mirror of https://github.com/status-im/consul.git
Merge pull request #8230 from hashicorp/je.pin-deps
📌 Hard Pin Website Dependencies
This commit is contained in:
commit
ecc406562a
|
@ -39,7 +39,11 @@ export default function BasicHero({
|
||||||
</div>
|
</div>
|
||||||
{links[2] && (
|
{links[2] && (
|
||||||
<div className="third-link">
|
<div className="third-link">
|
||||||
<a href={links[2].url} rel="noopener" target="_blank">
|
<a
|
||||||
|
href={links[2].url}
|
||||||
|
rel="noopener noreferrer"
|
||||||
|
target="_blank"
|
||||||
|
>
|
||||||
<span className="g-type-buttons-and-standalone-links">
|
<span className="g-type-buttons-and-standalone-links">
|
||||||
{links[2].text}
|
{links[2].text}
|
||||||
</span>
|
</span>
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -4,55 +4,51 @@
|
||||||
"version": "0.0.1",
|
"version": "0.0.1",
|
||||||
"author": "HashiCorp",
|
"author": "HashiCorp",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@hashicorp/nextjs-scripts": "^10.0.2",
|
"@hashicorp/nextjs-scripts": "11.1.0",
|
||||||
"@hashicorp/react-alert": "^2.0.1",
|
"@hashicorp/react-alert": "2.0.1",
|
||||||
"@hashicorp/react-alert-banner": "^3.1.0",
|
"@hashicorp/react-alert-banner": "3.1.0",
|
||||||
"@hashicorp/react-button": "^2.2.0",
|
"@hashicorp/react-button": "2.2.1",
|
||||||
"@hashicorp/react-call-to-action": "^0.2.0",
|
"@hashicorp/react-call-to-action": "0.2.1",
|
||||||
"@hashicorp/react-case-study-slider": "^2.1.0",
|
"@hashicorp/react-case-study-slider": "2.1.1",
|
||||||
"@hashicorp/react-code-block": "^1.2.7",
|
"@hashicorp/react-code-block": "1.2.7",
|
||||||
"@hashicorp/react-content": "3.0.0-0",
|
"@hashicorp/react-content": "4.0.0",
|
||||||
"@hashicorp/react-docs-page": "^3.0.0",
|
"@hashicorp/react-docs-page": "4.0.0",
|
||||||
"@hashicorp/react-docs-sidenav": "^3.2.3",
|
"@hashicorp/react-docs-sidenav": "3.2.5",
|
||||||
"@hashicorp/react-featured-slider": "^1.1.0",
|
"@hashicorp/react-featured-slider": "1.1.1",
|
||||||
"@hashicorp/react-global-styles": "^4.4.0",
|
"@hashicorp/react-global-styles": "4.4.0",
|
||||||
"@hashicorp/react-head": "^1.1.1",
|
"@hashicorp/react-head": "1.1.1",
|
||||||
"@hashicorp/react-image": "^2.0.1",
|
"@hashicorp/react-image": "2.0.1",
|
||||||
"@hashicorp/react-inline-svg": "^1.0.0",
|
"@hashicorp/react-inline-svg": "1.0.0",
|
||||||
"@hashicorp/react-logo-grid": "^2.1.0",
|
"@hashicorp/react-logo-grid": "2.1.1",
|
||||||
"@hashicorp/react-mega-nav": "^4.0.1-2",
|
"@hashicorp/react-mega-nav": "4.0.1-2",
|
||||||
"@hashicorp/react-product-downloader": "^4.0.0",
|
"@hashicorp/react-product-downloader": "4.0.2",
|
||||||
"@hashicorp/react-product-features-list": "^1.0.1",
|
"@hashicorp/react-product-features-list": "1.0.1",
|
||||||
"@hashicorp/react-section-header": "^2.0.0",
|
"@hashicorp/react-section-header": "2.0.0",
|
||||||
"@hashicorp/react-subnav": "^3.2.2",
|
"@hashicorp/react-subnav": "3.2.3",
|
||||||
"@hashicorp/react-text-and-content": "^4.1.0",
|
"@hashicorp/react-text-and-content": "4.1.1",
|
||||||
"@hashicorp/react-text-split": "^0.3.0",
|
"@hashicorp/react-text-split": "0.3.1",
|
||||||
"@hashicorp/react-text-split-with-code": "0.1.0",
|
"@hashicorp/react-text-split-with-code": "0.1.1",
|
||||||
"@hashicorp/react-text-split-with-image": "^1.3.0",
|
"@hashicorp/react-text-split-with-image": "1.3.1",
|
||||||
"@hashicorp/react-text-split-with-logo-grid": "^1.1.0",
|
"@hashicorp/react-text-split-with-logo-grid": "1.1.1",
|
||||||
"@hashicorp/react-use-cases": "^1.0.4",
|
"@hashicorp/react-use-cases": "1.0.4",
|
||||||
"@hashicorp/react-vertical-text-block-list": "^2.0.1",
|
"@hashicorp/react-vertical-text-block-list": "2.0.1",
|
||||||
"algoliasearch": "^4.3.0",
|
"algoliasearch": "4.3.0",
|
||||||
"babel-plugin-import-glob-array": "^0.2.0",
|
"babel-plugin-import-glob-array": "0.2.0",
|
||||||
"dotenv": "^8.2.0",
|
"dotenv": "8.2.0",
|
||||||
"gray-matter": "^4.0.2",
|
"gray-matter": "4.0.2",
|
||||||
"imagemin-mozjpeg": "^9.0.0",
|
|
||||||
"imagemin-optipng": "^8.0.0",
|
|
||||||
"imagemin-svgo": "^8.0.0",
|
|
||||||
"next": "9.4.4",
|
"next": "9.4.4",
|
||||||
"nuka-carousel": "^4.7.0",
|
"nuka-carousel": "4.7.0",
|
||||||
"react": "^16.13.1",
|
"react": "16.13.1",
|
||||||
"react-device-detect": "^1.12.1",
|
"react-device-detect": "1.13.1",
|
||||||
"react-dom": "^16.13.1",
|
"react-dom": "16.13.1",
|
||||||
"remark": "^12.0.0",
|
"remark": "12.0.0",
|
||||||
"unist-util-visit": "^2.0.2"
|
"unist-util-visit": "2.0.2"
|
||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"dart-linkcheck": "^2.0.15",
|
"dart-linkcheck": "2.0.15",
|
||||||
"glob": "^7.1.6",
|
"glob": "7.1.6",
|
||||||
"husky": "^4.2.5",
|
"husky": "4.2.5",
|
||||||
"inquirer": "^7.1.0",
|
"prettier": "2.0.5"
|
||||||
"prettier": "^2.0.5"
|
|
||||||
},
|
},
|
||||||
"husky": {
|
"husky": {
|
||||||
"hooks": {
|
"hooks": {
|
||||||
|
|
|
@ -909,7 +909,7 @@ top level object. The following selectors and filter operations are supported:
|
||||||
This endpoint returns the services associated with an ingress gateway or terminating gateway.
|
This endpoint returns the services associated with an ingress gateway or terminating gateway.
|
||||||
|
|
||||||
| Method | Path | Produces |
|
| Method | Path | Produces |
|
||||||
| ------ | ------------------------------ | ------------------ |
|
| ------ | ------------------------------------ | ------------------ |
|
||||||
| `GET` | `/catalog/gateway-services/:gateway` | `application/json` |
|
| `GET` | `/catalog/gateway-services/:gateway` | `application/json` |
|
||||||
|
|
||||||
The table below shows this endpoint's support for
|
The table below shows this endpoint's support for
|
||||||
|
@ -919,7 +919,7 @@ The table below shows this endpoint's support for
|
||||||
[required ACLs](/api#authentication).
|
[required ACLs](/api#authentication).
|
||||||
|
|
||||||
| Blocking Queries | Consistency Modes | Agent Caching | ACL Required |
|
| Blocking Queries | Consistency Modes | Agent Caching | ACL Required |
|
||||||
| ---------------- | ----------------- | ------------- | ------------------------ |
|
| ---------------- | ----------------- | ------------- | -------------- |
|
||||||
| `YES` | `all` | `none` | `service:read` |
|
| `YES` | `all` | `none` | `service:read` |
|
||||||
|
|
||||||
### Parameters
|
### Parameters
|
||||||
|
@ -964,7 +964,7 @@ $ curl \
|
||||||
"SNI": "api.my-domain",
|
"SNI": "api.my-domain",
|
||||||
"CreateIndex": 16,
|
"CreateIndex": 16,
|
||||||
"ModifyIndex": 16
|
"ModifyIndex": 16
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"Gateway": {
|
"Gateway": {
|
||||||
"Name": "my-terminating-gateway",
|
"Name": "my-terminating-gateway",
|
||||||
|
|
|
@ -39,7 +39,7 @@ The table below shows this endpoint's support for
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
| Config Entry Kind | Required ACL |
|
| Config Entry Kind | Required ACL |
|
||||||
| ----------------- | ---------------- |
|
| ------------------- | ---------------- |
|
||||||
| ingress-gateway | `operator:write` |
|
| ingress-gateway | `operator:write` |
|
||||||
| proxy-defaults | `operator:write` |
|
| proxy-defaults | `operator:write` |
|
||||||
| service-defaults | `service:write` |
|
| service-defaults | `service:write` |
|
||||||
|
@ -105,7 +105,7 @@ The table below shows this endpoint's support for
|
||||||
<sup>1</sup> The ACL required depends on the config entry kind being read:
|
<sup>1</sup> The ACL required depends on the config entry kind being read:
|
||||||
|
|
||||||
| Config Entry Kind | Required ACL |
|
| Config Entry Kind | Required ACL |
|
||||||
| ----------------- | ---------------- |
|
| ------------------- | -------------- |
|
||||||
| ingress-gateway | `service:read` |
|
| ingress-gateway | `service:read` |
|
||||||
| proxy-defaults | `<none>` |
|
| proxy-defaults | `<none>` |
|
||||||
| service-defaults | `service:read` |
|
| service-defaults | `service:read` |
|
||||||
|
@ -172,7 +172,7 @@ The table below shows this endpoint's support for
|
||||||
<sup>1</sup> The ACL required depends on the config entry kind being read:
|
<sup>1</sup> The ACL required depends on the config entry kind being read:
|
||||||
|
|
||||||
| Config Entry Kind | Required ACL |
|
| Config Entry Kind | Required ACL |
|
||||||
| ----------------- | ---------------- |
|
| ------------------- | -------------- |
|
||||||
| ingress-gateway | `service:read` |
|
| ingress-gateway | `service:read` |
|
||||||
| proxy-defaults | `<none>` |
|
| proxy-defaults | `<none>` |
|
||||||
| service-defaults | `service:read` |
|
| service-defaults | `service:read` |
|
||||||
|
@ -245,7 +245,7 @@ The table below shows this endpoint's support for
|
||||||
<sup>1</sup> The ACL required depends on the config entry kind being deleted:
|
<sup>1</sup> The ACL required depends on the config entry kind being deleted:
|
||||||
|
|
||||||
| Config Entry Kind | Required ACL |
|
| Config Entry Kind | Required ACL |
|
||||||
| ----------------- | ---------------- |
|
| ------------------- | ---------------- |
|
||||||
| ingress-gateway | `operator:write` |
|
| ingress-gateway | `operator:write` |
|
||||||
| proxy-defaults | `operator:write` |
|
| proxy-defaults | `operator:write` |
|
||||||
| service-defaults | `service:write` |
|
| service-defaults | `service:write` |
|
||||||
|
|
|
@ -277,7 +277,7 @@ datacenter. In this example, we are configuring the following:
|
||||||
2. An ACL master token of "b1gs33cr3t"; see below for an alternative using the [/v1/acl/bootstrap API](/api/acl/acl#bootstrap-acls)
|
2. An ACL master token of "b1gs33cr3t"; see below for an alternative using the [/v1/acl/bootstrap API](/api/acl/acl#bootstrap-acls)
|
||||||
3. A default policy of "deny" which means we are in allowlist mode
|
3. A default policy of "deny" which means we are in allowlist mode
|
||||||
4. A down policy of "extend-cache" which means that we will ignore token TTLs
|
4. A down policy of "extend-cache" which means that we will ignore token TTLs
|
||||||
during an outage
|
during an outage
|
||||||
|
|
||||||
Here's the corresponding JSON configuration file:
|
Here's the corresponding JSON configuration file:
|
||||||
|
|
||||||
|
|
|
@ -36,7 +36,7 @@ service mesh with minimal operator intervention.
|
||||||
## Supported Types
|
## Supported Types
|
||||||
|
|
||||||
| Types | Consul Version |
|
| Types | Consul Version |
|
||||||
| ----- | -------------- |
|
| ------------------------------------------------- | --------------------------------- |
|
||||||
| [`kubernetes`](/docs/acl/auth-methods/kubernetes) | 1.5.0+ |
|
| [`kubernetes`](/docs/acl/auth-methods/kubernetes) | 1.5.0+ |
|
||||||
| [`jwt`](/docs/acl/auth-methods/jwt) | 1.8.0+ |
|
| [`jwt`](/docs/acl/auth-methods/jwt) | 1.8.0+ |
|
||||||
| [`oidc`](/docs/acl/auth-methods/oidc) | 1.8.0+ <EnterpriseAlert inline /> |
|
| [`oidc`](/docs/acl/auth-methods/oidc) | 1.8.0+ <EnterpriseAlert inline /> |
|
||||||
|
|
|
@ -11,35 +11,36 @@ description: >-
|
||||||
|
|
||||||
-> **1.8.0+:** This config entry is available in Consul versions 1.8.0 and newer.
|
-> **1.8.0+:** This config entry is available in Consul versions 1.8.0 and newer.
|
||||||
|
|
||||||
The `ingress-gateway` config entry kind allows you to configure ingress gateways
|
The `ingress-gateway` config entry kind allows you to configure ingress gateways
|
||||||
with listeners that expose a set of services outside the Consul service mesh.
|
with listeners that expose a set of services outside the Consul service mesh.
|
||||||
See [Ingress Gateway](/docs/connect/ingress-gateway) for more information.
|
See [Ingress Gateway](/docs/connect/ingress-gateway) for more information.
|
||||||
|
|
||||||
~> [Configuration entries](/docs/agent/config-entries) are global in scope. A configuration entry for a gateway name applies
|
~> [Configuration entries](/docs/agent/config-entries) are global in scope. A configuration entry for a gateway name applies
|
||||||
across all federated Consul datacenters. If ingress gateways in different Consul datacenters need to route to different
|
across all federated Consul datacenters. If ingress gateways in different Consul datacenters need to route to different
|
||||||
sets of services within their datacenter then the ingress gateways **must** be registered with different names.
|
sets of services within their datacenter then the ingress gateways **must** be registered with different names.
|
||||||
|
|
||||||
See [Ingress Gateway](/docs/connect/ingress-gateway) for more information.
|
See [Ingress Gateway](/docs/connect/ingress-gateway) for more information.
|
||||||
|
|
||||||
## Wildcard service specification
|
## Wildcard service specification
|
||||||
|
|
||||||
Ingress gateways can optionally target all services within a Consul namespace by
|
Ingress gateways can optionally target all services within a Consul namespace by
|
||||||
specifying a wildcard `*` as the service name. A wildcard specifier allows
|
specifying a wildcard `*` as the service name. A wildcard specifier allows
|
||||||
for a single listener to route traffic to all available services on the
|
for a single listener to route traffic to all available services on the
|
||||||
Consul service mesh, differentiating between the services by their host/authority
|
Consul service mesh, differentiating between the services by their host/authority
|
||||||
header.
|
header.
|
||||||
|
|
||||||
A wildcard specifier provides the following properties for an ingress
|
A wildcard specifier provides the following properties for an ingress
|
||||||
gateway:
|
gateway:
|
||||||
- All services with the same
|
|
||||||
|
- All services with the same
|
||||||
[protocol](/docs/agent/config-entries/ingress-gateway#protocol) as the
|
[protocol](/docs/agent/config-entries/ingress-gateway#protocol) as the
|
||||||
listener will be routable.
|
listener will be routable.
|
||||||
- The ingress gateway will route traffic based on the host/authority header,
|
- The ingress gateway will route traffic based on the host/authority header,
|
||||||
expecting a value matching `<service-name>.ingress.*`, or if using namespaces,
|
expecting a value matching `<service-name>.ingress.*`, or if using namespaces,
|
||||||
`<service-name>.ingress.<namespace>.*`. This matches the [Consul DNS
|
`<service-name>.ingress.<namespace>.*`. This matches the [Consul DNS
|
||||||
ingress subdomain](/docs/agent/dns#ingress-service-lookups).
|
ingress subdomain](/docs/agent/dns#ingress-service-lookups).
|
||||||
|
|
||||||
A wildcard specifier cannot be set on a listener of protocol `tcp`.
|
A wildcard specifier cannot be set on a listener of protocol `tcp`.
|
||||||
|
|
||||||
## Sample Config Entries
|
## Sample Config Entries
|
||||||
|
|
||||||
|
|
|
@ -11,35 +11,36 @@ description: >-
|
||||||
|
|
||||||
-> **1.8.0+:** This config entry is available in Consul versions 1.8.0 and newer.
|
-> **1.8.0+:** This config entry is available in Consul versions 1.8.0 and newer.
|
||||||
|
|
||||||
The `terminating-gateway` config entry kind you to configure terminating gateways
|
The `terminating-gateway` config entry kind you to configure terminating gateways
|
||||||
to proxy traffic from services in the Consul service mesh to services registered with Consul that do not have a
|
to proxy traffic from services in the Consul service mesh to services registered with Consul that do not have a
|
||||||
[Connect service sidecar proxy](/docs/connect/proxies). The configuration is associated with the name of a gateway service
|
[Connect service sidecar proxy](/docs/connect/proxies). The configuration is associated with the name of a gateway service
|
||||||
and will apply to all instances of the gateway with that name.
|
and will apply to all instances of the gateway with that name.
|
||||||
|
|
||||||
~> [Configuration entries](/docs/agent/config-entries) are global in scope. A configuration entry for a gateway name applies
|
~> [Configuration entries](/docs/agent/config-entries) are global in scope. A configuration entry for a gateway name applies
|
||||||
across all federated Consul datacenters. If terminating gateways in different Consul datacenters need to route to different
|
across all federated Consul datacenters. If terminating gateways in different Consul datacenters need to route to different
|
||||||
sets of services within their datacenter then the terminating gateways **must** be registered with different names.
|
sets of services within their datacenter then the terminating gateways **must** be registered with different names.
|
||||||
|
|
||||||
See [Terminating Gateway](/docs/connect/terminating-gateway) for more information.
|
See [Terminating Gateway](/docs/connect/terminating-gateway) for more information.
|
||||||
|
|
||||||
## TLS Origination
|
## TLS Origination
|
||||||
By specifying a path to a [CA file](/docs/agent/config-entries/terminating-gateway#cafile) connections
|
|
||||||
from the terminating gateway will be encrypted using one-way TLS authentication. If a path to a
|
|
||||||
[client certificate](/docs/agent/config-entries/terminating-gateway#certfile)
|
|
||||||
and [private key](/docs/agent/config-entries/terminating-gateway#keyfile) are also specified connections
|
|
||||||
from the terminating gateway will be encrypted using mutual TLS authentication.
|
|
||||||
|
|
||||||
If none of these are provided, Consul will **only** encrypt connections to the gateway and not
|
By specifying a path to a [CA file](/docs/agent/config-entries/terminating-gateway#cafile) connections
|
||||||
from the gateway to the destination service.
|
from the terminating gateway will be encrypted using one-way TLS authentication. If a path to a
|
||||||
|
[client certificate](/docs/agent/config-entries/terminating-gateway#certfile)
|
||||||
|
and [private key](/docs/agent/config-entries/terminating-gateway#keyfile) are also specified connections
|
||||||
|
from the terminating gateway will be encrypted using mutual TLS authentication.
|
||||||
|
|
||||||
|
If none of these are provided, Consul will **only** encrypt connections to the gateway and not
|
||||||
|
from the gateway to the destination service.
|
||||||
|
|
||||||
## Wildcard service specification
|
## Wildcard service specification
|
||||||
|
|
||||||
Terminating gateways can optionally target all services within a Consul namespace by specifying a wildcard "*"
|
Terminating gateways can optionally target all services within a Consul namespace by specifying a wildcard "\*"
|
||||||
as the service name. Configuration options set on the wildcard act as defaults that can be overridden
|
as the service name. Configuration options set on the wildcard act as defaults that can be overridden
|
||||||
by options set on a specific service name.
|
by options set on a specific service name.
|
||||||
|
|
||||||
Note that if the wildcard specifier is used, and some services in that namespace have a Connect sidecar proxy,
|
Note that if the wildcard specifier is used, and some services in that namespace have a Connect sidecar proxy,
|
||||||
traffic from the mesh to those services will be evenly load-balanced between the gateway and their sidecars.
|
traffic from the mesh to those services will be evenly load-balanced between the gateway and their sidecars.
|
||||||
|
|
||||||
## Sample Config Entries
|
## Sample Config Entries
|
||||||
|
|
||||||
|
|
|
@ -62,14 +62,14 @@ There are several important messages that
|
||||||
[`-node`](/docs/agent/options#_node) flag.
|
[`-node`](/docs/agent/options#_node) flag.
|
||||||
|
|
||||||
- **Datacenter**: This is the datacenter in which the agent is configured to
|
- **Datacenter**: This is the datacenter in which the agent is configured to
|
||||||
run.
|
run.
|
||||||
Consul has first-class support for multiple datacenters; however, to work
|
Consul has first-class support for multiple datacenters; however, to work
|
||||||
efficiently, each node must be configured to report its datacenter. The
|
efficiently, each node must be configured to report its datacenter. The
|
||||||
[`-datacenter`](/docs/agent/options#_datacenter) flag can be used to set the
|
[`-datacenter`](/docs/agent/options#_datacenter) flag can be used to set the
|
||||||
datacenter. For single-DC configurations, the agent will default to "dc1".
|
datacenter. For single-DC configurations, the agent will default to "dc1".
|
||||||
|
|
||||||
- **Server**: This indicates whether the agent is running in server or client
|
- **Server**: This indicates whether the agent is running in server or client
|
||||||
mode.
|
mode.
|
||||||
Server nodes have the extra burden of participating in the consensus quorum,
|
Server nodes have the extra burden of participating in the consensus quorum,
|
||||||
storing cluster state, and handling queries. Additionally, a server may be
|
storing cluster state, and handling queries. Additionally, a server may be
|
||||||
in ["bootstrap"](/docs/agent/options#_bootstrap_expect) mode. Multiple servers
|
in ["bootstrap"](/docs/agent/options#_bootstrap_expect) mode. Multiple servers
|
||||||
|
|
|
@ -71,7 +71,7 @@ Intention commands commonly take positional arguments referred to as `SRC` and
|
||||||
`DST` in the command documentation. These can take several forms:
|
`DST` in the command documentation. These can take several forms:
|
||||||
|
|
||||||
| Format | Meaning |
|
| Format | Meaning |
|
||||||
| ----------------------- | -----------------------------------------------------------------------|
|
| ----------------------- | -------------------------------------------------------------------- |
|
||||||
| `<service>` | the named service in the current namespace |
|
| `<service>` | the named service in the current namespace |
|
||||||
| `*` | any service in the current namespace |
|
| `*` | any service in the current namespace |
|
||||||
| `<namespace>/<service>` | <EnterpriseAlert inline /> the named service in a specific namespace |
|
| `<namespace>/<service>` | <EnterpriseAlert inline /> the named service in a specific namespace |
|
||||||
|
|
|
@ -68,5 +68,5 @@ If the Consul client agent on the gateway's node is not configured to use the de
|
||||||
must also provide `agent:read` for its node's name in order to discover the agent's gRPC port. gRPC is used to expose Envoy's xDS API to Envoy proxies.
|
must also provide `agent:read` for its node's name in order to discover the agent's gRPC port. gRPC is used to expose Envoy's xDS API to Envoy proxies.
|
||||||
|
|
||||||
~> [Configuration entries](/docs/agent/config-entries) are global in scope. A configuration entry for a gateway name applies
|
~> [Configuration entries](/docs/agent/config-entries) are global in scope. A configuration entry for a gateway name applies
|
||||||
across all federated Consul datacenters. If ingress gateways in different Consul datacenters need to route to different
|
across all federated Consul datacenters. If ingress gateways in different Consul datacenters need to route to different
|
||||||
sets of services within their datacenter then the ingress gateways **must** be registered with different names.
|
sets of services within their datacenter then the ingress gateways **must** be registered with different names.
|
||||||
|
|
|
@ -68,7 +68,7 @@ All fields are optional with a sane default.
|
||||||
or `[::]` in which case this defaults to `127.0.0.1` and assumes the agent can
|
or `[::]` in which case this defaults to `127.0.0.1` and assumes the agent can
|
||||||
dial the proxy over loopback. For more complex configurations where agent and proxy
|
dial the proxy over loopback. For more complex configurations where agent and proxy
|
||||||
communicate over a bridge for example, this configuration can be used to specify
|
communicate over a bridge for example, this configuration can be used to specify
|
||||||
a different *address* (but not port) for the agent to use for health checks if
|
a different _address_ (but not port) for the agent to use for health checks if
|
||||||
it can't talk to the proxy over localhost or it's publicly advertised port. The
|
it can't talk to the proxy over localhost or it's publicly advertised port. The
|
||||||
check always uses the same port that the proxy is bound to.
|
check always uses the same port that the proxy is bound to.
|
||||||
|
|
||||||
|
|
|
@ -287,7 +287,6 @@ definition](/docs/connect/registration/service-registration) or
|
||||||
- `max_failures` - The number of consecutive failures which cause a host to be
|
- `max_failures` - The number of consecutive failures which cause a host to be
|
||||||
removed from the load balancer.
|
removed from the load balancer.
|
||||||
|
|
||||||
|
|
||||||
### Gateway Options
|
### Gateway Options
|
||||||
|
|
||||||
These fields may also be overridden explicitly in the [proxy service
|
These fields may also be overridden explicitly in the [proxy service
|
||||||
|
|
|
@ -28,11 +28,11 @@ the WAN.
|
||||||
|
|
||||||
Sometimes this prerequisite is difficult or undesirable to meet:
|
Sometimes this prerequisite is difficult or undesirable to meet:
|
||||||
|
|
||||||
* **Difficult:** The datacenters may exist in multiple Kubernetes clusters that
|
- **Difficult:** The datacenters may exist in multiple Kubernetes clusters that
|
||||||
unfortunately have overlapping pod IP subnets, or may exist in different
|
unfortunately have overlapping pod IP subnets, or may exist in different
|
||||||
cloud provider VPCs that have overlapping subnets.
|
cloud provider VPCs that have overlapping subnets.
|
||||||
|
|
||||||
* **Undesirable:** Network security teams may not approve of granting so many
|
- **Undesirable:** Network security teams may not approve of granting so many
|
||||||
firewall rules. When using platform autoscaling, keeping rules up to date becomes untenable.
|
firewall rules. When using platform autoscaling, keeping rules up to date becomes untenable.
|
||||||
|
|
||||||
Operators looking to simplify their WAN deployment and minimize the exposed
|
Operators looking to simplify their WAN deployment and minimize the exposed
|
||||||
|
@ -44,17 +44,16 @@ gateways](/docs/connect/mesh-gateways.html) to do so.
|
||||||
There are two main kinds of communication that occur over the WAN link spanning
|
There are two main kinds of communication that occur over the WAN link spanning
|
||||||
the gulf between disparate Consul datacenters:
|
the gulf between disparate Consul datacenters:
|
||||||
|
|
||||||
* **WAN gossip:** We leverage the serf and memberlist libraries to gossip
|
- **WAN gossip:** We leverage the serf and memberlist libraries to gossip
|
||||||
around failure detector knowledge about Consul servers in each datacenter.
|
around failure detector knowledge about Consul servers in each datacenter.
|
||||||
By default this operates point to point between servers over `8302/udp` with
|
By default this operates point to point between servers over `8302/udp` with
|
||||||
a fallback to `8302/tcp` (which logs a warning indicating the network is
|
a fallback to `8302/tcp` (which logs a warning indicating the network is
|
||||||
misconfigured).
|
misconfigured).
|
||||||
|
|
||||||
* **Cross-datacenter RPCs:** Consul servers expose a special multiplexed port
|
- **Cross-datacenter RPCs:** Consul servers expose a special multiplexed port
|
||||||
over `8300/tcp`. Several distinct kinds of messages can be received on this
|
over `8300/tcp`. Several distinct kinds of messages can be received on this
|
||||||
port, such as RPC requests forwarded from servers in other datacenters.
|
port, such as RPC requests forwarded from servers in other datacenters.
|
||||||
|
|
||||||
|
|
||||||
In this network topology individual Consul client agents on a LAN in one
|
In this network topology individual Consul client agents on a LAN in one
|
||||||
datacenter never need to directly dial servers in other datacenters. This
|
datacenter never need to directly dial servers in other datacenters. This
|
||||||
means you could introduce a set of firewall rules prohibiting `10.0.0.0/24`
|
means you could introduce a set of firewall rules prohibiting `10.0.0.0/24`
|
||||||
|
@ -80,8 +79,7 @@ these SAN fields:
|
||||||
server.<this_datacenter>.<domain> (normal)
|
server.<this_datacenter>.<domain> (normal)
|
||||||
<node_name>.server.<this_datacenter>.<domain> (needed for wan federation)
|
<node_name>.server.<this_datacenter>.<domain> (needed for wan federation)
|
||||||
|
|
||||||
This can be achieved using any number of tools, including `consul tls cert
|
This can be achieved using any number of tools, including `consul tls cert create` with the `-node` flag.
|
||||||
create` with the `-node` flag.
|
|
||||||
|
|
||||||
### Mesh Gateways
|
### Mesh Gateways
|
||||||
|
|
||||||
|
@ -157,7 +155,6 @@ follow this general procedure:
|
||||||
resolve ACL tokens from the secondary, at which time it should be possible
|
resolve ACL tokens from the secondary, at which time it should be possible
|
||||||
to launch the mesh gateways in the secondary datacenter.
|
to launch the mesh gateways in the secondary datacenter.
|
||||||
|
|
||||||
|
|
||||||
### Existing secondary
|
### Existing secondary
|
||||||
|
|
||||||
1. Upgrade to the desired version of the consul binary for all servers,
|
1. Upgrade to the desired version of the consul binary for all servers,
|
||||||
|
@ -175,9 +172,9 @@ follow this general procedure:
|
||||||
From any two datacenters joined together double check the following give you an
|
From any two datacenters joined together double check the following give you an
|
||||||
expected result:
|
expected result:
|
||||||
|
|
||||||
* Check that `consul members -wan` lists all servers in all datacenters with
|
- Check that `consul members -wan` lists all servers in all datacenters with
|
||||||
their _local_ ip addresses and are listed as `alive`.
|
their _local_ ip addresses and are listed as `alive`.
|
||||||
|
|
||||||
* Ensure any API request that activates datacenter request forwarding. such as
|
- Ensure any API request that activates datacenter request forwarding. such as
|
||||||
[`/v1/catalog/services?dc=<OTHER_DATACENTER_NAME>`](/api/catalog.html#dc-1)
|
[`/v1/catalog/services?dc=<OTHER_DATACENTER_NAME>`](/api/catalog.html#dc-1)
|
||||||
succeeds.
|
succeeds.
|
||||||
|
|
|
@ -11,7 +11,8 @@ description: >-
|
||||||
# Automated Backups
|
# Automated Backups
|
||||||
|
|
||||||
<EnterpriseAlert>
|
<EnterpriseAlert>
|
||||||
This feature is available in all versions of <a href="https://www.hashicorp.com/products/consul/">Consul Enterprise</a>.
|
This feature is available in all versions of{' '}
|
||||||
|
<a href="https://www.hashicorp.com/products/consul/">Consul Enterprise</a>.
|
||||||
</EnterpriseAlert>
|
</EnterpriseAlert>
|
||||||
|
|
||||||
Consul Enterprise enables you to run
|
Consul Enterprise enables you to run
|
||||||
|
|
|
@ -11,7 +11,9 @@ description: >-
|
||||||
# Consul Enterprise Advanced Federation
|
# Consul Enterprise Advanced Federation
|
||||||
|
|
||||||
<EnterpriseAlert>
|
<EnterpriseAlert>
|
||||||
This feature requires <a href="https://www.hashicorp.com/products/consul/">Consul Enterprise</a> with the Global Visibility, Routing, and Scale module.
|
This feature requires{' '}
|
||||||
|
<a href="https://www.hashicorp.com/products/consul/">Consul Enterprise</a>{' '}
|
||||||
|
with the Global Visibility, Routing, and Scale module.
|
||||||
</EnterpriseAlert>
|
</EnterpriseAlert>
|
||||||
|
|
||||||
Consul's core federation capability uses the same gossip mechanism that is used
|
Consul's core federation capability uses the same gossip mechanism that is used
|
||||||
|
|
|
@ -8,7 +8,9 @@ description: Consul Enterprise enables data isolation with Namespaces.
|
||||||
# Consul Enterprise Namespaces
|
# Consul Enterprise Namespaces
|
||||||
|
|
||||||
<EnterpriseAlert>
|
<EnterpriseAlert>
|
||||||
This feature requires <a href="https://www.hashicorp.com/products/consul/">Consul Enterprise</a> with the Governance and Policy module.
|
This feature requires{' '}
|
||||||
|
<a href="https://www.hashicorp.com/products/consul/">Consul Enterprise</a>{' '}
|
||||||
|
with the Governance and Policy module.
|
||||||
</EnterpriseAlert>
|
</EnterpriseAlert>
|
||||||
|
|
||||||
With Consul Enterprise v1.7.0, data for different users or teams
|
With Consul Enterprise v1.7.0, data for different users or teams
|
||||||
|
|
|
@ -10,7 +10,9 @@ description: |-
|
||||||
# Network Segments
|
# Network Segments
|
||||||
|
|
||||||
<EnterpriseAlert>
|
<EnterpriseAlert>
|
||||||
This feature requires <a href="https://www.hashicorp.com/products/consul/">Consul Enterprise</a> with the Global Visibility, Routing, and Scale module.
|
This feature requires{' '}
|
||||||
|
<a href="https://www.hashicorp.com/products/consul/">Consul Enterprise</a>{' '}
|
||||||
|
with the Global Visibility, Routing, and Scale module.
|
||||||
</EnterpriseAlert>
|
</EnterpriseAlert>
|
||||||
|
|
||||||
Consul Network Segments enables operators to create separate LAN gossip segments
|
Consul Network Segments enables operators to create separate LAN gossip segments
|
||||||
|
|
|
@ -12,7 +12,9 @@ description: >-
|
||||||
# Enhanced Read Scalability with Non-Voting Servers
|
# Enhanced Read Scalability with Non-Voting Servers
|
||||||
|
|
||||||
<EnterpriseAlert>
|
<EnterpriseAlert>
|
||||||
This feature requires <a href="https://www.hashicorp.com/products/consul/">Consul Enterprise</a> with the Global Visibility, Routing, and Scale module.
|
This feature requires{' '}
|
||||||
|
<a href="https://www.hashicorp.com/products/consul/">Consul Enterprise</a>{' '}
|
||||||
|
with the Global Visibility, Routing, and Scale module.
|
||||||
</EnterpriseAlert>
|
</EnterpriseAlert>
|
||||||
|
|
||||||
Consul Enterprise provides the ability to scale clustered Consul servers
|
Consul Enterprise provides the ability to scale clustered Consul servers
|
||||||
|
|
|
@ -10,7 +10,9 @@ description: >-
|
||||||
# Redundancy Zones
|
# Redundancy Zones
|
||||||
|
|
||||||
<EnterpriseAlert>
|
<EnterpriseAlert>
|
||||||
This feature requires <a href="https://www.hashicorp.com/products/consul/">Consul Enterprise</a> with the Global Visibility, Routing, and Scale module.
|
This feature requires{' '}
|
||||||
|
<a href="https://www.hashicorp.com/products/consul/">Consul Enterprise</a>{' '}
|
||||||
|
with the Global Visibility, Routing, and Scale module.
|
||||||
</EnterpriseAlert>
|
</EnterpriseAlert>
|
||||||
|
|
||||||
Consul Enterprise redundancy zones provide
|
Consul Enterprise redundancy zones provide
|
||||||
|
|
|
@ -11,7 +11,9 @@ description: >-
|
||||||
# Sentinel in Consul
|
# Sentinel in Consul
|
||||||
|
|
||||||
<EnterpriseAlert>
|
<EnterpriseAlert>
|
||||||
This feature requires <a href="https://www.hashicorp.com/products/consul/">Consul Enterprise</a> with the Governance and Policy module.
|
This feature requires{' '}
|
||||||
|
<a href="https://www.hashicorp.com/products/consul/">Consul Enterprise</a>{' '}
|
||||||
|
with the Governance and Policy module.
|
||||||
</EnterpriseAlert>
|
</EnterpriseAlert>
|
||||||
|
|
||||||
Sentinel policies extend the ACL system in Consul beyond static "read", "write",
|
Sentinel policies extend the ACL system in Consul beyond static "read", "write",
|
||||||
|
|
|
@ -11,7 +11,8 @@ description: >-
|
||||||
# Automated Upgrades
|
# Automated Upgrades
|
||||||
|
|
||||||
<EnterpriseAlert>
|
<EnterpriseAlert>
|
||||||
This feature is available in all versions of <a href="https://www.hashicorp.com/products/consul/">Consul Enterprise</a>.
|
This feature is available in all versions of{' '}
|
||||||
|
<a href="https://www.hashicorp.com/products/consul/">Consul Enterprise</a>.
|
||||||
</EnterpriseAlert>
|
</EnterpriseAlert>
|
||||||
|
|
||||||
Consul Enterprise enables the capability of automatically upgrading a cluster of Consul servers to a new
|
Consul Enterprise enables the capability of automatically upgrading a cluster of Consul servers to a new
|
||||||
|
|
|
@ -2,10 +2,7 @@
|
||||||
layout: docs
|
layout: docs
|
||||||
page_title: Network Coordinates
|
page_title: Network Coordinates
|
||||||
sidebar_title: Network Coordinates
|
sidebar_title: Network Coordinates
|
||||||
description: ''
|
description: A Decentralized Network Coordinate System, with several improvements based on several follow-on papers.
|
||||||
Serf uses a network tomography system to compute network coordinates for nodes in the cluster. These coordinates are useful for easily calculating the estimated network round trip time between any two nodes in the cluster. This page documents the details of this system. The core of the network tomography system us based on Vivaldi: >-
|
|
||||||
A Decentralized Network Coordinate System, with several improvements based on
|
|
||||||
several follow-on papers.
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Network Coordinates
|
# Network Coordinates
|
||||||
|
|
|
@ -792,7 +792,7 @@ and consider if they're appropriate for your deployment.
|
||||||
for the mesh gateway from.
|
for the mesh gateway from.
|
||||||
Can be set to either: `Service`, `NodeIP`, `NodeName` or `Static`. See the behavior of each below:
|
Can be set to either: `Service`, `NodeIP`, `NodeName` or `Static`. See the behavior of each below:
|
||||||
|
|
||||||
* `Service` - Determine the address based on the service type.
|
- `Service` - Determine the address based on the service type.
|
||||||
|
|
||||||
If `service.type=LoadBalancer` use the external IP or hostname of
|
If `service.type=LoadBalancer` use the external IP or hostname of
|
||||||
the service. Use the port set by `service.port`.
|
the service. Use the port set by `service.port`.
|
||||||
|
@ -805,13 +805,13 @@ and consider if they're appropriate for your deployment.
|
||||||
|
|
||||||
`service.type=ExternalName` is not supported.
|
`service.type=ExternalName` is not supported.
|
||||||
|
|
||||||
* `NodeIP` - The node IP as provided by the Kubernetes downward API.
|
- `NodeIP` - The node IP as provided by the Kubernetes downward API.
|
||||||
|
|
||||||
* `NodeName` - The name of the node as provided by the Kubernetes downward
|
- `NodeName` - The name of the node as provided by the Kubernetes downward
|
||||||
API. This is useful if the node names are DNS entries that
|
API. This is useful if the node names are DNS entries that
|
||||||
are routable from other datacenters.
|
are routable from other datacenters.
|
||||||
|
|
||||||
* `Static` - Use the address hardcoded in `meshGateway.wanAddress.static`.
|
- `Static` - Use the address hardcoded in `meshGateway.wanAddress.static`.
|
||||||
|
|
||||||
- `port` ((#v-meshgateway-wanaddress-port)) (`integer: 443`) - Port that gets registered for WAN traffic.
|
- `port` ((#v-meshgateway-wanaddress-port)) (`integer: 443`) - Port that gets registered for WAN traffic.
|
||||||
If source is set to "Service" then this setting will have no effect.
|
If source is set to "Service" then this setting will have no effect.
|
||||||
|
|
|
@ -195,16 +195,14 @@ export default function HomePage() {
|
||||||
title: 'Getting Started',
|
title: 'Getting Started',
|
||||||
category: 'Step-by-Step Guides',
|
category: 'Step-by-Step Guides',
|
||||||
time: '48 mins',
|
time: '48 mins',
|
||||||
link:
|
link: 'https://learn.hashicorp.com/consul/getting-started/install',
|
||||||
'https://learn.hashicorp.com/consul/getting-started/install',
|
|
||||||
image: require('./img/learn/getting-started.svg?url'),
|
image: require('./img/learn/getting-started.svg?url'),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
title: 'Run Consul on Kubernetes',
|
title: 'Run Consul on Kubernetes',
|
||||||
category: 'Step-by-Step Guides',
|
category: 'Step-by-Step Guides',
|
||||||
time: '142 mins',
|
time: '142 mins',
|
||||||
link:
|
link: 'https://learn.hashicorp.com/consul/kubernetes/minikube',
|
||||||
'https://learn.hashicorp.com/consul/kubernetes/minikube',
|
|
||||||
image: require('./img/learn/kubernetes.svg?url'),
|
image: require('./img/learn/kubernetes.svg?url'),
|
||||||
},
|
},
|
||||||
]}
|
]}
|
||||||
|
|
Loading…
Reference in New Issue