mirror of https://github.com/status-im/consul.git
Apply suggestions from tech writer review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
This commit is contained in:
parent
24e3a3b3be
commit
1506b485f6
|
@ -15,7 +15,7 @@ Ensure that the environment you are deploying Consul API Gateway in meets the re
|
|||
|
||||
## Installation
|
||||
|
||||
-> **NOTE:** When you see `VERSION` in examples of commands or configuration settings, replace `VERSION` with the version number of the release you are installing, like `0.3.0`. If there is a lower case "v" in front of `VERSION` the version number needs to follow the "v" as is `v0.3.0`
|
||||
-> **Version reference convention:** Replace `VERSION` in command and configuration examples with the Consul API Gateway version you are installing, such as `0.3.0`. In some instances, `VERSION` is prepended with a lowercase _v_. This indicates that you must include the `v` as is part of the version, for example `v0.3.0`.
|
||||
|
||||
1. Issue the following command to install the CRDs:
|
||||
|
||||
|
@ -247,7 +247,7 @@ spec:
|
|||
For a listener's `certificateRef` to reference a secret in a different namespace, you must also create a [ReferencePolicy](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.ReferencePolicy).
|
||||
|
||||
The following example creates a `Gateway` named `example-gateway` in `gateway-namespace`. This `Gateway` has a `certificateRef` in `secret-namespace`.
|
||||
The reference is allowed because `reference-policy` in `secret-namespace` lets `Gateways` in `gateway-namespace` reference `Secrets` in `secret-namespace`.
|
||||
The listener can use the certificate because `reference-policy` in `secret-namespace` is configured to allow `Gateways` in `gateway-namespace` to reference `Secrets` in `secret-namespace`.
|
||||
|
||||
<CodeBlockConfig filename="gateway_with_referencepolicy.yaml">
|
||||
|
||||
|
|
|
@ -41,7 +41,7 @@ Ensure that the following requirements are met prior to upgrading:
|
|||
"hashicorp/consul-api-gateway:0.2.1"
|
||||
```
|
||||
|
||||
1. Retrieve all gateways that have a `certificateRef` in a different namespace. If you have installed the [`jq`](https://stedolan.github.io/jq/) utility, you can skip to [step 4](#jq-command-secrets). Otherwise, issue the following command to get all `Gateways` across all namespaces:
|
||||
1. Retrieve all gateways that have a `certificateRefs` in a different namespace. If you have installed the [`jq`](https://stedolan.github.io/jq/) utility, you can skip to [step 4](#jq-command-secrets). Otherwise, issue the following command to get all `Gateways` across all namespaces:
|
||||
|
||||
```shell-session
|
||||
$ kubectl get Gateway --output json --all-namespaces
|
||||
|
@ -74,7 +74,7 @@ Ensure that the following requirements are met prior to upgrading:
|
|||
|
||||
1. Inspect the `certificateRefs` entries for each of the routes.
|
||||
|
||||
If a `namespace` field is not defined in the `certificateRef` or if the namespace matches the namespace of the parent `Gateway`, then no additional action is required for the `certificateRef`. Otherwise, note the `namespace` field values for `certificateRef` configurations that have a `namespace` defined that do not match the namespace of the parent `Gateway`. You must also note the `namespace` of the parent gateway. You will need these to create a `ReferencePolicy` that explicitly allows each cross-namespace certificateRef-to-gateway pair. (see [step 5](#create-secret-reference-policy)).
|
||||
If a `namespace` field is not defined in the `certificateRefs` or if the namespace matches the namespace of the parent `Gateway`, then no additional action is required for the `certificateRefs`. Otherwise, note the `namespace` field values for `certificateRefs` configurations with a `namespace` field that do not match the namespace of the parent `Gateway`. You must also note the `namespace` of the parent gateway. You will need these to create a `ReferencePolicy` that explicitly allows each cross-namespace certificateRefs-to-gateway pair. (see [step 5](#create-secret-reference-policy)).
|
||||
|
||||
After completing this step, you will have a list of all secrets similar to the following:
|
||||
|
||||
|
@ -124,7 +124,7 @@ Ensure that the following requirements are met prior to upgrading:
|
|||
<a name="create-secret-reference-policy"/>
|
||||
|
||||
1. Using the list of secrets you created earlier as a guide, create a [`ReferencePolicy`](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.ReferencePolicy) to allow each gateway cross namespace secret access.
|
||||
The `ReferencePolicy` explicitly allows each cross-namespace gateway to secret pair. The `ReferencePolicy` must be created in the same `namespace` as the `certificateRef`.
|
||||
The `ReferencePolicy` explicitly allows each cross-namespace gateway to secret pair. The `ReferencePolicy` must be created in the same `namespace` as the `certificateRefs`.
|
||||
|
||||
Skip to the next step if you've already created a `ReferencePolicy`.
|
||||
<!---
|
||||
|
@ -164,7 +164,7 @@ Ensure that the following requirements are met prior to upgrading:
|
|||
|
||||
Proceed with the [standard-upgrade](#standard-upgrade).
|
||||
|
||||
## v0.2.0
|
||||
## Upgrade to v0.2.0
|
||||
|
||||
Consul API Gateway v0.2.0 introduces a change for people upgrading from Consul API Gateway v0.1.0. Routes with a `backendRef` defined in a different namespace now require a [`ReferencePolicy`](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.ReferencePolicy) that explicitly allows traffic from the route's namespace to the `backendRef`'s namespace.
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ description: >-
|
|||
|
||||
This version of API Gateway implements Cross Namespace Reference Policies
|
||||
and requires them when routes are in a different namespace than the services
|
||||
(as specified by the `backendRef`) they are routing traffic to.
|
||||
(as specified by the `backendRefs`) they are routing traffic to.
|
||||
|
||||
## Supported Software
|
||||
|
||||
|
|
Loading…
Reference in New Issue