mirror of https://github.com/status-im/consul.git
Add go-sockaddr examples for multiple interfaces (#11998)
* Add overview example for multiple interfaces with go-sockaddr * Include go-sockaddr examples in agent configuration * Add changelog entry * Make suggested changes * Simplify hcl comment * Update link and fix gRPC * Switch index.mdx from Tabs to CodeTabs * Reformat new links for screen readers * Apply suggestions from code review Co-authored-by: mrspanishviking <kcardenas@hashicorp.com> * Fix spacing in code block Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
This commit is contained in:
parent
66c5c8f2b5
commit
7c3e8bd1c3
|
@ -193,11 +193,9 @@ The following settings are commonly used in the configuration file (also called
|
|||
The following example configuration is for a server agent named "`consul-server`". The server is [bootstrapped](/docs/agent/options#_bootstrap) and the Consul GUI is enabled.
|
||||
The reason this server agent is configured for a service mesh is that the `connect` configuration is enabled. Connect is Consul's service mesh component that provides service-to-service connection authorization and encryption using mutual Transport Layer Security (TLS). Applications can use sidecar proxies in a service mesh configuration to establish TLS connections for inbound and outbound connections without being aware of Connect at all. See [Connect](/docs/connect) for details.
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
<CodeTabs>
|
||||
|
||||
```hcl
|
||||
|
||||
node_name = "consul-server"
|
||||
server = true
|
||||
bootstrap = true
|
||||
|
@ -215,8 +213,6 @@ connect {
|
|||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="JSON">
|
||||
|
||||
```json
|
||||
{
|
||||
|
@ -238,19 +234,16 @@ connect {
|
|||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</CodeTabs>
|
||||
|
||||
### Server Node with Encryption Enabled
|
||||
|
||||
The following example shows a server node configured with encryption enabled.
|
||||
Refer to the [Security](/docs/security) chapter for additional information about how to configure security options for Consul.
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
<CodeTabs>
|
||||
|
||||
```hcl
|
||||
|
||||
node_name = "consul-server"
|
||||
server = true
|
||||
ui_config {
|
||||
|
@ -274,8 +267,6 @@ key_file = "/consul/config/certs/dc1-server-consul-0-key.pem"
|
|||
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="JSON">
|
||||
|
||||
```json
|
||||
{
|
||||
|
@ -299,19 +290,16 @@ key_file = "/consul/config/certs/dc1-server-consul-0-key.pem"
|
|||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</CodeTabs>
|
||||
|
||||
### Client Node Registering a Service
|
||||
|
||||
Using Consul as a central service registry is a common use case.
|
||||
The following example configuration includes common settings to register a service with a Consul agent and enable health checks (see [Checks](/docs/discovery/checks) to learn more about health checks):
|
||||
|
||||
<Tabs>
|
||||
<Tab heading="HCL">
|
||||
<CodeTabs>
|
||||
|
||||
```hcl
|
||||
|
||||
node_name = "consul-client"
|
||||
server = false
|
||||
datacenter = "dc1"
|
||||
|
@ -335,9 +323,6 @@ service {
|
|||
|
||||
```
|
||||
|
||||
</Tab>
|
||||
<Tab heading="JSON">
|
||||
|
||||
```json
|
||||
{
|
||||
"node_name": "consul-client",
|
||||
|
@ -363,8 +348,58 @@ service {
|
|||
}
|
||||
```
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
</CodeTabs>
|
||||
|
||||
## Client Node with Multiple Interfaces or IP addresses
|
||||
|
||||
The following example shows how to configure Consul to listen on multiple interfaces or IP addresses using a [go-sockaddr template].
|
||||
|
||||
The `bind_addr` is used for internal RPC and Serf communication ([read the Agent Configuration for more information](/docs/agent/options#bind_addr)).
|
||||
|
||||
The `client_addr` configuration specifies IP addresses used for HTTP, HTTPS, DNS and gRPC servers. ([read the Agent Configuration for more information](/docs/agent/options#client_addr)).
|
||||
|
||||
<CodeTabs>
|
||||
|
||||
```hcl
|
||||
node_name = "consul-server"
|
||||
server = true
|
||||
bootstrap = true
|
||||
ui_config {
|
||||
enabled = true
|
||||
}
|
||||
datacenter = "dc1"
|
||||
data_dir = "consul/data"
|
||||
log_level = "INFO"
|
||||
|
||||
# used for internal RPC and Serf
|
||||
bind_addr = "0.0.0.0"
|
||||
|
||||
# Used for HTTP, HTTPS, DNS, and gRPC addresses.
|
||||
# loopback is not included in GetPrivateInterfaces because it is not routable.
|
||||
client_addr = "{{ GetPrivateInterfaces | exclude \"type\" \"ipv6\" | join \"address\" \" \" }} {{ GetAllInterfaces | include \"flags\" \"loopback\" | join \"address\" \" \" }}"
|
||||
|
||||
# advertises gossip and RPC interface to other nodes
|
||||
advertise_addr = "{{ GetInterfaceIP \"en0\" }}"
|
||||
```
|
||||
|
||||
```json
|
||||
{
|
||||
"node_name": "consul-server",
|
||||
"server": true,
|
||||
"bootstrap": true,
|
||||
"ui_config": {
|
||||
"enabled": true
|
||||
},
|
||||
"datacenter": "dc1",
|
||||
"data_dir": "consul/data",
|
||||
"log_level": "INFO",
|
||||
"bind_addr": "{{ GetPrivateIP }}",
|
||||
"client_addr": "{{ GetPrivateInterfaces | exclude \"type\" \"ipv6\" | join \"address\" \" \" }} {{ GetAllInterfaces | include \"flags\" \"loopback\" | join \"address\" \" \" }}",
|
||||
"advertise_addr": "{{ GetInterfaceIP \"en0\"}}"
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
## Stopping an Agent
|
||||
|
||||
|
@ -402,3 +437,7 @@ from the load balancer pool.
|
|||
The [`skip_leave_on_interrupt`](/docs/agent/options#skip_leave_on_interrupt) and
|
||||
[`leave_on_terminate`](/docs/agent/options#leave_on_terminate) configuration
|
||||
options allow you to adjust this behavior.
|
||||
|
||||
<!-- list of reference-style links -->
|
||||
|
||||
[go-sockaddr template]: https://godoc.org/github.com/hashicorp/go-sockaddr/template
|
||||
|
|
|
@ -66,6 +66,15 @@ The options below are all specified on the command-line.
|
|||
state as other nodes will treat the non-routability as a failure. In Consul 1.1.0 and later this can be dynamically defined with a [go-sockaddr]
|
||||
template that is resolved at runtime.
|
||||
|
||||
<CodeBlockConfig>
|
||||
|
||||
```shell
|
||||
# Using a static network interface name
|
||||
$ consul agent -advertise '{{ GetInterfaceIP "eth0" }}'
|
||||
```
|
||||
|
||||
</CodeBlockConfig>
|
||||
|
||||
- `-advertise-wan` ((#\_advertise-wan)) - The advertise WAN address is used
|
||||
to change the address that we advertise to server nodes joining through the WAN.
|
||||
This can also be set on client agents when used in combination with the [`translate_wan_addrs`](#translate_wan_addrs) configuration option. By default, the [`-advertise`](#_advertise) address
|
||||
|
@ -139,11 +148,35 @@ The options below are all specified on the command-line.
|
|||
capture, it is possible to use [`discard_check_output`](#discard_check_output).
|
||||
|
||||
- `-client` ((#\_client)) - The address to which Consul will bind client
|
||||
interfaces, including the HTTP and DNS servers. By default, this is "127.0.0.1",
|
||||
interfaces, including the HTTP, HTTPS, gRPC and DNS servers. By default, this is "127.0.0.1",
|
||||
allowing only loopback connections. In Consul 1.0 and later this can be set to
|
||||
a space-separated list of addresses to bind to, or a [go-sockaddr]
|
||||
template that can potentially resolve to multiple addresses.
|
||||
|
||||
<CodeBlockConfig hideClipboard heading="Bind consul client interfaces to private IPv4 interfaces">
|
||||
|
||||
```shell
|
||||
$ consul agent -dev -client '{{ GetPrivateInterfaces | exclude "type" "ipv6" | join "address" " " }}'
|
||||
```
|
||||
|
||||
</CodeBlockConfig>
|
||||
|
||||
<CodeBlockConfig hideClipboard heading="Bind consul client interfaces to private IP addresses and loopback">
|
||||
|
||||
```shell
|
||||
$ consul agent -dev -client '{{ GetPrivateInterfaces | join "address" " " }} {{ GetAllInterfaces | include "flags" "loopback" | join "address" " " }}'
|
||||
```
|
||||
|
||||
</CodeBlockConfig>
|
||||
|
||||
<CodeBlockConfig hideClipboard heading="Exclude private interfaces that start with 'br-'">
|
||||
|
||||
```shell
|
||||
$ consul agent -dev -client '{{ GetPrivateInterfaces | exclude "name" "br.*" | join "address" " " }}'
|
||||
```
|
||||
|
||||
</CodeBlockConfig>
|
||||
|
||||
- `-config-file` ((#\_config_file)) - A configuration file to load. For
|
||||
more information on the format of this file, read the [Configuration Files](#configuration_files)
|
||||
section. This option can be specified multiple times to load multiple configuration
|
||||
|
|
Loading…
Reference in New Issue