status-im/consul
2
0
Fork 0
mirror of https://github.com/status-im/consul.git synced 2025-01-23 03:59:18 +00:00
Code Issues Projects Releases Wiki Activity
consul/website/content/docs/connect/gateways/api-gateway/configuration/gatewayclassconfig.mdx
trujillo-adam 78938c163a
Docs/api-gw-jwts-openshift-1-17-x (#19035) 
* update main apigw overview

* moved the tech specs to main gw folder

* merged tech specs into single topic

* restructure nav part 1

* fix typo in nav json file

* moved k8s install up one level

* restructure nav part 2

* moved and created all listeners and routes content

* moved errors ref and upgrades

* fix error in upgrade-k8s link

* moved conf refs to appropriate spots

* updated conf overview

* fixed some links and bad formatting

* fixed link

* added JWT on VMs usage page

* added JWT conf to APIGW conf entry

* added JWTs to HTTP route conf entry

* added new gatwaypolicy k8s conf reference

* added metadesc for gatewaypolicy conf ref

* added http route auth filter k8s conf ref

* added http route auth filter k8s conf ref to nav

* updates to k8s route conf ref to include extensionRef

* added JWTs usage page for k8s

* fixed link in gwpolicy conf ref

* added openshift installation info to installation pages

* fixed bad link on tech specs

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>

* fixed VerityClaims param

* best guess at verifyclaims params

* tweaks to gateway policy dconf ref

* Docs/ce 475 retries timeouts for apigw (#19086)

* added timeout and retry conf ref for k8s

* added retry and TO filters to HTTP routes conf ref for VMs

* Apply suggestions from code review

Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>

* fix copy/paste error in http route conf entry

---------

Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>

* update links across site and add redirects

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Thomas Eckert <teckert@hashicorp.com>

* Applied feedback from review

* Apply suggestions from code review

* Apply suggestions from code review

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>

* Update CRD configuration for responseHeaderModifiers

* Update Config Entry for http-route

* Add ResponseFilter example to service

* Update website/redirects.js

errant curly brace breaking the preview

* fix links and bad MD

* fixed md formatting issues

* fix formatting errors

* fix formatting errors

* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx

* Apply suggestions from code review

* fixed typo

* Fix headers in http-route

* Apply suggestions from code review

Co-authored-by: John Maguire <john.maguire@hashicorp.com>
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>
Co-authored-by: Thomas Eckert <teckert@hashicorp.com>
Co-authored-by: John Maguire <john.maguire@hashicorp.com>
2023-10-10 13:29:55 -07:00

218 lines
8.9 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: GatewayClassConfig Resource Configuration
description: >-
The `GatewayClassConfig` resource specifies connection information and settings that Consul API Gateway uses to connect to Consul. Learn about its configuration model and reference specifications, and review an example configuration.
---
# GatewayClassConfig Resource Configuration
This topic provides full details about the `GatewayClassConfig` resource.
## Introduction
The `GatewayClassConfig` object contains Consul API Gateway-related configuration parameters. Apply the parameters by adding the [`GatewayClass`](#gatewayclass) object to your Kubernetes values file and specifying the name of the `GatewayClassConfig`.
## Configuration model
The following outline shows how to format the configurations in the `GatewayClassConfig` object. Click on a property name to view details about the configuration.
* [`consul`](#consul): object | optional
* [`address`](#consul-address): string | optional
* [`authentication`](#consul-authentication): object | optional
* [`account`](#consul-authentication-account): string | optional
* [`managed`](#consul-authentication-managed): bool | optional
* [`method`](#consul-authentication-method): string | optional
* [`namespace`](#consul-authentication-namespace): string | optional
* [`ports`](#consul-ports): object | optional
* [`grpc`](#consul-ports-grpc): integer | optional
* [`http`](#consul-ports-http): integer | optional
* [`scheme`](#consul-scheme): string | optional
* [`copyAnnotations`](#copyAnnotations): object | optional
* [`service`](#copyAnnotations-service): array of strings | optional
* [`deployment`](#deployment): object | optional
* [`defaultInstances`](#deployment-defaultinstances): integer | optional
* [`maxInstances`](#deployment-maxinstances): integer | optional
* [`minInstances`](#deployment-mininstances): integer | optional
* [`image`](#image): object | optional
* [`consulAPIGateway`](#image-consulapigateway): string | optional
* [`envoy`](#image-envoy): string | optional
* [`logLevel`](#loglevel): string | optional
* [`matchPrivilegedContainerPorts`](#matchPrivilegedContainerPorts): integer | optional
* [`nodeSelector`](#nodeselector): string | optional
* [`openshiftSCCName`](#openshiftSCCName): string | optional
* [`serviceType`](#servicetype): string | optional
* [`useHostPorts`](#usehostports): boolean | optional
## Specification
This topic provides details about the configuration parameters.
### consul
Specifies configurations that enable an instance of Consul API Gateway to interact with Consul.
* Type: object
* Required: optional
### consul.address
Specifies the address of the Consul server that the `Gateway` communicates with in the gateway pod. If unspecified, the pod attempts to use a local agent on the host where the pod is running.
* Type: string
* Required: optional
* Default: local agent
### consul.authentication.account
Specifies the [Kubernetes service account](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) to use for authentication.
* Type: string
* Required: optional
### consul.authentication.managed
Set to `true` to enable deployments to run with managed service accounts created by the gateway controller. The `consul.authentication.account` field is ignored when this option is enabled.
* Type: boolean
* Required: optional
* Default: `false`
### consul.authentication.method
Specifies the [Consul auth method](/consul/docs/security/acl/auth-methods) used for initial authentication by Consul API Gateway.
* Type: string
* Required: optional
### consul.authentication.namespace
Specifies the Consul namespace to use for authentication.
* Type: string
* Required: optional
### consul.ports.grpc
Specifies the gRPC port for Consul's xDS server.
* Type: integer
* Required: optional
* Default: `8502`
### consul.ports.http
Specifies the Consul HTTP port to use for authentication.
* Type: integer
* Required: optional
* Default: `8500`
### consul.scheme
Specifies the scheme to use for connecting to Consul.
* Type: string
* Required: optional
* Default: `http`
You can specify the following strings:
* `http`
* `https`
### copyAnnotations.service
Specifies an array of Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to copy to the gateway service.
* Type: Array of strings
* Required: optional
### deployment.defaultInstances
Specifies the number of gateway instances to deploy per gateway configuration.
* Type: Integer
* Required: optional
* Default: `1`
### deployment.maxInstances
Specifies the maximum allowed number of gateway instances per gateway configuration.
* Type: Integer
* Required: optional
* Default: `8`
### deployment.minInstances
Specifies the minimum allowed number of gateway instances per gateway configuration.
* Type: Integer
* Required: optional
* Default: `1`
### image.consulAPIGateway
Specifies the Docker image to use for the `consul-api-gateway` container. View available image tags on [DockerHub](https://hub.docker.com/r/hashicorp/consul-api-gateway/tags).
The default value is suitable for most deployments, but you may require a specific version of the Consul API Gateway depending on your environment.
* Type: string
* Required: optional
* Default: `"hashicorp/consul-api-gateway:RELEASE_VERSION"`
### image.envoy
Specifies the Docker image to use for the Envoy proxy container. View available image tags on [DockerHub](https://hub.docker.com/r/hashicorp/consul-api-gateway/tags).
The default value is suitable for most deployments, but you may require a specific version of Envoy depending on your environment.
* Type: string
* Required: optional
* Default: `"envoyproxy/envoy:RELEASE_VERSION"`
### logLevel
Specifies the error reporting level for logs.
* Type: string
* Required: optional
* Default: `info`
You can specify the following strings:
* `error`
* `warning`
* `info`
* `debug`
* `trace`
### matchPrivilegedContainerPorts
Specifies a value that Consul adds to privileged ports defined in the gateway. Privileged ports are port numbers less than 1024 and some platforms, such as Red Hat OpenShift, explicitly configure Kubernetes to avoid running containers on privileged ports. The total value of the configured port number and the `matchPriviledgedContainerPorts` value must not exceed 65535, which is the highest possible TCP port number allowed.
for gateway containers
* Type: Integer
* Required: optional
You can specify an integer between `0` and `64512`
### nodeSelector
Pods normally run on multiple nodes. You can specify a set of parameters in the `nodeSelector` that constrain the nodes on which the pod can run, enabling the pod to fit on a node. The selector must match a node's labels for the pod to be scheduled on that node. Refer to the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) for additional information.
* Type: string
* Required: optional
### openshiftSCCName
Specifies the OpenShift security context constraint (SCC) for the `GatewayClassConfig` to use. Refer to the [OpenShift SCC documentation](https://docs.openshift.com/container-platform/4.13/authentication/managing-security-context-constraints.html#default-sccs_configuring-internal-oauth) for additional information about the available default SCCs.
* Type: string
* Required: optional
* Default: `restricted-v2`
### serviceType
Specifies the ingress methods for the gateway's Kubernetes service.
* Type: string
* Required: optional
You can specify the following strings:
* `ClusterIP`: The gateway is only accessible from inside the cluster.
* `NodePort`: The gateway is exposed on each Kubernetes node at a static port.
* `LoadBalancer`: The gateway is exposed to external traffic by a load balancer.
For more on Kubernetes services, see [Publishing Services](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types).
### useHostPorts
If set to `true`, then the Envoy container ports are mapped to host ports.
* Type: boolean
* Required: optional
* Default: `false`
## Example Configuration
The following example creates a gateway class configuration called `example-gateway-class-config`. Traffic that passes through gateways created from the class configuration authenticates with Consul over HTTPS on port `8501`. Consul client agents communicate with server agents on port `8502`:
<CodeBlockConfig filename="gateway.yaml">
```yaml
apiVersion: api-gateway.consul.hashicorp.com/v1alpha1
kind: GatewayClassConfig
metadata:
name: example-gateway-class-config
spec:
useHostPorts: true
logLevel: 'trace'
consul:
scheme: 'https'
ports:
http: 8501
grpc: 8502
```
</CodeBlockConfig>
Refer to the [Consul API Gateway repository](https://github.com/hashicorp/consul-api-gateway/blob/main/config/crd/bases/api-gateway.consul.hashicorp.com_gatewayclassconfigs.yaml) for the complete specification.
Reference in New Issue View Git Blame Copy Permalink