»Mesh Beta

The mesh config entry kind allows for globally defining default configuration that applies to all service mesh proxies. Settings in this config entry apply across all namespaces and federated datacenters.

»Sample Config Entries

»Only allow transparent proxies to dial addresses in the mesh.

Kind      = "mesh"

TransparentProxy {
  MeshDestinationsOnly = true
}

»Available Fields

  • Kind - Must be set to mesh

  • Namespace (string: "default")

    Enterprise
    - Specifies the namespace the config entry will apply to. Must be set to default

  • Meta (map<string|string>: nil) - Specifies arbitrary KV metadata pairs.

  • TransparentProxy (TransparentProxyConfig: <optional>) - Controls configuration specific to proxies in transparent mode. Added in v1.10.0.

    • MeshDestinationsOnly (bool: false) - Determines whether sidecar proxies operating in transparent mode can proxy traffic to IP addresses not registered in Consul's mesh. If enabled, traffic will only be proxied to upstream proxies or Connect-native services. If disabled, requests will be proxied as-is to the original destination IP address. Consul will not encrypt the connection.

»ACLs

Configuration entries may be protected by ACLs.

Reading a mesh config entry requires no specific privileges.

Creating, updating, or deleting a mesh config entry requires operator:write.