From 5499de10bf4e5604486a4a1b85a25153cff214ce Mon Sep 17 00:00:00 2001 From: Blake Covarrubias Date: Tue, 19 Sep 2023 08:50:03 -0700 Subject: [PATCH] docs: Fix Kubernetes CRD example configs (#18878) Fixes configuration examples for several Consul Kubernetes CRDs. The CRDs were missing required fields such as `apiVersion`, `metadata`, and `spec`. Co-authored-by: Tu Nguyen --- .../connect/gateways/mesh-gateway/index.mdx | 132 +++++++++--------- .../peering-via-mesh-gateways.mdx | 18 ++- .../service-to-service-traffic-partitions.mdx | 24 ++-- ...ice-to-service-traffic-wan-datacenters.mdx | 24 ++-- .../proxies/envoy-extensions/usage/lua.mdx | 2 +- 5 files changed, 111 insertions(+), 89 deletions(-) diff --git a/website/content/docs/connect/gateways/mesh-gateway/index.mdx b/website/content/docs/connect/gateways/mesh-gateway/index.mdx index f168192e9da0..3100b6f49496 100644 --- a/website/content/docs/connect/gateways/mesh-gateway/index.mdx +++ b/website/content/docs/connect/gateways/mesh-gateway/index.mdx @@ -15,13 +15,13 @@ Datacenters can reside in different clouds or runtime environments where general Mesh gateways can be used with any of the following Consul configrations for managing separate datacenters or partitions. 1. WAN Federation - * [Mesh gateways can be used to route service-to-service traffic between datacenters](/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-wan-datacenters) - * [Mesh gateways can be used to route all WAN traffic, including from Consul servers](/consul/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways) + * [Mesh gateways can be used to route service-to-service traffic between datacenters](/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-wan-datacenters) + * [Mesh gateways can be used to route all WAN traffic, including from Consul servers](/consul/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways) 2. Cluster Peering - * [Mesh gateways can be used to route service-to-service traffic between datacenters](/consul/docs/connect/cluster-peering/usage/establish-cluster-peering) - * [Mesh gateways can be used to route control-plane traffic from Consul servers](/consul/docs/connect/gateways/mesh-gateway/peering-via-mesh-gateways) + * [Mesh gateways can be used to route service-to-service traffic between datacenters](/consul/docs/connect/cluster-peering/usage/establish-cluster-peering) + * [Mesh gateways can be used to route control-plane traffic from Consul servers](/consul/docs/connect/gateways/mesh-gateway/peering-via-mesh-gateways) 3. Admin Partitions - * [Mesh gateways can be used to route service-to-service traffic between admin partitions in the same Consul datacenter](/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions) + * [Mesh gateways can be used to route service-to-service traffic between admin partitions in the same Consul datacenter](/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions) ### Consul @@ -84,21 +84,24 @@ Use the following example configurations to help you understand some of the comm The following `proxy-defaults` configuration will enable gateways for all mesh services in the `local` mode. - + ```hcl Kind = "proxy-defaults" Name = "global" MeshGateway { - Mode = "local" + Mode = "local" } ``` ```yaml -Kind: proxy-defaults -MeshGateway: -- Mode: local -Name: global +apiVersion: consul.hashicorp.com/v1alpha1 +kind: ProxyDefaults +metadata: + name: global +spec: + meshGateway: + mode: local ``` ```json @@ -123,15 +126,18 @@ The following `service-defaults` configuration will enable gateways for all mesh Kind = "service-defaults" Name = "web" MeshGateway { - Mode = "local" + Mode = "local" } ``` ```yaml -Kind: service-defaults -MeshGateway: -- Mode: local -Name: web +apiVersion: consul.hashicorp.com/v1alpha1 +kind: ServiceDefaults +metadata: + name: web +spec: + meshGateway: + mode: local ``` ```json @@ -155,22 +161,22 @@ definition will enable gateways for the service instance in the `remote` mode. ```hcl service { - name = "web-sidecar-proxy" - kind = "connect-proxy" - port = 8181 - proxy { - destination_service_name = "web" - mesh_gateway { - mode = "remote" + name = "web-sidecar-proxy" + kind = "connect-proxy" + port = 8181 + proxy { + destination_service_name = "web" + mesh_gateway { + mode = "remote" + } + upstreams = [ + { + destination_name = "api" + datacenter = "secondary" + local_bind_port = 10000 } - upstreams = [ - { - destination_name = "api" - datacenter = "secondary" - local_bind_port = 10000 - } - ] - } + ] + } } # Or alternatively inline with the service definition: @@ -230,38 +236,38 @@ The following service definition will enable gateways in the `local` mode for on ```hcl service { - name = "web-sidecar-proxy" - kind = "connect-proxy" - port = 8181 - proxy { - destination_service_name = "web" - upstreams = [ - { - destination_name = "api" - destination_peer = "cluster-01" - local_bind_port = 10000 - mesh_gateway { - mode = "remote" - } - }, - { - destination_name = "db" - datacenter = "secondary" - local_bind_port = 10001 - mesh_gateway { - mode = "local" - } - }, - { - destination_name = "logging" - datacenter = "secondary" - local_bind_port = 10002 - mesh_gateway { - mode = "none" - } - }, - ] - } + name = "web-sidecar-proxy" + kind = "connect-proxy" + port = 8181 + proxy { + destination_service_name = "web" + upstreams = [ + { + destination_name = "api" + destination_peer = "cluster-01" + local_bind_port = 10000 + mesh_gateway { + mode = "remote" + } + }, + { + destination_name = "db" + datacenter = "secondary" + local_bind_port = 10001 + mesh_gateway { + mode = "local" + } + }, + { + destination_name = "logging" + datacenter = "secondary" + local_bind_port = 10002 + mesh_gateway { + mode = "none" + } + }, + ] + } } ``` ```json diff --git a/website/content/docs/connect/gateways/mesh-gateway/peering-via-mesh-gateways.mdx b/website/content/docs/connect/gateways/mesh-gateway/peering-via-mesh-gateways.mdx index 806d161fcdc1..305a44d0881c 100644 --- a/website/content/docs/connect/gateways/mesh-gateway/peering-via-mesh-gateways.mdx +++ b/website/content/docs/connect/gateways/mesh-gateway/peering-via-mesh-gateways.mdx @@ -57,7 +57,7 @@ For Consul Enterprise clusters, mesh gateways must be registered in the "default -In addition to the [ACL Configuration](/consul/docs/connect/cluster-peering/tech-specs#acl-specifications) necessary for service-to-service traffic, mesh gateways that route peering control plane traffic must be granted `peering:read` access to all peerings. +In addition to the [ACL Configuration](/consul/docs/connect/cluster-peering/tech-specs#acl-specifications) necessary for service-to-service traffic, mesh gateways that route peering control plane traffic must be granted `peering:read` access to all peerings. This access allows the mesh gateway to list all peerings in a Consul cluster and generate unique routing per peered datacenter. @@ -79,7 +79,7 @@ peering = "read" -In addition to the [ACL Configuration](/consul/docs/connect/cluster-peering/tech-specs#acl-specifications) necessary for service-to-service traffic, mesh gateways that route peering control plane traffic must be granted `peering:read` access to all peerings in all partitions. +In addition to the [ACL Configuration](/consul/docs/connect/cluster-peering/tech-specs#acl-specifications) necessary for service-to-service traffic, mesh gateways that route peering control plane traffic must be granted `peering:read` access to all peerings in all partitions. This access allows the mesh gateway to list all peerings in a Consul cluster and generate unique routing per peered partition. @@ -108,7 +108,7 @@ partition_prefix "" { ### Modes -Connect proxy configuration [Modes](/consul/docs/connect/gateways/mesh-gateway#connect-proxy-configuration#modes) are not applicable to peering control plane traffic. +Connect proxy configuration [Modes](/consul/docs/connect/gateways/mesh-gateway#connect-proxy-configuration#modes) are not applicable to peering control plane traffic. The flow of control plane traffic through the gateway is implied by the presence of a [Mesh config entry](/consul/docs/connect/config-entries/mesh#peer-through-mesh-gateways) with `PeerThroughMeshGateways = true`. @@ -121,13 +121,17 @@ Peering { ``` ```yaml -Kind: mesh -Peeering: - PeerThroughMeshGateways: true +apiVersion: consul.hashicorp.com/v1alpha1 +kind: Mesh +metadata: + name: mesh +spec: + peering: + peerThroughMeshGateways: true ``` -By setting this mesh config on a cluster before [creating a peering token](/consul/docs/connect/cluster-peering/create-manage-peering#create-a-peering-token), inbound control plane traffic will be sent through the mesh gateway registered this cluster, also known the accepting cluster. +By setting this mesh config on a cluster before [creating a peering token](/consul/docs/connect/cluster-peering/create-manage-peering#create-a-peering-token), inbound control plane traffic will be sent through the mesh gateway registered this cluster, also known the accepting cluster. As mesh gateway instances are registered at the accepting cluster, their addresses will be exposed to the dialing cluster over the bi-directional peering stream. Setting this mesh config on a cluster before [establishing a connection](/consul/docs/connect/cluster-peering/create-manage-peering#establish-a-connection-between-clusters) will cause the outbound control plane traffic to flow through the mesh gateway. diff --git a/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions.mdx b/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions.mdx index 28331ff17401..b17d662ecde5 100644 --- a/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions.mdx +++ b/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions.mdx @@ -78,7 +78,7 @@ Use the following example configurations to help you understand some of the comm The following `proxy-defaults` configuration will enable gateways for all mesh services in the `local` mode. - + ```hcl Kind = "proxy-defaults" @@ -89,10 +89,13 @@ MeshGateway { ``` ```yaml -Kind: proxy-defaults -MeshGateway: -- Mode: local -Name: global +apiVersion: consul.hashicorp.com/v1alpha1 +kind: ProxyDefaults +metadata: + name: global +spec: + meshGateway: + mode: local ``` ```json @@ -122,10 +125,13 @@ MeshGateway { ``` ```yaml -Kind: service-defaults -MeshGateway: -- Mode: local -Name: web +apiVersion: consul.hashicorp.com/v1alpha1 +kind: ServiceDefaults +metadata: + name: web +spec: + meshGateway: + mode: local ``` ```json diff --git a/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-wan-datacenters.mdx b/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-wan-datacenters.mdx index 917d925294f2..27e426f8f093 100644 --- a/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-wan-datacenters.mdx +++ b/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-wan-datacenters.mdx @@ -94,7 +94,7 @@ Use the following example configurations to help you understand some of the comm The following `proxy-defaults` configuration will enable gateways for all mesh services in the `local` mode. - + ```hcl Kind = "proxy-defaults" @@ -105,10 +105,13 @@ MeshGateway { ``` ```yaml -Kind: proxy-defaults -MeshGateway: -- Mode: local -Name: global +apiVersion: consul.hashicorp.com/v1alpha1 +kind: ProxyDefaults +metadata: + name: global +spec: + meshGateway: + mode: local ``` ```json @@ -137,10 +140,13 @@ MeshGateway { ``` ```yaml -Kind: service-defaults -MeshGateway: -- Mode: local -Name: web +apiVersion: consul.hashicorp.com/v1alpha1 +kind: ServiceDefaults +metadata: + name: web +spec: + meshGateway: + mode: local ``` ```json diff --git a/website/content/docs/connect/proxies/envoy-extensions/usage/lua.mdx b/website/content/docs/connect/proxies/envoy-extensions/usage/lua.mdx index 496b7d5fa58f..0a468e879d01 100644 --- a/website/content/docs/connect/proxies/envoy-extensions/usage/lua.mdx +++ b/website/content/docs/connect/proxies/envoy-extensions/usage/lua.mdx @@ -225,4 +225,4 @@ end ] ``` - \ No newline at end of file +