Docs and changelog edits

Signed-off-by: Mark Anderson <manderson@hashicorp.com>
This commit is contained in:
Mark Anderson 2022-05-02 09:35:34 -07:00
parent fee6c7a7b6
commit 05dc5a26b7
3 changed files with 9 additions and 4 deletions

View File

@ -1,3 +1,3 @@
```release-note:improvement
agent: Envoy now inserts x-forwarded-client-cert for incoming proxy connections
```
xds: Envoy now inserts x-forwarded-client-cert for incoming proxy connections
```

View File

@ -44,6 +44,10 @@ type MeshDirectionalTLSConfig struct {
CipherSuites []types.TLSCipherSuite `json:",omitempty" alias:"cipher_suites"`
}
type MeshHTTPConfig struct {
SanitizeXForwardedClientCert bool `alias:"sanitize_x_forwarded_client_cert"`
}
func (e *MeshConfigEntry) GetKind() string {
return MeshConfig
}

View File

@ -368,8 +368,9 @@ Note that the Kubernetes example does not include a `partition` field. Configura
name: 'SanitizeXForwardedClientCert',
yaml: false,
type: 'bool: <optional>',
description: `Set the envoy forwardClientCertDetails to SANITIZE everywhere. Ordinarily Consul will configure Envoy to
insert x-forwarded-client-cert headers where appropriate. This returns Consul to the pre 1.12.1 behavior`,
description: `Set the envoy \`forward_client_cert_details\` option to \`SANITIZE\` for all proxies. This
configures Envoy to not send the \`x-forwarded-client-cert\` header to the next hop. If
unspecified or \`false\`, the XFCC header is propagated to upstream applications.`,
},
],
},