mirror of https://github.com/status-im/consul.git
fix types and add reference to mesh and auto_config docs
This commit is contained in:
parent
9a7a06f9f8
commit
fa833ac0f8
|
@ -18,17 +18,17 @@ The code for the Certificate Authority is in the following packages:
|
|||
|
||||
### High level overview
|
||||
|
||||
In Consul the leader is responsible for handling of the CA management.
|
||||
In Consul the leader is responsible for handling the CA management.
|
||||
When a leader election happen, and the elected leader do not have any root CA available it will start a process of creating a set of CA certificate.
|
||||
Those certificates will use to authenticate/encrypt communication between services (service mesh) or between `Consul client agent` (auto-encrypt/auto-config). This process is described in the following diagram:
|
||||
Those certificates will be used to authenticate/encrypt communication between services (service mesh) or between `Consul client agent` (auto-encrypt/auto-config). This process is described in the following diagram:
|
||||
|
||||
![CA creation](./hl-ca-overview.svg)
|
||||
|
||||
<sup>[source](./hl-ca-overview.mmd)</sup>
|
||||
|
||||
- high level explanation of what are the features that are involved in CA (mesh/connect, auto encrypt)
|
||||
- add all the func that are involved in the CA operations
|
||||
- relationship between the different certs
|
||||
The features that benefit from Consul CA management are:
|
||||
- [service Mesh/Connect](https://www.consul.io/docs/connect)
|
||||
- [auto encrypt](https://www.consul.io/docs/agent/options#auto_encrypt)
|
||||
|
||||
|
||||
### CA and Certificate relationship
|
||||
|
@ -43,7 +43,7 @@ secondary.
|
|||
|
||||
In most cases there is an external root CA that provides an intermediate CA that Consul
|
||||
uses as the Primary Root CA. The only except to this is when the Consul CA Provider is
|
||||
used without specifying a `RootCert`. In this one case Consul will generate the the Root CA
|
||||
used without specifying a `RootCert`. In this one case Consul will generate the Root CA
|
||||
from the provided primary key, and it will be used in the primary as the top of the chain
|
||||
of trust.
|
||||
|
||||
|
@ -93,7 +93,6 @@ Periodic (or background) opeartions are started automatically by the Consul lead
|
|||
2. (via in-process call to `RPC.ConnectCA.Sign`) - called by auto-encrypt to sign a leaf cert for a client agent
|
||||
3. called by Auto-Config to sign a leaf cert for a client agent
|
||||
|
||||
|
||||
### detailed call flow
|
||||
- sequence diagram for leader election
|
||||
- sequence diagram for leaf signing
|
||||
|
|
Loading…
Reference in New Issue