From 50ff9e8a6e0ec71f788737c324fc835709b750fd Mon Sep 17 00:00:00 2001 From: Karl Cardenas Date: Wed, 10 Nov 2021 08:52:44 -0700 Subject: [PATCH 1/2] docs: added more information to help endusers with proxies and ACL tokens --- .../docs/connect/proxies/integrate.mdx | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/website/content/docs/connect/proxies/integrate.mdx b/website/content/docs/connect/proxies/integrate.mdx index cd31114f5c..08fcb8d412 100644 --- a/website/content/docs/connect/proxies/integrate.mdx +++ b/website/content/docs/connect/proxies/integrate.mdx @@ -169,18 +169,43 @@ to read configurations for that service. If you use the Go [`api` package], then the environment variables will be read and the client configured for you automatically. +Alternatively, you may also use the flags `-token` or `-token-file` to provide the Consul ACL token. + + + + + +```shell + consul connect envoy -sidecar-for "web" -token-file=/etc/consul.d/consul.token +``` + + + + + +```shell + $ consul connect proxy -sidecar-for "web" -token-file=/etc/consul.d/consul.token +``` + + + + + If TLS is enabled on Consul, you will also need to add the following environment variables _prior_ to starting the proxy: - [`CONSUL_CACERT`](/commands#consul_cacert) - [`CONSUL_CLIENT_CERT`](/commands#consul_client_cert) - [`CONSUL_CLIENT_KEY`](/commands#consul_client_key) +The `CONSUL_CACERT`, `CONSUL_CLIENT_CERT` and `CONSUL_CLIENT_KEY` can also be provided as CLI flags. Please see the [Consul connect documentation](/commands/connect/proxy) page for more details. + The proxy service ID comes from the user. See [`consul connect envoy`](/commands/connect/envoy#examples) for an example. You can use the `-proxy-id` flag to specify the ID of the proxy service you have already registered with the local agent. Alternatively, you can start the service using the `-sidecar-for=` option. This option queries Consul for a proxy that is registered as a sidecar for the specified ``. If exactly one service associated with the proxy is returned, the ID will be used to start the proxy. Your controller only needs to accept `-proxy-id` as an argument; the Consul CLI will resolve the ID for the name specified in `-sidecar-for` flag. + [`/v1/agent/connect/ca/leaf/`]: /api/agent/connect#service-leaf-certificate [`/v1/agent/connect/ca/roots`]: /api/agent/connect#certificate-authority-ca-roots [`/v1/health/connect/:service_id`]: /api/health#list-nodes-for-connect-capable-service From f1b4a10c83ee797481811dfe4674bf724808075e Mon Sep 17 00:00:00 2001 From: mrspanishviking Date: Thu, 11 Nov 2021 08:05:45 -0800 Subject: [PATCH 2/2] Update website/content/docs/connect/proxies/integrate.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> --- website/content/docs/connect/proxies/integrate.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/connect/proxies/integrate.mdx b/website/content/docs/connect/proxies/integrate.mdx index 08fcb8d412..73e8306d21 100644 --- a/website/content/docs/connect/proxies/integrate.mdx +++ b/website/content/docs/connect/proxies/integrate.mdx @@ -197,7 +197,7 @@ If TLS is enabled on Consul, you will also need to add the following environment - [`CONSUL_CLIENT_CERT`](/commands#consul_client_cert) - [`CONSUL_CLIENT_KEY`](/commands#consul_client_key) -The `CONSUL_CACERT`, `CONSUL_CLIENT_CERT` and `CONSUL_CLIENT_KEY` can also be provided as CLI flags. Please see the [Consul connect documentation](/commands/connect/proxy) page for more details. +The `CONSUL_CACERT`, `CONSUL_CLIENT_CERT` and `CONSUL_CLIENT_KEY` can also be provided as CLI flags. Refer to the [`consul connect proxy` documentation](/commands/connect/proxy) for details. The proxy service ID comes from the user. See [`consul connect envoy`](/commands/connect/envoy#examples) for an example. You can use the `-proxy-id` flag to specify the ID of the proxy service you have already registered with the local agent.