github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Backport of Docs/CE-749-remove-references-from-consul into release/1.20.x #21916 (#21917)

Browse Source 
Docs/CE-749-remove-references-from-consul (#21914)

* delete HCP Consul Central references

* Path correction

* missed listing

* Nav update

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
pull/21952/head
Aimee Ukasick 3 weeks ago committed by GitHub
parent 616f9ba019
commit 7f3976be69
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
11 changed files with 7 additions and 299 deletions
Show Stats Download Patch File Download Diff File

5
website/content/api-docs/api-structure.mdx
Unescape View File

@ -159,8 +159,3 @@ UUID-format identifiers generated by the Consul API use the
These UUID-format strings are generated using high quality, purely random bytes.
It is not intended to be RFC compliant, merely to use a well-understood string
representation of a 128-bit value.
## CORS HTTP Response Headers
As of Consul 1.18, Consul adds an HTTP header `Access-Control-Expose-Headers: x-consul-default-acl-policy` to
all responses in order to support linking self-managed Enterprise clusters to HCP Consul Central.

190
website/content/api-docs/hcp-link.mdx
Unescape View File

@ -1,190 +0,0 @@
---
layout: api
page_title: HCP Linking HTTP API
description: The Link resource allows for linking your cluster to HCP Consul Central.
---
# Link HTTP API
-> **1.18.0+:** The Link API is available in Consul versions 1.18.0 and newer.
-> **Note:** This endpoint does not use the `/v1/` prefix.
The `/api/hcp/v2/link/global` endpoint allows you to link your Consul cluster to [HCP Consul Central](/hcp/docs/consul/concepts/consul-central).
## Establish or update link to HCP Consul Central
This endpoint creates or updates a Link, which establishes a connection with HCP Consul Central.
| Method | Path | Produces |
| ------ | ----------------------------- | ------------------ |
| `PUT` | `/api/hcp/v2/link/global` | `application/json` |
The table below shows this endpoint's support for
[blocking queries](/consul/api-docs/features/blocking),
[consistency modes](/consul/api-docs/features/consistency),
[agent caching](/consul/api-docs/features/caching), and
[required ACLs](/consul/api-docs/api-structure#authentication).
| Blocking Queries | Consistency Modes | Agent Caching | ACL Required |
| ---------------- | --------------------- | ------------- | ------------------------------ |
| `NO` | `stale`, `consistent` | `none` | `operator:write`, `acl:write` |
### Link API vs. configuration-based linking
The Link API described here is an alternative method to accomplish the same thing as [configuration-based linking](/consul/docs/agent/config/config-files#self-managed-hcp-parameters). You should generally only choose one method or the other for linking your cluster, not both. If you do use both methods, they interact in the following ways:
* When Consul is started, values set in the `cloud` configuration will take precedence over what was previously set by the API or CLI.
* Clusters can only be unlinked from HCP Consul Central by the API or CLI, regardless of if they were established via configuration, API, or CLI.
### JSON Request Body Schema
- `data` `(object: <required>)`
- `resourceId` `(string: <required>)` - The ID of the HCP Consul Central cluster to link to. Has the format of:
`organization/<orgID>/project/<projectID>/hashicorp.consul.global-network-manager.cluster/<clusterName>`
- `clientId` `(string: <required>)` - The ID used to authenticate to HCP, which is returned as part of the HCP
Consul Central cluster creation. It can also be obtained by fetching the HCP Consul Central cluster secrets.
- `clientSecret` `(string: <required>)` - The secret used to authenticate to HCP, which is returned as part of the
HCP Consul Central cluster creation. It can also be obtained by fetching the HCP Consul Central cluster secrets.
### Sample Payload
```json
{
"data": {
"resourceId": "organization/c0bf7aac-7690-4905-a8aa-889df1510314/project/6e82a47b-79af-4920-ad42-c0f74421ab52/hashicorp.consul.global-network-manager.cluster/my-cluster",
"clientId": "3jz6zk2tlr802htzwquczlxlsrohlpm5",
"clientSecret": "07ywcvaqmg1f8ko9eq4julep2tfglnv4o18rz3py9dik4ywox0ytoscycn39o4vs"
}
}
```
### Sample Request
```shell-session
$ curl --request PUT \
--header "X-Consul-Token: 9cdjse6c-2dia-3720-81fe-5dae3k714a6e" \
--data @payload.json \
http://127.0.0.1:8500/api/hcp/v2/link/global
```
### Sample Response
```json
{
"data": {
"clientId": "3jz6zk2tlr802htzwquczlxlsrohlpm5",
"clientSecret": "07ywcvaqmg1f8ko9eq4julep2tfglnv4o18rz3py9dik4ywox0ytoscycn39o4vs",
"resourceId": "organization/c0bf7aac-7690-4905-a8aa-889df1510314/project/6e82a47b-79af-4920-ad42-c0f74421ab52/hashicorp.consul.global-network-manager.cluster/my-cluster"
},
"generation": "01HMHTHZND8VJDXHHJBKDR4TTA",
"id": {
"name": "global",
"tenancy": {
"peerName": "local"
},
"type": {
"group": "hcp",
"groupVersion": "v2",
"kind": "Link"
},
"uid": "01HMHTHZND8VJDXHHJBGY1KG0F"
},
"version": "60"
}
```
## Read Link
This endpoint reads a Link so you can view information about your cluster's current linking status.
| Method | Path | Produces |
| ------ | ----------------------------- | ------------------ |
| `GET` | `/api/hcp/v2/link/global` | `application/json` |
The table below shows this endpoint's support for
[blocking queries](/consul/api-docs/features/blocking),
[consistency modes](/consul/api-docs/features/consistency),
[agent caching](/consul/api-docs/features/caching), and
[required ACLs](/consul/api-docs/api-structure#authentication).
| Blocking Queries | Consistency Modes | Agent Caching | ACL Required |
| ---------------- | --------------------- | ------------- | ---------------- |
| `NO` | `stale`, `consistent` | `none` | `operator:read` |
### Sample Request
```shell-session
$ curl --header "X-Consul-Token: 5cdcae6c-0cce-4210-86fe-5dff3b984a6e" \
http://127.0.0.1:8500/api/hcp/v2/link/global
```
### Sample Response
```json
{
"data": {
"accessLevel": "ACCESS_LEVEL_GLOBAL_READ_WRITE",
"clientId": "3jz6zk2tlr802htzwquczlxlsrohlpm5",
"clientSecret": "07ywcvaqmg1f8ko9eq4julep2tfglnv4o18rz3py9dik4ywox0ytoscycn39o4vs",
"hcpClusterUrl": "https://portal.cloud.hashicorp.com/services/consul/clusters/self-managed/my-cluster?project_id=6e82a47b-79af-4920-ad42-c0f74421ab52",
"resourceId": "organization/c0bf7aac-7690-4905-a8aa-889df1510314/project/6e82a47b-79af-4920-ad42-c0f74421ab52/hashicorp.consul.global-network-manager.cluster/my-cluster"
},
"generation": "01HMHTF4K5V27T91FMVHGFE87F",
"id": {
"name": "global",
"tenancy": {
"peerName": "local"
},
"type": {
"group": "hcp",
"groupVersion": "v2",
"kind": "Link"
},
"uid": "01HMHS7DJ9FEQH5XK1VD0W0536"
},
"status": {
"consul.io/hcp/link": {
"conditions": [
{
"message": "Successfully linked to cluster 'organization/c0bf7aac-7690-4905-a8aa-889df1510314/project/6e82a47b-79af-4920-ad42-c0f74421ab52/hashicorp.consul.global-network-manager.cluster/my-cluster'",
"reason": "SUCCESS",
"state": "STATE_TRUE",
"type": "linked"
}
],
"observedGeneration": "01HMHS7DN1C417JXJF7DBVS79F",
"updatedAt": "2024-01-19T21:14:59.707744Z"
}
},
"version": "53"
}
```
## Delete Link
This endpoint deletes a Link, which removes the cluster's connection with HCP Consul Central.
| Method | Path | Produces |
| --------- | ----------------------------- | ------------------ |
| `DELETE` | `/api/hcp/v2/link/global` | `application/json` |
The table below shows this endpoint's support for
[blocking queries](/consul/api-docs/features/blocking),
[consistency modes](/consul/api-docs/features/consistency),
[agent caching](/consul/api-docs/features/caching), and
[required ACLs](/consul/api-docs/api-structure#authentication).
| Blocking Queries | Consistency Modes | Agent Caching | ACL Required |
| ---------------- | ---------------------- | ------------- | -------------------------------- |
| `NO` | `stale`, `consistent` | `none` | `operator:write`, `acl:write` |
### Sample Request
```shell-session
$ curl --request DELETE \
--header "X-Consul-Token: 5cdcae6c-0cce-4210-86fe-5dff3b984a6e" \
http://127.0.0.1:8500/api/hcp/v2/link/global
```

1
website/content/api-docs/index.mdx
Unescape View File

@ -49,7 +49,6 @@ The following API endpoints help you manage Consul operations.
- [`/namespace`](/consul/api-docs/namespaces): Create and manage namespaces in Consul. Namespaces isolate groups of resources to lower operational overhead.
- [`/snapshot`](/consul/api-docs/snapshot): Save and restore Consul server state in the event of a disaster.
- [`/txn`](/consul/api-docs/txn): Apply multiple operations, such as updating the catalog and retrieving multiple KV entries, in a single transaction.
- [`/api/hcp/v2/link/global`](/consul/api-docs/hcp-link): Link cluster to [HCP Consul Central](/hcp/docs/consul/concepts/consul-central). HCP Consul Central is a management plane service hosted by HashiCorp that enables you to monitor and manage Consul clusters.
## Configure your services dynamically

7
website/content/docs/connect/cluster-peering/index.mdx
Unescape View File

@ -70,13 +70,6 @@ The following resources are available to help you use Consul's cluster peering f
- [Manage L7 traffic with cluster peering on Kubernetes](/consul/docs/k8s/connect/cluster-peering/usage/l7-traffic)
- [Create sameness groups on Kubernetes](/consul/docs/k8s/connect/cluster-peering/usage/create-sameness-groups)
### HCP Consul Central documentation
- [Cluster peering](/hcp/docs/consul/usage/cluster-peering)
- [Cluster peering topologies](/hcp/docs/consul/usage/cluster-peering/topologies)
- [Establish cluster peering connections on HCP Consul Central](/hcp/docs/consul/usage/cluster-peering/create-connections)
- [Cluster peering with HCP Consul Central](/hcp/docs/extend/cluster-peering/establish)
### Reference documentation
- [Cluster peering technical specifications](/consul/docs/connect/cluster-peering/tech-specs)

2
website/content/docs/connect/cluster-peering/usage/create-sameness-groups.mdx
Unescape View File

@ -43,8 +43,6 @@ Mesh gateways are required for cluster peering connections and recommended to se
You must establish connections with cluster peers before you can create a sameness group that includes them. A cluster peering connection exists between two admin partitions in different datacenters, and each connection between two partitions must be established separately with each peer. Refer to [establish cluster peering connections](/consul/docs/connect/cluster-peering/usage/establish-cluster-peering) for step-by-step instructions.
You can establish and manage cluster peering relationships between all of your self-managed clusters using [HCP Consul Central](/hcp/docs/consul/concepts/consul-central). For more information, refer to [cluster peering global view](/hcp/docs/consul/monitor/consul-central/global-views#cluster-peering) in the HCP documentation.
To establish cluster peering connections and define a group as part of the same workflow, follow instructions up to [Export services between clusters](/consul/docs/connect/cluster-peering/usage/establish-cluster-peering#export-services-between-clusters). You can use the same exported services and service intention configuration entries to establish the cluster peering connection and create the sameness group.
## Create a sameness group

2
website/content/docs/connect/cluster-peering/usage/establish-cluster-peering.mdx
Unescape View File

@ -16,7 +16,7 @@ This page details the process for establishing a cluster peering connection betw
Cluster peering between services cannot be established until all four steps are complete. If you want to establish cluster peering connections and create sameness groups at the same time, refer to the guidance in [create sameness groups](/consul/docs/connect/cluster-peering/usage/create-sameness-groups).
For Kubernetes guidance, refer to [Establish cluster peering connections on Kubernetes](/consul/docs/k8s/connect/cluster-peering/usage/establish-peering). For HCP Consul Central guidance, refer to [Establish cluster peering connections on HCP Consul Central](/hcp/docs/consul/usage/cluster-peering/create-connections).
For Kubernetes guidance, refer to [Establish cluster peering connections on Kubernetes](/consul/docs/k8s/connect/cluster-peering/usage/establish-peering).
## Requirements

2
website/content/docs/connect/dataplane/index.mdx
Unescape View File

@ -121,7 +121,7 @@ Consul Dataplane on Kubernetes supports the following features:
- Running Consul service mesh in AWS Fargate and GKE Autopilot is supported.
- xDS load balancing is supported.
- Servers running in Kubernetes and servers external to Kubernetes are both supported.
- HCP Consul Dedicated and HCP Consul Central are supported.
- HCP Consul Dedicated is supported.
- Consul API Gateway
Consul Dataplane on ECS support the following features:

2
website/content/docs/k8s/connect/cluster-peering/usage/create-sameness-groups.mdx
Unescape View File

@ -43,8 +43,6 @@ Mesh gateways are required for cluster peering connections and recommended to se
You must establish connections with cluster peers before you can create a sameness group that includes them. A cluster peering connection exists between two admin partitions in different datacenters, and each connection between two partitions must be established separately with each peer. Refer to [establish cluster peering connections](/consul/docs/k8s/connect/cluster-peering/usage/establish-peering) for step-by-step instructions.
You can establish and manage cluster peering relationships between all of your self-managed clusters using [HCP Consul Central](/hcp/docs/consul/concepts/consul-central). For more information, refer to [cluster peering global view](/hcp/docs/consul/monitor/consul-central/global-views#cluster-peering) in the HCP documentation.
To establish cluster peering connections and define a group as part of the same workflow, follow instructions up to [Export services between clusters](/consul/docs/k8s/connect/cluster-peering/usage/establish-peering#export-services-between-clusters). You can use the same exported services and service intention configuration entries to establish the cluster peering connection and create the sameness group.
## Create a sameness group

86
website/content/docs/k8s/helm.mdx
Unescape View File

@ -689,58 +689,6 @@ Use these links to navigate to a particular top-level stanza.
- `consulAPITimeout` ((#v-global-consulapitimeout)) (`string: 5s`) - The time in seconds that the consul API client will wait for a response from
the API before cancelling the request.
- `cloud` ((#v-global-cloud)) - Enables installing an HCP Consul Central self-managed cluster.
Requires Consul v1.14+.
- `enabled` ((#v-global-cloud-enabled)) (`boolean: false`) - If true, the Helm chart will link a [self-managed cluster to HCP](/hcp/docs/consul/self-managed).
This can either be used to [configure a new cluster](/hcp/docs/consul/self-managed/new)
or [link an existing one](/hcp/docs/consul/self-managed/existing).
Note: this setting should not be enabled for [HCP Consul Dedicated clusters](/hcp/docs/consul/dedicated).
It is strictly for linking self-managed clusters.
- `resourceId` ((#v-global-cloud-resourceid)) - The resource id of the HCP Consul Central cluster to link to. Eg:
organization/27109cd4-a309-4bf3-9986-e1d071914b18/project/fcef6c24-259d-4510-bb8d-1d812e120e34/hashicorp.consul.global-network-manager.cluster/consul-cluster
This is required when global.cloud.enabled is true.
- `secretName` ((#v-global-cloud-resourceid-secretname)) (`string: null`) - The name of the Kubernetes secret that holds the resource id.
- `secretKey` ((#v-global-cloud-resourceid-secretkey)) (`string: null`) - The key within the Kubernetes secret that holds the resource id.
- `clientId` ((#v-global-cloud-clientid)) - The client id portion of a [service principal](/hcp/docs/hcp/admin/iam/service-principals#service-principals) with authorization to link the cluster
in global.cloud.resourceId to HCP Consul Central.
This is required when global.cloud.enabled is true.
- `secretName` ((#v-global-cloud-clientid-secretname)) (`string: null`) - The name of the Kubernetes secret that holds the client id.
- `secretKey` ((#v-global-cloud-clientid-secretkey)) (`string: null`) - The key within the Kubernetes secret that holds the client id.
- `clientSecret` ((#v-global-cloud-clientsecret)) - The client secret portion of a [service principal](/hcp/docs/hcp/admin/iam/service-principals#service-principals) with authorization to link the cluster
in global.cloud.resourceId to HCP Consul Central.
This is required when global.cloud.enabled is true.
- `secretName` ((#v-global-cloud-clientsecret-secretname)) (`string: null`) - The name of the Kubernetes secret that holds the client secret.
- `secretKey` ((#v-global-cloud-clientsecret-secretkey)) (`string: null`) - The key within the Kubernetes secret that holds the client secret.
- `apiHost` ((#v-global-cloud-apihost)) - The hostname of HCP's API. This setting is used for internal testing and validation.
- `secretName` ((#v-global-cloud-apihost-secretname)) (`string: null`) - The name of the Kubernetes secret that holds the api hostname.
- `secretKey` ((#v-global-cloud-apihost-secretkey)) (`string: null`) - The key within the Kubernetes secret that holds the api hostname.
- `authUrl` ((#v-global-cloud-authurl)) - The URL of HCP's auth API. This setting is used for internal testing and validation.
- `secretName` ((#v-global-cloud-authurl-secretname)) (`string: null`) - The name of the Kubernetes secret that holds the authorization url.
- `secretKey` ((#v-global-cloud-authurl-secretkey)) (`string: null`) - The key within the Kubernetes secret that holds the authorization url.
- `scadaAddress` ((#v-global-cloud-scadaaddress)) - The address of HCP's scada service. This setting is used for internal testing and validation.
- `secretName` ((#v-global-cloud-scadaaddress-secretname)) (`string: null`) - The name of the Kubernetes secret that holds the scada address.
- `secretKey` ((#v-global-cloud-scadaaddress-secretkey)) (`string: null`) - The key within the Kubernetes secret that holds the scada address.
- `extraLabels` ((#v-global-extralabels)) (`map`) - Extra labels to attach to all pods, deployments, daemonsets, statefulsets, and jobs. This should be a YAML map.
Example:
@ -2843,40 +2791,6 @@ Use these links to navigate to a particular top-level stanza.
"sample/annotation2": "bar"
```
- `cloud` ((#v-telemetrycollector-cloud))
- `resourceId` ((#v-telemetrycollector-cloud-resourceid)) - The resource id of the HCP Consul Central cluster to push metrics for. Eg:
`organization/27109cd4-a309-4bf3-9986-e1d071914b18/project/fcef6c24-259d-4510-bb8d-1d812e120e34/hashicorp.consul.global-network-manager.cluster/consul-cluster`
This is used for HCP Consul Central-linked or HCP Consul Dedicated clusters where global.cloud.resourceId is unset. For example, when using externalServers
with HCP Consul Dedicated clusters or HCP Consul Central-linked clusters in a different admin partition.
If global.cloud.resourceId is set, this should either be unset (defaulting to global.cloud.resourceId) or be the same as global.cloud.resourceId.
- `secretName` ((#v-telemetrycollector-cloud-resourceid-secretname)) (`string: null`) - The name of the Kubernetes secret that holds the resource id.
- `secretKey` ((#v-telemetrycollector-cloud-resourceid-secretkey)) (`string: null`) - The key within the Kubernetes secret that holds the resource id.
- `clientId` ((#v-telemetrycollector-cloud-clientid)) - The client id portion of a [service principal](/hcp/docs/hcp/admin/iam/service-principals#service-principals) with authorization to push metrics to HCP
This is set in two scenarios:
- the service principal in global.cloud is unset
- the HCP UI provides a service principal with more narrowly scoped permissions that the service principal used in global.cloud
- `secretName` ((#v-telemetrycollector-cloud-clientid-secretname)) (`string: null`) - The name of the Kubernetes secret that holds the client id.
- `secretKey` ((#v-telemetrycollector-cloud-clientid-secretkey)) (`string: null`) - The key within the Kubernetes secret that holds the client id.
- `clientSecret` ((#v-telemetrycollector-cloud-clientsecret)) - The client secret portion of a [service principal](/hcp/docs/hcp/admin/iam/service-principals#service-principals) with authorization to push metrics to HCP.
This is set in two scenarios:
- the service principal in global.cloud is unset
- the HCP UI provides a service principal with more narrowly scoped permissions that the service principal used in global.cloud
- `secretName` ((#v-telemetrycollector-cloud-clientsecret-secretname)) (`string: null`) - The name of the Kubernetes secret that holds the client secret.
- `secretKey` ((#v-telemetrycollector-cloud-clientsecret-secretkey)) (`string: null`) - The key within the Kubernetes secret that holds the client secret.
- `initContainer` ((#v-telemetrycollector-initcontainer))
- `resources` ((#v-telemetrycollector-initcontainer-resources)) (`map`) - The resource settings for consul-telemetry-collector initContainer.

4
website/data/api-docs-nav-data.json
Unescape View File

@ -135,10 +135,6 @@
"title": "Exported Services",
"path": "exported-services"
},
{
"title": "HCP Consul Central Link",
"path": "hcp-link"
},
{
"title": "Health",
"path": "health"

5
website/redirects.js
Unescape View File

@ -260,4 +260,9 @@ module.exports = [
destination: '/consul/docs/:version/k8s/dns',
permanent: true,
},
{
source: '/consul/api-docs/hcp-link',
destination: '/hcp/docs/consul/concepts/consul-central',
permanent: true,
},
]

Write Preview
Loading…
Cancel
Save