website: clarify that modifying intentions will not kill the conn
This commit is contained in:
Mitchell Hashimoto
Jack Pearkes
parent
bf27d1ada2
commit
9509de1de6
|
|
@ -44,6 +44,11 @@ The intention above is a deny intention with a source of "web" and
|
||||||
destination of "db". This says that connections from web to db are not
|
destination of "db". This says that connections from web to db are not
|
||||||
allowed and the connection will be rejected.
|
allowed and the connection will be rejected.
|
||||||
|
|
||||||
|
When an intention is modified, existing connections will not be affected.
|
||||||
|
This means that changing a connection from "allow" to "deny" today
|
||||||
|
_will not_ kill the connection. Addressing this shortcoming is on
|
||||||
|
the near term roadmap for Consul.
|
||||||
|
|
||||||
### Wildcard Intentions
|
### Wildcard Intentions
|
||||||
|
|
||||||
An intention source or destination may also be the special wildcard
|
An intention source or destination may also be the special wildcard
|
||||||
|
|
|
||||||
|
|
@ -185,6 +185,11 @@ connection again. Intentions allow services to be segmented via a centralized
|
||||||
control plane (Consul). To learn more, read the reference documentation on
|
control plane (Consul). To learn more, read the reference documentation on
|
||||||
[intentions](/docs/connect/intentions.html).
|
[intentions](/docs/connect/intentions.html).
|
||||||
|
|
||||||
|
Note that in the current release of Consul, changing intentions will not
|
||||||
|
affect existing connections. Therefore, you must establish a new connection
|
||||||
|
to see the effects of a changed intention. This will be addressed in the near
|
||||||
|
term in a future version of Consul.
|
||||||
|
|
||||||
## Next Steps
|
## Next Steps
|
||||||
|
|
||||||
We've now configured a service on a single agent and used Connect for
|
We've now configured a service on a single agent and used Connect for
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue