diff --git a/website/content/docs/connect/config-entries/ingress-gateway.mdx b/website/content/docs/connect/config-entries/ingress-gateway.mdx index 6ada45780c..6be29df290 100644 --- a/website/content/docs/connect/config-entries/ingress-gateway.mdx +++ b/website/content/docs/connect/config-entries/ingress-gateway.mdx @@ -397,9 +397,13 @@ spec: <Tabs> <Tab heading="Consul OSS"> -Set up a HTTP listener on an ingress gateway named "us-east-ingress" to proxy +Set up an HTTP listener on an ingress gateway named "us-east-ingress" to proxy traffic to a virtual service named "api". +Additionally, ensure internal-only debug headers are stripped before responding +to external clients, and that requests to internal services are labelled to +indicate which gateway they came through. + <CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}> ```hcl @@ -413,6 +417,14 @@ Listeners = [ Services = [ { Name = "api" + RequestHeaders { + Add { + "x-gateway" = "us-east-ingress" + } + } + ResponseHeaders { + Remove = ["x-debug"] + } } ] } @@ -430,6 +442,7 @@ spec: protocol: http services: - name: api + # HTTP Header manipulation is not yet supported in Kubernetes CRD ``` ```json @@ -442,7 +455,15 @@ spec: "Protocol": "http", "Services": [ { - "Name": "api" + "Name": "api", + "RequestHeaders": { + "Add": { + "x-gateway": "us-east-ingress" + } + }, + "ResponseHeaders": { + "Remove": ["x-debug"] + } } ] } @@ -455,9 +476,13 @@ spec: </Tab> <Tab heading="Consul Enterprise"> -Set up a HTTP listener on an ingress gateway named "us-east-ingress" in the +Set up an HTTP listener on an ingress gateway named "us-east-ingress" in the default namespace to proxy traffic to a virtual service named "api". +Additionally, ensure internal-only debug headers are stripped before responding +to external clients, and that requests to internal services are labelled to +indicate which gateway they came through. + <CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}> ```hcl @@ -473,6 +498,14 @@ Listeners = [ { Name = "api" Namespace = "frontend" + RequestHeaders { + Add { + "x-gateway" = "us-east-ingress" + } + } + ResponseHeaders { + Remove = ["x-debug"] + } } ] } @@ -492,6 +525,7 @@ spec: services: - name: api namespace: frontend + # HTTP Header manipulation is not yet supported in Kubernetes CRD ``` ```json @@ -506,7 +540,15 @@ spec: "Services": [ { "Name": "api", - "Namespace": "frontend" + "Namespace": "frontend", + "RequestHeaders": { + "Add": { + "x-gateway": "us-east-ingress" + } + }, + "ResponseHeaders": { + "Remove": ["x-debug"] + } } ] } @@ -838,6 +880,22 @@ spec: records. For example, \`*.example.com\` is valid, while \`example.*\` and \`*-suffix.example.com\` are not.`, }, + { + yaml: false, + name: 'RequestHeaders', + type: 'HTTPHeaderModifiers: <optional>', + description: `A set of [HTTP-specific header modification rules](/docs/connect/config-entries/service-router#httpheadermodifiers) + that will be applied to requests routed to this service. + This cannot be used with a \`tcp\` listener.`, + }, + { + yaml: false, + name: 'ResponseHeaders', + type: 'HTTPHeaderModifiers: <optional>', + description: `A set of [HTTP-specific header modification rules](/docs/connect/config-entries/service-router#httpheadermodifiers) + that will be applied to responses from this service. + This cannot be used with a \`tcp\` listener.`, + }, ], }, ], diff --git a/website/content/docs/connect/config-entries/service-router.mdx b/website/content/docs/connect/config-entries/service-router.mdx index 7bc6af1fb0..3e02f16011 100644 --- a/website/content/docs/connect/config-entries/service-router.mdx +++ b/website/content/docs/connect/config-entries/service-router.mdx @@ -574,6 +574,71 @@ spec: description: 'A list of HTTP response status codes that are eligible for retry.', }, + { + yaml: false, + name: 'RequestHeaders', + type: 'HTTPHeaderModifiers: <optional>', + description: `A set of [HTTP-specific header modification rules](/docs/connect/config-entries/service-router#httpheadermodifiers) + that will be applied to requests routed to this service. + This cannot be used with a \`tcp\` listener.`, + }, + { + yaml: false, + name: 'ResponseHeaders', + type: 'HTTPHeaderModifiers: <optional>', + description: `A set of [HTTP-specific header modification rules](/docs/connect/config-entries/service-router#httpheadermodifiers) + that will be applied to responses from this service. + This cannot be used with a \`tcp\` listener.`, + }, + ]} +/> + + +### `HTTPHeaderModifiers` + +<ConfigEntryReference + topLevel={false} + yaml={false} + keys={[ + { + hcl: false, + name: 'Unsupported', + type: '', + description: `HTTP Header modification is not yet supported in our Kubernetes CRDs.`, + }, + { + yaml: false, + name: 'Add', + type: 'map<string|string>: optional', + description: `The set of key/value pairs that specify header values to add. + Use header names as keys. Header names are _not_ case-sensitive. + If header values with the same name already exist, the value set here will + be appended and both will be present. + If Envoy is used as the proxy, the value may contain + [variable placeholders](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#custom-request-response-headers) for example + \`%DOWNSTREAM_REMOTE_ADDRESS%\` to interpolate dynamic request + metadata into the value added.`, + }, + { + yaml: false, + name: 'Set', + type: 'map<string|string>: optional', + description: `The set of key/value pairs that specify header values to add. + Use header names as keys. Header names are _not_ case-sensitive. + If header values with the same name already exist, the value set here will + _replace_ them. + If Envoy is used as the proxy, the value may contain + [variable placeholders](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#custom-request-response-headers) for example + \`%DOWNSTREAM_REMOTE_ADDRESS%\` to interpolate dynamic request + metadata into the value added.`, + }, + { + yaml: false, + name: 'Remove', + type: 'array<string>: optional', + description: `The set of header names to remove. Only headers + whose names are a <i>case-insensitive</i> exact match will be removed`, + }, ]} /> diff --git a/website/content/docs/connect/config-entries/service-splitter.mdx b/website/content/docs/connect/config-entries/service-splitter.mdx index ad3798c785..f6eb62ddf7 100644 --- a/website/content/docs/connect/config-entries/service-splitter.mdx +++ b/website/content/docs/connect/config-entries/service-splitter.mdx @@ -146,6 +146,68 @@ spec: </CodeTabs> + +### Set HTTP Headers + +Split traffic between two subsets with extra headers added so clients can tell +which version (not yet supported in Kubernetes CRD): + +<CodeTabs tabs={[ "HCL", "JSON" ]}> + +```hcl +Kind = "service-splitter" +Name = "web" +Splits = [ + { + Weight = 90 + ServiceSubset = "v1" + ResponseHeaders { + Set { + "X-Web-Version": "v1" + } + } + }, + { + Weight = 10 + ServiceSubset = "v2" + ResponseHeaders { + Set { + "X-Web-Version": "v2" + } + } + }, +] +``` + +```json +{ + "Kind": "service-splitter", + "Name": "web", + "Splits": [ + { + "Weight": 90, + "ServiceSubset": "v1", + "ResponseHeaders": { + "Set": { + "X-Web-Version": "v1" + } + } + }, + { + "Weight": 10, + "ServiceSubset": "v2", + "ResponseHeaders": { + "Set": { + "X-Web-Version": "v2" + } + } + } + ] +} +``` + +</CodeTabs> + ## Available Fields <ConfigEntryReference @@ -231,6 +293,22 @@ spec: description: 'The namespace to resolve the service from instead of the current namespace. If empty the current namespace is assumed.', }, + { + yaml: false, + name: 'RequestHeaders', + type: 'HTTPHeaderModifiers: <optional>', + description: `A set of [HTTP-specific header modification rules](/docs/connect/config-entries/service-router#httpheadermodifiers) + that will be applied to requests routed to this split. + This cannot be used with a \`tcp\` listener.`, + }, + { + yaml: false, + name: 'ResponseHeaders', + type: 'HTTPHeaderModifiers: <optional>', + description: `A set of [HTTP-specific header modification rules](/docs/connect/config-entries/service-router#httpheadermodifiers) + that will be applied to responses from this split. + This cannot be used with a \`tcp\` listener.`, + }, ], }, ]}