From 50618d95e2aeffb703c39c4ca9a7fa0c2afa75ac Mon Sep 17 00:00:00 2001
From: Dhia Ayachi <dhia@hashicorp.com>
Date: Thu, 8 Jul 2021 16:07:23 -0400
Subject: [PATCH] add HL diagram on the ca generation sequence

---
 docs/service-mesh/ca/README.md          | 10 ++++--
 docs/service-mesh/ca/hl-ca-overview.mmd | 43 +++++++++++++++++++++++++
 docs/service-mesh/ca/hl-ca-overview.svg |  1 +
 3 files changed, 52 insertions(+), 2 deletions(-)
 create mode 100644 docs/service-mesh/ca/hl-ca-overview.mmd
 create mode 100644 docs/service-mesh/ca/hl-ca-overview.svg

diff --git a/docs/service-mesh/ca/README.md b/docs/service-mesh/ca/README.md
index 7a1292177..a9c7aaa4d 100644
--- a/docs/service-mesh/ca/README.md
+++ b/docs/service-mesh/ca/README.md
@@ -7,8 +7,14 @@ services and client agents (via auto-encrypt and auto-config).
 
 ### High level overview
 
-- we can start with the mind map
-- high level explaination of what are the features that are involved in CA (mesh/connect, auto encrypt)
+In Consul the leader is responsible for handling of the CA management. 
+When a leader election happen, and the elected leader do not have any root CA available it will start a process of creating a set of CA certificate.
+Those certificates will use to authenticate/encrypt communication between services (service mesh) or between `Consul client agent` (auto-encrypt/auto-config). This process is described in the following diagram:
+![CA creation](./hl-ca-overview.svg)
+
+<sup>[source](./hl-ca-overview.mmd)</sup>
+
+- high level explanation of what are the features that are involved in CA (mesh/connect, auto encrypt)
 - add all the func that are involved in the CA operations
 - relationship between the different certs
 
diff --git a/docs/service-mesh/ca/hl-ca-overview.mmd b/docs/service-mesh/ca/hl-ca-overview.mmd
new file mode 100644
index 000000000..952f64b98
--- /dev/null
+++ b/docs/service-mesh/ca/hl-ca-overview.mmd
@@ -0,0 +1,43 @@
+graph TD
+    subgraph "Primary DC"
+        leaderP["Leader"]
+        rootCAI["Root CA "]
+        rootCA["Root CA "]
+        Provider["Consul/AWS providers"]
+        IntermediateProvider["Vault provider"]
+        intermediateCAP["Intermediate CA "]
+        leafP["Leaf certificates"]
+    end
+
+    subgraph "Secondary DC"
+        leaderS["Leader"]
+        intermediateCAS["Intermediate CA"]
+        leafS["Leaf certificates"]
+        ProviderS["Consul/AWS/Vault providers"]
+    end
+
+    consulCAS["Consul client Agents"]
+    servicesS["Mesh services"]
+
+    consulCAP["Consul client Agents"]
+    servicesP["Mesh services"]
+    
+    leaderP -->|use|Provider
+    leaderP-->|use|IntermediateProvider
+    Provider--> |fetch/self sign|rootCA
+    IntermediateProvider --> |fetch/self sign|rootCAI 
+    rootCAI -->|sign| intermediateCAP
+    intermediateCAP -->|sign| leafP
+    rootCA -->|sign| leafP
+
+    leaderS -->|use| ProviderS
+    ProviderS --> |generate csr| intermediateCAS
+    rootCA -->|sign| intermediateCAS
+    rootCAI -->|sign| intermediateCAS
+    intermediateCAS --> |sign| leafS
+
+    leafS -->|auth/encrypt| servicesS
+    leafS -->|auth/encrypt| consulCAS
+    leafP -->|auth/encrypt| servicesP
+    leafP -->|auth/encrypt| consulCAP
+
diff --git a/docs/service-mesh/ca/hl-ca-overview.svg b/docs/service-mesh/ca/hl-ca-overview.svg
new file mode 100644
index 000000000..76a616624
--- /dev/null
+++ b/docs/service-mesh/ca/hl-ca-overview.svg
@@ -0,0 +1 @@
+<svg id="graph-div" width="100%" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" height="725" style="max-width: 795.1953125px;" viewBox="0 0 795.1953125 725"><style>#graph-div{font-family:"trebuchet ms",verdana,arial,sans-serif;font-size:16px;fill:#333;}#graph-div .error-icon{fill:#552222;}#graph-div .error-text{fill:#552222;stroke:#552222;}#graph-div .edge-thickness-normal{stroke-width:2px;}#graph-div .edge-thickness-thick{stroke-width:3.5px;}#graph-div .edge-pattern-solid{stroke-dasharray:0;}#graph-div .edge-pattern-dashed{stroke-dasharray:3;}#graph-div .edge-pattern-dotted{stroke-dasharray:2;}#graph-div .marker{fill:#333333;stroke:#333333;}#graph-div .marker.cross{stroke:#333333;}#graph-div svg{font-family:"trebuchet ms",verdana,arial,sans-serif;font-size:16px;}#graph-div .label{font-family:"trebuchet ms",verdana,arial,sans-serif;color:#333;}#graph-div .cluster-label text{fill:#333;}#graph-div .cluster-label span{color:#333;}#graph-div .label text,#graph-div span{fill:#333;color:#333;}#graph-div .node rect,#graph-div .node circle,#graph-div .node ellipse,#graph-div .node polygon,#graph-div .node path{fill:#ECECFF;stroke:#9370DB;stroke-width:1px;}#graph-div .node .label{text-align:center;}#graph-div .node.clickable{cursor:pointer;}#graph-div .arrowheadPath{fill:#333333;}#graph-div .edgePath .path{stroke:#333333;stroke-width:1.5px;}#graph-div .flowchart-link{stroke:#333333;fill:none;}#graph-div .edgeLabel{background-color:#e8e8e8;text-align:center;}#graph-div .edgeLabel rect{opacity:0.5;background-color:#e8e8e8;fill:#e8e8e8;}#graph-div .cluster rect{fill:#ffffde;stroke:#aaaa33;stroke-width:1px;}#graph-div .cluster text{fill:#333;}#graph-div .cluster span{color:#333;}#graph-div div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:"trebuchet ms",verdana,arial,sans-serif;font-size:12px;background:hsl(80,100%,96.2745098039%);border:1px solid #aaaa33;border-radius:2px;pointer-events:none;z-index:100;}#graph-div .node rect,#graph-div .er.entityBox{fill:rgb(220,71,125);stroke-width:1;stroke:black;}#graph-div .node .label{color:white;}#graph-div .cluster rect{fill:#f0f0f0;stroke-width:1px;stroke:#333;}#graph-div .edgeLabel{background-color:#f0f0f0;}#graph-div .er.entityBox + .er.entityLabel{fill:white;}#graph-div .er.attributeBoxEven,#graph-div .er.attributeBoxOdd{fill:#fff;stroke:#777;}#graph-div:root{--mermaid-font-family:"trebuchet ms",verdana,arial,sans-serif;}</style><g><g class="output"><g class="clusters"><g class="cluster" id="flowchart-subGraph1-73217" transform="translate(181.203125,375)" style="opacity: 1;"><rect width="325.203125" height="448" x="-162.6015625" y="-224"></rect><g class="label" transform="translate(0, -210)" id="graph-divText"><g transform="translate(-48.65625,-12)"><foreignObject width="97.3125" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;">Secondary DC</div></foreignObject></g></g></g><g class="cluster" id="flowchart-subGraph0-73218" transform="translate(575.5,303.5)" style="opacity: 1;"><rect width="423.390625" height="591" x="-211.6953125" y="-295.5"></rect><g class="label" transform="translate(0, -281.5)" id="graph-divText"><g transform="translate(-39.8515625,-12)"><foreignObject width="79.703125" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;">Primary DC</div></foreignObject></g></g></g></g><g class="edgePaths"><g class="edgePath LS-leaderP LE-Provider" id="L-leaderP-Provider" style="opacity: 1;"><path class="path" d="M614.2552966101695,77L622.4731638418078,83.16666666666667C630.6910310734463,89.33333333333333,647.1267655367232,101.66666666666667,655.3446327683615,114C663.5625,126.33333333333333,663.5625,138.66666666666666,663.5625,149C663.5625,159.33333333333334,663.5625,167.66666666666666,663.5625,171.83333333333334L663.5625,176" marker-end="url(#arrowhead67890)" style="fill:none"></path><defs><marker id="arrowhead67890" viewBox="0 0 10 10" refX="9" refY="5" markerUnits="strokeWidth" markerWidth="8" markerHeight="6" orient="auto"><path d="M 0 0 L 10 5 L 0 10 z" class="arrowheadPath" style="stroke-width: 1; stroke-dasharray: 1, 0;"></path></marker></defs></g><g class="edgePath LS-leaderP LE-IntermediateProvider" id="L-leaderP-IntermediateProvider" style="opacity: 1;"><path class="path" d="M550.390625,71.81585562359007L535.9466145833334,78.84654635299172C521.5026041666666,85.87723708239338,492.6145833333333,99.9386185411967,478.1705729166667,113.13597593726502C463.7265625,126.33333333333333,463.7265625,138.66666666666666,463.7265625,149C463.7265625,159.33333333333334,463.7265625,167.66666666666666,463.7265625,171.83333333333334L463.7265625,176" marker-end="url(#arrowhead67891)" style="fill:none"></path><defs><marker id="arrowhead67891" viewBox="0 0 10 10" refX="9" refY="5" markerUnits="strokeWidth" markerWidth="8" markerHeight="6" orient="auto"><path d="M 0 0 L 10 5 L 0 10 z" class="arrowheadPath" style="stroke-width: 1; stroke-dasharray: 1, 0;"></path></marker></defs></g><g class="edgePath LS-Provider LE-rootCA" id="L-Provider-rootCA" style="opacity: 1;"><path class="path" d="M663.5625,220L663.5625,226.16666666666666C663.5625,232.33333333333334,663.5625,244.66666666666666,663.5625,257C663.5625,269.3333333333333,663.5625,281.6666666666667,663.5625,287.8333333333333L663.5625,294" marker-end="url(#arrowhead67892)" style="fill:none"></path><defs><marker id="arrowhead67892" viewBox="0 0 10 10" refX="9" refY="5" markerUnits="strokeWidth" markerWidth="8" markerHeight="6" orient="auto"><path d="M 0 0 L 10 5 L 0 10 z" class="arrowheadPath" style="stroke-width: 1; stroke-dasharray: 1, 0;"></path></marker></defs></g><g class="edgePath LS-IntermediateProvider LE-rootCAI" id="L-IntermediateProvider-rootCAI" style="opacity: 1;"><path class="path" d="M463.7265625,220L463.7265625,226.16666666666666C463.7265625,232.33333333333334,463.7265625,244.66666666666666,463.7265625,257C463.7265625,269.3333333333333,463.7265625,281.6666666666667,463.7265625,287.8333333333333L463.7265625,294" marker-end="url(#arrowhead67893)" style="fill:none"></path><defs><marker id="arrowhead67893" viewBox="0 0 10 10" refX="9" refY="5" markerUnits="strokeWidth" markerWidth="8" markerHeight="6" orient="auto"><path d="M 0 0 L 10 5 L 0 10 z" class="arrowheadPath" style="stroke-width: 1; stroke-dasharray: 1, 0;"></path></marker></defs></g><g class="edgePath LS-rootCAI LE-intermediateCAP" id="L-rootCAI-intermediateCAP" style="opacity: 1;"><path class="path" d="M484.6661811440678,338L490.53561970338984,344.1666666666667C496.4050582627119,350.3333333333333,508.14393538135596,362.6666666666667,514.013373940678,375C519.8828125,387.3333333333333,519.8828125,399.6666666666667,519.8828125,405.8333333333333L519.8828125,412" marker-end="url(#arrowhead67894)" style="fill:none"></path><defs><marker id="arrowhead67894" viewBox="0 0 10 10" refX="9" refY="5" markerUnits="strokeWidth" markerWidth="8" markerHeight="6" orient="auto"><path d="M 0 0 L 10 5 L 0 10 z" class="arrowheadPath" style="stroke-width: 1; stroke-dasharray: 1, 0;"></path></marker></defs></g><g class="edgePath LS-intermediateCAP LE-leafP" id="L-intermediateCAP-leafP" style="opacity: 1;"><path class="path" d="M519.8828125,456L519.8828125,462.1666666666667C519.8828125,468.3333333333333,519.8828125,480.6666666666667,532.5517522951977,493C545.2206920903955,505.3333333333333,570.558571680791,517.6666666666666,583.2275114759888,523.8333333333334L595.8964512711865,530" marker-end="url(#arrowhead67895)" style="fill:none"></path><defs><marker id="arrowhead67895" viewBox="0 0 10 10" refX="9" refY="5" markerUnits="strokeWidth" markerWidth="8" markerHeight="6" orient="auto"><path d="M 0 0 L 10 5 L 0 10 z" class="arrowheadPath" style="stroke-width: 1; stroke-dasharray: 1, 0;"></path></marker></defs></g><g class="edgePath LS-rootCA LE-leafP" id="L-rootCA-leafP" style="opacity: 1;"><path class="path" d="M680.2911811440678,338L684.9802811617232,344.1666666666667C689.6693811793784,350.3333333333333,699.0475812146892,362.6666666666667,703.7366812323447,378.6666666666667C708.42578125,394.6666666666667,708.42578125,414.3333333333333,708.42578125,434C708.42578125,453.6666666666667,708.42578125,473.3333333333333,701.3882525600283,489.3333333333333C694.3507238700564,505.3333333333333,680.2756664901129,517.6666666666666,673.2381378001412,523.8333333333334L666.2006091101695,530" marker-end="url(#arrowhead67896)" style="fill:none"></path><defs><marker id="arrowhead67896" viewBox="0 0 10 10" refX="9" refY="5" markerUnits="strokeWidth" markerWidth="8" markerHeight="6" orient="auto"><path d="M 0 0 L 10 5 L 0 10 z" class="arrowheadPath" style="stroke-width: 1; stroke-dasharray: 1, 0;"></path></marker></defs></g><g class="edgePath LS-leaderS LE-ProviderS" id="L-leaderS-ProviderS" style="opacity: 1;"><path class="path" d="M186.203125,220L186.203125,226.16666666666666C186.203125,232.33333333333334,186.203125,244.66666666666666,186.203125,257C186.203125,269.3333333333333,186.203125,281.6666666666667,186.203125,287.8333333333333L186.203125,294" marker-end="url(#arrowhead67897)" style="fill:none"></path><defs><marker id="arrowhead67897" viewBox="0 0 10 10" refX="9" refY="5" markerUnits="strokeWidth" markerWidth="8" markerHeight="6" orient="auto"><path d="M 0 0 L 10 5 L 0 10 z" class="arrowheadPath" style="stroke-width: 1; stroke-dasharray: 1, 0;"></path></marker></defs></g><g class="edgePath LS-ProviderS LE-intermediateCAS" id="L-ProviderS-intermediateCAS" style="opacity: 1;"><path class="path" d="M186.203125,338L186.203125,344.1666666666667C186.203125,350.3333333333333,186.203125,362.6666666666667,186.203125,375C186.203125,387.3333333333333,186.203125,399.6666666666667,186.203125,405.8333333333333L186.203125,412" marker-end="url(#arrowhead67898)" style="fill:none"></path><defs><marker id="arrowhead67898" viewBox="0 0 10 10" refX="9" refY="5" markerUnits="strokeWidth" markerWidth="8" markerHeight="6" orient="auto"><path d="M 0 0 L 10 5 L 0 10 z" class="arrowheadPath" style="stroke-width: 1; stroke-dasharray: 1, 0;"></path></marker></defs></g><g class="edgePath LS-rootCA LE-intermediateCAS" id="L-rootCA-intermediateCAS" style="opacity: 1;"><path class="path" d="M635.2191472457628,338L627.2744195798023,344.1666666666667C619.3296919138419,350.3333333333333,603.4402365819209,362.6666666666667,540.0443370409604,376.9849173520204C476.6484375,391.30316803737406,365.74609375,407.6063360747482,310.294921875,415.7579200934352L254.84375,423.90950411212225" marker-end="url(#arrowhead67899)" style="fill:none"></path><defs><marker id="arrowhead67899" viewBox="0 0 10 10" refX="9" refY="5" markerUnits="strokeWidth" markerWidth="8" markerHeight="6" orient="auto"><path d="M 0 0 L 10 5 L 0 10 z" class="arrowheadPath" style="stroke-width: 1; stroke-dasharray: 1, 0;"></path></marker></defs></g><g class="edgePath LS-rootCAI LE-intermediateCAS" id="L-rootCAI-intermediateCAS" style="opacity: 1;"><path class="path" d="M450.7252383474576,338L447.080927789548,344.1666666666667C443.4366172316384,350.3333333333333,436.14799611581924,362.6666666666667,403.5010813912429,375.88509336767544C370.8541666666667,389.10352006868425,312.8489583333333,403.2070401373685,283.8463541666667,410.2588001717107L254.84375,417.3105602060528" marker-end="url(#arrowhead67900)" style="fill:none"></path><defs><marker id="arrowhead67900" viewBox="0 0 10 10" refX="9" refY="5" markerUnits="strokeWidth" markerWidth="8" markerHeight="6" orient="auto"><path d="M 0 0 L 10 5 L 0 10 z" class="arrowheadPath" style="stroke-width: 1; stroke-dasharray: 1, 0;"></path></marker></defs></g><g class="edgePath LS-intermediateCAS LE-leafS" id="L-intermediateCAS-leafS" style="opacity: 1;"><path class="path" d="M186.203125,456L186.203125,462.1666666666667C186.203125,468.3333333333333,186.203125,480.6666666666667,186.203125,493C186.203125,505.3333333333333,186.203125,517.6666666666666,186.203125,523.8333333333334L186.203125,530" marker-end="url(#arrowhead67901)" style="fill:none"></path><defs><marker id="arrowhead67901" viewBox="0 0 10 10" refX="9" refY="5" markerUnits="strokeWidth" markerWidth="8" markerHeight="6" orient="auto"><path d="M 0 0 L 10 5 L 0 10 z" class="arrowheadPath" style="stroke-width: 1; stroke-dasharray: 1, 0;"></path></marker></defs></g><g class="edgePath LS-leafS LE-servicesS" id="L-leafS-servicesS" style="opacity: 1;"><path class="path" d="M230.94182180851064,574L239.41505984042553,578.1666666666666C247.88829787234044,582.3333333333334,264.8347739361702,590.6666666666666,273.3080119680851,601C281.78125,611.3333333333334,281.78125,623.6666666666666,281.78125,636C281.78125,648.3333333333334,281.78125,660.6666666666666,281.78125,666.8333333333334L281.78125,673" marker-end="url(#arrowhead67902)" style="fill:none"></path><defs><marker id="arrowhead67902" viewBox="0 0 10 10" refX="9" refY="5" markerUnits="strokeWidth" markerWidth="8" markerHeight="6" orient="auto"><path d="M 0 0 L 10 5 L 0 10 z" class="arrowheadPath" style="stroke-width: 1; stroke-dasharray: 1, 0;"></path></marker></defs></g><g class="edgePath LS-leafS LE-consulCAS" id="L-leafS-consulCAS" style="opacity: 1;"><path class="path" d="M141.46442819148936,574L132.99119015957447,578.1666666666666C124.51795212765957,582.3333333333334,107.57147606382978,590.6666666666666,99.09823803191489,601C90.625,611.3333333333334,90.625,623.6666666666666,90.625,636C90.625,648.3333333333334,90.625,660.6666666666666,90.625,666.8333333333334L90.625,673" marker-end="url(#arrowhead67903)" style="fill:none"></path><defs><marker id="arrowhead67903" viewBox="0 0 10 10" refX="9" refY="5" markerUnits="strokeWidth" markerWidth="8" markerHeight="6" orient="auto"><path d="M 0 0 L 10 5 L 0 10 z" class="arrowheadPath" style="stroke-width: 1; stroke-dasharray: 1, 0;"></path></marker></defs></g><g class="edgePath LS-leafP LE-servicesP" id="L-leafP-servicesP" style="opacity: 1;"><path class="path" d="M675.8655252659574,574L682.4510887632979,578.1666666666666C689.0366522606382,582.3333333333334,702.2077792553191,590.6666666666666,708.7933427526596,601C715.37890625,611.3333333333334,715.37890625,623.6666666666666,715.37890625,636C715.37890625,648.3333333333334,715.37890625,660.6666666666666,715.37890625,666.8333333333334L715.37890625,673" marker-end="url(#arrowhead67904)" style="fill:none"></path><defs><marker id="arrowhead67904" viewBox="0 0 10 10" refX="9" refY="5" markerUnits="strokeWidth" markerWidth="8" markerHeight="6" orient="auto"><path d="M 0 0 L 10 5 L 0 10 z" class="arrowheadPath" style="stroke-width: 1; stroke-dasharray: 1, 0;"></path></marker></defs></g><g class="edgePath LS-leafP LE-consulCAP" id="L-leafP-consulCAP" style="opacity: 1;"><path class="path" d="M575.8068484042553,574L563.4419049202128,578.1666666666666C551.0769614361702,582.3333333333334,526.3470744680851,590.6666666666666,513.9821309840426,601C501.6171875,611.3333333333334,501.6171875,623.6666666666666,501.6171875,636C501.6171875,648.3333333333334,501.6171875,660.6666666666666,501.6171875,666.8333333333334L501.6171875,673" marker-end="url(#arrowhead67905)" style="fill:none"></path><defs><marker id="arrowhead67905" viewBox="0 0 10 10" refX="9" refY="5" markerUnits="strokeWidth" markerWidth="8" markerHeight="6" orient="auto"><path d="M 0 0 L 10 5 L 0 10 z" class="arrowheadPath" style="stroke-width: 1; stroke-dasharray: 1, 0;"></path></marker></defs></g></g><g class="edgeLabels"><g class="edgeLabel" transform="translate(663.5625,114)" style="opacity: 1;"><g transform="translate(-11.9765625,-12)" class="label"><rect rx="0" ry="0" width="23.953125" height="24"></rect><foreignObject width="23.953125" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;"><span id="L-L-leaderP-Provider" class="edgeLabel L-LS-leaderP' L-LE-Provider">use</span></div></foreignObject></g></g><g class="edgeLabel" transform="translate(463.7265625,114)" style="opacity: 1;"><g transform="translate(-11.9765625,-12)" class="label"><rect rx="0" ry="0" width="23.953125" height="24"></rect><foreignObject width="23.953125" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;"><span id="L-L-leaderP-IntermediateProvider" class="edgeLabel L-LS-leaderP' L-LE-IntermediateProvider">use</span></div></foreignObject></g></g><g class="edgeLabel" transform="translate(663.5625,257)" style="opacity: 1;"><g transform="translate(-52.2578125,-12)" class="label"><rect rx="0" ry="0" width="104.515625" height="24"></rect><foreignObject width="104.515625" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;"><span id="L-L-Provider-rootCA" class="edgeLabel L-LS-Provider' L-LE-rootCA">fetch/self sign</span></div></foreignObject></g></g><g class="edgeLabel" transform="translate(463.7265625,257)" style="opacity: 1;"><g transform="translate(-52.2578125,-12)" class="label"><rect rx="0" ry="0" width="104.515625" height="24"></rect><foreignObject width="104.515625" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;"><span id="L-L-IntermediateProvider-rootCAI" class="edgeLabel L-LS-IntermediateProvider' L-LE-rootCAI">fetch/self sign</span></div></foreignObject></g></g><g class="edgeLabel" transform="translate(519.8828125,375)" style="opacity: 1;"><g transform="translate(-13.90625,-12)" class="label"><rect rx="0" ry="0" width="27.8125" height="24"></rect><foreignObject width="27.8125" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;"><span id="L-L-rootCAI-intermediateCAP" class="edgeLabel L-LS-rootCAI' L-LE-intermediateCAP">sign</span></div></foreignObject></g></g><g class="edgeLabel" transform="translate(519.8828125,493)" style="opacity: 1;"><g transform="translate(-13.90625,-12)" class="label"><rect rx="0" ry="0" width="27.8125" height="24"></rect><foreignObject width="27.8125" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;"><span id="L-L-intermediateCAP-leafP" class="edgeLabel L-LS-intermediateCAP' L-LE-leafP">sign</span></div></foreignObject></g></g><g class="edgeLabel" transform="translate(708.42578125,434)" style="opacity: 1;"><g transform="translate(-13.90625,-12)" class="label"><rect rx="0" ry="0" width="27.8125" height="24"></rect><foreignObject width="27.8125" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;"><span id="L-L-rootCA-leafP" class="edgeLabel L-LS-rootCA' L-LE-leafP">sign</span></div></foreignObject></g></g><g class="edgeLabel" transform="translate(186.203125,257)" style="opacity: 1;"><g transform="translate(-11.9765625,-12)" class="label"><rect rx="0" ry="0" width="23.953125" height="24"></rect><foreignObject width="23.953125" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;"><span id="L-L-leaderS-ProviderS" class="edgeLabel L-LS-leaderS' L-LE-ProviderS">use</span></div></foreignObject></g></g><g class="edgeLabel" transform="translate(186.203125,375)" style="opacity: 1;"><g transform="translate(-44.6796875,-12)" class="label"><rect rx="0" ry="0" width="89.359375" height="24"></rect><foreignObject width="89.359375" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;"><span id="L-L-ProviderS-intermediateCAS" class="edgeLabel L-LS-ProviderS' L-LE-intermediateCAS">generate csr</span></div></foreignObject></g></g><g class="edgeLabel" transform="translate(587.55078125,375)" style="opacity: 1;"><g transform="translate(-13.90625,-12)" class="label"><rect rx="0" ry="0" width="27.8125" height="24"></rect><foreignObject width="27.8125" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;"><span id="L-L-rootCA-intermediateCAS" class="edgeLabel L-LS-rootCA' L-LE-intermediateCAS">sign</span></div></foreignObject></g></g><g class="edgeLabel" transform="translate(428.859375,375)" style="opacity: 1;"><g transform="translate(-13.90625,-12)" class="label"><rect rx="0" ry="0" width="27.8125" height="24"></rect><foreignObject width="27.8125" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;"><span id="L-L-rootCAI-intermediateCAS" class="edgeLabel L-LS-rootCAI' L-LE-intermediateCAS">sign</span></div></foreignObject></g></g><g class="edgeLabel" transform="translate(186.203125,493)" style="opacity: 1;"><g transform="translate(-13.90625,-12)" class="label"><rect rx="0" ry="0" width="27.8125" height="24"></rect><foreignObject width="27.8125" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;"><span id="L-L-intermediateCAS-leafS" class="edgeLabel L-LS-intermediateCAS' L-LE-leafS">sign</span></div></foreignObject></g></g><g class="edgeLabel" transform="translate(281.78125,636)" style="opacity: 1;"><g transform="translate(-47.6953125,-12)" class="label"><rect rx="0" ry="0" width="95.390625" height="24"></rect><foreignObject width="95.390625" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;"><span id="L-L-leafS-servicesS" class="edgeLabel L-LS-leafS' L-LE-servicesS">auth/encrypt</span></div></foreignObject></g></g><g class="edgeLabel" transform="translate(90.625,636)" style="opacity: 1;"><g transform="translate(-47.6953125,-12)" class="label"><rect rx="0" ry="0" width="95.390625" height="24"></rect><foreignObject width="95.390625" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;"><span id="L-L-leafS-consulCAS" class="edgeLabel L-LS-leafS' L-LE-consulCAS">auth/encrypt</span></div></foreignObject></g></g><g class="edgeLabel" transform="translate(715.37890625,636)" style="opacity: 1;"><g transform="translate(-47.6953125,-12)" class="label"><rect rx="0" ry="0" width="95.390625" height="24"></rect><foreignObject width="95.390625" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;"><span id="L-L-leafP-servicesP" class="edgeLabel L-LS-leafP' L-LE-servicesP">auth/encrypt</span></div></foreignObject></g></g><g class="edgeLabel" transform="translate(501.6171875,636)" style="opacity: 1;"><g transform="translate(-47.6953125,-12)" class="label"><rect rx="0" ry="0" width="95.390625" height="24"></rect><foreignObject width="95.390625" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;"><span id="L-L-leafP-consulCAP" class="edgeLabel L-LS-leafP' L-LE-consulCAP">auth/encrypt</span></div></foreignObject></g></g></g><g class="nodes"><g class="node default" id="flowchart-leaderS-73177" transform="translate(186.203125,198)" style="opacity: 1;"><rect rx="0" ry="0" x="-34.546875" y="-22" width="69.09375" height="44" class="label-container"></rect><g class="label" transform="translate(0,0)"><g transform="translate(-24.546875,-12)"><foreignObject width="49.09375" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;">Leader</div></foreignObject></g></g></g><g class="node default" id="flowchart-intermediateCAS-73178" transform="translate(186.203125,434)" style="opacity: 1;"><rect rx="0" ry="0" x="-68.640625" y="-22" width="137.28125" height="44" class="label-container"></rect><g class="label" transform="translate(0,0)"><g transform="translate(-58.640625,-12)"><foreignObject width="117.28125" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;">Intermediate CA</div></foreignObject></g></g></g><g class="node default" id="flowchart-leafS-73179" transform="translate(186.203125,552)" style="opacity: 1;"><rect rx="0" ry="0" x="-69.046875" y="-22" width="138.09375" height="44" class="label-container"></rect><g class="label" transform="translate(0,0)"><g transform="translate(-59.046875,-12)"><foreignObject width="118.09375" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;">Leaf certificates</div></foreignObject></g></g></g><g class="node default" id="flowchart-ProviderS-73180" transform="translate(186.203125,316)" style="opacity: 1;"><rect rx="0" ry="0" x="-111.6328125" y="-22" width="223.265625" height="44" class="label-container"></rect><g class="label" transform="translate(0,0)"><g transform="translate(-101.6328125,-12)"><foreignObject width="203.265625" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;">Consul/AWS/Vault providers</div></foreignObject></g></g></g><g class="node default" id="flowchart-leaderP-73170" transform="translate(584.9375,55)" style="opacity: 1;"><rect rx="0" ry="0" x="-34.546875" y="-22" width="69.09375" height="44" class="label-container"></rect><g class="label" transform="translate(0,0)"><g transform="translate(-24.546875,-12)"><foreignObject width="49.09375" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;">Leader</div></foreignObject></g></g></g><g class="node default" id="flowchart-rootCAI-73171" transform="translate(463.7265625,316)" style="opacity: 1;"><rect rx="0" ry="0" x="-38.328125" y="-22" width="76.65625" height="44" class="label-container"></rect><g class="label" transform="translate(0,0)"><g transform="translate(-28.328125,-12)"><foreignObject width="56.65625" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;">Root CA</div></foreignObject></g></g></g><g class="node default" id="flowchart-rootCA-73172" transform="translate(663.5625,316)" style="opacity: 1;"><rect rx="0" ry="0" x="-38.328125" y="-22" width="76.65625" height="44" class="label-container"></rect><g class="label" transform="translate(0,0)"><g transform="translate(-28.328125,-12)"><foreignObject width="56.65625" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;">Root CA</div></foreignObject></g></g></g><g class="node default" id="flowchart-Provider-73173" transform="translate(663.5625,198)" style="opacity: 1;"><rect rx="0" ry="0" x="-88.6328125" y="-22" width="177.265625" height="44" class="label-container"></rect><g class="label" transform="translate(0,0)"><g transform="translate(-78.6328125,-12)"><foreignObject width="157.265625" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;">Consul/AWS providers</div></foreignObject></g></g></g><g class="node default" id="flowchart-IntermediateProvider-73174" transform="translate(463.7265625,198)" style="opacity: 1;"><rect rx="0" ry="0" x="-61.203125" y="-22" width="122.40625" height="44" class="label-container"></rect><g class="label" transform="translate(0,0)"><g transform="translate(-51.203125,-12)"><foreignObject width="102.40625" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;">Vault provider</div></foreignObject></g></g></g><g class="node default" id="flowchart-intermediateCAP-73175" transform="translate(519.8828125,434)" style="opacity: 1;"><rect rx="0" ry="0" x="-68.640625" y="-22" width="137.28125" height="44" class="label-container"></rect><g class="label" transform="translate(0,0)"><g transform="translate(-58.640625,-12)"><foreignObject width="117.28125" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;">Intermediate CA</div></foreignObject></g></g></g><g class="node default" id="flowchart-leafP-73176" transform="translate(641.09375,552)" style="opacity: 1;"><rect rx="0" ry="0" x="-69.046875" y="-22" width="138.09375" height="44" class="label-container"></rect><g class="label" transform="translate(0,0)"><g transform="translate(-59.046875,-12)"><foreignObject width="118.09375" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;">Leaf certificates</div></foreignObject></g></g></g><g class="node default" id="flowchart-consulCAS-73181" transform="translate(90.625,695)" style="opacity: 1;"><rect rx="0" ry="0" x="-82.625" y="-22" width="165.25" height="44" class="label-container"></rect><g class="label" transform="translate(0,0)"><g transform="translate(-72.625,-12)"><foreignObject width="145.25" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;">Consul client Agents</div></foreignObject></g></g></g><g class="node default" id="flowchart-servicesS-73182" transform="translate(281.78125,695)" style="opacity: 1;"><rect rx="0" ry="0" x="-58.53125" y="-22" width="117.0625" height="44" class="label-container"></rect><g class="label" transform="translate(0,0)"><g transform="translate(-48.53125,-12)"><foreignObject width="97.0625" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;">Mesh services</div></foreignObject></g></g></g><g class="node default" id="flowchart-consulCAP-73183" transform="translate(501.6171875,695)" style="opacity: 1;"><rect rx="0" ry="0" x="-82.625" y="-22" width="165.25" height="44" class="label-container"></rect><g class="label" transform="translate(0,0)"><g transform="translate(-72.625,-12)"><foreignObject width="145.25" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;">Consul client Agents</div></foreignObject></g></g></g><g class="node default" id="flowchart-servicesP-73184" transform="translate(715.37890625,695)" style="opacity: 1;"><rect rx="0" ry="0" x="-58.53125" y="-22" width="117.0625" height="44" class="label-container"></rect><g class="label" transform="translate(0,0)"><g transform="translate(-48.53125,-12)"><foreignObject width="97.0625" height="24"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; white-space: nowrap;">Mesh services</div></foreignObject></g></g></g></g></g></g></svg>
\ No newline at end of file