* Docs - k8s - Webhook Certs on Vault
* Adding webhook certs to data-integration overview page
* marking items as code
* Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
* Updating prerequisites intro
* Updating prerequisites intro
* Updating `Create a Vault auth roles that link the policy to each Consul on Kubernetes service account that requires access` to `Link the Vault policy to Consul workloads`
* changing `Configure the Vault Kubernetes auth role in the Consul on Kubernetes helm chart` to `Update the Consul on Kubernetes helm chart`.
* Changed `Create a Vault PKI role that establishes the domains that it is allowed to issue certificates for` to `Configure allowed domains for PKI certificates`
* Moved `Create a Vault policy that authorizes the desired level of access to the secret` to the Set up per Consul Datacenter section
* Update website/content/docs/k8s/installation/vault/data-integration/webhook-certs.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
* Moving Overview above Prerequisites. Adding sentence where missing after page title.
* Moving Overview above Prerequisites for webhook certs page.
* fixing the end of the overview section that was not moved.
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
* update docs for single-dc-multi-k8s install
Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Adding documentation for WAN Federation with Vault as a secrets backend
* Reformatting systems integration
* fixing spacing and typos
* Fixing link to createFederactionSecret helm chart value
* More revisions in the Systems Integration section
* Systems Integration - fixing brok shell-session and adding paragraph.
* More formatting in data integration section
* Formatting consul config sections
* Fixing verbiage near helm installations.
* Changing refence to dc1 and dc2 to be primary datacenter(dc1) and secondary dataceneter (dc2)
* Apply suggestions from code review
Co-authored-by: Karl Cardenas <kcardenas@hashicorp.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
* fixing missing s in Kubernetes
* Providing reason in Usage section as to why someone would look at the Systems and Data Integration sections of the vault docs
* fixing highlighted linenumbers that got through off by deleting the comment line at the beginning.
* fixing indentation within order lists
* Add a validation step to the next steps section.
* making the data integration sections for dc1 and dc2 symmetrical
* PR Feedback
* Adding images
* Remove confusing references to Systems Integration and Data Integration pages.
* Updating images to be centered
* Removed confusing reference to federation secret.
Co-authored-by: Karl Cardenas <kcardenas@hashicorp.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
* docs: Updating Gossip EncryptionKey Rotation page with Vault use case
* Adding a note to the vault instructions linking to the gossip key encryption using Vault page.
* Correcting Vault guide for storing the rotated gossip key.
* adding $ to shell sessions where it is missing on the gossip rotation page
* adding $ to more shell sessions where it is missing on the gossip rotation page
* k8s docs - ACLs refactor - Updating terminating gateway documentation to call out updating the role rather than the token with the policy
* Modifying role and policy names based on naming convention change.
The list of supported annotations for Consul service mesh were moved
from /docs/k8s/connect to /docs/k8s/annotations-and-labels in PR
#12323.
This commit updates various across the site to point to the new
URL for these annotations.
* Updating helm docs with additionalVault and ACLs refactor funtionality.
* PR Feedback corrections.
- Fix indentation.
- Fix description of secretName and secretKey to be consistent
- Change description of manageACLsRole to be more clear.
- Make the added vault role field descriptions consistent
* PR Feedback - correcting description for adminPartitionsRole
* Fixing broken shell sessions
* Fixing broken shell sessions by changing shell-session tobecloser tocomment marker
Introduces the capability to configure TLS differently for Consul's
listeners/ports (i.e. HTTPS, gRPC, and the internal multiplexed RPC
port) which is useful in scenarios where you may want the HTTPS or
gRPC interfaces to present a certificate signed by a well-known/public
CA, rather than the certificate used for internal communication which
must have a SAN in the form `server.<dc>.consul`.