority: AWS Certificate Manager
description: >- description: >-
Consul can be used with AWS Certificate Manager Private CA to manage and sign You can use the AWS Certificate Manager Private Certificate Authority as the Consul service mesh's certificate authority to secure your service mesh. Learn how to configure the AWS ACM Private CA, its limitations in Consul, and cost planning considerations.
certificates.
--- ---
# AWS Certificate Manager Private CA as a Connect CA # AWS Certificate Manager as a Service Mesh Certificate Authority
Consul can be used with [AWS Certificate Manager (ACM) Private Certificate Consul can be used with [AWS Certificate Manager (ACM) Private Certificate
Authority Authority

View File

@ -1,14 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Connect - Certificate Management page_title: Certificate Authority: Built-in Service Mesh CA
description: >- description: >-
Consul ships with a built-in CA system so that Connect can be easily enabled Consul has a built-in service mesh certificate authority that can be used to secure your service mesh without needing a separate CA system. Learn how to configure the built-in service mesh CA as a root CA or an intermediate CA connected to an existing PKI system.
out of the box. The built-in CA generates and stores the root certificate and
private key on Consul servers. It can also be configured with a custom
certificate and private key if needed.
--- ---
# Built-In CA # Built-In Certificate Authority for Service Mesh
Consul ships with a built-in CA system so that Connect can be Consul ships with a built-in CA system so that Connect can be
easily enabled out of the box. The built-in CA generates and stores the easily enabled out of the box. The built-in CA generates and stores the

View File

@ -1,10 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Connect - Certificate Management page_title: Service Mesh Certificate Authority: Overview
description: An overview of the Connect Certificate Authority mechanisms. description: >-
Consul uses a certificate authority (CA) to generate, use, manage, sign, and store certificates for your service mesh. Learn about certificate management, including configuration, root cert rotation, cross-signing, and regenerating the CA.
--- ---
# Connect Certificate Management # Service Mesh Certificate Authority Overview
Certificate management in Connect is done centrally through the Consul Certificate management in Connect is done centrally through the Consul
servers using the configured CA (Certificate Authority) provider. A CA provider servers using the configured CA (Certificate Authority) provider. A CA provider

View File

@ -1,12 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Connect - Certificate Management page_title: Service Mesh Certificate Authority: Vault
description: >- description: >-
Consul can be used with Vault to manage and sign certificates. The Vault CA You can use a Vault PKI secrets engine as the Consul service mesh's certificate authority to secure your service mesh. Learn how to configure the Vault CA as a root CA or an intermediate CA connected to an existing PKI system, and how to manage PKI paths with either Vault or Consul.
provider uses the Vault PKI secrets engine to generate and sign certificates.
--- ---
# Vault as a Connect CA # Vault as a Service Mesh Certificate Authority
Consul can be used with [Vault](https://www.vaultproject.io) to Consul can be used with [Vault](https://www.vaultproject.io) to
manage and sign certificates. manage and sign certificates.

View File

@ -1,11 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Create and Manage Peering Connections page_title: Cluster Peering: Create and Manage Connections
description: >- description: >-
This page describes how to use the Consul CLI to create, manage, and delete peering connections for cluster peering. Generate a peering token to establish communication, export services, and authorize requests for cluster peering connections. Learn how to create, list, read, check, and delete peering connections.
--- ---
# Create and Manage Peering Connections # Create and Manage Cluster Peering Connections
~> **Cluster peering is currently in beta:** Functionality associated with cluster peering is subject to change. You should never use the beta release in secure environments or production scenarios. Features in beta may have performance issues, scaling issues, and limited support.<br /><br />Cluster peering is not currently available in the HCP Consul offering. ~> **Cluster peering is currently in beta:** Functionality associated with cluster peering is subject to change. You should never use the beta release in secure environments or production scenarios. Features in beta may have performance issues, scaling issues, and limited support.<br /><br />Cluster peering is not currently available in the HCP Consul offering.

View File

@ -1,8 +1,8 @@
--- ---
layout: docs layout: docs
page_title: What is Cluster Peering? page_title: Service Mesh: What is Cluster Peering?
description: >- description: >-
This page details the cluster peering process for connecting Consul clusters across datacenters, including differences between cluster peering and the similar concept of WAN federation. Cluster peering establishes communication between independent clusters in Consul, allowing services to interact across datacenters. Learn about the cluster peering process, differences with WAN federation for multi-datacenter deployments, and technical constraints.
--- ---
# What is Cluster Peering? # What is Cluster Peering?

View File

@ -2,7 +2,7 @@
layout: docs layout: docs
page_title: Cluster Peering on Kubernetes page_title: Cluster Peering on Kubernetes
description: >- description: >-
This page describes how to create peering connections, deploy services, export cluster services, and end peering connections for Consul cluster peering using Kubernetes (K8s). If you use Consul on Kubernetes, learn how to enable cluster peering, create peering CRDs, and then manage peering connections in consul-k8s.
--- ---
# Cluster Peering on Kubernetes # Cluster Peering on Kubernetes

View File

@ -1,12 +1,11 @@
--- ---
layout: docs layout: docs
page_title: 'Configuration Entry Kind: Exported Services' page_title: Exported Services: Configuration Entry Reference
description: >- description: >-
The exported-services configuration entry enables you to export services from a single file. An exported services configuration entry defines the availability of a cluster's services to cluster peers and local admin partitions. Learn about `"exported-services"` config entry parameters and exporting services to other datacenters.
Settings in this configuration entry can apply to services in any namespace of the specified partition. Write access to the mesh resource is required.
--- ---
# Exported Services # Exported Services Configuration Entry
This topic describes the `exported-services` configuration entry type. The `exported-services` configuration entry enables Consul to export service instances to other clusters from a single file and connect services across clusters. For additional information, refer to [Cluster Peering](/docs/connect/cluster-peering) and [Admin Partitions](/docs/enterprise/admin-partitions). This topic describes the `exported-services` configuration entry type. The `exported-services` configuration entry enables Consul to export service instances to other clusters from a single file and connect services across clusters. For additional information, refer to [Cluster Peering](/docs/connect/cluster-peering) and [Admin Partitions](/docs/enterprise/admin-partitions).

View File

@ -1,12 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Configuration Entry Definitions page_title: Configuration Entry Overview
description: >- description: >-
Consul allows storing configuration entries centrally to be used as defaults Configuration entries define service mesh behaviors in order to secure and manage traffic. Learn about Consuls different config entry kinds and get links to configuration reference pages.
for configuring other aspects of Consul.
--- ---
# Configuration Entries # Configuration Entry Overview
Configuration entries can be used to configure the behavior of Consul Connect. Configuration entries can be used to configure the behavior of Consul Connect.

View File

@ -1,12 +1,11 @@
--- ---
layout: docs layout: docs
page_title: 'Configuration Entry Kind: Ingress Gateway' page_title: Ingress Gateway: Configuration Entry Reference
description: >- description: >-
The `ingress-gateway` config entry kind allows for configuring Ingress gateways The ingress gateway configuration entry kind defines behavior to secure incoming communication between the service mesh and external sources. Use the reference guide to learn about `"ingress-gateway"` config entry parameters and exposing TCP and HTTP listeners.
with listeners that expose a set of services outside the Consul service mesh.
--- ---
# Ingress Gateway # Ingress Gateway Configuration Entry
This topic provides reference information for the `ingress-gateway` configuration entry. This topic provides reference information for the `ingress-gateway` configuration entry.

View File

@ -1,14 +1,11 @@
--- ---
layout: docs layout: docs
page_title: 'Configuration Entry Kind: Mesh' page_title: Mesh: Configuration Entry Reference
description: >- description: >-
The mesh config entry kind allows for globally defining default The mesh configuration entry kind defines global default settings like TLS version requirements for proxies inside the service mesh. Use the reference guide to learn about `""mesh""` config entry parameters and how to control communication with services outside of the mesh.
configuration across all services mesh proxies.
Settings in this config entry apply across all namespaces and federated datacenters.
Currently, only one mesh entry is supported.
--- ---
# Mesh # Mesh Configuration Entry
-> **v1.10.0+:** This configuration entry is supported in Consul versions 1.10.0+. -> **v1.10.0+:** This configuration entry is supported in Consul versions 1.10.0+.

View File

@ -1,14 +1,11 @@
--- ---
layout: docs layout: docs
page_title: 'Configuration Entry Kind: Proxy Defaults' page_title: Proxy Defaults: Configuration Entry Reference
description: >- description: >-
The proxy-defaults config entry kind allows for configuring global config The proxy defaults configuration entry kind defines default behaviors for sidecar proxies in the service mesh. Use the reference guide to learn about `""proxy-defaults""` config entry parameters and how to expose HTTP paths through Envoy.
defaults across all services for Connect proxy configuration. Currently, only
one global entry is supported.
--- ---
# Proxy Defaults # Proxy Defaults Configuration Entry
The `proxy-defaults` configuration entry (`ProxyDefaults` on Kubernetes) allows you The `proxy-defaults` configuration entry (`ProxyDefaults` on Kubernetes) allows you
to configure global defaults across all services for Connect proxy to configure global defaults across all services for Connect proxy

View File

@ -1,12 +1,11 @@
--- ---
layout: docs layout: docs
page_title: 'Configuration Entry Kind: Service Defaults' page_title: Service Defaults: Configuration Entry Reference
description: >- description: >-
The service-defaults config entry kind controls default global values for a The service defaults configuration entry kind defines sets of default configurations that apply to all services in the mesh. Use the examples learn how to define a default protocol, default upstream configuration, and default terminating gateway.
service, such as its protocol.
--- ---
# Service Defaults # Service Defaults Configuration Entry
-> **v1.8.4+:** On Kubernetes, the `ServiceDefaults` custom resource is supported in Consul versions 1.8.4+.<br /> -> **v1.8.4+:** On Kubernetes, the `ServiceDefaults` custom resource is supported in Consul versions 1.8.4+.<br />
**v1.5.0+:** On other platforms, this config entry is supported in Consul versions 1.5.0+. **v1.5.0+:** On other platforms, this config entry is supported in Consul versions 1.5.0+.

View File

@ -1,13 +1,11 @@
--- ---
layout: docs layout: docs
page_title: 'Configuration Entry Kind: Service Intentions' page_title: Service Intentions: Configuration Entry Reference
description: >- description: >-
The service-intentions config entry kind controls Connect traffic The service intentions configuration entry kind defines the communication permissions between service types. Use the reference guide to learn about `""service-intentions""` config entry parameters and how to authorize L4 and L7 communication int he service mesh with intentions.
authorization for both networking layer 4 (e.g. TCP) and networking layer 7
(e.g. HTTP).
--- ---
# Service Intentions ((#service-intentions)) # Service Intentions Configuration Entry ((#service-intentions))
-> **1.9.0+:** This config entry is available in Consul versions 1.9.0 and newer. -> **1.9.0+:** This config entry is available in Consul versions 1.9.0 and newer.

View File

@ -1,12 +1,11 @@
--- ---
layout: docs layout: docs
page_title: 'Configuration Entry Kind: Service Resolver' page_title: Service Resolver: Configuration Entry Reference
description: >- description: >-
The `service-resolver` config entry kind controls which service instances The service resolver configuration entry kind defines subsets of service instances that satisfy upstream discovery requests. Use the reference guide to learn about `""service-resolver""` config entry parameters and how filtering by service subsets helps route traffic based on properties like version number.
should satisfy Connect upstream discovery requests for a given service name.
--- ---
# Service Resolver # Service Resolver Configuration Entry
-> **v1.8.4+:** On Kubernetes, the `ServiceResolver` custom resource is supported in Consul versions 1.8.4+.<br /> -> **v1.8.4+:** On Kubernetes, the `ServiceResolver` custom resource is supported in Consul versions 1.8.4+.<br />
**v1.6.0+:** On other platforms, this config entry is supported in Consul versions 1.6.0+. **v1.6.0+:** On other platforms, this config entry is supported in Consul versions 1.6.0+.

View File

@ -1,12 +1,11 @@
--- ---
layout: docs layout: docs
page_title: 'Configuration Entry Kind: Service Router' page_title: Service Router: Configuration Entry Reference
description: >- description: >-
The service-router config entry kind controls Connect traffic routing and The service router configuration entry kind defines where the service mesh routes requests based on L7 network information such as header or path. Use the reference guide to learn about `""service-router""` config entry parameters and how behaviors like request timeouts, retry behavior, header modification, and path rewriting can be applied to a request based on its header or path information.
manipulation at networking layer 7 (e.g. HTTP).
--- ---
# Service Router # Service Router Configuration Entry
The `service-router` config entry kind (`ServiceRouter` on Kubernetes) controls Connect traffic routing and The `service-router` config entry kind (`ServiceRouter` on Kubernetes) controls Connect traffic routing and
manipulation at networking layer 7 (e.g. HTTP). manipulation at networking layer 7 (e.g. HTTP).

View File

@ -1,14 +1,11 @@
--- ---
layout: docs layout: docs
page_title: 'Configuration Entry Kind: Service Splitter' page_title: Service Splitter: Configuration Entry Reference
description: >- description: >-
The service-splitter config entry kind controls how to split incoming Connect The service splitter configuration entry kind defines how to divide service mesh traffic between service instances. Use the reference guide to learn about `""service-splitter""` config entry parameters and how it can be used for traffic management behaviors like canary rollouts, blue green deployment, and load balancing across environments.
requests across different subsets of a single service (like during staged
canary rollouts), or perhaps across different services (like during a v2
rewrite or other type of codebase migration).
--- ---
# Service Splitter # Service Splitter Configuration Entry
-> **v1.8.4+:** On Kubernetes, the `ServiceSplitter` custom resource is supported in Consul versions 1.8.4+.<br /> -> **v1.8.4+:** On Kubernetes, the `ServiceSplitter` custom resource is supported in Consul versions 1.8.4+.<br />
**v1.6.0+:** On other platforms, this config entry is supported in Consul versions 1.6.0+. **v1.6.0+:** On other platforms, this config entry is supported in Consul versions 1.6.0+.

View File

@ -1,12 +1,11 @@
--- ---
layout: docs layout: docs
page_title: 'Configuration Entry Kind: Terminating Gateway' page_title: Terminating Gateway: Configuration Entry Reference
description: >- description: >-
The `terminating-gateway` config entry kind allows for configuring terminating gateways The terminating gateway configuration entry kind defines behavior to secure outgoing communication between the service mesh and non-mesh services. Use the reference guide to learn about `""terminating-gateway""` config entry parameters and connecting from your service mesh to external or non-mesh services registered with Consul.
to proxy traffic from services in the Consul service mesh to services outside the mesh.
--- ---
# Terminating Gateway # Terminating Gateway Configuration Entry
-> **v1.8.4+:** On Kubernetes, the `TerminatingGateway` custom resource is supported in Consul versions 1.8.4+.<br /> -> **v1.8.4+:** On Kubernetes, the `TerminatingGateway` custom resource is supported in Consul versions 1.8.4+.<br />
**v1.8.0+:** On other platforms, this config entry is supported in Consul versions 1.8.0+. **v1.8.0+:** On other platforms, this config entry is supported in Consul versions 1.8.0+.

View File

@ -1,13 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Connect - Configuration page_title: Service Mesh Configuration: Overview
description: >- description: >-
A Connect-aware proxy enables unmodified applications to use Connect. A Learn how to enable and configure Consul's service mesh capabilities in agent configurations, and how to integrate with schedulers like Kubernetes and Nomad. ""Connect"" is the subsystem that provides Consuls service mesh capabilities.
per-service proxy sidecar transparently handles inbound and outbound service
connections, automatically wrapping and verifying TLS connections.
--- ---
# Service Mesh Configuration # Service Mesh Configuration Overview
There are many configuration options exposed for Consul service mesh. The only option There are many configuration options exposed for Consul service mesh. The only option
that must be set is the `connect.enabled` option on Consul servers to enable Consul service mesh. that must be set is the `connect.enabled` option on Consul servers to enable Consul service mesh.

View File

@ -1,9 +1,8 @@
--- ---
layout: docs layout: docs
page_title: How Connect Works page_title: Service Mesh: How it Works
description: >- description: >-
This page details the internals of Consul Connect: mutual TLS, agent caching Consul's service mesh enforces secure service communication using mutual TLS (mTLS) encryption and explicit authorization. Learn how the service mesh certificate authorities, intentions, and agents work together in the ""Connect"" subsystem to provide Consuls service mesh capabilities.
and performance, intention and certificate authority replication.
--- ---
# How Service Mesh Works # How Service Mesh Works

View File

@ -1,11 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Connectivity Tasks page_title: Gateway Types
description: >- description: >-
Tasks related to connectivity into, out of, and between Consul service meshes. Ingress, terminating, and mesh gateways are proxies that direct traffic into, out of, and inside of Consul's service mesh. Learn how these gateways enable different kinds of service-to-service communication.
--- ---
# Connectivity Tasks # Types of Gateway Connections in a Service Mesh
~> **Note**: The features shown below are extensions of Consul's service mesh capabilities. If you are not utilizing ~> **Note**: The features shown below are extensions of Consul's service mesh capabilities. If you are not utilizing
Consul service mesh then these features will not be relevant to your task. Consul service mesh then these features will not be relevant to your task.

View File

@ -1,15 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Connect - Development and Debugging page_title: Service Mesh Debugging
description: >- description: >-
It is often necessary to connect to a service for development or debugging. If Use the `consul connect proxy` command to connect to services or masquerade as other services for development and debugging purposes. Example code demonstrates connecting to services that are part of the service mesh as listeners only.
a service only exposes a Connect listener, then we need a way to establish a
mutual TLS connection to the service. The `consul connect proxy` command can
be used for this task on any machine with access to a Consul agent (local or
remote).
--- ---
# Developing and Debugging Connect Services # Service Mesh Debugging
It is often necessary to connect to a service for development or debugging. It is often necessary to connect to a service for development or debugging.
If a service only exposes a Connect listener, then we need a way to establish If a service only exposes a Connect listener, then we need a way to establish

View File

@ -1,8 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Distributed Tracing page_title: Service Mesh Distributed Tracing
description: >- description: >-
Distributed tracing is a way to track and correlate requests across microservices. Distributed tracing tracks the path of a request as it traverses the service mesh. Consul supports distributed tracing for applications that have it implemented. Learn how to integrate tracing libraries in your application and configure Consul to participate in that tracing.
--- ---
# Distributed Tracing # Distributed Tracing

View File

@ -1,11 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Gateways page_title: Gateways Overview
description: >- description: >-
Gateways provide connectivity into, out of, and between Consul service meshes. Gateways are proxies that direct traffic into, out of, and inside of Consul's service mesh. They secure communication with external or non-mesh network resources and enable services on different runtimes, cloud providers, or with overlapping IP addresses to communicate with each other.
--- ---
# Gateways # Gateways Overview
This topic provides an overview of the gateway features shipped with Consul. Gateways provide connectivity into, out of, and between Consul service meshes. You can configure the following types of gateways: This topic provides an overview of the gateway features shipped with Consul. Gateways provide connectivity into, out of, and between Consul service meshes. You can configure the following types of gateways:

View File

@ -1,9 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Using Ingress Gateways to Connect External Traffic to Internal Services page_title: Ingress Gateway | Service Mesh
description: >- description: >-
This topic describes how ingress gateways enable traffic from external services to reach services inside the Consul service mesh. Ingress gateways listen for requests from external network locations and route authorized traffic to destinations in the service mesh. Use custom TLS certificates with ingress gateways through Envoy's gRPC Secret Discovery Service (SDS).
It provides guidance on how to use Envoy and how to plug into your preferred gateway.
--- ---
# Ingress Gateways # Ingress Gateways

View File

@ -1,12 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Service-to-service Traffic Across Datacenters page_title: Mesh Gateways between Datacenters
description: >- description: >-
This topic describes how to configure mesh gateways to route a service's data to upstreams Mesh gateways are specialized proxies that route data between services that cannot communicate directly. Learn how to enable service-to-service traffic across datacenters and review example configuration entries.
in other datacenters. It describes how to use Envoy and how you can integrate with your preferred gateway.
--- ---
# Service-to-service Traffic Across Datacenters # Mesh Gateways between Datacenters
-> **1.6.0+:** This feature is available in Consul versions 1.6.0 and newer. -> **1.6.0+:** This feature is available in Consul versions 1.6.0 and newer.

View File

@ -1,12 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Service-to-service Traffic Across Partitions page_title: Mesh Gateways between Admin Partitions
description: >- description: >-
This topic describes how to configure mesh gateways to route a service's data to upstreams Mesh gateways are specialized proxies that route data between services that cannot communicate directly with upstreams. Learn how to enable service-to-service traffic across admin partitions and review example configuration entries.
in other partitions. It describes how to use Envoy and how you can integrate with your preferred gateway.
--- ---
# Service-to-service Traffic Across Partitions # Mesh Gateways between Admin Partitions
-> **Consul Enterprise 1.11.0+:** Admin partitions are supported in Consul Enterprise versions 1.11.0 and newer. -> **Consul Enterprise 1.11.0+:** Admin partitions are supported in Consul Enterprise versions 1.11.0 and newer.

View File

@ -1,12 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Service-to-service Traffic Across Peered Clusters page_title: Mesh Gateways between Peered Clusters
description: >- description: >-
This topic describes how to configure mesh gateways to route a service's data to upstreams Mesh gateways are specialized proxies that route data between services that cannot communicate directly. Learn how to enable service-to-service traffic across clusters in different datacenters or admin partitions that have an established peering connection.
in clusters that have a peering connection.
--- ---
# Service-to-service Traffic Across Peered Clusters # Mesh Gateways between Peered Clusters
~> **Cluster peering is currently in beta**: Functionality associated with cluster peering is subject to change. You should never use the beta release in secure environments or production scenarios. Features in beta may have performance issues, scaling issues, and limited support. ~> **Cluster peering is currently in beta**: Functionality associated with cluster peering is subject to change. You should never use the beta release in secure environments or production scenarios. Features in beta may have performance issues, scaling issues, and limited support.

View File

@ -1,11 +1,11 @@
--- ---
layout: docs layout: docs
page_title: WAN Federation via Mesh Gateways page_title: Mesh Gateways for WAN Federation
description: |- description: >-
WAN federation via mesh gateways allows for Consul servers in different datacenters to be federated exclusively through mesh gateways. You can use mesh gateways to simplify the networking requirements for WAN federated Consul datacenters. Mesh gateways reduce cross-datacenter connection paths, ports, and communication protocols.
--- ---
# WAN Federation via Mesh Gateways # Mesh Gateways for WAN Federation
-> **1.8.0+:** This feature is available in Consul versions 1.8.0 and higher -> **1.8.0+:** This feature is available in Consul versions 1.8.0 and higher

View File

@ -1,10 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Internal <> External Services - Terminating Gateways page_title: Terminating Gateway | Service Mesh
description: >- description: >-
A terminating gateway enables traffic from services in the Consul Terminating gateways send requests from inside the service mesh to external network locations and services outside the mesh. Learn about requirements and terminating gateway interactions with Consul's service catalog.
service mesh to services outside the mesh. This section details
how to configure and run a terminating gateway.
--- ---
# Terminating Gateways # Terminating Gateways

View File

@ -1,9 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Service Mesh page_title: Service Mesh on Consul
description: |- description: >-
Consul Connect provides service-to-service connection authorization and Consuls service mesh makes application and microservice networking secure and observable with identity-based authentication, mutual TLS (mTLS) encryption, and explicit service-to-service authorization enforced by sidecar proxies. Learn how Consuls service mesh works and get started on VMs or Kubernetes.
encryption using mutual TLS.
--- ---
# Consul Service Mesh # Consul Service Mesh

View File

@ -1,10 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Service-to-service permissions - Intentions (Legacy Mode) page_title: Intentions (Legacy Mode)
description: >- description: >-
Intentions define access control for services via Connect and are used to Intentions define service communication permissions in the service mesh. As of version 1.9, Consul uses a new system for creating and managing intentions. Learn how intentions worked in earlier versions of Consul with this legacy documentation.
control which services may establish connections. Intentions can be managed
via the API, CLI, or UI.
--- ---
# Intentions in Legacy Mode # Intentions in Legacy Mode

View File

@ -1,12 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Service-to-service permissions - Intentions page_title: Service Mesh Intentions
description: >- description: >-
Intentions define access control for services via Connect and are used to Intentions define communication permissions in the service mesh between microservices. Learn about configuration basics, wildcard intentions, precedence and match order, and protecting intention management with ACLs.
control which services may establish connections or make requests.
--- ---
# Intentions # Service Mesh Intentions
-> **1.9.0 and later:** This guide only applies in Consul versions 1.9.0 and -> **1.9.0 and later:** This guide only applies in Consul versions 1.9.0 and
later. The documentation for the legacy intentions system is later. The documentation for the legacy intentions system is

View File

@ -1,13 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Discovery Chain page_title: Service Mesh Traffic Management: Discovery Chain
description: >- description: >-
The service discovery process can be modeled as a "discovery chain" which The discovery chain compiles service router, splitter, and resolver configuration entries to direct traffic to specific instances in a service mesh. Learn about compiled discovery chain results, including discovery graph nodes and targets.
passes through three distinct stages: routing, splitting, and resolution. Each
of these stages is controlled by a set of configuration entries.
--- ---
# Discovery Chain # Discovery Chain for Service Mesh Traffic Management
-> **1.6.0+:** This feature is available in Consul versions 1.6.0 and newer. -> **1.6.0+:** This feature is available in Consul versions 1.6.0 and newer.

View File

@ -1,14 +1,13 @@
--- ---
layout: docs layout: docs
page_title: Connect - L7 Traffic Management page_title: Service Mesh Traffic Management: Overview
description: >- description: >-
Layer 7 traffic management allows operators to divide L7 traffic between Consul can route, split, and resolve Layer 7 traffic in a service mesh to support workflows like canary testing and blue/green deployments. Learn about the three configuration entry kinds that define L7 traffic management behavior in Consul.
different subsets of service instances when using Connect.
--- ---
-> **1.6.0+:** This feature is available in Consul versions 1.6.0 and newer. -> **1.6.0+:** This feature is available in Consul versions 1.6.0 and newer.
# L7 Traffic Management # Service Mesh Traffic Management Overview
Layer 7 traffic management allows operators to divide L7 traffic between Layer 7 traffic management allows operators to divide L7 traffic between
different different

View File

@ -1,14 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Connect - Native Application Integration - Go page_title: Service Mesh Native App Integration: Go Apps
description: >- description: >-
We provide a library that makes it drop-in simple to integrate Connect with Consul's service mesh supports native integrations of Go applications into the service mesh through a Go library. Example code demonstrates how to connect your Go applications to the service mesh.
most Go applications. For most Go applications, Connect can be natively
integrated in just a single line of code excluding imports and struct
initialization.
--- ---
# Connect-Native Integration with Go # Service Mesh Native Integration for Go Applications
-> **Note:** When calling `ConnectAuthorize()` on incoming connections this library -> **Note:** When calling `ConnectAuthorize()` on incoming connections this library
will return _deny_ if `Permissions` are defined on the matching intention. will return _deny_ if `Permissions` are defined on the matching intention.

View File

@ -1,13 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Connect - Native Application Integration page_title: Service Mesh Native App Integration: Overview
description: >- description: >-
Applications can natively integrate with the Connect API to support accepting When using sidecar proxies is not possible, applications can natively integrate with Consul service mesh, but have reduced access to service mesh features. Learn how “Connect-Native” apps use mTLS to authenticate with Consul and how to add integrations to service registrations.
and establishing connections to other Connect services without the overhead of
a proxy sidecar.
--- ---
# Connect-Native App Integration # Service Mesh Native App Integration Overview
~> **Note:** The Native App Integration does not support many of the Connect service ~> **Note:** The Native App Integration does not support many of the Connect service
mesh features, and is not under active development. mesh features, and is not under active development.

View File

@ -1,13 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Connect - Nomad page_title: Sevice Mesh: Nomad Integration
description: >- description: >-
Connect can be used with [Nomad](https://www.nomadproject.io) to provide Consul's service mesh can be applied to provide secure communication between services managed by Nomad's scheduler and orchestrator functions, including Nomad jobs and task groups. Use the guide and reference documentation to learn more.
secure service-to-service communication between Nomad jobs. The ability to use
the dynamic port feature of Nomad makes Connect particularly easy to use.
--- ---
# Connect on Nomad # Consul and Nomad Integration
Consul Connect can be used with [Nomad](https://www.nomadproject.io) to provide Consul Connect can be used with [Nomad](https://www.nomadproject.io) to provide
secure service-to-service communication between Nomad jobs and task groups. secure service-to-service communication between Nomad jobs and task groups.

View File

@ -1,12 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Connect - Observability page_title: Service Mesh Observability: Overview
description: |- description: >-
This page documents the configurations necessary for L7 observability using To use Consul's observability features, configure sidecar proxies in the service mesh to collect and emit L7 metrics. Learn about configuring metrics destinations and a service's protocol and upstreams.
Consul Connect.
--- ---
# Observability # Service Mesh Observability Overview
In order to take advantage of Connect's L7 observability features you will need In order to take advantage of Connect's L7 observability features you will need
to: to:

View File

@ -1,12 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Connect - UI Visualization page_title: Service Mesh Observability: UI Visualization
description: |- description: >-
This page describes how to set up and customize the Service Mesh Topology Consul's UI can display a service's topology and associated metrics from the service mesh. Learn how to configure the UI to collect metrics from your metrics provider, modify access for metrics proxies, and integrate custom metrics providers.
visualization in Consul's UI.
--- ---
# UI Visualization # Service Mesh Observability: UI Visualization
-> Coming here from "Configure metrics dashboard" or "Configure dashboard"? See [Configuring Dashboard URLs](#configuring-dashboard-urls). -> Coming here from "Configure metrics dashboard" or "Configure dashboard"? See [Configuring Dashboard URLs](#configuring-dashboard-urls).

View File

@ -1,10 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Connect - Built-in Proxy page_title: Built-in Proxy Configuration | Service Mesh
description: Consul Connect comes with a built-in proxy for testing and development. description: >-
Consul includes a built-in L4 proxy with limited capabilities to use for development and testing only. Use the built-in proxy config key reference to learn about the options you can configure.
--- ---
# Built-In Proxy Options # Built-in Proxy Configuration for Service Mesh
~> **Note:** The built-in proxy is not supported for production deployments. It does not ~> **Note:** The built-in proxy is not supported for production deployments. It does not
support many of the Connect service mesh features, and is not under active development. support many of the Connect service mesh features, and is not under active development.

View File

@ -1,10 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Connect - Envoy Integration page_title: Envoy Proxy Configuration | Service Mesh
description: Consul Connect has first-class support for configuring Envoy proxy. description: >-
Consul supports Envoy proxies to direct traffic throughout the service mesh. Learn about Consul versions and their Envoy support, and use the reference guide to review options for bootstrap configuration, dynamic configuration, and advanced topics like escape hatch overrides.
--- ---
# Envoy Integration # Envoy Proxy Configuration for Service Mesh
Consul Connect has first class support for using Consul Connect has first class support for using
[Envoy](https://www.envoyproxy.io) as a proxy. Consul configures Envoy by [Envoy](https://www.envoyproxy.io) as a proxy. Consul configures Envoy by

View File

@ -1,13 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Connect - Proxies page_title: Service Mesh Proxy Overview
description: >- description: >-
A Connect-aware proxy enables unmodified applications to use Connect. This In Consul service mesh, each service has a sidecar proxy that secures connections with other services in the mesh without modifying the underlying application code. You can use the built-in proxy, Envoy, or a custom proxy to handle communication and verify TLS connections.
section details how to use either Envoy or Consul's built-in L4 proxy, and
describes how you can plug in a proxy of your choice.
--- ---
# Connect Proxies # Service Mesh Proxy Overview
A Connect-aware proxy enables unmodified applications to use Connect. A A Connect-aware proxy enables unmodified applications to use Connect. A
per-service proxy sidecar transparently handles inbound and outbound service per-service proxy sidecar transparently handles inbound and outbound service

View File

@ -1,13 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Connect - Proxy Integration page_title: Custom Proxy Configuration | Service Mesh
description: >- description: >-
A Connect-aware proxy enables unmodified applications to use Connect. A Consul supports custom proxy integrations for service discovery and sidecar instantiation. Learn about proxy requirements for service mesh operations, as well as how to authorize inbound and outbound connections for your custom proxy.
per-service proxy sidecar transparently handles inbound and outbound service
connections, automatically wrapping and verifying TLS connections.
--- ---
# Connect Custom Proxy Integration # Custom Proxy Configuration for Service Mesh
This topic describes the process and API endpoints you can use to extend proxies for integration with Consul. This topic describes the process and API endpoints you can use to extend proxies for integration with Consul.

View File

@ -1,13 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Connect - Deprecated Managed Proxies page_title: Managed Proxy for Connect (Legacy)
description: |- description: >-
Consul 1.2 launched its Connect Beta period with a feature named Managed Consul's service mesh originally included a proxy manager that was deprecated in version 1.6. Learn about the reasons for its deprecation and how it worked with this legacy documentation.
Proxies which are now deprecated. This page describes how they worked and why
they are no longer supported.
--- ---
# Managed Proxy Deprecation # Managed Proxy for Connect Legacy Documentation
Consul Connect was first released as a beta feature in Consul 1.2.0. The initial Consul Connect was first released as a beta feature in Consul 1.2.0. The initial
release included a feature called "Managed Proxies". Managed proxies were release included a feature called "Managed Proxies". Managed proxies were

View File

@ -1,13 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Connect - Proxy Registration page_title: Service Mesh Proxy Registration Overview
description: >- description: >-
To make connect aware of proxies you will need to register them as Consul To make Consul aware of proxies in your service mesh, you must register them. Learn about methods for configuring and registering sidecar proxies.
services. This section describes the process and options for proxy
registration.
--- ---
# Proxy Registration # Service Mesh Proxy Overview
To make Connect aware of proxies you will need to register them in a [service To make Connect aware of proxies you will need to register them in a [service
definition](/docs/discovery/services), just like you would register any other service with Consul. This section outlines your options for registering Connect proxies, either using independent registrations, or in nested sidecar registrations. definition](/docs/discovery/services), just like you would register any other service with Consul. This section outlines your options for registering Connect proxies, either using independent registrations, or in nested sidecar registrations.

View File

@ -1,13 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Connect - Service Registration page_title: Register a Service Mesh Proxy Outside of a Service Registration
description: >- description: >-
A per-service proxy sidecar transparently handles inbound and outbound service You can register a service mesh sidecar proxy separately from the registration of the service instance it fronts. Learn about proxy configuration options and how to format them with examples.
connections. You can register these sidecars with reasonable defaults by nesting
their definitions in the service definition.
--- ---
# Proxy Service Registration # Register a Service Mesh Proxy Outside of a Service Registration
This topic describes how to declare a proxy as a `connect-proxy` in service definitions. The `kind` must be declared and information about the service they represent must be provided to function as a Consul service mesh proxy. This topic describes how to declare a proxy as a `connect-proxy` in service definitions. The `kind` must be declared and information about the service they represent must be provided to function as a Consul service mesh proxy.

View File

@ -1,12 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Connect - Sidecar Service Registration page_title: Register a Service Mesh Proxy in a Service Registration
description: |- description: >-
Sidecar service registrations provide a convenient shorthand for registering a You can register a service instance and its sidecar proxy at the same time. Learn about default settings, customizable parameters, limitations, and lifecycle behaviors of the sidecar proxy.
sidecar proxy inline with a regular service definition.
--- ---
# Sidecar Service Registration # Register a Service Mesh Proxy in a Service Registration
Connect proxies are typically deployed as "sidecars" that run on the same node Connect proxies are typically deployed as "sidecars" that run on the same node
as the single service instance that they handle traffic for. They might be on as the single service instance that they handle traffic for. They might be on

View File

@ -1,13 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Connect - Security page_title: Service Mesh Security: Best Practices
description: |- description: >-
Connect enables secure service-to-service communication over mutual TLS. This Consul provides secure service mesh communication by default. Additional configuration can improve network security by preventing unauthorized access and traffic sniffing. Review security considerations, our recommendations, and best practices.
provides both in-transit data encryption as well as authorization. This page
will document how to secure Connect.
--- ---
# Connect Security # Best Practices for Service Mesh Security
Connect enables secure service-to-service communication over mutual TLS. This Connect enables secure service-to-service communication over mutual TLS. This
provides both in-transit data encryption as well as authorization. This page provides both in-transit data encryption as well as authorization. This page

View File

@ -1,13 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Connect - Transparent Proxy page_title: Service Mesh: Enable Transparent Proxy Mode
sidebar_title: Transparent Proxy description: >-
description: |- Learn how transparent proxy enables Consul on Kubernetes to direct inbound and outbound traffic through the service mesh. Use transparent proxying to increase application security without configuring individual upstream services.
Transparent proxy is used to direct inbound and outbound traffic to services via the Envoy proxy and configure
upstreams via intentions.
--- ---
# Transparent Proxy # Enable Transparent Proxy Mode
This topic describes how to use Consuls transparent proxy feature, which allows applications to communicate through the service mesh without modifying their configurations. Transparent proxy also hardens application security by preventing direct inbound connections that bypass the mesh. This topic describes how to use Consuls transparent proxy feature, which allows applications to communicate through the service mesh without modifying their configurations. Transparent proxy also hardens application security by preventing direct inbound connections that bypass the mesh.

View File

@ -1,14 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Monitor Services - Check Definitions page_title: Configure Health Checks
description: >- description: >-
One of the primary roles of the agent is management of system- and Agents can be configured to periodically perform custom checks on the health of a service instance or node. Learn about the types of health checks and how to define them in agent and service configuration files.
application-level health checks. A health check is considered to be
application-level if it is associated with a service. A check is defined in a
configuration file or added at runtime over the HTTP interface.
--- ---
# Checks # Health Checks
One of the primary roles of the agent is management of system-level and application-level health One of the primary roles of the agent is management of system-level and application-level health
checks. A health check is considered to be application-level if it is associated with a checks. A health check is considered to be application-level if it is associated with a

View File

@ -1,13 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Find Services - DNS Interface page_title: Find services with DNS
description: >- description: >-
One of the primary query interfaces for Consul is DNS. The DNS interface For service discovery use cases, Domain Name Service (DNS) is the main interface to look up, query, and address Consul nodes and services. Learn how a Consul DNS lookup can help you find services by tag, name, namespace, partition, datacenter, or domain.
allows applications to make use of service discovery without any high-touch
integration with Consul.
--- ---
# DNS Interface # Query services with DNS
One of the primary query interfaces for Consul is DNS. One of the primary query interfaces for Consul is DNS.
The DNS interface allows applications to make use of service The DNS interface allows applications to make use of service

View File

@ -1,16 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Register Services - Service Definitions page_title: Register Services with Service Definitions
description: >- description: >-
One of the main goals of service discovery is to provide a catalog of Define and register services and their health checks with Consul to make a service available for service discovery or service mesh access. Learn how to format service definitions with this reference page and sample code.
available services. To that end, the agent provides a simple service
definition format to declare the availability of a service and to potentially
associate it with a health check. A health check is considered to be
application level if it is associated with a service. A service is defined in
a configuration file or added at runtime over the HTTP interface.
--- ---
# Services # Register Services with Service Definitions
One of the main goals of service discovery is to provide a catalog of available One of the main goals of service discovery is to provide a catalog of available
services. To that end, the agent provides a simple service definition format services. To that end, the agent provides a simple service definition format

View File

@ -94,4 +94,4 @@ to [build distributed semaphores](https://learn.hashicorp.com/consul/developer-c
### Vault ### Vault
If you plan to use Consul KV as a backend for Vault, please review [this If you plan to use Consul KV as a backend for Vault, please review [this
tutorial](https://learn.hashicorp.com/tutorials/vault/ha-with-consul). tutorial](/vault/tutorials/day-one-consul/ha-with-consul?utm_source=docs).

View File

@ -1,7 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Consul Enterprise Admin Partitions page_title: Admin Partitions (Enterprise)
description: Consul Enterprise enables you to create partitions that can be administrated across namespaces. description: >-
Admin partitions define boundaries between services managed by separate teams, enabling a service mesh across k8s clusters controlled by a single Consul server. Learn about their requirements and how to deploy admin partitions on Kubernetes.
--- ---
# Consul Enterprise Admin Partitions # Consul Enterprise Admin Partitions

View File

@ -1,8 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Consul Enterprise Audit Logging page_title: Audit Logging (Enterprise)
description: >- description: >-
Consul Enterprise provides the ability to write events of user behavior with Consul's API so operations and security users can perform legal compliance auditing. Audit logging secures Consul by capturing a record of HTTP API access and usage. Learn how to format agent configuration files to enable audit logs and specify the path to save logs to.
--- ---
# Audit Logging # Audit Logging

View File

@ -1,10 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Consul Enterprise Automated Backups page_title: Automated Backups (Enterprise)
description: >- description: >-
Consul Enterprise provides a highly available service that manages taking Learn about launching the snapshot agent to automatically backup files to a cloud storage provider so that you can restore Consul servers. Supported providers include: Amazon S3, Google Cloud Storage, and Azure Blob Storage.
snapshots, rotation and sending backup files offsite to Amazon S3 (or
S3-compatible endpoints), Google Cloud Storage, or Azure Blob Storage.
--- ---
# Automated Backups # Automated Backups

View File

@ -1,10 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Consul Enterprise Advanced Federation page_title: Federated Network Areas (Enterprise)
description: >- description: >-
Consul Enterprise enables you to federate Consul datacenters together on a Network areas connect individual datacenters in a WAN federation, providing an alternative to connecting every datacenter. Learn how to support hub-and-spoke network topologies in a WAN federated Consul deployment.
pairwise basis, enabling partially-connected network topologies like
hub-and-spoke.
--- ---
# Consul Enterprise Advanced Federation # Consul Enterprise Advanced Federation

View File

@ -2,8 +2,7 @@
layout: docs layout: docs
page_title: Consul Enterprise page_title: Consul Enterprise
description: >- description: >-
Consul Enterprise features a number of capabilities beyond the open source Consul Enterprise is a paid offering that extends Consuls open source functions to support large and complex deployments. Learn about scaling infrastructure, simplifying operations, and making networks more resilient with Enterprise.
offering that may be beneficial in certain workflows.
--- ---
# Consul Enterprise # Consul Enterprise

View File

@ -1,7 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Consul Enterprise License FAQ page_title: Enterprise License FAQ
description: Frequently Asked Questions pertaining to Consul Enterprise Licensing. description: >-
Review frequently asked questions (FAQs) about Consul Enterprise licenses to learn more about how licenses work, what happens when they expire, and how to get a trial license.
--- ---
# Frequently Asked Questions (FAQ) # Frequently Asked Questions (FAQ)

View File

@ -1,7 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Consul Enterprise License page_title: Enterprise Licenses
description: Consul Enterprise License Overview. description: >-
Consul Enterprise server, client, and snapshot agents require a license on startup in order to use Enterprise features. Learn how to apply licenses using environment variables or configuration files.
--- ---
# Consul Enterprise License # Consul Enterprise License

View File

@ -1,7 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Consul Enterprise Namespaces page_title: Namespaces (Enterprise)
description: Consul Enterprise enables data isolation with Namespaces. description: >-
Namespaces reduce operational challenges in large deployments. Learn how to define a namespace so that multiple users or teams can access and use the same datacenter without impacting each other.
--- ---
# Consul Enterprise Namespaces # Consul Enterprise Namespaces

View File

@ -1,9 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Consul Enterprise Network Segments page_title: Network Segments (Enterprise)
description: |- description: >-
Consul Enterprise enables you create separate LAN gossip pools within one Network segments enable LAN gossip in a datacenter when network rules or firewalls prevent specific sets of clients from communicating directly. Learn about configuring server and client agents to operate in segmented networks.
cluster to segment network groups.
--- ---
# Network Segments # Network Segments

View File

@ -1,9 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Consul Enterprise Enhanced Read Scalability page_title: Read Replicas (Enterprise)
description: >- description: >-
Consul Enterprise supports increased read scalability without impacting write Learn how you can add non-voting servers to datacenters as read replicas to provide enhanced read scalability without impacting write latency.
latency by introducing read replicas.
--- ---
# Enhanced Read Scalability with Read Replicas # Enhanced Read Scalability with Read Replicas

View File

@ -1,9 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Consul Enterprise Redundancy Zones page_title: Redundancy Zones (Enterprise)
description: >- description: >-
Consul Enterprise redundancy zones enable hot standby servers on a per Redundancy zones are regions of a cluster containing "hot standby" servers, or non-voting servers that can replace voting servers in the event of a failure. Learn about redundancy zones and how they improve resiliency and increase fault tolerance without affecting latency.
availability zone basis.
--- ---
# Redundancy Zones # Redundancy Zones

View File

@ -1,10 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Sentinel in Consul page_title: Sentinel in Consul (Enterprise)
description: >- description: >-
Consul Enterprise uses Sentinel to augment the built-in ACL system to provide Sentinel is an access-control-policy-as-code framework and language. Learn how Consul can use Sentinel policies to extend the ACL system's capabilities and further secure your clusters by controlling key-value (KV) store write access.
advanced policy enforcement. Sentinel policies can currently execute on KV
modify and service registration.
--- ---
# Sentinel in Consul # Sentinel in Consul

View File

@ -1,10 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Consul Enterprise Automated Upgrades page_title: Automated Upgrades (Enterprise)
description: >- description: >-
Consul Enterprise supports an upgrade pattern that allows operators to deploy Automated upgrades simplify the process for updating Consul. Learn how Consul can gracefully transition from existing server agents to a new set of server agents without Consul downtime.
a complete cluster of new servers and then just wait for the upgrade to
complete.
--- ---
# Automated Upgrades # Automated Upgrades

View File

@ -1,15 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Bootstrapping a Datacenter page_title: Bootstrap a Datacenter
description: >- description: >-
An agent can run in both client and server mode. Server nodes are responsible Bootstrapping a datacenter is the initial deployment process in Consul that starts server agents and joins them together. Learn how to automatically or manually join servers in a cluster.
for running the consensus protocol and storing the cluster state. Before a
Consul cluster can begin to service requests, a server node must be elected
leader. Thus, the first nodes that are started are generally the server nodes.
Bootstrapping is the process of joining these server nodes into a cluster.
--- ---
# Bootstrapping a Datacenter # Bootstrap a Datacenter
An agent can run in either client or server mode. Server nodes are responsible for running the An agent can run in either client or server mode. Server nodes are responsible for running the
[consensus protocol](/docs/architecture/consensus) and storing the cluster state. [consensus protocol](/docs/architecture/consensus) and storing the cluster state.

View File

@ -1,9 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Cloud Auto-join page_title: Auto-join a Cloud Provider
description: >- description: >-
Consul supports automatically joining a Consul datacenter using cloud metadata Auto-join enables agents to automatically join other agents running in the cloud. To configure auto-join, specify agent addresses with compute node metadata for the cloud provider instead of an IP address. Use the CLI or an agent configuration file to configure cloud auto-join.
on various providers.
--- ---
# Cloud Auto-join # Cloud Auto-join

View File

@ -2,8 +2,7 @@
layout: docs layout: docs
page_title: Glossary page_title: Glossary
description: >- description: >-
This page collects brief definitions of some of the technical terms used in The glossary is a list of technical terms with a specific meaning in Consul. Use the glossary to understand Consul concepts and study for the certification exam.
the documentation.
--- ---
# Consul Vocabulary # Consul Vocabulary

View File

@ -1,9 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Get Started page_title: Install Consul
description: |- description: >-
Installing Consul is simple. You can download a precompiled binary, compile Install Consul to get started with service discovery and service mesh. Follow the installation instructions to download the precompiled binary, or use Go to compile from source.
from source or run on Kubernetes. This page details these methods.
--- ---
# Install Consul # Install Consul

View File

@ -1,11 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Manual Bootstrapping page_title: Manually Bootstrap a Datacenter
description: >- description: >-
When deploying Consul to a datacenter for the first time, there is an initial Manually bootstrap a datacenter to deploy your Consul servers and join them together for the first time. For Consul v0.4+, we recommend automatic bootstrapping instead.
bootstrapping that must be done. As of Consul 0.4, an automatic bootstrapping
is available and is the recommended approach. However, older versions only
support a manual bootstrap that is documented here.
--- ---
# Manually Bootstrapping a Datacenter # Manually Bootstrapping a Datacenter

View File

@ -1,10 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Server Performance page_title: Server Performance Requirements
description: >- description: >-
Consul requires different amounts of compute resources, depending on cluster Consul servers require sufficient compute resources to communicate and process data quickly. Learn about Consul's minimum server requirements and recommendations for different workloads.
size and expected workload. This guide provides guidance on choosing compute
resources.
--- ---
# Server Performance # Server Performance

View File

@ -2,8 +2,7 @@
layout: docs layout: docs
page_title: Required Ports page_title: Required Ports
description: >- description: >-
Before starting Consul it is important to have the necessary bind ports Consul requires multiple ports for directing DNS, HTTP, gRPC, gossip, and sidecar proxy requests. Learn about required and optional ports, and how Consul uses them for specific communication functions.
accessible.
--- ---
# Required Ports # Required Ports

View File

@ -1,9 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Consul Tools page_title: Consul Tools
description: |- description: >-
From this page you can download various tools for Consul. These tools are Consul's capabilities can be extended through integration with other tools. Learn about Consul-related tools created by HashiCorp and by the Consul community.
maintained by HashiCorp and the Consul Community.
--- ---
# Download Consul Tools # Download Consul Tools

View File

@ -1,7 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Network Infrastructure Automation Integration Program page_title: Network Infrastructure Automation (NIA) Integration Program
description: Guide to partnership integrations for Consul NIA description: >-
The Network Infrastructure Automation (NIA) Integration Program allows partners to develop Terraform modules for Consul-Terraform-Sync (CTS) that HashiCorp reviews to consider publishing as officially verified. Learn about how to participate in the program.
--- ---
# Network Infrastructure Automation Integration Program # Network Infrastructure Automation Integration Program

View File

@ -1,7 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Consul Integration Program page_title: Consul Integration Program
description: Guide to partnership integrations for Consul. description: >-
The Consul Integration Program allows approved partners to develop Consul integrations that HashiCorp reviews to consider publishing as officially verified. Learn about how to participate in the program.
--- ---
# Consul Integration Program # Consul Integration Program

View File

@ -1,12 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Internals page_title: Internals Overview
description: >- description: >-
This section covers some of the internals of Consul, such as the architecture, To enhance your understanding of how to use, troubleshoot, and secure Consul, learn more about Consul's internal properties and how it works under the hood.
consensus and gossip protocols, and security model.
--- ---
# Consul Internals # Consul Internals Overview
This section covers some of the internals of Consul. Understanding the internals of Consul is necessary to successfully This section covers some of the internals of Consul. Understanding the internals of Consul is necessary to successfully
use it in production. use it in production.

View File

@ -2,7 +2,7 @@
layout: docs layout: docs
page_title: Annotations and Labels page_title: Annotations and Labels
description: >- description: >-
The list of available labels and annotations for running Consul on Kubernetes. Annotations and labels configure Consul sidecar properties and injection behavior when scheduling Kubernetes clusters. Learn about the annotations and labels that enable Consuls service mesh and secure upstream communication on k8s in this reference guide.
--- ---
# Annotations and Labels # Annotations and Labels

View File

@ -1,8 +1,8 @@
--- ---
layout: docs layout: docs
page_title: Consul on Kubernetes Architecture page_title: Consul on Kubernetes Control Plane Architecture
description: >- description: >-
A high level overview of Consul on Kubernetes Architecture When running on Kubernetes, Consuls control plane architecture does not change significantly. Server agents are deployed as a StatefulSet with a persistent volume, while client agents run as a k8s DaemonSet with an exposed API port.
--- ---

View File

@ -1,10 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Compatibility Matrix page_title: Consul on Kubernetes Version Compatibility
description: Compatibility Matrix for Consul Kubernetes description: >-
New releases require corresponding version updates to Consul on Kubernetes and its Helm chart. Review the compatibility matrix for Consul and consul-k8s and additional notes for integrating Vault and third-party platforms.
--- ---
# Compatibility Matrix for Consul on Kubernetes # Consul on Kubernetes Version Compatibility
For every release of Consul on Kubernetes, a Helm chart, `consul-k8s-control-plane` binary and a `consul-k8s` CLI binary is built and distributed through a single version. When deploying via Helm, the recommended best path for upgrading Consul on Kubernetes, is to upgrade using the same `consul-k8s-control-plane` version as the Helm Chart, as the Helm Chart and Control Plane binary are tightly coupled. For every release of Consul on Kubernetes, a Helm chart, `consul-k8s-control-plane` binary and a `consul-k8s` CLI binary is built and distributed through a single version. When deploying via Helm, the recommended best path for upgrading Consul on Kubernetes, is to upgrade using the same `consul-k8s-control-plane` version as the Helm Chart, as the Helm Chart and Control Plane binary are tightly coupled.

View File

@ -1,10 +1,11 @@
--- "---
layout: docs layout: docs
page_title: Configuring a Connect CA Provider page_title: Configure Certificate Authority (CA) for Consul on Kubernetes
description: Configuring a Connect CA Provider description: >-
--- Consul includes a built-in CA, but when bootstrapping a cluster on k8s, you can configure your service mesh to use a custom certificate provider instead. Learn how to configure Vault as an external CA in primary and secondary datacenters and manually rotate Vault tokens.
---"
# Configuring a Connect CA Provider # Configure Certificate Authority (CA) for Consul on Kubernetes
~> **NOTE:** The instructions below should only be used for initially bootstrapping a cluster with **Consul K8s 0.38.0+.** ~> **NOTE:** The instructions below should only be used for initially bootstrapping a cluster with **Consul K8s 0.38.0+.**
To update the Connect CA provider on an existing cluster or to update any properties, such as tokens, of the CA provider, To update the Connect CA provider on an existing cluster or to update any properties, such as tokens, of the CA provider,

View File

@ -1,10 +1,11 @@
--- ---
layout: docs layout: docs
page_title: Kubernetes Health Checks page_title: Configure Health Checks for Consul on Kubernetes
description: Configuring Kubernetes Health Checks description: >-
Kubernetes has built-in health probes you can sync with Consul's health checks to ensure service mesh traffic is routed to healthy pods. Learn how to register a TTL Health check and use mutating webhooks to redirect k8s liveness, readiness, and startup probes through Envoy proxies.
--- ---
# Kubernetes Health Checks in Consul on Kubernetes # Configure Health Checks for Consul on Kubernetes
~> This topic requires familiarity with [Kubernetes Health Checks](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/). ~> This topic requires familiarity with [Kubernetes Health Checks](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/).

Some files were not shown because too many files have changed in this diff Show More