Service resolver configuration entry reference

This page provides reference information for service resolver configuration entries. Configure and apply service resolvers to create named subsets of service instances and define their behavior when satisfying upstream requests.

Refer to L7 traffic management overview for additional information.

Configuration model

The following list outlines field hierarchy, language-specific data types, and requirements in the configuration entry. Click on a property name to view additional details, including default values.

Complete configuration

When every field is defined, a service resolver configuration entry has the following form:

  1. Kind      = "service-resolver"                                     ## required
  2. Name      = "<name-of-service-configuration-applies-to>"
  3. Namespace = "<namespace-configuration-applies-to>" 
  4. Partition = "<partition-configuration-applies-to>" 
  5. Meta = {
  6.  <key> = "<value>"
  7. }
  9. ConnectTimeout = "10s"
  10. RequestTimeout = "15s"
  11. Subsets = {
  12.  <subset01-name> = {
  13.    Filter      = "<expression.to.match.on == value01>"
  14.    OnlyPassing = true
  15.  }
  16.  <subset02-name> = {
  17.    Filter      = "<expression.to.match.on == value02>"
  18.    OnlyPassing = true
  19.  }
  20. }
  21. DefaultSubset  = "<subset01-name>"
  23. Redirect = {
  24.  Service       = "<destination-service>"
  25.  ServiceSubset = "<destination-subset>"
  26.  Namespace     = "<destination-namespace>"
  27.  Partition     = "<destination-partition>"
  28.  SamenessGroup = "<destination-sameness-group>"
  29.  Datacenter    = "<destination-datacenter>"
  30.  Peer          = "<destination-peer>"
  31. }
  33. Failover = {                   ## requires at least one of the following: Service, ServiceSubset, Namespace, Targets, Datacenters, SamenessGroup
  34.  <local-subset-name> = {
  35.    Targets = [
  36.      { Service = "<destination-service>" },
  37.      { ServiceSubset = "<destination-service-subset>" },
  38.      { Namespace = "<destination-namespace>" },
  39.      { Partition = "<destination-partition>" },
  40.      { Datacenter = "<destination-datacenter>" },
  41.      { Peer = "<destination-peer>" }
  42.    ]
  43.  }
  44.  "*" = {
  45.    Service       = "<destination-service>"
  46.    ServiceSubset = "<destination-service-subset>"
  47.    Namespace     = "<destination-namespace>"
  48.    Datacenters   = ["<destination-datacenter-01>", "<destination-datacenter-02>"]
  49.  }
  50. }
  52. LoadBalancer = {
  53.  Policy = "random"
  54.   LeastRequestConfig = {                     ## requires Policy = "least_request"
  55.    ChoiceCount = 2
  56.   RingHashConfig = {                         ## requires Policy = "ring_hash"
  57.    MinimumRingSize = 1024
  58.    MaximumRingSize = 8192
  59.  }
  60.  }
  61.  HashPolicies = [
  62.    {
  63.      Field      = "header"                  ## cannot specify with SourceIP
  64.      FieldValue = "<value-to-hash>"         ## cannot specify with SourceIP
  65.      CookieConfig = {
  66.        Session = false
  67.        TTL     = "0s"
  68.        Path    = "<path/to/cookie>"
  69.      }
  70.      SourceIP = false                        ## cannot specify with Field or FieldValue
  71.      Terminal = false
  72.    }
  73.  ]
  74. }
  1. {
  2.   "Kind":"service-resolver",                             // required
  3.   "Name":"<name-of-service-configuration-applies-to>",
  4.   "Namespace":"<namespace-configuration-applies-to>",
  5.   "Partition":"parition-configuration-applies-to>", 
  6.   "Meta":{
  7.    "<key>":"<value>"
  8.   },
  10.   "ConnectTimeout":"10s",
  11.   "RequestTimeout":"15s",
  12.   "Subsets":{
  13.    "<subset01-name>":{
  14.      "Filter":"<expression.to.match.on == value01",
  15.      "OnlyPassing":true
  16.     },
  17.    "<subset02-name>":{
  18.      "Filter":"<expression.to.match.on == value02>",
  19.      "OnlyPassing":true
  20.    }
  21.   },
  22.   "DefaultSubset ":"<subset01-name>",
  24.   "Redirect":{
  25.    "Service":"<destination-service>",
  26.    "ServiceSubset":"<destination-subset>",
  27.    "Namespace":"<destination-namespace>",
  28.    "Partition":"<destination-partition>",
  29.    "SamenessGroup":"<destination-sameness-group>",
  30.    "Datacenter":"<destination-datacenter>",
  31.    "Peer":"<destination-peer>"
  32.   },
  34.   "Failover":{                   // requires at least one of the following": Service, ServiceSubset, Namespace, Targets, Datacenters, SamenessGroup
  35.    "<local=subset-name>":{
  36.      "Targets":[
  37.        {"Service":"<destination-service>"},
  38.        {"ServiceSubset":"<destination-service-subset>"},
  39.        {"Namespace":"<destination-namespace>"},
  40.        {"Partition":"<destination-partition>"},
  41.        {"Datacenter":"<destination-datacenter>"},
  42.        {"Peer":"<destination-peer>"}
  43.      ]
  44.    },
  45.    "*":{
  46.      "Service ":"<destination-service>",
  47.      "ServiceSubset":"<destination-service-subset>",
  48.      "Namespace":"<destination-namespace>",
  49.      "Datacenters":["<destination-datacenter-01>", "<destination-datacenter-02>"]
  50.    }
  51.   },
  53.   "LoadBalancer":{
  54.    "Policy":"random",
  55.       "LeastRequestConfig":{                     // requires Policy":"least_request"
  56.      "ChoiceCount":2
  57.    },
  58.    "RingHashConfig":{                         // requires Policy":"ring_hash"
  59.      "MinimumRingSize":1024,
  60.      "MaximumRingSize":8192
  61.    },
  62.    "HashPolicies":[
  63.     {
  64.       "Field":"header",                       // cannot specify with SourceIP
  65.       "FieldValue":"<value-to-hash>",         // cannot specify with SourceIP
  66.       "CookieConfig":{
  67.         "Session":false,
  68.         "TTL":"0s",
  69.         "Path":"<path/to/cookie>"
  70.        },
  71.        "SourceIP":false,                       // cannot specify with Field or FieldValue
  72.        "Terminal":false
  73.     } 
  74.    ]
  75.   }
  76. }
  1. apiVersion: consul.hashicorp.com/v1alpha1         # required
  2. kind: ServiceResolver                             # required            
  3. metadata:
  4.   name: <serviceName>
  5.   namespace: <namespace>
  6. spec:
  7.   connectTimeout: 10s
  8.   requestTimeout: 15s
  9.   subsets:
  10.     <subset01Name>:
  11.       filter: <expression.to.match.on == value01>
  12.       onlyPassing: false
  13.     <subset02Name>:
  14.       filter: <expression.to.match.on == value02>
  15.       onlyPassing: false
  16.   defaultSubset: <definedSubsetName>
  17.   redirect:                                 
  18.     service: <serviceName>
  19.     servicesubset: <subsetName>
  20.     namespace: <namespaceName>
  21.     partition: <partitionName>
  22.     samenessGroup: <samenessGroupName>
  23.     peer: <peerName>
  24.   failover:                         # requires at least one of the following: service, serviceSubset, namespace, targets, datacenters, samenessGroup
  25.     <localSubsetName>: 
  26.       targets:
  27.       - service: <serviceName>
  28.       - serviceSubset: <serviceSubset>
  29.       - namespace: <namespaceName>
  30.       - partition: <partitionName>
  31.       - datacenter: <datacenterName>
  32.       - peer: <peerName>
  33.     `*`: <namespaceName>
  34.       service: <serviceName>
  35.       serviceSubset: <serviceSubset>
  36.       namespace: <namespaceName>
  37.       datacenters: ["<destinationDatacenter01>", "<destinationDatacenter02>"]
  38.   loadBalancer:
  39.     policy: random
  40.     leastRequestConfig:                # requires policy: leastRequestConfig
  41.       choiceCount: 2
  42.     ringHashConfig:                    # requires policy: ringHashConfig
  43.       minimumRingSize: 1024
  44.       maximumRingSize: 8192
  45.     hashPolicies:
  46.       - field: header                  # cannot specify with SourceIP
  47.       - fieldValue: <valueToHashOn>    # cannot specify with SourceIP
  48.       - cookieConfig:
  49.         session: false
  50.         ttl: 0s
  51.         path: <path/to/cookie>
  52.       - sourceIP: false                # cannot specify with field or fieldValue
  53.       - terminal: false

Specification

This section provides details about the fields you can configure in the configuration entry.

Kind

Specifies the type of configuration entry to implement. Must be set to service-resolver.

Values

  • Default: None
  • This field is required.
  • Data type: String value that must be set to service-resolver.

Name

Specifies a name for the configuration entry. The name is metadata that you can use to reference the configuration entry when performing Consul operations, such as applying a configuration entry to a specific cluster.

Values

  • Default: None
  • This field is required.
  • Data type: String

Namespace EnterpriseService resolver - 图18Enterprise

Specifies the namespace that the service resolver applies to. Refer to namespaces for more information.

Values

  • Default: None
  • Data type: String

Partition EnterpriseService resolver - 图19Enterprise

Specifies the admin partition that the service resolver applies to. Refer to admin partitions for more information.

Values

  • Default: default
  • Data type: String

Meta

Specifies key-value pairs to add to the KV store.

Values

  • Default: none
  • Data type: Map of one or more key-value pairs
    • : String
    • : String or integer

ConnectTimeout

Specifies the timeout duration for establishing new network connections to this service. By default, the duration is measured in nanoseconds (ns).

Values

  • Default: None
  • Data type: String

RequestTimeout

Specifies the timeout duration for receiving an HTTP response from this service. When set to 0s, the default value of 15s is used instead. By default, the duration is measured in nanoseconds (ns).

Values

  • Default: 15s
  • Data type: String

Subsets

Specifies names for custom service subsets and the conditions under which service instances belong to each subset. Define a subset by specifying a key and a value where the key is the subset’s name and the value is a map that contains a filtering expression. If this parameter is not specified, only the unnamed default subset is usable.

For additional guidance, refer to the filter on service version configuration example.

Values

  • Default: None

  • Data type: Map containing a key-value pair.

    • : String that names the subset. The string must be valid as a DNS subdomain element.

    • : Map that can contain the following parameters:

      ParameterDescriptionData typeDefault
      FilterSpecifies an expression that filters the DNS elements of service instances that belong to the subset. If empty, all healthy instances of a service are returned. This expression can filter on the same DNS selectors as the Health API endpoint. For more information about creating and using expressions to filter, refer to filtering.StringNone
      OnlyPassingDetermines if instances that return a warning from a health check are allowed to resolve a request. When set to false, instances with passing and warning states are considered healthy. When set to true, only instances with a passing health check state are considered healthy.Booleanfalse

DefaultSubset

Specifies a defined subset of service instances to use when no explicit subset is requested. If this parameter is not specified, Consul uses the unnamed default subset.

Values

  • Default: None
  • Data type: String

Redirect

Specifies redirect instructions for local service traffic so that services deployed to a different network location resolve the upstream request instead. When this field is defined, Consul ignores all other fields in a service resolver configuration entry except for Kind, Name, Namespace. When there are multiple redirects defined for a single service, Consul uses only the first one it applies.

Values

Redirect{}.Service

Specifies the name of a service at the redirect’s destination that resolves local upstream requests.

Values

  • Default: None
  • Data type: String

Redirect{}.ServiceSubset

Specifies the name of a subset of services at the redirect’s destination that resolves local upstream requests. If empty, the default subset is used. If specified, you must also specify at least one of the following in the same Redirect map: Service, Namespace, andDatacenter.

Values

  • Default: None
  • Data type: String

Redirect{}.Namespace EnterpriseService resolver - 图20Enterprise

Specifies the namespace at the redirect’s destination that resolves local upstream requests.

Values

  • Default: None
  • Data type: String

Redirect{}.Partition EnterpriseService resolver - 图21Enterprise

Specifies the admin partition at the redirect’s destination that resolves local upstream requests.

Values

  • Default: None
  • Data type: String

Redirect{}.SamenessGroup EnterpriseService resolver - 图22Enterprise

Specifies the sameness group at the redirect’s destination that resolves local upstream requests.

Values

  • Default: None
  • Data type: String

Redirect{}.Datacenter

Specifies the datacenter at the redirect’s destination that resolves local upstream requests.

Values

  • Default: None
  • Data type: String

Redirect{}.Peer

Specifies the cluster with an active cluster peering connection at the redirect’s destination that resolves local upstream requests. Requires separately defined service intentions that authorize services for peers. When Consul runs a health check before resolving requests from the peer, it does not apply health checks that were defined on the peer and exported to the local cluster through the exported services configuration entry.

Values

  • Default: None
  • Data type: String

Failover

Specifies controls for rerouting traffic to an alternate pool of service instances if the target service fails.

This parameter is a map, and its key is the name of the local service subset that resolves to another location when it fails. You can specify a "*" wildcard to apply failovers to any subset.

Service, ServiceSubset, Namespace, Targets, SamenessGroup, and Datacenters cannot all be empty at the same time.

Values

Failover{}.Service

Specifies the name of the service to resolve at the failover location during a failover scenario.

Values

  • Default: None
  • Data type: String

Failover{}.ServiceSubset

Specifies the name of a subset of service instances to resolve at the failover location during a failover scenario. If empty, Consul uses the service’s DefaultSubset.

Values

  • Default: None
  • Data type: String

Failover{}.Namespace EnterpriseService resolver - 图23Enterprise

Specifies the namespace at the failover location where the failover services are deployed. If empty, the current namespace is used.

Values

  • Default: None
  • Data type: String

Failover{}.SamenessGroup EnterpriseService resolver - 图24Enterprise

Specifies the sameness group at the failover location where the failover services are deployed.

Values

  • Default: None
  • Data type: String

Failover{}.Datacenters

Specifies an ordered list of datacenters at the failover location to attempt connections to during a failover scenario. When Consul cannot establish a connection with the first datacenter in the list, it proceeds sequentially until establishing a connection with another datacenter.

Values

  • Default: None
  • Data type: String

Failover{}.Targets

Specifies a fixed list of failover targets to try during failover. This list can express complicated failover scenarios.

For examples, refer to the failover example configurations.

Values

Failover{}.Targets[].Service

Specifies the service name to use for the failover target. If empty, the current service name is used.

Values

  • Default: None
  • Data type: String

Failover{}.Targets[].ServiceSubset

Specifies the named subset to use for the failover target. If empty, the default subset for the requested service name is used.

Values

  • Default: None
  • Data type: String

Failover{}.Targets[].Namespace EnterpriseService resolver - 图25Enterprise

Specifies the namespace to use for the failover target. If empty, the default namespace is used.

Values

  • Default: None
  • Data type: String

Failover{}.Targets[].Partition EnterpriseService resolver - 图26Enterprise

Specifies the admin partition within the same datacenter to use for the failover target. If empty, the default partition is used. To use an admin partition in a different datacenter for the failover target, use the Peer field instead.

Values

  • Default: None
  • Data type: String

Failover{}.Targets[].Datacenter

Specifies the WAN federated datacenter to use for the failover target. If empty, the current datacenter is used. To use a datacenter for the failover target that is connected with a cluster peering relationship rather than WAN federation, use the Peer field instead.

Values

  • Default: None
  • Data type: String

Failover{}.Targets[].Peer

Specifies the destination cluster peer to resolve the target service name from. Intentions must be defined on the peered cluster so that the source service can access this failover target service as an upstream. When the peer name is specified, Consul uses Envoy’s outlier detection to determine the health of the failover target based on whether services can communicate with the failover target. Consul ignores service health checks imported from a peer for failover targets because the checks do not account for service routers, splitters, and resolvers that may be defined in the peer for the target service.

Values

  • Default: None
  • Data type: String

LoadBalancer

Specifies the load balancing policy and configuration for services issuing requests to this upstream.

Values

LoadBalancer{}.Policy

Specifies the type of load balancing policy for selecting a host. Supported load balancing policies include:

PolicyDescription
RandomThe load balancer forwards a client request to an available server chosen at random from a fixed list.
Round robinThe load balancer proceeds through a fixed list of servers and forwards a client request to each available server in order.
Least requestThe load balancer forwards a client request to the server with the fewest connections. When using this policy, you can specify additional parameters in LoadBalancer{}.LeastRequestConfig.
Ring hashThe load balancer forwards requests from the same client to the same group of servers. When using this policy, you can specify additional parameters in LoadBalancer{}.RingHashConfig.
MaglevThe load balancer uses a hashing algorithm to spread requests evenly across servers. When using this policy, you can specify additional parameters in LoadBalancer{}.HashPolicies.

Values

LoadBalancer{}.LeastRequestConfig

Specifies configuration for the least_request policy type.

Values

  • Default: None

  • Data type: Map containing the following parameter:

    ParameterDescriptionData typeDefault
    ChoiceCountSpecifies the number of random healthy hosts from which to select the one with the least requests.Integer2

LoadBalancer{}.RingHashConfig

Specifies configuration for the ring_hash policy type.

Values

  • Default: None

  • Data type: List that can contain the following parameters:

    ParameterDescriptionData typeDefault
    MinimumRingSizeDetermines the minimum number of entries in the hash ring.Integer1024
    MaximumRingSizeDetermines the maximum number of entries in the hash ring.Integer8192

LoadBalancer{}.HashPolicies

Specifies a list of hash policies to use for hashing load balancing algorithms. Consul evaluates hash policies individually and combines them so that identical lists result in the same hash. If no hash policies are present or successfully evaluated, then Consul selects a random backend host.

Values

LoadBalancer{}.HashPolicies[].Field

Specifies the attribute type to hash on. You cannot specify the Field parameter if SourceIP is also configured.

Supported attribute types include the following:

AttributeDescription
CookieThe load balancer uses a cookie to obtain a hash key. Refer to the Envoy documentation for more information.
HeaderThe load balancer uses a request header to obtain a hash key. Refer to the Envoy documentation for more information.
Query ParameterThe load balancer uses a URL query parameter to obtain the hash key. Refer to the Envoy documentation for more information.

Values

LoadBalancer{}.HashPolicies[].FieldValue

Specifies the value to hash, such as a header name, cookie name, or a URL query parameter name. You cannot specify the FieldValue parameter if SourceIP is also configured.

Values

  • Default: None
  • Data type: String

LoadBalancer{}.HashPolicies[].CookieConfig

Specifies additional configuration options for the cookie hash policy type. This field causes Envoy to generate a cookie for a client on its first request.

Values

  • Default: None

  • Data type: Map that can contain the following parameters:

    ParameterDescriptionData typeDefault
    SessionDirects Consul to generate a session cookie with no expiration.Booleanfalse
    TTLSpecifies the TTL for generated cookies. Cannot be specified for session cookies.String0s
    PathSpecifies the path to set for the cookie.StringNone

LoadBalancer{}.HashPolicies[].SourceIP

Determines if the hash type should besource IP address. You cannot specify SourceIP if Field or FieldValue are configured.

Values

  • Default: false
  • Data type: Boolean

LoadBalancer{}.HashPolicies[].Terminal

Determines if Consul should stop computing the hash when multiple hash policies are present. If a hash is computed when a terminal policy is evaluated, then that hash is used and subsequent hash policies are ignored.

Values

  • Default: false
  • Data type: Boolean

apiVersion

Specifies the version of the Consul API for integrating with Kubernetes. The value must be consul.hashicorp.com/v1alpha1.

Values

  • Default: None
  • This field is required.
  • String value that must be set to consul.hashicorp.com/v1alpha1.

kind

Specifies the type of configuration entry to implement. Must be set to ServiceResolver.

Values

  • Default: None
  • This field is required.
  • Data type: String value that must be set to ServiceResolver.

metadata

Map that contains an arbitrary name for the configuration entry and the namespace it applies to.

Values

  • Default: None
  • Data type: Map

metadata.name

Specifies a name for the configuration entry. The name is metadata that you can use to reference the configuration entry when performing Consul operations, such as applying a configuration entry to a specific cluster.

Values

  • Default: None
  • This field is required.
  • Data type: String

metadata.namespaceEnterpriseService resolver - 图27Enterprise

Specifies the namespace that the service resolver applies to. Refer to namespaces for more information.

Values

  • Default: None
  • Data type: String

spec

Map that contains the details about the ServiceResolver configuration entry. The apiVersion, kind, and metadata fields are siblings of the spec field. All other configurations are children.

Values

  • Default: None
  • This field is required.
  • Data type: Map

spec.connectTimeout

Specifies the timeout duration for establishing new network connections to this service. By default, the duration is measured in nanoseconds (ns).

Values

  • Default: None
  • Data type: String

spec.requestTimeout

Specifies the timeout duration for receiving an HTTP response from this service. When set to 0s, the default value of 15s is used instead. By default, the duration is measured in nanoseconds (ns).

Values

  • Default: 15s
  • Data type: String

spec.subsets

Specifies names for custom service subsets and the conditions under which service instances belong to each subset. Define a subset by specifying a key and a value where the key is the subset’s name and the value is a map that contains a filtering expression. If this parameter is not specified, only the unnamed default subset is usable.

For additional guidance, refer to the filter on service version configuration example.

Values

  • Default: None

  • Data type: Map containing a key-value pair.

    • : String that names the subset. The string must be valid as a DNS subdomain element.

    • : Map that can contain the following parameters:

      ParameterDescriptionData typeDefault
      filterSpecifies an expression that filters the DNS elements of service instances that belong to the subset. If empty, all healthy instances of a service are returned. This expression can filter on the same DNS selectors as the Health API endpoint. For more information about creating and using expressions to filter, refer to filtering.StringNone
      onlyPassingDetermines if instances that return a warning from a health check are allowed to resolve a request. When set to false, instances with passing and warning states are considered healthy. When set to true, only instances with a passing health check state are considered healthy.Booleanfalse

spec.defaultSubset

Specifies a defined subset of service instances to use when no explicit subset is requested. If this parameter is not specified, Consul uses the unnamed default subset.

Values

  • Default: None
  • Data type: String

spec.redirect

Specifies redirect instructions for local service traffic so that services deployed to a different network location resolve the upstream request instead. When this field is defined, Consul ignores all other fields in a service resolver configuration entry except for kind, name, namespace. When there are multiple redirects defined for a single service, Consul uses only the first one it applies.

Values

spec.redirect.service

Specifies the name of a service at the redirect’s destination that resolves local upstream requests.

Values

  • Default: None
  • Data type: String

spec.redirect.serviceSubset

Specifies the name of a subset of services at the redirect’s destination that resolves local upstream requests. If empty, the default subset is used. If specified, you must also specify at least one of the following in the same redirect map: service, namespace, anddatacenter.

Values

  • Default: None
  • Data type: String

spec.redirect.namespace EnterpriseService resolver - 图28Enterprise

Specifies the namespace at the redirect’s destination that resolves local upstream requests.

Values

  • Default: None
  • Data type: String

spec.redirect.partition EnterpriseService resolver - 图29Enterprise

Specifies the admin partition at the redirect’s destination that resolves local upstream requests.

Values

  • Default: None
  • Data type: String

spec.redirect.samenessGroup EnterpriseService resolver - 图30Enterprise

Specifies the sameness group at the redirect’s destination that resolves local upstream requests.

Values

  • Default: None
  • Data type: String

spec.redirect.datacenter

Specifies the datacenter at the redirect’s destination that resolves local upstream requests.

Values

  • Default: None
  • Data type: String

spec.redirect.peer

Specifies the cluster with an active cluster peering connection at the redirect’s destination that resolves local upstream requests. Requires separately defined service intentions that authorize services for peers. When Consul runs a health check before resolving requests from the peer, it does not apply health checks that were defined on the peer and exported to the local cluster through the exported services configuration entry.

Values

  • Default: None
  • Data type: String

spec.failover

Specifies controls for rerouting traffic to an alternate pool of service instances if the target service fails.

This parameter is a map, and its key is the name of the local service subset that resolves to another location when it fails. You can specify a "*" wildcard to apply failovers to any subset.

service, serviceSubset, namespace, targets, samenessGroup, and datacenters cannot all be empty at the same time.

Values

spec.failover.service

Specifies the name of the service to resolve at the failover location during a failover scenario.

Values

  • Default: None
  • Data type: String

spec.failover.serviceSubset

Specifies the name of a subset of service instances to resolve at the failover location during a failover scenario. If empty, Consul uses the service’s defaultSubset.

Values

  • Default: None
  • Data type: String

spec.failover.namespace EnterpriseService resolver - 图31Enterprise

Specifies the namespace at the failover location where the failover services are deployed. If empty, the current namespace is used.

Values

  • Default: None
  • Data type: String

spec.failover.samenessGroup EnterpriseService resolver - 图32Enterprise

Specifies the sameness group at the failover location where the failover services are deployed.

Values

  • Default: None
  • Data type: String

spec.failover.datacenters

Specifies an ordered list of datacenters at the failover location to attempt connections to during a failover scenario. When Consul cannot establish a connection with the first datacenter in the list, it proceeds sequentially until establishing a connection with another datacenter.

Values

  • Default: None
  • Data type: String

spec.failover.targets

Specifies a fixed list of failover targets to try during failover. This list can express complicated failover scenarios.

For examples, refer to the failover example configurations.

Values

spec.failover.targets.service

Specifies the service name to use for the failover target. If empty, the current service name is used.

Values

  • Default: None
  • Data type: String

spec.failover.targets.serviceSubset

Specifies the named subset to use for the failover target. If empty, the default subset for the requested service name is used.

Values

  • Default: None
  • Data type: String

spec.failover.targets.namespace EnterpriseService resolver - 图33Enterprise

Specifies the namespace to use for the failover target. If empty, the default namespace is used.

Values

  • Default: None
  • Data type: String

spec.failover.targets.partition EnterpriseService resolver - 图34Enterprise

Specifies the admin partition within the same datacenter to use for the failover target. If empty, the default partition is used. To use an admin partition in a different datacenter for the failover target, use the peer field instead.

Values

  • Default: None
  • Data type: String

spec.failover.targets.datacenter

Specifies the WAN federated datacenter to use for the failover target. If empty, the current datacenter is used. To use a datacenter for the failover target that is connected with a cluster peering relationship rather than WAN federation, use the peer field instead.

Values

  • Default: None
  • Data type: String

spec.failover.targets.peer

Specifies the destination cluster peer to resolve the target service name from. Intentions must be defined on the peered cluster so that the source service can access this failover target service as an upstream. When the peer name is specified, Consul uses Envoy’s outlier detection to determine the health of the failover target based on whether services can communicate with the failover target. Consul ignores service health checks imported from a peer for failover targets because the checks do not account for service routers, splitters, and resolvers that may be defined in the peer for the target service.

Values

  • Default: None
  • Data type: String

spec.loadBalancer

Specifies the load balancing policy and configuration for services issuing requests to this upstream.

Values

spec.loadBalancer.policy

Specifies the type of load balancing policy for selecting a host. Supported load balancing policies include:

PolicyDescription
RandomThe load balancer forwards a client request to an available server chosen at random from a fixed list.
Round robinThe load balancer proceeds through a fixed list of servers and forwards a client request to each available server in order.
Least requestThe load balancer forwards a client request to the server with the fewest connections. When using this policy, you can specify additional parameters in spec.loadBalancer.leastRequestConfig.
Ring hashThe load balancer forwards requests from the same client to the same group of servers. When using this policy, you can specify additional parameters in spec.loadBalancer.ringHashConfig.
MaglevThe load balancer uses a hashing algorithm to spread requests evenly across servers. When using this policy, you can specify additional parameters in spec.loadBalancer.hashPolicies.

Values

spec.loadBalancer.leastRequestConfig

Specifies configuration for the least_request policy type.

Values

  • Default: None

  • Data type: Map containing the following parameter:

    ParameterDescriptionData typeDefault
    choiceCountSpecifies the number of random healthy hosts from which to select the one with the least requests.Integer2

spec.loadBalancer.ringHashConfig

Specifies configuration for the ring_hash policy type.

Values

  • Default: None

  • Data type: List that can contain the following parameters:

    ParameterDescriptionData typeDefault
    minimumRingSizeDetermines the minimum number of entries in the hash ring.Integer1024
    maximumRingSizeDetermines the maximum number of entries in the hash ring.Integer8192

spec.loadBalancer.hashPolicies

Specifies a list of hash policies to use for hashing load balancing algorithms. Consul evaluates hash policies individually and combines them so that identical lists result in the same hash. If no hash policies are present or successfully evaluated, then Consul selects a random backend host.

Values

spec.loadBalancer.hashPolicies[].field

Specifies the attribute type to hash on. You cannot specify the field parameter if sourceIP is also configured.

Supported attribute types include the following:

AttributeDescription
CookieThe load balancer uses a cookie to obtain a hash key. Refer to the Envoy documentation for more information.
HeaderThe load balancer uses a request header to obtain a hash key. Refer to the Envoy documentation for more information.
Query ParameterThe load balancer uses a URL query parameter to obtain the hash key. Refer to the Envoy documentation for more information.

Values

spec.loadBalancer.hashPolicies[].fieldValue

Specifies the value to hash, such as a header name, cookie name, or a URL query parameter name. You cannot specify the fieldValue parameter if sourceIP is also configured.

Values

  • Default: None
  • Data type: String

spec.loadBalancer.hashPolicies[].cookieConfig

Specifies additional configuration options for the cookie hash policy type. This field causes Envoy to generate a cookie for a client on its first request.

Values

  • Default: None

  • Data type: Map that can contain the following parameters:

    ParameterDescriptionData typeDefault
    sessionDirects Consul to generate a session cookie with no expiration.Booleanfalse
    ttlSpecifies the TTL for generated cookies. Cannot be specified for session cookies.String0s
    pathSpecifies the path to set for the cookie.StringNone

spec.loadBalancer.hashPolicies[].sourceIP

Determines if the hash type should besource IP address. You cannot specify sourceIP if field or fieldValue are configured.

Values

  • Default: false
  • Data type: Boolean

spec.loadBalancer.hashPolicies[].terminal

Determines if Consul should stop computing the hash when multiple hash policies are present. If a hash is computed when a terminal policy is evaluated, then that hash is used and subsequent hash policies are ignored.

Values

  • Default: false
  • Data type: Boolean

Examples

The following examples demonstrate common service resolver configuration patterns for specific use cases.

Filter on service version

The following example creates two subsets of the web service and assigns service instances to subsets based on each instance’s version metadata. It also defines v1 as the default subset.

  1. Kind          = "service-resolver"
  2. Name          = "web"
  3. DefaultSubset = "v1"
  4. Subsets = {
  5.   v1 = {
  6.     Filter = "Service.Meta.version == v1"
  7.   }
  8.   v2 = {
  9.     Filter = "Service.Meta.version == v2"
  10.   }
  11. }
  1. apiVersion: consul.hashicorp.com/v1alpha1
  2. kind: ServiceResolver
  3. metadata:
  4.   name: web
  5. spec:
  6.   defaultSubset: v1
  7.   subsets:
  8.     v1:
  9.       filter: 'Service.Meta.version == v1'
  10.     v2:
  11.       filter: 'Service.Meta.version == v2'
  1. {
  2.   "Kind": "service-resolver",
  3.   "Name": "web",
  4.   "DefaultSubset": "v1",
  5.   "Subsets": {
  6.     "v1": {
  7.       "Filter": "Service.Meta.version == v1"
  8.     },
  9.     "v2": {
  10.       "Filter": "Service.Meta.version == v2"
  11.     }
  12.   }
  13. }

Resolve virtual upstreams

The folowing example uses the Redirect parameter to expose a set of services to another datacenter as a virtual service.

  1. Kind = "service-resolver"
  2. Name = "web-dc2"
  3. Redirect {
  4.   Service    = "web"
  5.   Datacenter = "dc2"
  6. }
  1. apiVersion: consul.hashicorp.com/v1alpha1
  2. kind: ServiceResolver
  3. metadata:
  4.   name: web-dc2
  5. spec:
  6.   redirect:
  7.     service: web
  8.     datacenter: dc2
  1. {
  2.   "Kind": "service-resolver",
  3.   "Name": "web-dc2",
  4.   "Redirect": {
  5.     "Service": "web",
  6.     "Datacenter": "dc2"
  7.   }
  8. }

Service failover

The following example enables failover for subset v2 to dc2. All other subsets attempt failover to dc3, and when it is not available, to dc4:

  1. Kind           = "service-resolver"
  2. Name           = "web"
  3. ConnectTimeout = "15s"
  4. Failover = {
  5.   v2 = {
  6.     Datacenters = ["dc2"]
  7.   }
  8.   "*" = {
  9.     Datacenters = ["dc3", "dc4"]
  10.   }
  11. }
  1. apiVersion: consul.hashicorp.com/v1alpha1
  2. kind: ServiceResolver
  3. metadata:
  4.   name: web
  5. spec:
  6.   connectTimeout: 15s
  7.   failover:
  8.     v2:
  9.       datacenters: ['dc2']
  10.     '*':
  11.       datacenters: ['dc3', 'dc4']
  1. {
  2.   "Kind": "service-resolver",
  3.   "Name": "web",
  4.   "ConnectTimeout": "15s",
  5.   "Failover": {
  6.     "v2": {
  7.       "Datacenters": ["dc2"]
  8.     },
  9.     "*": {
  10.       "Datacenters": ["dc3", "dc4"]
  11.     }
  12.   }
  13. }

Failover targets for federation and cluster peering

The following example enables failover to target a WAN federated datacenter for all service subsets. If the connection to dc3 times out after 15 seconds, the service failover targets the peer with the establish cluster peering connection instead.

  1. Kind           = "service-resolver"
  2. Name           = "web"
  3. ConnectTimeout = "15s"
  4. Failover = {
  5.   "*" = {
  6.     Targets = [
  7.       {Datacenter = "dc3"},
  8.       {Peer = "peer-01"}
  9.     ]
  10.   }
  11. }
  1. apiVersion: consul.hashicorp.com/v1alpha1
  2. kind: ServiceResolver
  3. metadata:
  4.   name: web
  5. spec:
  6.   connectTimeout: 15s
  7.   failover:
  8.     '*':
  9.       targets:
  10.       - datacenter: "dc3"
  11.       - peer: "peer-01"
  1. {
  2.   "Kind": "service-resolver",
  3.   "Name": "web",
  4.   "ConnectTimeout": "15s",
  5.   "Failover": {
  6.     "*": {
  7.       "Targets": [
  8.         {"Datacenter": "dc3"},
  9.         {"Peer": "peer-01"}
  10.       ]
  11.     }
  12.   }
  13. }

Failover for all service subsets EnterpriseService resolver - 图35Enterprise

The following example enables failover to the secondary namespace in another datacenter for all service subsets.

  1. Kind           = "service-resolver"
  2. Name           = "product-api"
  3. Namespace      = "primary"
  4. ConnectTimeout = "0s"
  5. Failover = {
  6.   "*" = {
  7.     Datacenters = ["dc2"]
  8.     Namespace = "secondary"
  9.   }
  10. }
  1. apiVersion: consul.hashicorp.com/v1alpha1
  2. kind: ServiceResolver
  3. metadata:
  4.   name: product-api
  5.   namespace: primary
  6. spec:
  7.   connectTimeout: 0s
  8.   failover:
  9.     namespace: 'secondary'
  10.     datacenters: ['dc2']
  1. {
  2.   "Kind": "service-resolver",
  3.   "Name": "product-api",
  4.   "Namespace": "primary",
  5.   "ConnectTimeout": "0s",
  6.   "Failover": {
  7.     "*": {
  8.       "Datacenters": ["dc2"],
  9.       "Namespace": "secondary"
  10.     }
  11.   }
  12. }

Failover to a namespace EnterpriseService resolver - 图36Enterprise

The following example enables failover to a different namespace in the same datacenter.

  1. Kind           = "service-resolver"
  2. Name           = "product-api"
  3. Namespace      = "primary"
  4. ConnectTimeout = "0s"
  5. Failover = {
  6.   "*" = {
  7.     Service = "product-api-backup"
  8.     Namespace = "secondary"
  9.   }
  10. }
  1. apiVersion: consul.hashicorp.com/v1alpha1
  2. kind: ServiceResolver
  3. metadata:
  4.   name: product-api
  5.   namespace: primary
  6. spec:
  7.   connectTimeout: 0s
  8.   failover:
  9.     service: 'product-api-backup'
  10.     namespace: 'secondary'
  1. {
  2.   "Kind": "service-resolver",
  3.   "Name": "product-api",
  4.   "Namespace": "primary",
  5.   "ConnectTimeout": "0s",
  6.   "Failover": {
  7.     "*": {
  8.       "Service": "product-api-backup",
  9.       "Namespace": "secondary"
  10.     }
  11.   }
  12. }

Consistent load balancing

The following example applies a Maglev load balancing policy for requests with an x-user-id header:

  1. Kind = "service-resolver"
  2. Name = "web"
  4. LoadBalancer = {
  5.   Policy = "maglev"
  6.   HashPolicies = [
  7.     {
  8.       Field = "header"
  9.       FieldValue = "x-user-id"
  10.     }
  11.   ]
  12. }
  1. apiVersion: consul.hashicorp.com/v1alpha1
  2. kind: ServiceResolver
  3. metadata:
  4.   name: web
  5. spec:
  6.   loadBalancer:
  7.     policy: maglev
  8.     hashPolicies:
  9.       - field: header
  10.         fieldValue: x-user-id
  1. {
  2.   "Kind": "service-resolver",
  3.   "Name": "web",
  4.   "LoadBalancer": {
  5.     "Policy": "maglev",
  6.     "HashPolicies": [
  7.       {
  8.         "Field": "header",
  9.         "FieldValue": "x-user-id"
  10.       }
  11.     ]
  12.   }
  13. }