applied final feedback

This commit is contained in:
trujillo-adam 2022-01-18 15:40:43 -08:00
parent 727dbbd817
commit 7573b80454

View File

@ -20,16 +20,16 @@ For other platforms, see [Ingress Gateway](/docs/connect/ingress-gateway).
## Requirements ## Requirements
* Consul versions 1.8.4+ is required to use the `IngressGateway` custom resource on Kubernetes. - Consul versions 1.8.4+ is required to use the `IngressGateway` custom resource on Kubernetes.
* Consul versions 1.8.0+ is required to use the `ingress-gateway` custom resource on all other platforms. - Consul versions 1.8.0+ is required to use the `ingress-gateway` custom resource on all other platforms.
## Usage ## Usage
1. Verify that your datacenter meets the conditions specified in the [Requirements](#requirements). 1. Verify that your datacenter meets the conditions specified in the [Requirements](#requirements).
1. Specify the `ingress-gateway` (`IngressGateway`) configuration in the agent configuration file (see [config_entries](/docs/agent/options#config_entries)) as described in [Configuration](#configuration). 1. Create a file containing the configuration entry settings (see [Configuration](#configuration)).
1. Apply the configuration using one of the following methods: 1. Apply the configuration settings using one of the following methods:
* Kubernetes CRD: Refer to the [Custom Resource Definitions](/docs/k8s/crds) documentation for details. - Kubernetes CRD: Refer to the [Custom Resource Definitions](/docs/k8s/crds) documentation for details.
* Issue the `consul config write` command: Refer to the [Consul Config Write](/commands/config/write) documentation for details. - Issue the `consul config write` command: Refer to the [Consul Config Write](/commands/config/write) documentation for details.
## Configuration ## Configuration
@ -153,6 +153,7 @@ spec:
] ]
} }
``` ```
</CodeTabs> </CodeTabs>
</Tab> </Tab>
</Tabs> </Tabs>
@ -202,7 +203,6 @@ The following examples describe possible use-cases for ingress gateway configura
The following example sets up a TCP listener on an ingress gateway named `us-east-ingress` to proxy traffic to the `db` service. The Consul Enterprise version also posits the gateway listener inside the `default` [namespace](/docs/enterprise/namespaces) and the `team-frontend` [admin partition](/docs/enterprise/admin-partitions): The following example sets up a TCP listener on an ingress gateway named `us-east-ingress` to proxy traffic to the `db` service. The Consul Enterprise version also posits the gateway listener inside the `default` [namespace](/docs/enterprise/namespaces) and the `team-frontend` [admin partition](/docs/enterprise/admin-partitions):
<Tabs> <Tabs>
<Tab heading="Consul OSS"> <Tab heading="Consul OSS">
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}> <CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
@ -326,14 +326,14 @@ spec:
In the following example, two listeners are configured on an ingress gateway named `us-east-ingress`: In the following example, two listeners are configured on an ingress gateway named `us-east-ingress`:
* The first listener is configured to listen on port `8080` and uses a wildcard (`*`) to proxy traffic to all services in the datacenter. - The first listener is configured to listen on port `8080` and uses a wildcard (`*`) to proxy traffic to all services in the datacenter.
* The second listener exposes the `api` and `web` services on port `4567` at user-provided hosts. - The second listener exposes the `api` and `web` services on port `4567` at user-provided hosts.
* TLS is enabled on every listener. - TLS is enabled on every listener.
The Consul Enterprise version implements the following additional configurations: The Consul Enterprise version implements the following additional configurations:
* The ingress gateway is set up in the `default` [namespace](/docs/enterprise/namespaces) and proxies traffic to all services in the `frontend` namespace. - The ingress gateway is set up in the `default` [namespace](/docs/enterprise/namespaces) and proxies traffic to all services in the `frontend` namespace.
* The `api` and `web` services are proxied to team-specific [admin partitions](/docs/enterprise/admin-partitions): - The `api` and `web` services are proxied to team-specific [admin partitions](/docs/enterprise/admin-partitions):
<Tabs> <Tabs>
<Tab heading="Consul OSS"> <Tab heading="Consul OSS">
@ -961,12 +961,6 @@ You can specify the following parameters to configure ingress gateway configurat
description: description:
'Refer to the [Kubernetes Namespaces documentation for Consul Enterprise](/docs/k8s/crds#consul-enterprise). The `namespace` parameter is not supported in Consul OSS (see [Kubernetes Namespaces in Consul OSS](/docs/k8s/crds#consul-oss)).', 'Refer to the [Kubernetes Namespaces documentation for Consul Enterprise](/docs/k8s/crds#consul-enterprise). The `namespace` parameter is not supported in Consul OSS (see [Kubernetes Namespaces in Consul OSS](/docs/k8s/crds#consul-oss)).',
}, },
{
name: 'partition',
enterprise: true,
description:
'Specifies the admin partition in which the configuration will apply. The value must match the partition in which the gateway is registered. Refer to the [Admin Partitions documentation](/docs/enterprise/admin-partitions) for additional information. The `partitions` parameter is not supported in Consul OSS.',
},
], ],
hcl: false, hcl: false,
}, },
@ -989,17 +983,20 @@ You can specify the following parameters to configure ingress gateway configurat
name: 'SDS', name: 'SDS',
yaml: false, yaml: false,
type: 'SDSConfig: <optional>', type: 'SDSConfig: <optional>',
description: "Defines a set of parameters that configures the gateway to load TLS certificates from an external SDS service. See [SDS](/docs/connect/gateways/ingress-gateway#sds) for more details on usage.<br><br>SDS properties defined in this field are used as defaults for all listeners on the gateway.", description:
'Defines a set of parameters that configures the gateway to load TLS certificates from an external SDS service. See [SDS](/docs/connect/gateways/ingress-gateway#sds) for more details on usage.<br><br>SDS properties defined in this field are used as defaults for all listeners on the gateway.',
children: [ children: [
{ {
name: 'ClusterName', name: 'ClusterName',
type: 'string', type: 'string',
description: "Specifies the name of the SDS cluster from which Consul should retrieve certificates. This cluster must be [specified in the Gateway's bootstrap configuration](/docs/connect/gateways/ingress-gateway#sds).", description:
"Specifies the name of the SDS cluster from which Consul should retrieve certificates. This cluster must be [specified in the Gateway's bootstrap configuration](/docs/connect/gateways/ingress-gateway#sds).",
}, },
{ {
name: 'CertResource', name: 'CertResource',
type: 'string', type: 'string',
description: "Specifies an SDS resource name. Consul will request the SDS resource name when fetching the certificate from the SDS service. Setting this causes all listeners to be served exclusively over TLS with this certificate unless overridden by listener-specific TLS configuration.", description:
'Specifies an SDS resource name. Consul will request the SDS resource name when fetching the certificate from the SDS service. Setting this causes all listeners to be served exclusively over TLS with this certificate unless overridden by listener-specific TLS configuration.',
}, },
], ],
}, },
@ -1110,12 +1107,14 @@ You can specify the following parameters to configure ingress gateway configurat
{ {
name: 'ClusterName', name: 'ClusterName',
type: 'string', type: 'string',
description: "The SDS cluster name to connect to to retrieve certificates. This cluster must be [specified in the Gateway's bootstrap configuration](/docs/connect/gateways/ingress-gateway#sds).", description:
"The SDS cluster name to connect to to retrieve certificates. This cluster must be [specified in the Gateway's bootstrap configuration](/docs/connect/gateways/ingress-gateway#sds).",
}, },
{ {
name: 'CertResource', name: 'CertResource',
type: 'string', type: 'string',
description: "The SDS resource name to request when fetching the certificate from the SDS service.", description:
'The SDS resource name to request when fetching the certificate from the SDS service.',
}, },
], ],
}, },
@ -1142,17 +1141,20 @@ You can specify the following parameters to configure ingress gateway configurat
{ {
name: 'SDS', name: 'SDS',
type: 'SDSConfig: <optional>', type: 'SDSConfig: <optional>',
description: "Defines a set of parameters that configures the listener to load TLS certificates from an external SDS service. See [SDS](/docs/connect/gateways/ingress-gateway#sds) for more details on usage.<br><br>SDS properties set here will be used as defaults for all services on this listener.", description:
'Defines a set of parameters that configures the listener to load TLS certificates from an external SDS service. See [SDS](/docs/connect/gateways/ingress-gateway#sds) for more details on usage.<br><br>SDS properties set here will be used as defaults for all services on this listener.',
children: [ children: [
{ {
name: 'ClusterName', name: 'ClusterName',
type: 'string', type: 'string',
description: "The SDS cluster name to connect to to retrieve certificates. This cluster must be [specified in the Gateway's bootstrap configuration](/docs/connect/gateways/ingress-gateway#sds).", description:
"The SDS cluster name to connect to to retrieve certificates. This cluster must be [specified in the Gateway's bootstrap configuration](/docs/connect/gateways/ingress-gateway#sds).",
}, },
{ {
name: 'CertResource', name: 'CertResource',
type: 'string', type: 'string',
description: "The SDS resource name to request when fetching the certificate from the SDS service.", description:
'The SDS resource name to request when fetching the certificate from the SDS service.',
}, },
], ],
}, },
@ -1162,4 +1164,3 @@ You can specify the following parameters to configure ingress gateway configurat
}, },
]} ]}
/> />