Consul 配置

Consul 配置

Tips

单机配置

{
"data_dir": "/var/consul",
"server": true,
"bootstrap_expect": 1,
"disable_update_check": true,
"disable_remote_exec": true,
"enable_syslog": true
}

acl

  • https://learn.hashicorp.com/tutorials/consul/access-control-setup-production
  • Token 类型
    • master - 主令牌
      • 等同于 acl bootstrap 的令牌 - 建议设置 - 设置后不再需要 acl bootstrap
      • 用于主 dc 的 server 之间
      • 使用 UUID
    • default - 默认 - 如果没有具体的 token
      • 用于向服务端发起请求
      • 没有则等同于 anonymous
    • agent
      • 用于客户端或服务执行内部操作
      • 如果没有则使用 default
      • 至少需要权限能设置节点信息
    • agent_master
      • 访问 agent 终端,读写 agent 权限
      • 服务中断时可用于 operator
    • replication
      • 用于授权二级 dc 访问主 dc 进行复制操作

配置记录

  • 如果存在对于的服务则会进行合并配置
  • 类型
    • ingress-gateway
    • proxy-defaults - 默认代理配置
    • service-defaults
      • Protocol
      • MeshGateway
        • Mode: none, local, remote
      • ExternalSNI
      • Expose
        • Checks = true
    • service-resolver - matches service instances with a specific Connect upstream discovery requests
    • service-router - defines where to send layer 7 traffic based on the HTTP route
    • service-splitter - defines how to divide requests for a single HTTP route based on percentages
    • terminating-gateway - 与 terminating gateway 关联的服务
cat <<HCL | consul config write -
Kind = "service-defaults"
Name = "web-test"
Protocol = "http"
HCL
consul config list -kind service-defaults
consul config read -kind service-defaults -name web-test
cat <<HCL | consul config write -
Kind = "service-defaults"
Name = "static-server"
Protocol = "http"
HCL
cat <<HCL | consul config write -
Kind = "service-router"
Name = "web-test"
Routes = [
{
Match {
HTTP {
PathPrefix = "/to/static-server"
}
}
Destination {
Service = "static-server"
}
},
]
HCL