mirror of https://github.com/status-im/consul.git
Add tabs to config entry examples
This commit is contained in:
parent
9e77922daa
commit
394b1f2e7f
|
@ -43,11 +43,14 @@ description: >-
|
||||||
|
|
||||||
## Sample Config Entries
|
## Sample Config Entries
|
||||||
|
|
||||||
Set up a TCP listener for a single service:
|
<Tabs>
|
||||||
|
<Tab heading="HCL">
|
||||||
|
|
||||||
|
Set up a TCP listener on an ingress gateway named "us-east-ingress" to proxy traffic to the "db" service:
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
Kind = "ingress-gateway"
|
Kind = "ingress-gateway"
|
||||||
Name = "ingress-service"
|
Name = "us-east-ingress"
|
||||||
|
|
||||||
Listeners = [
|
Listeners = [
|
||||||
{
|
{
|
||||||
|
@ -62,13 +65,92 @@ Listeners = [
|
||||||
]
|
]
|
||||||
```
|
```
|
||||||
|
|
||||||
Set up a wildcard HTTP listener to proxy traffic to all available services,
|
</Tab>
|
||||||
make two services available over a custom port with user-provided hosts, and
|
<Tab heading="HCL (Consul Enterprise)">
|
||||||
enable TLS on every listener:
|
|
||||||
|
Set up a TCP listener on an ingress gateway named "us-east-ingress" in the default namespace
|
||||||
|
to proxy traffic to the "db" service in the ops namespace:
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
Kind = "ingress-gateway"
|
Kind = "ingress-gateway"
|
||||||
Name = "ingress-service"
|
Name = "us-east-ingress"
|
||||||
|
Namespace = "default"
|
||||||
|
|
||||||
|
Listeners = [
|
||||||
|
{
|
||||||
|
Port = 3456
|
||||||
|
Protocol = "tcp"
|
||||||
|
Services = [
|
||||||
|
{
|
||||||
|
Namespace = "ops"
|
||||||
|
Name = "db"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
```
|
||||||
|
|
||||||
|
</Tab>
|
||||||
|
<Tab heading="JSON">
|
||||||
|
|
||||||
|
Set up a TCP listener on an ingress gateway named "us-east-ingress" to proxy traffic to the "db" service:
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"Kind": "ingress-gateway",
|
||||||
|
"Name": "us-east-ingress",
|
||||||
|
"Listeners": [
|
||||||
|
{
|
||||||
|
"Port": 3456,
|
||||||
|
"Protocol": "tcp",
|
||||||
|
"Services": [
|
||||||
|
{
|
||||||
|
"Name": "db"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
</Tab>
|
||||||
|
<Tab heading="JSON (Consul Enterprise)">
|
||||||
|
|
||||||
|
Set up a TCP listener on an ingress gateway named "us-east-ingress" in the default namespace
|
||||||
|
to proxy traffic to the "db" service in the ops namespace:
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"Kind": "ingress-gateway",
|
||||||
|
"Name": "us-east-ingress",
|
||||||
|
"Namespace": "default",
|
||||||
|
"Listeners": [
|
||||||
|
{
|
||||||
|
"Port": 3456,
|
||||||
|
"Protocol": "tcp",
|
||||||
|
"Services": [
|
||||||
|
{
|
||||||
|
"Namespace": "ops",
|
||||||
|
"Name": "db"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
</Tab>
|
||||||
|
</Tabs>
|
||||||
|
|
||||||
|
<Tabs>
|
||||||
|
<Tab heading="HCL">
|
||||||
|
|
||||||
|
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the datacenter.
|
||||||
|
Also make two services available over a custom port with user-provided hosts, and enable TLS on every listener:
|
||||||
|
|
||||||
|
```hcl
|
||||||
|
Kind = "ingress-gateway"
|
||||||
|
Name = "us-east-ingress"
|
||||||
|
|
||||||
TLS {
|
TLS {
|
||||||
Enabled = true
|
Enabled = true
|
||||||
|
@ -101,6 +183,140 @@ Listeners = [
|
||||||
]
|
]
|
||||||
```
|
```
|
||||||
|
|
||||||
|
</Tab>
|
||||||
|
<Tab heading="HCL (Consul Enterprise)">
|
||||||
|
|
||||||
|
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the frontend namespace.
|
||||||
|
Also make two services in the frontend namespace available over a custom port with user-provided hosts, and enable TLS on every listener:
|
||||||
|
|
||||||
|
```hcl
|
||||||
|
Kind = "ingress-gateway"
|
||||||
|
Name = "us-east-ingress"
|
||||||
|
Namespace = "default"
|
||||||
|
|
||||||
|
TLS {
|
||||||
|
Enabled = true
|
||||||
|
}
|
||||||
|
|
||||||
|
Listeners = [
|
||||||
|
{
|
||||||
|
Port = 8080
|
||||||
|
Protocol = "http"
|
||||||
|
Services = [
|
||||||
|
{
|
||||||
|
Namespace = "frontend"
|
||||||
|
Name = "*"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Port = 4567
|
||||||
|
Protocol = "http"
|
||||||
|
Services = [
|
||||||
|
{
|
||||||
|
Namespace = "frontend"
|
||||||
|
Name = "api"
|
||||||
|
Hosts = ["foo.example.com", "foo.example.com:4567"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Namespace = "frontend"
|
||||||
|
Name = "web"
|
||||||
|
Hosts = ["website.example.com", "website.example.com:4567"]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
```
|
||||||
|
|
||||||
|
</Tab>
|
||||||
|
<Tab heading="JSON">
|
||||||
|
|
||||||
|
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the datacenter.
|
||||||
|
Also make two services available over a custom port with user-provided hosts, and enable TLS on every listener:
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"Kind": "ingress-gateway",
|
||||||
|
"Name": "us-east-ingress",
|
||||||
|
"TLS": {
|
||||||
|
"Enabled": true
|
||||||
|
},
|
||||||
|
"Listeners": [
|
||||||
|
{
|
||||||
|
"Port": 8080,
|
||||||
|
"Protocol": "http",
|
||||||
|
"Services": [
|
||||||
|
{
|
||||||
|
"Name": "*"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"Port": 4567,
|
||||||
|
"Protocol": "http",
|
||||||
|
"Services": [
|
||||||
|
{
|
||||||
|
"Name": "api",
|
||||||
|
"Hosts": ["foo.example.com", "foo.example.com:4567"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"Name": "web",
|
||||||
|
"Hosts": ["website.example.com", "website.example.com:4567"]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
</Tab>
|
||||||
|
<Tab heading="JSON (Consul Enterprise)">
|
||||||
|
|
||||||
|
Set up a wildcard HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to all services in the frontend namespace.
|
||||||
|
Also make two services in the frontend namespace available over a custom port with user-provided hosts, and enable TLS on every listener:
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"Kind": "ingress-gateway",
|
||||||
|
"Name": "us-east-ingress",
|
||||||
|
"Namespace": "default",
|
||||||
|
"TLS": {
|
||||||
|
"Enabled": true
|
||||||
|
},
|
||||||
|
"Listeners": [
|
||||||
|
{
|
||||||
|
"Port": 8080,
|
||||||
|
"Protocol": "http",
|
||||||
|
"Services": [
|
||||||
|
{
|
||||||
|
"Namespace": "frontend",
|
||||||
|
"Name": "*"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"Port": 4567,
|
||||||
|
"Protocol": "http",
|
||||||
|
"Services": [
|
||||||
|
{
|
||||||
|
"Namespace": "frontend",
|
||||||
|
"Name": "api",
|
||||||
|
"Hosts": ["foo.example.com", "foo.example.com:4567"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"Namespace": "frontend",
|
||||||
|
"Name": "web",
|
||||||
|
"Hosts": ["website.example.com", "website.example.com:4567"]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
</Tab>
|
||||||
|
</Tabs>
|
||||||
|
|
||||||
## Available Fields
|
## Available Fields
|
||||||
|
|
||||||
- `Kind` - Must be set to `ingress-gateway`
|
- `Kind` - Must be set to `ingress-gateway`
|
||||||
|
|
|
@ -17,8 +17,8 @@ description: >-
|
||||||
and will apply to all instances of the gateway with that name.
|
and will apply to all instances of the gateway with that name.
|
||||||
|
|
||||||
~> [Configuration entries](/docs/agent/config-entries) are global in scope. A configuration entry for a gateway name applies
|
~> [Configuration entries](/docs/agent/config-entries) are global in scope. A configuration entry for a gateway name applies
|
||||||
across all federated Consul datacenters. If ingress gateways in different Consul datacenters need to route to different
|
across all federated Consul datacenters. If terminating gateways in different Consul datacenters need to route to different
|
||||||
sets of services within their datacenter then the ingress gateways **must** be registered with different names.
|
sets of services within their datacenter then the terminating gateways **must** be registered with different names.
|
||||||
|
|
||||||
See [Terminating Gateway](/docs/connect/terminating-gateway) for more information.
|
See [Terminating Gateway](/docs/connect/terminating-gateway) for more information.
|
||||||
|
|
||||||
|
@ -43,11 +43,15 @@ description: >-
|
||||||
|
|
||||||
## Sample Config Entries
|
## Sample Config Entries
|
||||||
|
|
||||||
Link gateway "us-west-gateway" with the billing service:
|
<Tabs>
|
||||||
|
<Tab heading="HCL">
|
||||||
|
|
||||||
|
Link gateway named "us-west-gateway" with the billing service:
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
Kind = "terminating-gateway"
|
Kind = "terminating-gateway"
|
||||||
Name = "us-west-gateway"
|
Name = "us-west-gateway"
|
||||||
|
|
||||||
Services = [
|
Services = [
|
||||||
{
|
{
|
||||||
Name = "billing"
|
Name = "billing"
|
||||||
|
@ -55,27 +59,154 @@ Services = [
|
||||||
]
|
]
|
||||||
```
|
```
|
||||||
|
|
||||||
Link gateway "us-west-gateway" with the api service and specify a CA file for one-way TLS authentication:
|
</Tab>
|
||||||
|
<Tab heading="HCL (Consul Enterprise)">
|
||||||
|
|
||||||
|
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace:
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
Kind = "terminating-gateway"
|
Kind = "terminating-gateway"
|
||||||
Name = "us-west-gateway"
|
Name = "us-west-gateway"
|
||||||
|
Namespace = "default"
|
||||||
|
|
||||||
Services = [
|
Services = [
|
||||||
{
|
{
|
||||||
Name = "api"
|
Namespace = "finance"
|
||||||
|
Name = "billing"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
```
|
||||||
|
|
||||||
|
</Tab>
|
||||||
|
<Tab heading="JSON">
|
||||||
|
|
||||||
|
Link gateway named "us-west-gateway" with the billing service:
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"Kind": "terminating-gateway",
|
||||||
|
"Name": "us-west-gateway",
|
||||||
|
"Services": [
|
||||||
|
{
|
||||||
|
"Name": "billing"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
</Tab>
|
||||||
|
<Tab heading="JSON (Consul Enterprise)">
|
||||||
|
|
||||||
|
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace:
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"Kind": "terminating-gateway",
|
||||||
|
"Name": "us-west-gateway",
|
||||||
|
"Namespace": "default",
|
||||||
|
"Services": [
|
||||||
|
{
|
||||||
|
"Namespace": "finance",
|
||||||
|
"Name": "billing"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
</Tab>
|
||||||
|
</Tabs>
|
||||||
|
|
||||||
|
<Tabs>
|
||||||
|
<Tab heading="HCL">
|
||||||
|
|
||||||
|
Link gateway named "us-west-gateway" with the billing service and specify a CA file for one-way TLS authentication:
|
||||||
|
|
||||||
|
```hcl
|
||||||
|
Kind = "terminating-gateway"
|
||||||
|
Name = "us-west-gateway"
|
||||||
|
|
||||||
|
Services = [
|
||||||
|
{
|
||||||
|
Name = "billing"
|
||||||
CAFile = "/etc/certs/ca-chain.cert.pem"
|
CAFile = "/etc/certs/ca-chain.cert.pem"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
```
|
```
|
||||||
|
|
||||||
Link gateway "us-west-gateway" with the payments service and specify a CA file, key file, and cert file for mutual TLS authentication:
|
</Tab>
|
||||||
|
<Tab heading="HCL (Consul Enterprise)">
|
||||||
|
|
||||||
|
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace,
|
||||||
|
and specify a CA file for one-way TLS authentication:
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
Kind = "terminating-gateway"
|
Kind = "terminating-gateway"
|
||||||
Name = "us-west-gateway"
|
Name = "us-west-gateway"
|
||||||
|
Namespace = "default"
|
||||||
|
|
||||||
Services = [
|
Services = [
|
||||||
{
|
{
|
||||||
Name = "payments"
|
Namespace = "finance"
|
||||||
|
Name = "billing"
|
||||||
|
CAFile = "/etc/certs/ca-chain.cert.pem"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
```
|
||||||
|
|
||||||
|
</Tab>
|
||||||
|
<Tab heading="JSON">
|
||||||
|
|
||||||
|
Link gateway named "us-west-gateway" with the billing service and specify a CA file for one-way TLS authentication:
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"Kind": "terminating-gateway",
|
||||||
|
"Name": "us-west-gateway",
|
||||||
|
"Services": [
|
||||||
|
{
|
||||||
|
"Name": "billing",
|
||||||
|
"CAFile": "/etc/certs/ca-chain.cert.pem"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
</Tab>
|
||||||
|
<Tab heading="JSON (Consul Enterprise)">
|
||||||
|
|
||||||
|
Link gateway named "us-west-gateway" in the default namespace with the billing service in the finance namespace,
|
||||||
|
and specify a CA file for one-way TLS authentication:
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"Kind": "terminating-gateway",
|
||||||
|
"Name": "us-west-gateway",
|
||||||
|
"Namespace": "default",
|
||||||
|
"Services": [
|
||||||
|
{
|
||||||
|
"Namespace": "finance",
|
||||||
|
"Name": "billing",
|
||||||
|
"CAFile": "/etc/certs/ca-chain.cert.pem"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
</Tab>
|
||||||
|
</Tabs>
|
||||||
|
|
||||||
|
<Tabs>
|
||||||
|
<Tab heading="HCL">
|
||||||
|
|
||||||
|
Link gateway named "us-west-gateway" with the payments service and specify a CA file, key file, and cert file for mutual TLS authentication:
|
||||||
|
|
||||||
|
```hcl
|
||||||
|
Kind = "terminating-gateway"
|
||||||
|
Name = "us-west-gateway"
|
||||||
|
|
||||||
|
Services = [
|
||||||
|
{
|
||||||
|
Name = "billing"
|
||||||
CAFile = "/etc/certs/ca-chain.cert.pem"
|
CAFile = "/etc/certs/ca-chain.cert.pem"
|
||||||
KeyFile = "/etc/certs/gateway.key.pem"
|
KeyFile = "/etc/certs/gateway.key.pem"
|
||||||
CertFile = "/etc/certs/gateway.cert.pem"
|
CertFile = "/etc/certs/gateway.cert.pem"
|
||||||
|
@ -83,13 +214,110 @@ Services = [
|
||||||
]
|
]
|
||||||
```
|
```
|
||||||
|
|
||||||
Link gateway "us-west-gateway" with all services in the finance namespace, and configure default certificates for mutual TLS.
|
</Tab>
|
||||||
Also override the SNI and CA file used for connections to the billing service:
|
<Tab heading="HCL (Consul Enterprise)">
|
||||||
|
|
||||||
|
Link gateway named "us-west-gateway" in the default namespace with the payments service in the finance namespace.
|
||||||
|
Also specify a CA file, key file, and cert file for mutual TLS authentication:
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
Kind = "terminating-gateway"
|
Kind = "terminating-gateway"
|
||||||
Name = "us-west-gateway"
|
Name = "us-west-gateway"
|
||||||
Namespace = "default"
|
Namespace = "default"
|
||||||
|
|
||||||
|
Services = [
|
||||||
|
{
|
||||||
|
Namespace = "finance"
|
||||||
|
Name = "billing"
|
||||||
|
CAFile = "/etc/certs/ca-chain.cert.pem"
|
||||||
|
KeyFile = "/etc/certs/gateway.key.pem"
|
||||||
|
CertFile = "/etc/certs/gateway.cert.pem"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
```
|
||||||
|
|
||||||
|
</Tab>
|
||||||
|
<Tab heading="JSON">
|
||||||
|
|
||||||
|
Link gateway named "us-west-gateway" with the payments service and specify a CA file, key file, and cert file for mutual TLS authentication:
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"Kind": "terminating-gateway",
|
||||||
|
"Name": "us-west-gateway",
|
||||||
|
"Services": [
|
||||||
|
{
|
||||||
|
"Name": "billing",
|
||||||
|
"CAFile": "/etc/certs/ca-chain.cert.pem",
|
||||||
|
"KeyFile": "/etc/certs/gateway.key.pem",
|
||||||
|
"CertFile": "/etc/certs/gateway.cert.pem"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
</Tab>
|
||||||
|
<Tab heading="JSON (Consul Enterprise)">
|
||||||
|
|
||||||
|
Link gateway named "us-west-gateway" in the default namespace with the payments service in the finance namespace.
|
||||||
|
Also specify a CA file, key file, and cert file for mutual TLS authentication:
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"Kind": "terminating-gateway",
|
||||||
|
"Name": "us-west-gateway",
|
||||||
|
"Namespace": "default",
|
||||||
|
"Services": [
|
||||||
|
{
|
||||||
|
"Namespace": "finance",
|
||||||
|
"Name": "billing",
|
||||||
|
"CAFile": "/etc/certs/ca-chain.cert.pem",
|
||||||
|
"KeyFile": "/etc/certs/gateway.key.pem",
|
||||||
|
"CertFile": "/etc/certs/gateway.cert.pem"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
</Tab>
|
||||||
|
</Tabs>
|
||||||
|
|
||||||
|
<Tabs>
|
||||||
|
<Tab heading="HCL">
|
||||||
|
|
||||||
|
Link gateway named "us-west-gateway" with all services in the datacenter, and configure default certificates for mutual TLS.
|
||||||
|
Also override the SNI and CA file used for connections to the billing service:
|
||||||
|
|
||||||
|
```hcl
|
||||||
|
Kind = "terminating-gateway"
|
||||||
|
Name = "us-west-gateway"
|
||||||
|
|
||||||
|
Services = [
|
||||||
|
{
|
||||||
|
Name = "*"
|
||||||
|
CAFile = "/etc/common-certs/ca-chain.cert.pem"
|
||||||
|
KeyFile = "/etc/common-certs/gateway.key.pem"
|
||||||
|
CertFile = "/etc/common-certs/gateway.cert.pem"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Name = "billing"
|
||||||
|
CAFile = "/etc/billing-ca/ca-chain.cert.pem",
|
||||||
|
SNI = "billing.service.com"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
```
|
||||||
|
|
||||||
|
</Tab>
|
||||||
|
<Tab heading="HCL (Consul Enterprise)">
|
||||||
|
|
||||||
|
Link gateway named "us-west-gateway" in the default namespace with all services in the finance namespace,
|
||||||
|
and configure default certificates for mutual TLS. Also override the SNI and CA file used for connections to the billing service:
|
||||||
|
|
||||||
|
```hcl
|
||||||
|
Kind = "terminating-gateway"
|
||||||
|
Name = "us-west-gateway"
|
||||||
|
Namespace = "default"
|
||||||
|
|
||||||
Services = [
|
Services = [
|
||||||
{
|
{
|
||||||
Namespace = "finance"
|
Namespace = "finance"
|
||||||
|
@ -101,12 +329,72 @@ Services = [
|
||||||
{
|
{
|
||||||
Namespace = "finance"
|
Namespace = "finance"
|
||||||
Name = "billing"
|
Name = "billing"
|
||||||
CAFile = "/etc/billing-ca/ca-chain.cert.pem"
|
CAFile = "/etc/billing-ca/ca-chain.cert.pem",
|
||||||
SNI = "billing.service.com"
|
SNI = "billing.service.com"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
```
|
```
|
||||||
|
|
||||||
|
</Tab>
|
||||||
|
<Tab heading="JSON">
|
||||||
|
|
||||||
|
Link gateway named "us-west-gateway" with all services in the datacenter, and configure default certificates for mutual TLS.
|
||||||
|
Also override the SNI and CA file used for connections to the billing service:
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"Kind": "terminating-gateway",
|
||||||
|
"Name": "us-west-gateway",
|
||||||
|
"Services": [
|
||||||
|
{
|
||||||
|
"Name": "*",
|
||||||
|
"CAFile": "/etc/billing-ca/ca-chain.cert.pem",
|
||||||
|
"KeyFile": "/etc/certs/gateway.key.pem",
|
||||||
|
"CertFile": "/etc/certs/gateway.cert.pem",
|
||||||
|
"SNI": "billing.service.com"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"Name": "billing",
|
||||||
|
"CAFile": "/etc/billing-ca/ca-chain.cert.pem",
|
||||||
|
"SNI": "billing.service.com"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
</Tab>
|
||||||
|
<Tab heading="JSON (Consul Enterprise)">
|
||||||
|
|
||||||
|
Link gateway named "us-west-gateway" in the default namespace with all services in the finance namespace,
|
||||||
|
and configure default certificates for mutual TLS. Also override the SNI and CA file used for connections to the billing service:
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"Kind": "terminating-gateway",
|
||||||
|
"Name": "us-west-gateway",
|
||||||
|
"Namespace": "default",
|
||||||
|
"Services": [
|
||||||
|
{
|
||||||
|
"Namespace": "finance",
|
||||||
|
"Name": "*",
|
||||||
|
"CAFile": "/etc/billing-ca/ca-chain.cert.pem",
|
||||||
|
"KeyFile": "/etc/certs/gateway.key.pem",
|
||||||
|
"CertFile": "/etc/certs/gateway.cert.pem",
|
||||||
|
"SNI": "billing.service.com"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"Namespace": "finance",
|
||||||
|
"Name": "billing",
|
||||||
|
"CAFile": "/etc/billing-ca/ca-chain.cert.pem",
|
||||||
|
"SNI": "billing.service.com"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
</Tab>
|
||||||
|
</Tabs>
|
||||||
|
|
||||||
## Available Fields
|
## Available Fields
|
||||||
|
|
||||||
- `Kind` - Must be set to `terminating-gateway`
|
- `Kind` - Must be set to `terminating-gateway`
|
||||||
|
|
Loading…
Reference in New Issue