Add tabs to config entry examples

This commit is contained in:
freddygv 2020-06-24 16:10:46 -06:00
parent 9e77922daa
commit 394b1f2e7f
2 changed files with 520 additions and 16 deletions

View File

@ -43,11 +43,14 @@ description: >-
## Sample Config Entries ## Sample Config Entries
Set up a TCP listener for a single service: <Tabs>
<Tab heading="HCL">
Set up a TCP listener on an ingress gateway named "us-east-ingress" to proxy traffic to the "db" service:
```hcl ```hcl
Kind = "ingress-gateway" Kind = "ingress-gateway"
Name = "ingress-service" Name = "us-east-ingress"
Listeners = [ Listeners = [
{ {
@ -62,13 +65,92 @@ Listeners = [
] ]
``` ```
Set up a wildcard HTTP listener to proxy traffic to all available services, </Tab>
make two services available over a custom port with user-provided hosts, and <Tab heading="HCL (Consul Enterprise)">
enable TLS on every listener:
Set up a TCP listener on an ingress gateway named "us-east-ingress" in the default namespace
to proxy traffic to the "db" service in the ops namespace:
```hcl ```hcl
Kind = "ingress-gateway" Kind = "ingress-gateway"
Name = "ingress-service" Name = "us-east-ingress"
Namespace = "default"
Listeners = [
{
Port = 3456
Protocol = "tcp"
Services = [
{
Namespace = "ops"
Name = "db"
}
]
}
]
```
</Tab>
<Tab heading="JSON">
Set up a TCP listener on an ingress gateway named "us-east-ingress" to proxy traffic to the "db" service:
```json
{
"Kind": "ingress-gateway",
"Name": "us-east-ingress",
"Listeners": [
{
"Port": 3456,
"Protocol": "tcp",
"Services": [
{
"Name": "db"
}
]
}
]
}
```
</Tab>
<Tab heading="JSON (Consul Enterprise)">
Set up a TCP listener on an ingress gateway named "us-east-ingress" in the default namespace
to proxy traffic to the "db" service in the ops namespace:
```json
{
"Kind": "ingress-gateway",
"Name": "us-east-ingress",
"Namespace": "default",
"Listeners": [
{
"Port": 3456,
"Protocol": "tcp",
"Services": [
{
"Namespace": "ops",
"Name": "db"
}
]
}
]
}
```
</Tab>
</Tabs>
<Tabs>
<Tab heading="HCL">
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the datacenter.
Also make two services available over a custom port with user-provided hosts, and enable TLS on every listener:
```hcl
Kind = "ingress-gateway"
Name = "us-east-ingress"
TLS { TLS {
Enabled = true Enabled = true
@ -101,6 +183,140 @@ Listeners = [
] ]
``` ```
</Tab>
<Tab heading="HCL (Consul Enterprise)">
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the frontend namespace.
Also make two services in the frontend namespace available over a custom port with user-provided hosts, and enable TLS on every listener:
```hcl
Kind = "ingress-gateway"
Name = "us-east-ingress"
Namespace = "default"
TLS {
Enabled = true
}
Listeners = [
{
Port = 8080
Protocol = "http"
Services = [
{
Namespace = "frontend"
Name = "*"
}
]
},
{
Port = 4567
Protocol = "http"
Services = [
{
Namespace = "frontend"
Name = "api"
Hosts = ["foo.example.com", "foo.example.com:4567"]
},
{
Namespace = "frontend"
Name = "web"
Hosts = ["website.example.com", "website.example.com:4567"]
}
]
}
]
```
</Tab>
<Tab heading="JSON">
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the datacenter.
Also make two services available over a custom port with user-provided hosts, and enable TLS on every listener:
```json
{
"Kind": "ingress-gateway",
"Name": "us-east-ingress",
"TLS": {
"Enabled": true
},
"Listeners": [
{
"Port": 8080,
"Protocol": "http",
"Services": [
{
"Name": "*"
}
]
},
{
"Port": 4567,
"Protocol": "http",
"Services": [
{
"Name": "api",
"Hosts": ["foo.example.com", "foo.example.com:4567"]
},
{
"Name": "web",
"Hosts": ["website.example.com", "website.example.com:4567"]
}
]
}
]
}
```
</Tab>
<Tab heading="JSON (Consul Enterprise)">
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the frontend namespace.
Also make two services in the frontend namespace available over a custom port with user-provided hosts, and enable TLS on every listener:
```json
{
"Kind": "ingress-gateway",
"Name": "us-east-ingress",
"Namespace": "default",
"TLS": {
"Enabled": true
},
"Listeners": [
{
"Port": 8080,
"Protocol": "http",
"Services": [
{
"Namespace": "frontend",
"Name": "*"
}
]
},
{
"Port": 4567,
"Protocol": "http",
"Services": [
{
"Namespace": "frontend",
"Name": "api",
"Hosts": ["foo.example.com", "foo.example.com:4567"]
},
{
"Namespace": "frontend",
"Name": "web",
"Hosts": ["website.example.com", "website.example.com:4567"]
}
]
}
]
}
```
</Tab>
</Tabs>
## Available Fields ## Available Fields
- `Kind` - Must be set to `ingress-gateway` - `Kind` - Must be set to `ingress-gateway`

View File

@ -17,8 +17,8 @@ description: >-
and will apply to all instances of the gateway with that name. and will apply to all instances of the gateway with that name.
~> [Configuration entries](/docs/agent/config-entries) are global in scope. A configuration entry for a gateway name applies ~> [Configuration entries](/docs/agent/config-entries) are global in scope. A configuration entry for a gateway name applies
across all federated Consul datacenters. If ingress gateways in different Consul datacenters need to route to different across all federated Consul datacenters. If terminating gateways in different Consul datacenters need to route to different
sets of services within their datacenter then the ingress gateways **must** be registered with different names. sets of services within their datacenter then the terminating gateways **must** be registered with different names.
See [Terminating Gateway](/docs/connect/terminating-gateway) for more information. See [Terminating Gateway](/docs/connect/terminating-gateway) for more information.
@ -43,11 +43,15 @@ description: >-
## Sample Config Entries ## Sample Config Entries
Link gateway "us-west-gateway" with the billing service: <Tabs>
<Tab heading="HCL">
Link gateway named "us-west-gateway" with the billing service:
```hcl ```hcl
Kind = "terminating-gateway" Kind = "terminating-gateway"
Name = "us-west-gateway" Name = "us-west-gateway"
Services = [ Services = [
{ {
Name = "billing" Name = "billing"
@ -55,27 +59,154 @@ Services = [
] ]
``` ```
Link gateway "us-west-gateway" with the api service and specify a CA file for one-way TLS authentication: </Tab>
<Tab heading="HCL (Consul Enterprise)">
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace:
```hcl ```hcl
Kind = "terminating-gateway" Kind = "terminating-gateway"
Name = "us-west-gateway" Name = "us-west-gateway"
Namespace = "default"
Services = [ Services = [
{ {
Name = "api" Namespace = "finance"
Name = "billing"
}
]
```
</Tab>
<Tab heading="JSON">
Link gateway named "us-west-gateway" with the billing service:
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Services": [
{
"Name": "billing"
}
]
}
```
</Tab>
<Tab heading="JSON (Consul Enterprise)">
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace:
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Namespace": "default",
"Services": [
{
"Namespace": "finance",
"Name": "billing"
}
]
}
```
</Tab>
</Tabs>
<Tabs>
<Tab heading="HCL">
Link gateway named "us-west-gateway" with the billing service and specify a CA file for one-way TLS authentication:
```hcl
Kind = "terminating-gateway"
Name = "us-west-gateway"
Services = [
{
Name = "billing"
CAFile = "/etc/certs/ca-chain.cert.pem" CAFile = "/etc/certs/ca-chain.cert.pem"
} }
] ]
``` ```
Link gateway "us-west-gateway" with the payments service and specify a CA file, key file, and cert file for mutual TLS authentication: </Tab>
<Tab heading="HCL (Consul Enterprise)">
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace,
and specify a CA file for one-way TLS authentication:
```hcl ```hcl
Kind = "terminating-gateway" Kind = "terminating-gateway"
Name = "us-west-gateway" Name = "us-west-gateway"
Namespace = "default"
Services = [ Services = [
{ {
Name = "payments" Namespace = "finance"
Name = "billing"
CAFile = "/etc/certs/ca-chain.cert.pem"
}
]
```
</Tab>
<Tab heading="JSON">
Link gateway named "us-west-gateway" with the billing service and specify a CA file for one-way TLS authentication:
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Services": [
{
"Name": "billing",
"CAFile": "/etc/certs/ca-chain.cert.pem"
}
]
}
```
</Tab>
<Tab heading="JSON (Consul Enterprise)">
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace,
and specify a CA file for one-way TLS authentication:
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Namespace": "default",
"Services": [
{
"Namespace": "finance",
"Name": "billing",
"CAFile": "/etc/certs/ca-chain.cert.pem"
}
]
}
```
</Tab>
</Tabs>
<Tabs>
<Tab heading="HCL">
Link gateway named "us-west-gateway" with the payments service and specify a CA file, key file, and cert file for mutual TLS authentication:
```hcl
Kind = "terminating-gateway"
Name = "us-west-gateway"
Services = [
{
Name = "billing"
CAFile = "/etc/certs/ca-chain.cert.pem" CAFile = "/etc/certs/ca-chain.cert.pem"
KeyFile = "/etc/certs/gateway.key.pem" KeyFile = "/etc/certs/gateway.key.pem"
CertFile = "/etc/certs/gateway.cert.pem" CertFile = "/etc/certs/gateway.cert.pem"
@ -83,13 +214,110 @@ Services = [
] ]
``` ```
Link gateway "us-west-gateway" with all services in the finance namespace, and configure default certificates for mutual TLS. </Tab>
Also override the SNI and CA file used for connections to the billing service: <Tab heading="HCL (Consul Enterprise)">
Link gateway named "us-west-gateway" in the default namespace with the payments service in the finance namespace.
Also specify a CA file, key file, and cert file for mutual TLS authentication:
```hcl ```hcl
Kind = "terminating-gateway" Kind = "terminating-gateway"
Name = "us-west-gateway" Name = "us-west-gateway"
Namespace = "default" Namespace = "default"
Services = [
{
Namespace = "finance"
Name = "billing"
CAFile = "/etc/certs/ca-chain.cert.pem"
KeyFile = "/etc/certs/gateway.key.pem"
CertFile = "/etc/certs/gateway.cert.pem"
}
]
```
</Tab>
<Tab heading="JSON">
Link gateway named "us-west-gateway" with the payments service and specify a CA file, key file, and cert file for mutual TLS authentication:
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Services": [
{
"Name": "billing",
"CAFile": "/etc/certs/ca-chain.cert.pem",
"KeyFile": "/etc/certs/gateway.key.pem",
"CertFile": "/etc/certs/gateway.cert.pem"
}
]
}
```
</Tab>
<Tab heading="JSON (Consul Enterprise)">
Link gateway named "us-west-gateway" in the default namespace with the payments service in the finance namespace.
Also specify a CA file, key file, and cert file for mutual TLS authentication:
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Namespace": "default",
"Services": [
{
"Namespace": "finance",
"Name": "billing",
"CAFile": "/etc/certs/ca-chain.cert.pem",
"KeyFile": "/etc/certs/gateway.key.pem",
"CertFile": "/etc/certs/gateway.cert.pem"
}
]
}
```
</Tab>
</Tabs>
<Tabs>
<Tab heading="HCL">
Link gateway named "us-west-gateway" with all services in the datacenter, and configure default certificates for mutual TLS.
Also override the SNI and CA file used for connections to the billing service:
```hcl
Kind = "terminating-gateway"
Name = "us-west-gateway"
Services = [
{
Name = "*"
CAFile = "/etc/common-certs/ca-chain.cert.pem"
KeyFile = "/etc/common-certs/gateway.key.pem"
CertFile = "/etc/common-certs/gateway.cert.pem"
},
{
Name = "billing"
CAFile = "/etc/billing-ca/ca-chain.cert.pem",
SNI = "billing.service.com"
}
]
```
</Tab>
<Tab heading="HCL (Consul Enterprise)">
Link gateway named "us-west-gateway" in the default namespace with all services in the finance namespace,
and configure default certificates for mutual TLS. Also override the SNI and CA file used for connections to the billing service:
```hcl
Kind = "terminating-gateway"
Name = "us-west-gateway"
Namespace = "default"
Services = [ Services = [
{ {
Namespace = "finance" Namespace = "finance"
@ -101,12 +329,72 @@ Services = [
{ {
Namespace = "finance" Namespace = "finance"
Name = "billing" Name = "billing"
CAFile = "/etc/billing-ca/ca-chain.cert.pem" CAFile = "/etc/billing-ca/ca-chain.cert.pem",
SNI = "billing.service.com" SNI = "billing.service.com"
} }
] ]
``` ```
</Tab>
<Tab heading="JSON">
Link gateway named "us-west-gateway" with all services in the datacenter, and configure default certificates for mutual TLS.
Also override the SNI and CA file used for connections to the billing service:
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Services": [
{
"Name": "*",
"CAFile": "/etc/billing-ca/ca-chain.cert.pem",
"KeyFile": "/etc/certs/gateway.key.pem",
"CertFile": "/etc/certs/gateway.cert.pem",
"SNI": "billing.service.com"
},
{
"Name": "billing",
"CAFile": "/etc/billing-ca/ca-chain.cert.pem",
"SNI": "billing.service.com"
}
]
}
```
</Tab>
<Tab heading="JSON (Consul Enterprise)">
Link gateway named "us-west-gateway" in the default namespace with all services in the finance namespace,
and configure default certificates for mutual TLS. Also override the SNI and CA file used for connections to the billing service:
```json
{
"Kind": "terminating-gateway",
"Name": "us-west-gateway",
"Namespace": "default",
"Services": [
{
"Namespace": "finance",
"Name": "*",
"CAFile": "/etc/billing-ca/ca-chain.cert.pem",
"KeyFile": "/etc/certs/gateway.key.pem",
"CertFile": "/etc/certs/gateway.cert.pem",
"SNI": "billing.service.com"
},
{
"Namespace": "finance",
"Name": "billing",
"CAFile": "/etc/billing-ca/ca-chain.cert.pem",
"SNI": "billing.service.com"
}
]
}
```
</Tab>
</Tabs>
## Available Fields ## Available Fields
- `Kind` - Must be set to `terminating-gateway` - `Kind` - Must be set to `terminating-gateway`