Move cfg entry docs to under connect from agent

Since all config entries are currently related to service mesh it's a
much more natural place to look for them under Service Mesh than under
Agent.
This commit is contained in:
Luke Kysow 2021-01-08 08:46:45 -08:00
parent 3c66a9a697
commit a73111ba82
31 changed files with 192 additions and 177 deletions

View File

@ -118,8 +118,16 @@
/downloads_tools /docs/download-tools 301!
/docs/k8s/ambassador /docs/k8s/connect/ambassador 301!
/docs/k8s/installation/overview /docs/k8s/installation/install 301!
/docs/k8s/installation/muti-cluster/overview /docs/k8s/installation/multi-cluster 301!
/docs/k8s/installation/multi-cluster/overview /docs/k8s/installation/multi-cluster 301!
/docs/partnerships /docs/integrate/partnerships 301!
/docs/agent/config-entries/ingress-gateway /docs/connect/config-entries/ingress-gateway 301!
/docs/agent/config-entries/proxy-defaults /docs/connect/config-entries/proxy-defaults 301!
/docs/agent/config-entries/service-defaults /docs/connect/config-entries/service-defaults 301!
/docs/agent/config-entries/service-intentions /docs/connect/config-entries/service-intentions 301!
/docs/agent/config-entries/service-resolver /docs/connect/config-entries/service-resolver 301!
/docs/agent/config-entries/service-router /docs/connect/config-entries/service-router 301!
/docs/agent/config-entries/service-splitter /docs/connect/config-entries/service-splitter 301!
/docs/agent/config-entries/terminating-gateway /docs/connect/config-entries/terminating-gateway 301!
# CLI redirects
/docs/commands /commands 301!

View File

@ -14,7 +14,7 @@ The `/connect/intentions` endpoint provide tools for managing
-> **1.9.0 and later:** Reading and writing intentions has been
migrated to the
[`service-intentions`](/docs/agent/config-entries/service-intentions)
[`service-intentions`](/docs/connect/config-entries/service-intentions)
config entry kind.
## Upsert Intention by Name ((#upsert-intention-by-name))
@ -87,7 +87,7 @@ The table below shows this endpoint's support for
the `Permissions` field.
- `Permissions` `(array<IntentionPermission>)` - The list of all [additional L7
attributes](/docs/agent/config-entries/service-intentions#intentionpermission)
attributes](/docs/connect/config-entries/service-intentions#intentionpermission)
that extend the intention match criteria.
Permission precedence is applied top to bottom. For any given request the
@ -131,7 +131,7 @@ true
-> **Deprecated** - This endpoint is deprecated in Consul 1.9.0 in favor of
[upserting by name](#upsert-intention-by-name) or editing the
[`service-intentions`](/docs/agent/config-entries/service-intentions) config
[`service-intentions`](/docs/connect/config-entries/service-intentions) config
entry for the destination.
This endpoint creates a new intention and returns its ID if it was created
@ -234,7 +234,7 @@ $ curl \
-> **Deprecated** - This endpoint is deprecated in Consul 1.9.0 in favor of
[upserting by name](#upsert-intention-by-name) or editing the
[`service-intentions`](/docs/agent/config-entries/service-intentions) config
[`service-intentions`](/docs/connect/config-entries/service-intentions) config
entry for the destination.
This endpoint updates an intention with the given values.
@ -363,7 +363,7 @@ $ curl \
-> **Deprecated** - This endpoint is deprecated in Consul 1.9.0 in favor of
[reading by name](#read-specific-intention-by-name) or by viewing the
[`service-intentions`](/docs/agent/config-entries/service-intentions)
[`service-intentions`](/docs/connect/config-entries/service-intentions)
config entry for the destination.
This endpoint reads a specific intention.
@ -570,7 +570,7 @@ $ curl \
-> **Deprecated** - This endpoint is deprecated in Consul 1.9.0 in favor of
[deleting by name](#delete-intention-by-name) or editing the
[`service-intentions`](/docs/agent/config-entries/service-intentions) config
[`service-intentions`](/docs/connect/config-entries/service-intentions) config
entry for the destination.
This endpoint deletes a specific intention.

View File

@ -65,7 +65,7 @@ The table below shows this endpoint's support for
### POST Body Parameters
- `OverrideConnectTimeout` `(duration: 0s)` - Overrides the final [connect
timeout](/docs/agent/config-entries/service-resolver#connecttimeout) for
timeout](/docs/connect/config-entries/service-resolver#connecttimeout) for
any service resolved in the compiled chain.
This value comes from the `connect_timeout_ms` key in an [upstream
@ -75,7 +75,7 @@ The table below shows this endpoint's support for
parameter.
- `OverrideProtocol` `(string: "")` - Overrides the final
[protocol](/docs/agent/config-entries/service-defaults#protocol) used in
[protocol](/docs/connect/config-entries/service-defaults#protocol) used in
the compiled discovery chain.
If the chain ordinarily would be TCP and an L7 protocol is passed here the

View File

@ -9,7 +9,7 @@ sidebar_title: create
-> **Deprecated** - This command is deprecated in Consul 1.9.0 in favor of
using the [config entry CLI command](/commands/config/write). To create an
intention, create or modify a
[`service-intentions`](/docs/agent/config-entries/service-intentions) config
[`service-intentions`](/docs/connect/config-entries/service-intentions) config
entry for the destination.
Command: `consul intention create`

View File

@ -12,7 +12,7 @@ The `intention delete` command deletes a matching intention.
-> **Deprecated** - The one argument form of this command is deprecated in
Consul 1.9.0. Intentions no longer need IDs when represented as
[`service-intentions`](/docs/agent/config-entries/service-intentions) config
[`service-intentions`](/docs/connect/config-entries/service-intentions) config
entries.
## Usage

View File

@ -12,7 +12,7 @@ The `intention get` command shows a single intention.
-> **Deprecated** - The one argument form of this command is deprecated in
Consul 1.9.0. Intentions no longer need IDs when represented as
[`service-intentions`](/docs/agent/config-entries/service-intentions) config
[`service-intentions`](/docs/connect/config-entries/service-intentions) config
entries.
## Usage

View File

@ -14,7 +14,7 @@ creating, updating, reading, deleting, checking, and managing intentions.
This command is available in Consul 1.2 and later.
Intentions are managed primarily via
[`service-intentions`](/docs/agent/config-entries/service-intentions) config
[`service-intentions`](/docs/connect/config-entries/service-intentions) config
entries after Consul 1.9. Intentions may also be managed via the [HTTP
API](/api/connect/intentions).

View File

@ -1,6 +1,6 @@
---
layout: docs
page_title: Configuration Entry Definitions
page_title: Configuration Entries
sidebar_title: Configuration Entries
description: >-
Consul allows storing configuration entries centrally to be used as defaults
@ -38,46 +38,10 @@ metadata:
name: <name of entry>
```
The supported `Kind`/`kind` names for configuration entries are:
## Supported Config Entries
- [`ingress-gateway`](/docs/agent/config-entries/ingress-gateway) - defines the
configuration for an ingress gateway
- Kubernetes kind: [`IngressGateway`](/docs/agent/config-entries/ingress-gateway)
- [`proxy-defaults`](/docs/agent/config-entries/proxy-defaults) - controls
proxy configuration
- Kubernetes kind: [`ProxyDefaults`](/docs/agent/config-entries/proxy-defaults)
- [`service-defaults`](/docs/agent/config-entries/service-defaults) - configures
defaults for all the instances of a given service
- Kubernetes kind: [`ServiceDefaults`](/docs/agent/config-entries/service-defaults)
- [`service-intentions`](/docs/agent/config-entries/service-intentions) - defines
the [intentions](/docs/connect/intentions) for a destination service
- Kubernetes kind: [`ServiceIntentions`](/docs/agent/config-entries/service-intentions)
- [`service-resolver`](/docs/agent/config-entries/service-resolver) - matches
service instances with a specific Connect upstream discovery requests
- Kubernetes kind: [`ServiceResolver`](/docs/agent/config-entries/service-resolver)
- [`service-router`](/docs/agent/config-entries/service-router) - defines
where to send layer 7 traffic based on the HTTP route
- Kubernetes kind: [`ServiceRouter`](/docs/agent/config-entries/service-router)
- [`service-splitter`](/docs/agent/config-entries/service-splitter) - defines
how to divide requests for a single HTTP route based on percentages
- Kubernetes kind: [`ServiceSplitter`](/docs/agent/config-entries/service-splitter)
- [`terminating-gateway`](/docs/agent/config-entries/terminating-gateway) - defines the
services associated with terminating gateway
- Kubernetes kind: [`TerminatingGateway`](/docs/agent/config-entries/terminating-gateway)
See [Service Mesh - Config Entries](/docs/connect/config-entries) for the list
of supported config entries.
## Managing Configuration Entries In Kubernetes
@ -194,13 +158,3 @@ server gains leadership, it will attempt to initialize the configuration entries
If a configuration entry does not already exist outside of the servers
configuration, then it will create it. If a configuration entry does exist, that
matches both `kind` and `name`, then the server will do nothing.
## Using Configuration Entries For Service Defaults
Outside of Kubernetes, when the agent is
[configured](/docs/agent/options#enable_central_service_config) to enable
central service configurations, it will look for service configuration defaults
that match a registering service instance. If it finds any, the agent will merge
those defaults with the service instance configuration. This allows for things
like service protocol or proxy configuration to be defined globally and
inherited by any affected service registrations.

View File

@ -0,0 +1,52 @@
---
layout: docs
page_title: Configuration Entry Definitions
sidebar_title: Configuration Entries
description: >-
Consul allows storing configuration entries centrally to be used as defaults
for configuring other aspects of Consul.
---
# Configuration Entries
Configuration entries can be used to configure the behavior of Consul Connect.
The following configuration entries are supported:
- [Ingress Gateway](/docs/connect/config-entries/ingress-gateway) - defines the
configuration for an ingress gateway
- [Proxy Defaults](/docs/connect/config-entries/proxy-defaults) - controls
proxy configuration
- [Service Defaults](/docs/connect/config-entries/service-defaults) - configures
defaults for all the instances of a given service
- [Service Intentions](/docs/connect/config-entries/service-intentions) - defines
the [intentions](/docs/connect/intentions) for a destination service
- [Service Resolver](/docs/connect/config-entries/service-resolver) - matches
service instances with a specific Connect upstream discovery requests
- [Service Router](/docs/connect/config-entries/service-router) - defines
where to send layer 7 traffic based on the HTTP route
- [Service Splitter](/docs/connect/config-entries/service-splitter) - defines
how to divide requests for a single HTTP route based on percentages
- [Terminating Gateway](/docs/connect/config-entries/terminating-gateway) - defines the
services associated with terminating gateway
## Managing Configuration Entries
See [Agent - Config Entries](/docs/agent/config-entries).
## Using Configuration Entries For Service Defaults
Outside of Kubernetes, when the agent is
[configured](/docs/agent/options#enable_central_service_config) to enable
central service configurations, it will look for service configuration defaults
that match a registering service instance. If it finds any, the agent will merge
those defaults with the service instance configuration. This allows for things
like service protocol or proxy configuration to be defined globally and
inherited by any affected service registrations.

View File

@ -35,7 +35,7 @@ A wildcard specifier provides the following properties for an ingress
gateway:
- All services with the same
[protocol](/docs/agent/config-entries/ingress-gateway#protocol) as the
[protocol](/docs/connect/config-entries/ingress-gateway#protocol) as the
listener will be routable.
- The ingress gateway will route traffic based on the host/authority header,
expecting a value matching `<service-name>.ingress.*`, or if using namespaces,

View File

@ -99,10 +99,10 @@ spec:
type: `string: "tcp"`,
description: `Sets the protocol of the service. This is used
by Connect proxies for things like observability features and to unlock usage
of the [\`service-splitter\`](/docs/agent/config-entries/service-splitter) and
[\`service-router\`](/docs/agent/config-entries/service-router) config entries
of the [\`service-splitter\`](/docs/connect/config-entries/service-splitter) and
[\`service-router\`](/docs/connect/config-entries/service-router) config entries
for a service. It also unlocks the ability to define L7 intentions via
[\`service-intentions\`](/docs/agent/config-entries/service-intentions).
[\`service-intentions\`](/docs/connect/config-entries/service-intentions).
Supported values are one of \`tcp\`, \`http\`, \`http2\`, or \`grpc\`.`,
},
{

View File

@ -30,8 +30,8 @@ global setting) by defining a low precedence intention for that destination.
L7 intentions within a config entry are restricted to only destination services
that define their protocol as HTTP-based via a corresponding
[`service-defaults`](/docs/agent/config-entries/service-defaults) config entry
or globally via [`proxy-defaults`](/docs/agent/config-entries/proxy-defaults) .
[`service-defaults`](/docs/connect/config-entries/service-defaults) config entry
or globally via [`proxy-defaults`](/docs/connect/config-entries/proxy-defaults) .
## Sample Config Entries

View File

@ -26,16 +26,16 @@ service of the same name.
- Service router config entries are restricted to only services that define
their protocol as HTTP-based via a corresponding
[`service-defaults`](/docs/agent/config-entries/service-defaults) config
[`service-defaults`](/docs/connect/config-entries/service-defaults) config
entry or globally via
[`proxy-defaults`](/docs/agent/config-entries/proxy-defaults) .
[`proxy-defaults`](/docs/connect/config-entries/proxy-defaults) .
- Any route destination that omits the `ServiceSubset` field is eligible for
splitting via a
[`service-splitter`](/docs/agent/config-entries/service-splitter) should
[`service-splitter`](/docs/connect/config-entries/service-splitter) should
one be configured for that service, otherwise resolution proceeds according
to any configured
[`service-resolver`](/docs/agent/config-entries/service-resolver).
[`service-resolver`](/docs/connect/config-entries/service-resolver).
## Sample Config Entries

View File

@ -30,15 +30,15 @@ resolution stage.
- Service splitter config entries are restricted to only services that define
their protocol as http-based via a corresponding
[`service-defaults`](/docs/agent/config-entries/service-defaults) config
[`service-defaults`](/docs/connect/config-entries/service-defaults) config
entry or globally via
[`proxy-defaults`](/docs/agent/config-entries/proxy-defaults) .
[`proxy-defaults`](/docs/connect/config-entries/proxy-defaults) .
- Any split destination that specifies a different `Service` field and omits
the `ServiceSubset` field is eligible for further splitting should a splitter
be configured for that other service, otherwise resolution proceeds according
to any configured
[`service-resolver`](/docs/agent/config-entries/service-resolver).
[`service-resolver`](/docs/connect/config-entries/service-resolver).
## Sample Config Entries

View File

@ -25,10 +25,10 @@ See [Terminating Gateway](/docs/connect/terminating-gateway) for more informatio
## TLS Origination
By specifying a path to a [CA file](/docs/agent/config-entries/terminating-gateway#cafile) connections
By specifying a path to a [CA file](/docs/connect/config-entries/terminating-gateway#cafile) connections
from the terminating gateway will be encrypted using one-way TLS authentication. If a path to a
[client certificate](/docs/agent/config-entries/terminating-gateway#certfile)
and [private key](/docs/agent/config-entries/terminating-gateway#keyfile) are also specified connections
[client certificate](/docs/connect/config-entries/terminating-gateway#certfile)
and [private key](/docs/connect/config-entries/terminating-gateway#keyfile) are also specified connections
from the terminating gateway will be encrypted using mutual TLS authentication.
If none of these are provided, Consul will **only** encrypt connections to the gateway and not

View File

@ -18,22 +18,22 @@ a type of proxy and must be registered as a service in Consul, with the
[kind](/api/agent/service#kind) set to "ingress-gateway". They are an
entrypoint for outside traffic and allow you to define what services should be
exposed and on what port. You configure an ingress gateway by defining a set of
[listeners](/docs/agent/config-entries/ingress-gateway#listeners) that each map
[listeners](/docs/connect/config-entries/ingress-gateway#listeners) that each map
to a set of backing
[services](/docs/agent/config-entries/ingress-gateway#services).
[services](/docs/connect/config-entries/ingress-gateway#services).
To enable easier service discovery, a new Consul [DNS
subdomain](/docs/discovery/dns#ingress-service-lookups) is provided, on
`<service>.ingress.<domain>`.
For listeners with a
[protocol](/docs/agent/config-entries/ingress-gateway#protocol) other than
[protocol](/docs/connect/config-entries/ingress-gateway#protocol) other than
`tcp`, multiple services can be specified for a single listener. In this
case, the ingress gateway relies on host/authority headers to decide the
service that should receive the traffic. The host used to match traffic
defaults to the [Consul DNS ingress
subdomain](/docs/discovery/dns#ingress-service-lookups), but can be changed using
the [hosts](/docs/agent/config-entries/ingress-gateway#hosts) field.
the [hosts](/docs/connect/config-entries/ingress-gateway#hosts) field.
![Ingress Gateway Architecture](/img/ingress-gateways.png)

View File

@ -33,10 +33,10 @@ hold certificates to decrypt Consul Connect traffic directed at them and may be
to linked services. Connections over the WAN or open internet should flow through [mesh gateways](/docs/connect/mesh-gateway)
whenever possible since they are not capable of decrypting traffic or connecting directly to services.
By specifying a path to a [CA file](/docs/agent/config-entries/terminating-gateway#cafile) connections
By specifying a path to a [CA file](/docs/connect/config-entries/terminating-gateway#cafile) connections
from the terminating gateway will be encrypted using one-way TLS authentication. If a path to a
[client certificate](/docs/agent/config-entries/terminating-gateway#certfile)
and [private key](/docs/agent/config-entries/terminating-gateway#keyfile) are also specified connections
[client certificate](/docs/connect/config-entries/terminating-gateway#certfile)
and [private key](/docs/connect/config-entries/terminating-gateway#keyfile) are also specified connections
from the terminating gateway will be encrypted using mutual TLS authentication.
If none of these are provided, Consul will **only** encrypt connections to the gateway and not
@ -98,7 +98,7 @@ If the Consul client agent on the gateway's node is not configured to use the de
must also provide `agent:read` for its node's name in order to discover the agent's gRPC port. gRPC is used to expose Envoy's xDS API to Envoy proxies.
Linking services to a terminating gateway is done with a `terminating-gateway`
[configuration entry](/docs/agent/config-entries/terminating-gateway). This config entry can be applied via the
[configuration entry](/docs/connect/config-entries/terminating-gateway). This config entry can be applied via the
[CLI](/commands/config/write) or [API](/api/config#apply-configuration).
Gateways with the same name in Consul's service catalog are configured with a single configuration entry.

View File

@ -35,7 +35,7 @@ intentions to control Connect traffic authorization either at networking layer
- **Application-aware** - Some intentions may additionally enforce access based
on [L7 request
attributes](/docs/agent/config-entries/service-intentions#permissions) in
attributes](/docs/connect/config-entries/service-intentions#permissions) in
addition to connection identity. These may only be defined for services with
a [protocol] that is HTTP-based. These can also be thought of as **L7
intentions**.
@ -59,16 +59,16 @@ denied by default.
## Intention Basics
Intentions are managed primarily via
[`service-intentions`](/docs/agent/config-entries/service-intentions) config
[`service-intentions`](/docs/connect/config-entries/service-intentions) config
entries or the UI. Some simpler tasks can also be achieved with the older
[API](/api-docs/connect/intentions) or [CLI](/commands/intention). Please see
the respective documentation for each for full details on options, flags, etc.
Below is an example of a basic
[`service-intentions`](/docs/agent/config-entries/service-intentions) config
[`service-intentions`](/docs/connect/config-entries/service-intentions) config
entry representing two simple intentions. The full data model complete with
more examples can be found in the
[`service-intentions`](/docs/agent/config-entries/service-intentions) config
[`service-intentions`](/docs/connect/config-entries/service-intentions) config
entry documentation.
```hcl
@ -160,7 +160,7 @@ top to bottom, with larger numbers being evaluated first.
| `*` | `*` | `*` | `*` | 1 |
The precedence value can be read from a
[field](/docs/agent/config-entries/service-intentions#precedence) on the
[field](/docs/connect/config-entries/service-intentions#precedence) on the
`service-intentions` config entry after it is modified. Precedence cannot be
manually overridden today.
@ -240,6 +240,6 @@ connection authorization continues to work indefinitely. Changes to intentions
will not be picked up until the partition heals, but will then automatically
take effect when connectivity is restored.
[protocol]: /docs/agent/config-entries/service-defaults#protocol
[protocol]: /docs/connect/config-entries/service-defaults#protocol
[proxies]: /docs/connect/proxies
[envoy]: /docs/connect/proxies/envoy

View File

@ -32,34 +32,34 @@ The configuration entries used in the discovery chain are designed to be simple
to read and modify for narrowly tailored changes, but at discovery-time the
various configuration entries interact in more complex ways. For example:
- If a [`service-resolver`](/docs/agent/config-entries/service-resolver)
- If a [`service-resolver`](/docs/connect/config-entries/service-resolver)
is created with a [service
redirect](/docs/agent/config-entries/service-resolver#service) defined,
redirect](/docs/connect/config-entries/service-resolver#service) defined,
then all references made to the original service in any other configuration
entry is replaced with the redirect destination.
- If a [`service-resolver`](/docs/agent/config-entries/service-resolver)
- If a [`service-resolver`](/docs/connect/config-entries/service-resolver)
is created with a [default
subset](/docs/agent/config-entries/service-resolver#defaultsubset)
subset](/docs/connect/config-entries/service-resolver#defaultsubset)
defined then all references made to the original service in any other
configuration entry that did not specify a subset will be replaced with the
default.
- If a [`service-splitter`](/docs/agent/config-entries/service-splitter)
- If a [`service-splitter`](/docs/connect/config-entries/service-splitter)
is created with a [service
split](/docs/agent/config-entries/service-splitter#splits), and the target service has its
split](/docs/connect/config-entries/service-splitter#splits), and the target service has its
own `service-splitter` then the overall effect is flattened and only a single
aggregate traffic split is ultimately configured in the proxy.
- [`service-resolver`](/docs/agent/config-entries/service-resolver)
- [`service-resolver`](/docs/connect/config-entries/service-resolver)
redirect loops must be rejected as invalid.
- [`service-router`](/docs/agent/config-entries/service-router) and
[`service-splitter`](/docs/agent/config-entries/service-splitter)
- [`service-router`](/docs/connect/config-entries/service-router) and
[`service-splitter`](/docs/connect/config-entries/service-splitter)
configuration entries require an L7 compatible protocol be set for the
service via either a
[`service-defaults`](/docs/agent/config-entries/service-defaults) or
[`proxy-defaults`](/docs/agent/config-entries/proxy-defaults) config
[`service-defaults`](/docs/connect/config-entries/service-defaults) or
[`proxy-defaults`](/docs/connect/config-entries/proxy-defaults) config
entry. Violations must be rejected as invalid.
- If an [upstream
@ -153,7 +153,7 @@ A single node in the compiled discovery chain.
- `Definition` `(ServiceRoute)` - Relevant portion of underlying
`service-router`
[route](/docs/agent/config-entries/service-router#routes).
[route](/docs/connect/config-entries/service-router#routes).
- `NextNode` `(string)` - The name of the next node in the chain in [`Nodes`](#nodes).
@ -161,7 +161,7 @@ A single node in the compiled discovery chain.
splits.
- `Weight` `(float32)` - Copy of underlying `service-splitter`
[`weight`](/docs/agent/config-entries/service-splitter#weight) field.
[`weight`](/docs/connect/config-entries/service-splitter#weight) field.
- `NextNode` `(string)` - The name of the next node in the chain in [`Nodes`](#nodes).
@ -172,21 +172,21 @@ A single node in the compiled discovery chain.
defined for this node and the default was synthesized.
- `ConnectTimeout` `(duration)` - Copy of the underlying `service-resolver`
[`ConnectTimeout`](/docs/agent/config-entries/service-resolver#connecttimeout)
[`ConnectTimeout`](/docs/connect/config-entries/service-resolver#connecttimeout)
field. If one is not defined the default of `5s` is returned.
- `Target` `(string)` - The name of the target to use found in [`Targets`](#targets).
- `Failover` `(DiscoveryFailover: <optional>)` - Compiled form of the
underlying `service-resolver`
[`Failover`](/docs/agent/config-entries/service-resolver#failover)
[`Failover`](/docs/connect/config-entries/service-resolver#failover)
definition to use for this request.
- `Targets` `(array<string>)` - List of targets found in
[`Targets`](#targets) to failover to in order of preference.
- `LoadBalancer` `(LoadBalancer: <optional>`) - Copy of the underlying `service-resolver`
[`LoadBalancer`](/docs/agent/config-entries/service-resolver#loadbalancer) field.
[`LoadBalancer`](/docs/connect/config-entries/service-resolver#loadbalancer) field.
If a `service-splitter` splits between services with differing `LoadBalancer` configuration
the first hash-based load balancing policy is copied.
@ -198,7 +198,7 @@ A single node in the compiled discovery chain.
- `Service` `(string)` - The service to query when resolving a list of service instances.
- `ServiceSubset` `(string: <optional>)` - The
[subset](/docs/agent/config-entries/service-resolver#service-subsets) of
[subset](/docs/connect/config-entries/service-resolver#service-subsets) of
the service to resolve.
- `Namespace` `(string)` - The namespace to use when resolving a list of service instances.
@ -207,7 +207,7 @@ A single node in the compiled discovery chain.
- `Subset` `(ServiceResolverSubset)` - Copy of the underlying
`service-resolver`
[`Subsets`](/docs/agent/config-entries/service-resolver#subsets)
[`Subsets`](/docs/connect/config-entries/service-resolver#subsets)
definition for this target.
- `Filter` `(string: "")` - The
@ -236,4 +236,4 @@ A single node in the compiled discovery chain.
- `Name` `(string)` - The unique name for this target for use when generating
load balancer objects. This has a structure similar to [SNI](#sni), but will
not be affected by SNI customizations such as
[`ExternalSNI`](/docs/agent/config-entries/service-defaults#externalsni).
[`ExternalSNI`](/docs/connect/config-entries/service-defaults#externalsni).

View File

@ -13,7 +13,7 @@ description: >-
Layer 7 traffic management allows operators to divide L7 traffic between
different
[subsets](/docs/agent/config-entries/service-resolver#service-subsets) of
[subsets](/docs/connect/config-entries/service-resolver#service-subsets) of
service instances when using Connect.
There are many ways you may wish to carve up a single datacenter's pool of
@ -42,7 +42,7 @@ entry is missing, that stage will fall back on reasonable default behavior.
### Routing
A [`service-router`](/docs/agent/config-entries/service-router) config
A [`service-router`](/docs/connect/config-entries/service-router) config
entry kind is the first configurable stage.
A router config entry allows for a user to intercept traffic using L7 criteria
@ -52,12 +52,12 @@ traffic to a different service or service subset.
These config entries may only reference `service-splitter` or
`service-resolver` entries.
[Examples](/docs/agent/config-entries/service-router#sample-config-entries)
[Examples](/docs/connect/config-entries/service-router#sample-config-entries)
can be found in the `service-router` documentation.
### Splitting
A [`service-splitter`](/docs/agent/config-entries/service-splitter) config
A [`service-splitter`](/docs/connect/config-entries/service-splitter) config
entry kind is the next stage after routing.
A splitter config entry allows for a user to choose to split incoming requests
@ -77,12 +77,12 @@ union. For instance:
---------------------
splitter[effective_B]: A_v1=25%, A_v2=25%, B=50%
[Examples](/docs/agent/config-entries/service-splitter#sample-config-entries)
[Examples](/docs/connect/config-entries/service-splitter#sample-config-entries)
can be found in the `service-splitter` documentation.
### Resolution
A [`service-resolver`](/docs/agent/config-entries/service-resolver) config
A [`service-resolver`](/docs/connect/config-entries/service-resolver) config
entry kind is the last stage.
A resolver config entry allows for a user to define which instances of a
@ -114,7 +114,7 @@ not intended to be a drop-in replacement currently.
These config entries may only reference other `service-resolver` entries.
[Examples](/docs/agent/config-entries/service-resolver#sample-config-entries)
[Examples](/docs/connect/config-entries/service-resolver#sample-config-entries)
can be found in the `service-resolver` documentation.
-> **Note:** `service-resolver` config entries kinds function at L4 (unlike

View File

@ -46,7 +46,7 @@ Find other possible metrics syncs in the [Connect Envoy documentation](/docs/con
### Service Protocol
You can specify the [service protocol](/docs/agent/config-entries/service-defaults#protocol)
You can specify the [service protocol](/docs/connect/config-entries/service-defaults#protocol)
in the `service-defaults` configuration entry. You can override it in the
[service registration](/docs/agent/services). By default, proxies only give
you L4 metrics. This protocol allows proxies to handle requests at the right L7

View File

@ -115,7 +115,7 @@ the ability to control some parts of the bootstrap config via proxy
configuration options.
Users can add the following configuration items to the [global `proxy-defaults`
configuration entry](/docs/agent/config-entries/proxy-defaults) or override them directly in the `proxy.config` field
configuration entry](/docs/connect/config-entries/proxy-defaults) or override them directly in the `proxy.config` field
of a [proxy service
definition](/docs/connect/registration/service-registration) or
[`sidecar_service`](/docs/connect/registration/sidecar-service) block.
@ -124,7 +124,7 @@ definition](/docs/connect/registration/service-registration) or
StatsD listener that Envoy should deliver metrics to. For example, this may be
`udp://127.0.0.1:8125` if every host has a local StatsD listener. In this case
users can configure this property once in the [global `proxy-defaults`
configuration entry](/docs/agent/config-entries/proxy-defaults) for convenience. Currently, TCP is not supported.
configuration entry](/docs/connect/config-entries/proxy-defaults) for convenience. Currently, TCP is not supported.
~> **Note:** currently the url **must use an ip address** not a dns name due
to the way Envoy is setup for StatsD.
@ -135,7 +135,7 @@ definition](/docs/connect/registration/service-registration) or
pod in a Kubernetes cluster to learn of a pod-specific IP address for StatsD
when the Envoy instance is bootstrapped while still allowing global
configuration of all proxies to use StatsD in the [global `proxy-defaults`
configuration entry](/docs/agent/config-entries/proxy-defaults). The env variable must contain a full valid URL
configuration entry](/docs/connect/config-entries/proxy-defaults). The env variable must contain a full valid URL
value as specified above and nothing else. It is not currently possible to use
environment variables as only part of the URL.
@ -179,7 +179,7 @@ to configure appropriate proxy settings for that service's proxies and also for
the upstream listeners of any downstream service.
One example is how users can define a service's protocol in a [`service-defaults` configuration
entry](/docs/agent/config-entries/service-defaults). Agents with
entry](/docs/connect/config-entries/service-defaults). Agents with
[`enable_central_service_config`](/docs/agent/options#enable_central_service_config)
set to true will automatically discover the protocol when configuring a proxy
for a service. The proxy will discover the main protocol of the service it
@ -200,7 +200,7 @@ To learn about other options that can be configured centrally see the
These fields may also be overridden explicitly in the [proxy service
definition](/docs/connect/registration/service-registration), or defined in
the [global `proxy-defaults` configuration
entry](/docs/agent/config-entries/proxy-defaults) to act as
entry](/docs/connect/config-entries/proxy-defaults) to act as
defaults that are inherited by all services.
- `protocol` - The protocol the service speaks. Connect's Envoy integration
@ -227,9 +227,9 @@ defaults that are inherited by all services.
metrics with `gRPC-status` trailer codes.
~> **Note:** The protocol of a service should ideally be configured via the
[`protocol`](/docs/agent/config-entries/service-defaults#protocol)
[`protocol`](/docs/connect/config-entries/service-defaults#protocol)
field of a
[`service-defaults`](/docs/agent/config-entries/service-defaults)
[`service-defaults`](/docs/connect/config-entries/service-defaults)
config entry for the service. Configuring it in a
proxy config will not fully enable some [L7
features](/docs/connect/l7-traffic-management).
@ -256,9 +256,9 @@ definition](/docs/connect/registration/service-registration) or
the upstream.
~> **Note:** The protocol of a service should ideally be configured via the
[`protocol`](/docs/agent/config-entries/service-defaults#protocol)
[`protocol`](/docs/connect/config-entries/service-defaults#protocol)
field of a
[`service-defaults`](/docs/agent/config-entries/service-defaults)
[`service-defaults`](/docs/connect/config-entries/service-defaults)
config entry for the upstream destination service. Configuring it in a
proxy upstream config will not fully enable some [L7
features](/docs/connect/l7-traffic-management).
@ -270,9 +270,9 @@ definition](/docs/connect/registration/service-registration) or
~> **Note:** The connection timeout for a service should ideally be
configured via the
[`connect_timeout`](/docs/agent/config-entries/service-resolver#connecttimeout)
[`connect_timeout`](/docs/connect/config-entries/service-resolver#connecttimeout)
field of a
[`service-resolver`](/docs/agent/config-entries/service-resolver)
[`service-resolver`](/docs/connect/config-entries/service-resolver)
config entry for the upstream destination service. Configuring it in a
proxy upstream config will override any values defined in config entries.
It is supported here for backwards compatibility with Consul versions prior to 1.6.0.
@ -307,7 +307,7 @@ definition](/docs/connect/registration/service-registration) or
These fields may also be overridden explicitly in the [proxy service
definition](/docs/connect/registration/service-registration), or defined in
the [global `proxy-defaults` configuration
entry](/docs/agent/config-entries/proxy-defaults) to act as
entry](/docs/connect/config-entries/proxy-defaults) to act as
defaults that are inherited by all services.
Prior to 1.8.0 these settings were specific to Mesh Gateways. The deprecated
@ -317,7 +317,7 @@ will continue to be supported.
- `connect_timeout_ms` - The number of milliseconds to allow when making upstream
connections before timing out. Defaults to 5000 (5 seconds). If the upstream
service has the configuration option
[`connect_timeout_ms`](/docs/agent/config-entries/service-resolver#connecttimeout)
[`connect_timeout_ms`](/docs/connect/config-entries/service-resolver#connecttimeout)
set for the `service-resolver`, that timeout value will take precedence over
this gateway option.
@ -430,7 +430,7 @@ EOF
Users may add the following configuration items to the [global `proxy-defaults`
configuration
entry](/docs/agent/config-entries/proxy-defaults) or
entry](/docs/connect/config-entries/proxy-defaults) or
override them directly in the `proxy.config` field of a [proxy service
definition](/docs/connect/registration/service-registration) or
[`sidecar_service`](/docs/connect/registration/sidecar-service) block.
@ -466,7 +466,7 @@ definition](/docs/connect/registration/service-registration) or
Users may add the following configuration items to the [global `proxy-defaults`
configuration
entry](/docs/agent/config-entries/proxy-defaults) or
entry](/docs/connect/config-entries/proxy-defaults) or
override them directly in the `proxy.config` field of a [proxy service
definition](/docs/connect/registration/service-registration) or
[`sidecar_service`](/docs/connect/registration/sidecar-service) block.
@ -504,9 +504,9 @@ definition](/docs/connect/registration/service-registration) or
[`sidecar_service`](/docs/connect/registration/sidecar-service) block.
~> **Note:** - When a
[`service-router`](/docs/agent/config-entries/service-router),
[`service-splitter`](/docs/agent/config-entries/service-splitter), or
[`service-resolver`](/docs/agent/config-entries/service-resolver) config
[`service-router`](/docs/connect/config-entries/service-router),
[`service-splitter`](/docs/connect/config-entries/service-splitter), or
[`service-resolver`](/docs/connect/config-entries/service-resolver) config
entry exists for a service the below escape hatches are ignored and will log a
warning.
@ -525,6 +525,6 @@ warning.
customization of timeouts, circuit breaking, rate limits, load balancing
strategy etc.
[protocol]: /docs/agent/config-entries/service-defaults#protocol
[protocol]: /docs/connect/config-entries/service-defaults#protocol
[intentions]: /docs/connect/intentions
[intentions]: /docs/connect/intentions

View File

@ -203,7 +203,7 @@ populate endpoints in memory will need to poll the endpoint at a suitable and
ideally configurable frequency.
-> **Note:** Long-term the [`service-resolver` config
entries](/docs/agent/config-entries/service-resolver) are intended to replace
entries](/docs/connect/config-entries/service-resolver) are intended to replace
Prepared Queries in Consul entirely, but for now these are still used in some
configurations.
@ -240,4 +240,4 @@ ID for the name specified in `-sidecar-for`.
[`consul/connect/tls.go`]: https://github.com/hashicorp/consul/blob/v1.8.3/connect/tls.go#L232-L237
[discovery chain]: /docs/connect/l7-traffic/discovery-chain
[`usecache`]: https://github.com/hashicorp/consul/blob/v1.8.3/api/api.go#L99-L102
[protocol]: /docs/agent/config-entries/service-defaults#protocol
[protocol]: /docs/connect/config-entries/service-defaults#protocol

View File

@ -234,7 +234,7 @@ $ consul connect envoy -mesh-gateway -register \
### Configure Sidecar Proxies to use Gateways
Next, create a [centralized
configuration](/docs/agent/config-entries/proxy-defaults)
configuration](/docs/connect/config-entries/proxy-defaults)
file for all the sidecar proxies in both datacenters called
`proxy-defaults.json`. This file will instruct the sidecar proxies to send all
their inter-datacenter traffic through the gateways. It should contain the

View File

@ -183,7 +183,7 @@ $ consul config write l7_config/api_service_defaults.json
```
Find more information on `service-defaults` configuration entries in the
[documentation](/docs/agent/config-entries/service-defaults).
[documentation](/docs/connect/config-entries/service-defaults).
-> **Automation Tip:** To automate interactions with configuration entries, use
the HTTP API endpoint [`http://localhost:8500/v1/config`](/api/config).
@ -232,7 +232,7 @@ $ consul config write l7_config/api_service_resolver.json
```
Find more information about service resolvers in the
[documentation](/docs/agent/config-entries/service-resolver).
[documentation](/docs/connect/config-entries/service-resolver).
### Configure Service Splitting - 100% of traffic to Version 1

View File

@ -156,8 +156,8 @@ $ consul acl token update -id <token-id> -policy-name example-https-write-policy
### Create the configuration entry for the terminating gateway
Once the tokens have been updated, next write the Consul [config](/docs/agent/config-entries/terminating-gateway)
entry for the terminating gateway:
Once the tokens have been updated, create the [TerminatingGateway](/docs/connect/config-entries/terminating-gateway)
resource to configure the terminating gateway:
```hcl
Kind = "terminating-gateway"

View File

@ -18,14 +18,14 @@ cluster-wide defaults for the service mesh.
We currently support the follow configuration entry kinds:
- [`ProxyDefaults`](/docs/agent/config-entries/proxy-defaults)
- [`ServiceDefaults`](/docs/agent/config-entries/service-defaults)
- [`ServiceSplitter`](/docs/agent/config-entries/service-splitter)
- [`ServiceRouter`](/docs/agent/config-entries/service-router)
- [`ServiceResolver`](/docs/agent/config-entries/service-resolver)
- [`ServiceIntentions`](/docs/agent/config-entries/service-intentions) (requires Consul >= 1.9.0)
- [`IngressGateway`](/docs/agent/config-entries/ingress-gateway)
- [`TerminatingGateway`](/docs/agent/config-entries/terminating-gateway)
- [`ProxyDefaults`](/docs/connect/config-entries/proxy-defaults)
- [`ServiceDefaults`](/docs/connect/config-entries/service-defaults)
- [`ServiceSplitter`](/docs/connect/config-entries/service-splitter)
- [`ServiceRouter`](/docs/connect/config-entries/service-router)
- [`ServiceResolver`](/docs/connect/config-entries/service-resolver)
- [`ServiceIntentions`](/docs/connect/config-entries/service-intentions) (requires Consul >= 1.9.0)
- [`IngressGateway`](/docs/connect/config-entries/ingress-gateway)
- [`TerminatingGateway`](/docs/connect/config-entries/terminating-gateway)
## Installation

View File

@ -45,7 +45,7 @@ namespace with a query parameter of `?ns=*`.
Upgrading to Consul 1.9.0 will trigger a one-time background migration of
[intentions](/docs/connect/intentions) into an equivalent set of
[`service-intentions`](/docs/agent/config-entries/service-intentions) config
[`service-intentions`](/docs/connect/config-entries/service-intentions) config
entries. This process will wait until all of the Consul servers in the primary
datacenter are running Consul 1.9.0+.
@ -73,22 +73,22 @@ re-created via the old endpoints. Fields that are being removed or changing
behavior:
- `Intention.ID` after migration is stored in the
[`LegacyID`](/docs/agent/config-entries/service-intentions#legacyid) field.
[`LegacyID`](/docs/connect/config-entries/service-intentions#legacyid) field.
After transitioning this field is cleared.
- `Intention.CreatedAt` after migration is stored in the
[`LegacyCreateTime`](/docs/agent/config-entries/service-intentions#legacycreatetime)
[`LegacyCreateTime`](/docs/connect/config-entries/service-intentions#legacycreatetime)
field. After transitioning this field is cleared.
- `Intention.UpdatedAt` after migration is stored in the
[`LegacyUpdateTime`](/docs/agent/config-entries/service-intentions#legacyupdatetime)
[`LegacyUpdateTime`](/docs/connect/config-entries/service-intentions#legacyupdatetime)
field. After transitioning this field is cleared.
- `Intention.Meta` after migration is stored in the
[`LegacyMeta`](/docs/agent/config-entries/service-intentions#legacymeta)
[`LegacyMeta`](/docs/connect/config-entries/service-intentions#legacymeta)
field. To complete the transition, this field **must be cleared manually**
and the metadata moved up to the enclosing config entry's
[`Meta`](/docs/agent/config-entries/service-intentions#meta) field. This is
[`Meta`](/docs/connect/config-entries/service-intentions#meta) field. This is
not done automatically since it is potentially a lossy operation.
## Consul 1.8.0

View File

@ -56,6 +56,19 @@ export default [
content: [
'connect-internals',
'configuration',
{
category: 'config-entries',
content: [
'ingress-gateway',
'proxy-defaults',
'service-defaults',
'service-intentions',
'service-resolver',
'service-router',
'service-splitter',
'terminating-gateway',
],
},
{
category: 'proxies',
content: ['envoy', 'built-in', 'integrate'],
@ -207,23 +220,7 @@ export default [
},
{
category: 'agent',
content: [
'options',
{
category: 'config-entries',
content: [
'ingress-gateway',
'proxy-defaults',
'service-defaults',
'service-intentions',
'service-resolver',
'service-router',
'service-splitter',
'terminating-gateway',
],
},
'telemetry',
],
content: ['options', 'config-entries', 'telemetry'],
},
{
category: 'security',
@ -239,6 +236,10 @@ export default [
],
},
'encryption',
{
category: 'security-models',
content: ['core', 'nia'],
},
],
},
{