Document how to make namespace wildcard intentions. (#10724)

* Update intentions.mdx * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Blake Covarrubias <blake@covarrubi.as> Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-09-10 21:25:09 +01:00 · 2021-09-10 21:25:09 +01:00 · 64957f2d22
parent 82b30f8020
commit 64957f2d22
1 changed files with 19 additions and 2 deletions
--- a/website/content/docs/connect/intentions.mdx
+++ b/website/content/docs/connect/intentions.mdx
@ -94,8 +94,9 @@ accepted.

 ### Wildcard Intentions

-An intention source or destination may also be the special wildcard
-value `*`. This matches _any_ value and is used as a catch-all.
+You can use the `*` wildcard when defining an intention source or destination. The wildcard matches _any_ value and can serve as a "catch-all" entry for intentions that should have a wide scope.     
+
+You can use a wildcard to match service names. If you are using Consul Enterprise, you can also use a wildcard to match a namespace.

 This example says that the "web" service cannot connect to _any_ service:

@ -123,6 +124,22 @@ Sources = [
 ]
 ```

+<EnterpriseAlert inline /> This example grants Prometheus
+access to any service in any namespace.
+
+```hcl
+Kind = "service-intentions"
+Name = "*"
+Namespace = "*"
+Sources = [
+  {
+    Name      = "prometheus"
+    Namespace = "monitoring"
+    Action = "allow"
+  }
+]
+```
+
 ### Enforcement

 For services that define their [protocol] as TCP, intentions mediate the