mirror of https://github.com/status-im/consul.git
website: address feedback
This commit is contained in:
parent
85d6502ab3
commit
6ea59241d1
|
@ -19,13 +19,19 @@ can easily integrate with Connect. There is no custom protocol in use;
|
|||
any language that supports TLS can accept and establish Connect-based
|
||||
connections.
|
||||
|
||||
We currently provide an easy-to-use [Go integration](/docs/connect/native/go.html)
|
||||
to assist with the getting the proper certificates, verifying connections,
|
||||
etc. We plan to add helper libraries for other languages in the future.
|
||||
However, without library support, it is still possible for any major language
|
||||
to integrate with Connect.
|
||||
|
||||
## Overview
|
||||
|
||||
The primary work involved in natively integrating with Connect is
|
||||
[acquiring the proper TLS certificate](/api/agent/connect.html#service-leaf-certificate),
|
||||
[verifying TLS certificates](/api/agent/connect.html#certificate-authority-ca-roots),
|
||||
and [authorizing inbound connections](/api/agent/connect.html#authorize).
|
||||
All of this is done using Consul's HTTP API using the previously-linked APIs.
|
||||
All of this is done using the Consul HTTP APIs linked above.
|
||||
|
||||
An overview of the sequence is shown below. The diagram and the following
|
||||
details may seem complex, but this is a _regular mutual TLS connection_ with
|
||||
|
|
|
@ -66,7 +66,8 @@ func main() {
|
|||
|
||||
The first step is to create a Consul API client. This is almost always the
|
||||
default configuration with an ACL token set, since you want to communicate
|
||||
to the local agent. The Go library will use this client to request certificates,
|
||||
to the local agent. The default configuration will also read the ACL token
|
||||
from environment variables if set. The Go library will use this client to request certificates,
|
||||
authorize connections, and more.
|
||||
|
||||
Next, `connect.NewService` is called to create a service structure representing
|
||||
|
@ -77,8 +78,8 @@ create one service and reuse that one service for all servers and clients.
|
|||
Finally, a standard `*http.Server` is created. The magic line is the `TLSConfig`
|
||||
value. This is set to a TLS configuration returned by the service structure.
|
||||
This TLS configuration is configured to automatically load certificates
|
||||
in the background, cache them, and authorize inbound connections. This
|
||||
also automatically handles maintaining blocking queries to update certificates
|
||||
in the background, cache them, and authorize inbound connections. The service
|
||||
structure automatically handles maintaining blocking queries to update certificates
|
||||
in the background if they change.
|
||||
|
||||
Since the service returns a standard `*tls.Config`, _any_ server that supports
|
||||
|
@ -151,7 +152,7 @@ Next, we call `svc.HTTPClient()` to return a specially configured
|
|||
`*http.Client`. This client will automatically established Connect-based
|
||||
connections using Consul service discovery.
|
||||
|
||||
Finally, we perform an HTTP `GET` request to a hypothetical user service.
|
||||
Finally, we perform an HTTP `GET` request to a hypothetical userinfo service.
|
||||
The HTTP client configuration automatically sends the correct client
|
||||
certificate, verifies the server certificate, and manages background
|
||||
goroutines for updating our certificates as necessary.
|
||||
|
|
Loading…
Reference in New Issue