From a73111ba82e03e442d1c030de85aa39dca54ace0 Mon Sep 17 00:00:00 2001 From: Luke Kysow <1034429+lkysow@users.noreply.github.com> Date: Fri, 8 Jan 2021 08:46:45 -0800 Subject: [PATCH] Move cfg entry docs to under connect from agent Since all config entries are currently related to service mesh it's a much more natural place to look for them under Service Mesh than under Agent. --- website/_redirects | 10 +++- .../content/api-docs/connect/intentions.mdx | 12 ++--- website/content/api-docs/discovery-chain.mdx | 4 +- website/content/commands/intention/create.mdx | 2 +- website/content/commands/intention/delete.mdx | 2 +- website/content/commands/intention/get.mdx | 2 +- website/content/commands/intention/index.mdx | 2 +- .../index.mdx => config-entries.mdx} | 54 ++----------------- .../docs/connect/config-entries/index.mdx | 52 ++++++++++++++++++ .../config-entries/ingress-gateway.mdx | 2 +- .../config-entries/proxy-defaults.mdx | 0 .../config-entries/service-defaults.mdx | 6 +-- .../config-entries/service-intentions.mdx | 4 +- .../config-entries/service-resolver.mdx | 0 .../config-entries/service-router.mdx | 8 +-- .../config-entries/service-splitter.mdx | 6 +-- .../config-entries/terminating-gateway.mdx | 6 +-- .../docs/connect/gateways/ingress-gateway.mdx | 8 +-- .../connect/gateways/terminating-gateway.mdx | 8 +-- website/content/docs/connect/intentions.mdx | 12 ++--- .../connect/l7-traffic/discovery-chain.mdx | 38 ++++++------- .../content/docs/connect/l7-traffic/index.mdx | 14 ++--- .../docs/connect/observability/index.mdx | 2 +- .../content/docs/connect/proxies/envoy.mdx | 38 ++++++------- .../docs/connect/proxies/integrate.mdx | 4 +- .../content/docs/guides/connect-gateways.mdx | 2 +- .../content/docs/guides/consul-splitting.mdx | 4 +- .../docs/k8s/connect/terminating-gateways.mdx | 4 +- website/content/docs/k8s/crds/index.mdx | 16 +++--- .../docs/upgrading/upgrade-specific.mdx | 12 ++--- website/data/docs-navigation.js | 35 ++++++------ 31 files changed, 192 insertions(+), 177 deletions(-) rename website/content/docs/agent/{config-entries/index.mdx => config-entries.mdx} (65%) create mode 100644 website/content/docs/connect/config-entries/index.mdx rename website/content/docs/{agent => connect}/config-entries/ingress-gateway.mdx (99%) rename website/content/docs/{agent => connect}/config-entries/proxy-defaults.mdx (100%) rename website/content/docs/{agent => connect}/config-entries/service-defaults.mdx (95%) rename website/content/docs/{agent => connect}/config-entries/service-intentions.mdx (99%) rename website/content/docs/{agent => connect}/config-entries/service-resolver.mdx (100%) rename website/content/docs/{agent => connect}/config-entries/service-router.mdx (98%) rename website/content/docs/{agent => connect}/config-entries/service-splitter.mdx (96%) rename website/content/docs/{agent => connect}/config-entries/terminating-gateway.mdx (98%) diff --git a/website/_redirects b/website/_redirects index 023d34b9da..e7bdf04063 100644 --- a/website/_redirects +++ b/website/_redirects @@ -118,8 +118,16 @@ /downloads_tools /docs/download-tools 301! /docs/k8s/ambassador /docs/k8s/connect/ambassador 301! /docs/k8s/installation/overview /docs/k8s/installation/install 301! -/docs/k8s/installation/muti-cluster/overview /docs/k8s/installation/multi-cluster 301! +/docs/k8s/installation/multi-cluster/overview /docs/k8s/installation/multi-cluster 301! /docs/partnerships /docs/integrate/partnerships 301! +/docs/agent/config-entries/ingress-gateway /docs/connect/config-entries/ingress-gateway 301! +/docs/agent/config-entries/proxy-defaults /docs/connect/config-entries/proxy-defaults 301! +/docs/agent/config-entries/service-defaults /docs/connect/config-entries/service-defaults 301! +/docs/agent/config-entries/service-intentions /docs/connect/config-entries/service-intentions 301! +/docs/agent/config-entries/service-resolver /docs/connect/config-entries/service-resolver 301! +/docs/agent/config-entries/service-router /docs/connect/config-entries/service-router 301! +/docs/agent/config-entries/service-splitter /docs/connect/config-entries/service-splitter 301! +/docs/agent/config-entries/terminating-gateway /docs/connect/config-entries/terminating-gateway 301! # CLI redirects /docs/commands /commands 301! diff --git a/website/content/api-docs/connect/intentions.mdx b/website/content/api-docs/connect/intentions.mdx index d0d3771117..aa182039e2 100644 --- a/website/content/api-docs/connect/intentions.mdx +++ b/website/content/api-docs/connect/intentions.mdx @@ -14,7 +14,7 @@ The `/connect/intentions` endpoint provide tools for managing -> **1.9.0 and later:** Reading and writing intentions has been migrated to the -[`service-intentions`](/docs/agent/config-entries/service-intentions) +[`service-intentions`](/docs/connect/config-entries/service-intentions) config entry kind. ## Upsert Intention by Name ((#upsert-intention-by-name)) @@ -87,7 +87,7 @@ The table below shows this endpoint's support for the `Permissions` field. - `Permissions` `(array)` - The list of all [additional L7 - attributes](/docs/agent/config-entries/service-intentions#intentionpermission) + attributes](/docs/connect/config-entries/service-intentions#intentionpermission) that extend the intention match criteria. Permission precedence is applied top to bottom. For any given request the @@ -131,7 +131,7 @@ true -> **Deprecated** - This endpoint is deprecated in Consul 1.9.0 in favor of [upserting by name](#upsert-intention-by-name) or editing the -[`service-intentions`](/docs/agent/config-entries/service-intentions) config +[`service-intentions`](/docs/connect/config-entries/service-intentions) config entry for the destination. This endpoint creates a new intention and returns its ID if it was created @@ -234,7 +234,7 @@ $ curl \ -> **Deprecated** - This endpoint is deprecated in Consul 1.9.0 in favor of [upserting by name](#upsert-intention-by-name) or editing the -[`service-intentions`](/docs/agent/config-entries/service-intentions) config +[`service-intentions`](/docs/connect/config-entries/service-intentions) config entry for the destination. This endpoint updates an intention with the given values. @@ -363,7 +363,7 @@ $ curl \ -> **Deprecated** - This endpoint is deprecated in Consul 1.9.0 in favor of [reading by name](#read-specific-intention-by-name) or by viewing the -[`service-intentions`](/docs/agent/config-entries/service-intentions) +[`service-intentions`](/docs/connect/config-entries/service-intentions) config entry for the destination. This endpoint reads a specific intention. @@ -570,7 +570,7 @@ $ curl \ -> **Deprecated** - This endpoint is deprecated in Consul 1.9.0 in favor of [deleting by name](#delete-intention-by-name) or editing the -[`service-intentions`](/docs/agent/config-entries/service-intentions) config +[`service-intentions`](/docs/connect/config-entries/service-intentions) config entry for the destination. This endpoint deletes a specific intention. diff --git a/website/content/api-docs/discovery-chain.mdx b/website/content/api-docs/discovery-chain.mdx index b9105476cd..3ef98b1fb4 100644 --- a/website/content/api-docs/discovery-chain.mdx +++ b/website/content/api-docs/discovery-chain.mdx @@ -65,7 +65,7 @@ The table below shows this endpoint's support for ### POST Body Parameters - `OverrideConnectTimeout` `(duration: 0s)` - Overrides the final [connect - timeout](/docs/agent/config-entries/service-resolver#connecttimeout) for + timeout](/docs/connect/config-entries/service-resolver#connecttimeout) for any service resolved in the compiled chain. This value comes from the `connect_timeout_ms` key in an [upstream @@ -75,7 +75,7 @@ The table below shows this endpoint's support for parameter. - `OverrideProtocol` `(string: "")` - Overrides the final - [protocol](/docs/agent/config-entries/service-defaults#protocol) used in + [protocol](/docs/connect/config-entries/service-defaults#protocol) used in the compiled discovery chain. If the chain ordinarily would be TCP and an L7 protocol is passed here the diff --git a/website/content/commands/intention/create.mdx b/website/content/commands/intention/create.mdx index 2b2623d577..4a820c404d 100644 --- a/website/content/commands/intention/create.mdx +++ b/website/content/commands/intention/create.mdx @@ -9,7 +9,7 @@ sidebar_title: create -> **Deprecated** - This command is deprecated in Consul 1.9.0 in favor of using the [config entry CLI command](/commands/config/write). To create an intention, create or modify a -[`service-intentions`](/docs/agent/config-entries/service-intentions) config +[`service-intentions`](/docs/connect/config-entries/service-intentions) config entry for the destination. Command: `consul intention create` diff --git a/website/content/commands/intention/delete.mdx b/website/content/commands/intention/delete.mdx index a5cedd8a0b..80baf37b8f 100644 --- a/website/content/commands/intention/delete.mdx +++ b/website/content/commands/intention/delete.mdx @@ -12,7 +12,7 @@ The `intention delete` command deletes a matching intention. -> **Deprecated** - The one argument form of this command is deprecated in Consul 1.9.0. Intentions no longer need IDs when represented as -[`service-intentions`](/docs/agent/config-entries/service-intentions) config +[`service-intentions`](/docs/connect/config-entries/service-intentions) config entries. ## Usage diff --git a/website/content/commands/intention/get.mdx b/website/content/commands/intention/get.mdx index 85862d2152..b40023c6c2 100644 --- a/website/content/commands/intention/get.mdx +++ b/website/content/commands/intention/get.mdx @@ -12,7 +12,7 @@ The `intention get` command shows a single intention. -> **Deprecated** - The one argument form of this command is deprecated in Consul 1.9.0. Intentions no longer need IDs when represented as -[`service-intentions`](/docs/agent/config-entries/service-intentions) config +[`service-intentions`](/docs/connect/config-entries/service-intentions) config entries. ## Usage diff --git a/website/content/commands/intention/index.mdx b/website/content/commands/intention/index.mdx index 898a218781..85cf72cc0a 100644 --- a/website/content/commands/intention/index.mdx +++ b/website/content/commands/intention/index.mdx @@ -14,7 +14,7 @@ creating, updating, reading, deleting, checking, and managing intentions. This command is available in Consul 1.2 and later. Intentions are managed primarily via -[`service-intentions`](/docs/agent/config-entries/service-intentions) config +[`service-intentions`](/docs/connect/config-entries/service-intentions) config entries after Consul 1.9. Intentions may also be managed via the [HTTP API](/api/connect/intentions). diff --git a/website/content/docs/agent/config-entries/index.mdx b/website/content/docs/agent/config-entries.mdx similarity index 65% rename from website/content/docs/agent/config-entries/index.mdx rename to website/content/docs/agent/config-entries.mdx index 197e46a668..4eb467ae70 100644 --- a/website/content/docs/agent/config-entries/index.mdx +++ b/website/content/docs/agent/config-entries.mdx @@ -1,6 +1,6 @@ --- layout: docs -page_title: Configuration Entry Definitions +page_title: Configuration Entries sidebar_title: Configuration Entries description: >- Consul allows storing configuration entries centrally to be used as defaults @@ -38,46 +38,10 @@ metadata: name: ``` -The supported `Kind`/`kind` names for configuration entries are: +## Supported Config Entries -- [`ingress-gateway`](/docs/agent/config-entries/ingress-gateway) - defines the - configuration for an ingress gateway - - - Kubernetes kind: [`IngressGateway`](/docs/agent/config-entries/ingress-gateway) - -- [`proxy-defaults`](/docs/agent/config-entries/proxy-defaults) - controls - proxy configuration - - - Kubernetes kind: [`ProxyDefaults`](/docs/agent/config-entries/proxy-defaults) - -- [`service-defaults`](/docs/agent/config-entries/service-defaults) - configures - defaults for all the instances of a given service - - - Kubernetes kind: [`ServiceDefaults`](/docs/agent/config-entries/service-defaults) - -- [`service-intentions`](/docs/agent/config-entries/service-intentions) - defines - the [intentions](/docs/connect/intentions) for a destination service - - - Kubernetes kind: [`ServiceIntentions`](/docs/agent/config-entries/service-intentions) - -- [`service-resolver`](/docs/agent/config-entries/service-resolver) - matches - service instances with a specific Connect upstream discovery requests - - - Kubernetes kind: [`ServiceResolver`](/docs/agent/config-entries/service-resolver) - -- [`service-router`](/docs/agent/config-entries/service-router) - defines - where to send layer 7 traffic based on the HTTP route - - - Kubernetes kind: [`ServiceRouter`](/docs/agent/config-entries/service-router) - -- [`service-splitter`](/docs/agent/config-entries/service-splitter) - defines - how to divide requests for a single HTTP route based on percentages - - - Kubernetes kind: [`ServiceSplitter`](/docs/agent/config-entries/service-splitter) - -- [`terminating-gateway`](/docs/agent/config-entries/terminating-gateway) - defines the - services associated with terminating gateway - - Kubernetes kind: [`TerminatingGateway`](/docs/agent/config-entries/terminating-gateway) +See [Service Mesh - Config Entries](/docs/connect/config-entries) for the list +of supported config entries. ## Managing Configuration Entries In Kubernetes @@ -194,13 +158,3 @@ server gains leadership, it will attempt to initialize the configuration entries If a configuration entry does not already exist outside of the servers configuration, then it will create it. If a configuration entry does exist, that matches both `kind` and `name`, then the server will do nothing. - -## Using Configuration Entries For Service Defaults - -Outside of Kubernetes, when the agent is -[configured](/docs/agent/options#enable_central_service_config) to enable -central service configurations, it will look for service configuration defaults -that match a registering service instance. If it finds any, the agent will merge -those defaults with the service instance configuration. This allows for things -like service protocol or proxy configuration to be defined globally and -inherited by any affected service registrations. diff --git a/website/content/docs/connect/config-entries/index.mdx b/website/content/docs/connect/config-entries/index.mdx new file mode 100644 index 0000000000..c9682c11cc --- /dev/null +++ b/website/content/docs/connect/config-entries/index.mdx @@ -0,0 +1,52 @@ +--- +layout: docs +page_title: Configuration Entry Definitions +sidebar_title: Configuration Entries +description: >- + Consul allows storing configuration entries centrally to be used as defaults + for configuring other aspects of Consul. +--- + +# Configuration Entries + +Configuration entries can be used to configure the behavior of Consul Connect. + +The following configuration entries are supported: + +- [Ingress Gateway](/docs/connect/config-entries/ingress-gateway) - defines the + configuration for an ingress gateway + +- [Proxy Defaults](/docs/connect/config-entries/proxy-defaults) - controls + proxy configuration + +- [Service Defaults](/docs/connect/config-entries/service-defaults) - configures + defaults for all the instances of a given service + +- [Service Intentions](/docs/connect/config-entries/service-intentions) - defines + the [intentions](/docs/connect/intentions) for a destination service + +- [Service Resolver](/docs/connect/config-entries/service-resolver) - matches + service instances with a specific Connect upstream discovery requests + +- [Service Router](/docs/connect/config-entries/service-router) - defines + where to send layer 7 traffic based on the HTTP route + +- [Service Splitter](/docs/connect/config-entries/service-splitter) - defines + how to divide requests for a single HTTP route based on percentages + +- [Terminating Gateway](/docs/connect/config-entries/terminating-gateway) - defines the + services associated with terminating gateway + +## Managing Configuration Entries + +See [Agent - Config Entries](/docs/agent/config-entries). + +## Using Configuration Entries For Service Defaults + +Outside of Kubernetes, when the agent is +[configured](/docs/agent/options#enable_central_service_config) to enable +central service configurations, it will look for service configuration defaults +that match a registering service instance. If it finds any, the agent will merge +those defaults with the service instance configuration. This allows for things +like service protocol or proxy configuration to be defined globally and +inherited by any affected service registrations. diff --git a/website/content/docs/agent/config-entries/ingress-gateway.mdx b/website/content/docs/connect/config-entries/ingress-gateway.mdx similarity index 99% rename from website/content/docs/agent/config-entries/ingress-gateway.mdx rename to website/content/docs/connect/config-entries/ingress-gateway.mdx index 608855028b..42949ad67f 100644 --- a/website/content/docs/agent/config-entries/ingress-gateway.mdx +++ b/website/content/docs/connect/config-entries/ingress-gateway.mdx @@ -35,7 +35,7 @@ A wildcard specifier provides the following properties for an ingress gateway: - All services with the same - [protocol](/docs/agent/config-entries/ingress-gateway#protocol) as the + [protocol](/docs/connect/config-entries/ingress-gateway#protocol) as the listener will be routable. - The ingress gateway will route traffic based on the host/authority header, expecting a value matching `.ingress.*`, or if using namespaces, diff --git a/website/content/docs/agent/config-entries/proxy-defaults.mdx b/website/content/docs/connect/config-entries/proxy-defaults.mdx similarity index 100% rename from website/content/docs/agent/config-entries/proxy-defaults.mdx rename to website/content/docs/connect/config-entries/proxy-defaults.mdx diff --git a/website/content/docs/agent/config-entries/service-defaults.mdx b/website/content/docs/connect/config-entries/service-defaults.mdx similarity index 95% rename from website/content/docs/agent/config-entries/service-defaults.mdx rename to website/content/docs/connect/config-entries/service-defaults.mdx index 90ea5db49a..b1d5160a78 100644 --- a/website/content/docs/agent/config-entries/service-defaults.mdx +++ b/website/content/docs/connect/config-entries/service-defaults.mdx @@ -99,10 +99,10 @@ spec: type: `string: "tcp"`, description: `Sets the protocol of the service. This is used by Connect proxies for things like observability features and to unlock usage - of the [\`service-splitter\`](/docs/agent/config-entries/service-splitter) and - [\`service-router\`](/docs/agent/config-entries/service-router) config entries + of the [\`service-splitter\`](/docs/connect/config-entries/service-splitter) and + [\`service-router\`](/docs/connect/config-entries/service-router) config entries for a service. It also unlocks the ability to define L7 intentions via - [\`service-intentions\`](/docs/agent/config-entries/service-intentions). + [\`service-intentions\`](/docs/connect/config-entries/service-intentions). Supported values are one of \`tcp\`, \`http\`, \`http2\`, or \`grpc\`.`, }, { diff --git a/website/content/docs/agent/config-entries/service-intentions.mdx b/website/content/docs/connect/config-entries/service-intentions.mdx similarity index 99% rename from website/content/docs/agent/config-entries/service-intentions.mdx rename to website/content/docs/connect/config-entries/service-intentions.mdx index dfdc30bef7..a55c0d53ff 100644 --- a/website/content/docs/agent/config-entries/service-intentions.mdx +++ b/website/content/docs/connect/config-entries/service-intentions.mdx @@ -30,8 +30,8 @@ global setting) by defining a low precedence intention for that destination. L7 intentions within a config entry are restricted to only destination services that define their protocol as HTTP-based via a corresponding -[`service-defaults`](/docs/agent/config-entries/service-defaults) config entry -or globally via [`proxy-defaults`](/docs/agent/config-entries/proxy-defaults) . +[`service-defaults`](/docs/connect/config-entries/service-defaults) config entry +or globally via [`proxy-defaults`](/docs/connect/config-entries/proxy-defaults) . ## Sample Config Entries diff --git a/website/content/docs/agent/config-entries/service-resolver.mdx b/website/content/docs/connect/config-entries/service-resolver.mdx similarity index 100% rename from website/content/docs/agent/config-entries/service-resolver.mdx rename to website/content/docs/connect/config-entries/service-resolver.mdx diff --git a/website/content/docs/agent/config-entries/service-router.mdx b/website/content/docs/connect/config-entries/service-router.mdx similarity index 98% rename from website/content/docs/agent/config-entries/service-router.mdx rename to website/content/docs/connect/config-entries/service-router.mdx index 723028ad9c..633ef4e509 100644 --- a/website/content/docs/agent/config-entries/service-router.mdx +++ b/website/content/docs/connect/config-entries/service-router.mdx @@ -26,16 +26,16 @@ service of the same name. - Service router config entries are restricted to only services that define their protocol as HTTP-based via a corresponding - [`service-defaults`](/docs/agent/config-entries/service-defaults) config + [`service-defaults`](/docs/connect/config-entries/service-defaults) config entry or globally via - [`proxy-defaults`](/docs/agent/config-entries/proxy-defaults) . + [`proxy-defaults`](/docs/connect/config-entries/proxy-defaults) . - Any route destination that omits the `ServiceSubset` field is eligible for splitting via a - [`service-splitter`](/docs/agent/config-entries/service-splitter) should + [`service-splitter`](/docs/connect/config-entries/service-splitter) should one be configured for that service, otherwise resolution proceeds according to any configured - [`service-resolver`](/docs/agent/config-entries/service-resolver). + [`service-resolver`](/docs/connect/config-entries/service-resolver). ## Sample Config Entries diff --git a/website/content/docs/agent/config-entries/service-splitter.mdx b/website/content/docs/connect/config-entries/service-splitter.mdx similarity index 96% rename from website/content/docs/agent/config-entries/service-splitter.mdx rename to website/content/docs/connect/config-entries/service-splitter.mdx index f263301ba1..96bcba33dd 100644 --- a/website/content/docs/agent/config-entries/service-splitter.mdx +++ b/website/content/docs/connect/config-entries/service-splitter.mdx @@ -30,15 +30,15 @@ resolution stage. - Service splitter config entries are restricted to only services that define their protocol as http-based via a corresponding - [`service-defaults`](/docs/agent/config-entries/service-defaults) config + [`service-defaults`](/docs/connect/config-entries/service-defaults) config entry or globally via - [`proxy-defaults`](/docs/agent/config-entries/proxy-defaults) . + [`proxy-defaults`](/docs/connect/config-entries/proxy-defaults) . - Any split destination that specifies a different `Service` field and omits the `ServiceSubset` field is eligible for further splitting should a splitter be configured for that other service, otherwise resolution proceeds according to any configured - [`service-resolver`](/docs/agent/config-entries/service-resolver). + [`service-resolver`](/docs/connect/config-entries/service-resolver). ## Sample Config Entries diff --git a/website/content/docs/agent/config-entries/terminating-gateway.mdx b/website/content/docs/connect/config-entries/terminating-gateway.mdx similarity index 98% rename from website/content/docs/agent/config-entries/terminating-gateway.mdx rename to website/content/docs/connect/config-entries/terminating-gateway.mdx index 6c9e5384f5..a7408c0b80 100644 --- a/website/content/docs/agent/config-entries/terminating-gateway.mdx +++ b/website/content/docs/connect/config-entries/terminating-gateway.mdx @@ -25,10 +25,10 @@ See [Terminating Gateway](/docs/connect/terminating-gateway) for more informatio ## TLS Origination -By specifying a path to a [CA file](/docs/agent/config-entries/terminating-gateway#cafile) connections +By specifying a path to a [CA file](/docs/connect/config-entries/terminating-gateway#cafile) connections from the terminating gateway will be encrypted using one-way TLS authentication. If a path to a -[client certificate](/docs/agent/config-entries/terminating-gateway#certfile) -and [private key](/docs/agent/config-entries/terminating-gateway#keyfile) are also specified connections +[client certificate](/docs/connect/config-entries/terminating-gateway#certfile) +and [private key](/docs/connect/config-entries/terminating-gateway#keyfile) are also specified connections from the terminating gateway will be encrypted using mutual TLS authentication. If none of these are provided, Consul will **only** encrypt connections to the gateway and not diff --git a/website/content/docs/connect/gateways/ingress-gateway.mdx b/website/content/docs/connect/gateways/ingress-gateway.mdx index 6c72c3d73a..a712a74b1f 100644 --- a/website/content/docs/connect/gateways/ingress-gateway.mdx +++ b/website/content/docs/connect/gateways/ingress-gateway.mdx @@ -18,22 +18,22 @@ a type of proxy and must be registered as a service in Consul, with the [kind](/api/agent/service#kind) set to "ingress-gateway". They are an entrypoint for outside traffic and allow you to define what services should be exposed and on what port. You configure an ingress gateway by defining a set of -[listeners](/docs/agent/config-entries/ingress-gateway#listeners) that each map +[listeners](/docs/connect/config-entries/ingress-gateway#listeners) that each map to a set of backing -[services](/docs/agent/config-entries/ingress-gateway#services). +[services](/docs/connect/config-entries/ingress-gateway#services). To enable easier service discovery, a new Consul [DNS subdomain](/docs/discovery/dns#ingress-service-lookups) is provided, on `.ingress.`. For listeners with a -[protocol](/docs/agent/config-entries/ingress-gateway#protocol) other than +[protocol](/docs/connect/config-entries/ingress-gateway#protocol) other than `tcp`, multiple services can be specified for a single listener. In this case, the ingress gateway relies on host/authority headers to decide the service that should receive the traffic. The host used to match traffic defaults to the [Consul DNS ingress subdomain](/docs/discovery/dns#ingress-service-lookups), but can be changed using -the [hosts](/docs/agent/config-entries/ingress-gateway#hosts) field. +the [hosts](/docs/connect/config-entries/ingress-gateway#hosts) field. ![Ingress Gateway Architecture](/img/ingress-gateways.png) diff --git a/website/content/docs/connect/gateways/terminating-gateway.mdx b/website/content/docs/connect/gateways/terminating-gateway.mdx index 3ec70c2562..b08c62eaea 100644 --- a/website/content/docs/connect/gateways/terminating-gateway.mdx +++ b/website/content/docs/connect/gateways/terminating-gateway.mdx @@ -33,10 +33,10 @@ hold certificates to decrypt Consul Connect traffic directed at them and may be to linked services. Connections over the WAN or open internet should flow through [mesh gateways](/docs/connect/mesh-gateway) whenever possible since they are not capable of decrypting traffic or connecting directly to services. -By specifying a path to a [CA file](/docs/agent/config-entries/terminating-gateway#cafile) connections +By specifying a path to a [CA file](/docs/connect/config-entries/terminating-gateway#cafile) connections from the terminating gateway will be encrypted using one-way TLS authentication. If a path to a -[client certificate](/docs/agent/config-entries/terminating-gateway#certfile) -and [private key](/docs/agent/config-entries/terminating-gateway#keyfile) are also specified connections +[client certificate](/docs/connect/config-entries/terminating-gateway#certfile) +and [private key](/docs/connect/config-entries/terminating-gateway#keyfile) are also specified connections from the terminating gateway will be encrypted using mutual TLS authentication. If none of these are provided, Consul will **only** encrypt connections to the gateway and not @@ -98,7 +98,7 @@ If the Consul client agent on the gateway's node is not configured to use the de must also provide `agent:read` for its node's name in order to discover the agent's gRPC port. gRPC is used to expose Envoy's xDS API to Envoy proxies. Linking services to a terminating gateway is done with a `terminating-gateway` -[configuration entry](/docs/agent/config-entries/terminating-gateway). This config entry can be applied via the +[configuration entry](/docs/connect/config-entries/terminating-gateway). This config entry can be applied via the [CLI](/commands/config/write) or [API](/api/config#apply-configuration). Gateways with the same name in Consul's service catalog are configured with a single configuration entry. diff --git a/website/content/docs/connect/intentions.mdx b/website/content/docs/connect/intentions.mdx index 3032aa0d7a..2e27273c15 100644 --- a/website/content/docs/connect/intentions.mdx +++ b/website/content/docs/connect/intentions.mdx @@ -35,7 +35,7 @@ intentions to control Connect traffic authorization either at networking layer - **Application-aware** - Some intentions may additionally enforce access based on [L7 request - attributes](/docs/agent/config-entries/service-intentions#permissions) in + attributes](/docs/connect/config-entries/service-intentions#permissions) in addition to connection identity. These may only be defined for services with a [protocol] that is HTTP-based. These can also be thought of as **L7 intentions**. @@ -59,16 +59,16 @@ denied by default. ## Intention Basics Intentions are managed primarily via -[`service-intentions`](/docs/agent/config-entries/service-intentions) config +[`service-intentions`](/docs/connect/config-entries/service-intentions) config entries or the UI. Some simpler tasks can also be achieved with the older [API](/api-docs/connect/intentions) or [CLI](/commands/intention). Please see the respective documentation for each for full details on options, flags, etc. Below is an example of a basic -[`service-intentions`](/docs/agent/config-entries/service-intentions) config +[`service-intentions`](/docs/connect/config-entries/service-intentions) config entry representing two simple intentions. The full data model complete with more examples can be found in the -[`service-intentions`](/docs/agent/config-entries/service-intentions) config +[`service-intentions`](/docs/connect/config-entries/service-intentions) config entry documentation. ```hcl @@ -160,7 +160,7 @@ top to bottom, with larger numbers being evaluated first. | `*` | `*` | `*` | `*` | 1 | The precedence value can be read from a -[field](/docs/agent/config-entries/service-intentions#precedence) on the +[field](/docs/connect/config-entries/service-intentions#precedence) on the `service-intentions` config entry after it is modified. Precedence cannot be manually overridden today. @@ -240,6 +240,6 @@ connection authorization continues to work indefinitely. Changes to intentions will not be picked up until the partition heals, but will then automatically take effect when connectivity is restored. -[protocol]: /docs/agent/config-entries/service-defaults#protocol +[protocol]: /docs/connect/config-entries/service-defaults#protocol [proxies]: /docs/connect/proxies [envoy]: /docs/connect/proxies/envoy diff --git a/website/content/docs/connect/l7-traffic/discovery-chain.mdx b/website/content/docs/connect/l7-traffic/discovery-chain.mdx index 14e68c7010..e1beff31bd 100644 --- a/website/content/docs/connect/l7-traffic/discovery-chain.mdx +++ b/website/content/docs/connect/l7-traffic/discovery-chain.mdx @@ -32,34 +32,34 @@ The configuration entries used in the discovery chain are designed to be simple to read and modify for narrowly tailored changes, but at discovery-time the various configuration entries interact in more complex ways. For example: -- If a [`service-resolver`](/docs/agent/config-entries/service-resolver) +- If a [`service-resolver`](/docs/connect/config-entries/service-resolver) is created with a [service - redirect](/docs/agent/config-entries/service-resolver#service) defined, + redirect](/docs/connect/config-entries/service-resolver#service) defined, then all references made to the original service in any other configuration entry is replaced with the redirect destination. -- If a [`service-resolver`](/docs/agent/config-entries/service-resolver) +- If a [`service-resolver`](/docs/connect/config-entries/service-resolver) is created with a [default - subset](/docs/agent/config-entries/service-resolver#defaultsubset) + subset](/docs/connect/config-entries/service-resolver#defaultsubset) defined then all references made to the original service in any other configuration entry that did not specify a subset will be replaced with the default. -- If a [`service-splitter`](/docs/agent/config-entries/service-splitter) +- If a [`service-splitter`](/docs/connect/config-entries/service-splitter) is created with a [service - split](/docs/agent/config-entries/service-splitter#splits), and the target service has its + split](/docs/connect/config-entries/service-splitter#splits), and the target service has its own `service-splitter` then the overall effect is flattened and only a single aggregate traffic split is ultimately configured in the proxy. -- [`service-resolver`](/docs/agent/config-entries/service-resolver) +- [`service-resolver`](/docs/connect/config-entries/service-resolver) redirect loops must be rejected as invalid. -- [`service-router`](/docs/agent/config-entries/service-router) and - [`service-splitter`](/docs/agent/config-entries/service-splitter) +- [`service-router`](/docs/connect/config-entries/service-router) and + [`service-splitter`](/docs/connect/config-entries/service-splitter) configuration entries require an L7 compatible protocol be set for the service via either a - [`service-defaults`](/docs/agent/config-entries/service-defaults) or - [`proxy-defaults`](/docs/agent/config-entries/proxy-defaults) config + [`service-defaults`](/docs/connect/config-entries/service-defaults) or + [`proxy-defaults`](/docs/connect/config-entries/proxy-defaults) config entry. Violations must be rejected as invalid. - If an [upstream @@ -153,7 +153,7 @@ A single node in the compiled discovery chain. - `Definition` `(ServiceRoute)` - Relevant portion of underlying `service-router` - [route](/docs/agent/config-entries/service-router#routes). + [route](/docs/connect/config-entries/service-router#routes). - `NextNode` `(string)` - The name of the next node in the chain in [`Nodes`](#nodes). @@ -161,7 +161,7 @@ A single node in the compiled discovery chain. splits. - `Weight` `(float32)` - Copy of underlying `service-splitter` - [`weight`](/docs/agent/config-entries/service-splitter#weight) field. + [`weight`](/docs/connect/config-entries/service-splitter#weight) field. - `NextNode` `(string)` - The name of the next node in the chain in [`Nodes`](#nodes). @@ -172,21 +172,21 @@ A single node in the compiled discovery chain. defined for this node and the default was synthesized. - `ConnectTimeout` `(duration)` - Copy of the underlying `service-resolver` - [`ConnectTimeout`](/docs/agent/config-entries/service-resolver#connecttimeout) + [`ConnectTimeout`](/docs/connect/config-entries/service-resolver#connecttimeout) field. If one is not defined the default of `5s` is returned. - `Target` `(string)` - The name of the target to use found in [`Targets`](#targets). - `Failover` `(DiscoveryFailover: )` - Compiled form of the underlying `service-resolver` - [`Failover`](/docs/agent/config-entries/service-resolver#failover) + [`Failover`](/docs/connect/config-entries/service-resolver#failover) definition to use for this request. - `Targets` `(array)` - List of targets found in [`Targets`](#targets) to failover to in order of preference. - `LoadBalancer` `(LoadBalancer: `) - Copy of the underlying `service-resolver` - [`LoadBalancer`](/docs/agent/config-entries/service-resolver#loadbalancer) field. + [`LoadBalancer`](/docs/connect/config-entries/service-resolver#loadbalancer) field. If a `service-splitter` splits between services with differing `LoadBalancer` configuration the first hash-based load balancing policy is copied. @@ -198,7 +198,7 @@ A single node in the compiled discovery chain. - `Service` `(string)` - The service to query when resolving a list of service instances. - `ServiceSubset` `(string: )` - The - [subset](/docs/agent/config-entries/service-resolver#service-subsets) of + [subset](/docs/connect/config-entries/service-resolver#service-subsets) of the service to resolve. - `Namespace` `(string)` - The namespace to use when resolving a list of service instances. @@ -207,7 +207,7 @@ A single node in the compiled discovery chain. - `Subset` `(ServiceResolverSubset)` - Copy of the underlying `service-resolver` - [`Subsets`](/docs/agent/config-entries/service-resolver#subsets) + [`Subsets`](/docs/connect/config-entries/service-resolver#subsets) definition for this target. - `Filter` `(string: "")` - The @@ -236,4 +236,4 @@ A single node in the compiled discovery chain. - `Name` `(string)` - The unique name for this target for use when generating load balancer objects. This has a structure similar to [SNI](#sni), but will not be affected by SNI customizations such as - [`ExternalSNI`](/docs/agent/config-entries/service-defaults#externalsni). + [`ExternalSNI`](/docs/connect/config-entries/service-defaults#externalsni). diff --git a/website/content/docs/connect/l7-traffic/index.mdx b/website/content/docs/connect/l7-traffic/index.mdx index afd80979eb..0d068047be 100644 --- a/website/content/docs/connect/l7-traffic/index.mdx +++ b/website/content/docs/connect/l7-traffic/index.mdx @@ -13,7 +13,7 @@ description: >- Layer 7 traffic management allows operators to divide L7 traffic between different -[subsets](/docs/agent/config-entries/service-resolver#service-subsets) of +[subsets](/docs/connect/config-entries/service-resolver#service-subsets) of service instances when using Connect. There are many ways you may wish to carve up a single datacenter's pool of @@ -42,7 +42,7 @@ entry is missing, that stage will fall back on reasonable default behavior. ### Routing -A [`service-router`](/docs/agent/config-entries/service-router) config +A [`service-router`](/docs/connect/config-entries/service-router) config entry kind is the first configurable stage. A router config entry allows for a user to intercept traffic using L7 criteria @@ -52,12 +52,12 @@ traffic to a different service or service subset. These config entries may only reference `service-splitter` or `service-resolver` entries. -[Examples](/docs/agent/config-entries/service-router#sample-config-entries) +[Examples](/docs/connect/config-entries/service-router#sample-config-entries) can be found in the `service-router` documentation. ### Splitting -A [`service-splitter`](/docs/agent/config-entries/service-splitter) config +A [`service-splitter`](/docs/connect/config-entries/service-splitter) config entry kind is the next stage after routing. A splitter config entry allows for a user to choose to split incoming requests @@ -77,12 +77,12 @@ union. For instance: --------------------- splitter[effective_B]: A_v1=25%, A_v2=25%, B=50% -[Examples](/docs/agent/config-entries/service-splitter#sample-config-entries) +[Examples](/docs/connect/config-entries/service-splitter#sample-config-entries) can be found in the `service-splitter` documentation. ### Resolution -A [`service-resolver`](/docs/agent/config-entries/service-resolver) config +A [`service-resolver`](/docs/connect/config-entries/service-resolver) config entry kind is the last stage. A resolver config entry allows for a user to define which instances of a @@ -114,7 +114,7 @@ not intended to be a drop-in replacement currently. These config entries may only reference other `service-resolver` entries. -[Examples](/docs/agent/config-entries/service-resolver#sample-config-entries) +[Examples](/docs/connect/config-entries/service-resolver#sample-config-entries) can be found in the `service-resolver` documentation. -> **Note:** `service-resolver` config entries kinds function at L4 (unlike diff --git a/website/content/docs/connect/observability/index.mdx b/website/content/docs/connect/observability/index.mdx index de40770f77..ab5d91c387 100644 --- a/website/content/docs/connect/observability/index.mdx +++ b/website/content/docs/connect/observability/index.mdx @@ -46,7 +46,7 @@ Find other possible metrics syncs in the [Connect Envoy documentation](/docs/con ### Service Protocol -You can specify the [service protocol](/docs/agent/config-entries/service-defaults#protocol) +You can specify the [service protocol](/docs/connect/config-entries/service-defaults#protocol) in the `service-defaults` configuration entry. You can override it in the [service registration](/docs/agent/services). By default, proxies only give you L4 metrics. This protocol allows proxies to handle requests at the right L7 diff --git a/website/content/docs/connect/proxies/envoy.mdx b/website/content/docs/connect/proxies/envoy.mdx index 14b8c5c8ea..5b0309cd1b 100644 --- a/website/content/docs/connect/proxies/envoy.mdx +++ b/website/content/docs/connect/proxies/envoy.mdx @@ -115,7 +115,7 @@ the ability to control some parts of the bootstrap config via proxy configuration options. Users can add the following configuration items to the [global `proxy-defaults` -configuration entry](/docs/agent/config-entries/proxy-defaults) or override them directly in the `proxy.config` field +configuration entry](/docs/connect/config-entries/proxy-defaults) or override them directly in the `proxy.config` field of a [proxy service definition](/docs/connect/registration/service-registration) or [`sidecar_service`](/docs/connect/registration/sidecar-service) block. @@ -124,7 +124,7 @@ definition](/docs/connect/registration/service-registration) or StatsD listener that Envoy should deliver metrics to. For example, this may be `udp://127.0.0.1:8125` if every host has a local StatsD listener. In this case users can configure this property once in the [global `proxy-defaults` - configuration entry](/docs/agent/config-entries/proxy-defaults) for convenience. Currently, TCP is not supported. + configuration entry](/docs/connect/config-entries/proxy-defaults) for convenience. Currently, TCP is not supported. ~> **Note:** currently the url **must use an ip address** not a dns name due to the way Envoy is setup for StatsD. @@ -135,7 +135,7 @@ definition](/docs/connect/registration/service-registration) or pod in a Kubernetes cluster to learn of a pod-specific IP address for StatsD when the Envoy instance is bootstrapped while still allowing global configuration of all proxies to use StatsD in the [global `proxy-defaults` - configuration entry](/docs/agent/config-entries/proxy-defaults). The env variable must contain a full valid URL + configuration entry](/docs/connect/config-entries/proxy-defaults). The env variable must contain a full valid URL value as specified above and nothing else. It is not currently possible to use environment variables as only part of the URL. @@ -179,7 +179,7 @@ to configure appropriate proxy settings for that service's proxies and also for the upstream listeners of any downstream service. One example is how users can define a service's protocol in a [`service-defaults` configuration -entry](/docs/agent/config-entries/service-defaults). Agents with +entry](/docs/connect/config-entries/service-defaults). Agents with [`enable_central_service_config`](/docs/agent/options#enable_central_service_config) set to true will automatically discover the protocol when configuring a proxy for a service. The proxy will discover the main protocol of the service it @@ -200,7 +200,7 @@ To learn about other options that can be configured centrally see the These fields may also be overridden explicitly in the [proxy service definition](/docs/connect/registration/service-registration), or defined in the [global `proxy-defaults` configuration -entry](/docs/agent/config-entries/proxy-defaults) to act as +entry](/docs/connect/config-entries/proxy-defaults) to act as defaults that are inherited by all services. - `protocol` - The protocol the service speaks. Connect's Envoy integration @@ -227,9 +227,9 @@ defaults that are inherited by all services. metrics with `gRPC-status` trailer codes. ~> **Note:** The protocol of a service should ideally be configured via the - [`protocol`](/docs/agent/config-entries/service-defaults#protocol) + [`protocol`](/docs/connect/config-entries/service-defaults#protocol) field of a - [`service-defaults`](/docs/agent/config-entries/service-defaults) + [`service-defaults`](/docs/connect/config-entries/service-defaults) config entry for the service. Configuring it in a proxy config will not fully enable some [L7 features](/docs/connect/l7-traffic-management). @@ -256,9 +256,9 @@ definition](/docs/connect/registration/service-registration) or the upstream. ~> **Note:** The protocol of a service should ideally be configured via the - [`protocol`](/docs/agent/config-entries/service-defaults#protocol) + [`protocol`](/docs/connect/config-entries/service-defaults#protocol) field of a - [`service-defaults`](/docs/agent/config-entries/service-defaults) + [`service-defaults`](/docs/connect/config-entries/service-defaults) config entry for the upstream destination service. Configuring it in a proxy upstream config will not fully enable some [L7 features](/docs/connect/l7-traffic-management). @@ -270,9 +270,9 @@ definition](/docs/connect/registration/service-registration) or ~> **Note:** The connection timeout for a service should ideally be configured via the - [`connect_timeout`](/docs/agent/config-entries/service-resolver#connecttimeout) + [`connect_timeout`](/docs/connect/config-entries/service-resolver#connecttimeout) field of a - [`service-resolver`](/docs/agent/config-entries/service-resolver) + [`service-resolver`](/docs/connect/config-entries/service-resolver) config entry for the upstream destination service. Configuring it in a proxy upstream config will override any values defined in config entries. It is supported here for backwards compatibility with Consul versions prior to 1.6.0. @@ -307,7 +307,7 @@ definition](/docs/connect/registration/service-registration) or These fields may also be overridden explicitly in the [proxy service definition](/docs/connect/registration/service-registration), or defined in the [global `proxy-defaults` configuration -entry](/docs/agent/config-entries/proxy-defaults) to act as +entry](/docs/connect/config-entries/proxy-defaults) to act as defaults that are inherited by all services. Prior to 1.8.0 these settings were specific to Mesh Gateways. The deprecated @@ -317,7 +317,7 @@ will continue to be supported. - `connect_timeout_ms` - The number of milliseconds to allow when making upstream connections before timing out. Defaults to 5000 (5 seconds). If the upstream service has the configuration option - [`connect_timeout_ms`](/docs/agent/config-entries/service-resolver#connecttimeout) + [`connect_timeout_ms`](/docs/connect/config-entries/service-resolver#connecttimeout) set for the `service-resolver`, that timeout value will take precedence over this gateway option. @@ -430,7 +430,7 @@ EOF Users may add the following configuration items to the [global `proxy-defaults` configuration -entry](/docs/agent/config-entries/proxy-defaults) or +entry](/docs/connect/config-entries/proxy-defaults) or override them directly in the `proxy.config` field of a [proxy service definition](/docs/connect/registration/service-registration) or [`sidecar_service`](/docs/connect/registration/sidecar-service) block. @@ -466,7 +466,7 @@ definition](/docs/connect/registration/service-registration) or Users may add the following configuration items to the [global `proxy-defaults` configuration -entry](/docs/agent/config-entries/proxy-defaults) or +entry](/docs/connect/config-entries/proxy-defaults) or override them directly in the `proxy.config` field of a [proxy service definition](/docs/connect/registration/service-registration) or [`sidecar_service`](/docs/connect/registration/sidecar-service) block. @@ -504,9 +504,9 @@ definition](/docs/connect/registration/service-registration) or [`sidecar_service`](/docs/connect/registration/sidecar-service) block. ~> **Note:** - When a -[`service-router`](/docs/agent/config-entries/service-router), -[`service-splitter`](/docs/agent/config-entries/service-splitter), or -[`service-resolver`](/docs/agent/config-entries/service-resolver) config +[`service-router`](/docs/connect/config-entries/service-router), +[`service-splitter`](/docs/connect/config-entries/service-splitter), or +[`service-resolver`](/docs/connect/config-entries/service-resolver) config entry exists for a service the below escape hatches are ignored and will log a warning. @@ -525,6 +525,6 @@ warning. customization of timeouts, circuit breaking, rate limits, load balancing strategy etc. -[protocol]: /docs/agent/config-entries/service-defaults#protocol +[protocol]: /docs/connect/config-entries/service-defaults#protocol [intentions]: /docs/connect/intentions [intentions]: /docs/connect/intentions diff --git a/website/content/docs/connect/proxies/integrate.mdx b/website/content/docs/connect/proxies/integrate.mdx index ac2e51d434..8fd08d3cf5 100644 --- a/website/content/docs/connect/proxies/integrate.mdx +++ b/website/content/docs/connect/proxies/integrate.mdx @@ -203,7 +203,7 @@ populate endpoints in memory will need to poll the endpoint at a suitable and ideally configurable frequency. -> **Note:** Long-term the [`service-resolver` config -entries](/docs/agent/config-entries/service-resolver) are intended to replace +entries](/docs/connect/config-entries/service-resolver) are intended to replace Prepared Queries in Consul entirely, but for now these are still used in some configurations. @@ -240,4 +240,4 @@ ID for the name specified in `-sidecar-for`. [`consul/connect/tls.go`]: https://github.com/hashicorp/consul/blob/v1.8.3/connect/tls.go#L232-L237 [discovery chain]: /docs/connect/l7-traffic/discovery-chain [`usecache`]: https://github.com/hashicorp/consul/blob/v1.8.3/api/api.go#L99-L102 -[protocol]: /docs/agent/config-entries/service-defaults#protocol +[protocol]: /docs/connect/config-entries/service-defaults#protocol diff --git a/website/content/docs/guides/connect-gateways.mdx b/website/content/docs/guides/connect-gateways.mdx index 1079d45677..a83cf5b485 100644 --- a/website/content/docs/guides/connect-gateways.mdx +++ b/website/content/docs/guides/connect-gateways.mdx @@ -234,7 +234,7 @@ $ consul connect envoy -mesh-gateway -register \ ### Configure Sidecar Proxies to use Gateways Next, create a [centralized -configuration](/docs/agent/config-entries/proxy-defaults) +configuration](/docs/connect/config-entries/proxy-defaults) file for all the sidecar proxies in both datacenters called `proxy-defaults.json`. This file will instruct the sidecar proxies to send all their inter-datacenter traffic through the gateways. It should contain the diff --git a/website/content/docs/guides/consul-splitting.mdx b/website/content/docs/guides/consul-splitting.mdx index a9b8cbfe3b..d817ef7c50 100644 --- a/website/content/docs/guides/consul-splitting.mdx +++ b/website/content/docs/guides/consul-splitting.mdx @@ -183,7 +183,7 @@ $ consul config write l7_config/api_service_defaults.json ``` Find more information on `service-defaults` configuration entries in the -[documentation](/docs/agent/config-entries/service-defaults). +[documentation](/docs/connect/config-entries/service-defaults). -> **Automation Tip:** To automate interactions with configuration entries, use the HTTP API endpoint [`http://localhost:8500/v1/config`](/api/config). @@ -232,7 +232,7 @@ $ consul config write l7_config/api_service_resolver.json ``` Find more information about service resolvers in the -[documentation](/docs/agent/config-entries/service-resolver). +[documentation](/docs/connect/config-entries/service-resolver). ### Configure Service Splitting - 100% of traffic to Version 1 diff --git a/website/content/docs/k8s/connect/terminating-gateways.mdx b/website/content/docs/k8s/connect/terminating-gateways.mdx index 473ced318c..fa52023eb3 100644 --- a/website/content/docs/k8s/connect/terminating-gateways.mdx +++ b/website/content/docs/k8s/connect/terminating-gateways.mdx @@ -156,8 +156,8 @@ $ consul acl token update -id -policy-name example-https-write-policy ### Create the configuration entry for the terminating gateway -Once the tokens have been updated, next write the Consul [config](/docs/agent/config-entries/terminating-gateway) -entry for the terminating gateway: +Once the tokens have been updated, create the [TerminatingGateway](/docs/connect/config-entries/terminating-gateway) +resource to configure the terminating gateway: ```hcl Kind = "terminating-gateway" diff --git a/website/content/docs/k8s/crds/index.mdx b/website/content/docs/k8s/crds/index.mdx index 21ac681aaa..185b46ce60 100644 --- a/website/content/docs/k8s/crds/index.mdx +++ b/website/content/docs/k8s/crds/index.mdx @@ -18,14 +18,14 @@ cluster-wide defaults for the service mesh. We currently support the follow configuration entry kinds: -- [`ProxyDefaults`](/docs/agent/config-entries/proxy-defaults) -- [`ServiceDefaults`](/docs/agent/config-entries/service-defaults) -- [`ServiceSplitter`](/docs/agent/config-entries/service-splitter) -- [`ServiceRouter`](/docs/agent/config-entries/service-router) -- [`ServiceResolver`](/docs/agent/config-entries/service-resolver) -- [`ServiceIntentions`](/docs/agent/config-entries/service-intentions) (requires Consul >= 1.9.0) -- [`IngressGateway`](/docs/agent/config-entries/ingress-gateway) -- [`TerminatingGateway`](/docs/agent/config-entries/terminating-gateway) +- [`ProxyDefaults`](/docs/connect/config-entries/proxy-defaults) +- [`ServiceDefaults`](/docs/connect/config-entries/service-defaults) +- [`ServiceSplitter`](/docs/connect/config-entries/service-splitter) +- [`ServiceRouter`](/docs/connect/config-entries/service-router) +- [`ServiceResolver`](/docs/connect/config-entries/service-resolver) +- [`ServiceIntentions`](/docs/connect/config-entries/service-intentions) (requires Consul >= 1.9.0) +- [`IngressGateway`](/docs/connect/config-entries/ingress-gateway) +- [`TerminatingGateway`](/docs/connect/config-entries/terminating-gateway) ## Installation diff --git a/website/content/docs/upgrading/upgrade-specific.mdx b/website/content/docs/upgrading/upgrade-specific.mdx index cb7926b8e3..edcf20906f 100644 --- a/website/content/docs/upgrading/upgrade-specific.mdx +++ b/website/content/docs/upgrading/upgrade-specific.mdx @@ -45,7 +45,7 @@ namespace with a query parameter of `?ns=*`. Upgrading to Consul 1.9.0 will trigger a one-time background migration of [intentions](/docs/connect/intentions) into an equivalent set of -[`service-intentions`](/docs/agent/config-entries/service-intentions) config +[`service-intentions`](/docs/connect/config-entries/service-intentions) config entries. This process will wait until all of the Consul servers in the primary datacenter are running Consul 1.9.0+. @@ -73,22 +73,22 @@ re-created via the old endpoints. Fields that are being removed or changing behavior: - `Intention.ID` after migration is stored in the - [`LegacyID`](/docs/agent/config-entries/service-intentions#legacyid) field. + [`LegacyID`](/docs/connect/config-entries/service-intentions#legacyid) field. After transitioning this field is cleared. - `Intention.CreatedAt` after migration is stored in the - [`LegacyCreateTime`](/docs/agent/config-entries/service-intentions#legacycreatetime) + [`LegacyCreateTime`](/docs/connect/config-entries/service-intentions#legacycreatetime) field. After transitioning this field is cleared. - `Intention.UpdatedAt` after migration is stored in the - [`LegacyUpdateTime`](/docs/agent/config-entries/service-intentions#legacyupdatetime) + [`LegacyUpdateTime`](/docs/connect/config-entries/service-intentions#legacyupdatetime) field. After transitioning this field is cleared. - `Intention.Meta` after migration is stored in the - [`LegacyMeta`](/docs/agent/config-entries/service-intentions#legacymeta) + [`LegacyMeta`](/docs/connect/config-entries/service-intentions#legacymeta) field. To complete the transition, this field **must be cleared manually** and the metadata moved up to the enclosing config entry's - [`Meta`](/docs/agent/config-entries/service-intentions#meta) field. This is + [`Meta`](/docs/connect/config-entries/service-intentions#meta) field. This is not done automatically since it is potentially a lossy operation. ## Consul 1.8.0 diff --git a/website/data/docs-navigation.js b/website/data/docs-navigation.js index 45fce1bd10..a28affc2b3 100644 --- a/website/data/docs-navigation.js +++ b/website/data/docs-navigation.js @@ -56,6 +56,19 @@ export default [ content: [ 'connect-internals', 'configuration', + { + category: 'config-entries', + content: [ + 'ingress-gateway', + 'proxy-defaults', + 'service-defaults', + 'service-intentions', + 'service-resolver', + 'service-router', + 'service-splitter', + 'terminating-gateway', + ], + }, { category: 'proxies', content: ['envoy', 'built-in', 'integrate'], @@ -207,23 +220,7 @@ export default [ }, { category: 'agent', - content: [ - 'options', - { - category: 'config-entries', - content: [ - 'ingress-gateway', - 'proxy-defaults', - 'service-defaults', - 'service-intentions', - 'service-resolver', - 'service-router', - 'service-splitter', - 'terminating-gateway', - ], - }, - 'telemetry', - ], + content: ['options', 'config-entries', 'telemetry'], }, { category: 'security', @@ -239,6 +236,10 @@ export default [ ], }, 'encryption', + { + category: 'security-models', + content: ['core', 'nia'], + }, ], }, {