Consul
GatewayClassConfig Resource Configuration
This topic provides full details about the GatewayClassConfig
resource.
Introduction
The GatewayClassConfig
object contains Consul API Gateway-related configuration parameters. Apply the parameters by adding the GatewayClass
object to your Kubernetes values file and specifying the name of the GatewayClassConfig
.
Configuration model
The following outline shows how to format the configurations in the GatewayClassConfig
object. Click on a property name to view details about the configuration.
consul
: object | optionalcopyAnnotations
: object | optionalservice
: array of strings | optional
deployment
: object | optionaldefaultInstances
: integer | optionalmaxInstances
: integer | optionalminInstances
: integer | optional
image
: object | optionalconsulAPIGateway
: string | optionalenvoy
: string | optional
logLevel
: string | optionalmapPrivilegedContainerPorts
: integer | optionalnodeSelector
: string | optionalopenshiftSCCName
: string | optionalserviceType
: string | optionaluseHostPorts
: boolean | optional
Specification
This topic provides details about the configuration parameters.
consul
Specifies configurations that enable an instance of Consul API Gateway to interact with Consul.
- Type: object
- Required: optional
consul.address
Specifies the address of the Consul server that the Gateway
communicates with in the gateway pod. If unspecified, the pod attempts to use a local agent on the host where the pod is running.
- Type: string
- Required: optional
- Default: local agent
consul.authentication.account
Specifies the Kubernetes service account to use for authentication.
- Type: string
- Required: optional
consul.authentication.managed
Set to true
to enable deployments to run with managed service accounts created by the gateway controller. The consul.authentication.account
field is ignored when this option is enabled.
- Type: boolean
- Required: optional
- Default:
false
consul.authentication.method
Specifies the Consul auth method used for initial authentication by Consul API Gateway.
- Type: string
- Required: optional
consul.authentication.namespace
Specifies the Consul namespace to use for authentication.
- Type: string
- Required: optional
consul.ports.grpc
Specifies the gRPC port for Consul's xDS server.
- Type: integer
- Required: optional
- Default:
8502
consul.ports.http
Specifies the Consul HTTP port to use for authentication.
- Type: integer
- Required: optional
- Default:
8500
consul.scheme
Specifies the scheme to use for connecting to Consul.
- Type: string
- Required: optional
- Default:
http
You can specify the following strings:
copyAnnotations.service
Specifies an array of Kubernetes annotations to copy to the gateway service.
- Type: Array of strings
- Required: optional
deployment.defaultInstances
Specifies the number of gateway instances to deploy per gateway configuration.
- Type: Integer
- Required: optional
- Default:
1
deployment.maxInstances
Specifies the maximum allowed number of gateway instances per gateway configuration.
- Type: Integer
- Required: optional
- Default:
8
deployment.minInstances
Specifies the minimum allowed number of gateway instances per gateway configuration.
- Type: Integer
- Required: optional
- Default:
1
image.consulAPIGateway
Specifies the Docker image to use for the consul-api-gateway
container. View available image tags on DockerHub.
The default value is suitable for most deployments, but you may require a specific version of the Consul API Gateway depending on your environment.
- Type: string
- Required: optional
- Default:
"hashicorp/consul-api-gateway:RELEASE_VERSION"
image.envoy
Specifies the Docker image to use for the Envoy proxy container. View available image tags on DockerHub.
The default value is suitable for most deployments, but you may require a specific version of Envoy depending on your environment.
- Type: string
- Required: optional
- Default:
"envoyproxy/envoy:RELEASE_VERSION"
logLevel
Specifies the error reporting level for logs.
- Type: string
- Required: optional
- Default:
info
You can specify the following strings:
mapPrivilegedContainerPorts
Specifies a value that Consul adds to privileged ports defined in the gateway. Privileged ports are port numbers less than 1024 and some platforms, such as Red Hat OpenShift, explicitly configure Kubernetes to avoid running containers on privileged ports. The total value of the configured port number and the mapPrivilegedContainerPorts
value must not exceed 65535, which is the highest possible TCP port number allowed.
for gateway containers
- Type: Integer
- Required: optional
You can specify an integer between 0
and 64512
nodeSelector
Pods normally run on multiple nodes. You can specify a set of parameters in the nodeSelector
that constrain the nodes on which the pod can run, enabling the pod to fit on a node. The selector must match a node's labels for the pod to be scheduled on that node. Refer to the Kubernetes documentation for additional information.
- Type: string
- Required: optional
openshiftSCCName
Specifies the OpenShift security context constraint (SCC) for the GatewayClassConfig
to use. Refer to the OpenShift SCC documentation for additional information about the available default SCCs.
- Type: string
- Required: optional
- Default:
restricted-v2
serviceType
Specifies the ingress methods for the gateway's Kubernetes service.
- Type: string
- Required: optional
You can specify the following strings:
ClusterIP
: The gateway is only accessible from inside the cluster.NodePort
: The gateway is exposed on each Kubernetes node at a static port.LoadBalancer
: The gateway is exposed to external traffic by a load balancer.
For more on Kubernetes services, see Publishing Services.
useHostPorts
If set to true
, then the Envoy container ports are mapped to host ports.
- Type: boolean
- Required: optional
- Default:
false
Example Configuration
The following example creates a gateway class configuration called example-gateway-class-config
. Traffic that passes through gateways created from the class configuration authenticates with Consul over HTTPS on port 8501
. Consul client agents communicate with server agents on port 8502
:
gateway.yaml
apiVersion: api-gateway.consul.hashicorp.com/v1alpha1
kind: GatewayClassConfig
metadata:
name: example-gateway-class-config
spec:
useHostPorts: true
logLevel: 'trace'
consul:
scheme: 'https'
ports:
http: 8501
grpc: 8502
Refer to the Consul API Gateway repository for the complete specification.