From c3618e5f82e4861753db9a549638d1b104ec7400 Mon Sep 17 00:00:00 2001 From: David Yu Date: Mon, 10 Jul 2023 22:08:58 +0000 Subject: [PATCH 1/7] backport of commit 3ef758cefb78124d160bd69681fbb226b062e399 --- .../content/docs/k8s/l7-traffic/route-to-virtual-services.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/content/docs/k8s/l7-traffic/route-to-virtual-services.mdx b/website/content/docs/k8s/l7-traffic/route-to-virtual-services.mdx index c8951d356cf6..0852f81196fe 100644 --- a/website/content/docs/k8s/l7-traffic/route-to-virtual-services.mdx +++ b/website/content/docs/k8s/l7-traffic/route-to-virtual-services.mdx @@ -20,7 +20,7 @@ Complete the following steps to configure failover service instances in Consul o ## Requirements -- `consul-k8s` v1.2.0-beta1 or newer. +- `consul-k8s` v1.2.0 or newer. - Consul service mesh must be enabled. Refer to [How does Consul service mesh work on Kubernetes](/consul/docs/k8s/connect). - Proxies must be configured to run in transparent proxy mode. - To query virtual DNS names, you must use Consul DNS. @@ -119,4 +119,4 @@ You can query the KubeDNS if the real and virtual services are in the same Kuber http://virtual-api..svc.cluster.local ``` -Note that you cannot use KubeDNS if a corresponding Kubernetes service and pod do not exist. \ No newline at end of file +Note that you cannot use KubeDNS if a corresponding Kubernetes service and pod do not exist. From 4aa1a3f12d3d4a4593ad965d4d4443f69093b3ec Mon Sep 17 00:00:00 2001 From: David Yu Date: Tue, 11 Jul 2023 00:23:15 +0000 Subject: [PATCH 2/7] backport of commit f7c54b6ce2ac3bb185a12aad5f649f4eed237cca --- .../connect/cluster-peering/usage/establish-peering.mdx | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/website/content/docs/k8s/connect/cluster-peering/usage/establish-peering.mdx b/website/content/docs/k8s/connect/cluster-peering/usage/establish-peering.mdx index 167d4fdceced..a7fe4f2a40ca 100644 --- a/website/content/docs/k8s/connect/cluster-peering/usage/establish-peering.mdx +++ b/website/content/docs/k8s/connect/cluster-peering/usage/establish-peering.mdx @@ -59,7 +59,7 @@ To use cluster peering with Consul on Kubernetes deployments, update the Helm ch ``` ```shell-session - $ helm install ${HELM_RELEASE_NAME1} hashicorp/consul --create-namespace --namespace consul --version "1.0.1" --values values.yaml --set global.datacenter=dc1 --kube-context $CLUSTER1_CONTEXT + $ helm install ${HELM_RELEASE_NAME1} hashicorp/consul --create-namespace --namespace consul --version "1.2.0" --values values.yaml --set global.datacenter=dc1 --kube-context $CLUSTER1_CONTEXT ``` 1. In `cluster-02`, run the following commands: @@ -69,9 +69,11 @@ To use cluster peering with Consul on Kubernetes deployments, update the Helm ch ``` ```shell-session - $ helm install ${HELM_RELEASE_NAME2} hashicorp/consul --create-namespace --namespace consul --version "1.0.1" --values values.yaml --set global.datacenter=dc2 --kube-context $CLUSTER2_CONTEXT + $ helm install ${HELM_RELEASE_NAME2} hashicorp/consul --create-namespace --namespace consul --version "1.2.0" --values values.yaml --set global.datacenter=dc2 --kube-context $CLUSTER2_CONTEXT ``` +1. For both clusters apply `Mesh` Config entry values provided in [Mesh Gateway Specificaions](/consul/docs/k8s/connect/cluster-peering/tech-specs#mesh-gateway-specifications) to enable establsihing peering connections over Mesh Gateways. + ### Configure the mesh gateway mode for traffic between services In Kubernetes deployments, you can configure mesh gateways to use `local` mode so that a service dialing a service in a remote peer dials the remote mesh gateway instead of the local mesh gateway. To configure the mesh gateway mode so that this traffic always leaves through the local mesh gateway, you can use the `ProxyDefaults` CRD. @@ -452,4 +454,4 @@ For Consul Enterprise, the permissions apply to all imported services in the ser Refer to [Reading servers](/consul/docs/connect/config-entries/exported-services#reading-services) in the `exported-services` configuration entry documentation for example rules. -For additional information about how to configure and use ACLs, refer to [ACLs system overview](/consul/docs/security/acl). \ No newline at end of file +For additional information about how to configure and use ACLs, refer to [ACLs system overview](/consul/docs/security/acl). From feec7d95a10a1b93d3be8ff5dfef7d94ab0d9493 Mon Sep 17 00:00:00 2001 From: David Yu Date: Tue, 11 Jul 2023 00:24:44 +0000 Subject: [PATCH 3/7] backport of commit 6b2e88c154c2cab5bf6f013417d6b134171f16c0 --- .../content/docs/k8s/connect/cluster-peering/tech-specs.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/content/docs/k8s/connect/cluster-peering/tech-specs.mdx b/website/content/docs/k8s/connect/cluster-peering/tech-specs.mdx index cfe4ba7aebc5..2d27a4f369fc 100644 --- a/website/content/docs/k8s/connect/cluster-peering/tech-specs.mdx +++ b/website/content/docs/k8s/connect/cluster-peering/tech-specs.mdx @@ -41,7 +41,7 @@ Refer to the following example Helm configuration: ```yaml global: name: consul - image: "hashicorp/consul:1.14.1" + image: "hashicorp/consul:1.16.0" peering: enabled: true tls: @@ -166,4 +166,4 @@ If ACLs are enabled, you must add tokens to grant the following permissions: - Grant `service:write` permissions to services that define mesh gateways in their server definition. - Grant `service:read` permissions for all services on the partition. -- Grant `mesh:write` permissions to the mesh gateways that participate in cluster peering connections. This permission allows a leaf certificate to be issued for mesh gateways to terminate TLS sessions for HTTP requests. \ No newline at end of file +- Grant `mesh:write` permissions to the mesh gateways that participate in cluster peering connections. This permission allows a leaf certificate to be issued for mesh gateways to terminate TLS sessions for HTTP requests. From 45bb7659c56a33b964822f092eb3bd24008001e5 Mon Sep 17 00:00:00 2001 From: David Yu Date: Tue, 11 Jul 2023 00:27:20 +0000 Subject: [PATCH 4/7] backport of commit 87dc79fddb162451ce9dd6d46615397dccb22dc9 --- .../k8s/connect/cluster-peering/usage/establish-peering.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/k8s/connect/cluster-peering/usage/establish-peering.mdx b/website/content/docs/k8s/connect/cluster-peering/usage/establish-peering.mdx index a7fe4f2a40ca..1edce462c290 100644 --- a/website/content/docs/k8s/connect/cluster-peering/usage/establish-peering.mdx +++ b/website/content/docs/k8s/connect/cluster-peering/usage/establish-peering.mdx @@ -72,7 +72,7 @@ To use cluster peering with Consul on Kubernetes deployments, update the Helm ch $ helm install ${HELM_RELEASE_NAME2} hashicorp/consul --create-namespace --namespace consul --version "1.2.0" --values values.yaml --set global.datacenter=dc2 --kube-context $CLUSTER2_CONTEXT ``` -1. For both clusters apply `Mesh` Config entry values provided in [Mesh Gateway Specificaions](/consul/docs/k8s/connect/cluster-peering/tech-specs#mesh-gateway-specifications) to enable establsihing peering connections over Mesh Gateways. +1. For both clusters apply `Mesh` Config entry values provided in [Mesh Gateway Specificaions](/consul/docs/k8s/connect/cluster-peering/tech-specs#mesh-gateway-specifications) to allow establishing peering connections over Mesh Gateways. ### Configure the mesh gateway mode for traffic between services From 902f35c56afdc762b2f2397df80a68082cf08815 Mon Sep 17 00:00:00 2001 From: David Yu Date: Tue, 11 Jul 2023 00:28:09 +0000 Subject: [PATCH 5/7] backport of commit 3d9805c133ab6dfde39cd41135a4c7f4048466b5 --- .../k8s/connect/cluster-peering/usage/establish-peering.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/k8s/connect/cluster-peering/usage/establish-peering.mdx b/website/content/docs/k8s/connect/cluster-peering/usage/establish-peering.mdx index 1edce462c290..4865a9a3d9ec 100644 --- a/website/content/docs/k8s/connect/cluster-peering/usage/establish-peering.mdx +++ b/website/content/docs/k8s/connect/cluster-peering/usage/establish-peering.mdx @@ -72,7 +72,7 @@ To use cluster peering with Consul on Kubernetes deployments, update the Helm ch $ helm install ${HELM_RELEASE_NAME2} hashicorp/consul --create-namespace --namespace consul --version "1.2.0" --values values.yaml --set global.datacenter=dc2 --kube-context $CLUSTER2_CONTEXT ``` -1. For both clusters apply `Mesh` Config entry values provided in [Mesh Gateway Specificaions](/consul/docs/k8s/connect/cluster-peering/tech-specs#mesh-gateway-specifications) to allow establishing peering connections over Mesh Gateways. +1. For both clusters apply the `Mesh` configuration entry values provided in [Mesh Gateway Specifications](/consul/docs/k8s/connect/cluster-peering/tech-specs#mesh-gateway-specifications) to allow establishing peering connections over mesh gateways. ### Configure the mesh gateway mode for traffic between services From 4c617ccc92dcf68d7119f8f6d9ed090f38211b43 Mon Sep 17 00:00:00 2001 From: David Yu Date: Tue, 11 Jul 2023 00:35:40 +0000 Subject: [PATCH 6/7] backport of commit e76ec0a1937e7722edc554d96fa3e792bd1f56a0 --- website/content/docs/k8s/l7-traffic/failover-tproxy.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/k8s/l7-traffic/failover-tproxy.mdx b/website/content/docs/k8s/l7-traffic/failover-tproxy.mdx index 81bdc5e8672d..c08d8c3ac5d8 100644 --- a/website/content/docs/k8s/l7-traffic/failover-tproxy.mdx +++ b/website/content/docs/k8s/l7-traffic/failover-tproxy.mdx @@ -18,7 +18,7 @@ Complete the following steps to configure failover service instances in Consul o ## Requirements -- `consul-k8s` v1.2.0-beta1 or newer. +- `consul-k8s` v1.2.0 or newer. - Consul service mesh must be enabled. Refer to [How does Consul Service Mesh Work on Kubernetes](/consul/docs/k8s/connect). - Proxies must be configured to run in transparent proxy mode. - To query virtual DNS names, you must use Consul DNS. From d33684b21d1b2e4d39474bb66a1673696af180c2 Mon Sep 17 00:00:00 2001 From: David Yu Date: Tue, 11 Jul 2023 22:22:50 +0000 Subject: [PATCH 7/7] backport of commit 4b03ba27c1190e02af46e52261a2417534fdf3f4 --- .../k8s/connect/cluster-peering/usage/establish-peering.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/k8s/connect/cluster-peering/usage/establish-peering.mdx b/website/content/docs/k8s/connect/cluster-peering/usage/establish-peering.mdx index 4865a9a3d9ec..375886132e50 100644 --- a/website/content/docs/k8s/connect/cluster-peering/usage/establish-peering.mdx +++ b/website/content/docs/k8s/connect/cluster-peering/usage/establish-peering.mdx @@ -48,7 +48,7 @@ After you provision a Kubernetes cluster and set up your kubeconfig file to mana $ export CLUSTER2_CONTEXT= ``` -### Update the Helm chart +### Install Consul using Helm and configure peering over mesh gateways To use cluster peering with Consul on Kubernetes deployments, update the Helm chart with [the required values](/consul/docs/k8s/connect/cluster-peering/tech-specs#helm-requirements). After updating the Helm chart, you can use the `consul-k8s` CLI to apply `values.yaml` to each cluster.