API gateway configuration entry reference

This topic provides reference information for the API gateway configuration entry that you can deploy to networks in virtual machine (VM) environments. For reference information about configuring Consul API gateways on Kubernetes, refer to Gateway Resource Configuration.

Introduction

A gateway is a type of network infrastructure that determines how service traffic should be handled. Gateways contain one or more listeners that bind to a set of hosts and ports. An HTTP Route or TCP Route can then attach to a gateway listener to direct traffic from the gateway to a service.

Configuration model

The following list outlines field hierarchy, language-specific data types, and requirements in an api-gateway configuration entry. Click on a property name to view additional details, including default values.

Complete configuration

When every field is defined, an api-gateway configuration entry has the following form:

  1. Kind = "api-gateway"
  2. Name = "<name of api gateway>"
  3. Namespace = "<enterprise: namespace of the gateway>"
  4. Partition = "<enterprise: partition of the gateway>"
  6. Meta = {
  7.   <any key> = "<any value>"
  8. }
  10. Listeners = [
  11.   {
  12.     Port = <external service port>
  13.     Name = "<unique name for this listener>"
  14.     Protocol = "<protocol used by external service>"
  15.     TLS = {
  16.       MaxVersion = "<version of TLS>"
  17.       MinVersion = "<version of TLS>"
  18.       CipherSuites = [
  19.         "<cipher suite>"
  20.       ]
  21.       Certificates = [
  22.         {
  23.           Kind = "inline-certificate"
  24.           Name = "<name of inline-certificate>"
  25.           Namespace = "<enterprise: namespace of the certificate>"
  26.           Partition = "<enterprise: partition of the certificate>"
  27.         }
  28.       ]
  29.     }
  30.   }
  31. ]
  1. {
  2.   "Kind": "api-gateway",
  3.   "Name": "<name of api gateway>",
  4.   "Namespace": "<enterprise: namespace of the gateway>",
  5.   "Partition": "<enterprise: partition of the gateway>",
  6.   "Meta": {
  7.     "<any key>": "<any value>"
  8.   },
  9.   "Listeners": [
  10.     {
  11.       "Name": "<unique name for this listener>",
  12.       "Port": <external service port>,
  13.       "Protocol": "<protocol used by external service>",
  14.       "TLS": {
  15.         "MaxVersion": "<version of TLS>",
  16.         "MinVersion": "<version of TLS>",
  17.         "CipherSuites": [
  18.           "<cipher suite>"
  19.         ],
  20.         "Certificates": [
  21.           {
  22.             "Kind": "inline-certificate",
  23.             "Name": "<name of inline-certificate>",
  24.             "Namespace": "<enterprise: namespace of the certificate>",
  25.             "Partition": "<enterprise: partition of the certificate>"
  26.           }
  27.         ]
  28.       }
  29.     }
  30.   ]
  31. }

Specification

This section provides details about the fields you can configure in the api-gateway configuration entry.

Kind

Specifies the type of configuration entry to implement. This must be api-gateway.

Values

  • Default: none
  • This field is required.
  • Data type: string value that must be set to "api-gateway".

Name

Specifies a name for the configuration entry. The name is metadata that you can use to reference the configuration entry when performing Consul operations, such as applying a configuration entry to a specific cluster.

Values

  • Default: none
  • This field is required.
  • Data type: string

Namespace EnterpriseAPI Gateway - 图5Enterprise

Specifies the Enterprise namespace to apply to the configuration entry.

Values

  • Default: "default" in Enterprise
  • Data type: string

Partition EnterpriseAPI Gateway - 图6Enterprise

Specifies the Enterprise admin partition to apply to the configuration entry.

Values

  • Default: "default" in Enterprise
  • Data type: string

Meta

Specifies an arbitrary set of key-value pairs to associate with the gateway.

Values

  • Default: none
  • Data type: map containing one or more keys and string values.

Listeners[]

Specifies a list of listeners that gateway should set up. Listeners are uniquely identified by their port number.

Values

  • Default: none
  • This field is required.
  • Data type: List of maps. Each member of the list contains the following fields:

Listeners[].Name

Specifies the unique name for the listener. This field accepts letters, numbers, and hyphens.

Values

  • Default: none
  • This field is required.
  • Data type: string

Listeners[].Port

Specifies the port number that the listener receives traffic on.

Values

  • Default: 0
  • This field is required.
  • Data type: integer

Listeners[].Hostname

Specifies the hostname that the listener receives traffic on.

Values

  • Default: "*"
  • This field is optional.
  • Data type: string

Listeners[].Protocol

Specifies the protocol associated with the listener.

Values

  • Default: none
  • This field is required.
  • The data type is one of the following string values: "tcp" or "http".

Listeners[].TLS

Specifies the TLS configurations for the listener.

Values

Listeners[].TLS.MaxVersion

Specifies the maximum TLS version supported for the listener.

Values

  • Default depends on the version of Envoy:
    • Envoy 1.22.0 and later default to TLSv1_2
    • Older versions of Envoy default to TLSv1_0
  • Data type is one of the following string values:

Listeners[].TLS.MinVersion

Specifies the minimum TLS version supported for the listener.

Values

Listeners[].TLS.CipherSuites[]

Specifies a list of cipher suites that the listener supports when negotiating connections using TLS 1.2 or older.

Values

  • Defaults to the ciphers supported by the version of Envoy in use. Refer to the Envoy documentation for details.
  • Data type: List of string values. Refer to the Consul repository for a list of supported ciphers.

Listeners[].TLS.Certificates[]

The list of references to inline certificates that the listener uses for TLS termination.

Values

  • Default: None
  • Data type: List of maps. Each member of the list has the following fields:

Listeners[].TLS.Certificates[].Kind

The list of references to inline-certificates that the listener uses for TLS termination.

Values

  • Default: None
  • This field is required and must be set to "inline-certificate".
  • Data type: string

Listeners[].TLS.Certificates[].Name

The list of references to inline certificates that the listener uses for TLS termination.

Values

  • Default: None
  • This field is required.
  • Data type: string

Listeners[].TLS.Certificates[].Namespace EnterpriseAPI Gateway - 图9Enterprise

Specifies the Enterprise namespace where the certificate can be found.

Values

  • Default: "default" in Enterprise
  • Data type: string

Listeners[].TLS.Certificates[].Partition EnterpriseAPI Gateway - 图10Enterprise

Specifies the Enterprise admin partition where the certificate can be found.

Values

  • Default: "default" in Enterprise
  • Data type: string