Documentation
¶
Index ¶
- Variables
- func AddFlags(fs *flag.FlagSet, f *LoadOpts)
- func ApplyDefaultQueryOptions(config *RuntimeConfig) func(options *structs.QueryOptions)
- func UIPathBuilder(UIContentString string) string
- type ACL
- type Addresses
- type AdvertiseAddrsConfig
- type Audit
- type AuditSink
- type AutoConfig
- type AutoConfigAuthorizationRaw
- type AutoConfigAuthorizer
- type AutoConfigAuthorizerRaw
- type AutoConfigRaw
- type AutoEncrypt
- type Autopilot
- type Cache
- type CheckDefinition
- type CloudConfigRaw
- type Config
- type ConfigEntries
- type Connect
- type Consul
- type DNS
- type DeprecatedConfig
- type DeprecatedTokens
- type EnterpriseMeta
- type EnterpriseRuntimeConfig
- type ExposeConfig
- type ExposePath
- type FileSource
- type FileWatcherEvent
- type FlagValuesTarget
- type GossipLANConfig
- type GossipWANConfig
- type HTTPConfig
- type License
- type LicenseConfig
- type Limits
- type LiteralSource
- type LoadOpts
- type LoadResult
- type Locality
- type MeshGatewayConfig
- type Metadata
- type Peering
- type Performance
- type Ports
- type RPC
- type RaftBoltDBConfigRaw
- type RaftLogStoreRaw
- type RaftLogStoreVerificationRaw
- type RaftWALConfigRaw
- type RawUIConfig
- type RawUIMetricsProxy
- type RawUIMetricsProxyAddHeader
- type Reporting
- type ReportingConfig
- type RequestLimits
- type RuntimeConfig
- func (c *RuntimeConfig) APIConfig(includeClientCerts bool) (*api.Config, error)
- func (c *RuntimeConfig) ClientAddress() (unixAddr, httpAddr, httpsAddr string)
- func (c *RuntimeConfig) ConnectCAConfiguration() (*structs.CAConfiguration, error)
- func (c *RuntimeConfig) IsCloudEnabled() bool
- func (c *RuntimeConfig) PartitionOrDefault() string
- func (c *RuntimeConfig) PartitionOrEmpty() string
- func (c *RuntimeConfig) Sanitized() map[string]interface{}
- func (c *RuntimeConfig) StructLocality() *structs.Locality
- func (c *RuntimeConfig) VersionWithMetadata() string
- type RuntimeSOAConfig
- type SOA
- type Segment
- type ServiceAddress
- type ServiceConnect
- type ServiceDefinition
- type ServiceProviderToken
- type ServiceProxy
- type ServiceWeights
- type Source
- type StaticRuntimeConfig
- type TLS
- type TLSProtocolConfig
- type Telemetry
- type Tokens
- type TransparentProxyConfig
- type UIConfig
- type UIMetricsProxy
- type UIMetricsProxyAddHeader
- type UnixSocket
- type Upstream
- type Watcher
- type XDS
Constants ¶
This section is empty.
Variables ¶
View Source
var ErrNoData = fmt.Errorf("config source contained no data")
ErrNoData indicates to Builder.Build that the source contained no data, and it can be skipped.
Functions ¶
func AddFlags ¶
AddFlags adds the command line flags to the FlagSet, and sets the appropriate field in LoadOpts.FlagValues as the value receiver.
func ApplyDefaultQueryOptions ¶ added in v1.16.100
func ApplyDefaultQueryOptions(config *RuntimeConfig) func(options *structs.QueryOptions)
ApplyDefaultQueryOptions returns a function which will set default values on the options based on the configuration. The RuntimeConfig must not be nil.
func UIPathBuilder ¶ added in v1.16.100
UIPathBuilder checks to see if there was a path set If so, adds beginning and trailing slashes to UI path
Types ¶
type ACL ¶ added in v1.4.0
type ACL struct {
Enabled *bool `mapstructure:"enabled"`
TokenReplication *bool `mapstructure:"enable_token_replication"`
PolicyTTL *string `mapstructure:"policy_ttl"`
RoleTTL *string `mapstructure:"role_ttl"`
TokenTTL *string `mapstructure:"token_ttl"`
DownPolicy *string `mapstructure:"down_policy"`
DefaultPolicy *string `mapstructure:"default_policy"`
EnableKeyListPolicy *bool `mapstructure:"enable_key_list_policy"`
Tokens Tokens `mapstructure:"tokens"`
EnableTokenPersistence *bool `mapstructure:"enable_token_persistence"`
// Enterprise Only
MSPDisableBootstrap *bool `mapstructure:"msp_disable_bootstrap"`
}
type AdvertiseAddrsConfig ¶
type Audit ¶ added in v1.16.100
type Audit struct {
Enabled *bool `mapstructure:"enabled"`
Sinks map[string]AuditSink `mapstructure:"sink"`
RPCEnabled *bool `mapstructure:"rpc_enabled"`
}
Audit allows us to enable and define destinations for auditing
type AuditSink ¶ added in v1.16.100
type AuditSink struct {
Type *string `mapstructure:"type"`
Format *string `mapstructure:"format"`
Path *string `mapstructure:"path"`
DeliveryGuarantee *string `mapstructure:"delivery_guarantee"`
Mode *string `mapstructure:"mode"`
RotateBytes *int `mapstructure:"rotate_bytes"`
RotateDuration *string `mapstructure:"rotate_duration"`
RotateMaxFiles *int `mapstructure:"rotate_max_files"`
}
AuditSink can be provided multiple times to define pipelines for auditing
type AutoConfig ¶ added in v1.16.100
type AutoConfigAuthorizationRaw ¶ added in v1.16.100
type AutoConfigAuthorizationRaw struct {
Enabled *bool `mapstructure:"enabled"`
Static AutoConfigAuthorizerRaw `mapstructure:"static"`
}
type AutoConfigAuthorizer ¶ added in v1.16.100
type AutoConfigAuthorizer struct {
Enabled bool
AuthMethod structs.ACLAuthMethod
// AuthMethodConfig ssoauth.Config
ClaimAssertions []string
AllowReuse bool
}
type AutoConfigAuthorizerRaw ¶ added in v1.16.100
type AutoConfigAuthorizerRaw struct {
ClaimAssertions []string `mapstructure:"claim_assertions"`
AllowReuse *bool `mapstructure:"allow_reuse"`
// Fields to be shared with the JWT Auth Method
JWTSupportedAlgs []string `mapstructure:"jwt_supported_algs"`
BoundAudiences []string `mapstructure:"bound_audiences"`
ClaimMappings map[string]string `mapstructure:"claim_mappings"`
ListClaimMappings map[string]string `mapstructure:"list_claim_mappings"`
OIDCDiscoveryURL *string `mapstructure:"oidc_discovery_url"`
OIDCDiscoveryCACert *string `mapstructure:"oidc_discovery_ca_cert"`
JWKSURL *string `mapstructure:"jwks_url"`
JWKSCACert *string `mapstructure:"jwks_ca_cert"`
JWTValidationPubKeys []string `mapstructure:"jwt_validation_pub_keys"`
BoundIssuer *string `mapstructure:"bound_issuer"`
ExpirationLeeway *string `mapstructure:"expiration_leeway"`
NotBeforeLeeway *string `mapstructure:"not_before_leeway"`
ClockSkewLeeway *string `mapstructure:"clock_skew_leeway"`
}
type AutoConfigRaw ¶ added in v1.16.100
type AutoConfigRaw struct {
Enabled *bool `mapstructure:"enabled"`
IntroToken *string `mapstructure:"intro_token"`
IntroTokenFile *string `mapstructure:"intro_token_file"`
ServerAddresses []string `mapstructure:"server_addresses"`
DNSSANs []string `mapstructure:"dns_sans"`
IPSANs []string `mapstructure:"ip_sans"`
Authorization AutoConfigAuthorizationRaw `mapstructure:"authorization"`
}
type AutoEncrypt ¶ added in v1.16.100
type AutoEncrypt struct {
// TLS enables receiving certificates for clients from servers
TLS *bool `mapstructure:"tls" json:"tls,omitempty"`
// Additional DNS SAN entries that clients request for their certificates.
DNSSAN []string `mapstructure:"dns_san" json:"dns_san,omitempty"`
// Additional IP SAN entries that clients request for their certificates.
IPSAN []string `mapstructure:"ip_san" json:"ip_san,omitempty"`
// AllowTLS enables the RPC endpoint on the server to answer
// AutoEncrypt.Sign requests.
AllowTLS *bool `mapstructure:"allow_tls" json:"allow_tls,omitempty"`
}
AutoEncrypt is the agent-global auto_encrypt configuration.
type Autopilot ¶
type Autopilot struct {
CleanupDeadServers *bool `mapstructure:"cleanup_dead_servers"`
LastContactThreshold *string `mapstructure:"last_contact_threshold"`
MaxTrailingLogs *int `mapstructure:"max_trailing_logs"`
MinQuorum *uint `mapstructure:"min_quorum"`
ServerStabilizationTime *string `mapstructure:"server_stabilization_time"`
// Enterprise Only
DisableUpgradeMigration *bool `mapstructure:"disable_upgrade_migration"`
// Enterprise Only
RedundancyZoneTag *string `mapstructure:"redundancy_zone_tag"`
// Enterprise Only
UpgradeVersionTag *string `mapstructure:"upgrade_version_tag"`
}
type Cache ¶ added in v1.16.100
type Cache struct {
// EntryFetchMaxBurst max burst size of RateLimit for a single cache entry
EntryFetchMaxBurst *int `mapstructure:"entry_fetch_max_burst"`
// EntryFetchRate represents the max calls/sec for a single cache entry
EntryFetchRate *float64 `mapstructure:"entry_fetch_rate"`
}
Cache configuration for the agent/cache.
type CheckDefinition ¶
type CheckDefinition struct {
ID *string `mapstructure:"id"`
Name *string `mapstructure:"name"`
Notes *string `mapstructure:"notes"`
ServiceID *string `mapstructure:"service_id" alias:"serviceid"`
Token *string `mapstructure:"token"`
Status *string `mapstructure:"status"`
ScriptArgs []string `mapstructure:"args" alias:"scriptargs"`
HTTP *string `mapstructure:"http"`
Header map[string][]string `mapstructure:"header"`
Method *string `mapstructure:"method"`
Body *string `mapstructure:"body"`
DisableRedirects *bool `mapstructure:"disable_redirects"`
OutputMaxSize *int `mapstructure:"output_max_size"`
TCP *string `mapstructure:"tcp"`
UDP *string `mapstructure:"udp"`
Interval *string `mapstructure:"interval"`
DockerContainerID *string `mapstructure:"docker_container_id" alias:"dockercontainerid"`
Shell *string `mapstructure:"shell"`
GRPC *string `mapstructure:"grpc"`
GRPCUseTLS *bool `mapstructure:"grpc_use_tls"`
TLSServerName *string `mapstructure:"tls_server_name"`
TLSSkipVerify *bool `mapstructure:"tls_skip_verify" alias:"tlsskipverify"`
AliasNode *string `mapstructure:"alias_node"`
AliasService *string `mapstructure:"alias_service"`
Timeout *string `mapstructure:"timeout"`
TTL *string `mapstructure:"ttl"`
H2PING *string `mapstructure:"h2ping"`
H2PingUseTLS *bool `mapstructure:"h2ping_use_tls"`
OSService *string `mapstructure:"os_service"`
SuccessBeforePassing *int `mapstructure:"success_before_passing"`
FailuresBeforeWarning *int `mapstructure:"failures_before_warning"`
FailuresBeforeCritical *int `mapstructure:"failures_before_critical"`
DeregisterCriticalServiceAfter *string `mapstructure:"deregister_critical_service_after" alias:"deregistercriticalserviceafter"`
EnterpriseMeta `mapstructure:",squash"`
}
type CloudConfigRaw ¶ added in v1.16.100
type CloudConfigRaw struct {
ResourceID *string `mapstructure:"resource_id"`
ClientID *string `mapstructure:"client_id"`
ClientSecret *string `mapstructure:"client_secret"`
Hostname *string `mapstructure:"hostname"`
AuthURL *string `mapstructure:"auth_url"`
ScadaAddress *string `mapstructure:"scada_address"`
}
type Config ¶
type Config struct {
ACL ACL `mapstructure:"acl" json:"-"`
Addresses Addresses `mapstructure:"addresses" json:"-"`
AdvertiseAddrLAN *string `mapstructure:"advertise_addr" json:"advertise_addr,omitempty"`
AdvertiseAddrLANIPv4 *string `mapstructure:"advertise_addr_ipv4" json:"advertise_addr_ipv4,omitempty"`
AdvertiseAddrLANIPv6 *string `mapstructure:"advertise_addr_ipv6" json:"advertise_addr_ipv6,omitempty"`
AdvertiseAddrWAN *string `mapstructure:"advertise_addr_wan" json:"advertise_addr_wan,omitempty"`
AdvertiseAddrWANIPv4 *string `mapstructure:"advertise_addr_wan_ipv4" json:"advertise_addr_wan_ipv4,omitempty"`
AdvertiseAddrWANIPv6 *string `mapstructure:"advertise_addr_wan_ipv6" json:"advertise_addr_wan_ipv6,omitempty"`
AdvertiseReconnectTimeout *string `mapstructure:"advertise_reconnect_timeout" json:"-"`
AutoConfig AutoConfigRaw `mapstructure:"auto_config" json:"-"`
Autopilot Autopilot `mapstructure:"autopilot" json:"-"`
BindAddr *string `mapstructure:"bind_addr" json:"bind_addr,omitempty"`
Bootstrap *bool `mapstructure:"bootstrap" json:"bootstrap,omitempty"`
BootstrapExpect *int `mapstructure:"bootstrap_expect" json:"bootstrap_expect,omitempty"`
Cache Cache `mapstructure:"cache" json:"-"`
Check *CheckDefinition `mapstructure:"check" json:"-"` // needs to be a pointer to avoid partial merges
CheckOutputMaxSize *int `mapstructure:"check_output_max_size" json:"check_output_max_size,omitempty"`
CheckUpdateInterval *string `mapstructure:"check_update_interval" json:"check_update_interval,omitempty"`
Checks []CheckDefinition `mapstructure:"checks" json:"-"`
ClientAddr *string `mapstructure:"client_addr" json:"client_addr,omitempty"`
Cloud *CloudConfigRaw `mapstructure:"cloud" json:"-"`
ConfigEntries ConfigEntries `mapstructure:"config_entries" json:"-"`
AutoEncrypt AutoEncrypt `mapstructure:"auto_encrypt" json:"auto_encrypt,omitempty"`
Connect Connect `mapstructure:"connect" json:"connect,omitempty"`
DNS DNS `mapstructure:"dns_config" json:"-"`
DNSDomain *string `mapstructure:"domain" json:"domain,omitempty"`
DNSAltDomain *string `mapstructure:"alt_domain" json:"alt_domain,omitempty"`
DNSRecursors []string `mapstructure:"recursors" json:"recursors,omitempty"`
DataDir *string `mapstructure:"data_dir" json:"data_dir,omitempty"`
Datacenter *string `mapstructure:"datacenter" json:"datacenter,omitempty"`
DefaultQueryTime *string `mapstructure:"default_query_time" json:"default_query_time,omitempty"`
DisableAnonymousSignature *bool `mapstructure:"disable_anonymous_signature" json:"disable_anonymous_signature,omitempty"`
DisableCoordinates *bool `mapstructure:"disable_coordinates" json:"disable_coordinates,omitempty"`
DisableHostNodeID *bool `mapstructure:"disable_host_node_id" json:"disable_host_node_id,omitempty"`
DisableHTTPUnprintableCharFilter *bool `mapstructure:"disable_http_unprintable_char_filter" json:"disable_http_unprintable_char_filter,omitempty"`
DisableKeyringFile *bool `mapstructure:"disable_keyring_file" json:"disable_keyring_file,omitempty"`
DisableRemoteExec *bool `mapstructure:"disable_remote_exec" json:"disable_remote_exec,omitempty"`
DisableUpdateCheck *bool `mapstructure:"disable_update_check" json:"disable_update_check,omitempty"`
DiscardCheckOutput *bool `mapstructure:"discard_check_output" json:"discard_check_output,omitempty"`
DiscoveryMaxStale *string `mapstructure:"discovery_max_stale" json:"discovery_max_stale,omitempty"`
EnableAgentTLSForChecks *bool `mapstructure:"enable_agent_tls_for_checks" json:"enable_agent_tls_for_checks,omitempty"`
EnableCentralServiceConfig *bool `mapstructure:"enable_central_service_config" json:"enable_central_service_config,omitempty"`
EnableDebug *bool `mapstructure:"enable_debug" json:"enable_debug,omitempty"`
EnableScriptChecks *bool `mapstructure:"enable_script_checks" json:"enable_script_checks,omitempty"`
EnableLocalScriptChecks *bool `mapstructure:"enable_local_script_checks" json:"enable_local_script_checks,omitempty"`
EnableSyslog *bool `mapstructure:"enable_syslog" json:"enable_syslog,omitempty"`
EncryptKey *string `mapstructure:"encrypt" json:"encrypt,omitempty"`
EncryptVerifyIncoming *bool `mapstructure:"encrypt_verify_incoming" json:"encrypt_verify_incoming,omitempty"`
EncryptVerifyOutgoing *bool `mapstructure:"encrypt_verify_outgoing" json:"encrypt_verify_outgoing,omitempty"`
Experiments []string `mapstructure:"experiments" json:"experiments,omitempty"`
GossipLAN GossipLANConfig `mapstructure:"gossip_lan" json:"-"`
GossipWAN GossipWANConfig `mapstructure:"gossip_wan" json:"-"`
HTTPConfig HTTPConfig `mapstructure:"http_config" json:"-"`
LeaveOnTerm *bool `mapstructure:"leave_on_terminate" json:"leave_on_terminate,omitempty"`
LicensePath *string `mapstructure:"license_path" json:"license_path,omitempty"`
Limits Limits `mapstructure:"limits" json:"-"`
Locality *Locality `mapstructure:"locality" json:"-"`
LogLevel *string `mapstructure:"log_level" json:"log_level,omitempty"`
LogJSON *bool `mapstructure:"log_json" json:"log_json,omitempty"`
LogFile *string `mapstructure:"log_file" json:"log_file,omitempty"`
LogRotateDuration *string `mapstructure:"log_rotate_duration" json:"log_rotate_duration,omitempty"`
LogRotateBytes *int `mapstructure:"log_rotate_bytes" json:"log_rotate_bytes,omitempty"`
LogRotateMaxFiles *int `mapstructure:"log_rotate_max_files" json:"log_rotate_max_files,omitempty"`
MaxQueryTime *string `mapstructure:"max_query_time" json:"max_query_time,omitempty"`
NodeID *string `mapstructure:"node_id" json:"node_id,omitempty"`
NodeMeta map[string]string `mapstructure:"node_meta" json:"node_meta,omitempty"`
NodeName *string `mapstructure:"node_name" json:"node_name,omitempty"`
Peering Peering `mapstructure:"peering" json:"-"`
Performance Performance `mapstructure:"performance" json:"-"`
PidFile *string `mapstructure:"pid_file" json:"pid_file,omitempty"`
Ports Ports `mapstructure:"ports" json:"ports,omitempty"`
PrimaryDatacenter *string `mapstructure:"primary_datacenter" json:"primary_datacenter,omitempty"`
PrimaryGateways []string `mapstructure:"primary_gateways" json:"primary_gateways,omitempty"`
PrimaryGatewaysInterval *string `mapstructure:"primary_gateways_interval" json:"primary_gateways_interval,omitempty"`
RPCProtocol *int `mapstructure:"protocol" json:"protocol,omitempty"`
RaftProtocol *int `mapstructure:"raft_protocol" json:"raft_protocol,omitempty"`
RaftSnapshotThreshold *int `mapstructure:"raft_snapshot_threshold" json:"raft_snapshot_threshold,omitempty"`
RaftSnapshotInterval *string `mapstructure:"raft_snapshot_interval" json:"raft_snapshot_interval,omitempty"`
RaftTrailingLogs *int `mapstructure:"raft_trailing_logs" json:"raft_trailing_logs,omitempty"`
ReconnectTimeoutLAN *string `mapstructure:"reconnect_timeout" json:"reconnect_timeout,omitempty"`
ReconnectTimeoutWAN *string `mapstructure:"reconnect_timeout_wan" json:"reconnect_timeout_wan,omitempty"`
RejoinAfterLeave *bool `mapstructure:"rejoin_after_leave" json:"rejoin_after_leave,omitempty"`
AutoReloadConfig *bool `mapstructure:"auto_reload_config" json:"auto_reload_config,omitempty"`
RetryJoinIntervalLAN *string `mapstructure:"retry_interval" json:"retry_interval,omitempty"`
RetryJoinIntervalWAN *string `mapstructure:"retry_interval_wan" json:"retry_interval_wan,omitempty"`
RetryJoinLAN []string `mapstructure:"retry_join" json:"retry_join,omitempty"`
RetryJoinMaxAttemptsLAN *int `mapstructure:"retry_max" json:"retry_max,omitempty"`
RetryJoinMaxAttemptsWAN *int `mapstructure:"retry_max_wan" json:"retry_max_wan,omitempty"`
RetryJoinWAN []string `mapstructure:"retry_join_wan" json:"retry_join_wan,omitempty"`
SerfAllowedCIDRsLAN []string `mapstructure:"serf_lan_allowed_cidrs" json:"serf_lan_allowed_cidrs,omitempty"`
SerfAllowedCIDRsWAN []string `mapstructure:"serf_wan_allowed_cidrs" json:"serf_wan_allowed_cidrs,omitempty"`
SerfBindAddrLAN *string `mapstructure:"serf_lan" json:"serf_lan,omitempty"`
SerfBindAddrWAN *string `mapstructure:"serf_wan" json:"serf_wan,omitempty"`
ServerMode *bool `mapstructure:"server" json:"server,omitempty"`
ServerName *string `mapstructure:"server_name" json:"server_name,omitempty"`
ServerRejoinAgeMax *string `mapstructure:"server_rejoin_age_max" json:"server_rejoin_age_max,omitempty"`
Service *ServiceDefinition `mapstructure:"service" json:"-"`
Services []ServiceDefinition `mapstructure:"services" json:"-"`
SessionTTLMin *string `mapstructure:"session_ttl_min" json:"session_ttl_min,omitempty"`
SkipLeaveOnInt *bool `mapstructure:"skip_leave_on_interrupt" json:"skip_leave_on_interrupt,omitempty"`
SyslogFacility *string `mapstructure:"syslog_facility" json:"syslog_facility,omitempty"`
TLS TLS `mapstructure:"tls" json:"tls,omitempty"`
TaggedAddresses map[string]string `mapstructure:"tagged_addresses" json:"tagged_addresses,omitempty"`
Telemetry Telemetry `mapstructure:"telemetry" json:"telemetry,omitempty"`
TranslateWANAddrs *bool `mapstructure:"translate_wan_addrs" json:"translate_wan_addrs,omitempty"`
XDS XDS `mapstructure:"xds" json:"-"`
// DEPRECATED (ui-config) - moved to the ui_config stanza
UI *bool `mapstructure:"ui" json:"-"`
// DEPRECATED (ui-config) - moved to the ui_config stanza
UIContentPath *string `mapstructure:"ui_content_path" json:"-"`
// DEPRECATED (ui-config) - moved to the ui_config stanza
UIDir *string `mapstructure:"ui_dir" json:"-"`
UIConfig RawUIConfig `mapstructure:"ui_config" json:"-"`
UnixSocket UnixSocket `mapstructure:"unix_sockets" json:"-"`
Watches []map[string]interface{} `mapstructure:"watches" json:"-"`
RPC RPC `mapstructure:"rpc" json:"-"`
RaftLogStore RaftLogStoreRaw `mapstructure:"raft_logstore" json:"raft_logstore,omitempty"`
// UseStreamingBackend instead of blocking queries for service health and
// any other endpoints which support streaming.
UseStreamingBackend *bool `mapstructure:"use_streaming_backend" json:"-"`
// This isn't used by Consul but we've documented a feature where users
// can deploy their snapshot agent configs alongside their Consul configs
// so we have a placeholder here so it can be parsed but this doesn't
// manifest itself in any way inside the runtime config.
SnapshotAgent map[string]interface{} `mapstructure:"snapshot_agent" json:"-"`
// non-user configurable values
AEInterval *string `mapstructure:"ae_interval" json:"-"`
CheckDeregisterIntervalMin *string `mapstructure:"check_deregister_interval_min" json:"-"`
CheckReapInterval *string `mapstructure:"check_reap_interval" json:"-"`
Consul Consul `mapstructure:"consul" json:"-"`
Revision *string `mapstructure:"revision" json:"-"`
SegmentLimit *int `mapstructure:"segment_limit" json:"-"`
SegmentNameLimit *int `mapstructure:"segment_name_limit" json:"-"`
SyncCoordinateIntervalMin *string `mapstructure:"sync_coordinate_interval_min" json:"-"`
SyncCoordinateRateTarget *float64 `mapstructure:"sync_coordinate_rate_target" json:"-"`
Version *string `mapstructure:"version" json:"-"`
VersionPrerelease *string `mapstructure:"version_prerelease" json:"-"`
VersionMetadata *string `mapstructure:"version_metadata" json:"-"`
BuildDate *time.Time `mapstructure:"build_date" json:"-"`
// Enterprise Only
Audit Audit `mapstructure:"audit" json:"-"`
// Enterprise Only
ReadReplica *bool `mapstructure:"read_replica" alias:"non_voting_server" json:"-"`
// Enterprise Only
SegmentName *string `mapstructure:"segment" json:"-"`
// Enterprise Only
Segments []Segment `mapstructure:"segments" json:"-"`
// Enterprise Only
Partition *string `mapstructure:"partition" json:"-"`
// Enterprise Only - not user configurable
LicensePollBaseTime *string `mapstructure:"license_poll_base_time" json:"-"`
LicensePollMaxTime *string `mapstructure:"license_poll_max_time" json:"-"`
LicenseUpdateBaseTime *string `mapstructure:"license_update_base_time" json:"-"`
LicenseUpdateMaxTime *string `mapstructure:"license_update_max_time" json:"-"`
// license reporting
Reporting Reporting `mapstructure:"reporting" json:"-"`
}
Config defines the format of a configuration file in either JSON or HCL format.
It must contain only pointer values, slices and maps to support standardized merging of multiple Config structs into one.
Since this is the format which users use to specify their configuration it should be treated as an external API which cannot be changed and refactored at will since this will break existing setups.
func Merge ¶
Merge recursively combines a set of config file structures into a single structure according to the following rules:
* only values of type struct, slice, map and pointer to simple types are allowed. Other types panic. * when merging two structs the result is the recursive merge of all fields according to the rules below * when merging two slices the result is the second slice appended to the first * when merging two maps the result is the second map overlaid on the first * when merging two pointer values the result is the second value if it is not nil, otherwise the first
type ConfigEntries ¶ added in v1.16.100
type ConfigEntries struct {
// Bootstrap is the list of config_entries that should only be persisted to
// cluster on initial startup of a new leader if no such config exists
// already. The type is map not structs.ConfigEntry for decoding reasons - we
// need to figure out the right concrete type before we can decode it
// unabiguously.
Bootstrap []map[string]interface{} `mapstructure:"bootstrap"`
}
type Connect ¶ added in v1.2.0
type Connect struct {
// Enabled opts the agent into connect. It should be set on all clients and
// servers in a cluster for correct connect operation.
Enabled *bool `mapstructure:"enabled" json:"enabled,omitempty"`
CAProvider *string `mapstructure:"ca_provider" json:"ca_provider,omitempty"`
CAConfig map[string]interface{} `mapstructure:"ca_config" json:"ca_config,omitempty"`
MeshGatewayWANFederationEnabled *bool `mapstructure:"enable_mesh_gateway_wan_federation" json:"enable_mesh_gateway_wan_federation,omitempty"`
// TestCALeafRootChangeSpread controls how long after a CA roots change before new leaf certs will be generated.
// This is only tuned in tests, generally set to 1ns to make tests deterministic with when to expect updated leaf
// certs by. This configuration is not exposed to users (not documented, and agent/config/default.go will override it)
TestCALeafRootChangeSpread *string `mapstructure:"test_ca_leaf_root_change_spread" json:"test_ca_leaf_root_change_spread,omitempty"`
}
Connect is the agent-global connect configuration.
type Consul ¶
type Consul struct {
Coordinate struct {
UpdateBatchSize *int `mapstructure:"update_batch_size"`
UpdateMaxBatches *int `mapstructure:"update_max_batches"`
UpdatePeriod *string `mapstructure:"update_period"`
} `mapstructure:"coordinate"`
Raft struct {
ElectionTimeout *string `mapstructure:"election_timeout"`
HeartbeatTimeout *string `mapstructure:"heartbeat_timeout"`
LeaderLeaseTimeout *string `mapstructure:"leader_lease_timeout"`
} `mapstructure:"raft"`
Server struct {
HealthInterval *string `mapstructure:"health_interval"`
} `mapstructure:"server"`
}
type DNS ¶
type DNS struct {
AllowStale *bool `mapstructure:"allow_stale"`
ARecordLimit *int `mapstructure:"a_record_limit"`
DisableCompression *bool `mapstructure:"disable_compression"`
EnableTruncate *bool `mapstructure:"enable_truncate"`
MaxStale *string `mapstructure:"max_stale"`
NodeTTL *string `mapstructure:"node_ttl"`
OnlyPassing *bool `mapstructure:"only_passing"`
RecursorStrategy *string `mapstructure:"recursor_strategy"`
RecursorTimeout *string `mapstructure:"recursor_timeout"`
ServiceTTL map[string]string `mapstructure:"service_ttl"`
UDPAnswerLimit *int `mapstructure:"udp_answer_limit"`
NodeMetaTXT *bool `mapstructure:"enable_additional_node_meta_txt"`
SOA *SOA `mapstructure:"soa"`
UseCache *bool `mapstructure:"use_cache"`
CacheMaxAge *string `mapstructure:"cache_max_age"`
// Enterprise Only
PreferNamespace *bool `mapstructure:"prefer_namespace"`
}
type DeprecatedConfig ¶ added in v1.16.100
type DeprecatedConfig struct {
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza
ACLAgentMasterToken *string `mapstructure:"acl_agent_master_token"`
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza
ACLAgentToken *string `mapstructure:"acl_agent_token"`
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza
ACLToken *string `mapstructure:"acl_token"`
// DEPRECATED (ACL-Legacy-Compat) - moved to "acl.enable_key_list_policy"
ACLEnableKeyListPolicy *bool `mapstructure:"acl_enable_key_list_policy"`
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl" stanza
ACLMasterToken *string `mapstructure:"acl_master_token"`
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza
ACLReplicationToken *string `mapstructure:"acl_replication_token"`
// DEPRECATED (ACL-Legacy-Compat) - moved to "acl.enable_token_replication"
EnableACLReplication *bool `mapstructure:"enable_acl_replication"`
// DEPRECATED (ACL-Legacy-Compat) - moved to "primary_datacenter"
ACLDatacenter *string `mapstructure:"acl_datacenter"`
// DEPRECATED (ACL-Legacy-Compat) - moved to "acl.default_policy"
ACLDefaultPolicy *string `mapstructure:"acl_default_policy"`
// DEPRECATED (ACL-Legacy-Compat) - moved to "acl.down_policy"
ACLDownPolicy *string `mapstructure:"acl_down_policy"`
// DEPRECATED (ACL-Legacy-Compat) - moved to "acl.token_ttl"
ACLTTL *string `mapstructure:"acl_ttl"`
// DEPRECATED(TLS) - moved to "tls.defaults.ca_file"
CAFile *string `mapstructure:"ca_file"`
// DEPRECATED(TLS) - moved to "tls.defaults.ca_path"
CAPath *string `mapstructure:"ca_path"`
// DEPRECATED(TLS) - moved to "tls.defaults.cert_file"
CertFile *string `mapstructure:"cert_file"`
// DEPRECATED(TLS) - moved to "tls.defaults.key_file"
KeyFile *string `mapstructure:"key_file"`
// DEPRECATED(TLS) - moved to "tls.defaults.tls_cipher_suites"
TLSCipherSuites *string `mapstructure:"tls_cipher_suites"`
// DEPRECATED(TLS) - moved to "tls.defaults.tls_min_version"
TLSMinVersion *string `mapstructure:"tls_min_version"`
// DEPRECATED(TLS) - moved to "tls.defaults.verify_incoming"
VerifyIncoming *bool `mapstructure:"verify_incoming"`
// DEPRECATED(TLS) - moved to "tls.https.verify_incoming"
VerifyIncomingHTTPS *bool `mapstructure:"verify_incoming_https"`
// DEPRECATED(TLS) - moved to "tls.internal_rpc.verify_incoming"
VerifyIncomingRPC *bool `mapstructure:"verify_incoming_rpc"`
// DEPRECATED(TLS) - moved to "tls.defaults.verify_outgoing"
VerifyOutgoing *bool `mapstructure:"verify_outgoing"`
// DEPRECATED(TLS) - moved to "tls.internal_rpc.verify_server_hostname"
VerifyServerHostname *bool `mapstructure:"verify_server_hostname"`
// DEPRECATED(TLS) - this isn't honored by crypto/tls anymore.
TLSPreferServerCipherSuites *bool `mapstructure:"tls_prefer_server_cipher_suites"`
// DEPRECATED(JOIN) - replaced by retry_join
StartJoinAddrsLAN []string `mapstructure:"start_join"`
// DEPRECATED(JOIN) - replaced by retry_join_wan
StartJoinAddrsWAN []string `mapstructure:"start_join_wan"`
// DEPRECATED see RaftLogStore
RaftBoltDBConfig *consul.RaftBoltDBConfig `mapstructure:"raft_boltdb" json:"-"`
}
type DeprecatedTokens ¶ added in v1.16.100
type EnterpriseMeta ¶ added in v1.16.100
type EnterpriseMeta struct{}
EnterpriseMeta stub
func (*EnterpriseMeta) ToStructs ¶ added in v1.16.100
func (_ *EnterpriseMeta) ToStructs() acl.EnterpriseMeta
type EnterpriseRuntimeConfig ¶ added in v1.16.100
type EnterpriseRuntimeConfig struct{}
type ExposeConfig ¶ added in v1.16.100
type ExposeConfig struct {
// Checks defines whether paths associated with Consul checks will be exposed.
// This flag triggers exposing all HTTP and GRPC check paths registered for the service.
Checks *bool `mapstructure:"checks"`
// Port defines the port of the proxy's listener for exposed paths.
Port *int `mapstructure:"port"`
// Paths is the list of paths exposed through the proxy.
Paths []ExposePath `mapstructure:"paths"`
}
ExposeConfig describes HTTP paths to expose through Envoy outside of Connect. Users can expose individual paths and/or all HTTP/GRPC paths for checks.
type ExposePath ¶ added in v1.16.100
type ExposePath struct {
// ListenerPort defines the port of the proxy's listener for exposed paths.
ListenerPort *int `mapstructure:"listener_port"`
// Path is the path to expose through the proxy, ie. "/metrics."
Path *string `mapstructure:"path"`
// Protocol describes the upstream's service protocol.
Protocol *string `mapstructure:"protocol"`
// LocalPathPort is the port that the service is listening on for the given path.
LocalPathPort *int `mapstructure:"local_path_port"`
}
type FileSource ¶ added in v1.16.100
FileSource implements Source and parses a config from a file.
func (FileSource) Parse ¶ added in v1.16.100
func (f FileSource) Parse() (Config, Metadata, error)
Parse a config file in either JSON or HCL format.
func (FileSource) Source ¶ added in v1.16.100
func (f FileSource) Source() string
type FileWatcherEvent ¶ added in v1.16.100
type FileWatcherEvent struct {
Filenames []string
}
type FlagValuesTarget ¶ added in v1.16.100
type FlagValuesTarget = decodeTarget
type GossipLANConfig ¶ added in v1.2.2
type GossipLANConfig struct {
GossipNodes *int `mapstructure:"gossip_nodes"`
GossipInterval *string `mapstructure:"gossip_interval"`
ProbeInterval *string `mapstructure:"probe_interval"`
ProbeTimeout *string `mapstructure:"probe_timeout"`
SuspicionMult *int `mapstructure:"suspicion_mult"`
RetransmitMult *int `mapstructure:"retransmit_mult"`
}
type GossipWANConfig ¶ added in v1.2.2
type GossipWANConfig struct {
GossipNodes *int `mapstructure:"gossip_nodes"`
GossipInterval *string `mapstructure:"gossip_interval"`
ProbeInterval *string `mapstructure:"probe_interval"`
ProbeTimeout *string `mapstructure:"probe_timeout"`
SuspicionMult *int `mapstructure:"suspicion_mult"`
RetransmitMult *int `mapstructure:"retransmit_mult"`
}
type HTTPConfig ¶
type HTTPConfig struct {
BlockEndpoints []string `mapstructure:"block_endpoints"`
AllowWriteHTTPFrom []string `mapstructure:"allow_write_http_from"`
ResponseHeaders map[string]string `mapstructure:"response_headers"`
UseCache *bool `mapstructure:"use_cache"`
MaxHeaderBytes *int `mapstructure:"max_header_bytes"`
}
type LicenseConfig ¶ added in v1.16.100
type LicenseConfig struct {
Enabled bool
}
type Limits ¶
type Limits struct {
HTTPMaxConnsPerClient *int `mapstructure:"http_max_conns_per_client"`
HTTPSHandshakeTimeout *string `mapstructure:"https_handshake_timeout"`
RequestLimits RequestLimits `mapstructure:"request_limits"`
RPCClientTimeout *string `mapstructure:"rpc_client_timeout"`
RPCHandshakeTimeout *string `mapstructure:"rpc_handshake_timeout"`
RPCMaxBurst *int `mapstructure:"rpc_max_burst"`
RPCMaxConnsPerClient *int `mapstructure:"rpc_max_conns_per_client"`
RPCRate *float64 `mapstructure:"rpc_rate"`
KVMaxValueSize *uint64 `mapstructure:"kv_max_value_size"`
TxnMaxReqLen *uint64 `mapstructure:"txn_max_req_len"`
}
type LiteralSource ¶ added in v1.16.100
LiteralSource implements Source and returns an existing Config struct.
func (LiteralSource) Parse ¶ added in v1.16.100
func (l LiteralSource) Parse() (Config, Metadata, error)
func (LiteralSource) Source ¶ added in v1.16.100
func (l LiteralSource) Source() string
type LoadOpts ¶ added in v1.16.100
type LoadOpts struct {
// FlagValues contains the command line arguments that can also be set
// in a config file.
FlagValues FlagValuesTarget
// ConfigFiles is a slice of paths to config files and directories that will
// be loaded.
//
// It is an error for any config files to have an extension other than `hcl`
// or `json`, unless ConfigFormat is also set. However, non-HCL/JSON files in
// a config directory are merely skipped, with a warning.
ConfigFiles []string
// ConfigFormat forces all config files to be interpreted as this format
// independent of their extension. Value may be `hcl` or `json`.
ConfigFormat string
// DevMode indicates whether the agent should be started in development
// mode. This cannot be configured in a config file.
DevMode *bool
// HCL is a slice of config data in hcl format. Each one will be loaded as
// if it were the source of a config file. Values from HCL will override
// values from ConfigFiles and FlagValues.
HCL []string
// DefaultConfig is an optional source that is applied after other defaults
// but before ConfigFiles and all other user specified config.
DefaultConfig Source
// Overrides are optional config sources that are applied as the very last
// config source so they can override any previous values.
Overrides []Source
// contains filtered or unexported fields
}
LoadOpts used by Load to construct and validate a RuntimeConfig.
type LoadResult ¶ added in v1.16.100
type LoadResult struct {
RuntimeConfig *RuntimeConfig
Warnings []string
WatchedFiles []string
}
LoadResult is the result returned from Load. The caller is responsible for handling any warnings.
func Load ¶ added in v1.16.100
func Load(opts LoadOpts) (LoadResult, error)
Load will build the configuration including the config source injected after all other defaults but before any user supplied configuration and the overrides source injected as the final source in the configuration parsing chain.
The caller is responsible for handling any warnings in LoadResult.Warnings.
type Locality ¶ added in v1.16.100
type Locality struct {
// Region is region the zone belongs to.
Region *string `mapstructure:"region"`
// Zone is the zone the entity is running in.
Zone *string `mapstructure:"zone"`
}
Locality identifies where a given entity is running.
type MeshGatewayConfig ¶ added in v1.16.100
type MeshGatewayConfig struct {
// Mesh Gateway Mode
Mode *string `mapstructure:"mode"`
}
type Metadata ¶ added in v1.16.100
type Metadata struct {
// Keys used in the config file.
Keys []string
// Unused keys that did not match any struct fields.
Unused []string
// Warnings caused by deprecated fields
Warnings []string
}
Metadata created by Source.Parse
type Peering ¶ added in v1.16.100
type Peering struct {
Enabled *bool `mapstructure:"enabled" json:"enabled,omitempty"`
// TestAllowPeerRegistrations controls whether CatalogRegister endpoints allow registrations for objects with `PeerName`
// This always gets overridden in NonUserSource()
TestAllowPeerRegistrations *bool `mapstructure:"test_allow_peer_registrations" json:"test_allow_peer_registrations,omitempty"`
}
type Performance ¶
type Ports ¶
type Ports struct {
DNS *int `mapstructure:"dns" json:"dns,omitempty"`
HTTP *int `mapstructure:"http" json:"http,omitempty"`
HTTPS *int `mapstructure:"https" json:"https,omitempty"`
SerfLAN *int `mapstructure:"serf_lan" json:"serf_lan,omitempty"`
SerfWAN *int `mapstructure:"serf_wan" json:"serf_wan,omitempty"`
Server *int `mapstructure:"server" json:"server,omitempty"`
GRPC *int `mapstructure:"grpc" json:"grpc,omitempty"`
GRPCTLS *int `mapstructure:"grpc_tls" json:"grpc_tls,omitempty"`
ProxyMinPort *int `mapstructure:"proxy_min_port" json:"proxy_min_port,omitempty"`
ProxyMaxPort *int `mapstructure:"proxy_max_port" json:"proxy_max_port,omitempty"`
SidecarMinPort *int `mapstructure:"sidecar_min_port" json:"sidecar_min_port,omitempty"`
SidecarMaxPort *int `mapstructure:"sidecar_max_port" json:"sidecar_max_port,omitempty"`
ExposeMinPort *int `mapstructure:"expose_min_port" json:"expose_min_port,omitempty" `
ExposeMaxPort *int `mapstructure:"expose_max_port" json:"expose_max_port,omitempty"`
}
type RPC ¶ added in v1.16.100
type RPC struct {
EnableStreaming *bool `mapstructure:"enable_streaming"`
}
type RaftBoltDBConfigRaw ¶ added in v1.16.100
type RaftBoltDBConfigRaw struct {
NoFreelistSync *bool `mapstructure:"no_freelist_sync" json:"no_freelist_sync,omitempty"`
}
type RaftLogStoreRaw ¶ added in v1.16.100
type RaftLogStoreRaw struct {
Backend *string `mapstructure:"backend" json:"backend,omitempty"`
DisableLogCache *bool `mapstructure:"disable_log_cache" json:"disable_log_cache,omitempty"`
Verification RaftLogStoreVerificationRaw `mapstructure:"verification" json:"verification,omitempty"`
BoltDBConfig RaftBoltDBConfigRaw `mapstructure:"boltdb" json:"boltdb,omitempty"`
WALConfig RaftWALConfigRaw `mapstructure:"wal" json:"wal,omitempty"`
}
type RaftLogStoreVerificationRaw ¶ added in v1.16.100
type RaftWALConfigRaw ¶ added in v1.16.100
type RaftWALConfigRaw struct {
SegmentSizeMB *int `mapstructure:"segment_size_mb" json:"segment_size_mb,omitempty"`
}
type RawUIConfig ¶ added in v1.16.100
type RawUIConfig struct {
Enabled *bool `mapstructure:"enabled"`
Dir *string `mapstructure:"dir"`
ContentPath *string `mapstructure:"content_path"`
MetricsProvider *string `mapstructure:"metrics_provider"`
MetricsProviderFiles []string `mapstructure:"metrics_provider_files"`
MetricsProviderOptionsJSON *string `mapstructure:"metrics_provider_options_json"`
MetricsProxy RawUIMetricsProxy `mapstructure:"metrics_proxy"`
DashboardURLTemplates map[string]string `mapstructure:"dashboard_url_templates"`
}
type RawUIMetricsProxy ¶ added in v1.16.100
type RawUIMetricsProxy struct {
BaseURL *string `mapstructure:"base_url"`
AddHeaders []RawUIMetricsProxyAddHeader `mapstructure:"add_headers"`
PathAllowlist []string `mapstructure:"path_allowlist"`
}
type RawUIMetricsProxyAddHeader ¶ added in v1.16.100
type Reporting ¶ added in v1.16.100
type Reporting struct {
License License `mapstructure:"license"`
}
type ReportingConfig ¶ added in v1.16.100
type ReportingConfig struct {
License LicenseConfig
}
type RequestLimits ¶ added in v1.16.100
type RuntimeConfig ¶
type RuntimeConfig struct {
// non-user configurable values
AEInterval time.Duration
CheckDeregisterIntervalMin time.Duration
CheckReapInterval time.Duration
SegmentLimit int
SegmentNameLimit int
SyncCoordinateRateTarget float64
SyncCoordinateIntervalMin time.Duration
Revision string
Version string
VersionPrerelease string
VersionMetadata string
BuildDate time.Time
// consul config
ConsulCoordinateUpdateMaxBatches int
ConsulCoordinateUpdateBatchSize int
ConsulCoordinateUpdatePeriod time.Duration
ConsulRaftElectionTimeout time.Duration
ConsulRaftHeartbeatTimeout time.Duration
ConsulRaftLeaderLeaseTimeout time.Duration
ConsulServerHealthInterval time.Duration
// ACLsEnabled is used to determine whether ACLs should be enabled
//
// hcl: acl.enabled = boolean
ACLsEnabled bool
ACLTokens token.Config
ACLResolverSettings consul.ACLResolverSettings
// ACLEnableKeyListPolicy is used to opt-in to the "list" policy added to
// KV ACLs in Consul 1.0.
//
// See https://www.consul.io/docs/guides/acl.html#list-policy-for-keys for
// more details.
//
// hcl: acl.enable_key_list_policy = (true|false)
ACLEnableKeyListPolicy bool
// ACLInitialManagementToken is used to bootstrap the ACL system. It should be specified
// on the servers in the PrimaryDatacenter. When the leader comes online, it ensures
// that the initial management token is available. This provides the initial token.
//
// hcl: acl.tokens.initial_management = string
ACLInitialManagementToken string
// ACLtokenReplication is used to indicate that both tokens and policies
// should be replicated instead of just policies
//
// hcl: acl.token_replication = boolean
ACLTokenReplication bool
// AutopilotCleanupDeadServers enables the automatic cleanup of dead servers when new ones
// are added to the peer list. Defaults to true.
//
// hcl: autopilot { cleanup_dead_servers = (true|false) }
AutopilotCleanupDeadServers bool
// AutopilotDisableUpgradeMigration will disable Autopilot's upgrade migration
// strategy of waiting until enough newer-versioned servers have been added to the
// cluster before promoting them to voters. (Enterprise-only)
//
// hcl: autopilot { disable_upgrade_migration = (true|false)
AutopilotDisableUpgradeMigration bool
// AutopilotLastContactThreshold is the limit on the amount of time a server can go
// without leader contact before being considered unhealthy.
//
// hcl: autopilot { last_contact_threshold = "duration" }
AutopilotLastContactThreshold time.Duration
// AutopilotMaxTrailingLogs is the amount of entries in the Raft Log that a server can
// be behind before being considered unhealthy. The value must be positive.
//
// hcl: autopilot { max_trailing_logs = int }
AutopilotMaxTrailingLogs int
// AutopilotMinQuorum sets the minimum number of servers required in a cluster
// before autopilot can prune dead servers.
//
// hcl: autopilot { min_quorum = int }
AutopilotMinQuorum uint
// AutopilotRedundancyZoneTag is the Meta tag to use for separating servers
// into zones for redundancy. If left blank, this feature will be disabled.
// (Enterprise-only)
//
// hcl: autopilot { redundancy_zone_tag = string }
AutopilotRedundancyZoneTag string
// AutopilotServerStabilizationTime is the minimum amount of time a server must be
// in a stable, healthy state before it can be added to the cluster. Only
// applicable with Raft protocol version 3 or higher.
//
// hcl: autopilot { server_stabilization_time = "duration" }
AutopilotServerStabilizationTime time.Duration
// AutopilotUpgradeVersionTag is the node tag to use for version info when
// performing upgrade migrations. If left blank, the Consul version will be used.
//
// (Enterprise-only)
//
// hcl: autopilot { upgrade_version_tag = string }
AutopilotUpgradeVersionTag string
// Cloud contains configuration for agents to connect to HCP.
//
// hcl: cloud { ... }
Cloud hcpconfig.CloudConfig
// DNSAllowStale is used to enable lookups with stale
// data. This gives horizontal read scalability since
// any Consul server can service the query instead of
// only the leader.
//
// hcl: dns_config { allow_stale = (true|false) }
DNSAllowStale bool
// DNSARecordLimit is used to limit the maximum number of DNS Resource
// Records returned in the ANSWER section of a DNS response for A or AAAA
// records for both UDP and TCP queries.
//
// This is not normally useful and will be limited based on the querying
// protocol, however systems that implemented §6 Rule 9 in RFC3484
// may want to set this to `1` in order to subvert §6 Rule 9 and
// re-obtain the effect of randomized resource records (i.e. each
// answer contains only one IP, but the IP changes every request).
// RFC3484 sorts answers in a deterministic order, which defeats the
// purpose of randomized DNS responses. This RFC has been obsoleted
// by RFC6724 and restores the desired behavior of randomized
// responses, however a large number of Linux hosts using glibc(3)
// implemented §6 Rule 9 and may need this option (e.g. CentOS 5-6,
// Debian Squeeze, etc).
//
// hcl: dns_config { a_record_limit = int }
DNSARecordLimit int
// DNSDisableCompression is used to control whether DNS responses are
// compressed. In Consul 0.7 this was turned on by default and this
// config was added as an opt-out.
//
// hcl: dns_config { disable_compression = (true|false) }
DNSDisableCompression bool
// DNSDomain is the DNS domain for the records. Should end with a dot.
// Defaults to "consul."
//
// hcl: domain = string
// flag: -domain string
DNSDomain string
// DNSAltDomain can be set to support resolution on an additional
// consul domain. Should end with a dot.
// If left blank, only the primary domain will be used.
//
// hcl: alt_domain = string
// flag: -alt-domain string
DNSAltDomain string
// DNSEnableTruncate is used to enable setting the truncate
// flag for UDP DNS queries. This allows unmodified
// clients to re-query the consul server using TCP
// when the total number of records exceeds the number
// returned by default for UDP.
//
// hcl: dns_config { enable_truncate = (true|false) }
DNSEnableTruncate bool
// DNSMaxStale is used to bound how stale of a result is
// accepted for a DNS lookup. This can be used with
// AllowStale to limit how old of a value is served up.
// If the stale result exceeds this, another non-stale
// stale read is performed.
//
// hcl: dns_config { max_stale = "duration" }
DNSMaxStale time.Duration
// DNSNodeTTL provides the TTL value for a node query.
//
// hcl: dns_config { node_ttl = "duration" }
DNSNodeTTL time.Duration
// DNSOnlyPassing is used to determine whether to filter nodes
// whose health checks are in any non-passing state. By
// default, only nodes in a critical state are excluded.
//
// hcl: dns_config { only_passing = (true|false) }
DNSOnlyPassing bool
// DNSRecursorStrategy controls the order in which DNS recursors are queried.
// 'sequential' queries recursors in the order they are listed under `recursors`.
// 'random' causes random selection of recursors which has the effect of
// spreading the query load among all listed servers, rather than having
// client agents try the first server in the list every time.
//
// hcl: dns_config { recursor_strategy = "(random|sequential)" }
DNSRecursorStrategy dns.RecursorStrategy
// DNSRecursorTimeout specifies the timeout in seconds
// for Consul's internal dns client used for recursion.
// This value is used for the connection, read and write timeout.
//
// hcl: dns_config { recursor_timeout = "duration" }
DNSRecursorTimeout time.Duration
// DNSServiceTTL provides the TTL value for a service
// query for given service. The "*" wildcard can be used
// to set a default for all services.
//
// hcl: dns_config { service_ttl = map[string]"duration" }
DNSServiceTTL map[string]time.Duration
// DNSUDPAnswerLimit is used to limit the maximum number of DNS Resource
// Records returned in the ANSWER section of a DNS response for UDP
// responses without EDNS support (limited to 512 bytes).
// This parameter is deprecated, if you want to limit the number of
// records returned by A or AAAA questions, please use DNSARecordLimit
// instead.
//
// hcl: dns_config { udp_answer_limit = int }
DNSUDPAnswerLimit int
// DNSNodeMetaTXT controls whether DNS queries will synthesize
// TXT records for the node metadata and add them when not specifically
// request (query type = TXT). If unset this will default to true
DNSNodeMetaTXT bool
// DNSRecursors can be set to allow the DNS servers to recursively
// resolve non-consul domains.
//
// hcl: recursors = []string
// flag: -recursor string [-recursor string]
DNSRecursors []string
// DNSUseCache whether or not to use cache for dns queries
//
// hcl: dns_config { use_cache = (true|false) }
DNSUseCache bool
// DNSUseCache whether or not to use cache for dns queries
//
// hcl: dns_config { cache_max_age = "duration" }
DNSCacheMaxAge time.Duration
// HTTPUseCache whether or not to use cache for http queries. Defaults
// to true.
//
// hcl: http_config { use_cache = (true|false) }
HTTPUseCache bool
// HTTPBlockEndpoints is a list of endpoint prefixes to block in the
// HTTP API. Any requests to these will get a 403 response.
//
// hcl: http_config { block_endpoints = []string }
HTTPBlockEndpoints []string
// AllowWriteHTTPFrom restricts the agent write endpoints to the given
// networks. Any request to a protected endpoint that is not mactched
// by one of these networks will get a 403 response.
// An empty slice means no restriction.
//
// hcl: http_config { allow_write_http_from = []string }
AllowWriteHTTPFrom []*net.IPNet
// HTTPResponseHeaders are used to add HTTP header response fields to the HTTP API responses.
//
// hcl: http_config { response_headers = map[string]string }
HTTPResponseHeaders map[string]string
// Embed Telemetry Config
Telemetry lib.TelemetryConfig
// Datacenter is the datacenter this node is in. Defaults to "dc1".
//
// Datacenter is exposed via /v1/agent/self from here and
// used in lots of places like CLI commands. Treat this as an interface
// that must be stable.
//
// hcl: datacenter = string
// flag: -datacenter string
Datacenter string
// Defines the maximum stale value for discovery path. Defaults to "0s".
// Discovery paths are /v1/heath/ paths
//
// If not set to 0, it will try to perform stale read and perform only a
// consistent read whenever the value is too old.
// hcl: discovery_max_stale = "duration"
DiscoveryMaxStale time.Duration
// Node name is the name we use to advertise. Defaults to hostname.
//
// NodeName is exposed via /v1/agent/self from here and
// used in lots of places like CLI commands. Treat this as an interface
// that must be stable.
//
// hcl: node_name = string
// flag: -node string
NodeName string
// AdvertiseAddrLAN is the address we use for advertising our Serf, and
// Consul RPC IP. The address can be specified as an ip address or as a
// go-sockaddr template which resolves to a single ip address. If not
// specified, the bind address is used.
//
// hcl: advertise_addr = string
AdvertiseAddrLAN *net.IPAddr
// AdvertiseAddrWAN is the address we use for advertising our Serf, and
// Consul RPC IP. The address can be specified as an ip address or as a
// go-sockaddr template which resolves to a single ip address. If not
// specified, the bind address is used.
//
// hcl: advertise_addr_wan = string
AdvertiseAddrWAN *net.IPAddr
// BindAddr is used to control the address we bind to.
// If not specified, the first private IP we find is used.
// This controls the address we use for cluster facing
// services (Gossip, Server RPC)
//
// The value can be either an ip address or a go-sockaddr
// template which resolves to a single ip address.
//
// hcl: bind_addr = string
// flag: -bind string
BindAddr *net.IPAddr
// Bootstrap is used to bring up the first Consul server, and
// permits that node to elect itself leader
//
// hcl: bootstrap = (true|false)
// flag: -bootstrap
Bootstrap bool
// BootstrapExpect tries to automatically bootstrap the Consul cluster, by
// having servers wait to bootstrap until enough servers join, and then
// performing the bootstrap process automatically. They will disable their
// automatic bootstrap process if they detect any servers that are part of
// an existing cluster, so it's safe to leave this set to a non-zero value.
//
// hcl: bootstrap_expect = int
// flag: -bootstrap-expect=int
BootstrapExpect int
// Cache represent cache configuration of agent
Cache cache.Options
// CheckUpdateInterval controls the interval on which the output of a health check
// is updated if there is no change to the state. For example, a check in a steady
// state may run every 5 second generating a unique output (timestamp, etc), forcing
// constant writes. This allows Consul to defer the write for some period of time,
// reducing the write pressure when the state is steady.
//
// See also: DiscardCheckOutput
//
// hcl: check_update_interval = "duration"
CheckUpdateInterval time.Duration
// Maximum size for the output of a healtcheck
// hcl check_output_max_size int
// flag: -check_output_max_size int
CheckOutputMaxSize int
// Checks contains the provided check definitions.
//
// hcl: checks = [
// {
// id = string
// name = string
// notes = string
// service_id = string
// token = string
// status = string
// script = string
// args = string
// http = string
// header = map[string][]string
// method = string
// disable_redirects = (true|false)
// tcp = string
// h2ping = string
// interval = string
// docker_container_id = string
// shell = string
// tls_skip_verify = (true|false)
// timeout = "duration"
// ttl = "duration"
// os_service = string
// success_before_passing = int
// failures_before_warning = int
// failures_before_critical = int
// deregister_critical_service_after = "duration"
// },
// ...
// ]
Checks []*structs.CheckDefinition
// ClientAddrs contains the list of ip addresses the DNS, HTTP and HTTPS
// endpoints will bind to if the endpoints are enabled (ports > 0) and the
// addresses are not overwritten.
//
// The ip addresses must be provided as a space separated list of ip
// addresses and go-sockaddr templates.
//
// Client addresses cannot contain UNIX socket addresses since a socket
// cannot be shared across multiple endpoints (no ports). To use UNIX
// sockets configure it in 'addresses'.
//
// hcl: client_addr = string
// flag: -client string
ClientAddrs []*net.IPAddr
// ConfigEntryBootstrap contains a list of ConfigEntries to ensure are created
// If entries of the same Kind/Name exist already these will not update them.
ConfigEntryBootstrap []structs.ConfigEntry
// AutoEncryptTLS requires the client to acquire TLS certificates from
// servers.
AutoEncryptTLS bool
// Additional DNS SAN entries that clients request during auto_encrypt
// flow for their certificates.
AutoEncryptDNSSAN []string
// Additional IP SAN entries that clients request during auto_encrypt
// flow for their certificates.
AutoEncryptIPSAN []net.IP
// AutoEncryptAllowTLS enables the server to respond to
// AutoEncrypt.Sign requests.
AutoEncryptAllowTLS bool
// AutoConfig is a grouping of the configurations around the agent auto configuration
// process including how servers can authorize requests.
AutoConfig AutoConfig
// ConnectEnabled opts the agent into connect. It should be set on all clients
// and servers in a cluster for correct connect operation.
ConnectEnabled bool
// ConnectSidecarMinPort is the inclusive start of the range of ports
// allocated to the agent for asigning to sidecar services where no port is
// specified.
ConnectSidecarMinPort int
// ConnectSidecarMaxPort is the inclusive end of the range of ports
// allocated to the agent for asigning to sidecar services where no port is
// specified
ConnectSidecarMaxPort int
// ExposeMinPort is the inclusive start of the range of ports
// allocated to the agent for exposing checks through a proxy
ExposeMinPort int
// ExposeMinPort is the inclusive start of the range of ports
// allocated to the agent for exposing checks through a proxy
ExposeMaxPort int
// ConnectCAProvider is the type of CA provider to use with Connect.
ConnectCAProvider string
// ConnectCAConfig is the config to use for the CA provider.
ConnectCAConfig map[string]interface{}
// ConnectMeshGatewayWANFederationEnabled determines if wan federation of
// datacenters should exclusively traverse mesh gateways.
ConnectMeshGatewayWANFederationEnabled bool
// ConnectTestCALeafRootChangeSpread is used to control how long the CA leaf
// cache with spread CSRs over when a root change occurs. For now we don't
// expose this in public config intentionally but could later with a rename.
// We only set this from during tests to effectively make CA rotation tests
// deterministic again.
ConnectTestCALeafRootChangeSpread time.Duration
// DNSAddrs contains the list of TCP and UDP addresses the DNS server will
// bind to. If the DNS endpoint is disabled (ports.dns <= 0) the list is
// empty.
//
// The ip addresses are taken from 'addresses.dns' which should contain a
// space separated list of ip addresses and/or go-sockaddr templates.
//
// If 'addresses.dns' was not provided the 'client_addr' addresses are
// used.
//
// The DNS server cannot be bound to UNIX sockets.
//
// hcl: client_addr = string addresses { dns = string } ports { dns = int }
DNSAddrs []net.Addr
// DNSPort is the port the DNS server listens on. The default is 8600.
// Setting this to a value <= 0 disables the endpoint.
//
// hcl: ports { dns = int }
// flags: -dns-port int
DNSPort int
// DNSSOA is the settings applied for DNS SOA
// hcl: soa {}
DNSSOA RuntimeSOAConfig
// DataDir is the path to the directory where the local state is stored.
//
// hcl: data_dir = string
// flag: -data-dir string
DataDir string
// DefaultQueryTime is the amount of time a blocking query will wait before
// Consul will force a response. This value can be overridden by the 'wait'
// query parameter.
//
// hcl: default_query_time = "duration"
// flag: -default-query-time string
DefaultQueryTime time.Duration
// DevMode enables a fast-path mode of operation to bring up an in-memory
// server with minimal configuration. Useful for developing Consul.
//
// flag: -dev
DevMode bool
// DisableAnonymousSignature is used to turn off the anonymous signature
// send with the update check. This is used to deduplicate messages.
//
// hcl: disable_anonymous_signature = (true|false)
DisableAnonymousSignature bool
// DisableCoordinates controls features related to network coordinates.
//
// hcl: disable_coordinates = (true|false)
DisableCoordinates bool
// DisableHostNodeID will prevent Consul from using information from the
// host to generate a node ID, and will cause Consul to generate a
// random ID instead.
//
// hcl: disable_host_node_id = (true|false)
// flag: -disable-host-node-id
DisableHostNodeID bool
// DisableHTTPUnprintableCharFilter will bypass the filter preventing HTTP
// URLs from containing unprintable chars. This filter was added in 1.0.3 as a
// response to a vulnerability report. Disabling this is never recommended in
// general however some users who have keys written in older versions of
// Consul may use this to temporarily disable the filter such that they can
// delete those keys again! We do not recommend leaving it disabled long term.
//
// hcl: disable_http_unprintable_char_filter
DisableHTTPUnprintableCharFilter bool
// DisableKeyringFile disables writing the keyring to a file.
//
// hcl: disable_keyring_file = (true|false)
// flag: -disable-keyring-file
DisableKeyringFile bool
// DisableRemoteExec is used to turn off the remote execution
// feature. This is for security to prevent unknown scripts from running.
//
// hcl: disable_remote_exec = (true|false)
DisableRemoteExec bool
// DisableUpdateCheck is used to turn off the automatic update and
// security bulletin checking.
//
// hcl: disable_update_check = (true|false)
DisableUpdateCheck bool
// DiscardCheckOutput is used to turn off storing and comparing the
// output of health checks. This reduces the write rate on the server
// for checks with highly volatile output. (reloadable)
//
// See also: CheckUpdateInterval
//
// hcl: discard_check_output = (true|false)
DiscardCheckOutput bool
// EnableAgentTLSForChecks is used to apply the agent's TLS settings in
// order to configure the HTTP client used for health checks. Enabling
// this allows HTTP checks to present a client certificate and verify
// the server using the same TLS configuration as the agent (CA, cert,
// and key).
EnableAgentTLSForChecks bool
// EnableCentralServiceConfig controls whether the agent should incorporate
// centralized config such as service-defaults into local service registrations.
//
// hcl: enable_central_service_config = (true|false)
EnableCentralServiceConfig bool
// EnableDebug is used to enable various debugging features.
//
// hcl: enable_debug = (true|false)
EnableDebug bool
// EnableLocalScriptChecks controls whether health checks declared from the local
// config file which execute scripts are enabled. This includes regular script
// checks and Docker checks.
//
// hcl: (enable_script_checks|enable_local_script_checks) = (true|false)
// flag: -enable-script-checks, -enable-local-script-checks
EnableLocalScriptChecks bool
// EnableRemoeScriptChecks controls whether health checks declared from the http API
// which execute scripts are enabled. This includes regular script checks and Docker
// checks.
//
// hcl: enable_script_checks = (true|false)
// flag: -enable-script-checks
EnableRemoteScriptChecks bool
// EncryptKey contains the encryption key to use for the Serf communication.
//
// hcl: encrypt = string
// flag: -encrypt string
EncryptKey string
// GRPCPort is the port the gRPC server listens on. It is disabled by default.
//
// hcl: ports { grpc = int }
// flags: -grpc-port int
GRPCPort int
// GRPCTLSPort is the port the gRPC server listens on. It is disabled by default.
//
// hcl: ports { grpc_tls = int }
// flags: -grpc-tls-port int
GRPCTLSPort int
// GRPCAddrs contains the list of TCP addresses and UNIX sockets the gRPC
// server will bind to. If the gRPC endpoint is disabled (ports.grpc <= 0)
// the list is empty.
//
// The addresses are taken from 'addresses.grpc' which should contain a
// space separated list of ip addresses, UNIX socket paths and/or
// go-sockaddr templates. UNIX socket paths must be written as
// 'unix://<full path>', e.g. 'unix:///var/run/consul-grpc.sock'.
//
// If 'addresses.grpc' was not provided the 'client_addr' addresses are
// used.
//
// hcl: client_addr = string addresses { grpc = string } ports { grpc = int }
GRPCAddrs []net.Addr
// GRPCTLSAddrs contains the list of TCP addresses and UNIX sockets the gRPC
// server will bind to. If the gRPC endpoint is disabled (ports.grpc <= 0)
// the list is empty.
//
// The addresses are taken from 'addresses.grpc_tls' which should contain a
// space separated list of ip addresses, UNIX socket paths and/or
// go-sockaddr templates. UNIX socket paths must be written as
// 'unix://<full path>', e.g. 'unix:///var/run/consul-grpc.sock'.
//
// If 'addresses.grpc_tls' was not provided the 'client_addr' addresses are
// used.
//
// hcl: client_addr = string addresses { grpc_tls = string } ports { grpc_tls = int }
GRPCTLSAddrs []net.Addr
// HTTPAddrs contains the list of TCP addresses and UNIX sockets the HTTP
// server will bind to. If the HTTP endpoint is disabled (ports.http <= 0)
// the list is empty.
//
// The addresses are taken from 'addresses.http' which should contain a
// space separated list of ip addresses, UNIX socket paths and/or
// go-sockaddr templates. UNIX socket paths must be written as
// 'unix://<full path>', e.g. 'unix:///var/run/consul-http.sock'.
//
// If 'addresses.http' was not provided the 'client_addr' addresses are
// used.
//
// hcl: client_addr = string addresses { http = string } ports { http = int }
HTTPAddrs []net.Addr
// HTTPPort is the port the HTTP server listens on. The default is 8500.
// Setting this to a value <= 0 disables the endpoint.
//
// hcl: ports { http = int }
// flags: -http-port int
HTTPPort int
// HTTPSAddrs contains the list of TCP addresses and UNIX sockets the HTTPS
// server will bind to. If the HTTPS endpoint is disabled (ports.https <=
// 0) the list is empty.
//
// The addresses are taken from 'addresses.https' which should contain a
// space separated list of ip addresses, UNIX socket paths and/or
// go-sockaddr templates. UNIX socket paths must be written as
// 'unix://<full path>', e.g. 'unix:///var/run/consul-https.sock'.
//
// If 'addresses.https' was not provided the 'client_addr' addresses are
// used.
//
// hcl: client_addr = string addresses { https = string } ports { https = int }
HTTPSAddrs []net.Addr
// HTTPMaxConnsPerClient limits the number of concurrent TCP connections the
// HTTP(S) server will accept from any single source IP address.
//
// hcl: limits{ http_max_conns_per_client = 200 }
HTTPMaxConnsPerClient int
// HTTPMaxHeaderBytes controls the maximum number of bytes the
// server will read parsing the request header's keys and
// values, including the request line. It does not limit the
// size of the request body.
//
// If zero, or negative, http.DefaultMaxHeaderBytes is used.
HTTPMaxHeaderBytes int
// HTTPSHandshakeTimeout is the time allowed for HTTPS client to complete the
// TLS handshake and send first bytes of the request.
//
// hcl: limits{ https_handshake_timeout = "5s" }
HTTPSHandshakeTimeout time.Duration
// HTTPSPort is the port the HTTP server listens on. The default is -1.
// Setting this to a value <= 0 disables the endpoint.
//
// hcl: ports { https = int }
// flags: -https-port int
HTTPSPort int
// KVMaxValueSize controls the max allowed value size. If not set defaults
// to raft's suggested max value size.
//
// hcl: limits { kv_max_value_size = uint64 }
KVMaxValueSize uint64
// LeaveDrainTime is used to wait after a server has left the LAN Serf
// pool for RPCs to drain and new requests to be sent to other servers.
//
// hcl: performance { leave_drain_time = "duration" }
LeaveDrainTime time.Duration
// LeaveOnTerm controls if Serf does a graceful leave when receiving
// the TERM signal. Defaults true on clients, false on servers. (reloadable)
//
// hcl: leave_on_terminate = (true|false)
LeaveOnTerm bool
Locality *Locality
// Logging configuration used to initialize agent logging.
Logging logging.Config
// MaxQueryTime is the maximum amount of time a blocking query can wait
// before Consul will force a response. Consul applies jitter to the wait
// time. The jittered time will be capped to MaxQueryTime.
//
// hcl: max_query_time = "duration"
// flags: -max-query-time string
MaxQueryTime time.Duration
// Node ID is a unique ID for this node across space and time. Defaults
// to a randomly-generated ID that persists in the data-dir.
//
// todo(fs): don't we have a requirement for this to be a UUID in a specific format?
//
// hcl: node_id = string
// flag: -node-id string
NodeID types.NodeID
// NodeMeta contains metadata key/value pairs. These are excluded from JSON output
// because they can be reloaded and might be stale when shown from the
// config instead of the local state.
// todo(fs): should the sanitizer omit them from output as well since they could be stale?
//
// hcl: node_meta = map[string]string
// flag: -node-meta "key:value" -node-meta "key:value" ...
NodeMeta map[string]string
// ReadReplica is whether this server will act as a non-voting member
// of the cluster to help provide read scalability. (Enterprise-only)
//
// hcl: non_voting_server = (true|false)
// flag: -non-voting-server
ReadReplica bool
// PeeringEnabled enables cluster peering. This setting only applies for servers.
// When disabled, all peering RPC endpoints will return errors,
// peering requests from other clusters will receive errors, and any peerings already stored in this server's
// state will be ignored.
//
// hcl: peering { enabled = (true|false) }
PeeringEnabled bool
// TestAllowPeerRegistrations controls whether CatalogRegister endpoints allow
// registrations for objects with `PeerName`
PeeringTestAllowPeerRegistrations bool
// PidFile is the file to store our PID in.
//
// hcl: pid_file = string
PidFile string
// PrimaryDatacenter is the central datacenter that holds authoritative
// ACL records, replicates intentions and holds the root CA for Connect.
// This must be the same for the entire cluster. Off by default.
//
// hcl: primary_datacenter = string
PrimaryDatacenter string
// PrimaryGateways is a list of addresses and/or go-discover expressions to
// discovery the mesh gateways in the primary datacenter. See
// https://www.consul.io/docs/agent/config/cli-flags#cloud-auto-joining for
// details.
//
// hcl: primary_gateways = []string
// flag: -primary-gateway string -primary-gateway string
PrimaryGateways []string
// PrimaryGatewaysInterval specifies the amount of time to wait in between discovery
// attempts on agent start. The minimum allowed value is 1 second and
// the default is 30s.
//
// hcl: primary_gateways_interval = "duration"
PrimaryGatewaysInterval time.Duration
// RPCAdvertiseAddr is the TCP address Consul advertises for its RPC endpoint.
// By default this is the bind address on the default RPC Server port. If the
// advertise address is specified then it is used.
//
// hcl: bind_addr = string advertise_addr = string ports { server = int }
RPCAdvertiseAddr *net.TCPAddr
// RPCBindAddr is the TCP address Consul will bind to for its RPC endpoint.
// By default this is the bind address on the default RPC Server port.
//
// hcl: bind_addr = string ports { server = int }
RPCBindAddr *net.TCPAddr
// RPCHandshakeTimeout is the timeout for reading the initial magic byte on a
// new RPC connection. If this is set high it may allow unauthenticated users
// to hold connections open arbitrarily long, even when mutual TLS is being
// enforced. It may be set to 0 explicitly to disable the timeout but this
// should never be used in production. Default is 5 seconds.
//
// hcl: limits { rpc_handshake_timeout = "duration" }
RPCHandshakeTimeout time.Duration
// RPCHoldTimeout is how long an RPC can be "held" before it is errored.
// This is used to paper over a loss of leadership by instead holding RPCs,
// so that the caller experiences a slow response rather than an error.
// This period is meant to be long enough for a leader election to take
// place, and a small jitter is applied to avoid a thundering herd.
//
// hcl: performance { rpc_hold_timeout = "duration" }
RPCHoldTimeout time.Duration
// RPCClientTimeout limits how long a client is allowed to read from an RPC
// connection. This is used to set an upper bound for requests to eventually
// terminate so that RPC connections are not held indefinitely.
// It may be set to 0 explicitly to disable the timeout but this should never
// be used in production. Default is 60 seconds.
//
// Note: Blocking queries use MaxQueryTime and DefaultQueryTime to calculate
// timeouts.
//
// hcl: limits { rpc_client_timeout = "duration" }
RPCClientTimeout time.Duration
// RPCRateLimit and RPCMaxBurst control how frequently RPC calls are allowed
// to happen. In any large enough time interval, rate limiter limits the
// rate to RPCRateLimit tokens per second, with a maximum burst size of
// RPCMaxBurst events. As a special case, if RPCRateLimit == Inf (the infinite
// rate), RPCMaxBurst is ignored.
//
// See https://en.wikipedia.org/wiki/Token_bucket for more about token
// buckets.
//
// hcl: limits { rpc_rate = (float64|MaxFloat64) rpc_max_burst = int }
RPCRateLimit rate.Limit
RPCMaxBurst int
// RPCMaxConnsPerClient limits the number of concurrent TCP connections the
// RPC server will accept from any single source IP address.
//
// hcl: limits { rpc_max_conns_per_client = 100 }
RPCMaxConnsPerClient int
// RPCProtocol is the Consul protocol version to use.
//
// hcl: protocol = int
RPCProtocol int
RPCConfig consul.RPCConfig
// UseStreamingBackend enables streaming as a replacement for agent/cache
// in the client agent for endpoints which support streaming.
UseStreamingBackend bool
// RaftProtocol sets the Raft protocol version to use on this server.
// Defaults to 3.
//
// hcl: raft_protocol = int
RaftProtocol int
// RaftSnapshotThreshold sets the minimum threshold of raft commits after which
// a snapshot is created. Defaults to 8192
//
// hcl: raft_snapshot_threshold = int
RaftSnapshotThreshold int
// RaftSnapshotInterval sets the interval to use when checking whether to create
// a new snapshot. Defaults to 5 seconds.
// hcl: raft_snapshot_threshold = int
RaftSnapshotInterval time.Duration
// RaftTrailingLogs sets the number of log entries that will be left in the
// log store after a snapshot. This must be large enough that a follower can
// transfer and restore an entire snapshot of the state before this many new
// entries have been appended. In vast majority of cases the default is plenty
// but if there is a sustained high write throughput coupled with a huge
// multi-gigabyte snapshot setting this higher may be necessary to allow
// followers time to reload from snapshot without becoming unhealthy. If it's
// too low then followers are unable to ever recover from a restart and will
// enter a loop of constantly downloading full snapshots and never catching
// up. If you need to change this you should reconsider your usage of Consul
// as it is not designed to store multiple-gigabyte data sets with high write
// throughput. Defaults to 10000.
//
// hcl: raft_trailing_logs = int
RaftTrailingLogs int
RaftLogStoreConfig consul.RaftLogStoreConfig
// ReconnectTimeoutLAN specifies the amount of time to wait to reconnect with
// another agent before deciding it's permanently gone. This can be used to
// control the time it takes to reap failed nodes from the cluster.
//
// hcl: reconnect_timeout = "duration"
ReconnectTimeoutLAN time.Duration
// ReconnectTimeoutWAN specifies the amount of time to wait to reconnect with
// another agent before deciding it's permanently gone. This can be used to
// control the time it takes to reap failed nodes from the cluster.
//
// hcl: reconnect_timeout = "duration"
ReconnectTimeoutWAN time.Duration
// AdvertiseReconnectTimeout specifies the amount of time other agents should
// wait for us to reconnect before deciding we are permanently gone. This
// should only be set for client agents that are run in a stateless or
// ephemeral manner in order to realize their deletion sooner than we
// would otherwise.
AdvertiseReconnectTimeout time.Duration
// RejoinAfterLeave controls our interaction with the cluster after leave.
// When set to false (default), a leave causes Consul to not rejoin
// the cluster until an explicit join is received. If this is set to
// true, we ignore the leave, and rejoin the cluster on start.
//
// hcl: rejoin_after_leave = (true|false)
// flag: -rejoin
RejoinAfterLeave bool
// RequestLimitsMode will disable or enable rate limiting. If not disabled, it
// enforces the action that will occur when RequestLimitsReadRate
// or RequestLimitsWriteRate is exceeded. The default value of "disabled" will
// prevent any rate limiting from occuring. A value of "enforce" will block
// the request from processings by returning an error. A value of
// "permissive" will not block the request and will allow the request to
// continue processing.
//
// hcl: limits { request_limits { mode = "permissive" } }
RequestLimitsMode consulrate.Mode
// RequestLimitsReadRate controls how frequently RPC, gRPC, and HTTP
// queries are allowed to happen. In any large enough time interval, rate
// limiter limits the rate to RequestLimitsReadRate tokens per second.
//
// See https://en.wikipedia.org/wiki/Token_bucket for more about token
// buckets.
//
// hcl: limits { request_limits { read_rate = (float64|MaxFloat64) } }
RequestLimitsReadRate rate.Limit
// RequestLimitsWriteRate controls how frequently RPC, gRPC, and HTTP
// writes are allowed to happen. In any large enough time interval, rate
// limiter limits the rate to RequestLimitsWriteRate tokens per second.
//
// See https://en.wikipedia.org/wiki/Token_bucket for more about token
// buckets.
//
// hcl: limits { request_limits { write_rate = (float64|MaxFloat64) } }
RequestLimitsWriteRate rate.Limit
// RetryJoinIntervalLAN specifies the amount of time to wait in between join
// attempts on agent start. The minimum allowed value is 1 second and
// the default is 30s.
//
// hcl: retry_interval = "duration"
RetryJoinIntervalLAN time.Duration
// RetryJoinIntervalWAN specifies the amount of time to wait in between join
// attempts on agent start. The minimum allowed value is 1 second and
// the default is 30s.
//
// hcl: retry_interval_wan = "duration"
RetryJoinIntervalWAN time.Duration
// RetryJoinLAN is a list of addresses and/or go-discover expressions to
// join with retry enabled. See
// https://www.consul.io/docs/agent/config/cli-flags#cloud-auto-joining for
// details.
//
// hcl: retry_join = []string
// flag: -retry-join string -retry-join string
RetryJoinLAN []string
// RetryJoinMaxAttemptsLAN specifies the maximum number of times to retry
// joining a host on startup. This is useful for cases where we know the
// node will be online eventually.
//
// hcl: retry_max = int
// flag: -retry-max int
RetryJoinMaxAttemptsLAN int
// RetryJoinMaxAttemptsWAN specifies the maximum number of times to retry
// joining a host on startup. This is useful for cases where we know the
// node will be online eventually.
//
// hcl: retry_max_wan = int
// flag: -retry-max-wan int
RetryJoinMaxAttemptsWAN int
// RetryJoinWAN is a list of addresses and/or go-discover expressions to
// join -wan with retry enabled. See
// https://www.consul.io/docs/agent/config/cli-flags#cloud-auto-joining for
// details.
//
// hcl: retry_join_wan = []string
// flag: -retry-join-wan string -retry-join-wan string
RetryJoinWAN []string
// SegmentName is the network segment for this client to join.
// (Enterprise-only)
//
// hcl: segment = string
SegmentName string
// Segments is the list of network segments for this server to
// initialize.
//
// hcl: segment = [
// {
// # name is the name of the segment
// name = string
//
// # bind is the bind ip address for this segment.
// bind = string
//
// # port is the bind port for this segment.
// port = int
//
// # advertise is the advertise ip address for this segment.
// # Defaults to the bind address if not set.
// advertise = string
//
// # rpc_listener controls whether or not to bind a separate
// # RPC listener to the bind address.
// rpc_listener = (true|false)
// },
// ...
// ]
Segments []structs.NetworkSegment
// SerfAdvertiseAddrLAN is the TCP address which is used for advertising
// the LAN Gossip pool for both client and server. The address is the
// combination of AdvertiseAddrLAN and the SerfPortLAN. If the advertise
// address is not given the bind address is used.
//
// hcl: bind_addr = string advertise_addr = string ports { serf_lan = int }
SerfAdvertiseAddrLAN *net.TCPAddr
// SerfAdvertiseAddrWAN is the TCP address which is used for advertising
// the WAN Gossip pool on the server only. The address is the combination
// of AdvertiseAddrWAN and the SerfPortWAN. If the advertise address is not
// given the bind address is used.
//
// hcl: bind_addr = string advertise_addr_wan = string ports { serf_wan = int }
SerfAdvertiseAddrWAN *net.TCPAddr
// SerfAllowedCIDRsLAN if set to a non-empty value, will restrict which networks
// are allowed to connect to Serf on the LAN.
// hcl: serf_lan_allowed_cidrs = []string
// flag: serf-lan-allowed-cidrs string (can be specified multiple times)
SerfAllowedCIDRsLAN []net.IPNet
// SerfAllowedCIDRsWAN if set to a non-empty value, will restrict which networks
// are allowed to connect to Serf on the WAN.
// hcl: serf_wan_allowed_cidrs = []string
// flag: serf-wan-allowed-cidrs string (can be specified multiple times)
SerfAllowedCIDRsWAN []net.IPNet
// SerfBindAddrLAN is the address to bind the Serf LAN TCP and UDP
// listeners to. The ip address is either the default bind address or the
// 'serf_lan' address which can be either an ip address or a go-sockaddr
// template which resolves to a single ip address.
//
// hcl: bind_addr = string serf_lan = string ports { serf_lan = int }
// flag: -serf-lan string
SerfBindAddrLAN *net.TCPAddr
// SerfBindAddrWAN is the address to bind the Serf WAN TCP and UDP
// listeners to. The ip address is either the default bind address or the
// 'serf_wan' address which can be either an ip address or a go-sockaddr
// template which resolves to a single ip address.
//
// hcl: bind_addr = string serf_wan = string ports { serf_wan = int }
// flag: -serf-wan string
SerfBindAddrWAN *net.TCPAddr
// SerfPortLAN is the port used for the LAN Gossip pool for both client and server.
// The default is 8301.
//
// hcl: ports { serf_lan = int }
SerfPortLAN int
// SerfPortWAN is the port used for the WAN Gossip pool for the server only.
// The default is 8302.
//
// hcl: ports { serf_wan = int }
SerfPortWAN int
// GossipLANGossipInterval is the interval between sending messages that need
// to be gossiped that haven't been able to piggyback on probing messages.
// If this is set to zero, non-piggyback gossip is disabled. By lowering
// this value (more frequent) gossip messages are propagated across
// the cluster more quickly at the expense of increased bandwidth. This
// configuration only applies to LAN gossip communications
//
// The default is: 200ms
//
// hcl: gossip_lan { gossip_interval = duration}
GossipLANGossipInterval time.Duration
// GossipLANGossipNodes is the number of random nodes to send gossip messages to
// per GossipInterval. Increasing this number causes the gossip messages to
// propagate across the cluster more quickly at the expense of increased
// bandwidth. This configuration only applies to LAN gossip communications
//
// The default is: 3
//
// hcl: gossip_lan { gossip_nodes = int }
GossipLANGossipNodes int
// GossipLANProbeInterval is the interval between random node probes. Setting
// this lower (more frequent) will cause the memberlist cluster to detect
// failed nodes more quickly at the expense of increased bandwidth usage.
// This configuration only applies to LAN gossip communications
//
// The default is: 1s
//
// hcl: gossip_lan { probe_interval = duration }
GossipLANProbeInterval time.Duration
// GossipLANProbeTimeout is the timeout to wait for an ack from a probed node
// before assuming it is unhealthy. This should be set to 99-percentile
// of RTT (round-trip time) on your network. This configuration
// only applies to the LAN gossip communications
//
// The default is: 500ms
//
// hcl: gossip_lan { probe_timeout = duration }
GossipLANProbeTimeout time.Duration
// GossipLANSuspicionMult is the multiplier for determining the time an
// inaccessible node is considered suspect before declaring it dead. This
// configuration only applies to LAN gossip communications
//
// The actual timeout is calculated using the formula:
//
// SuspicionTimeout = SuspicionMult * log(N+1) * ProbeInterval
//
// This allows the timeout to scale properly with expected propagation
// delay with a larger cluster size. The higher the multiplier, the longer
// an inaccessible node is considered part of the cluster before declaring
// it dead, giving that suspect node more time to refute if it is indeed
// still alive.
//
// The default is: 4
//
// hcl: gossip_lan { suspicion_mult = int }
GossipLANSuspicionMult int
// GossipLANRetransmitMult is the multiplier for the number of retransmissions
// that are attempted for messages broadcasted over gossip. This
// configuration only applies to LAN gossip communications. The actual
// count of retransmissions is calculated using the formula:
//
// Retransmits = RetransmitMult * log(N+1)
//
// This allows the retransmits to scale properly with cluster size. The
// higher the multiplier, the more likely a failed broadcast is to converge
// at the expense of increased bandwidth.
//
// The default is: 4
//
// hcl: gossip_lan { retransmit_mult = int }
GossipLANRetransmitMult int
// GossipWANGossipInterval is the interval between sending messages that need
// to be gossiped that haven't been able to piggyback on probing messages.
// If this is set to zero, non-piggyback gossip is disabled. By lowering
// this value (more frequent) gossip messages are propagated across
// the cluster more quickly at the expense of increased bandwidth. This
// configuration only applies to WAN gossip communications
//
// The default is: 500ms
//
// hcl: gossip_wan { gossip_interval = duration}
GossipWANGossipInterval time.Duration
// GossipWANGossipNodes is the number of random nodes to send gossip messages to
// per GossipInterval. Increasing this number causes the gossip messages to
// propagate across the cluster more quickly at the expense of increased
// bandwidth. This configuration only applies to WAN gossip communications
//
// The default is: 4
//
// hcl: gossip_wan { gossip_nodes = int }
GossipWANGossipNodes int
// GossipWANProbeInterval is the interval between random node probes. Setting
// this lower (more frequent) will cause the memberlist cluster to detect
// failed nodes more quickly at the expense of increased bandwidth usage.
// This configuration only applies to WAN gossip communications
//
// The default is: 5s
//
// hcl: gossip_wan { probe_interval = duration }
GossipWANProbeInterval time.Duration
// GossipWANProbeTimeout is the timeout to wait for an ack from a probed node
// before assuming it is unhealthy. This should be set to 99-percentile
// of RTT (round-trip time) on your network. This configuration
// only applies to the WAN gossip communications
//
// The default is: 3s
//
// hcl: gossip_wan { probe_timeout = duration }
GossipWANProbeTimeout time.Duration
// GossipWANSuspicionMult is the multiplier for determining the time an
// inaccessible node is considered suspect before declaring it dead. This
// configuration only applies to WAN gossip communications
//
// The actual timeout is calculated using the formula:
//
// SuspicionTimeout = SuspicionMult * log(N+1) * ProbeInterval
//
// This allows the timeout to scale properly with expected propagation
// delay with a larger cluster size. The higher the multiplier, the longer
// an inaccessible node is considered part of the cluster before declaring
// it dead, giving that suspect node more time to refute if it is indeed
// still alive.
//
// The default is: 6
//
// hcl: gossip_wan { suspicion_mult = int }
GossipWANSuspicionMult int
// GossipWANRetransmitMult is the multiplier for the number of retransmissions
// that are attempted for messages broadcasted over gossip. This
// configuration only applies to WAN gossip communications. The actual
// count of retransmissions is calculated using the formula:
//
// Retransmits = RetransmitMult * log(N+1)
//
// This allows the retransmits to scale properly with cluster size. The
// higher the multiplier, the more likely a failed broadcast is to converge
// at the expense of increased bandwidth.
//
// The default is: 4
//
// hcl: gossip_wan { retransmit_mult = int }
GossipWANRetransmitMult int
// ServerMode controls if this agent acts like a Consul server,
// or merely as a client. Servers have more state, take part
// in leader election, etc.
//
// hcl: server = (true|false)
// flag: -server
ServerMode bool
// ServerName is used with the TLS certificates to ensure the name we
// provide matches the certificate.
//
// hcl: server_name = string
ServerName string
// ServerPort is the port the RPC server will bind to.
// The default is 8300.
//
// hcl: ports { server = int }
ServerPort int
// ServerRejoinAgeMax is used to specify the duration of time a server
// is allowed to be down/offline before a startup operation is refused.
//
// For example: if a server has been offline for 5 days, and this option
// is configured to 3 days, then any subsequent startup operation will fail
// and require an operator to manually intervene.
//
// The default is: 7 days
//
// hcl: server_rejoin_age_max = "duration"
ServerRejoinAgeMax time.Duration
// Services contains the provided service definitions:
//
// hcl: services = [
// {
// id = string
// name = string
// tags = []string
// address = string
// check = { check definition }
// checks = [ { check definition}, ... ]
// token = string
// enable_tag_override = (true|false)
// },
// ...
// ]
Services []*structs.ServiceDefinition
// Minimum Session TTL.
//
// hcl: session_ttl_min = "duration"
SessionTTLMin time.Duration
// SkipLeaveOnInt controls if Serf skips a graceful leave when
// receiving the INT signal. Defaults false on clients, true on
// servers. (reloadable)
//
// hcl: skip_leave_on_interrupt = (true|false)
SkipLeaveOnInt bool
// AutoReloadConfig indicate if the config will be
// auto reloaded bases on config file modification
// hcl: auto_reload_config = (true|false)
AutoReloadConfig bool
// TLS configures certificates, CA, cipher suites, and other TLS settings
// on Consul's listeners (i.e. Internal multiplexed RPC, HTTPS and gRPC).
//
// hcl: tls { ... }
TLS tlsutil.Config
// TaggedAddresses are used to publish a set of addresses for
// for a node, which can be used by the remote agent. We currently
// populate only the "wan" tag based on the SerfWan advertise address,
// but this structure is here for possible future features with other
// user-defined tags. The "wan" tag will be used by remote agents if
// they are configured with TranslateWANAddrs set to true.
//
// hcl: tagged_addresses = map[string]string
TaggedAddresses map[string]string
// TranslateWANAddrs controls whether or not Consul should prefer
// the "wan" tagged address when doing lookups in remote datacenters.
// See TaggedAddresses below for more details.
//
// hcl: translate_wan_addrs = (true|false)
TranslateWANAddrs bool
// TxnMaxReqLen configures the upper limit for the size (in bytes) of the
// incoming request bodies for transactions to the /txn endpoint.
//
// hcl: limits { txn_max_req_len = uint64 }
TxnMaxReqLen uint64
// UIConfig holds various runtime options that control both the agent's
// behavior while serving the UI (e.g. whether it's enabled, what path it's
// mounted on) as well as options that enable or disable features within the
// UI.
//
// NOTE: Never read from this field directly once the agent has started up
// since the UI config is reloadable. The on in the agent's config field may
// be out of date. Use the agent.getUIConfig() method to get the latest config
// in a thread-safe way.
//
// hcl: ui_config { ... }
UIConfig UIConfig
// UnixSocketGroup contains the group of the file permissions when
// Consul binds to UNIX sockets.
//
// hcl: unix_sockets { group = string }
UnixSocketGroup string
// UnixSocketMode contains the mode of the file permissions when
// Consul binds to UNIX sockets.
//
// hcl: unix_sockets { mode = string }
UnixSocketMode string
// UnixSocketUser contains the user of the file permissions when
// Consul binds to UNIX sockets.
//
// hcl: unix_sockets { user = string }
UnixSocketUser string
StaticRuntimeConfig StaticRuntimeConfig
// Watches are used to monitor various endpoints and to invoke a
// handler to act appropriately. These are managed entirely in the
// agent layer using the standard APIs.
//
// See https://www.consul.io/docs/agent/watches.html for details.
//
// hcl: watches = [
// { type=string ... },
// { type=string ... },
// ...
// ]
//
Watches []map[string]interface{}
// XDSUpdateRateLimit controls the maximum rate at which proxy config updates
// will be delivered, across all connected xDS streams. This is used to stop
// updates to "global" resources (e.g. wildcard intentions) from saturating
// system resources at the expense of other work, such as raft and gossip,
// which could cause general cluster instability.
//
// hcl: xds { update_max_per_second = (float64|MaxFloat64) }
XDSUpdateRateLimit rate.Limit
// AutoReloadConfigCoalesceInterval Coalesce Interval for auto reload config
AutoReloadConfigCoalesceInterval time.Duration
// LocalProxyConfigResyncInterval is not a user-configurable value and exists
// here so that tests can use a smaller value.
LocalProxyConfigResyncInterval time.Duration
Reporting ReportingConfig
// List of experiments to enable
Experiments []string
EnterpriseRuntimeConfig
}
RuntimeConfig specifies the configuration the consul agent actually uses. Is is derived from one or more Config structures which can come from files, flags and/or environment variables.
func (*RuntimeConfig) APIConfig ¶ added in v1.2.1
func (c *RuntimeConfig) APIConfig(includeClientCerts bool) (*api.Config, error)
func (*RuntimeConfig) ClientAddress ¶ added in v1.2.2
func (c *RuntimeConfig) ClientAddress() (unixAddr, httpAddr, httpsAddr string)
func (*RuntimeConfig) ConnectCAConfiguration ¶ added in v1.16.100
func (c *RuntimeConfig) ConnectCAConfiguration() (*structs.CAConfiguration, error)
func (*RuntimeConfig) IsCloudEnabled ¶ added in v1.16.100
func (c *RuntimeConfig) IsCloudEnabled() bool
IsCloudEnabled returns true if a cloud.resource_id is set and the server mode is enabled
func (*RuntimeConfig) PartitionOrDefault ¶ added in v1.16.100
func (c *RuntimeConfig) PartitionOrDefault() string
func (*RuntimeConfig) PartitionOrEmpty ¶ added in v1.16.100
func (c *RuntimeConfig) PartitionOrEmpty() string
func (*RuntimeConfig) Sanitized ¶
func (c *RuntimeConfig) Sanitized() map[string]interface{}
Sanitized returns a JSON/HCL compatible representation of the runtime configuration where all fields with potential secrets had their values replaced by 'hidden'. In addition, network addresses and time.Duration values are formatted to improve readability.
func (*RuntimeConfig) StructLocality ¶ added in v1.16.100
func (c *RuntimeConfig) StructLocality() *structs.Locality
StructLocality converts the RuntimeConfig Locality to a struct Locality.
func (*RuntimeConfig) VersionWithMetadata ¶ added in v1.16.100
func (c *RuntimeConfig) VersionWithMetadata() string
type RuntimeSOAConfig ¶ added in v1.3.0
type SOA ¶ added in v1.3.0
type SOA struct {
Refresh *uint32 `mapstructure:"refresh"`
Retry *uint32 `mapstructure:"retry"`
Expire *uint32 `mapstructure:"expire"`
Minttl *uint32 `mapstructure:"min_ttl"`
}
SOA is the configuration of SOA for DNS
type ServiceAddress ¶ added in v1.16.100
type ServiceConnect ¶ added in v1.2.0
type ServiceConnect struct {
// Native is true when this service can natively understand Connect.
Native *bool `mapstructure:"native"`
// SidecarService is a nested Service Definition to register at the same time.
// It's purely a convenience mechanism to allow specifying a sidecar service
// along with the application service definition. It's nested nature allows
// all of the fields to be defaulted which can reduce the amount of
// boilerplate needed to register a sidecar service separately, but the end
// result is identical to just making a second service registration via any
// other means.
SidecarService *ServiceDefinition `mapstructure:"sidecar_service"`
}
ServiceConnect is the connect block within a service registration
type ServiceDefinition ¶
type ServiceDefinition struct {
Kind *string `mapstructure:"kind"`
ID *string `mapstructure:"id"`
Name *string `mapstructure:"name"`
Tags []string `mapstructure:"tags"`
Address *string `mapstructure:"address"`
TaggedAddresses map[string]ServiceAddress `mapstructure:"tagged_addresses"`
Meta map[string]string `mapstructure:"meta"`
Port *int `mapstructure:"port"`
SocketPath *string `mapstructure:"socket_path"`
Check *CheckDefinition `mapstructure:"check"`
Checks []CheckDefinition `mapstructure:"checks"`
Token *string `mapstructure:"token"`
Weights *ServiceWeights `mapstructure:"weights"`
EnableTagOverride *bool `mapstructure:"enable_tag_override"`
Proxy *ServiceProxy `mapstructure:"proxy"`
Connect *ServiceConnect `mapstructure:"connect"`
EnterpriseMeta `mapstructure:",squash"`
}
type ServiceProviderToken ¶ added in v1.16.100
type ServiceProviderToken struct {
AccessorID *string `mapstructure:"accessor_id"`
SecretID *string `mapstructure:"secret_id"`
}
ServiceProviderToken groups an accessor and secret for a service provider token. Enterprise Only
type ServiceProxy ¶ added in v1.3.0
type ServiceProxy struct {
// DestinationServiceName is required and is the name of the service to accept
// traffic for.
DestinationServiceName *string `mapstructure:"destination_service_name"`
// DestinationServiceID is optional and should only be specified for
// "side-car" style proxies where the proxy is in front of just a single
// instance of the service. It should be set to the service ID of the instance
// being represented which must be registered to the same agent. It's valid to
// provide a service ID that does not yet exist to avoid timing issues when
// bootstrapping a service with a proxy.
DestinationServiceID *string `mapstructure:"destination_service_id"`
// LocalServiceAddress is the address of the local service instance. It is
// optional and should only be specified for "side-car" style proxies. It will
// default to 127.0.0.1 if the proxy is a "side-car" (DestinationServiceID is
// set) but otherwise will be ignored.
LocalServiceAddress *string `mapstructure:"local_service_address"`
// LocalServicePort is the port of the local service instance. It is optional
// and should only be specified for "side-car" style proxies. It will default
// to the registered port for the instance if the proxy is a "side-car"
// (DestinationServiceID is set) but otherwise will be ignored.
LocalServicePort *int `mapstructure:"local_service_port"`
// LocalServiceSocketPath is the socket of the local service instance. It is optional
// and should only be specified for "side-car" style proxies.
LocalServiceSocketPath string `mapstructure:"local_service_socket_path"`
// TransparentProxy configuration.
TransparentProxy *TransparentProxyConfig `mapstructure:"transparent_proxy"`
// Mode represents how the proxy's inbound and upstream listeners are dialed.
Mode *string `mapstructure:"mode"`
// Config is the arbitrary configuration data provided with the proxy
// registration.
Config map[string]interface{} `mapstructure:"config"`
// Upstreams describes any upstream dependencies the proxy instance should
// setup.
Upstreams []Upstream `mapstructure:"upstreams"`
// Mesh Gateway Configuration
MeshGateway *MeshGatewayConfig `mapstructure:"mesh_gateway"`
// Expose defines whether checks or paths are exposed through the proxy
Expose *ExposeConfig `mapstructure:"expose"`
}
ServiceProxy is the additional config needed for a Kind = connect-proxy registration.
type ServiceWeights ¶ added in v1.2.3
type ServiceWeights struct {
Passing *int `mapstructure:"passing"`
Warning *int `mapstructure:"warning"`
}
ServiceWeights defines the registration of weights used in DNS for a Service
type Source ¶
type Source interface {
// Source returns an identifier for the Source that can be used in error message
Source() string
// Parse a configuration and return the result.
Parse() (Config, Metadata, error)
}
Source parses configuration from some source.
func DefaultConsulSource ¶
func DefaultConsulSource() Source
DefaultConsulSource returns the default configuration for the consul agent. This should be merged in the tail since these values are not user configurable. TODO: return a LiteralSource (no decoding) instead of a FileSource
func DefaultEnterpriseSource ¶ added in v1.0.4
func DefaultEnterpriseSource() Source
DefaultEnterpriseSource returns the consul agent configuration for enterprise mode. These can be overridden by the user and therefore this source should be merged in the head and processed before user configuration.
func DefaultSource ¶
func DefaultSource() Source
DefaultSource is the default agent configuration. This needs to be merged first in the head. TODO: return a LiteralSource (no decoding) instead of a FileSource
func DevConsulSource ¶
func DevConsulSource() Source
DevConsulSource returns the consul agent configuration for the dev mode. This should be merged in the tail after the DefaultConsulSource.
func DevSource ¶
func DevSource() Source
DevSource is the additional default configuration for dev mode. This should be merged in the head after the default configuration. TODO: return a LiteralSource (no decoding) instead of a FileSource
func NonUserSource ¶
func NonUserSource() Source
NonUserSource contains the values the user cannot configure. This needs to be merged in the tail. TODO: return a LiteralSource (no decoding) instead of a FileSource
func OverrideEnterpriseSource ¶ added in v1.16.100
func OverrideEnterpriseSource() Source
OverrideEnterpriseSource returns the consul agent configuration for the enterprise mode. This should be merged in the tail after the DefaultConsulSource.
type StaticRuntimeConfig ¶ added in v1.16.100
type StaticRuntimeConfig struct {
// EncryptVerifyIncoming enforces incoming gossip encryption and can be
// used to upshift to encrypted gossip on a running cluster.
//
// hcl: encrypt_verify_incoming = (true|false)
EncryptVerifyIncoming bool
// EncryptVerifyOutgoing enforces outgoing gossip encryption and can be
// used to upshift to encrypted gossip on a running cluster.
//
// hcl: encrypt_verify_outgoing = (true|false)
EncryptVerifyOutgoing bool
}
StaticRuntimeConfig specifies the subset of configuration the consul agent actually uses and that are not reloadable by configuration auto reload.
type TLS ¶ added in v1.16.100
type TLS struct {
Defaults TLSProtocolConfig `mapstructure:"defaults" json:"defaults,omitempty"`
InternalRPC TLSProtocolConfig `mapstructure:"internal_rpc" json:"internal_rpc,omitempty"`
HTTPS TLSProtocolConfig `mapstructure:"https" json:"https,omitempty"`
GRPC TLSProtocolConfig `mapstructure:"grpc" json:"grpc,omitempty"`
// GRPCModifiedByDeprecatedConfig is a flag used to indicate that GRPC was
// modified by the deprecated field mapping (as apposed to a user-provided
// a grpc stanza). This prevents us from emitting a warning about an
// ineffectual grpc stanza when we modify GRPC to honor the legacy behaviour
// that setting `verify_incoming = true` at the top-level *does not* enable
// client certificate verification on the gRPC port.
//
// See: applyDeprecatedTLSConfig.
//
// Note: we use a *struct{} here because a simple bool isn't supported by our
// config merging logic.
GRPCModifiedByDeprecatedConfig *struct{} `mapstructure:"-" json:"-"`
}
type TLSProtocolConfig ¶ added in v1.16.100
type TLSProtocolConfig struct {
CAFile *string `mapstructure:"ca_file" json:"ca_file,omitempty"`
CAPath *string `mapstructure:"ca_path" json:"ca_path,omitempty"`
CertFile *string `mapstructure:"cert_file" json:"cert_file,omitempty"`
KeyFile *string `mapstructure:"key_file" json:"key_file,omitempty"`
TLSMinVersion *string `mapstructure:"tls_min_version" json:"tls_min_version,omitempty"`
TLSCipherSuites *string `mapstructure:"tls_cipher_suites" json:"tls_cipher_suites,omitempty"`
VerifyIncoming *bool `mapstructure:"verify_incoming" json:"verify_incoming,omitempty"`
VerifyOutgoing *bool `mapstructure:"verify_outgoing" json:"verify_outgoing,omitempty"`
VerifyServerHostname *bool `mapstructure:"verify_server_hostname" json:"verify_server_hostname,omitempty"`
UseAutoCert *bool `mapstructure:"use_auto_cert" json:"use_auto_cert,omitempty"`
}
type Telemetry ¶
type Telemetry struct {
CirconusAPIApp *string `mapstructure:"circonus_api_app" json:"circonus_api_app,omitempty"`
CirconusAPIToken *string `mapstructure:"circonus_api_token" json:"circonus_api_token,omitempty"`
CirconusAPIURL *string `mapstructure:"circonus_api_url" json:"circonus_api_url,omitempty"`
CirconusBrokerID *string `mapstructure:"circonus_broker_id" json:"circonus_broker_id,omitempty"`
CirconusBrokerSelectTag *string `mapstructure:"circonus_broker_select_tag" json:"circonus_broker_select_tag,omitempty"`
CirconusCheckDisplayName *string `mapstructure:"circonus_check_display_name" json:"circonus_check_display_name,omitempty"`
CirconusCheckForceMetricActivation *string `mapstructure:"circonus_check_force_metric_activation" json:"circonus_check_force_metric_activation,omitempty"`
CirconusCheckID *string `mapstructure:"circonus_check_id" json:"circonus_check_id,omitempty"`
CirconusCheckInstanceID *string `mapstructure:"circonus_check_instance_id" json:"circonus_check_instance_id,omitempty"`
CirconusCheckSearchTag *string `mapstructure:"circonus_check_search_tag" json:"circonus_check_search_tag,omitempty"`
CirconusCheckTags *string `mapstructure:"circonus_check_tags" json:"circonus_check_tags,omitempty"`
CirconusSubmissionInterval *string `mapstructure:"circonus_submission_interval" json:"circonus_submission_interval,omitempty"`
CirconusSubmissionURL *string `mapstructure:"circonus_submission_url" json:"circonus_submission_url,omitempty"`
DisableHostname *bool `mapstructure:"disable_hostname" json:"disable_hostname,omitempty"`
EnableHostMetrics *bool `mapstructure:"enable_host_metrics" json:"enable_host_metrics,omitempty"`
DogstatsdAddr *string `mapstructure:"dogstatsd_addr" json:"dogstatsd_addr,omitempty"`
DogstatsdTags []string `mapstructure:"dogstatsd_tags" json:"dogstatsd_tags,omitempty"`
RetryFailedConfiguration *bool `mapstructure:"retry_failed_connection" json:"retry_failed_connection,omitempty"`
FilterDefault *bool `mapstructure:"filter_default" json:"filter_default,omitempty"`
PrefixFilter []string `mapstructure:"prefix_filter" json:"prefix_filter,omitempty"`
MetricsPrefix *string `mapstructure:"metrics_prefix" json:"metrics_prefix,omitempty"`
PrometheusRetentionTime *string `mapstructure:"prometheus_retention_time" json:"prometheus_retention_time,omitempty"`
StatsdAddr *string `mapstructure:"statsd_address" json:"statsd_address,omitempty"`
StatsiteAddr *string `mapstructure:"statsite_address" json:"statsite_address,omitempty"`
}
type Tokens ¶ added in v1.4.0
type Tokens struct {
InitialManagement *string `mapstructure:"initial_management"`
Replication *string `mapstructure:"replication"`
AgentRecovery *string `mapstructure:"agent_recovery"`
Default *string `mapstructure:"default"`
Agent *string `mapstructure:"agent"`
ConfigFileRegistration *string `mapstructure:"config_file_service_registration"`
// Enterprise Only
ManagedServiceProvider []ServiceProviderToken `mapstructure:"managed_service_provider"`
DeprecatedTokens `mapstructure:",squash"`
}
type TransparentProxyConfig ¶ added in v1.16.100
type TransparentProxyConfig struct {
// The port of the listener where outbound application traffic is being redirected to.
OutboundListenerPort *int `mapstructure:"outbound_listener_port"`
// DialedDirectly indicates whether transparent proxies can dial this proxy instance directly.
// The discovery chain is not considered when dialing a service instance directly.
// This setting is useful when addressing stateful services, such as a database cluster with a leader node.
DialedDirectly *bool `mapstructure:"dialed_directly"`
}
type UIMetricsProxy ¶ added in v1.16.100
type UIMetricsProxy struct {
BaseURL string
AddHeaders []UIMetricsProxyAddHeader
PathAllowlist []string
}
type UIMetricsProxyAddHeader ¶ added in v1.16.100
type UnixSocket ¶
type Upstream ¶ added in v1.3.0
type Upstream struct {
// Destination fields are the required ones for determining what this upstream
// points to. Depending on DestinationType some other fields below might
// further restrict the set of instances allowable.
//
// DestinationType would be better as an int constant but even with custom
// JSON marshallers it causes havoc with all the mapstructure mangling we do
// on service definitions in various places.
DestinationType *string `mapstructure:"destination_type"`
DestinationNamespace *string `mapstructure:"destination_namespace"`
DestinationPartition *string `mapstructure:"destination_partition"`
DestinationPeer *string `mapstructure:"destination_peer"`
DestinationName *string `mapstructure:"destination_name"`
// Datacenter that the service discovery request should be run against. Note
// for prepared queries, the actual results might be from a different
// datacenter.
Datacenter *string `mapstructure:"datacenter"`
// It would be worth thinking about a separate structure for these four items,
// unifying under address as something like "unix:/tmp/foo", "tcp:localhost:80" could make sense
// LocalBindAddress is the ip address a side-car proxy should listen on for
// traffic destined for this upstream service. Default if empty and local bind socket
// is not present is 127.0.0.1.
LocalBindAddress *string `mapstructure:"local_bind_address"`
// LocalBindPort is the ip address a side-car proxy should listen on for traffic
// destined for this upstream service. Required.
LocalBindPort *int `mapstructure:"local_bind_port"`
// These are exclusive with LocalBindAddress/LocalBindPort. These are created under our control.
LocalBindSocketPath *string `mapstructure:"local_bind_socket_path"`
LocalBindSocketMode *string `mapstructure:"local_bind_socket_mode"`
// Config is an opaque config that is specific to the proxy process being run.
// It can be used to pass arbitrary configuration for this specific upstream
// to the proxy.
Config map[string]interface{} `mapstructure:"config"`
// Mesh Gateway Configuration
MeshGateway *MeshGatewayConfig `mapstructure:"mesh_gateway"`
}
Upstream represents a single upstream dependency for a service or proxy. It describes the mechanism used to discover instances to communicate with (the Target) as well as any potential client configuration that may be useful such as load balancer options, timeouts etc.
type Watcher ¶ added in v1.16.100
type Watcher interface {
Start(ctx context.Context)
Stop() error
Add(filename string) error
Remove(filename string)
Replace(oldFile, newFile string) error
EventsCh() chan *FileWatcherEvent
}
func NewFileWatcher ¶ added in v1.16.100
NewFileWatcher create a file watcher that will watch all the files/folders from configFiles if success a fileWatcher will be returned and a nil error otherwise an error and a nil fileWatcher are returned
Source Files
Click to show internal directories.
Click to hide internal directories.