Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs updates - cluster peering and virtual services #18069

Merged
merged 7 commits into from
Jul 11, 2023
Merged
Show file tree
Hide file tree
Changes from 6 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ Refer to the following example Helm configuration:
```yaml
global:
name: consul
image: "hashicorp/consul:1.14.1"
image: "hashicorp/consul:1.16.0"
peering:
enabled: true
tls:
Expand Down Expand Up @@ -166,4 +166,4 @@ If ACLs are enabled, you must add tokens to grant the following permissions:

- Grant `service:write` permissions to services that define mesh gateways in their server definition.
- Grant `service:read` permissions for all services on the partition.
- Grant `mesh:write` permissions to the mesh gateways that participate in cluster peering connections. This permission allows a leaf certificate to be issued for mesh gateways to terminate TLS sessions for HTTP requests.
- Grant `mesh:write` permissions to the mesh gateways that participate in cluster peering connections. This permission allows a leaf certificate to be issued for mesh gateways to terminate TLS sessions for HTTP requests.
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ To use cluster peering with Consul on Kubernetes deployments, update the Helm ch
```

```shell-session
$ helm install ${HELM_RELEASE_NAME1} hashicorp/consul --create-namespace --namespace consul --version "1.0.1" --values values.yaml --set global.datacenter=dc1 --kube-context $CLUSTER1_CONTEXT
$ helm install ${HELM_RELEASE_NAME1} hashicorp/consul --create-namespace --namespace consul --version "1.2.0" --values values.yaml --set global.datacenter=dc1 --kube-context $CLUSTER1_CONTEXT
```

1. In `cluster-02`, run the following commands:
Expand All @@ -69,9 +69,11 @@ To use cluster peering with Consul on Kubernetes deployments, update the Helm ch
```

```shell-session
$ helm install ${HELM_RELEASE_NAME2} hashicorp/consul --create-namespace --namespace consul --version "1.0.1" --values values.yaml --set global.datacenter=dc2 --kube-context $CLUSTER2_CONTEXT
$ helm install ${HELM_RELEASE_NAME2} hashicorp/consul --create-namespace --namespace consul --version "1.2.0" --values values.yaml --set global.datacenter=dc2 --kube-context $CLUSTER2_CONTEXT
```

1. For both clusters apply the `Mesh` configuration entry values provided in [Mesh Gateway Specifications](/consul/docs/k8s/connect/cluster-peering/tech-specs#mesh-gateway-specifications) to allow establishing peering connections over mesh gateways.

### Configure the mesh gateway mode for traffic between services

In Kubernetes deployments, you can configure mesh gateways to use `local` mode so that a service dialing a service in a remote peer dials the remote mesh gateway instead of the local mesh gateway. To configure the mesh gateway mode so that this traffic always leaves through the local mesh gateway, you can use the `ProxyDefaults` CRD.
Expand Down Expand Up @@ -452,4 +454,4 @@ For Consul Enterprise, the permissions apply to all imported services in the ser

Refer to [Reading servers](/consul/docs/connect/config-entries/exported-services#reading-services) in the `exported-services` configuration entry documentation for example rules.

For additional information about how to configure and use ACLs, refer to [ACLs system overview](/consul/docs/security/acl).
For additional information about how to configure and use ACLs, refer to [ACLs system overview](/consul/docs/security/acl).
2 changes: 1 addition & 1 deletion website/content/docs/k8s/l7-traffic/failover-tproxy.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ Complete the following steps to configure failover service instances in Consul o

## Requirements

- `consul-k8s` v1.2.0-beta1 or newer.
- `consul-k8s` v1.2.0 or newer.
- Consul service mesh must be enabled. Refer to [How does Consul Service Mesh Work on Kubernetes](/consul/docs/k8s/connect).
- Proxies must be configured to run in transparent proxy mode.
- To query virtual DNS names, you must use Consul DNS.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ Complete the following steps to configure failover service instances in Consul o

## Requirements

- `consul-k8s` v1.2.0-beta1 or newer.
- `consul-k8s` v1.2.0 or newer.
- Consul service mesh must be enabled. Refer to [How does Consul service mesh work on Kubernetes](/consul/docs/k8s/connect).
- Proxies must be configured to run in transparent proxy mode.
- To query virtual DNS names, you must use Consul DNS.
Expand Down Expand Up @@ -119,4 +119,4 @@ You can query the KubeDNS if the real and virtual services are in the same Kuber
http://virtual-api.<namespace>.svc.cluster.local
```

Note that you cannot use KubeDNS if a corresponding Kubernetes service and pod do not exist.
Note that you cannot use KubeDNS if a corresponding Kubernetes service and pod do not exist.