From 7f3976be69305551c5358b7ab14221bd6807f330 Mon Sep 17 00:00:00 2001 From: Aimee Ukasick Date: Tue, 5 Nov 2024 09:30:12 -0600 Subject: [PATCH] Backport of Docs/CE-749-remove-references-from-consul into release/1.20.x #21916 (#21917) Docs/CE-749-remove-references-from-consul (#21914) * delete HCP Consul Central references * Path correction * missed listing * Nav update Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> --- website/content/api-docs/api-structure.mdx | 5 - website/content/api-docs/hcp-link.mdx | 190 ------------------ website/content/api-docs/index.mdx | 1 - .../docs/connect/cluster-peering/index.mdx | 7 - .../usage/create-sameness-groups.mdx | 2 - .../usage/establish-cluster-peering.mdx | 2 +- .../content/docs/connect/dataplane/index.mdx | 2 +- .../usage/create-sameness-groups.mdx | 2 - website/content/docs/k8s/helm.mdx | 86 -------- website/data/api-docs-nav-data.json | 4 - website/redirects.js | 5 + 11 files changed, 7 insertions(+), 299 deletions(-) delete mode 100644 website/content/api-docs/hcp-link.mdx diff --git a/website/content/api-docs/api-structure.mdx b/website/content/api-docs/api-structure.mdx index 32a8a2c17c..edfbcf3258 100644 --- a/website/content/api-docs/api-structure.mdx +++ b/website/content/api-docs/api-structure.mdx @@ -159,8 +159,3 @@ UUID-format identifiers generated by the Consul API use the These UUID-format strings are generated using high quality, purely random bytes. It is not intended to be RFC compliant, merely to use a well-understood string representation of a 128-bit value. - -## CORS HTTP Response Headers - -As of Consul 1.18, Consul adds an HTTP header `Access-Control-Expose-Headers: x-consul-default-acl-policy` to -all responses in order to support linking self-managed Enterprise clusters to HCP Consul Central. diff --git a/website/content/api-docs/hcp-link.mdx b/website/content/api-docs/hcp-link.mdx deleted file mode 100644 index 7f54306691..0000000000 --- a/website/content/api-docs/hcp-link.mdx +++ /dev/null @@ -1,190 +0,0 @@ ---- -layout: api -page_title: HCP Linking HTTP API -description: The Link resource allows for linking your cluster to HCP Consul Central. ---- - -# Link HTTP API - --> **1.18.0+:** The Link API is available in Consul versions 1.18.0 and newer. - --> **Note:** This endpoint does not use the `/v1/` prefix. - -The `/api/hcp/v2/link/global` endpoint allows you to link your Consul cluster to [HCP Consul Central](/hcp/docs/consul/concepts/consul-central). - -## Establish or update link to HCP Consul Central - -This endpoint creates or updates a Link, which establishes a connection with HCP Consul Central. - -| Method | Path | Produces | -| ------ | ----------------------------- | ------------------ | -| `PUT` | `/api/hcp/v2/link/global` | `application/json` | - -The table below shows this endpoint's support for -[blocking queries](/consul/api-docs/features/blocking), -[consistency modes](/consul/api-docs/features/consistency), -[agent caching](/consul/api-docs/features/caching), and -[required ACLs](/consul/api-docs/api-structure#authentication). - -| Blocking Queries | Consistency Modes | Agent Caching | ACL Required | -| ---------------- | --------------------- | ------------- | ------------------------------ | -| `NO` | `stale`, `consistent` | `none` | `operator:write`, `acl:write` | - -### Link API vs. configuration-based linking - -The Link API described here is an alternative method to accomplish the same thing as [configuration-based linking](/consul/docs/agent/config/config-files#self-managed-hcp-parameters). You should generally only choose one method or the other for linking your cluster, not both. If you do use both methods, they interact in the following ways: - -* When Consul is started, values set in the `cloud` configuration will take precedence over what was previously set by the API or CLI. -* Clusters can only be unlinked from HCP Consul Central by the API or CLI, regardless of if they were established via configuration, API, or CLI. - -### JSON Request Body Schema - -- `data` `(object: )` - - - `resourceId` `(string: )` - The ID of the HCP Consul Central cluster to link to. Has the format of: - `organization//project//hashicorp.consul.global-network-manager.cluster/` - - - `clientId` `(string: )` - The ID used to authenticate to HCP, which is returned as part of the HCP - Consul Central cluster creation. It can also be obtained by fetching the HCP Consul Central cluster secrets. - - - `clientSecret` `(string: )` - The secret used to authenticate to HCP, which is returned as part of the - HCP Consul Central cluster creation. It can also be obtained by fetching the HCP Consul Central cluster secrets. - -### Sample Payload - -```json -{ - "data": { - "resourceId": "organization/c0bf7aac-7690-4905-a8aa-889df1510314/project/6e82a47b-79af-4920-ad42-c0f74421ab52/hashicorp.consul.global-network-manager.cluster/my-cluster", - "clientId": "3jz6zk2tlr802htzwquczlxlsrohlpm5", - "clientSecret": "07ywcvaqmg1f8ko9eq4julep2tfglnv4o18rz3py9dik4ywox0ytoscycn39o4vs" - } -} -``` - -### Sample Request - -```shell-session -$ curl --request PUT \ - --header "X-Consul-Token: 9cdjse6c-2dia-3720-81fe-5dae3k714a6e" \ - --data @payload.json \ - http://127.0.0.1:8500/api/hcp/v2/link/global -``` - -### Sample Response - -```json -{ - "data": { - "clientId": "3jz6zk2tlr802htzwquczlxlsrohlpm5", - "clientSecret": "07ywcvaqmg1f8ko9eq4julep2tfglnv4o18rz3py9dik4ywox0ytoscycn39o4vs", - "resourceId": "organization/c0bf7aac-7690-4905-a8aa-889df1510314/project/6e82a47b-79af-4920-ad42-c0f74421ab52/hashicorp.consul.global-network-manager.cluster/my-cluster" - }, - "generation": "01HMHTHZND8VJDXHHJBKDR4TTA", - "id": { - "name": "global", - "tenancy": { - "peerName": "local" - }, - "type": { - "group": "hcp", - "groupVersion": "v2", - "kind": "Link" - }, - "uid": "01HMHTHZND8VJDXHHJBGY1KG0F" - }, - "version": "60" -} -``` - -## Read Link - -This endpoint reads a Link so you can view information about your cluster's current linking status. - -| Method | Path | Produces | -| ------ | ----------------------------- | ------------------ | -| `GET` | `/api/hcp/v2/link/global` | `application/json` | - -The table below shows this endpoint's support for -[blocking queries](/consul/api-docs/features/blocking), -[consistency modes](/consul/api-docs/features/consistency), -[agent caching](/consul/api-docs/features/caching), and -[required ACLs](/consul/api-docs/api-structure#authentication). - -| Blocking Queries | Consistency Modes | Agent Caching | ACL Required | -| ---------------- | --------------------- | ------------- | ---------------- | -| `NO` | `stale`, `consistent` | `none` | `operator:read` | - -### Sample Request - -```shell-session -$ curl --header "X-Consul-Token: 5cdcae6c-0cce-4210-86fe-5dff3b984a6e" \ - http://127.0.0.1:8500/api/hcp/v2/link/global -``` - -### Sample Response -```json -{ - "data": { - "accessLevel": "ACCESS_LEVEL_GLOBAL_READ_WRITE", - "clientId": "3jz6zk2tlr802htzwquczlxlsrohlpm5", - "clientSecret": "07ywcvaqmg1f8ko9eq4julep2tfglnv4o18rz3py9dik4ywox0ytoscycn39o4vs", - "hcpClusterUrl": "https://portal.cloud.hashicorp.com/services/consul/clusters/self-managed/my-cluster?project_id=6e82a47b-79af-4920-ad42-c0f74421ab52", - "resourceId": "organization/c0bf7aac-7690-4905-a8aa-889df1510314/project/6e82a47b-79af-4920-ad42-c0f74421ab52/hashicorp.consul.global-network-manager.cluster/my-cluster" - }, - "generation": "01HMHTF4K5V27T91FMVHGFE87F", - "id": { - "name": "global", - "tenancy": { - "peerName": "local" - }, - "type": { - "group": "hcp", - "groupVersion": "v2", - "kind": "Link" - }, - "uid": "01HMHS7DJ9FEQH5XK1VD0W0536" - }, - "status": { - "consul.io/hcp/link": { - "conditions": [ - { - "message": "Successfully linked to cluster 'organization/c0bf7aac-7690-4905-a8aa-889df1510314/project/6e82a47b-79af-4920-ad42-c0f74421ab52/hashicorp.consul.global-network-manager.cluster/my-cluster'", - "reason": "SUCCESS", - "state": "STATE_TRUE", - "type": "linked" - } - ], - "observedGeneration": "01HMHS7DN1C417JXJF7DBVS79F", - "updatedAt": "2024-01-19T21:14:59.707744Z" - } - }, - "version": "53" -} -``` - -## Delete Link - -This endpoint deletes a Link, which removes the cluster's connection with HCP Consul Central. - -| Method | Path | Produces | -| --------- | ----------------------------- | ------------------ | -| `DELETE` | `/api/hcp/v2/link/global` | `application/json` | - -The table below shows this endpoint's support for -[blocking queries](/consul/api-docs/features/blocking), -[consistency modes](/consul/api-docs/features/consistency), -[agent caching](/consul/api-docs/features/caching), and -[required ACLs](/consul/api-docs/api-structure#authentication). - -| Blocking Queries | Consistency Modes | Agent Caching | ACL Required | -| ---------------- | ---------------------- | ------------- | -------------------------------- | -| `NO` | `stale`, `consistent` | `none` | `operator:write`, `acl:write` | - -### Sample Request - -```shell-session -$ curl --request DELETE \ - --header "X-Consul-Token: 5cdcae6c-0cce-4210-86fe-5dff3b984a6e" \ - http://127.0.0.1:8500/api/hcp/v2/link/global -``` diff --git a/website/content/api-docs/index.mdx b/website/content/api-docs/index.mdx index 1b972e4425..20d0021e30 100644 --- a/website/content/api-docs/index.mdx +++ b/website/content/api-docs/index.mdx @@ -49,7 +49,6 @@ The following API endpoints help you manage Consul operations. - [`/namespace`](/consul/api-docs/namespaces): Create and manage namespaces in Consul. Namespaces isolate groups of resources to lower operational overhead. - [`/snapshot`](/consul/api-docs/snapshot): Save and restore Consul server state in the event of a disaster. - [`/txn`](/consul/api-docs/txn): Apply multiple operations, such as updating the catalog and retrieving multiple KV entries, in a single transaction. -- [`/api/hcp/v2/link/global`](/consul/api-docs/hcp-link): Link cluster to [HCP Consul Central](/hcp/docs/consul/concepts/consul-central). HCP Consul Central is a management plane service hosted by HashiCorp that enables you to monitor and manage Consul clusters. ## Configure your services dynamically diff --git a/website/content/docs/connect/cluster-peering/index.mdx b/website/content/docs/connect/cluster-peering/index.mdx index 2aa5147235..83cc4b97e4 100644 --- a/website/content/docs/connect/cluster-peering/index.mdx +++ b/website/content/docs/connect/cluster-peering/index.mdx @@ -70,13 +70,6 @@ The following resources are available to help you use Consul's cluster peering f - [Manage L7 traffic with cluster peering on Kubernetes](/consul/docs/k8s/connect/cluster-peering/usage/l7-traffic) - [Create sameness groups on Kubernetes](/consul/docs/k8s/connect/cluster-peering/usage/create-sameness-groups) -### HCP Consul Central documentation - -- [Cluster peering](/hcp/docs/consul/usage/cluster-peering) -- [Cluster peering topologies](/hcp/docs/consul/usage/cluster-peering/topologies) -- [Establish cluster peering connections on HCP Consul Central](/hcp/docs/consul/usage/cluster-peering/create-connections) -- [Cluster peering with HCP Consul Central](/hcp/docs/extend/cluster-peering/establish) - ### Reference documentation - [Cluster peering technical specifications](/consul/docs/connect/cluster-peering/tech-specs) diff --git a/website/content/docs/connect/cluster-peering/usage/create-sameness-groups.mdx b/website/content/docs/connect/cluster-peering/usage/create-sameness-groups.mdx index 49b8141777..71537355eb 100644 --- a/website/content/docs/connect/cluster-peering/usage/create-sameness-groups.mdx +++ b/website/content/docs/connect/cluster-peering/usage/create-sameness-groups.mdx @@ -43,8 +43,6 @@ Mesh gateways are required for cluster peering connections and recommended to se You must establish connections with cluster peers before you can create a sameness group that includes them. A cluster peering connection exists between two admin partitions in different datacenters, and each connection between two partitions must be established separately with each peer. Refer to [establish cluster peering connections](/consul/docs/connect/cluster-peering/usage/establish-cluster-peering) for step-by-step instructions. -You can establish and manage cluster peering relationships between all of your self-managed clusters using [HCP Consul Central](/hcp/docs/consul/concepts/consul-central). For more information, refer to [cluster peering global view](/hcp/docs/consul/monitor/consul-central/global-views#cluster-peering) in the HCP documentation. - To establish cluster peering connections and define a group as part of the same workflow, follow instructions up to [Export services between clusters](/consul/docs/connect/cluster-peering/usage/establish-cluster-peering#export-services-between-clusters). You can use the same exported services and service intention configuration entries to establish the cluster peering connection and create the sameness group. ## Create a sameness group diff --git a/website/content/docs/connect/cluster-peering/usage/establish-cluster-peering.mdx b/website/content/docs/connect/cluster-peering/usage/establish-cluster-peering.mdx index 4e0128bb3e..b2ed30f460 100644 --- a/website/content/docs/connect/cluster-peering/usage/establish-cluster-peering.mdx +++ b/website/content/docs/connect/cluster-peering/usage/establish-cluster-peering.mdx @@ -16,7 +16,7 @@ This page details the process for establishing a cluster peering connection betw Cluster peering between services cannot be established until all four steps are complete. If you want to establish cluster peering connections and create sameness groups at the same time, refer to the guidance in [create sameness groups](/consul/docs/connect/cluster-peering/usage/create-sameness-groups). -For Kubernetes guidance, refer to [Establish cluster peering connections on Kubernetes](/consul/docs/k8s/connect/cluster-peering/usage/establish-peering). For HCP Consul Central guidance, refer to [Establish cluster peering connections on HCP Consul Central](/hcp/docs/consul/usage/cluster-peering/create-connections). +For Kubernetes guidance, refer to [Establish cluster peering connections on Kubernetes](/consul/docs/k8s/connect/cluster-peering/usage/establish-peering). ## Requirements diff --git a/website/content/docs/connect/dataplane/index.mdx b/website/content/docs/connect/dataplane/index.mdx index 30996e3476..2f16014cac 100644 --- a/website/content/docs/connect/dataplane/index.mdx +++ b/website/content/docs/connect/dataplane/index.mdx @@ -121,7 +121,7 @@ Consul Dataplane on Kubernetes supports the following features: - Running Consul service mesh in AWS Fargate and GKE Autopilot is supported. - xDS load balancing is supported. - Servers running in Kubernetes and servers external to Kubernetes are both supported. -- HCP Consul Dedicated and HCP Consul Central are supported. +- HCP Consul Dedicated is supported. - Consul API Gateway Consul Dataplane on ECS support the following features: diff --git a/website/content/docs/k8s/connect/cluster-peering/usage/create-sameness-groups.mdx b/website/content/docs/k8s/connect/cluster-peering/usage/create-sameness-groups.mdx index 0b3f1d43c2..2674805e16 100644 --- a/website/content/docs/k8s/connect/cluster-peering/usage/create-sameness-groups.mdx +++ b/website/content/docs/k8s/connect/cluster-peering/usage/create-sameness-groups.mdx @@ -43,8 +43,6 @@ Mesh gateways are required for cluster peering connections and recommended to se You must establish connections with cluster peers before you can create a sameness group that includes them. A cluster peering connection exists between two admin partitions in different datacenters, and each connection between two partitions must be established separately with each peer. Refer to [establish cluster peering connections](/consul/docs/k8s/connect/cluster-peering/usage/establish-peering) for step-by-step instructions. -You can establish and manage cluster peering relationships between all of your self-managed clusters using [HCP Consul Central](/hcp/docs/consul/concepts/consul-central). For more information, refer to [cluster peering global view](/hcp/docs/consul/monitor/consul-central/global-views#cluster-peering) in the HCP documentation. - To establish cluster peering connections and define a group as part of the same workflow, follow instructions up to [Export services between clusters](/consul/docs/k8s/connect/cluster-peering/usage/establish-peering#export-services-between-clusters). You can use the same exported services and service intention configuration entries to establish the cluster peering connection and create the sameness group. ## Create a sameness group diff --git a/website/content/docs/k8s/helm.mdx b/website/content/docs/k8s/helm.mdx index 42635dc2ca..9315109464 100644 --- a/website/content/docs/k8s/helm.mdx +++ b/website/content/docs/k8s/helm.mdx @@ -689,58 +689,6 @@ Use these links to navigate to a particular top-level stanza. - `consulAPITimeout` ((#v-global-consulapitimeout)) (`string: 5s`) - The time in seconds that the consul API client will wait for a response from the API before cancelling the request. - - `cloud` ((#v-global-cloud)) - Enables installing an HCP Consul Central self-managed cluster. - Requires Consul v1.14+. - - - `enabled` ((#v-global-cloud-enabled)) (`boolean: false`) - If true, the Helm chart will link a [self-managed cluster to HCP](/hcp/docs/consul/self-managed). - This can either be used to [configure a new cluster](/hcp/docs/consul/self-managed/new) - or [link an existing one](/hcp/docs/consul/self-managed/existing). - - Note: this setting should not be enabled for [HCP Consul Dedicated clusters](/hcp/docs/consul/dedicated). - It is strictly for linking self-managed clusters. - - - `resourceId` ((#v-global-cloud-resourceid)) - The resource id of the HCP Consul Central cluster to link to. Eg: - organization/27109cd4-a309-4bf3-9986-e1d071914b18/project/fcef6c24-259d-4510-bb8d-1d812e120e34/hashicorp.consul.global-network-manager.cluster/consul-cluster - This is required when global.cloud.enabled is true. - - - `secretName` ((#v-global-cloud-resourceid-secretname)) (`string: null`) - The name of the Kubernetes secret that holds the resource id. - - - `secretKey` ((#v-global-cloud-resourceid-secretkey)) (`string: null`) - The key within the Kubernetes secret that holds the resource id. - - - `clientId` ((#v-global-cloud-clientid)) - The client id portion of a [service principal](/hcp/docs/hcp/admin/iam/service-principals#service-principals) with authorization to link the cluster - in global.cloud.resourceId to HCP Consul Central. - This is required when global.cloud.enabled is true. - - - `secretName` ((#v-global-cloud-clientid-secretname)) (`string: null`) - The name of the Kubernetes secret that holds the client id. - - - `secretKey` ((#v-global-cloud-clientid-secretkey)) (`string: null`) - The key within the Kubernetes secret that holds the client id. - - - `clientSecret` ((#v-global-cloud-clientsecret)) - The client secret portion of a [service principal](/hcp/docs/hcp/admin/iam/service-principals#service-principals) with authorization to link the cluster - in global.cloud.resourceId to HCP Consul Central. - This is required when global.cloud.enabled is true. - - - `secretName` ((#v-global-cloud-clientsecret-secretname)) (`string: null`) - The name of the Kubernetes secret that holds the client secret. - - - `secretKey` ((#v-global-cloud-clientsecret-secretkey)) (`string: null`) - The key within the Kubernetes secret that holds the client secret. - - - `apiHost` ((#v-global-cloud-apihost)) - The hostname of HCP's API. This setting is used for internal testing and validation. - - - `secretName` ((#v-global-cloud-apihost-secretname)) (`string: null`) - The name of the Kubernetes secret that holds the api hostname. - - - `secretKey` ((#v-global-cloud-apihost-secretkey)) (`string: null`) - The key within the Kubernetes secret that holds the api hostname. - - - `authUrl` ((#v-global-cloud-authurl)) - The URL of HCP's auth API. This setting is used for internal testing and validation. - - - `secretName` ((#v-global-cloud-authurl-secretname)) (`string: null`) - The name of the Kubernetes secret that holds the authorization url. - - - `secretKey` ((#v-global-cloud-authurl-secretkey)) (`string: null`) - The key within the Kubernetes secret that holds the authorization url. - - - `scadaAddress` ((#v-global-cloud-scadaaddress)) - The address of HCP's scada service. This setting is used for internal testing and validation. - - - `secretName` ((#v-global-cloud-scadaaddress-secretname)) (`string: null`) - The name of the Kubernetes secret that holds the scada address. - - - `secretKey` ((#v-global-cloud-scadaaddress-secretkey)) (`string: null`) - The key within the Kubernetes secret that holds the scada address. - - `extraLabels` ((#v-global-extralabels)) (`map`) - Extra labels to attach to all pods, deployments, daemonsets, statefulsets, and jobs. This should be a YAML map. Example: @@ -2843,40 +2791,6 @@ Use these links to navigate to a particular top-level stanza. "sample/annotation2": "bar" ``` - - `cloud` ((#v-telemetrycollector-cloud)) - - - `resourceId` ((#v-telemetrycollector-cloud-resourceid)) - The resource id of the HCP Consul Central cluster to push metrics for. Eg: - `organization/27109cd4-a309-4bf3-9986-e1d071914b18/project/fcef6c24-259d-4510-bb8d-1d812e120e34/hashicorp.consul.global-network-manager.cluster/consul-cluster` - - This is used for HCP Consul Central-linked or HCP Consul Dedicated clusters where global.cloud.resourceId is unset. For example, when using externalServers - with HCP Consul Dedicated clusters or HCP Consul Central-linked clusters in a different admin partition. - - If global.cloud.resourceId is set, this should either be unset (defaulting to global.cloud.resourceId) or be the same as global.cloud.resourceId. - - - `secretName` ((#v-telemetrycollector-cloud-resourceid-secretname)) (`string: null`) - The name of the Kubernetes secret that holds the resource id. - - - `secretKey` ((#v-telemetrycollector-cloud-resourceid-secretkey)) (`string: null`) - The key within the Kubernetes secret that holds the resource id. - - - `clientId` ((#v-telemetrycollector-cloud-clientid)) - The client id portion of a [service principal](/hcp/docs/hcp/admin/iam/service-principals#service-principals) with authorization to push metrics to HCP - - This is set in two scenarios: - - the service principal in global.cloud is unset - - the HCP UI provides a service principal with more narrowly scoped permissions that the service principal used in global.cloud - - - `secretName` ((#v-telemetrycollector-cloud-clientid-secretname)) (`string: null`) - The name of the Kubernetes secret that holds the client id. - - - `secretKey` ((#v-telemetrycollector-cloud-clientid-secretkey)) (`string: null`) - The key within the Kubernetes secret that holds the client id. - - - `clientSecret` ((#v-telemetrycollector-cloud-clientsecret)) - The client secret portion of a [service principal](/hcp/docs/hcp/admin/iam/service-principals#service-principals) with authorization to push metrics to HCP. - - This is set in two scenarios: - - the service principal in global.cloud is unset - - the HCP UI provides a service principal with more narrowly scoped permissions that the service principal used in global.cloud - - - `secretName` ((#v-telemetrycollector-cloud-clientsecret-secretname)) (`string: null`) - The name of the Kubernetes secret that holds the client secret. - - - `secretKey` ((#v-telemetrycollector-cloud-clientsecret-secretkey)) (`string: null`) - The key within the Kubernetes secret that holds the client secret. - - `initContainer` ((#v-telemetrycollector-initcontainer)) - `resources` ((#v-telemetrycollector-initcontainer-resources)) (`map`) - The resource settings for consul-telemetry-collector initContainer. diff --git a/website/data/api-docs-nav-data.json b/website/data/api-docs-nav-data.json index 9f86aa6e9b..d553573105 100644 --- a/website/data/api-docs-nav-data.json +++ b/website/data/api-docs-nav-data.json @@ -135,10 +135,6 @@ "title": "Exported Services", "path": "exported-services" }, - { - "title": "HCP Consul Central Link", - "path": "hcp-link" - }, { "title": "Health", "path": "health" diff --git a/website/redirects.js b/website/redirects.js index 826ef82fe3..6846552841 100644 --- a/website/redirects.js +++ b/website/redirects.js @@ -260,4 +260,9 @@ module.exports = [ destination: '/consul/docs/:version/k8s/dns', permanent: true, }, + { + source: '/consul/api-docs/hcp-link', + destination: '/hcp/docs/consul/concepts/consul-central', + permanent: true, + }, ]