Docs and changelog edits
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
This commit is contained in:
parent
c6dbc34172
commit
e6282c7c64
|
@ -1,3 +1,3 @@
|
||||||
```release-note:improvement
|
```release-note:improvement
|
||||||
agent: Envoy now inserts x-forwarded-client-cert for incoming proxy connections
|
xds: Envoy now inserts x-forwarded-client-cert for incoming proxy connections
|
||||||
```
|
```
|
|
@ -44,6 +44,10 @@ type MeshDirectionalTLSConfig struct {
|
||||||
CipherSuites []types.TLSCipherSuite `json:",omitempty" alias:"cipher_suites"`
|
CipherSuites []types.TLSCipherSuite `json:",omitempty" alias:"cipher_suites"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type MeshHTTPConfig struct {
|
||||||
|
SanitizeXForwardedClientCert bool `alias:"sanitize_x_forwarded_client_cert"`
|
||||||
|
}
|
||||||
|
|
||||||
func (e *MeshConfigEntry) GetKind() string {
|
func (e *MeshConfigEntry) GetKind() string {
|
||||||
return MeshConfig
|
return MeshConfig
|
||||||
}
|
}
|
||||||
|
|
|
@ -368,8 +368,9 @@ Note that the Kubernetes example does not include a `partition` field. Configura
|
||||||
name: 'SanitizeXForwardedClientCert',
|
name: 'SanitizeXForwardedClientCert',
|
||||||
yaml: false,
|
yaml: false,
|
||||||
type: 'bool: <optional>',
|
type: 'bool: <optional>',
|
||||||
description: `Set the envoy forwardClientCertDetails to SANITIZE everywhere. Ordinarily Consul will configure Envoy to
|
description: `Set the envoy \`forward_client_cert_details\` option to \`SANITIZE\` for all proxies. This
|
||||||
insert x-forwarded-client-cert headers where appropriate. This returns Consul to the pre 1.12.1 behavior`,
|
configures Envoy to not send the \`x-forwarded-client-cert\` header to the next hop. If
|
||||||
|
unspecified or \`false\`, the XFCC header is propagated to upstream applications.`,
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
|
|
Loading…
Reference in New Issue