Mesh Beta

v1.10.0+: This config entry is supported in Consul versions 1.10.0+.

The mesh config entry kind allows for globally defining default configuration that applies to all service mesh proxies. Settings in this config entry apply across all namespaces and federated datacenters.

Sample Config Entries

Mesh Destinations Only

Only allow transparent proxies to dial addresses in the mesh.

Mesh - 图1

Mesh - 图2

HCL

Mesh - 图3

  • HCL
  • Kubernetes YAML
  • JSON
  1. Kind = "mesh"
  2. TransparentProxy {
  3.   MeshDestinationsOnly = true
  4. }
  1. apiVersion: consul.hashicorp.com/v1alpha1
  2. kind: Mesh
  3. metadata:
  4.   name: mesh
  5. spec:
  6.   transparentProxy:
  7.     meshDestinationsOnly: true
  1. {
  2.   "Kind": "mesh",
  3.   "TransparentProxy": {
  4.     "MeshDestinationsOnly": true
  5.   }
  6. }

Available Fields

Mesh - 图4

Mesh - 图5

  • Kind - Must be set to mesh

  • Namespace (string: "default")

    Enterprise

    - Must be set to default. Config will apply to all namespaces.

  • Meta (map<string|string>: nil) - Specifies arbitrary KV metadata pairs. Added in Consul 1.8.4.

  • TransparentProxy (TransparentProxyConfig: <optional>) - Controls configuration specific to proxies in transparent mode. Added in v1.10.0.

    • MeshDestinationsOnly (bool: false) - Determines whether sidecar proxies operating in transparent mode can proxy traffic to IP addresses not registered in Consul’s mesh. If enabled, traffic will only be proxied to upstream proxies or Connect-native services. If disabled, requests will be proxied as-is to the original destination IP address. Consul will not encrypt the connection.

ACLs

Configuration entries may be protected by ACLs.

Reading a mesh config entry requires no specific privileges.

Creating, updating, or deleting a mesh config entry requires operator:write.