Skip to main content

Consul 配置

Tips#

单机配置

{  "data_dir": "/var/consul",  "server": true,  "bootstrap_expect": 1,  "disable_update_check": true,  "disable_remote_exec": true,  "enable_syslog": true}

acl#

  • https://learn.hashicorp.com/tutorials/consul/access-control-setup-production
  • Token 类型
    • master - 主令牌
      • 等同于 acl bootstrap 的令牌 - 建议设置 - 设置后不再需要 acl bootstrap
      • 用于主 dc 的 server 之间
      • 使用 UUID
    • default - 默认 - 如果没有具体的 token
      • 用于向服务端发起请求
      • 没有则等同于 anonymous
    • agent
      • 用于客户端或服务执行内部操作
      • 如果没有则使用 default
      • 至少需要权限能设置节点信息
    • agent_master
      • 访问 agent 终端,读写 agent 权限
      • 服务中断时可用于 operator
    • replication
      • 用于授权二级 dc 访问主 dc 进行复制操作

配置记录#

  • 如果存在对于的服务则会进行合并配置
  • 类型
    • ingress-gateway
    • proxy-defaults - 默认代理配置
    • service-defaults
      • Protocol
      • MeshGateway
        • Mode: none, local, remote
      • ExternalSNI
      • Expose
        • Checks = true
    • service-resolver - matches service instances with a specific Connect upstream discovery requests
    • service-router - defines where to send layer 7 traffic based on the HTTP route
    • service-splitter - defines how to divide requests for a single HTTP route based on percentages
    • terminating-gateway - 与 terminating gateway 关联的服务
cat <<HCL | consul config write -Kind      = "service-defaults"Name      = "web-test"Protocol  = "http"HCL
consul config list -kind service-defaultsconsul config read -kind service-defaults -name web-test
cat <<HCL | consul config write -Kind      = "service-defaults"Name      = "static-server"Protocol  = "http"HCLcat <<HCL | consul config write -Kind = "service-router"Name = "web-test"Routes = [  {    Match {      HTTP {        PathPrefix = "/to/static-server"      }    }
    Destination {      Service = "static-server"    }  },]HCL