This document describes the supported properties for a9s Consul.
Consul provides a way to specify the minimum TLS version for HTTP API and RPC via the tls_min_version. Consul also provides a way to configure the supported cipher suites as a comma-separated-list via the tls_cipher_suites.
Caution: As referenced in this Go blog post,
for TLS 1.3, the specified
tls_cipher_suites will not be used, and Consul will make sure to use
the best algorithm possible based on the VM characteristics.
a9s Consul makes these properties configurable via multiple ops files to be used for each component. You must define the values in the IaaS file under the following properties:
You can check the list of ops files and the manifests that they must be applied with
ops/README.md file in the
anynines-deployment under the section
a9s Consul TLS Configuration.
bosh -d postgresql-service deploy \
--ops-file ops/tls_configurations/data-services/add_consul_tls_properties.yml \
--ops-file ops/tls_configurations/a9s-postgresql/add_service_instances_consul_tls_properties.yml \
a9s-<data-service>, it is necessary to execute the
Template Uploader Errand after deploying the ops file, and then
run the Deployment Updater Errand
to apply the changes to the service instances:
bosh -d <data-service>-service run-errand templates-uploader
bosh -d <data-service>-service run-errand deployment_updater
If the ops files are not applied, a9s Consul fallbacks to the default values used by Consul. You can check the official Consul documentation to know more about this.