mirror of
https://github.com/status-im/consul.git
synced 2025-01-23 03:59:18 +00:00
78938c163a
* update main apigw overview * moved the tech specs to main gw folder * merged tech specs into single topic * restructure nav part 1 * fix typo in nav json file * moved k8s install up one level * restructure nav part 2 * moved and created all listeners and routes content * moved errors ref and upgrades * fix error in upgrade-k8s link * moved conf refs to appropriate spots * updated conf overview * fixed some links and bad formatting * fixed link * added JWT on VMs usage page * added JWT conf to APIGW conf entry * added JWTs to HTTP route conf entry * added new gatwaypolicy k8s conf reference * added metadesc for gatewaypolicy conf ref * added http route auth filter k8s conf ref * added http route auth filter k8s conf ref to nav * updates to k8s route conf ref to include extensionRef * added JWTs usage page for k8s * fixed link in gwpolicy conf ref * added openshift installation info to installation pages * fixed bad link on tech specs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * fixed VerityClaims param * best guess at verifyclaims params * tweaks to gateway policy dconf ref * Docs/ce 475 retries timeouts for apigw (#19086) * added timeout and retry conf ref for k8s * added retry and TO filters to HTTP routes conf ref for VMs * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * fix copy/paste error in http route conf entry --------- Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * update links across site and add redirects * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> * Applied feedback from review * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Update CRD configuration for responseHeaderModifiers * Update Config Entry for http-route * Add ResponseFilter example to service * Update website/redirects.js errant curly brace breaking the preview * fix links and bad MD * fixed md formatting issues * fix formatting errors * fix formatting errors * Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx * Apply suggestions from code review * fixed typo * Fix headers in http-route * Apply suggestions from code review Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com>
121 lines
4.4 KiB
Plaintext
121 lines
4.4 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: Define API gateway routes on virtual machines
|
|
description: Learn how to define and attach HTTP and TCP routes to Consul API gateway listeners so that requests from external clients can reach services in the mesh.
|
|
---
|
|
|
|
# Define API gateway routes on virtual machines
|
|
|
|
This topic describes how to configure HTTP and TCP routes and attach them to Consul API gateway listeners. Routes are rule-based configurations that allow external clients to send requests to services in the mesh.
|
|
|
|
## Overview
|
|
|
|
The following steps describe the general workflow for defining and deploying routes:
|
|
|
|
1. Define routes in an HTTP or TCP configuration entry. The configuration entry includes rules for routing requests, target services in the mesh for the traffic, and the name of the gateway to attach to.
|
|
1. Deploy the configuration entry to create the routes and attach them to the gateway.
|
|
|
|
Routes and the gateways they are attached to are eventually-consistent objects. They provide feedback about their current state through a series of status conditions. As a result, you must manually check the route status to determine if the route is bound to the gateway successfully.
|
|
|
|
## Requirements
|
|
|
|
The following requirements must be satisfied to use API gateways on VMs:
|
|
|
|
- Consul 1.15 or later
|
|
- A Consul cluster with service mesh enabled. Refer to [`connect`](/consul/docs/agent/config/config-files#connect)
|
|
- Network connectivity between the machine deploying the API Gateway and a Consul cluster agent or server
|
|
|
|
### ACL requirements
|
|
|
|
If ACLs are enabled, you must present a token with the following permissions to
|
|
configure Consul and deploy API gateway routes:
|
|
|
|
- `mesh: read`
|
|
- `mesh: write`
|
|
|
|
Refer [Mesh Rules](/consul/docs/security/acl/acl-rules#mesh-rules) for
|
|
additional information about configuring policies that enable you to interact
|
|
with Consul API gateway configurations.
|
|
|
|
## Define the routes
|
|
|
|
Define route configurations and bind them to listeners configured on the gateway so that Consul can route incoming requests to services in the mesh.
|
|
|
|
1. Create a route configuration entry file and specify the following settings:
|
|
- `Kind`: Set to `http` or `tcp`.
|
|
- `Name`: Specify a name for the route. The name is metadata that you can use to reference the configuration when performing Consul operations.
|
|
- `Parents`: Specifies a list of API gateways that the route binds to.
|
|
- `Rules`: If you are configuring HTTP routes, define a list of routing rules for constructing a routing table that maps listeners to services. Each member of the list is a map that may containing the following fields:
|
|
- `Filters`
|
|
- `Matches`
|
|
- `Services`
|
|
|
|
Refer to the [HTTP route configuration entry](/consul/docs/connect/config-entries/http-route) and [TCP route configuration entry](/consul/docs/connect/config-entries/tcp-route) reference for details about configuring routes.
|
|
|
|
1. Configure any additional fields necessary for your use case, such as the namespace or admin partition.
|
|
1. Save the configuration.
|
|
|
|
|
|
The following example routes requests from the listener on the API gateway at port `8443` to services in Consul based on the path of the request. When an incoming request starts at path `/`, Consul forwards 90 percent of the requests to the `ui` service and 10 percent to `experimental-ui`. Consul also forwards requests starting with `/api` to `api`.
|
|
|
|
```hcl
|
|
Kind = "http-route"
|
|
Name = "my-http-route"
|
|
|
|
// Rules define how requests will be routed
|
|
Rules = [
|
|
// Send all requests to UI services with 10% going to the "experimental" UI
|
|
{
|
|
Matches = [
|
|
{
|
|
Path = {
|
|
Match = "prefix"
|
|
Value = "/"
|
|
}
|
|
}
|
|
]
|
|
Services = [
|
|
{
|
|
Name = "ui"
|
|
Weight = 90
|
|
},
|
|
{
|
|
Name = "experimental-ui"
|
|
Weight = 10
|
|
}
|
|
]
|
|
},
|
|
// Send all requests that start with the path `/api` to the API service
|
|
{
|
|
Matches = [
|
|
{
|
|
Path = {
|
|
Match = "prefix"
|
|
Value = "/api"
|
|
}
|
|
}
|
|
]
|
|
Services = [
|
|
{
|
|
Name = "api"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
|
|
Parents = [
|
|
{
|
|
Kind = "api-gateway"
|
|
Name = "my-gateway"
|
|
SectionName = "my-http-listener"
|
|
}
|
|
]
|
|
```
|
|
|
|
## Deploy the route configuration
|
|
|
|
Run the `consul config write` command to attach the routes to the specified gateways. The following example writes a configuration called `my-http-route.hcl`:
|
|
|
|
```shell-session
|
|
$ consul config write my-http-route.hcl
|
|
``` |