diff --git a/.changelog/14527.txt b/.changelog/14527.txt new file mode 100644 index 000000000..572f533bd --- /dev/null +++ b/.changelog/14527.txt @@ -0,0 +1,3 @@ +```release-note:improvement +ui: Improve guidance around topology visualisation +``` diff --git a/ui/packages/consul-ui/translations/routes/en-us.yaml b/ui/packages/consul-ui/translations/routes/en-us.yaml index d2f5ef0ad..69178bb5e 100644 --- a/ui/packages/consul-ui/translations/routes/en-us.yaml +++ b/ui/packages/consul-ui/translations/routes/en-us.yaml @@ -185,25 +185,25 @@ dc: header: Limited Access body: This service may have dependencies you won’t see because you don’t have access to them. default-allow: - header: Intentions are set to default allow - body: Your Intention settings are currently set to default allow. This means that this view will show connections to every service in your cluster. We recommend changing your Intention settings to default deny and creating specific Intentions for upstream and downstream services for this view to be useful. + header: Restrict which services can connect + body: Your current ACL settings allow all services to connect to each other. Either create a deny intention between all services, or set your default ACL policy to deny to improve your security posture and make this topology view reflect the actual upstreams and downstreams of this service. footer: |

- Edit Intentions + Create a wildcard deny Intention

wildcard-intention: - header: Permissive Intention - body: One or more of your Intentions are set to allow traffic to and/or from all other services in a namespace. This Topology view will show all of those connections if that remains unchanged. We recommend setting more specific Intentions for upstream and downstream services to make this visualization more useful. + header: Restrict which services can connect + body: There is currently a wildcard Intention that allows all services to connect to each other. Change the action of that Intention to deny to improve your security posture and have this topology view reflect the actual upstreams and downstreams of this service. footer: |

- Edit Intentions + Edit wildcard intentions

not-defined-intention: - header: Connections are not explicitly defined - body: There appears to be an Intention allowing traffic, but the services are unable to communicate until that connection is enabled by defining an explicit upstream or proxies are set to 'transparent' mode. + header: Add upstream to allow traffic + body: An Intention was defined that allows traffic between services, but those services are unable to communicate. Define an explicit upstream in the service definition or enable transparent proxy to fix this. footer: |

- Read the documentation + Learn how to add upstreams

no-dependencies: header: No dependencies @@ -213,12 +213,19 @@ dc: Read the documentation

acls-disabled: - header: Enable ACLs - body: This connect-native service may have dependencies, but Consul isn't aware of them when ACLs are disabled. Enable ACLs to make this view more useful. + header: Restrict which services can connect + body: Your current ACL settings allow all services to connect to each other. Either create a deny intention between all services, or enable ACLs and set your default ACL policy to deny to improve your security posture and make this topology view reflect the actual upstreams and downstreams of this service. footer: |

Read the documentation

+ no-intentions: + header: Add Intention to allow traffic + body: There is an upstream registered for this service, but that upstream cannot receive traffic without creating an allow intention. + footer: | +

+ Edit Intentions +

intentions: index: empty: