mirror of
https://github.com/status-im/consul.git
synced 2025-01-24 20:51:10 +00:00
252 lines
8.7 KiB
Plaintext
252 lines
8.7 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: 'Configuration Entry Kind: Service Resolver'
|
|
sidebar_title: service-resolver
|
|
description: >-
|
|
The `service-resolver` config entry kind controls which service instances
|
|
should satisfy Connect upstream discovery requests for a given service name.
|
|
---
|
|
|
|
# Service Resolver
|
|
|
|
-> **1.6.0+:** This config entry is available in Consul versions 1.6.0 and newer.
|
|
|
|
The `service-resolver` config entry kind controls which service instances
|
|
should satisfy Connect upstream discovery requests for a given service name.
|
|
|
|
If no resolver config is defined the chain assumes 100% of traffic goes to the
|
|
healthy instances of the default service in the current datacenter+namespace
|
|
and discovery terminates.
|
|
|
|
## Interaction with other Config Entries
|
|
|
|
- Service resolver config entries are a component of [L7 Traffic
|
|
Management](/docs/connect/l7-traffic-management).
|
|
|
|
## Sample Config Entries
|
|
|
|
Create service subsets based on a version metadata and override the defaults:
|
|
|
|
```hcl
|
|
Kind = "service-resolver"
|
|
Name = "web"
|
|
DefaultSubset = "v1"
|
|
Subsets = {
|
|
"v1" = {
|
|
Filter = "Service.Meta.version == v1"
|
|
}
|
|
"v2" = {
|
|
Filter = "Service.Meta.version == v2"
|
|
}
|
|
}
|
|
```
|
|
|
|
Expose a set of services in another datacenter as a virtual service:
|
|
|
|
```hcl
|
|
Kind = "service-resolver"
|
|
Name = "web-dc2"
|
|
Redirect {
|
|
Service = "web"
|
|
Datacenter = "dc2"
|
|
}
|
|
```
|
|
|
|
Enable failover for all subsets:
|
|
|
|
```hcl
|
|
Kind = "service-resolver"
|
|
Name = "web"
|
|
ConnectTimeout = "15s"
|
|
Failover = {
|
|
"*" = {
|
|
Datacenters = ["dc3", "dc4"]
|
|
}
|
|
}
|
|
```
|
|
|
|
Representation of the defaults when a resolver is not configured:
|
|
|
|
```hcl
|
|
Kind = "service-resolver"
|
|
Name = "web"
|
|
```
|
|
|
|
Apply consistent load balancing for requests based on `x-user-id` header:
|
|
|
|
```hcl
|
|
Kind = "service-resolver"
|
|
Name = "web"
|
|
|
|
LoadBalancer = {
|
|
Policy = "maglev"
|
|
HashPolicies = [
|
|
{
|
|
Field = "header"
|
|
FieldValue = "x-user-id"
|
|
}
|
|
]
|
|
}
|
|
```
|
|
|
|
## Available Fields
|
|
|
|
- `Kind` - Must be set to `service-resolver`
|
|
|
|
- `Name` `(string: <required>)` - Set to the name of the service being configured.
|
|
|
|
- `ConnectTimeout` `(duration: 0s)` - The timeout for establishing new network
|
|
connections to this service.
|
|
|
|
- `DefaultSubset` `(string: "")` - The subset to use when no explicit subset is
|
|
requested. If empty the unnamed subset is used.
|
|
|
|
- `Subsets` `(map[string]ServiceResolverSubset)` - A map of subset name to
|
|
subset definition for all usable named subsets of this service. The map key
|
|
is the name of the subset and all names must be valid DNS subdomain elements.
|
|
|
|
This may be empty, in which case only the unnamed default subset will be
|
|
usable.
|
|
|
|
- `Filter` `(string: "")` - The
|
|
[filter expression](/api/features/filtering) to be used for selecting
|
|
instances of the requested service. If empty all healthy instances are
|
|
returned. This expression can filter on the same selectors as the
|
|
[Health API endpoint](/api/health#filtering-2).
|
|
|
|
- `OnlyPassing` `(bool: false)` - Specifies the behavior of the resolver's
|
|
health check interpretation. If this is set to false, instances with checks
|
|
in the passing as well as the warning states will be considered healthy. If
|
|
this is set to true, only instances with checks in the passing state will
|
|
be considered healthy.
|
|
|
|
- `Redirect` `(ServiceResolverRedirect: <optional>)` - When configured, all
|
|
attempts to resolve the service this resolver defines will be substituted for
|
|
the supplied redirect EXCEPT when the redirect has already been applied.
|
|
|
|
When substituting the supplied redirect into the all other fields besides
|
|
`Kind`, `Name`, and `Redirect` will be ignored.
|
|
|
|
- `Service` `(string: "")` - A service to resolve instead of the current
|
|
service.
|
|
|
|
- `ServiceSubset` `(string: "")` - A named subset of the given service to
|
|
resolve instead of one defined as that service's DefaultSubset If empty the
|
|
default subset is used.
|
|
|
|
If this is specified at least one of Service, Datacenter, or Namespace
|
|
should be configured.
|
|
|
|
- `Namespace` `(string: "")` - The namespace to resolve the service from
|
|
instead of the current one.
|
|
|
|
- `Datacenter` `(string: "")` - The datacenter to resolve the service from
|
|
instead of the current one.
|
|
|
|
- `Failover` `(map[string]ServiceResolverFailover`) - Controls when and how to
|
|
reroute traffic to an alternate pool of service instances.
|
|
|
|
The map is keyed by the service subset it applies to and the special
|
|
string `"*"` is a wildcard that applies to any subset not otherwise
|
|
specified here.
|
|
|
|
`Service`, `ServiceSubset`, `Namespace`, and `Datacenters` cannot all be
|
|
empty at once.
|
|
|
|
- `Service` `(string: "")` - The service to resolve instead of the default as
|
|
the failover group of instances during failover.
|
|
|
|
- `ServiceSubset` `(string: "")` - The named subset of the requested service
|
|
to resolve as the failover group of instances. If empty the default subset
|
|
for the requested service is used.
|
|
|
|
- `Namespace` `(string: "")` - The namespace to resolve the requested service
|
|
from to form the failover group of instances. If empty the current
|
|
namespace is used.
|
|
|
|
- `Datacenters` `(array<string>)` - A fixed list of datacenters to try during
|
|
failover.
|
|
|
|
- `LoadBalancer` `(LoadBalancer`) - Determines the load balancing policy and
|
|
configuration for services issuing requests to this upstream.
|
|
This option is available in Consul versions 1.9.0 and newer.
|
|
|
|
- `Policy` `(string: "")` - The load balancing policy used to select a host.
|
|
One of: `random`, `round_robin`, `least_request`, `ring_hash`, `maglev`.
|
|
|
|
- `RingHashConfig` `(RingHashConfig)` - Configuration for the `ring_hash`
|
|
policy type.
|
|
|
|
- `MinimumRingRize` `(int: 1024)` - Determines the minimum number of entries
|
|
in the hash ring.
|
|
|
|
- `MaximumRingRize` `(int: 8192)` - Determines the maximum number of entries
|
|
in the hash ring.
|
|
|
|
- `LeastRequestConfig` `(LeastRequestConfig)` - Configuration for the `least_request`
|
|
policy type.
|
|
|
|
- `ChoiceCount` `(int: 2)` - Determines the number of random healthy hosts
|
|
from which to select the one with the least requests.
|
|
|
|
- `HashPolicies` `(array<HashPolicies>)` - a list of hash policies to use for
|
|
hashing load balancing algorithms. Hash policies are evaluated individually
|
|
and combined such that identical lists result in the same hash.
|
|
If no hash policies are present, or none are successfully evaluated,
|
|
then a random backend host will be selected.
|
|
|
|
- `Field` `(string: "")` - The attribute type to hash on.
|
|
Must be one of `header`,`cookie`, or `query_parameter`.
|
|
Cannot be specified along with `SourceAddress`.
|
|
|
|
- `FieldValue` `(string: "")` - The value to hash.
|
|
ie. header name, cookie name, URL query parameter name.
|
|
Cannot be specified along with `SourceAddress`.
|
|
|
|
- `CookieConfig` `(CookieConfig)` - Additional configuration for the "cookie" hash policy type.
|
|
This is specified to have Envoy generate a cookie for a client on its first request.
|
|
|
|
- `Session` `(bool: false)` - Generates a session cookie with no expiration.
|
|
|
|
- `TTL` `(duration: 0s)` - TTL for generated cookies. Cannot be specified for session cookies.
|
|
|
|
- `Path` `(string: "")` - The path to set for the cookie.
|
|
|
|
- `SourceIP` `(bool: false)` - Determines whether the hash should be of the source IP
|
|
address rather than of a field and field value.
|
|
Cannot be specified along with `Field` or `FieldValue`.
|
|
|
|
- `Terminal` `(bool: false)` - Will short circuit the computation of the hash
|
|
when multiple hash policies are present. If a hash is computed when a
|
|
Terminal policy is evaluated, then that hash will be used and subsequent
|
|
hash policies will be ignored.
|
|
|
|
## Service Subsets
|
|
|
|
A service subset assigns a concrete name to a specific subset of discoverable
|
|
service instances within a datacenter, such as `"version2"` or `"canary"`.
|
|
|
|
A service subset name is useful only when composed with an actual service name,
|
|
a specific datacenter, and namespace.
|
|
|
|
All services have an unnamed default subset that will return all healthy
|
|
instances unfiltered.
|
|
|
|
Subsets are defined in `service-resolver` configuration entries, but are
|
|
referenced by their names throughout the other configuration entry kinds.
|
|
|
|
## ACLs
|
|
|
|
Configuration entries may be protected by
|
|
[ACLs](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
|
|
|
|
Reading a `service-resolver` config entry requires `service:read` on itself.
|
|
|
|
Creating, updating, or deleting a `service-resolver` config entry requires
|
|
`service:write` on itself and `service:read` on any other service referenced by
|
|
name in these fields:
|
|
|
|
- [`Redirect.Service`](#service)
|
|
|
|
- [`Failover[].Service`](#service-1)
|