From 64957f2d224708bc8018082068ea96dbfd897a47 Mon Sep 17 00:00:00 2001
From: Paul Banks <banks@banksco.de>
Date: Fri, 10 Sep 2021 21:25:09 +0100
Subject: [PATCH] Document how to make namespace wildcard intentions. (#10724)

* Update intentions.mdx

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
---
 website/content/docs/connect/intentions.mdx | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/website/content/docs/connect/intentions.mdx b/website/content/docs/connect/intentions.mdx
index 267953b0d..a6e90523f 100644
--- a/website/content/docs/connect/intentions.mdx
+++ b/website/content/docs/connect/intentions.mdx
@@ -94,8 +94,9 @@ accepted.
 
 ### Wildcard Intentions
 
-An intention source or destination may also be the special wildcard
-value `*`. This matches _any_ value and is used as a catch-all.
+You can use the `*` wildcard when defining an intention source or destination. The wildcard matches _any_ value and can serve as a "catch-all" entry for intentions that should have a wide scope.     
+
+You can use a wildcard to match service names. If you are using Consul Enterprise, you can also use a wildcard to match a namespace.
 
 This example says that the "web" service cannot connect to _any_ service:
 
@@ -123,6 +124,22 @@ Sources = [
 ]
 ```
 
+<EnterpriseAlert inline /> This example grants Prometheus
+access to any service in any namespace.
+
+```hcl
+Kind = "service-intentions"
+Name = "*"
+Namespace = "*"
+Sources = [
+  {
+    Name      = "prometheus"
+    Namespace = "monitoring"
+    Action = "allow"
+  }
+]
+```
+
 ### Enforcement
 
 For services that define their [protocol] as TCP, intentions mediate the