diff --git a/website/content/api-docs/acl/auth-methods.mdx b/website/content/api-docs/acl/auth-methods.mdx index 6f1caeb478..506f29a6d4 100644 --- a/website/content/api-docs/acl/auth-methods.mdx +++ b/website/content/api-docs/acl/auth-methods.mdx @@ -14,7 +14,7 @@ The `/acl/auth-method` endpoints [create](#create-an-auth-method), ACL auth methods in Consul. For more information on how to setup ACLs, please check -the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production). +the [ACL tutorial](/consul/tutorials/security/access-control-setup-production?utm_source=docs). ## Create an Auth Method diff --git a/website/content/api-docs/acl/binding-rules.mdx b/website/content/api-docs/acl/binding-rules.mdx index 9c150a3504..0db3cd0221 100644 --- a/website/content/api-docs/acl/binding-rules.mdx +++ b/website/content/api-docs/acl/binding-rules.mdx @@ -14,7 +14,7 @@ The `/acl/binding-rule` endpoints [create](#create-a-binding-rule), rules in Consul. For more information on how to setup ACLs, please check -the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production). +the [ACL tutorial](/consul/tutorials/security/access-control-setup-production?utm_source=docs). ## Create a Binding Rule diff --git a/website/content/api-docs/acl/index.mdx b/website/content/api-docs/acl/index.mdx index 8c727d54b6..919437ad74 100644 --- a/website/content/api-docs/acl/index.mdx +++ b/website/content/api-docs/acl/index.mdx @@ -11,7 +11,7 @@ description: The /acl endpoints manage the Consul's ACL system. The `/acl` endpoints are used to manage ACL tokens and policies in Consul, [bootstrap the ACL system](#bootstrap-acls), [check ACL replication status](#check-acl-replication), and [translate rules](#translate-rules). There are additional pages for managing [tokens](/api-docs/acl/tokens) and [policies](/api-docs/acl/policies) with the `/acl` endpoints. For more information on how to setup ACLs, please check -the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production). +the [ACL tutorial](/consul/tutorials/security/access-control-setup-production?utm_source=docs). ## Bootstrap ACLs @@ -80,7 +80,7 @@ consider the cluster in a potentially compromised state. The returned token will have unrestricted privileges to manage all details of the system. It can then be used to further configure the ACL system. Please check the -[ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production) for more details. +[ACL tutorial](/consul/tutorials/security/access-control-setup-production?utm_source=docs) for more details. ## Check ACL Replication @@ -88,7 +88,7 @@ This endpoint returns the status of the ACL replication processes in the datacenter. This is intended to be used by operators or by automation checking to discover the health of ACL replication. -Please check the [ACL Replication tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-replication-multiple-datacenters) +Please check the [ACL Replication tutorial](/consul/tutorials/security-operations/access-control-replication-multiple-datacenters?utm_source=docs) for more details. | Method | Path | Produces | diff --git a/website/content/api-docs/acl/legacy.mdx b/website/content/api-docs/acl/legacy.mdx index c465f6d8ec..b605c8205d 100644 --- a/website/content/api-docs/acl/legacy.mdx +++ b/website/content/api-docs/acl/legacy.mdx @@ -14,7 +14,7 @@ the new ACL [Token](/api-docs/acl/tokens) and [Policy](/api-docs/acl/policies) A The legacy `/acl` endpoints to create, update, destroy, and query legacy ACL tokens in Consul. -For more information about ACLs, please check the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production). +For more information about ACLs, please check the [ACL tutorial](/consul/tutorials/security/access-control-setup-production?utm_source=docs). ## Create ACL Token diff --git a/website/content/api-docs/acl/policies.mdx b/website/content/api-docs/acl/policies.mdx index 2e21c5f9c0..822c93c3d4 100644 --- a/website/content/api-docs/acl/policies.mdx +++ b/website/content/api-docs/acl/policies.mdx @@ -13,7 +13,7 @@ The `/acl/policy` endpoints [create](#create-a-policy), [read](#read-a-policy), [delete](#delete-a-policy) ACL policies in Consul. For more information on how to setup ACLs, please check -the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production). +the [ACL tutorial](/consul/tutorials/security/access-control-setup-production?utm_source=docs). ## Create a Policy diff --git a/website/content/api-docs/acl/roles.mdx b/website/content/api-docs/acl/roles.mdx index 7ceab04956..6faf7c425f 100644 --- a/website/content/api-docs/acl/roles.mdx +++ b/website/content/api-docs/acl/roles.mdx @@ -12,7 +12,7 @@ The `/acl/role` endpoints [create](#create-a-role), [read](#read-a-role), [update](#update-a-role), [list](#list-roles) and [delete](#delete-a-role) ACL roles in Consul. For more information on how to setup ACLs, please check -the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production). +the [ACL tutorial](/consul/tutorials/security/access-control-setup-production?utm_source=docs). ## Create a Role diff --git a/website/content/api-docs/acl/tokens.mdx b/website/content/api-docs/acl/tokens.mdx index 1a31802579..078ced9401 100644 --- a/website/content/api-docs/acl/tokens.mdx +++ b/website/content/api-docs/acl/tokens.mdx @@ -12,7 +12,7 @@ The `/acl/token` endpoints [create](#create-a-token), [read](#read-a-token), [update](#update-a-token), [list](#list-tokens), [clone](#clone-a-token) and [delete](#delete-a-token) ACL tokens in Consul. For more information on how to setup ACLs, please check -the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production). +the [ACL tutorial](/consul/tutorials/security/access-control-setup-production?utm_source=docs). ## Create a Token diff --git a/website/content/api-docs/kv.mdx b/website/content/api-docs/kv.mdx index abec2bc7a7..de2403ef6b 100644 --- a/website/content/api-docs/kv.mdx +++ b/website/content/api-docs/kv.mdx @@ -210,7 +210,7 @@ The corresponding CLI command is [`consul kv put`](/commands/kv/put). session has locked the key.** For an example of how to use the lock feature, check the - [Leader Election tutorial](https://learn.hashicorp.com/tutorials/consul/application-leader-elections). + [Leader Election tutorial](/consul/tutorials/developer-configuration/application-leader-elections?utm_source=docs). - `release` `(string: "")` - Supply a session ID to use in a release operation. This is useful when paired with `?acquire=` as it allows clients to yield a lock. This diff --git a/website/content/api-docs/operator/area.mdx b/website/content/api-docs/operator/area.mdx index 104eda9b29..96ca651173 100644 --- a/website/content/api-docs/operator/area.mdx +++ b/website/content/api-docs/operator/area.mdx @@ -24,7 +24,7 @@ datacenters, so not all servers need to be fully connected. This allows for complex topologies among Consul datacenters like hub/spoke and more general trees. -Please check the [Network Areas tutorial](https://learn.hashicorp.com/tutorials/consul/federation-network-areas) for more details. +Please check the [Network Areas tutorial](/consul/tutorials/datacenter-operations/federation-network-areas?utm_source=docs) for more details. ## Create Network Area diff --git a/website/content/api-docs/operator/autopilot.mdx b/website/content/api-docs/operator/autopilot.mdx index 9841d13e1f..24025bec8a 100644 --- a/website/content/api-docs/operator/autopilot.mdx +++ b/website/content/api-docs/operator/autopilot.mdx @@ -13,7 +13,7 @@ The `/operator/autopilot` endpoints allow for automatic operator-friendly management of Consul servers including cleanup of dead servers, monitoring the state of the Raft cluster, and stable server introduction. -Please check the [Autopilot tutorial](https://learn.hashicorp.com/tutorials/consul/autopilot-datacenter-operations) for more details. +Please check the [Autopilot tutorial](/consul/tutorials/datacenter-operations/autopilot-datacenter-operations?utm_source=docs) for more details. ## Read Configuration diff --git a/website/content/api-docs/operator/index.mdx b/website/content/api-docs/operator/index.mdx index 6bfaf034d2..2755975ad1 100644 --- a/website/content/api-docs/operator/index.mdx +++ b/website/content/api-docs/operator/index.mdx @@ -17,7 +17,7 @@ If ACLs are enabled then a token with operator privileges may be required in order to use this interface. Check the [ACL Rules documentation](/docs/security/acl/acl-rules#operator-rules) for more information. -Check the [Outage Recovery](https://learn.hashicorp.com/tutorials/consul/recovery-outage) tutorial for some examples of +Check the [Outage Recovery](/consul/tutorials/datacenter-operations/recovery-outage?utm_source=docs) tutorial for some examples of how these capabilities are used. Please choose a sub-section in the navigation for more information. diff --git a/website/content/api-docs/operator/segment.mdx b/website/content/api-docs/operator/segment.mdx index 65adc134da..e15cc5302f 100644 --- a/website/content/api-docs/operator/segment.mdx +++ b/website/content/api-docs/operator/segment.mdx @@ -18,7 +18,7 @@ The network area functionality described here is available only in later. Network segments are operator-defined sections of agents on the LAN, typically isolated from other segments by network configuration. -Please check the [Network Segments tutorial](https://learn.hashicorp.com/tutorials/consul/network-partition-datacenters) for more details. +Please check the [Network Segments tutorial](/consul/tutorials/datacenter-operations/network-partition-datacenters?utm_source=docs) for more details. ## List Network Segments diff --git a/website/content/api-docs/query.mdx b/website/content/api-docs/query.mdx index 4ad4e2e905..224a331bf9 100644 --- a/website/content/api-docs/query.mdx +++ b/website/content/api-docs/query.mdx @@ -14,7 +14,7 @@ service. This is particularly useful in combination with Consul's [DNS Interface](/docs/discovery/dns#prepared-query-lookups) as it allows for much richer queries than would be possible given the limited entry points exposed by DNS. -Check the [Geo Failover tutorial](https://learn.hashicorp.com/tutorials/consul/automate-geo-failover) for details and +Check the [Geo Failover tutorial](/consul/tutorials/developer-discovery/automate-geo-failover?utm_source=docs) for details and examples for using prepared queries to implement geo failover for services. Check the [prepared query rules](/docs/security/acl/acl-rules#prepared-query-rules) diff --git a/website/content/api-docs/session.mdx b/website/content/api-docs/session.mdx index 21d4759cf0..345c1d9f6f 100644 --- a/website/content/api-docs/session.mdx +++ b/website/content/api-docs/session.mdx @@ -77,7 +77,7 @@ The table below shows this endpoint's support for 86400s). If provided, the session is invalidated if it is not renewed before the TTL expires. The lowest practical TTL should be used to keep the number of managed sessions low. When locks are forcibly expired, such as when following - the [leader election pattern](https://learn.hashicorp.com/tutorials/consul/application-leader-elections) in an application, + the [leader election pattern](/consul/tutorials/developer-configuration/application-leader-elections?utm_source=docs) in an application, sessions may not be reaped for up to double this TTL, so long TTL values (> 1 hour) should be avoided. Valid time units include "s", "m" and "h". diff --git a/website/content/commands/acl/bootstrap.mdx b/website/content/commands/acl/bootstrap.mdx index d33c550e60..6db27503a1 100644 --- a/website/content/commands/acl/bootstrap.mdx +++ b/website/content/commands/acl/bootstrap.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/acl/bootstrap](/api-docs/acl#boots The `acl bootstrap` command will request Consul to generate a new token with unlimited privileges to use for management purposes and output its details. This can only be done once and afterwards bootstrapping will be disabled. If all tokens are lost and you need to bootstrap again you can follow the bootstrap -[reset procedure](https://learn.hashicorp.com/consul/security-networking/acl-troubleshooting?utm_source=consul.io&utm_medium=docs#reset-the-acl-system). +[reset procedure](/consul/tutorials/security/access-control-troubleshoot?utm_source=docs#reset-the-acl-system). The table below shows this command's [required ACLs](/api#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) diff --git a/website/content/commands/acl/token/update.mdx b/website/content/commands/acl/token/update.mdx index b8360dba2e..8f5ce80f1e 100644 --- a/website/content/commands/acl/token/update.mdx +++ b/website/content/commands/acl/token/update.mdx @@ -66,7 +66,7 @@ Usage: `consul acl token update [options]` specified grant equivalent or appropriate access for the existing clients using this token. You can find examples on how to use the parameter in the [legacy token -migration](https://learn.hashicorp.com/consul/day-2-agent-authentication/migrate-acl-tokens) +migration](/consul/tutorials/security-operations/access-control-token-migration?utm_source=docs) guide. - `-format={pretty|json}` - Command output format. The default value is `pretty`. diff --git a/website/content/commands/force-leave.mdx b/website/content/commands/force-leave.mdx index 399bf412b3..4cc7d841c2 100644 --- a/website/content/commands/force-leave.mdx +++ b/website/content/commands/force-leave.mdx @@ -57,7 +57,7 @@ consul force-leave ec2-001-staging ``` When run on a server that is part of a -[WAN gossip pool](https://learn.hashicorp.com/consul/security-networking/datacenters), +[WAN gossip pool](/consul/tutorials/networking/federation-gossip-wan?utm_source=docs), `force-leave` can remove failed servers in other datacenters from the WAN pool. The identifying node-name in a WAN pool is `[node-name].[datacenter]`. diff --git a/website/content/commands/kv/put.mdx b/website/content/commands/kv/put.mdx index daa916f293..41c19db29a 100644 --- a/website/content/commands/kv/put.mdx +++ b/website/content/commands/kv/put.mdx @@ -132,7 +132,7 @@ Success! Data written to: leaderboard/scores ``` ~> **Warning**: For secret and sensitive values, you should consider using a -secret management solution like **[HashiCorp's Vault](https://learn.hashicorp.com/tutorials/vault/static-secrets?in=vault/secrets-management)**. +secret management solution like **[HashiCorp's Vault](/vault/tutorials/secrets-management/static-secrets?utm_source=docs)**. While it is possible to encrypt data before writing it to Consul's KV store, Consul provides no built-in support for encryption at-rest. diff --git a/website/content/commands/license.mdx b/website/content/commands/license.mdx index 08ee230b03..0fe27cf810 100644 --- a/website/content/commands/license.mdx +++ b/website/content/commands/license.mdx @@ -20,7 +20,7 @@ Consul Enterprise license management. If ACLs are enabled then a token with operator privileges may be required in order to use this command. Requests are forwarded internally to the leader if required, so this can be run from any Consul node in a cluster. See the -[ACL Guide](https://learn.hashicorp.com/consul/security-networking/production-acls) for more information. +[ACL Guide](/consul/tutorials/security/access-control-setup-production?utm_source=docs) for more information. ```text Usage: consul license [options] [args] diff --git a/website/content/commands/lock.mdx b/website/content/commands/lock.mdx index 0c12dff7f1..52ed729c2e 100644 --- a/website/content/commands/lock.mdx +++ b/website/content/commands/lock.mdx @@ -18,11 +18,11 @@ communication is disrupted, the child process is terminated. The number of lock holders is configurable with the `-n` flag. By default, a single holder is allowed, and a lock is used for mutual exclusion. This -uses the [leader election algorithm](https://learn.hashicorp.com/consul/developer-configuration/elections). +uses the [leader election algorithm](/consul/tutorials/developer-configuration/application-leader-elections?utm_source=docs). If the lock holder count is more than one, then a semaphore is used instead. A semaphore allows more than a single holder, but this is less efficient than -a simple lock. This follows the [semaphore algorithm](https://learn.hashicorp.com/consul/developer-configuration/semaphore). +a simple lock. This follows the [semaphore algorithm](/consul/tutorials/developer-configuration/distributed-semaphore?utm_source=docs). All locks using the same prefix must agree on the value of `-n`. If conflicting values of `-n` are provided, an error will be returned. diff --git a/website/content/commands/operator/area.mdx b/website/content/commands/operator/area.mdx index 22a02387b0..02d26a7348 100644 --- a/website/content/commands/operator/area.mdx +++ b/website/content/commands/operator/area.mdx @@ -21,7 +21,7 @@ and relationships can be made between independent pairs of datacenters, so not a need to be fully connected. This allows for complex topologies among Consul datacenters like hub/spoke and more general trees. -See the [Network Areas Guide](https://learn.hashicorp.com/consul/day-2-operations/advanced-federation) for more details. +See the [Network Areas Guide](/consul/tutorials/datacenter-operations/federation-network-areas?utm_source=docs) for more details. ```text Usage: consul operator area [options] diff --git a/website/content/commands/operator/autopilot.mdx b/website/content/commands/operator/autopilot.mdx index 3d05f79865..ef87ac6dae 100644 --- a/website/content/commands/operator/autopilot.mdx +++ b/website/content/commands/operator/autopilot.mdx @@ -12,7 +12,7 @@ Command: `consul operator autopilot` The Autopilot operator command is used to interact with Consul's Autopilot subsystem. The command can be used to view or modify the current Autopilot configuration. See the -[Autopilot Guide](https://learn.hashicorp.com/consul/day-2-operations/autopilot) for more information about Autopilot. +[Autopilot Guide](/consul/tutorials/datacenter-operations/autopilot-datacenter-operations?utm_source=docs) for more information about Autopilot. ```text Usage: consul operator autopilot [options] diff --git a/website/content/commands/operator/index.mdx b/website/content/commands/operator/index.mdx index 067632298b..fc19ea9a68 100644 --- a/website/content/commands/operator/index.mdx +++ b/website/content/commands/operator/index.mdx @@ -18,9 +18,9 @@ outage and even loss of data. If ACLs are enabled then a token with operator privileges may be required in order to use this command. Requests are forwarded internally to the leader if required, so this can be run from any Consul node in a cluster. See the -[ACL Guide](https://learn.hashicorp.com/consul/security-networking/production-acls) for more information. +[ACL Guide](/consul/tutorials/security/access-control-setup-production?utm_source=docs) for more information. -See the [Outage Recovery](https://learn.hashicorp.com/consul/day-2-operations/outage) guide for some examples of how +See the [Outage Recovery](/consul/tutorials/datacenter-operations/recovery-outage?utm_source=docs) guide for some examples of how this command is used. For an API to perform these operations programmatically, please see the documentation for the [Operator](/api-docs/operator) endpoint. diff --git a/website/content/docs/agent/config/config-files.mdx b/website/content/docs/agent/config/config-files.mdx index 2631378731..873367cf22 100644 --- a/website/content/docs/agent/config/config-files.mdx +++ b/website/content/docs/agent/config/config-files.mdx @@ -106,7 +106,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." - `alt_domain` Equivalent to the [`-alt-domain` command-line flag](/docs/agent/config/cli-flags#_alt_domain) - `audit` - Added in Consul 1.8, the audit object allow users to enable auditing - and configure a sink and filters for their audit logs. For more information, review the [audit log tutorial](https://learn.hashicorp.com/tutorials/consul/audit-logging). + and configure a sink and filters for their audit logs. For more information, review the [audit log tutorial](/consul/tutorials/datacenter-operations/audit-logging?utm_source=docs). @@ -182,7 +182,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." respected on bootstrapping. If they are not provided, the defaults will be used. In order to change the value of these options after bootstrapping, you will need to use the [Consul Operator Autopilot](/commands/operator/autopilot) - command. For more information about Autopilot, review the [Autopilot tutorial](https://learn.hashicorp.com/tutorials/consul/autopilot-datacenter-operations). + command. For more information about Autopilot, review the [Autopilot tutorial](/consul/tutorials/datacenter-operations/autopilot-datacenter-operations?utm_source=docs). The following sub-keys are available: @@ -495,7 +495,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." only works with API endpoints, not `/ui` or `/debug`, those must be disabled with their respective configuration options. Any CLI commands that use disabled endpoints will no longer function as well. For more general access control, Consul's - [ACL system](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production) + [ACL system](/consul/tutorials/security/access-control-setup-production?utm_source=docs) should be used, but this option is useful for removing access to HTTP API endpoints completely, or on specific agents. This is available in Consul 0.9.0 and later. @@ -940,7 +940,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." This designates the datacenter which is authoritative for ACL information. It must be provided to enable ACLs. All servers and datacenters must agree on the ACL datacenter. Setting it on the servers is all you need for cluster-level enforcement, but for the APIs to forward properly from the clients, it must be set on them too. In Consul 0.8 and later, this also enables agent-level enforcement - of ACLs. Please review the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production) for more details. + of ACLs. Please review the [ACL tutorial](/consul/tutorials/security/access-control-setup-production?utm_source=docs) for more details. - `acl_default_policy` ((#acl_default_policy_legacy)) - **Deprecated in Consul 1.4.0. See the [`acl.default_policy`](#acl_default_policy) field instead.** Either "allow" or "deny"; defaults to "allow". The default policy controls the @@ -990,7 +990,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." - `acl_replication_token` ((#acl_replication_token_legacy)) - **Deprecated in Consul 1.4.0. See the [`acl.tokens.replication`](#acl_tokens_replication) field instead.** Only used for servers outside the [`primary_datacenter`](#primary_datacenter) - running Consul 0.7 or later. When provided, this will enable [ACL replication](https://learn.hashicorp.com/tutorials/consul/access-control-replication-multiple-datacenters) + running Consul 0.7 or later. When provided, this will enable [ACL replication](/consul/tutorials/security-operations/access-control-replication-multiple-datacenters?utm_source=docs) using this ACL replication using this token to retrieve and replicate the ACLs to the non-authoritative local datacenter. In Consul 0.9.1 and later you can enable ACL replication using [`acl.enable_token_replication`](#acl_enable_token_replication) and then @@ -1225,7 +1225,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." ## DNS and Domain Parameters - `dns_config` This object allows a number of sub-keys - to be set which can tune how DNS queries are serviced. Check the tutorial on [DNS caching](https://learn.hashicorp.com/tutorials/consul/dns-caching) for more detail. + to be set which can tune how DNS queries are serviced. Check the tutorial on [DNS caching](/consul/tutorials/networking/dns-caching?utm_source=docs) for more detail. The following sub-keys are available: diff --git a/website/content/docs/agent/config/index.mdx b/website/content/docs/agent/config/index.mdx index 11953b506a..cd341f55b0 100644 --- a/website/content/docs/agent/config/index.mdx +++ b/website/content/docs/agent/config/index.mdx @@ -40,7 +40,7 @@ documented below in the configuration reload. You can test the following configuration options by following the -[Getting Started](https://learn.hashicorp.com/tutorials/consul/get-started-install?utm_source=consul.io&utm_medium=docs) +[Getting Started](/consul/tutorials/getting-started/get-started-install?utm_source=docs) tutorials to install a local agent. ## Ports Used diff --git a/website/content/docs/agent/index.mdx b/website/content/docs/agent/index.mdx index 09ee879159..37029ccd4a 100644 --- a/website/content/docs/agent/index.mdx +++ b/website/content/docs/agent/index.mdx @@ -73,11 +73,11 @@ Refer to the following sections for information about host, port, memory, and ot - [Server Performance](/docs/install/performance) - [Required Ports](/docs/install/ports) -The [Datacenter Deploy tutorial](https://learn.hashicorp.com/tutorials/consul/reference-architecture?in=consul/production-deploy#deployment-system-requirements) contains additional information, including licensing configuration, environment variables, and other details. +The [Datacenter Deploy tutorial](/consul/tutorials/production-deploy/reference-architecture?utm_source=docs) contains additional information, including licensing configuration, environment variables, and other details. ### Maximum Latency Network requirements -Consul uses the gossip protocol to share information across agents. To function properly, you cannot exceed the protocol’s maximum latency threshold. The latency threshold is calculated according to the total round trip time (RTT) for communication between all agents. Other network usages outside of Gossip are not bound by these latency requirements (i.e. client to server RPCs, HTTP API requests, xDS proxy configuration, DNS). +Consul uses the gossip protocol to share information across agents. To function properly, you cannot exceed the protocol's maximum latency threshold. The latency threshold is calculated according to the total round trip time (RTT) for communication between all agents. Other network usages outside of Gossip are not bound by these latency requirements (i.e. client to server RPCs, HTTP API requests, xDS proxy configuration, DNS). For data sent between all Consul agents the following latency requirements must be met: @@ -97,7 +97,7 @@ The `-dev` flag is provided for learning purposes only. We strongly advise against using it for production environments. -> **Getting Started Tutorials**: You can test a local agent by following the -[Getting Started tutorials](https://learn.hashicorp.com/tutorials/consul/get-started-install?utm_source=consul.io&utm_medium=docs). +[Getting Started tutorials](/consul/tutorials/getting-started/get-started-install?utm_source=docs). When starting Consul with the `-dev` flag, the only additional information Consul needs to run is the location of a directory for storing agent state data. You can specify the location with the `-data-dir` flag or define the location in an external file and point the file with the `-config-file` flag. diff --git a/website/content/docs/agent/telemetry.mdx b/website/content/docs/agent/telemetry.mdx index 8b4f923435..ec741f0b32 100644 --- a/website/content/docs/agent/telemetry.mdx +++ b/website/content/docs/agent/telemetry.mdx @@ -27,13 +27,13 @@ it will dump the current telemetry information to the agent's `stderr`. This telemetry information can be used for debugging or otherwise getting a better view of what Consul is doing. Review the [Monitoring and -Metrics tutorial](https://learn.hashicorp.com/tutorials/consul/monitor-datacenter-health?utm_source=consul.io&utm_medium=docs) to learn how collect and interpret Consul data. +Metrics tutorial](/consul/tutorials/day-2-operations/monitor-datacenter-health?utm_source=docs) to learn how collect and interpret Consul data. Additionally, if the [`telemetry` configuration options](/docs/agent/config/config-files#telemetry) are provided, the telemetry information will be streamed to a [statsite](http://github.com/armon/statsite) or [statsd](http://github.com/etsy/statsd) server where it can be aggregated and flushed to Graphite or any other metrics store. -For a configuration example for Telegraf, review the [Monitoring with Telegraf tutorial](https://learn.hashicorp.com/tutorials/consul/monitor-health-telegraf?utm_source=consul.io&utm_medium=docs). +For a configuration example for Telegraf, review the [Monitoring with Telegraf tutorial](/consul/tutorials/day-2-operations/monitor-health-telegraf?utm_source=docs). This information can also be viewed with the [metrics endpoint](/api-docs/agent#view-metrics) in JSON @@ -456,7 +456,7 @@ These metrics are used to monitor the health of the Consul servers. | `consul.raft.leader.dispatchNumLogs` | Measures the number of logs committed to disk in a batch. | logs | gauge | | `consul.raft.leader.lastContact` | Measures the time since the leader was last able to contact the follower nodes when checking its leader lease. It can be used as a measure for how stable the Raft timing is and how close the leader is to timing out its lease.The lease timeout is 500 ms times the [`raft_multiplier` configuration](/docs/agent/config/config-files#raft_multiplier), so this telemetry value should not be getting close to that configured value, otherwise the Raft timing is marginal and might need to be tuned, or more powerful servers might be needed. See the [Server Performance](/docs/install/performance) guide for more details. | ms | timer | | `consul.raft.leader.oldestLogAge` | The number of milliseconds since the _oldest_ log in the leader's log store was written. This can be important for replication health where write rate is high and the snapshot is large as followers may be unable to recover from a restart if restoring takes longer than the minimum value for the current leader. Compare this with `consul.raft.fsm.lastRestoreDuration` and `consul.raft.rpc.installSnapshot` to monitor. In normal usage this gauge value will grow linearly over time until a snapshot completes on the leader and the log is truncated. Note: this metric won't be emitted until the leader writes a snapshot. After an upgrade to Consul 1.10.0 it won't be emitted until the oldest log was written after the upgrade. | ms | gauge | -| `consul.raft.replication.heartbeat` | Measures the time taken to invoke appendEntries on a peer, so that it doesn’t timeout on a periodic basis. | ms | timer | +| `consul.raft.replication.heartbeat` | Measures the time taken to invoke appendEntries on a peer, so that it doesn't timeout on a periodic basis. | ms | timer | | `consul.raft.replication.appendEntries` | Measures the time it takes to replicate log entries to followers. This is a general indicator of the load pressure on the Consul servers, as well as the performance of the communication between the servers. | ms | timer | | `consul.raft.replication.appendEntries.rpc` | Measures the time taken by the append entries RFC, to replicate the log entries of a leader agent onto its follower agent(s) | ms | timer | | `consul.raft.replication.appendEntries.logs` | Measures the number of logs replicated to an agent, to bring it up to speed with the leader's logs. | logs appended/ interval | counter | diff --git a/website/content/docs/api-gateway/index.mdx b/website/content/docs/api-gateway/index.mdx index 6a811fd71b..d601a30e51 100644 --- a/website/content/docs/api-gateway/index.mdx +++ b/website/content/docs/api-gateway/index.mdx @@ -15,7 +15,7 @@ Consul API Gateway is an add-on for Consul that helps users control access to se Consul API Gateway solves the following primary use cases: -- **Controlling access at the point of entry**: Consul API Gateway allows users to set the protocols of external connection requests and provide clients with TLS certificates from trusted providers (e.g., Verisign, Let’s Encrypt). +- **Controlling access at the point of entry**: Consul API Gateway allows users to set the protocols of external connection requests and provide clients with TLS certificates from trusted providers (e.g., Verisign, Let's Encrypt). - **Simplifying traffic management**: The Consul API Gateway can load balance requests across services and route traffic to the appropriate service by matching one or more criteria, such as hostname, path, header presence or value, and HTTP Method type (e.g., GET, POST, PATCH). ## How Does Consul API Gateway Work? @@ -42,4 +42,4 @@ are used, see the [documentation in our GitHub repo](https://github.com/hashicor ## Additional Resources -You can learn more about using Consul API Gateway by completing the [Consul API Gateway tutorial](https://learn.hashicorp.com/tutorials/consul/kubernetes-api-gateway). +You can learn more about using Consul API Gateway by completing the [Consul API Gateway tutorial](/consul/tutorials/developer-mesh/kubernetes-api-gateway?utm_source=docs). diff --git a/website/content/docs/architecture/coordinates.mdx b/website/content/docs/architecture/coordinates.mdx index 1e642b31b7..d90e2b698e 100644 --- a/website/content/docs/architecture/coordinates.mdx +++ b/website/content/docs/architecture/coordinates.mdx @@ -31,7 +31,7 @@ Network coordinates manifest in several ways inside Consul: - [Prepared queries](/api-docs/query) can automatically fail over services to other Consul datacenters based on network round trip times. See the - [Geo Failover](https://learn.hashicorp.com/tutorials/consul/automate-geo-failover) for some examples. + [Geo Failover](/consul/tutorials/developer-discovery/automate-geo-failover?utm_source=docs) for some examples. - The [Coordinate endpoint](/api-docs/coordinate) exposes raw network coordinates for use in other applications. diff --git a/website/content/docs/architecture/improving-consul-resilience.mdx b/website/content/docs/architecture/improving-consul-resilience.mdx index 9d1779ae7d..ab6453b554 100644 --- a/website/content/docs/architecture/improving-consul-resilience.mdx +++ b/website/content/docs/architecture/improving-consul-resilience.mdx @@ -36,7 +36,7 @@ Without a quorum, Consul experiences an outage: it cannot provide most of its capabilities because they rely on the availability of this state information. If Consul has an outage, normal operation can be restored by following the -[outage recovery guide](https://learn.hashicorp.com/tutorials/consul/recovery-outage). +[outage recovery guide](/consul/tutorials/datacenter-operations/recovery-outage?utm_source=docs). If Consul is deployed with 3 servers, the quorum size is 2. The deployment can lose 1 server and still maintain quorum, so it has a fault tolerance of 1. @@ -80,7 +80,7 @@ to protect your Consul datacenter from a single zone-level failure. For example, if deploying 5 Consul servers across 3 availability zones, place no more than 2 servers in each zone. If one zone fails, at most 2 servers are lost and quorum will be maintained by the 3 remaining servers. -To distribute your Consul servers across availability zones, modify your infrastructure configuration with your infrastructure provider. No change is needed to your Consul server’s agent configuration. +To distribute your Consul servers across availability zones, modify your infrastructure configuration with your infrastructure provider. No change is needed to your Consul server's agent configuration. Additionally, you should leverage resources that can automatically restore your compute instance, such as autoscaling groups, virtual machine scale sets, or compute engine autoscaler. @@ -135,5 +135,5 @@ However, Consul redundancy zones can be used even without the backing of infrast For more information on redundancy zones, refer to: - [Redundancy zone documentation](/docs/enterprise/redundancy) for a more detailed explanation -- [Redundancy zone tutorial](https://learn.hashicorp.com/tutorials/consul/redundancy-zones?in=consul/enterprise) +- [Redundancy zone tutorial](/consul/tutorials/datacenter-operations/redundancy-zones?utm_source=docs) to learn how to use them diff --git a/website/content/docs/architecture/index.mdx b/website/content/docs/architecture/index.mdx index 5ef4d7222d..5c3d4c10c4 100644 --- a/website/content/docs/architecture/index.mdx +++ b/website/content/docs/architecture/index.mdx @@ -17,7 +17,7 @@ page documents the system architecture. [glossary](/docs/install/glossary) of terms to help clarify what is being discussed. -The architecture concepts in this document can be used with the [Reference Architecture guide](https://learn.hashicorp.com/tutorials/consul/reference-architecture?utm_source=consul.io&utm_medium=docs) when deploying Consul in production. +The architecture concepts in this document can be used with the [Reference Architecture guide](/consul/tutorials/production-deploy/reference-architecture?utm_source=docs) when deploying Consul in production. ## 10,000 foot view @@ -27,7 +27,7 @@ From a 10,000 foot altitude the architecture of Consul looks like this: Let's break down this image and describe each piece. First of all, we can see that there are two datacenters, labeled "one" and "two". Consul has first -class support for [multiple datacenters](https://learn.hashicorp.com/tutorials/consul/federation-gossip-wan) and +class support for [multiple datacenters](/consul/tutorials/networking/federation-gossip-wan?utm_source=docs) and expects this to be the common case. Within each datacenter, we have a mixture of clients and servers. It is expected @@ -67,7 +67,7 @@ an RPC request to the remote Consul servers for that resource and return the res If the remote datacenter is not available, then those resources will also not be available, but that won't otherwise affect the local datacenter. There are some special situations where a limited subset of data can be replicated, such as with Consul's built-in -[ACL replication](https://learn.hashicorp.com/tutorials/consul/access-control-replication-multiple-datacenters) capability, or +[ACL replication](/consul/tutorials/security-operations/access-control-replication-multiple-datacenters?utm_source=docs) capability, or external tools like [consul-replicate](https://github.com/hashicorp/consul-replicate). In some places, client agents may cache data from the servers to make it diff --git a/website/content/docs/concepts/service-discovery.mdx b/website/content/docs/concepts/service-discovery.mdx index 820e5b7681..f61b05d16e 100644 --- a/website/content/docs/concepts/service-discovery.mdx +++ b/website/content/docs/concepts/service-discovery.mdx @@ -24,7 +24,7 @@ Service discovery provides benefits for all organizations, ranging from simplifi ## How does a service mesh work? -Service discovery uses a service's identity instead of traditional access information (IP address and port). This allows you to dynamically map services and track any changes within a service catalog. Service consumers (users or other services) then use DNS to dynamically retrieve other service’s access information from the service catalog. The lifecycle of a service may look like the following: +Service discovery uses a service's identity instead of traditional access information (IP address and port). This allows you to dynamically map services and track any changes within a service catalog. Service consumers (users or other services) then use DNS to dynamically retrieve other service's access information from the service catalog. The lifecycle of a service may look like the following: A service consumer communicates with the “Web” service via a unique Consul DNS entry provided by the service catalog. @@ -79,7 +79,7 @@ You can implement service discovery systems across any type of infrastructure, w Consul is a service networking solution that lets you automate network configurations, discover services, and enable secure connectivity across any cloud or runtime. With these features, Consul helps you solve the complex networking and security challenges of operating microservices and cloud infrastructure (multi-cloud and hybrid cloud). You can use these features independently or together to achieve [zero trust](https://www.hashicorp.com/solutions/zero-trust-security) security. -Consul’s service discovery capabilities help you discover, track, and monitor the health of services within a network. Consul acts as a single source of truth that allows your services to query and communicate with each other. +Consul's service discovery capabilities help you discover, track, and monitor the health of services within a network. Consul acts as a single source of truth that allows your services to query and communicate with each other. You can use Consul with virtual machines (VMs), containers, serverless technologies, or with container orchestration platforms, such as [Nomad](https://www.nomadproject.io/) and Kubernetes. Consul is platform agnostic which makes it a great fit for all environments, including legacy platforms. @@ -91,6 +91,6 @@ Get started with service discovery today by leveraging Consul on HCP, Consul on Feel free to get started with Consul by exploring one of these Consul Learn tutorials: -[Getting Started with Consul on VMs](https://learn.hashicorp.com/collections/consul/getting-started) -[Getting Started with Consul on HCP](https://learn.hashicorp.com/collections/consul/cloud-get-started) -[Getting Started with Consul on Kubernetes](https://learn.hashicorp.com/collections/consul/gs-consul-service-mesh) \ No newline at end of file +[Getting Started with Consul on VMs](/consul/tutorials/getting-started?utm_source=docs) +[Getting Started with Consul on HCP](/consul/tutorials/cloud-get-started?utm_source=docs) +[Getting Started with Consul on Kubernetes](/consul/tutorials/gs-consul-service-mesh?utm_source=docs) \ No newline at end of file diff --git a/website/content/docs/concepts/service-mesh.mdx b/website/content/docs/concepts/service-mesh.mdx index 17fd93e269..b9189f5228 100644 --- a/website/content/docs/concepts/service-mesh.mdx +++ b/website/content/docs/concepts/service-mesh.mdx @@ -111,7 +111,7 @@ Consul is platform agnostic which makes it a great fit for all environments, inc Consul is available as a [self-install](/downloads) project or as a fully managed service mesh solution called [HCP Consul](https://portal.cloud.hashicorp.com/sign-in?utm_source=consul_docs). HCP Consul enables users to discover and securely connect services without the added operational burden of maintaining a service mesh on their own. -You can learn more about Consul by visiting the Consul Learn [tutorials](https://learn.hashicorp.com/consul). +You can learn more about Consul by visiting the Consul Learn [tutorials](/consul/tutorials?utm_source=docs). ## Next diff --git a/website/content/docs/connect/ca/vault.mdx b/website/content/docs/connect/ca/vault.mdx index e563a6d83d..a9955b1420 100644 --- a/website/content/docs/connect/ca/vault.mdx +++ b/website/content/docs/connect/ca/vault.mdx @@ -19,7 +19,7 @@ Please read the [certificate management overview](/docs/connect/ca) page first to understand how Consul manages certificates with configurable CA providers. --> **NOTE**: A Learn [tutorial](https://learn.hashicorp.com/tutorials/consul/vault-pki-consul-connect-ca?in=consul/vault-secure) is available to help you configure Vault as the Consul Connect service mesh Certification Authority. +-> **NOTE**: A Learn [tutorial](/consul/tutorials/vault-secure/vault-pki-consul-connect-ca?utm_source=docs) is available to help you configure Vault as the Consul Connect service mesh Certification Authority. ## Requirements diff --git a/website/content/docs/connect/cluster-peering/create-manage-peering.mdx b/website/content/docs/connect/cluster-peering/create-manage-peering.mdx index 009c60f409..61dd9bfe5a 100644 --- a/website/content/docs/connect/cluster-peering/create-manage-peering.mdx +++ b/website/content/docs/connect/cluster-peering/create-manage-peering.mdx @@ -159,7 +159,7 @@ Sources = [ -If the peer’s name is not specified in `Peer`, then Consul assumes that the service is in the local cluster. +If the peer's name is not specified in `Peer`, then Consul assumes that the service is in the local cluster. Then, add the configuration entry to your cluster. diff --git a/website/content/docs/connect/configuration.mdx b/website/content/docs/connect/configuration.mdx index 43d646f22a..be645da8e7 100644 --- a/website/content/docs/connect/configuration.mdx +++ b/website/content/docs/connect/configuration.mdx @@ -74,7 +74,7 @@ via API. !> **Security note:** Enabling Connect is enough to try the feature but doesn't automatically ensure complete security. Please read the [Connect production -tutorial](https://learn.hashicorp.com/tutorials/consul/service-mesh-production-checklist) to understand the additional steps +tutorial](/consul/tutorials/developer-mesh/service-mesh-production-checklist?utm_source=docs) to understand the additional steps needed for a secure deployment. ## Centralized Proxy and Service Configuration diff --git a/website/content/docs/connect/connect-internals.mdx b/website/content/docs/connect/connect-internals.mdx index eeadaacc8f..79b78d8b6c 100644 --- a/website/content/docs/connect/connect-internals.mdx +++ b/website/content/docs/connect/connect-internals.mdx @@ -15,7 +15,7 @@ but this information will help you understand how Consul service mesh behaves in Consul Connect is the component shipped with Consul that enables service mesh functionality. The terms _Consul Connect_ and _Consul service mesh_ are used interchangeably throughout this documentation. To try service mesh locally, complete the [Getting Started with Consul service -mesh](https://learn.hashicorp.com/tutorials/consul/service-mesh?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) +mesh](/consul/tutorials/gs-consul-service-mesh/service-mesh?utm_source=docs) tutorial. ## Mutual Transport Layer Security (mTLS) @@ -97,7 +97,7 @@ a long period of inactivity (3 days by default), the cache will empty itself. A sidecar proxy's [upstream configuration](/docs/connect/registration/service-registration#upstream-configuration-reference) may specify an alternative datacenter or a prepared query that can address services -in multiple datacenters (such as the [geo failover](https://learn.hashicorp.com/tutorials/consul/automate-geo-failover) pattern). +in multiple datacenters (such as the [geo failover](/consul/tutorials/developer-discovery/automate-geo-failover?utm_source=docs) pattern). [Intentions](/docs/connect/intentions) verify connections between services by source and destination name seamlessly across datacenters. diff --git a/website/content/docs/connect/connectivity-tasks.mdx b/website/content/docs/connect/connectivity-tasks.mdx index dbf77d5820..19587ca9aa 100644 --- a/website/content/docs/connect/connectivity-tasks.mdx +++ b/website/content/docs/connect/connectivity-tasks.mdx @@ -7,7 +7,7 @@ description: >- # Connectivity Tasks -~> **Note**: The features shown below are extensions of Consul’s service mesh capabilities. If you are not utilizing +~> **Note**: The features shown below are extensions of Consul's service mesh capabilities. If you are not utilizing Consul service mesh then these features will not be relevant to your task. ## Service-to-service traffic between Consul datacenters @@ -26,7 +26,7 @@ As of Consul 1.8.0, mesh gateways can also forward gossip and RPC traffic betwee This is enabled by [WAN federation via mesh gateways](/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways). For more information about mesh gateways, review the [complete documentation](/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters) -and the [mesh gateway tutorial](https://learn.hashicorp.com/tutorials/consul/service-mesh-gateways). +and the [mesh gateway tutorial](/consul/tutorials/developer-mesh/service-mesh-gateways?utm_source=docs). ![Mesh Gateway Architecture](/img/mesh-gateways.png) @@ -40,11 +40,11 @@ services outside the Consul service mesh to services inside the service mesh. These gateways allow you to define what services should be exposed, on what port, and by what hostname. You configure an ingress gateway by defining a set of listeners that can map to different sets of backing services. -Ingress gateways are tightly integrated with Consul’s L7 configuration and enable dynamic routing of HTTP requests by +Ingress gateways are tightly integrated with Consul's L7 configuration and enable dynamic routing of HTTP requests by attributes like the request path. For more information about ingress gateways, review the [complete documentation](/docs/connect/gateways/ingress-gateway) -and the [ingress gateway tutorial](https://learn.hashicorp.com/tutorials/consul/service-mesh-gateways). +and the [ingress gateway tutorial](/consul/tutorials/developer-mesh/service-mesh-gateways?utm_source=docs). ![Ingress Gateway Architecture](/img/ingress-gateways.png) @@ -60,11 +60,11 @@ infrastructure you do not control. Terminating gateways effectively act as egress proxies that can represent one or more services. They terminate Connect mTLS connections, enforce Consul intentions, and forward requests to the appropriate destination. -These gateways also simplify authorization from dynamic service addresses. Consul’s intentions determine whether +These gateways also simplify authorization from dynamic service addresses. Consul's intentions determine whether connections through the gateway are authorized. Then traditional tools like firewalls or IAM roles can authorize the connections from the known gateway nodes to the destination services. For more information about terminating gateways, review the [complete documentation](/docs/connect/gateways/terminating-gateway) -and the [terminating gateway tutorial](https://learn.hashicorp.com/tutorials/consul/teminating-gateways-connect-external-services). +and the [terminating gateway tutorial](/consul/tutorials/developer-mesh/terminating-gateways-connect-external-services?utm_source=docs). ![Terminating Gateway Architecture](/img/terminating-gateways.png) diff --git a/website/content/docs/connect/gateways/index.mdx b/website/content/docs/connect/gateways/index.mdx index c7afa60896..9dc43e3aed 100644 --- a/website/content/docs/connect/gateways/index.mdx +++ b/website/content/docs/connect/gateways/index.mdx @@ -31,7 +31,7 @@ Mesh gateways enable the following scenarios: - **Service-to-service communication across datacenters**. Refer to [Enabling Service-to-service Traffic Across Datacenters](/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters) for additional information. - **Service-to-service communication across admin partitions**. Since Consul 1.11.0, you can create administrative boundaries for single Consul deployments called "admin partitions". You can use mesh gateways to facilitate cross-partition communication. Refer to [Enabling Service-to-service Traffic Across Admin Partitions](/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions) for additional information. --> **Mesh gateway tutorial**: Follow the [mesh gateway tutorial](https://learn.hashicorp.com/tutorials/consul/service-mesh-gateways) to learn concepts associated with mesh gateways. +-> **Mesh gateway tutorial**: Follow the [mesh gateway tutorial](/consul/tutorials/developer-mesh/service-mesh-gateways?utm_source=docs) to learn concepts associated with mesh gateways. ## Ingress Gateways @@ -44,11 +44,11 @@ to services in the mesh. To accept ingress traffic from the public internet, use These gateways allow you to define what services should be exposed, on what port, and by what hostname. You configure an ingress gateway by defining a set of listeners that can map to different sets of backing services. -Ingress gateways are tightly integrated with Consul’s L7 configuration and enable dynamic routing of HTTP requests by +Ingress gateways are tightly integrated with Consul's L7 configuration and enable dynamic routing of HTTP requests by attributes like the request path. For more information about ingress gateways, review the [complete documentation](/docs/connect/gateways/ingress-gateway) -and the [ingress gateway tutorial](https://learn.hashicorp.com/tutorials/consul/service-mesh-ingress-gateways). +and the [ingress gateway tutorial](/consul/tutorials/developer-mesh/service-mesh-ingress-gateways?utm_source=docs). ![Ingress Gateway Architecture](/img/ingress-gateways.png) @@ -65,11 +65,11 @@ infrastructure you do not control. Terminating gateways effectively act as egress proxies that can represent one or more services. They terminate Connect mTLS connections, enforce Consul intentions, and forward requests to the appropriate destination. -These gateways also simplify authorization from dynamic service addresses. Consul’s intentions determine whether +These gateways also simplify authorization from dynamic service addresses. Consul's intentions determine whether connections through the gateway are authorized. Then traditional tools like firewalls or IAM roles can authorize the connections from the known gateway nodes to the destination services. For more information about terminating gateways, review the [complete documentation](/docs/connect/gateways/terminating-gateway) -and the [terminating gateway tutorial](https://learn.hashicorp.com/tutorials/consul/teminating-gateways-connect-external-services). +and the [terminating gateway tutorial](/consul/tutorials/developer-mesh/terminating-gateways-connect-external-services?utm_source=docs). ![Terminating Gateway Architecture](/img/terminating-gateways.png) diff --git a/website/content/docs/connect/gateways/ingress-gateway.mdx b/website/content/docs/connect/gateways/ingress-gateway.mdx index 62ceffb7cd..52c26a4263 100644 --- a/website/content/docs/connect/gateways/ingress-gateway.mdx +++ b/website/content/docs/connect/gateways/ingress-gateway.mdx @@ -48,7 +48,7 @@ Currently, [Envoy](https://www.envoyproxy.io/) is the only proxy with ingress ga ## Running and Using an Ingress Gateway For a complete example of how to allow external traffic inside your Consul service mesh, -review the [ingress gateway tutorial](https://learn.hashicorp.com/tutorials/consul/service-mesh-ingress-gateways). +review the [ingress gateway tutorial](/consul/tutorials/developer-mesh/service-mesh-ingress-gateways?utm_source=docs). ## Ingress Gateway Configuration diff --git a/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters.mdx b/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters.mdx index a830fee8fa..731a12eab6 100644 --- a/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters.mdx +++ b/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters.mdx @@ -20,7 +20,7 @@ The following diagram describes the architecture for using mesh gateways for cro ![Mesh Gateway Architecture](/img/mesh-gateways.png) --> **Mesh Gateway Tutorial**: Follow the [mesh gateway tutorial](https://learn.hashicorp.com/tutorials/consul/service-mesh-gateways) to learn important concepts associated with using mesh gateways for connecting services across datacenters. +-> **Mesh Gateway Tutorial**: Follow the [mesh gateway tutorial](/consul/tutorials/developer-mesh/service-mesh-gateways?utm_source=docs) to learn important concepts associated with using mesh gateways for connecting services across datacenters. ## Prerequisites @@ -32,7 +32,7 @@ Ensure that your Consul environment meets the following requirements. * A local Consul agent is required to manage its configuration. * Consul [Connect](/docs/agent/config/config-files#connect) must be enabled in both datacenters. * Each [datacenter](/docs/agent/config/config-files#datacenter) must have a unique name. -* Each datacenters must be [WAN joined](https://learn.hashicorp.com/tutorials/consul/federation-gossip-wan). +* Each datacenters must be [WAN joined](/consul/tutorials/networking/federation-gossip-wan?utm_source=docs). * The [primary datacenter](/docs/agent/config/config-files#primary_datacenter) must be set to the same value in both datacenters. This specifies which datacenter is the authority for Connect certificates and is required for services in all datacenters to establish mutual TLS with each other. * [gRPC](/docs/agent/config/config-files#grpc_port) must be enabled. * If you want to [enable gateways globally](/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters#enabling-gateways-globally) you must enable [centralized configuration](/docs/agent/config/config-files#enable_central_service_config). diff --git a/website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx b/website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx index fe91882ca2..1ba8cedeca 100644 --- a/website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx +++ b/website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx @@ -15,7 +15,7 @@ WAN federation via mesh gateways allows for Consul servers in different datacent to be federated exclusively through mesh gateways. When setting up a -[multi-datacenter](https://learn.hashicorp.com/tutorials/consul/federation-gossip-wan) +[multi-datacenter](/consul/tutorials/networking/federation-gossip-wan?utm_source=docs) Consul cluster, operators must ensure that all Consul servers in every datacenter must be directly connectable over their WAN-advertised network address from each other. @@ -63,7 +63,7 @@ means you could introduce a set of firewall rules prohibiting `10.0.0.0/24` from sending any traffic at all to `10.1.2.0/24` for security isolation. You may already have configured [mesh -gateways](https://learn.hashicorp.com/tutorials/consul/service-mesh-gateways) +gateways](/consul/tutorials/developer-mesh/service-mesh-gateways?utm_source=docs) to allow for services in the service mesh to freely connect between datacenters regardless of the lateral connectivity of the nodes hosting the Consul client agents. @@ -102,7 +102,7 @@ each datacenter otherwise the WAN will become only partly connected. There are a few necessary additional pieces of configuration beyond those required for standing up a -[multi-datacenter](https://learn.hashicorp.com/tutorials/consul/federation-gossip-wan) +[multi-datacenter](/consul/tutorials/networking/federation-gossip-wan?utm_source=docs) Consul cluster. Consul servers in the _primary_ datacenter should add this snippet to the diff --git a/website/content/docs/connect/gateways/terminating-gateway.mdx b/website/content/docs/connect/gateways/terminating-gateway.mdx index 6a5b557ece..5fe1ebcfed 100644 --- a/website/content/docs/connect/gateways/terminating-gateway.mdx +++ b/website/content/docs/connect/gateways/terminating-gateway.mdx @@ -19,7 +19,7 @@ and forward requests to the appropriate destination. ![Terminating Gateway Architecture](/img/terminating-gateways.png) For additional use cases and usage patterns, review the tutorial for -[understanding terminating gateways](https://learn.hashicorp.com/tutorials/consul/service-mesh-terminating-gateways). +[understanding terminating gateways](/consul/tutorials/developer-mesh/service-mesh-terminating-gateways?utm_source=docs). ~> **Known limitations:** Terminating gateways currently do not support targeting service subsets with [L7 configuration](/docs/connect/l7-traffic). They route to all instances of a service with no capabilities @@ -79,7 +79,7 @@ a terminating gateway as long as they discover upstreams with the ## Running and Using a Terminating Gateway For a complete example of how to enable connections from services in the Consul service mesh to -services outside the mesh, review the [terminating gateway tutorial](https://learn.hashicorp.com/tutorials/consul/teminating-gateways-connect-external-services). +services outside the mesh, review the [terminating gateway tutorial](/consul/tutorials/developer-mesh/terminating-gateways-connect-external-services?utm_source=docs). ## Terminating Gateway Configuration @@ -129,4 +129,4 @@ After you define a service-defaults configuration entry for each destination, yo If a service and a destination service-defaults have the same name, the terminating gateway will use the service. For a complete example of how to register external services review the -[external services tutorial](https://learn.hashicorp.com/tutorials/consul/service-registration-external-services). +[external services tutorial](/consul/tutorials/developer-discovery/service-registration-external-services?utm_source=docs). diff --git a/website/content/docs/connect/index.mdx b/website/content/docs/connect/index.mdx index 68a0ee1e70..fc6fe9fa99 100644 --- a/website/content/docs/connect/index.mdx +++ b/website/content/docs/connect/index.mdx @@ -51,24 +51,24 @@ applications can also send open tracing data through Envoy. There are several ways to try Connect in different environments. -- The [Getting Started with Consul Service Mesh collection](https://learn.hashicorp.com/tutorials/consul/service-mesh?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) +- The [Getting Started with Consul Service Mesh collection](/consul/tutorials/gs-consul-service-mesh/service-mesh?utm_source=docs) walks you through installing Consul as service mesh for Kubernetes using the Helm chart, deploying services in the service mesh, and using intentions to secure service communications. -- The [Getting Started With Consul Service Mesh for Kubernetes](https://learn.hashicorp.com/tutorials/consul/service-mesh-deploy?in=consul/gs-consul-service-mesh?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) guide walks you through installing Consul on Kubernetes to set up a service mesh for establishing communication between Kubernetes services. +- The [Getting Started With Consul Service Mesh for Kubernetes](/consul/tutorials/gs-consul-service-mesh/service-mesh-deploy?utm_source=docs) guide walks you through installing Consul on Kubernetes to set up a service mesh for establishing communication between Kubernetes services. -- The [Secure Service-to-Service Communication tutorial](https://learn.hashicorp.com/tutorials/consul/service-mesh-with-envoy-proxy?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) +- The [Secure Service-to-Service Communication tutorial](/consul/tutorials/developer-mesh/service-mesh-with-envoy-proxy?utm_source=docs) is a simple walk through of connecting two services on your local machine using Consul Connect's built-in proxy and configuring your first intention. The guide also includes an introduction to using Envoy as the Connect sidecar proxy. -- The [Kubernetes tutorial](https://learn.hashicorp.com/tutorials/consul/kubernetes-minikube?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) +- The [Kubernetes tutorial](/consul/tutorials/kubernetes/kubernetes-minikube?utm_source=docs) walks you through configuring Consul Connect in Kubernetes using the Helm chart, and using intentions. You can run the guide on Minikube or an existing Kubernetes cluster. -- The [observability tutorial](https://learn.hashicorp.com/tutorials/consul/kubernetes-layer7-observability?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) +- The [observability tutorial](/consul/tutorials/service-mesh-observability/kubernetes-layer7-observability?utm_source=docs) shows how to deploy a basic metrics collection and visualization pipeline on a Minikube or Kubernetes cluster using the official Helm charts for Consul, Prometheus, and Grafana. diff --git a/website/content/docs/connect/proxies/envoy.mdx b/website/content/docs/connect/proxies/envoy.mdx index 7ada5b6fd0..2de5434688 100644 --- a/website/content/docs/connect/proxies/envoy.mdx +++ b/website/content/docs/connect/proxies/envoy.mdx @@ -46,7 +46,7 @@ Envoy 1.16.x and older releases are no longer supported (see [HCSEC-2022-07](htt ## Getting Started To get started with Envoy and see a working example you can follow the [Using -Envoy with Connect](https://learn.hashicorp.com/tutorials/consul/service-mesh-with-envoy-proxy) tutorial. +Envoy with Connect](/consul/tutorials/developer-mesh/service-mesh-with-envoy-proxy?utm_source=docs) tutorial. ## Configuration diff --git a/website/content/docs/connect/registration/sidecar-service.mdx b/website/content/docs/connect/registration/sidecar-service.mdx index 482d49fd81..80c798323f 100644 --- a/website/content/docs/connect/registration/sidecar-service.mdx +++ b/website/content/docs/connect/registration/sidecar-service.mdx @@ -16,9 +16,6 @@ To simplify the configuration experience when deploying a sidecar for a service instance, Consul 1.3 introduced a new field in the Connect block of the [service definition](/docs/discovery/services). -To deploy a service and sidecar proxy locally, complete the -[Getting Started guide](https://learn.hashicorp.com/tutorials/consul/get-started-service-networking?utm_source=consul.io&utm_medium=docs). - The `connect.sidecar_service` field is a complete nested service definition on which almost any regular service definition field can be set. The exceptions are [noted below](#limitations). If used, the service definition is treated diff --git a/website/content/docs/connect/security.mdx b/website/content/docs/connect/security.mdx index 7c6e8d009c..d350d7f957 100644 --- a/website/content/docs/connect/security.mdx +++ b/website/content/docs/connect/security.mdx @@ -12,9 +12,9 @@ description: |- Connect enables secure service-to-service communication over mutual TLS. This provides both in-transit data encryption as well as authorization. This page will document how to secure Connect. To try Connect locally, complete the -[Getting Started guide](https://learn.hashicorp.com/tutorials/consul/service-mesh?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) or for a full security model reference, +[Getting Started guide](/consul/tutorials/gs-consul-service-mesh/service-mesh?utm_source=docs) or for a full security model reference, see the dedicated [Consul security model](/docs/security) page. When -setting up Connect in production, review this [tutorial](https://learn.hashicorp.com/tutorials/consul/service-mesh-production-checklist?utm_source=consul.io&utm_medium=docs). +setting up Connect in production, review this [tutorial](/consul/tutorials/developer-mesh/service-mesh-production-checklist?utm_source=docs). Connect will function in any Consul configuration. However, unless the checklist below is satisfied, Connect is not providing the security guarantees it was @@ -36,7 +36,7 @@ configuration also forces all service-to-service communication to be explicitly allowed via an allow [intention](/docs/connect/intentions). To learn how to enable ACLs, please see the -[tutorial on ACLs](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production). +[tutorial on ACLs](/consul/tutorials/security/access-control-setup-production?utm_source=docs). **If ACLs are enabled but are in default allow mode**, then services will be able to communicate by default. Additionally, if a proper anonymous token diff --git a/website/content/docs/discovery/checks.mdx b/website/content/docs/discovery/checks.mdx index 1b4c4faf4b..6a65037dc1 100644 --- a/website/content/docs/discovery/checks.mdx +++ b/website/content/docs/discovery/checks.mdx @@ -13,8 +13,148 @@ description: >- One of the primary roles of the agent is management of system-level and application-level health checks. A health check is considered to be application-level if it is associated with a service. If not associated with a service, the check monitors the health of the entire node. +Review the [health checks tutorial](/consul/tutorials/developer-discovery/service-registration-health-checks?utm_source=docs) +to get a more complete example on how to leverage health check capabilities in Consul. -Review the [service health checks tutorial](https://learn.hashicorp.com/tutorials/consul/service-registration-health-checks) +A check is defined in a configuration file or added at runtime over the HTTP interface. Checks +created via the HTTP interface persist with that node. + +There are several different kinds of checks: + +- Script + Interval - These checks depend on invoking an external application + that performs the health check, exits with an appropriate exit code, and potentially + generates some output. A script is paired with an invocation interval (e.g. + every 30 seconds). This is similar to the Nagios plugin system. The output of + a script check is limited to 4KB. Output larger than this will be truncated. + By default, Script checks will be configured with a timeout equal to 30 seconds. + It is possible to configure a custom Script check timeout value by specifying the + `timeout` field in the check definition. When the timeout is reached on Windows, + Consul will wait for any child processes spawned by the script to finish. For any + other system, Consul will attempt to force-kill the script and any child processes + it has spawned once the timeout has passed. + In Consul 0.9.0 and later, script checks are not enabled by default. To use them you + can either use : + + - [`enable_local_script_checks`](/docs/agent/config/cli-flags#_enable_local_script_checks): + enable script checks defined in local config files. Script checks defined via the HTTP + API will not be allowed. + - [`enable_script_checks`](/docs/agent/config/cli-flags#_enable_script_checks): enable + script checks regardless of how they are defined. + + ~> **Security Warning:** Enabling script checks in some configurations may + introduce a remote execution vulnerability which is known to be targeted by + malware. We strongly recommend `enable_local_script_checks` instead. See [this + blog post](https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations) + for more details. + +- `HTTP + Interval` - These checks make an HTTP `GET` request to the specified URL, + waiting the specified `interval` amount of time between requests (eg. 30 seconds). + The status of the service depends on the HTTP response code: any `2xx` code is + considered passing, a `429 Too ManyRequests` is a warning, and anything else is + a failure. This type of check + should be preferred over a script that uses `curl` or another external process + to check a simple HTTP operation. By default, HTTP checks are `GET` requests + unless the `method` field specifies a different method. Additional header + fields can be set through the `header` field which is a map of lists of + strings, e.g. `{"x-foo": ["bar", "baz"]}`. By default, HTTP checks will be + configured with a request timeout equal to 10 seconds. + + It is possible to configure a custom HTTP check timeout value by + specifying the `timeout` field in the check definition. The output of the + check is limited to roughly 4KB. Responses larger than this will be truncated. + HTTP checks also support TLS. By default, a valid TLS certificate is expected. + Certificate verification can be turned off by setting the `tls_skip_verify` + field to `true` in the check definition. When using TLS, the SNI will be set + automatically from the URL if it uses a hostname (as opposed to an IP address); + the value can be overridden by setting `tls_server_name`. + + Consul follows HTTP redirects by default. Set the `disable_redirects` field to + `true` to disable redirects. + +- `TCP + Interval` - These checks make a TCP connection attempt to the specified + IP/hostname and port, waiting `interval` amount of time between attempts + (e.g. 30 seconds). If no hostname + is specified, it defaults to "localhost". The status of the service depends on + whether the connection attempt is successful (ie - the port is currently + accepting connections). If the connection is accepted, the status is + `success`, otherwise the status is `critical`. In the case of a hostname that + resolves to both IPv4 and IPv6 addresses, an attempt will be made to both + addresses, and the first successful connection attempt will result in a + successful check. This type of check should be preferred over a script that + uses `netcat` or another external process to check a simple socket operation. + By default, TCP checks will be configured with a request timeout of 10 seconds. + It is possible to configure a custom TCP check timeout value by specifying the + `timeout` field in the check definition. + +- `UDP + Interval` - These checks direct the client to periodically send UDP datagrams + to the specified IP/hostname and port. The duration specified in the `interval` field sets the amount of time + between attempts, such as `30s` to indicate 30 seconds. The check is logged as healthy if any response from the UDP server is received. Any other result sets the status to `critical`. + The default interval for, UDP checks is `10s`, but you can configure a custom UDP check timeout value by specifying the + `timeout` field in the check definition. If any timeout on read exists, the check is still considered healthy. + +- `Time to Live (TTL)` ((#ttl)) - These checks retain their last known state + for a given TTL. The state of the check must be updated periodically over the HTTP + interface. If an external system fails to update the status within a given TTL, + the check is set to the failed state. This mechanism, conceptually similar to a + dead man's switch, relies on the application to directly report its health. For + example, a healthy app can periodically `PUT` a status update to the HTTP endpoint; + if the app fails, the TTL will expire and the health check enters a critical state. + The endpoints used to update health information for a given check are: [pass](/api-docs/agent/check#ttl-check-pass), + [warn](/api-docs/agent/check#ttl-check-warn), [fail](/api-docs/agent/check#ttl-check-fail), + and [update](/api-docs/agent/check#ttl-check-update). TTL checks also persist their + last known status to disk. This allows the Consul agent to restore the last known + status of the check across restarts. Persisted check status is valid through the + end of the TTL from the time of the last check. + +- `Docker + Interval` - These checks depend on invoking an external application which + is packaged within a Docker Container. The application is triggered within the running + container via the Docker Exec API. We expect that the Consul agent user has access + to either the Docker HTTP API or the unix socket. Consul uses `$DOCKER_HOST` to + determine the Docker API endpoint. The application is expected to run, perform a health + check of the service running inside the container, and exit with an appropriate exit code. + The check should be paired with an invocation interval. The shell on which the check + has to be performed is configurable which makes it possible to run containers which + have different shells on the same host. Check output for Docker is limited to + 4KB. Any output larger than this will be truncated. In Consul 0.9.0 and later, the agent + must be configured with [`enable_script_checks`](/docs/agent/config/cli-flags#_enable_script_checks) + set to `true` in order to enable Docker health checks. + +- `gRPC + Interval` - These checks are intended for applications that support the standard + [gRPC health checking protocol](https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + The state of the check will be updated by probing the configured endpoint, waiting `interval` + amount of time between probes (eg. 30 seconds). By default, gRPC checks will be configured + with a default timeout of 10 seconds. + It is possible to configure a custom timeout value by specifying the `timeout` field in + the check definition. gRPC checks will default to not using TLS, but TLS can be enabled by + setting `grpc_use_tls` in the check definition. If TLS is enabled, then by default, a valid + TLS certificate is expected. Certificate verification can be turned off by setting the + `tls_skip_verify` field to `true` in the check definition. + To check on a specific service instead of the whole gRPC server, add the service identifier after the `gRPC` check's endpoint in the following format `/:service_identifier`. + +- `H2ping + Interval` - These checks test an endpoint that uses http2 + by connecting to the endpoint and sending a ping frame. TLS is assumed to be configured by default. + To disable TLS and use h2c, set `h2ping_use_tls` to `false`. If the ping is successful + within a specified timeout, then the check is updated as passing. + The timeout defaults to 10 seconds, but is configurable using the `timeout` field. If TLS is enabled a valid + certificate is required, unless `tls_skip_verify` is set to `true`. + The check will be run on the interval specified by the `interval` field. + +- `Alias` - These checks alias the health state of another registered + node or service. The state of the check will be updated asynchronously, but is + nearly instant. For aliased services on the same agent, the local state is monitored + and no additional network resources are consumed. For other services and nodes, + the check maintains a blocking query over the agent's connection with a current + server and allows stale requests. If there are any errors in watching the aliased + node or service, the check state will be critical. For the blocking query, the + check will use the ACL token set on the service or check definition or otherwise + will fall back to the default ACL token set with the agent (`acl_token`). + +## Check Definition + +A script check: +======= + +Review the [service health checks tutorial](/consul/tutorials/developer-discovery/service-registration-health-checks?utm_source=docs) to get a more complete example on how to leverage health check capabilities in Consul. ## Registering a health check diff --git a/website/content/docs/discovery/dns.mdx b/website/content/docs/discovery/dns.mdx index b50e8deeeb..211e81a719 100644 --- a/website/content/docs/discovery/dns.mdx +++ b/website/content/docs/discovery/dns.mdx @@ -35,7 +35,7 @@ as the DNS server for a node and provide a [`recursors`](/docs/agent/config/config-files#recursors) configuration so that non-Consul queries can also be resolved. The last method is to forward all queries for the "consul." domain to a Consul agent from the existing DNS server. Review the -[DNS Forwarding tutorial](https://learn.hashicorp.com/tutorials/consul/dns-forwarding?utm_source=consul.io&utm_medium=docs) for examples. +[DNS Forwarding tutorial](/consul/tutorials/networking/dns-forwarding?utm_source=docs) for examples. You can experiment with Consul's DNS server on the command line using tools such as `dig`: @@ -469,7 +469,7 @@ as there is no way for the query to specify a domain. By default, all DNS results served by Consul set a 0 TTL value. This disables caching of DNS results. However, there are many situations in which caching is desirable for performance and scalability. This is discussed more in the tutorial -for [DNS caching](https://learn.hashicorp.com/tutorials/consul/dns-caching). +for [DNS caching](/consul/tutorials/networking/dns-caching?utm_source=docs). ## WAN Address Translation @@ -540,5 +540,5 @@ DNS lookups and required policies when ACLs are enabled: For guidance on how to configure an appropriate token for DNS, refer to the securing Consul with ACLs guides for: -- [Production Environments](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production#token-for-dns) -- [Development Environments](https://learn.hashicorp.com/tutorials/consul/access-control-setup#additional-acl-configuration) +- [Production Environments](/consul/tutorials/security/access-control-setup-production?utm_source=docs#token-for-dns) +- [Development Environments](/consul/tutorials/day-0/access-control-setup?utm_source=docs#enable-acls-on-consul-clients) diff --git a/website/content/docs/discovery/services.mdx b/website/content/docs/discovery/services.mdx index bb0068b1ab..1fd0c938b8 100644 --- a/website/content/docs/discovery/services.mdx +++ b/website/content/docs/discovery/services.mdx @@ -19,7 +19,7 @@ a health check. A health check associated with a service is considered to be an application-level check. Define services in a configuration file or add it at runtime using the HTTP interface. -Complete the [Getting Started tutorials](https://learn.hashicorp.com/tutorials/consul/get-started-service-discovery?utm_source=consul.io&utm_medium=docs) to get hands-on experience registering a simple service with a health check on your local machine. +Complete the [Getting Started tutorials](/consul/tutorials/getting-started/get-started-service-discovery?utm_source=docs) to get hands-on experience registering a simple service with a health check on your local machine. ## Service Definition diff --git a/website/content/docs/dynamic-app-config/kv.mdx b/website/content/docs/dynamic-app-config/kv.mdx index 5d45760669..7c26a7035a 100644 --- a/website/content/docs/dynamic-app-config/kv.mdx +++ b/website/content/docs/dynamic-app-config/kv.mdx @@ -16,13 +16,13 @@ similarities to one. The Consul KV datastore is located on the servers, but can be accessed by any agent (client or server). The natively integrated [RPC functionality](/docs/architecture) allows clients to forward -requests to servers, including key/value reads and writes. Part of Consul’s +requests to servers, including key/value reads and writes. Part of Consul's core design allows data to be replicated automatically across all the servers. Having a quorum of servers will decrease the risk of data loss if an outage occurs. If you have not used Consul KV, check out this [Getting Started -tutorial](https://learn.hashicorp.com/tutorials/consul/get-started-key-value-store?utm_source=consul.io&utm_medium=docs) on HashiCorp +tutorial](/consul/tutorials/getting-started/get-started-key-value-store?utm_source=docs) on HashiCorp Learn. ## Accessing the KV store @@ -30,7 +30,7 @@ Learn. The KV store can be accessed by the [consul kv CLI subcommands](/commands/kv), [HTTP API](/api-docs/kv), and Consul UI. To restrict access, enable and configure -[ACLs](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production). +[ACLs](/consul/tutorials/security/access-control-setup-production?utm_source=docs). Once the ACL system has been bootstrapped, users and services, will need a valid token with KV [privileges](/docs/security/acl/acl-rules#key-value-rules) to access the the data store, this includes even reads. We recommend creating a @@ -67,7 +67,7 @@ using the API and in shell scripts. If you plan to use Consul KV as part of your configuration management process review the [Consul -Template](https://learn.hashicorp.com/tutorials/consul/consul-template) +Template](/consul/tutorials/developer-configuration/consul-template?utm_source=docs) tutorial on how to update configuration based on value updates in the KV. Consul Template is based on Go Templates and allows for a series of scripted actions to be initiated on value changes to a Consul key. @@ -89,10 +89,10 @@ increment to the `LockIndex` and the session value is updated to reflect the session holding the lock. Review the session documentation for more information on the [integration](/docs/dynamic-app-config/sessions#k-v-integration). -Review the following tutorials to learn how to use Consul sessions for [application leader election](https://learn.hashicorp.com/tutorials/consul/application-leader-elections) and -to [build distributed semaphores](https://learn.hashicorp.com/tutorials/consul/distributed-semaphore). +Review the following tutorials to learn how to use Consul sessions for [application leader election](/consul/tutorials/developer-configuration/application-leader-elections?utm_source=docs) and +to [build distributed semaphores](/consul/tutorials/developer-configuration/distributed-semaphore?utm_source=docs). ### Vault If you plan to use Consul KV as a backend for Vault, please review [this -tutorial](https://learn.hashicorp.com/tutorials/vault/ha-with-consul). +tutorial](/vault/tutorials/day-one-consul/ha-with-consul?utm_source=docs). diff --git a/website/content/docs/dynamic-app-config/sessions.mdx b/website/content/docs/dynamic-app-config/sessions.mdx index 05251d3886..133f455067 100644 --- a/website/content/docs/dynamic-app-config/sessions.mdx +++ b/website/content/docs/dynamic-app-config/sessions.mdx @@ -139,7 +139,7 @@ the goal of Consul to protect against misbehaving clients. The primitives provided by sessions and the locking mechanisms of the KV store can be used to build client-side leader election algorithms. -These are covered in more detail in the [Leader Election guide](https://learn.hashicorp.com/tutorials/consul/application-leader-elections). +These are covered in more detail in the [Leader Election guide](/consul/tutorials/developer-configuration/application-leader-elections?utm_source=docs). ## Prepared Query Integration diff --git a/website/content/docs/ecs/architecture.mdx b/website/content/docs/ecs/architecture.mdx index e09223eaa1..8defd7306a 100644 --- a/website/content/docs/ecs/architecture.mdx +++ b/website/content/docs/ecs/architecture.mdx @@ -52,7 +52,7 @@ This diagram shows the timeline of a task starting up and all its containers: permissions for the service and its sidecar proxy. This token is written to a shared volume for use by the `health-sync` container. - It registers the service for the current task and its sidecar proxy with Consul. - - It runs `consul connect envoy -bootstrap` to generate Envoy’s bootstrap JSON file and + - It runs `consul connect envoy -bootstrap` to generate Envoy's bootstrap JSON file and writes it to a shared volume. - **T1:** The following containers start: - `sidecar-proxy` starts using a custom entrypoint command, `consul-ecs envoy-entrypoint`. diff --git a/website/content/docs/ecs/index.mdx b/website/content/docs/ecs/index.mdx index 73c1cbf812..7e91d88afb 100644 --- a/website/content/docs/ecs/index.mdx +++ b/website/content/docs/ecs/index.mdx @@ -31,8 +31,8 @@ For a detailed architecture overview, see the [Architecture](/docs/ecs/architect There are several ways to get started with Consul with ECS. -* The [Serverless Consul Service Mesh with ECS and HCP](https://learn.hashicorp.com/tutorials/cloud/consul-ecs-hcp?in=consul/cloud-integrations) learn guide shows how to use Terraform to run Consul service mesh applications on ECS with managed Consul servers running in HashiCorp Cloud Platform (HCP). -* The [Service Mesh with ECS and Consul on EC2](https://learn.hashicorp.com/tutorials/consul/consul-ecs-ec2?in=consul/cloud-integrations) learn guide shows how to use Terraform to run Consul service mesh applications on ECS with Consul servers running on EC2 instances. +* The [Serverless Consul Service Mesh with ECS and HCP](/consul/tutorials/cloud-integrations/consul-ecs-hcp?utm_source=docs) learn guide shows how to use Terraform to run Consul service mesh applications on ECS with managed Consul servers running in HashiCorp Cloud Platform (HCP). +* The [Service Mesh with ECS and Consul on EC2](/consul/tutorials/cloud-integrations/consul-ecs-ec2?utm_source=docs) learn guide shows how to use Terraform to run Consul service mesh applications on ECS with Consul servers running on EC2 instances. * The [Consul with Dev Server on Fargate](https://registry.terraform.io/modules/hashicorp/consul-ecs/aws/latest/examples/dev-server-fargate) example installation deploys a sample application in ECS using the Fargate launch type. * The [Consul with Dev Server on EC2](https://registry.terraform.io/modules/hashicorp/consul-ecs/aws/latest/examples/dev-server-ec2) example installation deploys a sample application in ECS using the EC2 launch type. diff --git a/website/content/docs/ecs/manual/acl-controller.mdx b/website/content/docs/ecs/manual/acl-controller.mdx index 28c91bd979..d2a847ecf5 100644 --- a/website/content/docs/ecs/manual/acl-controller.mdx +++ b/website/content/docs/ecs/manual/acl-controller.mdx @@ -13,7 +13,7 @@ This topic describes how to manually deploy the ACL controller, which will autom * Your application tasks must include certain tags to be compatible with the ACL controller. Refer to the [Task Tags](/docs/ecs/manual/install#task-tags) section of the installation page. -* You should be familiar with configuring Consul's secure features, including how to create ACL tokens and policies. Refer to the [Learn Guides about Consul Security](https://learn.hashicorp.com/collections/consul/security) for an introduction and the [ACL system](/docs/security/acl) documentation for more information. +* You should be familiar with configuring Consul's secure features, including how to create ACL tokens and policies. Refer to the [Learn Guides about Consul Security](/consul/tutorials/security?utm_source=docs) for an introduction and the [ACL system](/docs/security/acl) documentation for more information. * If you are using Consul with multiple ECS clusters, each cluster requires its own instance of the ACL controller. ## Set Up Secrets diff --git a/website/content/docs/ecs/manual/secure-configuration.mdx b/website/content/docs/ecs/manual/secure-configuration.mdx index c888e5cba3..f0b04c9142 100644 --- a/website/content/docs/ecs/manual/secure-configuration.mdx +++ b/website/content/docs/ecs/manual/secure-configuration.mdx @@ -21,7 +21,7 @@ You should already have followed the [manual installation instructions](/docs/ec You should be familiar with [specifying sensitive data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) on ECS. -You should be familiar with configuring Consul's secure features, including how to create ACL tokens and policies. Refer to the [ACL system documentation](/docs/security/acl) and [Day 1: Security tutorials](https://learn.hashicorp.com/collections/consul/security) for an introduction and additional information. +You should be familiar with configuring Consul's secure features, including how to create ACL tokens and policies. Refer to the [ACL system documentation](/docs/security/acl) and [Day 1: Security tutorials](/consul/tutorials/security?utm_source=docs) for an introduction and additional information. ## Auth Method diff --git a/website/content/docs/ecs/terraform/install.mdx b/website/content/docs/ecs/terraform/install.mdx index 2d520e4183..55229a2f14 100644 --- a/website/content/docs/ecs/terraform/install.mdx +++ b/website/content/docs/ecs/terraform/install.mdx @@ -7,7 +7,7 @@ description: >- # Installation with Terraform -This topic describes how to use HashiCorp’s Terraform modules to launch your application in AWS ECS as part of Consul service mesh. If you do not use Terraform, refer to the [Manual Installation](/docs/ecs/manual/install) page to install Consul on ECS without Terraform. +This topic describes how to use HashiCorp's Terraform modules to launch your application in AWS ECS as part of Consul service mesh. If you do not use Terraform, refer to the [Manual Installation](/docs/ecs/manual/install) page to install Consul on ECS without Terraform. This topic does not include instructions for creating all AWS resources necessary to install Consul, such as a VPC or the ECS cluster. Refer to the guides in the [Getting Started](/docs/ecs#getting-started) section for complete and runnable examples. diff --git a/website/content/docs/enterprise/admin-partitions.mdx b/website/content/docs/enterprise/admin-partitions.mdx index 089aac51db..bd09611a95 100644 --- a/website/content/docs/enterprise/admin-partitions.mdx +++ b/website/content/docs/enterprise/admin-partitions.mdx @@ -24,8 +24,8 @@ Admin partitions exist a level above namespaces in the identity hierarchy. They There are Learn tutorials available to help you get started with admin partitions. -- [Multi-Tenancy with Administrative Partitions](https://learn.hashicorp.com/tutorials/consul/consul-admin-partitions?in=consul/enterprise) -- [Multi Cluster Applications with Consul Enterprise Admin Partitions](https://learn.hashicorp.com/tutorials/consul/kubernetes-admin-partitions?in=consul/kubernetes) +- [Multi-Tenancy with Administrative Partitions](/consul/tutorials/enterprise/consul-admin-partitions?utm_source=docs) +- [Multi Cluster Applications with Consul Enterprise Admin Partitions](/consul/tutorials/kubernetes/kubernetes-admin-partitions?utm_source=docs) ### Default Admin Partition diff --git a/website/content/docs/enterprise/audit-logging.mdx b/website/content/docs/enterprise/audit-logging.mdx index a8d69fae26..4e60aa2410 100644 --- a/website/content/docs/enterprise/audit-logging.mdx +++ b/website/content/docs/enterprise/audit-logging.mdx @@ -2,7 +2,7 @@ layout: docs page_title: Consul Enterprise Audit Logging description: >- - Consul Enterprise provides the ability to write events of user behavior with Consul’s API so operations and security users can perform legal compliance auditing. + Consul Enterprise provides the ability to write events of user behavior with Consul's API so operations and security users can perform legal compliance auditing. --- # Audit Logging @@ -24,7 +24,7 @@ Audit logging enables security and compliance teams within an organization to ge greater insight into Consul access and usage patterns. For more experience leveraging Consul's audit logging functionality, explore our -HashiCorp Learn tutorial [Capture Consul Events with Audit Logging](https://learn.hashicorp.com/tutorials/consul/audit-logging). +HashiCorp Learn tutorial [Capture Consul Events with Audit Logging](/consul/tutorials/datacenter-operations/audit-logging?utm_source=docs). For detailed configuration information on configuring the Consul Enterprise's audit logging, review the Consul [Audit Log](/docs/agent/config/config-files#audit) diff --git a/website/content/docs/enterprise/backups.mdx b/website/content/docs/enterprise/backups.mdx index f019496a9a..befb6d7735 100644 --- a/website/content/docs/enterprise/backups.mdx +++ b/website/content/docs/enterprise/backups.mdx @@ -36,6 +36,6 @@ datacenter backups include (but are not limited to): - Namespaces For more experience leveraging Consul's snapshot functionality, we suggest you look through our HashiCorp -Learn tutorial for [Datacenter Backups in Consul](https://learn.hashicorp.com/tutorials/consul/backup-and-restore). +Learn tutorial for [Datacenter Backups in Consul](/consul/tutorials/production-deploy/backup-and-restore?utm_source=docs). For detailed configuration information on configuring the Consul Enterprise's snapshot agent, review the [Consul Snapshot Agent documentation](/commands/snapshot/agent). diff --git a/website/content/docs/enterprise/federation.mdx b/website/content/docs/enterprise/federation.mdx index e43aabd41e..2084bca577 100644 --- a/website/content/docs/enterprise/federation.mdx +++ b/website/content/docs/enterprise/federation.mdx @@ -26,7 +26,7 @@ desirable to have topologies like hub-and-spoke with central management datacenters and "spoke" datacenters that can't interact with each other. [Consul Enterprise](https://www.hashicorp.com/consul) offers a [network -area mechanism](https://learn.hashicorp.com/tutorials/consul/federation-network-areas) that allows operators to +area mechanism](/consul/tutorials/datacenter-operations/federation-network-areas?utm_source=docs) that allows operators to federate Consul datacenters together on a pairwise basis, enabling partially-connected network topologies. Once a link is created, Consul agents can make queries to the remote datacenter in service of both API and DNS diff --git a/website/content/docs/enterprise/license/faq.mdx b/website/content/docs/enterprise/license/faq.mdx index 663a10fcf9..9cdbcbe024 100644 --- a/website/content/docs/enterprise/license/faq.mdx +++ b/website/content/docs/enterprise/license/faq.mdx @@ -29,7 +29,7 @@ Refer to the instructions on [upgrading to 1.10.x](/docs/upgrading/instructions/ ## Q: Is there a tutorial available for the license configuration steps? -Please visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?in=consul/enterprise). +Please visit the [Enterprise License Tutorial](/consul/tutorials/enterprise/hashicorp-enterprise-license?utm_source=docs). ## Q: What resources are available? @@ -41,7 +41,7 @@ The list below is a great starting point for learning more about the license cha - [License configuration values documentation](/docs/enterprise/license/overview#binaries-without-built-in-licenses) -- [Install a HashiCorp Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?in=consul/enterprise) +- [Install a HashiCorp Enterprise License Tutorial](/consul/tutorials/enterprise/hashicorp-enterprise-license?utm_source=docs) ## Q: Do these changes impact all customers/licenses? @@ -142,7 +142,7 @@ Please see the [upgrade requirements](faq#q-what-are-the-upgrade-requirements). 1. Run [`consul license get -signed`](/commands/license#get) to extract the license from their running cluster. Store the license in a secure location on disk. 1. Set up the necessary configuration so that when Consul Enterprise reboots it will have access to the required license. This could be via the client agent configuration file or an environment variable. -1. Visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?in=consul/enterprise) for detailed steps on how to install the license key. +1. Visit the [Enterprise License Tutorial](/consul/tutorials/enterprise/hashicorp-enterprise-license?utm_source=docs) for detailed steps on how to install the license key. 1. Follow the Consul upgrade [documentation](/docs/upgrading). ### Kubernetes @@ -163,14 +163,14 @@ Once you have the license then create a Kubernetes secret containing the license 1. Acquire a valid Consul Enterprise license. If you are an existing HashiCorp enterprise customer you may contact your organization's customer success manager (CSM) or email support-softwaredelivery@hashicorp.com for information on how to get your organization's enterprise license. 1. Store the license in a secure location on disk. 1. Set up the necessary configuration so that when Consul Enterprise reboots it will have the required license. This could be via the client agent configuration file or an environment variable. - Visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?in=consul/enterprise) for detailed steps on how to install the license key. + Visit the [Enterprise License Tutorial](/consul/tutorials/enterprise/hashicorp-enterprise-license?utm_source=docs) for detailed steps on how to install the license key. 1. Follow the Consul upgrade [documentation](/docs/upgrading). ### Kubernetes 1. Acquire a valid Consul Enterprise license. If you are an existing HashiCorp enterprise customer you may contact your organization's customer success manager (CSM) or email support-softwaredelivery@hashicorp.com for information on how to get your organization's enterprise license. 1. Set up the necessary configuration so that when Consul Enterprise reboots it will have the required license. This could be via the client agent configuration file or an environment variable. - Visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?in=consul/enterprise) for detailed steps on how to install the license key. + Visit the [Enterprise License Tutorial](/consul/tutorials/enterprise/hashicorp-enterprise-license?utm_source=docs) for detailed steps on how to install the license key. 1. Proceed with the `helm` [upgrade instructions](/docs/k8s/upgrade) ## Q: Will Consul downgrades/rollbacks work? diff --git a/website/content/docs/enterprise/license/overview.mdx b/website/content/docs/enterprise/license/overview.mdx index 8652f357ff..4113d27444 100644 --- a/website/content/docs/enterprise/license/overview.mdx +++ b/website/content/docs/enterprise/license/overview.mdx @@ -19,7 +19,7 @@ agent's configuration or environment. Also, prior to 1.10.0, server agents would the license between themselves. This no longer occurs and the license must be present on each server agent when it is started. --> Visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?in=consul/enterprise) for detailed steps on how to install the license key. +-> Visit the [Enterprise License Tutorial](/consul/tutorials/enterprise/hashicorp-enterprise-license?utm_source=docs) for detailed steps on how to install the license key. ### Applying a License diff --git a/website/content/docs/enterprise/namespaces.mdx b/website/content/docs/enterprise/namespaces.mdx index affc187db3..ddabfe02db 100644 --- a/website/content/docs/enterprise/namespaces.mdx +++ b/website/content/docs/enterprise/namespaces.mdx @@ -21,8 +21,8 @@ to provide self-service through delegation of administrative privileges. For more information on how to use namespaces with Consul Enterprise please review the following HashiCorp Learn Guides: -- [Register and Discover Services within Namespaces](https://learn.hashicorp.com/tutorials/consul/namespaces-share-datacenter-access) - Register multiple services within different namespaces in Consul. -- [Setup Secure Namespaces](https://learn.hashicorp.com/tutorials/consul/namespaces-secure-shared-access) - Secure resources within a namespace and delegate namespace ACL rights via ACL tokens. +- [Register and Discover Services within Namespaces](/consul/tutorials/namespaces/namespaces-share-datacenter-access?utm_source=docs) - Register multiple services within different namespaces in Consul. +- [Setup Secure Namespaces](/consul/tutorials/namespaces/namespaces-secure-shared-access?utm_source=docs) - Secure resources within a namespace and delegate namespace ACL rights via ACL tokens. ## Namespace Definition diff --git a/website/content/docs/enterprise/network-segments.mdx b/website/content/docs/enterprise/network-segments.mdx index 51277ba528..421d922061 100644 --- a/website/content/docs/enterprise/network-segments.mdx +++ b/website/content/docs/enterprise/network-segments.mdx @@ -34,7 +34,7 @@ connectivity between agent members on the same segment. ![Consul datacenter agent connectivity with network segments](/img/network-segments/consul-network-segments-multiple.png) To get started with network segments you can review the tutorial on HashiCorp -Learn for [Network Segments](https://learn.hashicorp.com/tutorials/consul/network-partition-datacenters). +Learn for [Network Segments](/consul/tutorials/datacenter-operations/network-partition-datacenters?utm_source=docs). -> **Info:** Network segments enable you to operate a Consul datacenter without full mesh (LAN) connectivity between agents. To federate multiple Consul datacenters @@ -59,8 +59,8 @@ over the WAN. Consul clients make use of resources in federated clusters by forwarding RPCs through the Consul servers in their local cluster, but they never interact with remote Consul servers directly. There are currently two inter-cluster network models which can be viewed on HashiCorp Learn: -[WAN gossip (OSS)](https://learn.hashicorp.com/tutorials/consul/federation-gossip-wan) -and [Network Areas (Enterprise)](https://learn.hashicorp.com/tutorials/consul/federation-network-areas). +[WAN gossip (OSS)](/consul/tutorials/networking/federation-gossip-wan?utm_source=docs) +and [Network Areas (Enterprise)](/consul/tutorials/datacenter-operations/federation-network-areas?utm_source=docs). **LAN Gossip Pool**: A set of Consul agents that have full mesh connectivity among themselves, and use Serf to maintain a shared view of the members of the @@ -83,7 +83,7 @@ Each additional segment is defined by: Serf LAN listener on the server ~> **Note:** Prior to Consul 1.7.3, a Consul server agent configured with too -many network segments may not be able to start due to [limitations](https://learn.hashicorp.com/tutorials/consul/network-partition-datacenters#network-segments-limitations) +many network segments may not be able to start due to [limitations](/consul/tutorials/datacenter-operations/network-partition-datacenters?utm_source=docs#network-segments-limitations) in Serf. ### Example Server Configuration diff --git a/website/content/docs/enterprise/redundancy.mdx b/website/content/docs/enterprise/redundancy.mdx index 56bbcd68e0..1b80b743b4 100644 --- a/website/content/docs/enterprise/redundancy.mdx +++ b/website/content/docs/enterprise/redundancy.mdx @@ -31,5 +31,5 @@ for server nodes while also providing (and expanding) the capabilities of capabilities. For more information, review the HashiCorp Learn tutorial on -[Redundancy Zones](https://learn.hashicorp.com/tutorials/consul/autopilot-datacenter-operations#redundancy-zones), +[Redundancy Zones](/consul/tutorials/datacenter-operations/autopilot-datacenter-operations?utm_source=docs#redundancy-zones), as well as the documentation for [Consul Autopilot](/commands/operator/autopilot). diff --git a/website/content/docs/enterprise/upgrades.mdx b/website/content/docs/enterprise/upgrades.mdx index fc5e844a3b..5a1192633a 100644 --- a/website/content/docs/enterprise/upgrades.mdx +++ b/website/content/docs/enterprise/upgrades.mdx @@ -23,4 +23,4 @@ currently in a cluster. When an equal amount of new server nodes are joined runn will be demoted to non voting members. Demotion of legacy server nodes will not occur until the voting members on the new version match. Once this demotion occurs, the previous versioned servers can be removed from the cluster safely. -You can review more information about this functionality in the [Consul operator autopilot](/commands/operator/autopilot) documentation as well as on the HashiCorp Learn [Automated Upgrade](https://learn.hashicorp.com/tutorials/consul/autopilot-datacenter-operations#upgrade-migrations) tutorial. +You can review more information about this functionality in the [Consul operator autopilot](/commands/operator/autopilot) documentation as well as on the HashiCorp Learn [Automated Upgrade](/consul/tutorials/datacenter-operations/autopilot-datacenter-operations?utm_source=docs#upgrade-migrations) tutorial. diff --git a/website/content/docs/guides/index.mdx b/website/content/docs/guides/index.mdx index b3d68af992..e1bfd11fd0 100644 --- a/website/content/docs/guides/index.mdx +++ b/website/content/docs/guides/index.mdx @@ -9,9 +9,9 @@ description: |- # Consul Guides -~> The Consul guides have moved to the [HashiCorp Learn platform](https://learn.hashicorp.com/consul?utm_source=consul.io&utm_medium=docs&utm_content=guide-index). +~> The Consul guides have moved to the [HashiCorp Learn platform](/consul/tutorials?utm_source=docs&utm_content=guide-index). -[Guides](https://learn.hashicorp.com/consul?utm_source=consul.io&utm_medium=docs&utm_content=guide-index) are step by step command-line +[Guides](/consul/tutorials?utm_source=docs&utm_content=guide-index) are step by step command-line walkthroughs that demonstrate how to perform common operations using Consul, and complement the feature-focused Consul documentation. @@ -37,4 +37,4 @@ Tracks include: - Service Configuration and Consul KV - Cloud and Load Balancer Integrations -[**Explore the Learn platform**](https://learn.hashicorp.com/consul?utm_source=consul.io&utm_medium=docs&utm_content=guide-index) +[**Explore the Learn platform**](/consul/tutorials?utm_source=docs&utm_content=guide-index) diff --git a/website/content/docs/index.mdx b/website/content/docs/index.mdx index 6388baf517..26cb55ac1d 100644 --- a/website/content/docs/index.mdx +++ b/website/content/docs/index.mdx @@ -17,4 +17,4 @@ guides are located on the HashiCorp Learn site. - Follow [the documentation](/docs/install) to install Consul either with a precompiled binary or from source. - Read more about the [configuration options](/docs/agent/config) for Consul servers and clients. -- Get started using Consul with our step-by-step guides at [HashiCorp Learn](https://learn.hashicorp.com/consul). +- Get started using Consul with our step-by-step guides at [HashiCorp Learn](/consul/tutorials?utm_source=docs). diff --git a/website/content/docs/install/index.mdx b/website/content/docs/install/index.mdx index da8d113fcc..e17ff5e780 100644 --- a/website/content/docs/install/index.mdx +++ b/website/content/docs/install/index.mdx @@ -20,7 +20,7 @@ Downloading a precompiled binary is easiest, and we provide downloads over TLS along with SHA256 sums to verify the binary. We also distribute a PGP signature with the SHA256 sums that can be verified. -The [Getting Started guides](https://learn.hashicorp.com/tutorials/consul/get-started-install?utm_source=consul.io&utm_medium=docs) provide a quick walkthrough of installing and using Consul on your local machine. +The [Getting Started guides](/consul/tutorials/getting-started/get-started-install?utm_source=docs) provide a quick walkthrough of installing and using Consul on your local machine. ## Precompiled Binaries diff --git a/website/content/docs/install/performance.mdx b/website/content/docs/install/performance.mdx index e5824963c3..fda8ae56ab 100644 --- a/website/content/docs/install/performance.mdx +++ b/website/content/docs/install/performance.mdx @@ -112,9 +112,9 @@ Here are some general recommendations: - For DNS-heavy workloads, configuring all Consul agents in a cluster with the [`allow_stale`](/docs/agent/config/config-files#allow_stale) configuration option will allow reads to scale across all Consul servers, not just the leader. Consul 0.7 and later enables stale reads - for DNS by default. See [Stale Reads](https://learn.hashicorp.com/tutorials/consul/dns-caching#stale-reads) in the - [DNS Caching](https://learn.hashicorp.com/tutorials/consul/dns-caching) guide for more details. It's also good to set - reasonable, non-zero [DNS TTL values](https://learn.hashicorp.com/tutorials/consul/dns-caching#ttl-values) if your clients will + for DNS by default. See [Stale Reads](/consul/tutorials/networking/dns-caching?utm_source=docs#stale-reads) in the + [DNS Caching](/consul/tutorials/networking/dns-caching?utm_source=docs) guide for more details. It's also good to set + reasonable, non-zero [DNS TTL values](/consul/tutorials/networking/dns-caching?utm_source=docs#ttl-values) if your clients will respect them. - In other applications that perform high volumes of reads against Consul, consider using the @@ -146,7 +146,7 @@ set size. You can determine the working set size by noting the value of ## Read/Write Tuning -Consul is write limited by disk I/O and read limited by CPU. Memory requirements will be dependent on the total size of KV pairs stored and should be sized according to that data (as should the hard drive storage). The limit on a key’s value size is `512KB`. +Consul is write limited by disk I/O and read limited by CPU. Memory requirements will be dependent on the total size of KV pairs stored and should be sized according to that data (as should the hard drive storage). The limit on a key's value size is `512KB`. -> Consul is write limited by disk I/O and read limited by CPU. @@ -166,7 +166,7 @@ It should be noted that `stale` is not appropriate for coordination where strong **Read-heavy** clusters may take advantage of the [enhanced reading](/docs/enterprise/read-scale) feature (Enterprise) for better scalability. This feature allows additional servers to be introduced as non-voters. Being a non-voter, the server will still participate in data replication, but it will not block the leader from committing log entries. -Consul’s agents use network sockets for communicating with the other nodes (gossip) and with the server agent. In addition, file descriptors are also opened for watch handlers, health checks, and log files. For a **write heavy** cluster, the `ulimit` size must be increased from the default value (`1024`) to prevent the leader from running out of file descriptors. +Consul's agents use network sockets for communicating with the other nodes (gossip) and with the server agent. In addition, file descriptors are also opened for watch handlers, health checks, and log files. For a **write heavy** cluster, the `ulimit` size must be increased from the default value (`1024`) to prevent the leader from running out of file descriptors. To prevent any CPU spikes from a misconfigured client, RPC requests to the server should be [rate limited](/docs/agent/config/config-files#limits) diff --git a/website/content/docs/integrate/download-tools.mdx b/website/content/docs/integrate/download-tools.mdx index 51da013660..60f2e11df2 100644 --- a/website/content/docs/integrate/download-tools.mdx +++ b/website/content/docs/integrate/download-tools.mdx @@ -16,14 +16,14 @@ These Consul tools are created and managed by the dedicated engineers at HashiCo - [Envconsul](https://github.com/hashicorp/envconsul) - Read and set environmental variables for processes from Consul. - [Consul API Gateway](https://github.com/hashicorp/consul-api-gateway/) - dedicated ingress solution for intelligently routing traffic to applications running on a Consul Service Mesh. -- [Consul ESM](https://github.com/hashicorp/consul-esm) - Provides external service monitoring for Consul. A tutorial is available on [HashiCorp Learn](https://learn.hashicorp.com/tutorials/consul/service-registration-external-services). +- [Consul ESM](https://github.com/hashicorp/consul-esm) - Provides external service monitoring for Consul. A tutorial is available on [HashiCorp Learn](/consul/tutorials/developer-discovery/service-registration-external-services?utm_source=docs). - [Consul Migrate](https://github.com/hashicorp/consul-migrate) - Data migration tool to handle Consul upgrades to 0.5.1+ - [Consul Replicate](https://github.com/hashicorp/consul-replicate) - Consul cross-DC KV replication daemon. -- [Consul Template](https://github.com/hashicorp/consul-template) - Generic template rendering and notifications with Consul. A step by step tutorial is available on [HashiCorp Learn](https://learn.hashicorp.com/tutorials/consul/consul-template). +- [Consul Template](https://github.com/hashicorp/consul-template) - Generic template rendering and notifications with Consul. A step by step tutorial is available on [HashiCorp Learn](/consul/tutorials/developer-configuration/consul-template?utm_source=docs). - [Consul-Terraform Sync](https://github.com/hashicorp/consul-terraform-sync) - enables dynamic updates to network infrastructure devices triggered by service changes. A tutorial is available on [HashiCorp -Learn](https://learn.hashicorp.com/collections/consul/network-infrastructure-automation?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) +Learn](/consul/tutorials/network-infrastructure-automation?utm_source=docs) ## Community Tools diff --git a/website/content/docs/integrate/nia-integration.mdx b/website/content/docs/integrate/nia-integration.mdx index 787c3e18bc..b1a06bb9ad 100644 --- a/website/content/docs/integrate/nia-integration.mdx +++ b/website/content/docs/integrate/nia-integration.mdx @@ -6,7 +6,7 @@ description: Guide to partnership integrations for Consul NIA # Network Infrastructure Automation Integration Program -HashiCorp’s Network Infrastructure Automation (NIA) Integration Program allows partners to build integrations that allow customers to automate dynamic application workflows leveraging network and security infrastructure at runtime. Detailed below is the approach to integrate your networking technology along with the clearly defined steps, links to information sources, and checkpoints. +HashiCorp's Network Infrastructure Automation (NIA) Integration Program allows partners to build integrations that allow customers to automate dynamic application workflows leveraging network and security infrastructure at runtime. Detailed below is the approach to integrate your networking technology along with the clearly defined steps, links to information sources, and checkpoints. ## Network Infrastructure Automation @@ -43,13 +43,13 @@ Consul-Terraform-Sync compatible Terraform module development process is fairly - Consul [documentation](/docs) - Consul-Terraform-Sync [documentation](/docs/nia) -- Writing Consul-Terraform-Sync compatible Terraform modules using our [guide](/docs/nia/terraform-modules) and [tutorial](https://learn.hashicorp.com/tutorials/consul/consul-terraform-sync-module?in=consul/network-infrastructure-automation) +- Writing Consul-Terraform-Sync compatible Terraform modules using our [guide](/docs/nia/terraform-modules) and [tutorial](/consul/tutorials/network-infrastructure-automation/consul-terraform-sync-module?utm_source=docs) - Example Terraform Modules for reference: [PAN-OS](https://registry.terraform.io/modules/PaloAltoNetworks/dag-nia/panos/latest), [Simple Print Module](https://registry.terraform.io/modules/findkim/print/cts/latest) and a [Template to structure your Terraform Modules](https://github.com/hashicorp/consul-terraform-sync-template-module) - Publishing to the Terraform Registry [guidelines](https://www.terraform.io/docs/registry/modules/publish.html) ### 3. Develop & Test -Terraform modules are written in HashiCorp Configuration Language (HCL). Writing [Terraform modules](https://www.terraform.io/docs/modules/index.html) or a [tutorial to build a module](https://learn.hashicorp.com/tutorials/terraform/module-create) are good resources to begin writing a new module. +Terraform modules are written in HashiCorp Configuration Language (HCL). Writing [Terraform modules](https://www.terraform.io/docs/modules/index.html) or a [tutorial to build a module](/terraform/tutorials/modules/module-create?utm_source=docs) are good resources to begin writing a new module. Consul-Terraform-Sync compatible modules follow the [standard module structure](https://www.terraform.io/docs/modules/index.html#standard-module-structure). Modules can use syntax supported by Terraform version 0.13, or higher. Consul-Terraform-Sync is designed to integrate with any module that satisfies these [specifications](/docs/nia/terraform-modules#module-specifications). The guide will give you an introduction of the code structure and the basics of authoring a plugin that Terraform can interact with. It is recommended that partners develop modules that cater to specific workflows on an individual platform in their product portfolio rather than having overarching modules that try to cover multiple workflows across different platforms. This is to keep the automation modular and adoptable by a broad set of users with varying network infrastructure topologies. Partners are encouraged to test the functionality of the modules against their supported platforms. @@ -78,7 +78,7 @@ All Consul-Terraform-Sync compatible modules follow a naming convention: `terraf During the review process, HashiCorp will provide feedback on the newly developed Consul-Terraform-Sync compatible Terraform module. Please engage in the review process once one or two sample modules have been developed. Begin the process by emailing nia-integration-dev@hashicorp.com with a URL to the public GitHub repo containing the code. -HashiCorp will then review the module, and the documentation. The documentation should clearly indicate the compatibility with Consul-Terraform-Sync software version(s) and partner platform’s software version(s). +HashiCorp will then review the module, and the documentation. The documentation should clearly indicate the compatibility with Consul-Terraform-Sync software version(s) and partner platform's software version(s). Once the module development has been completed another email should be sent to nia-integration-dev@hashicorp.com along with a URL to the public GitHub repo containing the code requesting the final code review. HashiCorp will review the module and provide feedback about any changes that may be required. This is often an iterative process and can take some time to get done. diff --git a/website/content/docs/integrate/partnerships.mdx b/website/content/docs/integrate/partnerships.mdx index e7c5bb2228..793565b110 100644 --- a/website/content/docs/integrate/partnerships.mdx +++ b/website/content/docs/integrate/partnerships.mdx @@ -16,7 +16,7 @@ The program is intended to be largely self-service with links to resources, code ## Categories of Consul Integrations -By leveraging Consul’s RESTful HTTP API system, prospective partners are able to build extensible integrations at the data plane, platform, and the infrastructure layer to extend Consul’s functionalities. These integrations can be performed both with the open source version of Consul, Consul Enterprise, and HCP Consul. +By leveraging Consul's RESTful HTTP API system, prospective partners are able to build extensible integrations at the data plane, platform, and the infrastructure layer to extend Consul's functionalities. These integrations can be performed both with the open source version of Consul, Consul Enterprise, and HCP Consul. **The Consul ecosystem of integrations:** @@ -26,19 +26,19 @@ By leveraging Consul’s RESTful HTTP API system, prospective partners are able -**Data Plane**: These integrations extend Consul’s certificate management, secure ACL configuration, observability metrics and logging, and service discovery that allows for dynamic service mapping APM and logging tools, extend sidecar proxies to support Consul connect, and extend API gateways to allow Consul to route incoming traffic to the proxies for Connect-enabled services. +**Data Plane**: These integrations extend Consul's certificate management, secure ACL configuration, observability metrics and logging, and service discovery that allows for dynamic service mapping APM and logging tools, extend sidecar proxies to support Consul connect, and extend API gateways to allow Consul to route incoming traffic to the proxies for Connect-enabled services. **Control Plane**: Consul has a client-server architecture and is the control plane for the service mesh. **Platform**: These integrations leverage automation of Consul agent deployment, configuration, and management. Designed to be platform agnostic, Consul can be deployed in a variety of form factors, including major Public Cloud providers (AWS, GCP, Azure) as well as in bare-metal, virtual machine, and container (Docker, Kubernetes) environments. They include the Consul agent running in both client and server mode. -**Infrastructure**: There are two integration options in this category: natively through a direct integration with Consul or via Consul-Terraform-Sync (CTS). By leveraging Consul’s powerful **Network Infrastructure Automation (NIA)*** capabilities through CTS, changes in an infrastructure are seamlessly automated when Consul detects a change in its service catalog. For example, these integrations could be used to automate IP updates of load balancers or firewall security policies by leveraging Consul service discovery. +**Infrastructure**: There are two integration options in this category: natively through a direct integration with Consul or via Consul-Terraform-Sync (CTS). By leveraging Consul's powerful **Network Infrastructure Automation (NIA)*** capabilities through CTS, changes in an infrastructure are seamlessly automated when Consul detects a change in its service catalog. For example, these integrations could be used to automate IP updates of load balancers or firewall security policies by leveraging Consul service discovery. --> **Network Infrastructure Automation (NIA)***: These integrations leverage Consul’s service catalog to seamlessly integrate with Consul-Terraform-Sync (CTS) to automate changes in network infrastructure via a publisher-subscriber method. More details can be found [here](/docs/integrate/nia-integration). +-> **Network Infrastructure Automation (NIA)***: These integrations leverage Consul's service catalog to seamlessly integrate with Consul-Terraform-Sync (CTS) to automate changes in network infrastructure via a publisher-subscriber method. More details can be found [here](/docs/integrate/nia-integration). -**HCP Consul**: HCP Consul is secure by default and offers an enterprise-level service level agreement (SLA) to deploy an organization’s most important applications. Sign up for HCP Consul is free and available [here](https://cloud.hashicorp.com/products/consul). +**HCP Consul**: HCP Consul is secure by default and offers an enterprise-level service level agreement (SLA) to deploy an organization's most important applications. Sign up for HCP Consul is free and available [here](https://cloud.hashicorp.com/products/consul). -**Consul integration verification badges**: Partners will be issued the Consul Enterprise badge for integrations that work with [Consul Enterprise features](https://www.consul.io/docs/enterprise) such as namespaces. Partners will be issued the HCP Consul badge for integrations validated to work with [HCP Consul](https://cloud.hashicorp.com/docs/consul/features). Each badge would be displayed on HashiCorp’s partner page as well as be available for posting on the partner’s own website to provide better visibility and differentiation of the integration for joint customers. +**Consul integration verification badges**: Partners will be issued the Consul Enterprise badge for integrations that work with [Consul Enterprise features](https://www.consul.io/docs/enterprise) such as namespaces. Partners will be issued the HCP Consul badge for integrations validated to work with [HCP Consul](https://cloud.hashicorp.com/docs/consul/features). Each badge would be displayed on HashiCorp's partner page as well as be available for posting on the partner's own website to provide better visibility and differentiation of the integration for joint customers. @@ -89,7 +89,7 @@ Here are links to resources, documentation, examples and best practices to guide **API Gateway** -- [Ambassador Integration documentation](https://learn.hashicorp.com/tutorials/consul/service-mesh-gateway-ambassador) +- [Ambassador Integration documentation](/consul/tutorials/developer-mesh/service-mesh-gateway-ambassador?utm_source=docs) - [F5 Terminating Gateway Integration Documentation](https://www.hashicorp.com/integrations/f5-networks/consul) - [Traefik Integration with Consul Service Mesh](https://traefik.io/blog/integrating-consul-connect-service-mesh-with-traefik-2-5/) - [Kong's Ingress Controller Integration with Consul](https://www.hashicorp.com/integrations/kong/consul) @@ -108,14 +108,14 @@ Here are links to resources, documentation, examples and best practices to guide #### Platform: -- [Consul-AWS for AWS Cloud Map](https://learn.hashicorp.com/tutorials/consul/sync-aws-services) +- [Consul-AWS for AWS Cloud Map](/consul/tutorials/cloud-integrations/sync-aws-services?utm_source=docs) - [Consul Integration with AWS ECS](/docs/ecs/get-started/install) - [Consul Integration with Layer5 Meshery](https://www.hashicorp.com/integrations/layer5-io/consul) -- [Consul Integration with VMware Tanzu Application Service](https://learn.hashicorp.com/tutorials/consul/sync-pivotal-cloud-services) +- [Consul Integration with VMware Tanzu Application Service](/consul/tutorials/cloud-integrations/sync-pivotal-cloud-services?utm_source=docs) #### Infrastructure: --> **Note**: The types of integration areas below could be developed to natively work with Consul or through leveraging Consul-Terraform-Sync and Consul’s network automation capabilities. +-> **Note**: The types of integration areas below could be developed to natively work with Consul or through leveraging Consul-Terraform-Sync and Consul's network automation capabilities. **Firewalls** @@ -132,32 +132,32 @@ Here are links to resources, documentation, examples and best practices to guide **Load Balancer** -- [Load Balancing with NGINX and Consul Template](https://learn.hashicorp.com/tutorials/consul/load-balancing-nginx) -- [Load Balancing with HAProxy Service Discovery](https://learn.hashicorp.com/tutorials/consul/load-balancing-haproxy) +- [Load Balancing with NGINX and Consul Template](/consul/tutorials/load-balancing/load-balancing-nginx?utm_source=docs) +- [Load Balancing with HAProxy Service Discovery](/consul/tutorials/load-balancing/load-balancing-haproxy?utm_source=docs) **Network Infrastructure Automation \(using CTS\):** - - [Automate F5 BIG-IP with Consul NIA](https://learn.hashicorp.com/tutorials/consul/consul-terraform-sync-f5-bigip-fast?in=consul/network-infrastructure-automation) + - [Automate F5 BIG-IP with Consul NIA](/consul/tutorials/network-infrastructure-automation/consul-terraform-sync-f5-bigip-fast?utm_source=docs) - [Automate VMware Advanced Load Balancers (Avi) with Consul NIA](https://www.hashicorp.com/integrations/_vmware/consul) **Application Delivery Controllers \(ADC\):** -- [Automate A10 ADC with Consul NIA](https://learn.hashicorp.com/tutorials/consul/consul-terraform-sync-a10-adc?in=consul/network-infrastructure-automation) +- [Automate A10 ADC with Consul NIA](/consul/tutorials/network-infrastructure-automation/consul-terraform-sync-a10-adc?utm_source=docs) - [Automate Citrix ADC with Consul NIA](https://www.hashicorp.com/integrations/citrix-adc/consul) ### 3. Develop and Test The only knowledge necessary to write a plugin is basic command-line skills and knowledge of the [Go programming language](http://www.golang.org). Use the plugin interface to develop your integration. All integrations should contain unit and acceptance testing. -**HCP Consul**: The process to configure a testing instance of HCP consul [is very simple](https://learn.hashicorp.com/tutorials/cloud/get-started-consul). HCP has been designed as a HashiCorp managed service so configuration is minimal as only Consul client agents need to be installed. Furthermore, HashiCorp provides all new users an initial credit which should last approximately 2 months using a [development cluster](https://cloud.hashicorp.com/pricing/consul). When deployed with AWS free tier services, there should be no cost beyond the time spent by the designated tester. +**HCP Consul**: The process to configure a testing instance of HCP consul [is very simple](/consul/tutorials/cloud-get-started/get-started-consul?utm_source=docs). HCP has been designed as a HashiCorp managed service so configuration is minimal as only Consul client agents need to be installed. Furthermore, HashiCorp provides all new users an initial credit which should last approximately 2 months using a [development cluster](https://cloud.hashicorp.com/pricing/consul). When deployed with AWS free tier services, there should be no cost beyond the time spent by the designated tester. -Please note that HCP Consul is currently only deployed on AWS so the partner’s application should be able to be deployed or run in AWS. For more information, please refer to [Peering an HVN to an AWS VPC for HCP Consul](https://www.youtube.com/watch?v=vuKjkIGYZlU). +Please note that HCP Consul is currently only deployed on AWS so the partner's application should be able to be deployed or run in AWS. For more information, please refer to [Peering an HVN to an AWS VPC for HCP Consul](https://www.youtube.com/watch?v=vuKjkIGYZlU). #### HCP Consul Resource Links: -- [Getting Started with HCP Consul](https://learn.hashicorp.com/tutorials/cloud/get-started-consul?in=consul/cloud-get-started) +- [Getting Started with HCP Consul](/consul/tutorials/cloud-get-started/get-started-consul?utm_source=docs) - [Peering an HVN to a VPC for HCP Consul](https://www.youtube.com/watch?v=vuKjkIGYZlU) -- [Connecting a Consul Client to HCP Consul](https://learn.hashicorp.com/tutorials/cloud/consul-client-virtual-machines?in=consul/cloud-get-started) +- [Connecting a Consul Client to HCP Consul](/consul/tutorials/cloud-get-started/consul-client-aws-ec2?utm_source=docs) - [Monitoring HCP Consul with Datadog](https://docs.datadoghq.com/integrations/guide/hcp-consul/) **Consul Enterprise**: An integration qualifies for Consul Enterprise when it is tested and compatible with Consul Enterprise Namespaces. diff --git a/website/content/docs/internals/acl.mdx b/website/content/docs/internals/acl.mdx index 391ee45031..b251c89ce2 100644 --- a/website/content/docs/internals/acl.mdx +++ b/website/content/docs/internals/acl.mdx @@ -10,7 +10,7 @@ description: >- # ACL System ((#version_8_acls)) -This content has been moved into the [ACL Guide](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production). +This content has been moved into the [ACL Guide](/consul/tutorials/security/access-control-setup-production?utm_source=docs). See [Complete ACL Coverage in Consul 0.8](/docs/security/acl/acl-legacy) for details about ACL changes in Consul 0.8 and later. diff --git a/website/content/docs/intro/index.mdx b/website/content/docs/intro/index.mdx index 3a14541bdc..fa0cf7c7ea 100644 --- a/website/content/docs/intro/index.mdx +++ b/website/content/docs/intro/index.mdx @@ -17,7 +17,7 @@ to existing software, and how you can get started using it. If you are familiar with the basics of Consul, the [documentation](/docs) provides a more detailed reference of available features. If you're ready to get hands-on experience, deploy Consul locally with our -[HashiCorp Learn tutorial](https://learn.hashicorp.com/tutorials/consul/get-started-install). +[HashiCorp Learn tutorial](/consul/tutorials/getting-started/get-started-install?utm_source=docs). ## Why Consul? @@ -115,5 +115,5 @@ forward the request to the remote datacenter and return the result. ## Next Steps -Continue onwards with [HashiCorp Learn](https://learn.hashicorp.com/tutorials/consul/get-started-install) +Continue onwards with [HashiCorp Learn](/consul/tutorials/getting-started/get-started-install?utm_source=docs) to learn more about Consul and how to get Consul up and running. diff --git a/website/content/docs/k8s/architecture.mdx b/website/content/docs/k8s/architecture.mdx index 3a6e6ae323..6547627cc2 100644 --- a/website/content/docs/k8s/architecture.mdx +++ b/website/content/docs/k8s/architecture.mdx @@ -10,7 +10,7 @@ description: >- This topic describes the architecture, components, and resources associated with Consul deployments to Kubernetes. Consul employs the same architectural design on Kubernetes as it does with other platforms (see [Architecture](/docs/architecture)), but Kubernetes provides additional benefits that make operating a Consul cluster easier. -Refer to the standard [production deployment guide](https://learn.hashicorp.com/consul/datacenter-deploy/deployment-guide) for important information, regardless of the deployment platform. +Refer to the standard [production deployment guide](/consul/tutorials?utm_source=docs/datacenter-deploy/deployment-guide) for important information, regardless of the deployment platform. ## Server Agents diff --git a/website/content/docs/k8s/connect/ingress-gateways.mdx b/website/content/docs/k8s/connect/ingress-gateways.mdx index 8095c63847..eab54b7c4e 100644 --- a/website/content/docs/k8s/connect/ingress-gateways.mdx +++ b/website/content/docs/k8s/connect/ingress-gateways.mdx @@ -178,7 +178,7 @@ $ kubectl apply --filename service-intentions.yaml serviceintentions.consul.hashicorp.com/ingress-gateway created ``` -For detailed instructions on how to configure zero-trust networking with intentions please refer to this [guide](https://learn.hashicorp.com/tutorials/consul/service-mesh-zero-trust-network). +For detailed instructions on how to configure zero-trust networking with intentions please refer to this [guide](/consul/tutorials/service-mesh-security/service-mesh-zero-trust-network?utm_source=docs). ## Deploying your application to Kubernetes diff --git a/website/content/docs/k8s/connect/observability/metrics.mdx b/website/content/docs/k8s/connect/observability/metrics.mdx index 349cd3f491..bec38a9e71 100644 --- a/website/content/docs/k8s/connect/observability/metrics.mdx +++ b/website/content/docs/k8s/connect/observability/metrics.mdx @@ -108,7 +108,7 @@ global: ## Metrics in the UI Topology Visualization -Consul’s built-in UI has a topology visualization for services part of the Consul Service Mesh. The topology visualization has the ability to fetch basic metrics from a metrics provider for each service and display those metrics as part of the [topology visualization](/docs/connect/observability/ui-visualization). +Consul's built-in UI has a topology visualization for services part of the Consul Service Mesh. The topology visualization has the ability to fetch basic metrics from a metrics provider for each service and display those metrics as part of the [topology visualization](/docs/connect/observability/ui-visualization). The diagram below illustrates how the UI displays service metrics for a sample application: @@ -137,7 +137,7 @@ The Prometheus deployment is designed to allow quick bootstrapping for trial and Prometheus will be installed in the same namespace as Consul, and will be installed and uninstalled along with the Consul installation. -Grafana can optionally be utilized with Prometheus to display metrics. The installation and configuration of Grafana must be managed separately from the Consul Helm chart. The [Layer 7 Observability with Prometheus, Grafana, and Kubernetes](https://learn.hashicorp.com/tutorials/consul/kubernetes-layer7-observability?in=consul/kubernetes)) tutorial provides an installation walkthrough using Helm. +Grafana can optionally be utilized with Prometheus to display metrics. The installation and configuration of Grafana must be managed separately from the Consul Helm chart. The [Layer 7 Observability with Prometheus, Grafana, and Kubernetes](/consul/tutorials/service-mesh-observability/kubernetes-layer7-observability?utm_source=docs?in=consul/kubernetes)) tutorial provides an installation walkthrough using Helm. ```yaml prometheus: diff --git a/website/content/docs/k8s/helm.mdx b/website/content/docs/k8s/helm.mdx index be0c340800..b56d022c6b 100644 --- a/website/content/docs/k8s/helm.mdx +++ b/website/content/docs/k8s/helm.mdx @@ -360,7 +360,7 @@ Use these links to navigate to a particular top-level stanza. See https://www.consul.io/docs/agent/config/cli-flags#_recursor for more details. If this is an empty array (the default), then Consul DNS will only resolve queries for the Consul top level domain (by default `.consul`). - - `tls` ((#v-global-tls)) - Enables TLS (https://learn.hashicorp.com/tutorials/consul/tls-encryption-secure) + - `tls` ((#v-global-tls)) - Enables TLS (/consul/tutorials/security/tls-encryption-secure?utm_source=docs) across the cluster to verify authenticity of the Consul servers and clients. Requires Consul v1.4.1+. @@ -527,7 +527,7 @@ Use these links to navigate to a particular top-level stanza. - `metrics` ((#v-global-metrics)) - Configures metrics for Consul service mesh - - `enabled` ((#v-global-metrics-enabled)) (`boolean: false`) - Configures the Helm chart’s components + - `enabled` ((#v-global-metrics-enabled)) (`boolean: false`) - Configures the Helm chart's components to expose Prometheus metrics for the Consul service mesh. By default this includes gateway metrics and sidecar metrics. @@ -621,8 +621,7 @@ Use these links to navigate to a particular top-level stanza. Vault Secrets backend: If you are using Vault as a secrets backend, a Vault Policy must be created which allows `["create", "update"]` capabilities on the PKI issuing endpoint, which is usually of the form `pki/issue/consul-server`. - Please see the following guide for steps to generate a compatible certificate: - https://learn.hashicorp.com/tutorials/consul/vault-pki-consul-secure-tls + Please refer the [Consul and Vault tutorial](/consul/tutorials/vault-secure/vault-pki-consul-secure-tls?utm_source=docs) for steps to generate a compatible certificate. Note: when using TLS, both the `server.serverCert` and `global.tls.caCert` which points to the CA endpoint of this PKI engine must be provided. diff --git a/website/content/docs/k8s/index.mdx b/website/content/docs/k8s/index.mdx index 8504d62384..b0eb4a67bc 100644 --- a/website/content/docs/k8s/index.mdx +++ b/website/content/docs/k8s/index.mdx @@ -40,33 +40,33 @@ There are several ways to try Consul with Kubernetes in different environments. **Tutorials** -- The [Getting Started with Consul Service Mesh track](https://learn.hashicorp.com/tutorials/consul/service-mesh-deploy?in=consul/gs-consul-service-mesh?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) +- The [Getting Started with Consul Service Mesh track](/consul/tutorials/gs-consul-service-mesh/service-mesh-deploy?utm_source=docs) provides guidance for installing Consul as service mesh for Kubernetes using the Helm chart, deploying services in the service mesh, and using intentions to secure service communications. -- The [Migrate to Microservices with Consul Service Mesh on Kubernetes](https://learn.hashicorp.com/collections/consul/microservices?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) +- The [Migrate to Microservices with Consul Service Mesh on Kubernetes](/consul/tutorials/microservices?utm_source=docs) collection uses an example application written by a fictional company to illustrate why and how organizations can migrate from monolith to microservices using Consul service mesh on Kubernetes. The case study in this collection should provide information valuable for understanding how to develop services that leverage Consul during any stage of your microservices journey. -- The [Consul and Minikube guide](https://learn.hashicorp.com/tutorials/consul/kubernetes-minikube?utm_source=consul.io&utm_medium=docs) is a quick step-by-step guide for deploying Consul with the official Helm chart on a local instance of Minikube. +- The [Consul and Minikube guide](/consul/tutorials/kubernetes/kubernetes-minikube?utm_source=docs) is a quick step-by-step guide for deploying Consul with the official Helm chart on a local instance of Minikube. - Review production best practices and cloud-specific configurations for deploying Consul on managed Kubernetes runtimes. - - The [Consul on Azure Kubernetes Service (AKS) tutorial](https://learn.hashicorp.com/tutorials/consul/kubernetes-aks-azure?utm_source=consul.io&utm_medium=docs) is a complete step-by-step guide on how to deploy Consul on AKS. The guide also allows you to practice deploying two microservices. - - The [Consul on Amazon Elastic Kubernetes Service (EKS) tutorial](https://learn.hashicorp.com/tutorials/consul/kubernetes-eks-aws?utm_source=consul.io&utm_medium=docs) is a complete step-by-step guide on how to deploy Consul on EKS. Additionally, it provides guidance on interacting with your datacenter with the Consul UI, CLI, and API. - - The [Consul on Google Kubernetes Engine (GKE) tutorial](https://learn.hashicorp.com/tutorials/consul/kubernetes-gke-google?utm_source=consul.io&utm_medium=docs) is a complete step-by-step guide on how to deploy Consul on GKE. Additionally, it provides guidance on interacting with your datacenter with the Consul UI, CLI, and API. + - The [Consul on Azure Kubernetes Service (AKS) tutorial](/consul/tutorials/kubernetes/kubernetes-aks-azure?utm_source=docs) is a complete step-by-step guide on how to deploy Consul on AKS. The guide also allows you to practice deploying two microservices. + - The [Consul on Amazon Elastic Kubernetes Service (EKS) tutorial](/consul/tutorials/kubernetes/kubernetes-eks-aws?utm_source=docs) is a complete step-by-step guide on how to deploy Consul on EKS. Additionally, it provides guidance on interacting with your datacenter with the Consul UI, CLI, and API. + - The [Consul on Google Kubernetes Engine (GKE) tutorial](/consul/tutorials/kubernetes/kubernetes-gke-google?utm_source=docs) is a complete step-by-step guide on how to deploy Consul on GKE. Additionally, it provides guidance on interacting with your datacenter with the Consul UI, CLI, and API. -- The [Consul and Kubernetes Reference Architecture](https://learn.hashicorp.com/tutorials/consul/kubernetes-reference-architecture?utm_source=consul.io&utm_medium=docs) guide provides recommended practices for production. +- The [Consul and Kubernetes Reference Architecture](/consul/tutorials/kubernetes/kubernetes-reference-architecture?utm_source=docs) guide provides recommended practices for production. -- The [Consul and Kubernetes Deployment](https://learn.hashicorp.com/tutorials/consul/kubernetes-deployment-guide?utm_source=consul.io&utm_medium=docs) tutorial covers the necessary steps to install and configure a new Consul cluster on Kubernetes in production. +- The [Consul and Kubernetes Deployment](/consul/tutorials/kubernetes/kubernetes-deployment-guide?utm_source=docs) tutorial covers the necessary steps to install and configure a new Consul cluster on Kubernetes in production. -- The [Secure Consul and Registered Services on Kubernetes](https://learn.hashicorp.com/tutorials/consul/kubernetes-secure-agents?in=consul/kubernetes) tutorial covers +- The [Secure Consul and Registered Services on Kubernetes](/consul/tutorials/kubernetes/kubernetes-secure-agents?utm_source=docs) tutorial covers the necessary steps to secure a Consul cluster running on Kubernetes in production. -- The [Layer 7 Observability with Consul Service Mesh](https://learn.hashicorp.com/tutorials/consul/kubernetes-layer7-observability) tutorial covers monitoring a +- The [Layer 7 Observability with Consul Service Mesh](/consul/tutorials/service-mesh-observability/kubernetes-layer7-observability?utm_source=docs) tutorial covers monitoring a Consul service mesh running on Kubernetes with Prometheus and Grafana. **Documentation** diff --git a/website/content/docs/k8s/installation/install.mdx b/website/content/docs/k8s/installation/install.mdx index ffed47349c..f8e9771ad0 100644 --- a/website/content/docs/k8s/installation/install.mdx +++ b/website/content/docs/k8s/installation/install.mdx @@ -23,7 +23,7 @@ You can install Consul on Kubernetes using the following methods: Refer to the [architecture](/docs/k8s/installation/install#architecture) section to learn more about the general architecture of Consul on Kubernetes. For a hands-on experience with Consul as a service mesh for Kubernetes, follow the [Getting Started with Consul service -mesh](https://learn.hashicorp.com/tutorials/consul/service-mesh-deploy?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) tutorial. +mesh](/consul/tutorials/gs-consul-service-mesh/service-mesh-deploy?utm_source=docs) tutorial. ## Consul K8s CLI Installation @@ -103,7 +103,7 @@ The [Homebrew](https://brew.sh) package manager is required to complete the foll We recommend using the Consul Helm chart to install Consul on Kubernetes for multi-cluster installations that involve cross-partition of cross datacenter communication. The Helm chart installs and configures all necessary components to run Consul. The configuration enables you to run a server cluster, a client cluster, or both. Step-by-step tutorials for how to deploy Consul to Kubernetes, please see -our [Deploy to Kubernetes](https://learn.hashicorp.com/collections/consul/kubernetes-deploy) +our [Deploy to Kubernetes](/consul/tutorials/kubernetes-deploy?utm_source=docs) collection. This collection includes configuration caveats for single-node deployments. The Helm chart exposes several useful configurations and automatically @@ -380,7 +380,7 @@ spec: ## Next Steps -If you are still considering a move to Kubernetes, or to Consul on Kubernetes specifically, our [Migrate to Microservices with Consul Service Mesh on Kubernetes](https://learn.hashicorp.com/collections/consul/microservices?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) +If you are still considering a move to Kubernetes, or to Consul on Kubernetes specifically, our [Migrate to Microservices with Consul Service Mesh on Kubernetes](/consul/tutorials/microservices?utm_source=docs) collection uses an example application written by a fictional company to illustrate why and how organizations can migrate from monolith to microservices using Consul service mesh on Kubernetes. The case study in this collection should provide information valuable for understanding how to develop services that leverage Consul during any stage diff --git a/website/content/docs/k8s/installation/multi-cluster/kubernetes.mdx b/website/content/docs/k8s/installation/multi-cluster/kubernetes.mdx index 29f8da341f..61d18cfc4d 100644 --- a/website/content/docs/k8s/installation/multi-cluster/kubernetes.mdx +++ b/website/content/docs/k8s/installation/multi-cluster/kubernetes.mdx @@ -11,7 +11,7 @@ description: >- ~> This topic requires familiarity with [Mesh Gateways](/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters) and [WAN Federation Via Mesh Gateways](/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways). --> Looking for a step-by-step guide? Please follow our Learn tutorial: [Secure and Route Service Mesh Communication Across Kubernetes](https://learn.hashicorp.com/tutorials/consul/kubernetes-mesh-gateways). +-> Looking for a step-by-step guide? Please follow our Learn tutorial: [Secure and Route Service Mesh Communication Across Kubernetes](/consul/tutorials/kubernetes/kubernetes-mesh-gateways?utm_source=docs). This page describes how to federate multiple Kubernetes clusters. See [Multi-Cluster Overview](/docs/k8s/installation/multi-cluster) for more information on use-cases and how it works. @@ -466,11 +466,11 @@ in the top left: ## Next Steps With your Kubernetes clusters federated, try out using Consul service mesh to -route between services deployed on each cluster by following our Learn tutorial: [Secure and Route Service Mesh Communication Across Kubernetes](https://learn.hashicorp.com/tutorials/consul/kubernetes-mesh-gateways#deploy-microservices). +route between services deployed on each cluster by following our Learn tutorial: [Secure and Route Service Mesh Communication Across Kubernetes](/consul/tutorials/kubernetes/kubernetes-mesh-gateways?utm_source=docs#deploy-microservices). You can also read our in-depth documentation on [Consul Service Mesh In Kubernetes](/docs/k8s/connect). -If you are still considering a move to Kubernetes, or to Consul on Kubernetes specifically, our [Migrate to Microservices with Consul Service Mesh on Kubernetes](https://learn.hashicorp.com/collections/consul/microservices?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) +If you are still considering a move to Kubernetes, or to Consul on Kubernetes specifically, our [Migrate to Microservices with Consul Service Mesh on Kubernetes](/consul/tutorials/microservices?utm_source=docs) collection uses an example application written by a fictional company to illustrate why and how organizations can migrate from monolith to microservices using Consul service mesh on Kubernetes. The case study in this collection should provide information valuable for understanding how to develop services that leverage Consul during any stage diff --git a/website/content/docs/k8s/installation/multi-cluster/vms-and-kubernetes.mdx b/website/content/docs/k8s/installation/multi-cluster/vms-and-kubernetes.mdx index 2df99b16b1..3201cc724e 100644 --- a/website/content/docs/k8s/installation/multi-cluster/vms-and-kubernetes.mdx +++ b/website/content/docs/k8s/installation/multi-cluster/vms-and-kubernetes.mdx @@ -144,7 +144,7 @@ acls { ``` -> **NOTE:** You'll also need to set up additional ACL tokens as needed by the -ACL system. See tutorial [Secure Consul with Access Control Lists (ACLs)](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production#apply-individual-tokens-to-agents) +ACL system. See tutorial [Secure Consul with Access Control Lists (ACLs)](/consul/tutorials/security/access-control-setup-production?utm_source=docs#apply-individual-tokens-to-agents) for more information. ### Gossip Encryption Key diff --git a/website/content/docs/k8s/installation/vault/wan-federation.mdx b/website/content/docs/k8s/installation/vault/wan-federation.mdx index 37a13d64ec..6f83a02e02 100644 --- a/website/content/docs/k8s/installation/vault/wan-federation.mdx +++ b/website/content/docs/k8s/installation/vault/wan-federation.mdx @@ -36,7 +36,7 @@ The two data centers will federated using mesh gateways. This communication top In this setup, you will deploy Vault server in the primary datacenter (dc1) Kubernetes cluster, which is also the primary Consul datacenter. You will configure your Vault Helm installation in the secondary datacenter (dc2) Kubernetes cluster to use it as an external server. This way there will be a single vault server cluster that will be used by both Consul datacenters. -~> **Note**: For demonstration purposes, you will deploy a Vault server in dev mode. For production installations, this is not recommended. Please visit the [Vault Deployment Guide](https://learn.hashicorp.com/tutorials/vault/raft-deployment-guide?in=vault/day-one-raft) for guidance on how to install Vault in a production setting. +~> **Note**: For demonstration purposes, you will deploy a Vault server in dev mode. For production installations, this is not recommended. Please visit the [Vault Deployment Guide](/vault/tutorials/raft/raft-deployment-guide?utm_source=docs) for guidance on how to install Vault in a production setting. 1. Change your current Kubernetes context to target the primary datacenter (dc1). diff --git a/website/content/docs/k8s/service-sync.mdx b/website/content/docs/k8s/service-sync.mdx index 5fbabe6b27..8bd5ec27cb 100644 --- a/website/content/docs/k8s/service-sync.mdx +++ b/website/content/docs/k8s/service-sync.mdx @@ -93,7 +93,7 @@ for both in-cluster and out-of-cluster authentication. If `kubectl` works, then the sync program should work. For Consul, if ACLs are configured on the cluster, a Consul -[ACL token](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production) +[ACL token](/consul/tutorials/security/access-control-setup-production?utm_source=docs) will need to be provided. Review the [ACL rules](/docs/security/acl/acl-rules) when creating this token so that it only allows the necessary privileges. The catalog sync process accepts this token by using the [`CONSUL_HTTP_TOKEN`](/commands#consul_http_token) diff --git a/website/content/docs/lambda/registration.mdx b/website/content/docs/lambda/registration.mdx index d7aae00780..4b24bfedc4 100644 --- a/website/content/docs/lambda/registration.mdx +++ b/website/content/docs/lambda/registration.mdx @@ -64,7 +64,7 @@ If you intend to invoke Lambda services through a terminating gateway, the gatew * [Terminating gateways documentation](/docs/connect/gateways#terminating-gateways) * [Terminating gateways on Kubernetes documentation](/docs/k8s/connect/terminating-gateways) -* [Connect External Services to Consul With Terminating Gateways tutorial](https://learn.hashicorp.com/tutorials/consul/terminating-gateways-connect-external-services) +* [Connect External Services to Consul With Terminating Gateways tutorial](/consul/tutorials/developer-mesh/terminating-gateways-connect-external-services?utm_source=docs) To register a Lambda service with a terminating gateway, add the service to the `Services` field of the terminating gateway's `terminating-gateway` @@ -75,8 +75,8 @@ configuration entry. You can set up a mesh gateway so that you can invoke Lambda services across datacenters and admin partitions. The mesh gateway must be running and registered in the relevant Consul datacenters and partitions. Refer to the following documentation and tutorials for instructions on how to set up mesh gateways: * [Mesh gateway documentation](/docs/connect/gateways#mesh-gateways) -* [Connect Services Across Datacenters with Mesh Gateways tutorial](https://learn.hashicorp.com/tutorials/consul/service-mesh-gateways) -* [Secure Service Mesh Communication Across Kubernetes Clusters tutorial](https://learn.hashicorp.com/tutorials/consul/kubernetes-mesh-gateways?in=consul/kubernetes) +* [Connect Services Across Datacenters with Mesh Gateways tutorial](/consul/tutorials/developer-mesh/service-mesh-gateways?utm_source=docs) +* [Secure Service Mesh Communication Across Kubernetes Clusters tutorial](/consul/tutorials/kubernetes/kubernetes-mesh-gateways?utm_source=docs?in=consul/kubernetes) When using admin partitions, you must add Lambda services to the `Services` field of [the `exported-services` configuration @@ -124,7 +124,7 @@ The following diagram shows the flow of events from EventBridge into Consul: #### Optional: Store the CA Certificate in Parameter Store -When Lambda registrator makes a request to Consul's [HTTP API](/api-docs) over HTTPS and the Consul API is signed by a custom CA, Lambda registrator uses the CA certificate stored in AWS Parameter Store (refer to the [Parameter Store documentation](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html) for additional information) to verify the authenticity of the Consul API. You can apply the following Terraform configuration to store Consul’s server CA in Parameter Store: +When Lambda registrator makes a request to Consul's [HTTP API](/api-docs) over HTTPS and the Consul API is signed by a custom CA, Lambda registrator uses the CA certificate stored in AWS Parameter Store (refer to the [Parameter Store documentation](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html) for additional information) to verify the authenticity of the Consul API. You can apply the following Terraform configuration to store Consul's server CA in Parameter Store: ```hcl resource "aws_ssm_parameter" "ca-cert" { @@ -278,6 +278,6 @@ The following tags are supported. In all cases, the `` should be | - | - | | `/enabled` | Determines if Consul configures the service as an AWS Lambda. | | `/payload-passthrough` | Determines if the body Envoy receives is converted to JSON or directly passed to Lambda. | -| `/arn` | Specifies the [AWS ARN](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) for the service’s Lambda. | +| `/arn` | Specifies the [AWS ARN](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) for the service's Lambda. | | `/invocation-mode` | Determines if Consul configures the Lambda to be invoked using the `synchronous` or `asynchronous` [invocation mode](https://docs.aws.amazon.com/lambda/latest/operatorguide/invocation-modes.html). | | `/region` | Specifies the AWS region the Lambda is running in. | diff --git a/website/content/docs/nia/architecture.mdx b/website/content/docs/nia/architecture.mdx index a6712a9733..cfe541b791 100644 --- a/website/content/docs/nia/architecture.mdx +++ b/website/content/docs/nia/architecture.mdx @@ -55,6 +55,6 @@ Each driver includes a set of providers that [enables support](/docs/nia/terrafo ## Security Guidelines -The [Secure Consul-Terraform-Sync for Production](https://learn.hashicorp.com/tutorials/consul/consul-terraform-sync-secure?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) +The [Secure Consul-Terraform-Sync for Production](/consul/tutorials/network-infrastructure-automation/consul-terraform-sync-secure?utm_source=docs) tutorial contains a checklist of best practices to secure your CTS installation for a production environment. diff --git a/website/content/docs/nia/configuration.mdx b/website/content/docs/nia/configuration.mdx index c8ae16e123..8d64f44ea3 100644 --- a/website/content/docs/nia/configuration.mdx +++ b/website/content/docs/nia/configuration.mdx @@ -128,7 +128,7 @@ consul { | `service_registration` | Optional| [service_registration](/docs/nia/configuration#service-registration) | Options for how CTS will register itself as a service with a health check to Consul. || ##### ACL Requirements -The following table describes the ACL policies required by CTS. For more information, refer to the [Secure Consul-Terraform-Sync for Production](https://learn.hashicorp.com/tutorials/consul/consul-terraform-sync-secure?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS#configure-acl-privileges-for-consul-terraform-sync) tutorial. +The following table describes the ACL policies required by CTS. For more information, refer to the [Secure Consul-Terraform-Sync for Production](/consul/tutorials/network-infrastructure-automation/consul-terraform-sync-secure?utm_source=docs#configure-acl-privileges-for-consul-terraform-sync) tutorial. | Policy | Resources | | ------ | --------- | @@ -271,7 +271,7 @@ task { - `source` - (string: required) **Deprecated in CTS 0.5.0 and will be removed in a future major release. See the `module` field instead.** - `module` - (string: required) Module is the location the driver uses to discover the Terraform module used for automation. The module's source can be local or remote on the [Terraform Registry](https://registry.terraform.io/) or private module registry. Read more on [Terraform module source and other supported types here](https://www.terraform.io/docs/modules/sources.html). - - To use a private module with the [`terraform` driver](#terraform-driver), run the command [`terraform login [hostname]`](https://learn.hashicorp.com/tutorials/terraform/cloud-login) to authenticate the local Terraform CLI prior to starting CTS. + - To use a private module with the [`terraform` driver](#terraform-driver), run the command [`terraform login [hostname]`](/terraform/tutorials/cloud/cloud-login?utm_source=docs) to authenticate the local Terraform CLI prior to starting CTS. - To use a private module with the [`terraform_cloud` driver](#terraform-cloud-driver), no extra steps are needed. ```hcl @@ -622,7 +622,7 @@ driver "terraform" { - `backend` - (obj) The backend stores [Terraform state files](https://www.terraform.io/docs/state/index.html) for each task. This option is similar to the [Terraform backend configuration](https://www.terraform.io/docs/configuration/backend.html). CTS supports Terraform backends used as a state store. - Supported backend options: [azurerm](https://www.terraform.io/docs/backends/types/azurerm.html), [consul](https://www.terraform.io/docs/backends/types/consul.html), [cos](https://www.terraform.io/docs/backends/types/cos.html), [gcs](https://www.terraform.io/docs/backends/types/gcs.html), [kubernetes](https://www.terraform.io/docs/backends/types/kubernetes.html), [local](https://www.terraform.io/docs/backends/types/local.html), [manta](https://www.terraform.io/docs/backends/types/manta.html), [pg](https://www.terraform.io/docs/backends/types/pg.html) (Terraform v0.14+), [s3](https://www.terraform.io/docs/backends/types/s3.html). Visit the Terraform documentation links for details on backend configuration options. - - If omitted, CTS will generate default values and use configurations from the [`consul` block](#consul) to configure [Consul as the backend](https://www.terraform.io/docs/backends/types/consul.html), which stores Terraform statefiles in the Consul KV. The [ACL token provided for Consul authentication](#consul) is used to read and write to the KV store and requires [Consul KV privileges](https://learn.hashicorp.com/tutorials/consul/consul-terraform-sync-secure?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS#configure-acl-privileges-for-consul-terraform-sync). The Consul KV path is the base path to store state files for tasks. The full path of each state file will have the task identifier appended to the end of the path, e.g. `consul-terraform-sync/terraform-env:task-name`. + - If omitted, CTS will generate default values and use configurations from the [`consul` block](#consul) to configure [Consul as the backend](https://www.terraform.io/docs/backends/types/consul.html), which stores Terraform statefiles in the Consul KV. The [ACL token provided for Consul authentication](#consul) is used to read and write to the KV store and requires [Consul KV privileges](/consul/tutorials/network-infrastructure-automation/consul-terraform-sync-secure?utm_source=docs#configure-acl-privileges-for-consul-terraform-sync). The Consul KV path is the base path to store state files for tasks. The full path of each state file will have the task identifier appended to the end of the path, e.g. `consul-terraform-sync/terraform-env:task-name`. - The remote enhanced backend is not supported with the Terraform driver to run operations in Terraform Cloud. Use the [Terraform Cloud driver](#terraform-cloud-driver) to integrate CTS with Terraform Cloud for remote workspaces and remote operations. - `log` - (bool) Enable all Terraform output (stderr and stdout) to be included in the CTS log. This is useful for debugging and development purposes. It may be difficult to work with log aggregators that expect uniform log format. - `path` - (string) The file path to install Terraform or discover an existing Terraform binary. If omitted, Terraform will be installed in the same directory as the CTS daemon. To resolve an incompatible Terraform version or to change versions will require removing the existing binary or change to a different path. diff --git a/website/content/docs/nia/enterprise/license.mdx b/website/content/docs/nia/enterprise/license.mdx index 740d52fbc7..ae76849df8 100644 --- a/website/content/docs/nia/enterprise/license.mdx +++ b/website/content/docs/nia/enterprise/license.mdx @@ -53,7 +53,7 @@ If a license needs to be manually set, choose one of the following methods (in o ``` ~> **Note**: the [options to set the license and the order of precedence](/docs/enterprise/license/overview#binaries-without-built-in-licenses) are the same as Consul Enterprise server agents. -Visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?in=consul/enterprise) for detailed steps on how to install the license key. +Visit the [Enterprise License Tutorial](/consul/tutorials/enterprise/hashicorp-enterprise-license?utm_source=docs) for detailed steps on how to install the license key. ### Updating the License Manually To update the license when it expires or is near the expiration date and automatic license retrieval is disabled: diff --git a/website/content/docs/nia/index.mdx b/website/content/docs/nia/index.mdx index 500e562753..6094868266 100644 --- a/website/content/docs/nia/index.mdx +++ b/website/content/docs/nia/index.mdx @@ -11,7 +11,7 @@ Network Infrastructure Automation (NIA) enables dynamic updates to network infra CTS executes one or more automation tasks with the most recent service variable values from the Consul service catalog. Each task consists of a runbook automation written as a CTS compatible Terraform module using resources and data sources for the underlying network infrastructure. The `consul-terraform-sync` daemon runs on the same node as a Consul agent. -CTS is available as an open source and enterprise distribution. Follow the [Network Infrastructure Automation introduction tutorial](https://learn.hashicorp.com/tutorials/consul/consul-terraform-sync-intro?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) to get started with CTS OSS or read more about [CTS Enterprise](/docs/nia/enterprise). +CTS is available as an open source and enterprise distribution. Follow the [Network Infrastructure Automation introduction tutorial](/consul/tutorials/network-infrastructure-automation/consul-terraform-sync-intro?utm_source=docs) to get started with CTS OSS or read more about [CTS Enterprise](/docs/nia/enterprise). ## Use Cases @@ -61,7 +61,7 @@ CTS is available as an open source and enterprise distribution. Follow the [Netw ## Getting Started With Network Infrastructure Automation -The [Network Infrastructure Automation (NIA)](https://learn.hashicorp.com/collections/consul/network-infrastructure-automation?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) +The [Network Infrastructure Automation (NIA)](/consul/tutorials/network-infrastructure-automation?utm_source=docs) collection contains examples on how to configure CTS to perform Network Infrastructure Automation. The collection contains also a tutorial to secure your CTS configuration for a production diff --git a/website/content/docs/nia/installation/install.mdx b/website/content/docs/nia/installation/install.mdx index ea2a3e2f18..4ba377c8b6 100644 --- a/website/content/docs/nia/installation/install.mdx +++ b/website/content/docs/nia/installation/install.mdx @@ -7,7 +7,7 @@ description: >- # Install Consul-Terraform-Sync -Refer to the [introduction](https://learn.hashicorp.com/tutorials/consul/consul-terraform-sync-intro?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) tutorial for details about installing, configuring, and running Consul-Terraform-Sync (CTS) on your local machine with the Terraform driver. +Refer to the [introduction](/consul/tutorials/network-infrastructure-automation/consul-terraform-sync-intro?utm_source=docs) tutorial for details about installing, configuring, and running Consul-Terraform-Sync (CTS) on your local machine with the Terraform driver. ## Install Consul-Terraform-Sync diff --git a/website/content/docs/nia/installation/requirements.mdx b/website/content/docs/nia/installation/requirements.mdx index 17f13ff5eb..48b056828d 100644 --- a/website/content/docs/nia/installation/requirements.mdx +++ b/website/content/docs/nia/installation/requirements.mdx @@ -25,13 +25,13 @@ Below are several steps towards a minimum Consul setup required for running CTS. CTS is a daemon that runs alongside Consul, similar to other Consul ecosystem tools like Consul Template. CTS is not included with the Consul binary and needs to be installed separately. -To install a local Consul agent, refer to the [Getting Started: Install Consul Tutorial](https://learn.hashicorp.com/tutorials/consul/get-started-install). +To install a local Consul agent, refer to the [Getting Started: Install Consul Tutorial](/consul/tutorials/getting-started/get-started-install?utm_source=docs). For information on compatible Consul versions, refer to the [Consul compatibility matrix](/docs/nia/compatibility#consul). ### Run an Agent -The Consul agent must be running in order to dynamically update network devices. To run the local Consul agent, you can run Consul in development mode which can be started with `consul agent -dev` for simplicity. For more details on running Consul agent, refer to the [Getting Started: Run the Consul Agent Tutorial](https://learn.hashicorp.com/tutorials/consul/get-started-agent?in=consul/getting-started). +The Consul agent must be running in order to dynamically update network devices. To run the local Consul agent, you can run Consul in development mode which can be started with `consul agent -dev` for simplicity. For more details on running Consul agent, refer to the [Getting Started: Run the Consul Agent Tutorial](/consul/tutorials/getting-started/get-started-agent?utm_source=docs). When running a Consul agent with CTS in production, we suggest to keep a few considerations in mind. CTS uses [blocking queries](/api-docs/features/blocking) to monitor task dependencies, like changes to registered services. This results in multiple long running TCP connections between CTS and the agent to poll changes for each dependency. Monitoring a high number of services may quickly hit the default Consul agent connection limits. @@ -58,13 +58,13 @@ The above example registers a service named "web" with your Consul agent. This r For more details on registering a service by HTTP API request, refer to the [register service API docs](/api-docs/agent/service#register-service). -For more details on registering a service by loading a service definition, refer to the [Getting Started: Register a Service with Consul Service Discovery Tutorial](https://learn.hashicorp.com/tutorials/consul/get-started-service-discovery?in=consul/getting-started). +For more details on registering a service by loading a service definition, refer to the [Getting Started: Register a Service with Consul Service Discovery Tutorial](/consul/tutorials/getting-started/get-started-service-discovery?utm_source=docs?in=consul/getting-started). ### Run a Cluster The previous steps of installing and running a single Consul agent then registering a single service is sufficient to meaningfully start running CTS. -If you would like to run a Consul cluster rather than a single agent, refer to [Getting Started: Create a Local Consul Datacenter](https://learn.hashicorp.com/tutorials/consul/get-started-create-datacenter?in=consul/getting-started). This will walk you through the steps of running multiple Consul agents and then joining them together into a cluster. +If you would like to run a Consul cluster rather than a single agent, refer to [Getting Started: Create a Local Consul Datacenter](/consul/tutorials/getting-started/get-started-create-datacenter?utm_source=docs). This will walk you through the steps of running multiple Consul agents and then joining them together into a cluster. ## Network Infrastructure (using a Terraform Provider) @@ -76,7 +76,7 @@ To find providers for the infrastructure platforms you use, browse the providers ### How to Create a Provider -If there is no existing Terraform provider, a new Terraform provider can be [created](https://learn.hashicorp.com/tutorials/terraform/provider-setup) and [published](https://www.terraform.io/docs/registry/providers/publishing.html). The provider can then be used within a network integration task by authoring a compatible Terraform module. +If there is no existing Terraform provider, a new Terraform provider can be [created](/terraform/tutorials/providers/provider-setup?utm_source=docs) and [published](https://www.terraform.io/docs/registry/providers/publishing.html). The provider can then be used within a network integration task by authoring a compatible Terraform module. ## Network Integration (using a Terraform Module) diff --git a/website/content/docs/nia/installation/run.mdx b/website/content/docs/nia/installation/run.mdx index d4746eb03d..4e20195e0c 100644 --- a/website/content/docs/nia/installation/run.mdx +++ b/website/content/docs/nia/installation/run.mdx @@ -31,4 +31,4 @@ description: >- CTS allows you to inspect your configuration before applying any change and to run in once mode, meaning that you can verify the changes are correctly applied in a test run before running it in unsupervised daemon mode. -To learn more on these options check the [Consul-Terraform-Sync Run Modes and Status Inspection](https://learn.hashicorp.com/tutorials/consul/consul-terraform-sync-run-and-inspect?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) tutorial. +To learn more on these options check the [Consul-Terraform-Sync Run Modes and Status Inspection](/consul/tutorials/network-infrastructure-automation/consul-terraform-sync-run-and-inspect?utm_source=docs) tutorial. diff --git a/website/content/docs/nia/terraform-modules.mdx b/website/content/docs/nia/terraform-modules.mdx index 136289250e..7c6b5a44a8 100644 --- a/website/content/docs/nia/terraform-modules.mdx +++ b/website/content/docs/nia/terraform-modules.mdx @@ -120,7 +120,7 @@ The services module input operates by monitoring the [Health List Nodes For Serv | `node_tagged_addresses` | List of explicit LAN and WAN IP addresses for the agent | | `node_meta` | List of user-defined metadata key/value pairs for the node | -Below is an example configuration for a task that will execute on a schedule and provide information about the services matching the `regexp` parameter to the task’s module. +Below is an example configuration for a task that will execute on a schedule and provide information about the services matching the `regexp` parameter to the task's module. ```hcl task { @@ -228,7 +228,7 @@ task { ## How to Create a Compatible Terraform Module -You can read more on how to [create a module](https://www.terraform.io/docs/modules/index.html) or work through a [tutorial to build a module](https://learn.hashicorp.com/tutorials/terraform/module-create). CTS is designed to integrate with any module that satisfies the specifications in the following section. +You can read more on how to [create a module](https://www.terraform.io/docs/modules/index.html) or work through a [tutorial to build a module](/terraform/tutorials/modules/module-create?utm_source=docs). CTS is designed to integrate with any module that satisfies the specifications in the following section. The repository [hashicorp/consul-terraform-sync-template-module](https://github.com/hashicorp/consul-terraform-sync-template-module) can be cloned and used as a starting point for structuring a compatible Terraform module. The template repository has the files described in the next steps prepared. diff --git a/website/content/docs/release-notes/consul-api-gateway/v0_1_x.mdx b/website/content/docs/release-notes/consul-api-gateway/v0_1_x.mdx index 357fd7032d..150c7b62b6 100644 --- a/website/content/docs/release-notes/consul-api-gateway/v0_1_x.mdx +++ b/website/content/docs/release-notes/consul-api-gateway/v0_1_x.mdx @@ -41,7 +41,7 @@ This release includes the following features and capabilities: 1. Deploy 1 or more logical API Gateways per Kubernetes cluster 1. Support for HTTP, HTTPS, TCP, and TCP+TLS 1. Support for HTTP versions 1.1 and 2 -1. Load balance across a service’s instances +1. Load balance across a service's instances 1. Listeners load TLS certificates, signed by any CA, from Kubernetes secret storage 1. Route HTTP/S traffic to Services based on matching: - Hostname diff --git a/website/content/docs/release-notes/consul-api-gateway/v0_2_x.mdx b/website/content/docs/release-notes/consul-api-gateway/v0_2_x.mdx index d7f26e5b1c..829ccc3aff 100644 --- a/website/content/docs/release-notes/consul-api-gateway/v0_2_x.mdx +++ b/website/content/docs/release-notes/consul-api-gateway/v0_2_x.mdx @@ -15,7 +15,7 @@ description: >- releases of Consul API Gateway, users could route requests from the API Gateway across various namespaces without providing any sort of explicit permissions. While this meant that any service connected to the service mesh - was reachable, it didn’t allow users to set the more granular restrictions or + was reachable, it didn't allow users to set the more granular restrictions or permissions that they may expect. This version of API Gateway implements Cross Namespace Reference Policies diff --git a/website/content/docs/release-notes/consul/v1_10_x.mdx b/website/content/docs/release-notes/consul/v1_10_x.mdx index e4531dec08..0f3dc28952 100644 --- a/website/content/docs/release-notes/consul/v1_10_x.mdx +++ b/website/content/docs/release-notes/consul/v1_10_x.mdx @@ -15,9 +15,9 @@ description: >- - **Streaming Enabled by Default for Service Health:** Streaming is a major architectural enhancement in how update notifications for blocking queries are delivered within the cluster which significantly reduces CPU and network bandwidth usage for large-scale Consul deployments. In Consul 1.10, streaming is now available for the service health HTTP endpoint and is enabled by default. -- **Redesigned UI and Observability Enhancements:** The Consul UI has been redesigned with a new sidebar layout. Additionally, Kubernetes users now have the ability to deploy Prometheus via the Consul Helm chart which automatically integrates it with Consul’s Service Visualization UI for displaying traffic metrics between services. Lastly, Pod and Envoy metrics can now be exposed to Prometheus using Kubernetes annotations via a single aggregated endpoint. +- **Redesigned UI and Observability Enhancements:** The Consul UI has been redesigned with a new sidebar layout. Additionally, Kubernetes users now have the ability to deploy Prometheus via the Consul Helm chart which automatically integrates it with Consul's Service Visualization UI for displaying traffic metrics between services. Lastly, Pod and Envoy metrics can now be exposed to Prometheus using Kubernetes annotations via a single aggregated endpoint. -- **Deprecation of Legacy ACL System:** In Consul 1.4, we upgraded to a new Access Controls (ACLs) system. This upgrade made improvements in Consul’s ACL system handles the API, Tokens, and Policies. With Consul 1.10, the legacy system is officially deprecated, and will be removed from Consul in a later release. We strongly recommend that users begin the process of migrating to the newer ACL system. +- **Deprecation of Legacy ACL System:** In Consul 1.4, we upgraded to a new Access Controls (ACLs) system. This upgrade made improvements in Consul's ACL system handles the API, Tokens, and Policies. With Consul 1.10, the legacy system is officially deprecated, and will be removed from Consul in a later release. We strongly recommend that users begin the process of migrating to the newer ACL system. ## What's Changed diff --git a/website/content/docs/release-notes/consul/v1_11_x.mdx b/website/content/docs/release-notes/consul/v1_11_x.mdx index eeb468003d..f6522d9cee 100644 --- a/website/content/docs/release-notes/consul/v1_11_x.mdx +++ b/website/content/docs/release-notes/consul/v1_11_x.mdx @@ -21,7 +21,7 @@ description: >- ## What's Changed -- The legacy ACL system that was deprecated in Consul 1.4.0 has been removed. Before upgrading you should verify that all tokens and policies have been migrated to the newer ACL system. See the [Migrate Legacy ACL Tokens Learn Guide](https://learn.hashicorp.com/tutorials/consul/access-control-token-migration) for more information. +- The legacy ACL system that was deprecated in Consul 1.4.0 has been removed. Before upgrading you should verify that all tokens and policies have been migrated to the newer ACL system. See the [Migrate Legacy ACL Tokens Learn Guide](/consul/tutorials/security-operations/access-control-token-migration?utm_source=docs) for more information. - The `agent_master` ACL token has been renamed to `agent_recovery` ACL token. In addition, the `consul acl set-agent-token master` command has been replaced with `consul acl set-agent-token recovery`. See [ACL Agent Recovery Token](/docs/security/acl/acl-tokens#acl-agent-recovery-token) and [Consul ACL Set Agent Token](/commands/acl/set-agent-token) for more information. diff --git a/website/content/docs/release-notes/consul/v1_9_x.mdx b/website/content/docs/release-notes/consul/v1_9_x.mdx index 8f095726d8..dfc0bd0417 100644 --- a/website/content/docs/release-notes/consul/v1_9_x.mdx +++ b/website/content/docs/release-notes/consul/v1_9_x.mdx @@ -9,7 +9,7 @@ description: >- ## Release Highlights -- **Application-Aware Intentions:** A new set of capabilities that extends Consul’s intentions model to support Layer 7 request information. Intentions now provide the ability for operators to construct policies which evaluate application-layer information such as HTTP Path, Headers, or Method – in addition to service identity – when authorizing HTTP-based (HTTP/1.1, HTTP/2, gRPC) service-to-service communication. +- **Application-Aware Intentions:** A new set of capabilities that extends Consul's intentions model to support Layer 7 request information. Intentions now provide the ability for operators to construct policies which evaluate application-layer information such as HTTP Path, Headers, or Method – in addition to service identity – when authorizing HTTP-based (HTTP/1.1, HTTP/2, gRPC) service-to-service communication. - **Service Mesh Visualization:** This addition provides a new topology tab to the Consul UI which displays topology diagrams and key service mesh metrics like request, error rates, and timing metrics. These new features will assist developers and operators in verifying configuration and troubleshooting issues within the service mesh. The UI also supports deep linking into your external metrics dashboards. @@ -17,7 +17,7 @@ description: >- - **Custom Resources for Kubernetes:** Consul now provides a Kubernetes-first experience through CRDs to allow practitioners to easily configure Consul service mesh via Kubernetes-style objects. -- **Deploy Consul in OpenShift:** Enable installing Consul via Helm chart in OpenShift. We’ve now ensured that Consul Kubernetes runs on OpenShift securely by ensuring that Consul runs as non-root and also provided a set of SecurityContextConstraints to deploy Consul securely. +- **Deploy Consul in OpenShift:** Enable installing Consul via Helm chart in OpenShift. We've now ensured that Consul Kubernetes runs on OpenShift securely by ensuring that Consul runs as non-root and also provided a set of SecurityContextConstraints to deploy Consul securely. - Installing Consul on OpenShift should now be as simple as running a Helm install with the `global.openshift.enabled` set to `true`. - **Active Health Checks for Consul on Kubernetes:** Consul service mesh now integrates with Kubernetes Readiness probes. This provides the ability to natively detect health status from Kubernetes via Readiness probe, and is then used for directing service mesh traffic. diff --git a/website/content/docs/security/acl/acl-federated-datacenters.mdx b/website/content/docs/security/acl/acl-federated-datacenters.mdx index 0309452c23..041b40746c 100644 --- a/website/content/docs/security/acl/acl-federated-datacenters.mdx +++ b/website/content/docs/security/acl/acl-federated-datacenters.mdx @@ -234,5 +234,5 @@ Note that client agents have to be restarted for ACL related configuration chang ## Summary After completing the above steps, a federated Consul cluster can be used with ACLs. Refer to -[ACL Replication Guide](https://learn.hashicorp.com/tutorials/consul/access-control-replication-multiple-datacenters?in=consul/security-operations) +[ACL Replication Guide](/consul/tutorials/security-operations/access-control-replication-multiple-datacenters?utm_source=docs?in=consul/security-operations) for more on this topic. diff --git a/website/content/docs/security/acl/acl-legacy.mdx b/website/content/docs/security/acl/acl-legacy.mdx index 051bd2439b..32c92c9069 100644 --- a/website/content/docs/security/acl/acl-legacy.mdx +++ b/website/content/docs/security/acl/acl-legacy.mdx @@ -15,7 +15,7 @@ description: >- ~> **Alert: Deprecation Notice** The ACL system described here was Consul's original ACL implementation. The legacy ACL system was deprecated in Consul 1.4.0 and removed in Consul 1.11.0. -The documentation for the new ACL system can be found [here](/docs/security/acl). For information on how to migrate to the new ACL System, please read the [Migrate Legacy ACL Tokens](https://learn.hashicorp.com/tutorials/consul/access-control-token-migration) tutorial. +The documentation for the new ACL system can be found [here](/docs/security/acl). For information on how to migrate to the new ACL System, please read the [Migrate Legacy ACL Tokens](/consul/tutorials/security-operations/access-control-token-migration?utm_source=docs) tutorial. The legacy documentation has two sections. @@ -981,7 +981,7 @@ prepared query was created, the behavior changes and now the captured ACL Token set by the definer of the query is used when looking up a service. Capturing ACL Tokens is analogous to -[PostgreSQL’s](http://www.postgresql.org/docs/current/static/sql-createfunction.html) +[PostgreSQL's](http://www.postgresql.org/docs/current/static/sql-createfunction.html) `SECURITY DEFINER` attribute which can be set on functions, and using the client's ACL Token is similar to the complementary `SECURITY INVOKER` attribute. diff --git a/website/content/docs/security/acl/acl-policies.mdx b/website/content/docs/security/acl/acl-policies.mdx index 25af824c6d..33e301a2c4 100644 --- a/website/content/docs/security/acl/acl-policies.mdx +++ b/website/content/docs/security/acl/acl-policies.mdx @@ -324,7 +324,7 @@ A policy that has been implemented must still be linked to a token before the po The person responsible for administrating ACLs can use the command line or call the API endpoint to link policies to tokens. Tokens can also be generated dynamically from an external system using Consul's [auth methods](/docs/security/acl/auth-methods) functionality. -Refer to the [tokens documentation](/docs/security/acl/acl-tokens), as well as the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production#create-the-agent-token), for details about creating and linking policies to tokens. +Refer to the [tokens documentation](/docs/security/acl/acl-tokens), as well as the [ACL tutorial](/consul/tutorials/security/access-control-setup-production?utm_source=docs#create-the-agent-token), for details about creating and linking policies to tokens. ## Policy Attributes diff --git a/website/content/docs/security/acl/acl-rules.mdx b/website/content/docs/security/acl/acl-rules.mdx index c836117061..45dda4ccb3 100644 --- a/website/content/docs/security/acl/acl-rules.mdx +++ b/website/content/docs/security/acl/acl-rules.mdx @@ -722,7 +722,7 @@ prepared query was created, the behavior changes and now the captured ACL Token set by the definer of the query is used when looking up a service. Capturing ACL Tokens is analogous to -[PostgreSQL’s](http://www.postgresql.org/docs/current/static/sql-createfunction.html) +[PostgreSQL's](http://www.postgresql.org/docs/current/static/sql-createfunction.html) `SECURITY DEFINER` attribute which can be set on functions, and using the client's ACL Token is similar to the complementary `SECURITY INVOKER` attribute. diff --git a/website/content/docs/security/acl/acl-tokens.mdx b/website/content/docs/security/acl/acl-tokens.mdx index 8c80be719d..38bc72df68 100644 --- a/website/content/docs/security/acl/acl-tokens.mdx +++ b/website/content/docs/security/acl/acl-tokens.mdx @@ -21,7 +21,7 @@ The person responsible for administrating ACLs can use the API or CLI to create Refer to the [ACL API](/api-docs/acl) and [ACL CLI](/commands/acl) documentation for instructions on how to create and link tokens. Tokens can also be created dynamically from trusted external system using an [auth method](/docs/security/acl/auth-methods). -Refer to the [Secure Consul with Access Control Lists (ACLs)](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production?in=consul/security) tutorial for help getting started with creating tokens. The tutorial includes an interactive sandbox so that you can perform the procedures without configuring your local environment. +Refer to the [Secure Consul with Access Control Lists (ACLs)](/consul/tutorials/security/access-control-setup-production?utm_source=docs?in=consul/security) tutorial for help getting started with creating tokens. The tutorial includes an interactive sandbox so that you can perform the procedures without configuring your local environment. ## Passing Tokens @@ -213,7 +213,7 @@ token and links it with the built-in [global management](/docs/security/acl/acl- The bearer will have have unrestricted privileges to resources and APIs. The `SecretID` attribute will be set to the value of the configuration entry. -See the [Bootstrapping ACLs tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production) for guidance on bootstrapping. +See the [Bootstrapping ACLs tutorial](/consul/tutorials/security/access-control-setup-production?utm_source=docs) for guidance on bootstrapping.