hashicorp · trujillo-adam · Nov 17, 2022 · Oct 17, 2022 · Oct 17, 2022 · Oct 17, 2022
@@ -39,6 +39,7 @@ The following outline shows how to format the configurations in the `GatewayClas
   * [`envoy`](#image-envoy): string | optional
 * [`logLevel`](#loglevel): string | optional
 * [`nodeSelector`](#nodeselector): string | optional
+* [`tolerations`](#tolerations): array of objects | optional
 * [`serviceType`](#servicetype): string | optional
 * [`useHostPorts`](#usehostports): boolean | optional
 
@@ -158,6 +159,46 @@ Pods normally run on multiple nodes. You can specify a set of parameters in the
 * Type: string
 * Required: optional
 
+### tolerations
+When opperating Kubernetes, it is possible to apply a taint to a node running pods. Tolerations allow you to specify which pods are allowed to run on those tained nodes. Refer to the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for additional information.
+
+* Type: Array of Objects
+* Required: optional
+
+You can create an array of the following object to specify a toleration
+#### toleration.key
+The key value of the taint being described
+
+* Type: string
+* Required: yes
+
+#### toleration.operator
+The operation being applied to the taints being allowed.
+
+* Type: string
+* Required: yes
+* Default: Equal
+
+You can specify the following strings
+* `Equal`
+* `Exists`
+#### toleration.value
+If the operator is "Equal", the value being matched
+
+* Type: string
+* Required: If operator is set to "Equal"
+
+#### toleration.effect
+The effect the taint should cause the pod
+
+* Type: string
+* Required: no
+
+You can specify the following strings:
+* `NoExecute`
+* `NoSchedule`
+* `PreferNoSchedule`
+
 ### serviceType
 Specifies the ingress methods for the gateway's Kubernetes service.
 * Type: string

@@ -11,14 +11,17 @@ This topic provides full details about the `MeshService` resource.
 
 ## Introduction
 
-A `MeshService` is a resource in the Kubernetes cluster that enables Kubernetes configuration models, such as `HTTPRoute` and `TCPRoute`, to reference services that only exist in Consul. A `MeshService` represents a service in the Consul service mesh outside the Kubernetes cluster where Consul API Gateway is deployed. The service represented by the `MeshService` resource must be in the same Consul datacenter as the Kubernetes cluster.  
+A `MeshService` is a resource in the Kubernetes cluster that enables Kubernetes configuration models, such as `HTTPRoute` and `TCPRoute`, to reference services that only exist in Consul.
+A `MeshService` represents a service in the Consul service mesh outside the Kubernetes cluster where Consul API Gateway is deployed.
+The service represented by the `MeshService` resource must either be in the same Consul datacenter as the Kubernetes cluster or imported from a peered Consul cluster.
 
 
 ## Configuration Model
 
 The following outline shows how to format the configurations in the `MeshService` object. Click on a property name to view details about the configuration.
 
 * [`name`](#name): string | required
+* [`peer`](#peer): string | optional
 
 
 ## Specification
@@ -29,3 +32,11 @@ This topic provides details about the configuration parameters.
 Specifies the name of the service in the Consul service mesh to send traffic to.
 * Type: string
 * Required: required
+
+### peer
+Specifies the name of the peered Consul cluster from where the service is exported. If not specified, Consul defaults to the local datacenter.
+
+You must apply a [`ServiceResolver`](/docs/connect/config-entries/service-resolver) for the referenced service. The `ServiceResolver` configuration entry enables Consul to resolve routes to upstream service instances. 
+
+* Type: string
+* Required: optional
@@ -18,7 +18,6 @@ Verify that your environment meets the following requirements prior to using Con
 Your datacenter must meet the following requirements prior to configuring the Consul API Gateway:
 
 - Kubernetes 1.21+
-  - Kubernetes 1.24 is not supported at this time.
 - `kubectl` 1.21+
 - Consul 1.11.2+
 - HashiCorp Consul Helm chart 0.47.1+
@@ -48,9 +47,8 @@ The following table lists API Gateway limitations related to specific Consul fea
 
 | Consul Feature | Limitation |
 | -------------- | ---------- |
-| [Admin partitions](/docs/enterprise/admin-partitions) | You can only deploy Consul API Gateway into the `default` admin partition and it can only route to other services within that partition, i.e. you cannot route to services in other admin partitions. |
-| Datacenter federation | If you are connecting multiple Consul datacenters to create a federated network, you can only deploy Consul API Gateway in the `primary` datacenter. |
-| Routing between datacenters | If you are connecting multiple Consul datacenters to create a federated network, API Gateway can only route traffic to Services in the local datacenter. However, API Gateway can route to Services in other Kubernetes clusters when they are in the same Consul datacenter. Refer to [Single Consul Datacenter in Multiple Kubernetes Clusters](/docs/k8s/deployment-configurations/single-dc-multi-k8s) for more details. |
+| [Admin partitions](/docs/enterprise/admin-partitions) | You can only deploy Consul API Gateway into the `default` admin partition. You can route to services in other admin partitions through peered connections. Refer to [Route Traffic to Peered Services](/consul/docs/api-gateway/usage/route-to-peered-services) for additional information. |
+| Routing between datacenters | If you are connecting multiple Consul datacenters to create a federated network, you can route to services in other datacenters through peered connections. Refer to [Route Traffic to Peered Services](/consul/docs/api-gateway/usage/route-to-peered-services) for additional information. |
 
 ## Deployment Environments
 

@@ -0,0 +1,60 @@
+---
+layout: docs
+page_title: Use Consul API Gateway
+description: >-
+  Learn how to apply a configured Consul API Gateway to your Kubernetes cluster, review the required fields for rerouting HTTP requests, and troubleshoot an error message.
+---
+
+# Error Messages
+
+This topic provides information about potential error messages associated with Consul API Gateway. If you receive an error message that does not appear in this section, refer to the following resources:
+
+* [Common Consul errors](/docs/troubleshoot/common-errors#common-errors-on-kubernetes)
+* [Consul troubleshooting guide](/docs/troubleshoot/common-errors)
+* [Consul Discuss forum](https://discuss.hashicorp.com/)
+
+<!---
+***************************************************************************
+Use markdown's Reference-Style links when including hyperlinks. This makes it easier to read the content im markdown.
+
+Each common error should have its own section on this page. Each section
+should start with a heading line that is a short description of the error or
+the text of the error.
+
+Two examples:
+    ### Failed opening file during installation
+    ### Message: "Can't connect to repository" when running Helm chart
+
+******** Template for new Error Messages ********
+ Copy and paste the following 13 lines when adding a new error message to this page.
+
+### Title for this error
+
+```
+Replace with text of example error message
+```
+**Conditions:**
+REPLACE THIS with description of when and why the error is typically seen
+
+**Impact:**
+REPLACE THIS with description of most likely impact of the event that caused this error to occur
+
+**Resolution:**
+REPLACE THIS with the actions the user should take to try to correct the situation
+
+***************************************************************************
+--->
+
+## Helm installation failed: "no matches for kind"
+
+```log
+Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: [unable to recognize "": no matches for kind "GatewayClass" in version "gateway.networking.k8s.io/v1alpha2", unable to recognize "": no matches for kind "GatewayClassConfig" in version "api-gateway.consul.hashicorp.com/v1alpha1"]
+```
+**Conditions:**
+Consul API Gateway generates this error when the required CRD files have not been installed in Kubernetes prior to installing Consul API Gateway.
+
+**Impact:**
+The installation process typically fails after this error message is generated.
+
+**Resolution:**
+Install the required CRDs. Refer to the [Consul API Gateway installation instructions](/docs/api-gateway/install#installation) for instructions.
@@ -0,0 +1,58 @@
+---
+layout: docs
+page_title: Reroute HTTP Requests
+description: >-
+  Learn how to configure Consul API Gateway to reroute HTTP requests to a specific path. 
+---
+
+# Reroute HTTP Requests
+
+This topic describes how to configure Consul API Gateway to reroute HTTP requests. 
+
+## Requirements
+
+1. Verify that the [requirements](/docs/api-gateway/tech-specs) have been met.
+1. Verify that the Consul API Gateway CRDs and controller have been installed and applied. Refer to [Installation](/docs/api-gateway/install) for details.
+
+## Configuration
+
+Configure the following fields in your `Route` configuration to use this feature. Refer to the [Route configuration reference](/docs/api-gateway/configuration/routes) for details about the parameters.
+
+* [`rules.filters.type`](/docs/api-gateway/configuration/routes#rules-filters-type): Set this parameter to `URLRewrite` to instruct Consul API Gateway to rewrite the URL when specific conditions are met. 
+* [`rules.filters.urlRewrite`](/docs/api-gateway/configuration/routes#rules-filters-urlrewrite): Specify the `path` configuration.
+* [`rules.filters.urlRewrite.path`](/docs/api-gateway/configuration/routes#rules-filters-urlrewrite-path): Contains the paths that incoming requests should be rewritten to based on the match conditions.  
+
+Note that if the route is configured to accept paths with and without a trailing slash, you must make two separate routes to handle each case.
+
+### Example
+
+In the following example, requests to` /incoming-request-prefix/` are forwarded to the `backendRef` as `/prefix-backend-receives/`. A request to `/incoming-request-prefix/request-path`, for instance, is received by the `backendRef` as `/prefix-backend-receives/request-path`.
+
+<CodeBlockConfig filename="route.yaml">
+
+```yaml hideClipboard
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: HTTPRoute
+metadata:
+ name: example-route
+ ##...
+spec:
+ parentRefs:
+   - group: gateway.networking.k8s.io
+     kind: Gateway
+     name: api-gateway
+ rules:
+   - backendRefs:
+     . . .
+     filters:
+       - type: URLRewrite
+         urlRewrite:
+           path:
+             replacePrefixMatch: /prefix-backend-receives/
+             type: ReplacePrefixMatch
+     matches:
+       - path:
+           type: PathPrefix
+           value: /incoming–request-prefix/
+```
+</CodeBlockConfig>
@@ -0,0 +1,78 @@
+---
+page_title: Route Traffic to Peered Services
+description: Learn how to configure Consul API Gateway to route traffic to services connected to the mesh through a peering connection.
+---
+
+# Route Traffic to Peered Services
+
+This topic describes how to configure Consul API Gateway to route traffic to services connected to the mesh through a peering connection.
+
+## Requirements
+
+1. Consul 1.14 or later
+1. Verify that the [requirements](/docs/api-gateway/tech-specs) have been met.
+1. Verify that the Consul API Gateway CRDs and controller have been installed and applied. Refer to [Installation](/docs/api-gateway/install) for details.
+1. A peering connection must already be established between Consul clusters. Refer to [Cluster Peering on Kubernetes](/docs/connect/cluster-peering/k8s) for instructions.
+1. The Consul service you want to route traffic to must be exported to the cluster containing your `Gateway`. Refer to [Cluster Peering on Kubernetes](/docs/connect/cluster-peering/k8s) for instructions. 
+1. A `ServiceResolver` for the Consul service you want to route traffic to must be created in the cluster that contains your `Gateway`. Refer to [Service Resolver Configuration Entry](/docs/connect/config-entries/service-resolver) for instructions.
+
+## Configuration
+
+Configure the following fields in your `MeshService` configuration to use this feature. Refer to the [MeshService configuration reference](/docs/api-gateway/configuration/mesh) for details about the parameters.
+
+* [`name`](/docs/api-gateway/configuration/meshservice#name)
+* [`peer`](/docs/api-gateway/configuration/meshservice#peer)
+
+## Example
+
+In the following example, routes that use `example-mesh-service` as a backend are configured to send requests to the `echo` service exported by the peered Consul cluster `cluster-02`.
+
+<CodeBlockConfig filename="serviceresolver.yaml">
+
+```yaml hideClipboard
+apiVersion: consul.hashicorp.com/v1alpha1
+kind: ServiceResolver
+metadata:
+  name: echo
+spec:
+  redirect:
+    peer: cluster-02
+    service: echo
+```
+</CodeBlockConfig>
+
+<CodeBlockConfig filename="meshservice.yaml">
+
+```yaml hideClipboard
+apiVersion: api-gateway.consul.hashicorp.com/v1alpha1
+kind: MeshService
+metadata:
+  name: example-mesh-service
+  ##...
+spec:
+  name: echo
+  peer: cluster-02
+```
+</CodeBlockConfig>
+
+After applying the configuration, an `HTTPRoute` may then reference `example-mesh-service` as its `backendRef`.
+
+<CodeBlockConfig filename="route.yaml">
+
+```yaml hideClipboard
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: HTTPRoute
+metadata:
+  name: example-route
+  ##...
+spec:
+  ...
+  rules:
+    - backendRefs:
+        - group: api-gateway.consul.hashicorp.com
+          kind: MeshService
+          name: example-mesh-service
+          port: 3000
+      ...
+```
+</CodeBlockConfig>