luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

fix types and add reference to mesh and auto_config docs

This commit is contained in:
Dhia Ayachi 2021-07-09 10:28:03 -04:00 committed by Daniel Nephin
parent 974f1604bf
commit d826afffe6
1 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docs/service-mesh/ca/README.md
View File

@ -18,17 +18,17 @@ The code for the Certificate Authority is in the following packages:
### High level overview ### High level overview
In Consul the leader is responsible for handling of the CA management. In Consul the leader is responsible for handling the CA management.
When a leader election happen, and the elected leader do not have any root CA available it will start a process of creating a set of CA certificate. When a leader election happen, and the elected leader do not have any root CA available it will start a process of creating a set of CA certificate.
Those certificates will use to authenticate/encrypt communication between services (service mesh) or between `Consul client agent` (auto-encrypt/auto-config). This process is described in the following diagram: Those certificates will be used to authenticate/encrypt communication between services (service mesh) or between `Consul client agent` (auto-encrypt/auto-config). This process is described in the following diagram:
![CA creation](./hl-ca-overview.svg) ![CA creation](./hl-ca-overview.svg)
<sup>[source](./hl-ca-overview.mmd)</sup> <sup>[source](./hl-ca-overview.mmd)</sup>
- high level explanation of what are the features that are involved in CA (mesh/connect, auto encrypt) The features that benefit from Consul CA management are:
- add all the func that are involved in the CA operations - [service Mesh/Connect](https://www.consul.io/docs/connect)
- relationship between the different certs - [auto encrypt](https://www.consul.io/docs/agent/options#auto_encrypt)
### CA and Certificate relationship ### CA and Certificate relationship
@ -43,7 +43,7 @@ secondary.
In most cases there is an external root CA that provides an intermediate CA that Consul In most cases there is an external root CA that provides an intermediate CA that Consul
uses as the Primary Root CA. The only except to this is when the Consul CA Provider is uses as the Primary Root CA. The only except to this is when the Consul CA Provider is
used without specifying a `RootCert`. In this one case Consul will generate the the Root CA used without specifying a `RootCert`. In this one case Consul will generate the Root CA
from the provided primary key, and it will be used in the primary as the top of the chain from the provided primary key, and it will be used in the primary as the top of the chain
of trust. of trust.
@ -93,7 +93,6 @@ Periodic (or background) opeartions are started automatically by the Consul lead
2. (via in-process call to `RPC.ConnectCA.Sign`) - called by auto-encrypt to sign a leaf cert for a client agent 2. (via in-process call to `RPC.ConnectCA.Sign`) - called by auto-encrypt to sign a leaf cert for a client agent
3. called by Auto-Config to sign a leaf cert for a client agent 3. called by Auto-Config to sign a leaf cert for a client agent
### detailed call flow ### detailed call flow
- sequence diagram for leader election - sequence diagram for leader election
- sequence diagram for leaf signing - sequence diagram for leaf signing