diff --git a/website/content/docs/agent/config-entries.mdx b/website/content/docs/agent/config-entries.mdx index 09098e96cca4..358b656681fe 100644 --- a/website/content/docs/agent/config-entries.mdx +++ b/website/content/docs/agent/config-entries.mdx @@ -1,12 +1,11 @@ --- layout: docs -page_title: Configuration Entries +page_title: How to Use Configuration Entries description: >- - Consul allows storing configuration entries centrally to be used as defaults - for configuring other aspects of Consul. +Configuration entries define the behavior of Consul service mesh components. Learn how to use the `consul config` command to create, manage, and delete configuration entries. --- -# Configuration Entries +# How to Use Configuration Entries Configuration entries can be created to provide cluster-wide defaults for various aspects of Consul. diff --git a/website/content/docs/agent/config/cli-flags.mdx b/website/content/docs/agent/config/cli-flags.mdx index b85787fc838c..c29b93fd503c 100644 --- a/website/content/docs/agent/config/cli-flags.mdx +++ b/website/content/docs/agent/config/cli-flags.mdx @@ -1,11 +1,11 @@ --- layout: docs -page_title: Consul Agent CLI Reference +page_title: Agents: CLI Reference description: >- - This topic describes the supported options for configuring Consul agents on the command line. +Add flags to the `consul agent` command to configure agent properties and actions from the CLI. Learn about configurable options and how to format them with examples. --- -# Command-line Options ((#commandline_options)) +# Agents Command-line Reference ((#commandline_options)) -> **Note:** Some CLI arguments may be different from HCL keys. See [Configuration Key Reference](/docs/agent/config/config-files#config_key_reference) for equivalent HCL Keys. diff --git a/website/content/docs/agent/config/config-files.mdx b/website/content/docs/agent/config/config-files.mdx index 91684c1071a9..6af3c479be56 100644 --- a/website/content/docs/agent/config/config-files.mdx +++ b/website/content/docs/agent/config/config-files.mdx @@ -1,11 +1,11 @@ --- layout: docs -page_title: Consul Agent Configuration Reference +page_title: Agents: Configuration File Reference description: >- - This topic describes the supported parameters for configuring Consul agents in HCL and JSON configuration files. +Use agent configuration files to assign attributes to agents and configure multiple agents at once. Learn about agent configuration file parameters and formatting with this reference page and sample code. --- -# Configuration Files ((#configuration_files)) +# Agents Configuration File Reference ((#configuration_files)) You can create one or more files to configure the Consul agent on startup. We recommend grouping similar configurations into separate files, such as ACL parameters, to make it diff --git a/website/content/docs/agent/config/index.mdx b/website/content/docs/agent/config/index.mdx index 1c6716a373cd..e1832d7bbf32 100644 --- a/website/content/docs/agent/config/index.mdx +++ b/website/content/docs/agent/config/index.mdx @@ -1,13 +1,11 @@ --- layout: docs -page_title: Configuration +page_title: Agents: Configuration Explained description: >- - The agent has various configuration options that can be specified via the - command-line or via configuration files. All of the configuration options are - completely optional. Defaults are specified with their descriptions. +Agent configuration is the process of defining server and client agent properties with CLI flags and configuration files. Learn what properties can be configured on reload and how Consul sets precedence for configuration settings. --- -# Configuration +# Agent Configuration The agent has various configuration options that can be specified via the command-line or via configuration files. All of the configuration diff --git a/website/content/docs/agent/index.mdx b/website/content/docs/agent/index.mdx index 6d466a23f848..4f71c78c88bb 100644 --- a/website/content/docs/agent/index.mdx +++ b/website/content/docs/agent/index.mdx @@ -1,13 +1,11 @@ --- layout: docs -page_title: Agent +page_title: Agents Overview description: >- - The Consul agent is the core process of Consul. The agent maintains membership - information, registers services, runs checks, responds to queries, and more. - The agent must run on every node that is part of a Consul cluster. +Agents maintain register services, respond to queries, maintain datacenter membership information, and make most of Consul’s functions possible. Learn how to start, stop, and configure agents, as well as their requirements and lifecycle. --- -# Consul Agent +# Agents Overview This topic provides an overview of the Consul agent, which is the core process of Consul. The agent maintains membership information, registers services, runs checks, responds to queries, and more. diff --git a/website/content/docs/agent/rpc.mdx b/website/content/docs/agent/rpc.mdx index 4e7fc7c5d881..1bc2372dd7c8 100644 --- a/website/content/docs/agent/rpc.mdx +++ b/website/content/docs/agent/rpc.mdx @@ -1,11 +1,8 @@ --- layout: docs -page_title: RPC +page_title: Legacy RPC Protocol description: >- - The Consul agent provides a complete RPC mechanism that can be used to control - the agent programmatically. This RPC mechanism is the same one used by the CLI - but can be used by other applications to easily leverage the power of Consul - without directly embedding. +Consul agents originally could be controlled through the RPC protocol. This feature was deprecated in version 0.8 in favor of the HTTP API. Learn about agent RPC interactions and how they worked. --- # RPC Protocol diff --git a/website/content/docs/agent/sentinel.mdx b/website/content/docs/agent/sentinel.mdx index 4bffa838e9b4..b60d9ee9762f 100644 --- a/website/content/docs/agent/sentinel.mdx +++ b/website/content/docs/agent/sentinel.mdx @@ -1,13 +1,11 @@ --- layout: docs -page_title: Sentinel in Consul +page_title: Sentinel ACL Policies (Enterprise) description: >- - Consul Enterprise uses Sentinel to augment the built-in ACL system to provide - advanced policy enforcement. Sentinel policies can currently execute on KV - modify and service registration. +Sentinel allows you to include conditional logic in access control policies. Learn how Consul can use Sentinel policies to extend the ACL system's capabilities for controlling key-value (KV) write access. --- -# Sentinel Overview +# Sentinel for KV ACL Policy Enforcement diff --git a/website/content/docs/agent/telemetry.mdx b/website/content/docs/agent/telemetry.mdx index a3d16699d232..03ee92752386 100644 --- a/website/content/docs/agent/telemetry.mdx +++ b/website/content/docs/agent/telemetry.mdx @@ -1,13 +1,11 @@ --- layout: docs -page_title: Telemetry +page_title: Agents: Enable Metrics description: >- - The Consul agent collects various runtime metrics about the performance of - different libraries and subsystems. These metrics are aggregated on a ten - second interval and are retained for one minute. +Configure agent telemetry to collect operations metrics you can use to debug and observe Consul behavior and performance. Learn about configuration options, the metrics you can collect, and why they're important. --- -# Telemetry +# Agent Telemetry The Consul agent collects various runtime metrics about the performance of different libraries and subsystems. These metrics are aggregated on a ten diff --git a/website/content/docs/architecture/anti-entropy.mdx b/website/content/docs/architecture/anti-entropy.mdx index 7530fae7a5fb..40cceb7f3b19 100644 --- a/website/content/docs/architecture/anti-entropy.mdx +++ b/website/content/docs/architecture/anti-entropy.mdx @@ -1,11 +1,11 @@ --- layout: docs -page_title: Anti-Entropy -description: | - This section details the process and use of anti-entropy in Consul. +page_title: Anti-Entropy Enforcement +description: >- +Anti-entropy keeps distributed systems consistent. Learn how Consul uses an anti-entropy mechanism to periodically sync agent states with the service catalog to prevent the catalog from becoming stale. --- -# Anti-Entropy +# Anti-Entropy Enforcement Consul uses an advanced method of maintaining service and health information. This page details how services and checks are registered, how the catalog is diff --git a/website/content/docs/architecture/consensus.mdx b/website/content/docs/architecture/consensus.mdx index 361d2336e220..d1525cce4817 100644 --- a/website/content/docs/architecture/consensus.mdx +++ b/website/content/docs/architecture/consensus.mdx @@ -1,10 +1,8 @@ --- layout: docs -page_title: Consensus Protocol +page_title: Consensus Protocol | Raft description: >- - Consul uses a consensus protocol to provide Consistency as defined by CAP. The - consensus protocol is based on Raft: In search of an Understandable Consensus - Algorithm. For a visual explanation of Raft, see The Secret Lives of Data. +Consul ensures a consistent state using the Raft protocol. A quorum, or a majority of server agents with one leader, agree to state changes before committing to the state log. Learn how Raft works in Consul to ensure state consistency and how that state can be read with different consistency modes to balance read latency and consistency. --- # Consensus Protocol diff --git a/website/content/docs/architecture/coordinates.mdx b/website/content/docs/architecture/coordinates.mdx index 1e642b31b70f..e70e55f4112e 100644 --- a/website/content/docs/architecture/coordinates.mdx +++ b/website/content/docs/architecture/coordinates.mdx @@ -1,7 +1,8 @@ --- layout: docs page_title: Network Coordinates -description: A Decentralized Network Coordinate System, with several improvements based on several follow-on papers. +description: >- +Network coordinates are node locations in network tomography used to estimate round trip time (RTT). Learn how network coordinates manifest in Consul, how it calculates RTT, and how to work with coordinates to sort catalog information by nearness to a given node. --- # Network Coordinates diff --git a/website/content/docs/architecture/gossip.mdx b/website/content/docs/architecture/gossip.mdx index 64d2a66952fb..4fdab2f75bce 100644 --- a/website/content/docs/architecture/gossip.mdx +++ b/website/content/docs/architecture/gossip.mdx @@ -1,12 +1,8 @@ --- layout: docs -page_title: Gossip Protocol +page_title: Gossip Protocol | Serf description: >- - Consul uses a gossip protocol to manage membership and broadcast messages to - the cluster. All of this is provided through the use of the Serf library. The - gossip protocol used by Serf is based on SWIM: Scalable Weakly-consistent - Infection-style Process Group Membership Protocol, with a few minor - adaptations. +Consul agents manage membership in datacenters and WAN federations using the Serf protocol. Learn about the differences between LAN and WAN gossip pools and how `serfHealth` affects health checks. --- # Gossip Protocol diff --git a/website/content/docs/architecture/improving-consul-resilience.mdx b/website/content/docs/architecture/improving-consul-resilience.mdx index 12fbe7c683a3..30e8159da5ac 100644 --- a/website/content/docs/architecture/improving-consul-resilience.mdx +++ b/website/content/docs/architecture/improving-consul-resilience.mdx @@ -1,16 +1,11 @@ --- layout: docs -page_title: Improving Consul Resilience +page_title: Fault Tolerance in Consul description: >- - Fault tolerance is the ability of a system to continue operating without interruption - despite the failure of one or more components. Consul's resilience, or fault tolerance, - is determined by the configuring of its voting server agents. Recommended strategies for - increasing Consul's fault tolerance include using 3 or 5 voting server agents, spreading - server agents across infrastructure availability zones, and using Consul Enterprise - redundancy zones to enable backup voting servers to automatically replace lost voters. +Fault tolerance is a system's ability to operate without interruption despite component failure. Learn how a set of Consul servers provide fault tolerance through use of a quorum, and how to further improve control plane resilience through use of infrastructure zones and Enterprise redundancy zones. --- -# Improving Consul Resilience +# Fault Tolerance Fault tolerance is the ability of a system to continue operating without interruption despite the failure of one or more components. diff --git a/website/content/docs/architecture/index.mdx b/website/content/docs/architecture/index.mdx index 4f970b9cafcb..ff7013e71cda 100644 --- a/website/content/docs/architecture/index.mdx +++ b/website/content/docs/architecture/index.mdx @@ -2,12 +2,10 @@ layout: docs page_title: Consul Architecture description: >- - Consul is a complex system that has many different moving parts. To help users - and developers of Consul form a mental model of how it works, this page - documents the system architecture. +Consul datacenters consist of clusters of server agents (control plane) and client agents deployed alongside service instances (dataplane). Learn how these components and their different communication methods make Consul possible. --- -# Consul Architecture +# Consul Internals Overview Consul is a complex system that has many different moving parts. To help users and developers of Consul form a mental model of how it works, this diff --git a/website/content/docs/architecture/jepsen.mdx b/website/content/docs/architecture/jepsen.mdx index 77f3a29fdd06..b03a1722078f 100644 --- a/website/content/docs/architecture/jepsen.mdx +++ b/website/content/docs/architecture/jepsen.mdx @@ -1,14 +1,11 @@ --- layout: docs -page_title: Jepsen Testing +page_title: Consistency Verification | Jepsen Testing Results description: >- - Jepsen is a tool, written by Kyle Kingsbury, designed to test the partition - tolerance of distributed systems. It creates network partitions while fuzzing - the system with random operations. The results are analyzed to see if the - system violates any of the consistency properties it claims to have. +Jepsen is a tool to measure the reliability and consistency of distributed systems across network partitions. Learn about the Jepsen testing performed on Consul to ensure it gracefully recovers from partitions and maintains consistent state. --- -# Jepsen Testing +# Jepsen Testing Results [Jepsen](http://aphyr.com/posts/281-call-me-maybe-carly-rae-jepsen-and-the-perils-of-network-partitions) is a tool, written by Kyle Kingsbury, designed to test the partition diff --git a/website/content/docs/concepts/service-discovery.mdx b/website/content/docs/concepts/service-discovery.mdx index aac2237cfb0e..8ad853d02f74 100644 --- a/website/content/docs/concepts/service-discovery.mdx +++ b/website/content/docs/concepts/service-discovery.mdx @@ -1,9 +1,8 @@ --- layout: docs -page_title: Service Discovery +page_title: Service Discovery Explained description: >- - Learn what service discovery is, its benefits, and how it works. - Service mesh can solve many of the modern challenges that exist in multi-platform and multi-cloud application architectures, ranging from security to application resiliency. +Service discovery dynamically tracks and monitors service instances on your network and makes them discoverable through DNS queries. Learn about the benefits of service discovery and how it works. --- # What is service discovery? diff --git a/website/content/docs/concepts/service-mesh.mdx b/website/content/docs/concepts/service-mesh.mdx index 428e5123939f..38db1633af24 100644 --- a/website/content/docs/concepts/service-mesh.mdx +++ b/website/content/docs/concepts/service-mesh.mdx @@ -1,9 +1,8 @@ --- layout: docs -page_title: Service Mesh +page_title: Service Mesh Explained description: >- - Learn what a service mesh is, its benefits, and how it works. - A service mesh can solve many of the modern challenges that exist in multi-platform and multi-cloud application architectures, ranging from security to application resiliency. +Service mesh is a dedicated network layer for secure, resilient, observable microservice communication. Learn about using Consul's service mesh to solve service networking challenges in application architectures and manage complexity in multi-cloud, hybrid cloud, and multi-platform environments. --- # What is a service mesh? diff --git a/website/content/docs/connect/ca/aws.mdx b/website/content/docs/connect/ca/aws.mdx index 1c608c2c6267..92df1530ac22 100644 --- a/website/content/docs/connect/ca/aws.mdx +++ b/website/content/docs/connect/ca/aws.mdx @@ -1,12 +1,11 @@ --- layout: docs -page_title: Connect - Certificate Management +page_title: Service Mesh Certificate Authority: AWS Certificate Manager description: >- - Consul can be used with AWS Certificate Manager Private CA to manage and sign - certificates. +You can use the AWS Certificate Manager Private Certificate Authority as the Consul service mesh's certificate authority to secure your service mesh. Learn how to configure the AWS ACM Private CA, its limitations in Consul, and cost planning considerations. --- -# AWS Certificate Manager Private CA as a Connect CA +# AWS Certificate Manager as a Service Mesh Certificate Authority Consul can be used with [AWS Certificate Manager (ACM) Private Certificate Authority diff --git a/website/content/docs/connect/ca/consul.mdx b/website/content/docs/connect/ca/consul.mdx index 3f65a85e24f1..ab1121cdfcfa 100644 --- a/website/content/docs/connect/ca/consul.mdx +++ b/website/content/docs/connect/ca/consul.mdx @@ -1,14 +1,11 @@ --- layout: docs -page_title: Connect - Certificate Management +page_title: Certificate Authority: Built-in Service Mesh CA description: >- - Consul ships with a built-in CA system so that Connect can be easily enabled - out of the box. The built-in CA generates and stores the root certificate and - private key on Consul servers. It can also be configured with a custom - certificate and private key if needed. +Consul has a built-in service mesh certificate authority that can be used to secure your service mesh without needing a separate CA system. Learn how to configure the built-in service mesh CA as a root CA or an intermediate CA connected to an existing PKI system. --- -# Built-In CA +# Built-In Certificate Authority for Service Mesh Consul ships with a built-in CA system so that Connect can be easily enabled out of the box. The built-in CA generates and stores the diff --git a/website/content/docs/connect/ca/index.mdx b/website/content/docs/connect/ca/index.mdx index 45b9b3149895..ff058792df3b 100644 --- a/website/content/docs/connect/ca/index.mdx +++ b/website/content/docs/connect/ca/index.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Connect - Certificate Management -description: An overview of the Connect Certificate Authority mechanisms. +page_title: Service Mesh Certificate Authority: Overview +description: >- +Consul uses a certificate authority (CA) to generate, use, manage, sign, and store certificates for your service mesh. Learn about certificate management, including configuration, root cert rotation, cross-signing, and regenerating the CA. --- -# Connect Certificate Management +# Service Mesh Certificate Authority Overview Certificate management in Connect is done centrally through the Consul servers using the configured CA (Certificate Authority) provider. A CA provider diff --git a/website/content/docs/connect/ca/vault.mdx b/website/content/docs/connect/ca/vault.mdx index 05eee301ea58..09a7eb999ba7 100644 --- a/website/content/docs/connect/ca/vault.mdx +++ b/website/content/docs/connect/ca/vault.mdx @@ -1,12 +1,11 @@ --- layout: docs -page_title: Connect - Certificate Management +page_title: Service Mesh Certificate Authority: Vault description: >- - Consul can be used with Vault to manage and sign certificates. The Vault CA - provider uses the Vault PKI secrets engine to generate and sign certificates. +You can use a Vault PKI secrets engine as the Consul service mesh's certificate authority to secure your service mesh. Learn how to configure the Vault CA as a root CA or an intermediate CA connected to an existing PKI system, and how to manage PKI paths with either Vault or Consul. --- -# Vault as a Connect CA +# Vault as a Service Mesh Certificate Authority Consul can be used with [Vault](https://www.vaultproject.io) to manage and sign certificates. diff --git a/website/content/docs/connect/cluster-peering/create-manage-peering.mdx b/website/content/docs/connect/cluster-peering/create-manage-peering.mdx index a550a980e7b6..4265e81c83c9 100644 --- a/website/content/docs/connect/cluster-peering/create-manage-peering.mdx +++ b/website/content/docs/connect/cluster-peering/create-manage-peering.mdx @@ -1,11 +1,11 @@ --- layout: docs -page_title: Create and Manage Peering Connections +page_title: Cluster Peering: Create and Manage Connections description: >- - This page describes how to use the Consul CLI to create, manage, and delete peering connections for cluster peering. +Generate a peering token to establish communication, export services, and authorize requests for cluster peering connections. Learn how to create, list, read, check, and delete peering connections. --- -# Create and Manage Peering Connections +# Create and Manage Cluster Peering Connections ~> **Cluster peering is currently in beta:** Functionality associated with cluster peering is subject to change. You should never use the beta release in secure environments or production scenarios. Features in beta may have performance issues, scaling issues, and limited support.

Cluster peering is not currently available in the HCP Consul offering. diff --git a/website/content/docs/connect/cluster-peering/index.mdx b/website/content/docs/connect/cluster-peering/index.mdx index c4b8c7a4ee93..7526d7b25ec2 100644 --- a/website/content/docs/connect/cluster-peering/index.mdx +++ b/website/content/docs/connect/cluster-peering/index.mdx @@ -1,8 +1,8 @@ --- layout: docs -page_title: What is Cluster Peering? +page_title: Service Mesh: What is Cluster Peering? description: >- - This page details the cluster peering process for connecting Consul clusters across datacenters, including differences between cluster peering and the similar concept of WAN federation. +Cluster peering establishes communication between independent clusters in Consul, allowing services to interact across datacenters. Learn about the cluster peering process, differences with WAN federation for multi-datacenter deployments, and technical constraints. --- # What is Cluster Peering? diff --git a/website/content/docs/connect/cluster-peering/k8s.mdx b/website/content/docs/connect/cluster-peering/k8s.mdx index 0263e87949dd..16f87879b86f 100644 --- a/website/content/docs/connect/cluster-peering/k8s.mdx +++ b/website/content/docs/connect/cluster-peering/k8s.mdx @@ -2,7 +2,7 @@ layout: docs page_title: Cluster Peering on Kubernetes description: >- - This page describes how to create peering connections, deploy services, export cluster services, and end peering connections for Consul cluster peering using Kubernetes (K8s). +If you use Consul on Kubernetes, learn how to enable cluster peering, create peering CRDs, and then manage peering connections in consul-k8s. --- # Cluster Peering on Kubernetes diff --git a/website/content/docs/connect/config-entries/exported-services.mdx b/website/content/docs/connect/config-entries/exported-services.mdx index 60a247e43854..d14fa027cc9b 100644 --- a/website/content/docs/connect/config-entries/exported-services.mdx +++ b/website/content/docs/connect/config-entries/exported-services.mdx @@ -1,12 +1,11 @@ --- layout: docs -page_title: 'Configuration Entry Kind: Exported Services' +page_title: Exported Services: Configuration Entry Reference description: >- - The exported-services configuration entry enables you to export services from a single file. - Settings in this configuration entry can apply to services in any namespace of the specified partition. Write access to the mesh resource is required. +An exported services configuration entry defines the availability of a cluster's services to cluster peers and local admin partitions. Learn about `"exported-services"` config entry parameters and exporting services to other datacenters. --- -# Exported Services +# Exported Services Configuration Entry This topic describes the `exported-services` configuration entry type. The `exported-services` configuration entry enables Consul to export service instances to other clusters from a single file and connect services across clusters. For additional information, refer to [Cluster Peering](/docs/connect/cluster-peering) and [Admin Partitions](/docs/enterprise/admin-partitions). diff --git a/website/content/docs/connect/config-entries/index.mdx b/website/content/docs/connect/config-entries/index.mdx index 43b2a3d99c76..74c5e0a0d250 100644 --- a/website/content/docs/connect/config-entries/index.mdx +++ b/website/content/docs/connect/config-entries/index.mdx @@ -1,12 +1,11 @@ --- layout: docs -page_title: Configuration Entry Definitions +page_title: Configuration Entry Overview description: >- - Consul allows storing configuration entries centrally to be used as defaults - for configuring other aspects of Consul. +Configuration entries define service mesh behaviors in order to secure and manage traffic. Learn about Consul’s different config entry kinds and get links to configuration reference pages. --- -# Configuration Entries +# Configuration Entry Overview Configuration entries can be used to configure the behavior of Consul Connect. diff --git a/website/content/docs/connect/config-entries/ingress-gateway.mdx b/website/content/docs/connect/config-entries/ingress-gateway.mdx index 8d0e4847071b..3ccb2b026593 100644 --- a/website/content/docs/connect/config-entries/ingress-gateway.mdx +++ b/website/content/docs/connect/config-entries/ingress-gateway.mdx @@ -1,12 +1,11 @@ --- layout: docs -page_title: 'Configuration Entry Kind: Ingress Gateway' +page_title: Ingress Gateway: Configuration Entry Reference description: >- - The `ingress-gateway` config entry kind allows for configuring Ingress gateways - with listeners that expose a set of services outside the Consul service mesh. +The ingress gateway configuration entry kind defines behavior to secure incoming communication between the service mesh and external sources. Use the reference guide to learn about `"ingress-gateway"` config entry parameters and exposing TCP and HTTP listeners. --- -# Ingress Gateway +# Ingress Gateway Configuration Entry This topic provides reference information for the `ingress-gateway` configuration entry. diff --git a/website/content/docs/connect/config-entries/mesh.mdx b/website/content/docs/connect/config-entries/mesh.mdx index e8d6b4de5ffa..adfaf38b2072 100644 --- a/website/content/docs/connect/config-entries/mesh.mdx +++ b/website/content/docs/connect/config-entries/mesh.mdx @@ -1,14 +1,11 @@ --- layout: docs -page_title: 'Configuration Entry Kind: Mesh' +page_title: Mesh: Configuration Entry Reference description: >- - The mesh config entry kind allows for globally defining default - configuration across all services mesh proxies. - Settings in this config entry apply across all namespaces and federated datacenters. - Currently, only one mesh entry is supported. +The mesh configuration entry kind defines global default settings like TLS version requirements for proxies inside the service mesh. Use the reference guide to learn about `""mesh""` config entry parameters and how to control communication with services outside of the mesh. --- -# Mesh +# Mesh Configuration Entry -> **v1.10.0+:** This configuration entry is supported in Consul versions 1.10.0+. diff --git a/website/content/docs/connect/config-entries/proxy-defaults.mdx b/website/content/docs/connect/config-entries/proxy-defaults.mdx index c6f82d783594..c7b848a68c1e 100644 --- a/website/content/docs/connect/config-entries/proxy-defaults.mdx +++ b/website/content/docs/connect/config-entries/proxy-defaults.mdx @@ -1,14 +1,11 @@ --- layout: docs -page_title: 'Configuration Entry Kind: Proxy Defaults' +page_title: Proxy Defaults: Configuration Entry Reference description: >- - The proxy-defaults config entry kind allows for configuring global config - defaults across all services for Connect proxy configuration. Currently, only - one global entry is supported. +The proxy defaults configuration entry kind defines default behaviors for sidecar proxies in the service mesh. Use the reference guide to learn about `""proxy-defaults""` config entry parameters and how to expose HTTP paths through Envoy. --- -# Proxy Defaults - +# Proxy Defaults Configuration Entry The `proxy-defaults` configuration entry (`ProxyDefaults` on Kubernetes) allows you to configure global defaults across all services for Connect proxy diff --git a/website/content/docs/connect/config-entries/service-defaults.mdx b/website/content/docs/connect/config-entries/service-defaults.mdx index b49224b150d2..f3a23e118e64 100644 --- a/website/content/docs/connect/config-entries/service-defaults.mdx +++ b/website/content/docs/connect/config-entries/service-defaults.mdx @@ -1,12 +1,11 @@ --- layout: docs -page_title: 'Configuration Entry Kind: Service Defaults' +page_title: Service Defaults: Configuration Entry Reference description: >- - The service-defaults config entry kind controls default global values for a - service, such as its protocol. +The service defaults configuration entry kind defines sets of default configurations that apply to all services in the mesh. Use the examples learn how to define a default protocol, default upstream configuration, and default terminating gateway. --- -# Service Defaults +# Service Defaults Configuration Entry -> **v1.8.4+:** On Kubernetes, the `ServiceDefaults` custom resource is supported in Consul versions 1.8.4+.
**v1.5.0+:** On other platforms, this config entry is supported in Consul versions 1.5.0+. diff --git a/website/content/docs/connect/config-entries/service-intentions.mdx b/website/content/docs/connect/config-entries/service-intentions.mdx index c6dd14de9d6b..38935b7116fc 100644 --- a/website/content/docs/connect/config-entries/service-intentions.mdx +++ b/website/content/docs/connect/config-entries/service-intentions.mdx @@ -1,13 +1,11 @@ --- layout: docs -page_title: 'Configuration Entry Kind: Service Intentions' +page_title: Service Intentions: Configuration Entry Reference description: >- - The service-intentions config entry kind controls Connect traffic - authorization for both networking layer 4 (e.g. TCP) and networking layer 7 - (e.g. HTTP). +The service intentions configuration entry kind defines the communication permissions between service types. Use the reference guide to learn about `""service-intentions""` config entry parameters and how to authorize L4 and L7 communication int he service mesh with intentions. --- -# Service Intentions ((#service-intentions)) +# Service Intentions Configuration Entry ((#service-intentions)) -> **1.9.0+:** This config entry is available in Consul versions 1.9.0 and newer. diff --git a/website/content/docs/connect/config-entries/service-resolver.mdx b/website/content/docs/connect/config-entries/service-resolver.mdx index 056c7ba02439..0fb6a955516d 100644 --- a/website/content/docs/connect/config-entries/service-resolver.mdx +++ b/website/content/docs/connect/config-entries/service-resolver.mdx @@ -1,12 +1,11 @@ --- layout: docs -page_title: 'Configuration Entry Kind: Service Resolver' +page_title: Service Resolver: Configuration Entry Reference description: >- - The `service-resolver` config entry kind controls which service instances - should satisfy Connect upstream discovery requests for a given service name. +The service resolver configuration entry kind defines subsets of service instances that satisfy upstream discovery requests. Use the reference guide to learn about `""service-resolver""` config entry parameters and how filtering by service subsets helps route traffic based on properties like version number. --- -# Service Resolver +# Service Resolver Configuration Entry -> **v1.8.4+:** On Kubernetes, the `ServiceResolver` custom resource is supported in Consul versions 1.8.4+.
**v1.6.0+:** On other platforms, this config entry is supported in Consul versions 1.6.0+. diff --git a/website/content/docs/connect/config-entries/service-router.mdx b/website/content/docs/connect/config-entries/service-router.mdx index a3f9ed81bd84..11a1ba441501 100644 --- a/website/content/docs/connect/config-entries/service-router.mdx +++ b/website/content/docs/connect/config-entries/service-router.mdx @@ -1,12 +1,11 @@ --- layout: docs -page_title: 'Configuration Entry Kind: Service Router' +page_title: Service Router: Configuration Entry Reference description: >- - The service-router config entry kind controls Connect traffic routing and - manipulation at networking layer 7 (e.g. HTTP). +The service router configuration entry kind defines where the service mesh routes requests based on L7 network information such as header or path. Use the reference guide to learn about `""service-router""` config entry parameters and how behaviors like request timeouts, retry behavior, header modification, and path rewriting can be applied to a request based on its header or path information. --- -# Service Router +# Service Router Configuration Entry The `service-router` config entry kind (`ServiceRouter` on Kubernetes) controls Connect traffic routing and manipulation at networking layer 7 (e.g. HTTP). diff --git a/website/content/docs/connect/config-entries/service-splitter.mdx b/website/content/docs/connect/config-entries/service-splitter.mdx index 609cf818e601..ad15fb8e11bf 100644 --- a/website/content/docs/connect/config-entries/service-splitter.mdx +++ b/website/content/docs/connect/config-entries/service-splitter.mdx @@ -1,14 +1,11 @@ --- layout: docs -page_title: 'Configuration Entry Kind: Service Splitter' +page_title: Service Splitter: Configuration Entry Reference description: >- - The service-splitter config entry kind controls how to split incoming Connect - requests across different subsets of a single service (like during staged - canary rollouts), or perhaps across different services (like during a v2 - rewrite or other type of codebase migration). +The service splitter configuration entry kind defines how to divide service mesh traffic between service instances. Use the reference guide to learn about `""service-splitter""` config entry parameters and how it can be used for traffic management behaviors like canary rollouts, blue green deployment, and load balancing across environments. --- -# Service Splitter +# Service Splitter Configuration Entry -> **v1.8.4+:** On Kubernetes, the `ServiceSplitter` custom resource is supported in Consul versions 1.8.4+.
**v1.6.0+:** On other platforms, this config entry is supported in Consul versions 1.6.0+. diff --git a/website/content/docs/connect/config-entries/terminating-gateway.mdx b/website/content/docs/connect/config-entries/terminating-gateway.mdx index c406c5687d41..97973684b77a 100644 --- a/website/content/docs/connect/config-entries/terminating-gateway.mdx +++ b/website/content/docs/connect/config-entries/terminating-gateway.mdx @@ -1,12 +1,11 @@ --- layout: docs -page_title: 'Configuration Entry Kind: Terminating Gateway' +page_title: Terminating Gateway: Configuration Entry Reference description: >- - The `terminating-gateway` config entry kind allows for configuring terminating gateways - to proxy traffic from services in the Consul service mesh to services outside the mesh. +The terminating gateway configuration entry kind defines behavior to secure outgoing communication between the service mesh and non-mesh services. Use the reference guide to learn about `""terminating-gateway""` config entry parameters and connecting from your service mesh to external or non-mesh services registered with Consul. --- -# Terminating Gateway +# Terminating Gateway Configuration Entry -> **v1.8.4+:** On Kubernetes, the `TerminatingGateway` custom resource is supported in Consul versions 1.8.4+.
**v1.8.0+:** On other platforms, this config entry is supported in Consul versions 1.8.0+. diff --git a/website/content/docs/connect/configuration.mdx b/website/content/docs/connect/configuration.mdx index a765e3f25a8f..d19769caec53 100644 --- a/website/content/docs/connect/configuration.mdx +++ b/website/content/docs/connect/configuration.mdx @@ -1,13 +1,11 @@ --- layout: docs -page_title: Connect - Configuration +page_title: Service Mesh Configuration: Overview description: >- - A Connect-aware proxy enables unmodified applications to use Connect. A - per-service proxy sidecar transparently handles inbound and outbound service - connections, automatically wrapping and verifying TLS connections. +Learn how to enable and configure Consul's service mesh capabilities in agent configurations, and how to integrate with schedulers like Kubernetes and Nomad. ""Connect"" is the subsystem that provides Consul’s service mesh capabilities. --- -# Service Mesh Configuration +# Service Mesh Configuration Overview There are many configuration options exposed for Consul service mesh. The only option that must be set is the `connect.enabled` option on Consul servers to enable Consul service mesh. diff --git a/website/content/docs/connect/connect-internals.mdx b/website/content/docs/connect/connect-internals.mdx index dcb7bee6a2dd..52fb1bc4d99d 100644 --- a/website/content/docs/connect/connect-internals.mdx +++ b/website/content/docs/connect/connect-internals.mdx @@ -1,9 +1,8 @@ --- layout: docs -page_title: How Connect Works +page_title: Service Mesh: How it Works description: >- - This page details the internals of Consul Connect: mutual TLS, agent caching - and performance, intention and certificate authority replication. +Consul's service mesh enforces secure service communication using mutual TLS (mTLS) encryption and explicit authorization. Learn how the service mesh certificate authorities, intentions, and agents work together in the ""Connect"" subsystem to provide Consul’s service mesh capabilities. --- # How Service Mesh Works diff --git a/website/content/docs/connect/connectivity-tasks.mdx b/website/content/docs/connect/connectivity-tasks.mdx index 2b9951e561bc..a0c608c0f230 100644 --- a/website/content/docs/connect/connectivity-tasks.mdx +++ b/website/content/docs/connect/connectivity-tasks.mdx @@ -1,11 +1,11 @@ --- layout: docs -page_title: Connectivity Tasks +page_title: Gateway Types description: >- - Tasks related to connectivity into, out of, and between Consul service meshes. +Ingress, terminating, and mesh gateways are proxies that direct traffic into, out of, and inside of Consul's service mesh. Learn how these gateways enable different kinds of service-to-service communication. --- -# Connectivity Tasks +# Types of Gateway Connections in a Service Mesh ~> **Note**: The features shown below are extensions of Consul's service mesh capabilities. If you are not utilizing Consul service mesh then these features will not be relevant to your task. diff --git a/website/content/docs/connect/dev.mdx b/website/content/docs/connect/dev.mdx index 91a5a23520cf..d68aae4fe564 100644 --- a/website/content/docs/connect/dev.mdx +++ b/website/content/docs/connect/dev.mdx @@ -1,15 +1,11 @@ --- layout: docs -page_title: Connect - Development and Debugging +page_title: Service Mesh Debugging description: >- - It is often necessary to connect to a service for development or debugging. If - a service only exposes a Connect listener, then we need a way to establish a - mutual TLS connection to the service. The `consul connect proxy` command can - be used for this task on any machine with access to a Consul agent (local or - remote). +Use the `consul connect proxy` command to connect to services or masquerade as other services for development and debugging purposes. Example code demonstrates connecting to services that are part of the service mesh as listeners only. --- -# Developing and Debugging Connect Services +# Service Mesh Debugging It is often necessary to connect to a service for development or debugging. If a service only exposes a Connect listener, then we need a way to establish diff --git a/website/content/docs/connect/distributed-tracing.mdx b/website/content/docs/connect/distributed-tracing.mdx index 2098fb5ed9ee..96e61a44d4fb 100644 --- a/website/content/docs/connect/distributed-tracing.mdx +++ b/website/content/docs/connect/distributed-tracing.mdx @@ -1,8 +1,8 @@ --- layout: docs -page_title: Distributed Tracing +page_title: Service Mesh Distributed Tracing description: >- - Distributed tracing is a way to track and correlate requests across microservices. +Distributed tracing tracks the path of a request as it traverses the service mesh. Consul supports distributed tracing for applications that have it implemented. Learn how to integrate tracing libraries in your application and configure Consul to participate in that tracing. --- # Distributed Tracing diff --git a/website/content/docs/connect/gateways/index.mdx b/website/content/docs/connect/gateways/index.mdx index 995f07d90a29..6e6638dd8a11 100644 --- a/website/content/docs/connect/gateways/index.mdx +++ b/website/content/docs/connect/gateways/index.mdx @@ -1,11 +1,11 @@ --- layout: docs -page_title: Gateways +page_title: Gateways Overview description: >- - Gateways provide connectivity into, out of, and between Consul service meshes. +Gateways are proxies that direct traffic into, out of, and inside of Consul's service mesh. They secure communication with external or non-mesh network resources and enable services on different runtimes, cloud providers, or with overlapping IP addresses to communicate with each other. --- -# Gateways +# Gateways Overview This topic provides an overview of the gateway features shipped with Consul. Gateways provide connectivity into, out of, and between Consul service meshes. You can configure the following types of gateways: diff --git a/website/content/docs/connect/gateways/ingress-gateway.mdx b/website/content/docs/connect/gateways/ingress-gateway.mdx index 62ceffb7cda6..474f8403d3b5 100644 --- a/website/content/docs/connect/gateways/ingress-gateway.mdx +++ b/website/content/docs/connect/gateways/ingress-gateway.mdx @@ -1,9 +1,8 @@ --- layout: docs -page_title: Using Ingress Gateways to Connect External Traffic to Internal Services +page_title: Ingress Gateway | Service Mesh description: >- - This topic describes how ingress gateways enable traffic from external services to reach services inside the Consul service mesh. - It provides guidance on how to use Envoy and how to plug into your preferred gateway. +Ingress gateways listen for requests from external network locations and route authorized traffic to destinations in the service mesh. Use custom TLS certificates with ingress gateways through Envoy's gRPC Secret Discovery Service (SDS). --- # Ingress Gateways diff --git a/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters.mdx b/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters.mdx index e712adeabd17..1f2ca9182816 100644 --- a/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters.mdx +++ b/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters.mdx @@ -1,12 +1,11 @@ --- layout: docs -page_title: Service-to-service Traffic Across Datacenters +page_title: Mesh Gateways between Datacenters description: >- - This topic describes how to configure mesh gateways to route a service's data to upstreams - in other datacenters. It describes how to use Envoy and how you can integrate with your preferred gateway. +Mesh gateways are specialized proxies that route data between services that cannot communicate directly. Learn how to enable service-to-service traffic across datacenters and review example configuration entries. --- -# Service-to-service Traffic Across Datacenters +# Mesh Gateways between Datacenters -> **1.6.0+:** This feature is available in Consul versions 1.6.0 and newer. diff --git a/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions.mdx b/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions.mdx index f3542c4d6144..41bcacd65630 100644 --- a/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions.mdx +++ b/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions.mdx @@ -1,12 +1,11 @@ --- layout: docs -page_title: Service-to-service Traffic Across Partitions +page_title: Mesh Gateways between Admin Partitions description: >- - This topic describes how to configure mesh gateways to route a service's data to upstreams - in other partitions. It describes how to use Envoy and how you can integrate with your preferred gateway. +Mesh gateways are specialized proxies that route data between services that cannot communicate directly with upstreams. Learn how to enable service-to-service traffic across admin partitions and review example configuration entries. --- -# Service-to-service Traffic Across Partitions +# Mesh Gateways between Admin Partitions -> **Consul Enterprise 1.11.0+:** Admin partitions are supported in Consul Enterprise versions 1.11.0 and newer. diff --git a/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-peers.mdx b/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-peers.mdx index 0163730ba4bb..b8b9b7a7cdee 100644 --- a/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-peers.mdx +++ b/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-peers.mdx @@ -1,12 +1,11 @@ --- layout: docs -page_title: Service-to-service Traffic Across Peered Clusters +page_title: Mesh Gateways between Peered Clusters description: >- - This topic describes how to configure mesh gateways to route a service's data to upstreams - in clusters that have a peering connection. +Mesh gateways are specialized proxies that route data between services that cannot communicate directly. Learn how to enable service-to-service traffic across clusters in different datacenters or admin partitions that have an established peering connection. --- -# Service-to-service Traffic Across Peered Clusters +# Mesh Gateways between Peered Clusters ~> **Cluster peering is currently in beta**: Functionality associated with cluster peering is subject to change. You should never use the beta release in secure environments or production scenarios. Features in beta may have performance issues, scaling issues, and limited support. diff --git a/website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx b/website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx index f892592c1505..200da8c1f743 100644 --- a/website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx +++ b/website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx @@ -1,11 +1,11 @@ --- layout: docs -page_title: WAN Federation via Mesh Gateways -description: |- - WAN federation via mesh gateways allows for Consul servers in different datacenters to be federated exclusively through mesh gateways. +page_title: Mesh Gateways for WAN Federation +description: >- +You can use mesh gateways to simplify the networking requirements for WAN federated Consul datacenters. Mesh gateways reduce cross-datacenter connection paths, ports, and communication protocols. --- -# WAN Federation via Mesh Gateways +# Mesh Gateways for WAN Federation -> **1.8.0+:** This feature is available in Consul versions 1.8.0 and higher diff --git a/website/content/docs/connect/gateways/terminating-gateway.mdx b/website/content/docs/connect/gateways/terminating-gateway.mdx index a0afe68c5534..b351c4a2800e 100644 --- a/website/content/docs/connect/gateways/terminating-gateway.mdx +++ b/website/content/docs/connect/gateways/terminating-gateway.mdx @@ -1,10 +1,8 @@ --- layout: docs -page_title: Internal <> External Services - Terminating Gateways +page_title: Terminating Gateway | Service Mesh description: >- - A terminating gateway enables traffic from services in the Consul - service mesh to services outside the mesh. This section details - how to configure and run a terminating gateway. +Terminating gateways send requests from inside the service mesh to external network locations and services outside the mesh. Learn about requirements and terminating gateway interactions with Consul's service catalog. --- # Terminating Gateways diff --git a/website/content/docs/connect/index.mdx b/website/content/docs/connect/index.mdx index 3d990b69e637..4b2b6a12b051 100644 --- a/website/content/docs/connect/index.mdx +++ b/website/content/docs/connect/index.mdx @@ -1,9 +1,8 @@ --- layout: docs -page_title: Service Mesh -description: |- - Consul Connect provides service-to-service connection authorization and - encryption using mutual TLS. +page_title: Service Mesh on Consul +description: >- +Consul’s service mesh makes application and microservice networking secure and observable with identity-based authentication, mutual TLS (mTLS) encryption, and explicit service-to-service authorization enforced by sidecar proxies. Learn how Consul’s service mesh works and get started on VMs or Kubernetes. --- # Consul Service Mesh diff --git a/website/content/docs/connect/intentions-legacy.mdx b/website/content/docs/connect/intentions-legacy.mdx index 8f6994d35dc3..fc24b5c69090 100644 --- a/website/content/docs/connect/intentions-legacy.mdx +++ b/website/content/docs/connect/intentions-legacy.mdx @@ -1,10 +1,8 @@ --- layout: docs -page_title: Service-to-service permissions - Intentions (Legacy Mode) +page_title: Intentions (Legacy Mode) description: >- - Intentions define access control for services via Connect and are used to - control which services may establish connections. Intentions can be managed - via the API, CLI, or UI. +Intentions define service communication permissions in the service mesh. As of version 1.9, Consul uses a new system for creating and managing intentions. Learn how intentions worked in earlier versions of Consul with this legacy documentation. --- # Intentions in Legacy Mode diff --git a/website/content/docs/connect/intentions.mdx b/website/content/docs/connect/intentions.mdx index 15a5bcc36410..049467f143a4 100644 --- a/website/content/docs/connect/intentions.mdx +++ b/website/content/docs/connect/intentions.mdx @@ -1,12 +1,11 @@ --- layout: docs -page_title: Service-to-service permissions - Intentions +page_title: Service Mesh Intentions description: >- - Intentions define access control for services via Connect and are used to - control which services may establish connections or make requests. +Intentions define communication permissions in the service mesh between microservices. Learn about configuration basics, wildcard intentions, precedence and match order, and protecting intention management with ACLs. --- -# Intentions +# Service Mesh Intentions -> **1.9.0 and later:** This guide only applies in Consul versions 1.9.0 and later. The documentation for the legacy intentions system is diff --git a/website/content/docs/connect/l7-traffic/discovery-chain.mdx b/website/content/docs/connect/l7-traffic/discovery-chain.mdx index 39ea48df5f92..8de9eb4ba19c 100644 --- a/website/content/docs/connect/l7-traffic/discovery-chain.mdx +++ b/website/content/docs/connect/l7-traffic/discovery-chain.mdx @@ -1,13 +1,11 @@ --- layout: docs -page_title: Discovery Chain +page_title: Service Mesh Traffic Management: Discovery Chain description: >- - The service discovery process can be modeled as a "discovery chain" which - passes through three distinct stages: routing, splitting, and resolution. Each - of these stages is controlled by a set of configuration entries. +The discovery chain compiles service router, splitter, and resolver configuration entries to direct traffic to specific instances in a service mesh. Learn about compiled discovery chain results, including discovery graph nodes and targets. --- -# Discovery Chain +# Discovery Chain for Service Mesh Traffic Management -> **1.6.0+:** This feature is available in Consul versions 1.6.0 and newer. diff --git a/website/content/docs/connect/l7-traffic/index.mdx b/website/content/docs/connect/l7-traffic/index.mdx index b01a46e7e0d2..ab86b71687b2 100644 --- a/website/content/docs/connect/l7-traffic/index.mdx +++ b/website/content/docs/connect/l7-traffic/index.mdx @@ -1,14 +1,13 @@ --- layout: docs -page_title: Connect - L7 Traffic Management +page_title: Service Mesh Traffic Management: Overview description: >- - Layer 7 traffic management allows operators to divide L7 traffic between - different subsets of service instances when using Connect. +Consul can route, split, and resolve Layer 7 traffic in a service mesh to support workflows like canary testing and blue/green deployments. Learn about the three configuration entry kinds that define L7 traffic management behavior in Consul. --- -> **1.6.0+:** This feature is available in Consul versions 1.6.0 and newer. -# L7 Traffic Management +# Service Mesh Traffic Management Overview Layer 7 traffic management allows operators to divide L7 traffic between different diff --git a/website/content/docs/connect/native/go.mdx b/website/content/docs/connect/native/go.mdx index 43016a851c36..c047e95bbbf3 100644 --- a/website/content/docs/connect/native/go.mdx +++ b/website/content/docs/connect/native/go.mdx @@ -1,14 +1,11 @@ --- layout: docs -page_title: Connect - Native Application Integration - Go +page_title: Service Mesh Native App Integration: Go Apps description: >- - We provide a library that makes it drop-in simple to integrate Connect with - most Go applications. For most Go applications, Connect can be natively - integrated in just a single line of code excluding imports and struct - initialization. +Consul's service mesh supports native integrations of Go applications into the service mesh through a Go library. Example code demonstrates how to connect your Go applications to the service mesh. --- -# Connect-Native Integration with Go +# Service Mesh Native Integration for Go Applications -> **Note:** When calling `ConnectAuthorize()` on incoming connections this library will return _deny_ if `Permissions` are defined on the matching intention. diff --git a/website/content/docs/connect/native/index.mdx b/website/content/docs/connect/native/index.mdx index 57b7e461d596..f8d12481f5ce 100644 --- a/website/content/docs/connect/native/index.mdx +++ b/website/content/docs/connect/native/index.mdx @@ -1,13 +1,11 @@ --- layout: docs -page_title: Connect - Native Application Integration +page_title: Service Mesh Native App Integration: Overview description: >- - Applications can natively integrate with the Connect API to support accepting - and establishing connections to other Connect services without the overhead of - a proxy sidecar. +When using sidecar proxies is not possible, applications can natively integrate with Consul service mesh, but have reduced access to service mesh features. Learn how “Connect-Native” apps use mTLS to authenticate with Consul and how to add integrations to service registrations. --- -# Connect-Native App Integration +# Service Mesh Native App Integration Overview ~> **Note:** The Native App Integration does not support many of the Connect service mesh features, and is not under active development. diff --git a/website/content/docs/connect/nomad.mdx b/website/content/docs/connect/nomad.mdx index e5f0927d9ba5..13cb08577fdc 100644 --- a/website/content/docs/connect/nomad.mdx +++ b/website/content/docs/connect/nomad.mdx @@ -1,13 +1,11 @@ --- layout: docs -page_title: Connect - Nomad +page_title: Sevice Mesh: Nomad Integration description: >- - Connect can be used with [Nomad](https://www.nomadproject.io) to provide - secure service-to-service communication between Nomad jobs. The ability to use - the dynamic port feature of Nomad makes Connect particularly easy to use. +Consul's service mesh can be applied to provide secure communication between services managed by Nomad's scheduler and orchestrator functions, including Nomad jobs and task groups. Use the guide and reference documentation to learn more. --- -# Connect on Nomad +# Consul and Nomad Integration Consul Connect can be used with [Nomad](https://www.nomadproject.io) to provide secure service-to-service communication between Nomad jobs and task groups. diff --git a/website/content/docs/connect/observability/index.mdx b/website/content/docs/connect/observability/index.mdx index eadc3e498d75..9957e7366ca7 100644 --- a/website/content/docs/connect/observability/index.mdx +++ b/website/content/docs/connect/observability/index.mdx @@ -1,12 +1,11 @@ --- layout: docs -page_title: Connect - Observability -description: |- - This page documents the configurations necessary for L7 observability using - Consul Connect. +page_title: Service Mesh Observability: Overview +description: >- +To use Consul's observability features, configure sidecar proxies in the service mesh to collect and emit L7 metrics. Learn about configuring metrics destinations and a service's protocol and upstreams. --- -# Observability +# Service Mesh Observability Overview In order to take advantage of Connect's L7 observability features you will need to: diff --git a/website/content/docs/connect/observability/ui-visualization.mdx b/website/content/docs/connect/observability/ui-visualization.mdx index edbc96defde0..3afb8848e218 100644 --- a/website/content/docs/connect/observability/ui-visualization.mdx +++ b/website/content/docs/connect/observability/ui-visualization.mdx @@ -1,12 +1,11 @@ --- layout: docs -page_title: Connect - UI Visualization -description: |- - This page describes how to set up and customize the Service Mesh Topology - visualization in Consul's UI. +page_title: Service Mesh Observability: UI Visualization +description: >- +Consul's UI can display a service's topology and associated metrics from the service mesh. Learn how to configure the UI to collect metrics from your metrics provider, modify access for metrics proxies, and integrate custom metrics providers. --- -# UI Visualization +# Service Mesh Observability: UI Visualization -> Coming here from "Configure metrics dashboard" or "Configure dashboard"? See [Configuring Dashboard URLs](#configuring-dashboard-urls). diff --git a/website/content/docs/connect/proxies/built-in.mdx b/website/content/docs/connect/proxies/built-in.mdx index 358d80464567..0c6f8f516d95 100644 --- a/website/content/docs/connect/proxies/built-in.mdx +++ b/website/content/docs/connect/proxies/built-in.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Connect - Built-in Proxy -description: Consul Connect comes with a built-in proxy for testing and development. +page_title: Built-in Proxy Configuration | Service Mesh +description: >- +Consul includes a built-in L4 proxy with limited capabilities to use for development and testing only. Use the built-in proxy config key reference to learn about the options you can configure. --- -# Built-In Proxy Options +# Built-in Proxy Configuration for Service Mesh ~> **Note:** The built-in proxy is not supported for production deployments. It does not support many of the Connect service mesh features, and is not under active development. diff --git a/website/content/docs/connect/proxies/envoy.mdx b/website/content/docs/connect/proxies/envoy.mdx index c29996ea6662..63f0128f2b2a 100644 --- a/website/content/docs/connect/proxies/envoy.mdx +++ b/website/content/docs/connect/proxies/envoy.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Connect - Envoy Integration -description: Consul Connect has first-class support for configuring Envoy proxy. +page_title: Envoy Proxy Configuration | Service Mesh +description: >- +Consul supports Envoy proxies to direct traffic throughout the service mesh. Learn about Consul versions and their Envoy support, and use the reference guide to review options for bootstrap configuration, dynamic configuration, and advanced topics like escape hatch overrides. --- -# Envoy Integration +# Envoy Proxy Configuration for Service Mesh Consul Connect has first class support for using [Envoy](https://www.envoyproxy.io) as a proxy. Consul configures Envoy by diff --git a/website/content/docs/connect/proxies/index.mdx b/website/content/docs/connect/proxies/index.mdx index 14865aeb9a39..aebab764a28e 100644 --- a/website/content/docs/connect/proxies/index.mdx +++ b/website/content/docs/connect/proxies/index.mdx @@ -1,13 +1,11 @@ --- layout: docs -page_title: Connect - Proxies +page_title: Service Mesh Proxy Overview description: >- - A Connect-aware proxy enables unmodified applications to use Connect. This - section details how to use either Envoy or Consul's built-in L4 proxy, and - describes how you can plug in a proxy of your choice. +In Consul service mesh, each service has a sidecar proxy that secures connections with other services in the mesh without modifying the underlying application code. You can use the built-in proxy, Envoy, or a custom proxy to handle communication and verify TLS connections. --- -# Connect Proxies +# Service Mesh Proxy Overview A Connect-aware proxy enables unmodified applications to use Connect. A per-service proxy sidecar transparently handles inbound and outbound service diff --git a/website/content/docs/connect/proxies/integrate.mdx b/website/content/docs/connect/proxies/integrate.mdx index 1d189d183f6a..ece43b02eb90 100644 --- a/website/content/docs/connect/proxies/integrate.mdx +++ b/website/content/docs/connect/proxies/integrate.mdx @@ -1,13 +1,11 @@ --- layout: docs -page_title: Connect - Proxy Integration +page_title: Custom Proxy Configuration | Service Mesh description: >- - A Connect-aware proxy enables unmodified applications to use Connect. A - per-service proxy sidecar transparently handles inbound and outbound service - connections, automatically wrapping and verifying TLS connections. +Consul supports custom proxy integrations for service discovery and sidecar instantiation. Learn about proxy requirements for service mesh operations, as well as how to authorize inbound and outbound connections for your custom proxy. --- -# Connect Custom Proxy Integration +# Custom Proxy Configuration for Service Mesh This topic describes the process and API endpoints you can use to extend proxies for integration with Consul. diff --git a/website/content/docs/connect/proxies/managed-deprecated.mdx b/website/content/docs/connect/proxies/managed-deprecated.mdx index f4d709d2769b..ec18940fab44 100644 --- a/website/content/docs/connect/proxies/managed-deprecated.mdx +++ b/website/content/docs/connect/proxies/managed-deprecated.mdx @@ -1,13 +1,11 @@ --- layout: docs -page_title: Connect - Deprecated Managed Proxies -description: |- - Consul 1.2 launched its Connect Beta period with a feature named Managed - Proxies which are now deprecated. This page describes how they worked and why - they are no longer supported. +page_title: Managed Proxy for Connect (Legacy) +description: >- +Consul's service mesh originally included a proxy manager that was deprecated in version 1.6. Learn about the reasons for its deprecation and how it worked with this legacy documentation. --- -# Managed Proxy Deprecation +# Managed Proxy for Connect Legacy Documentation Consul Connect was first released as a beta feature in Consul 1.2.0. The initial release included a feature called "Managed Proxies". Managed proxies were diff --git a/website/content/docs/connect/registration/index.mdx b/website/content/docs/connect/registration/index.mdx index 0ca1f65ee228..dce7510d2006 100644 --- a/website/content/docs/connect/registration/index.mdx +++ b/website/content/docs/connect/registration/index.mdx @@ -1,13 +1,11 @@ --- layout: docs -page_title: Connect - Proxy Registration +page_title: Service Mesh Proxy Registration Overview description: >- - To make connect aware of proxies you will need to register them as Consul - services. This section describes the process and options for proxy - registration. +To make Consul aware of proxies in your service mesh, you must register them. Learn about methods for configuring and registering sidecar proxies. --- -# Proxy Registration +# Service Mesh Proxy Overview To make Connect aware of proxies you will need to register them in a [service definition](/docs/discovery/services), just like you would register any other service with Consul. This section outlines your options for registering Connect proxies, either using independent registrations, or in nested sidecar registrations. diff --git a/website/content/docs/connect/registration/service-registration.mdx b/website/content/docs/connect/registration/service-registration.mdx index 5b6e8ef598a6..29495b3c86c0 100644 --- a/website/content/docs/connect/registration/service-registration.mdx +++ b/website/content/docs/connect/registration/service-registration.mdx @@ -1,13 +1,11 @@ --- layout: docs -page_title: Connect - Service Registration +page_title: Register a Service Mesh Proxy Outside of a Service Registration description: >- - A per-service proxy sidecar transparently handles inbound and outbound service - connections. You can register these sidecars with reasonable defaults by nesting - their definitions in the service definition. +You can register a service mesh sidecar proxy separately from the registration of the service instance it fronts. Learn about proxy configuration options and how to format them with examples. --- -# Proxy Service Registration +# Register a Service Mesh Proxy Outside of a Service Registration This topic describes how to declare a proxy as a `connect-proxy` in service definitions. The `kind` must be declared and information about the service they represent must be provided to function as a Consul service mesh proxy. diff --git a/website/content/docs/connect/registration/sidecar-service.mdx b/website/content/docs/connect/registration/sidecar-service.mdx index 80c798323f5f..e4caadd7c406 100644 --- a/website/content/docs/connect/registration/sidecar-service.mdx +++ b/website/content/docs/connect/registration/sidecar-service.mdx @@ -1,12 +1,11 @@ --- layout: docs -page_title: Connect - Sidecar Service Registration -description: |- - Sidecar service registrations provide a convenient shorthand for registering a - sidecar proxy inline with a regular service definition. +page_title: Register a Service Mesh Proxy in a Service Registration +description: >- +You can register a service instance and its sidecar proxy at the same time. Learn about default settings, customizable parameters, limitations, and lifecycle behaviors of the sidecar proxy. --- -# Sidecar Service Registration +# Register a Service Mesh Proxy in a Service Registration Connect proxies are typically deployed as "sidecars" that run on the same node as the single service instance that they handle traffic for. They might be on diff --git a/website/content/docs/connect/security.mdx b/website/content/docs/connect/security.mdx index 90c0ca5e508f..0bb99490c81a 100644 --- a/website/content/docs/connect/security.mdx +++ b/website/content/docs/connect/security.mdx @@ -1,13 +1,11 @@ --- layout: docs -page_title: Connect - Security -description: |- - Connect enables secure service-to-service communication over mutual TLS. This - provides both in-transit data encryption as well as authorization. This page - will document how to secure Connect. +page_title: Service Mesh Security: Best Practices +description: >- +Consul provides secure service mesh communication by default. Additional configuration can improve network security by preventing unauthorized access and traffic sniffing. Review security considerations, our recommendations, and best practices. --- -# Connect Security +# Best Practices for Service Mesh Security Connect enables secure service-to-service communication over mutual TLS. This provides both in-transit data encryption as well as authorization. This page diff --git a/website/content/docs/connect/transparent-proxy.mdx b/website/content/docs/connect/transparent-proxy.mdx index 82d98f60cb8b..51e437b4792a 100644 --- a/website/content/docs/connect/transparent-proxy.mdx +++ b/website/content/docs/connect/transparent-proxy.mdx @@ -1,13 +1,11 @@ --- layout: docs -page_title: Connect - Transparent Proxy -sidebar_title: Transparent Proxy -description: |- - Transparent proxy is used to direct inbound and outbound traffic to services via the Envoy proxy and configure - upstreams via intentions. +page_title: Service Mesh: Enable Transparent Proxy Mode +description: >- +Learn how transparent proxy enables Consul on Kubernetes to direct inbound and outbound traffic through the service mesh. Use transparent proxying to increase application security without configuring individual upstream services. --- -# Transparent Proxy +# Enable Transparent Proxy Mode This topic describes how to use Consul’s transparent proxy feature, which allows applications to communicate through the service mesh without modifying their configurations. Transparent proxy also hardens application security by preventing direct inbound connections that bypass the mesh. diff --git a/website/content/docs/discovery/checks.mdx b/website/content/docs/discovery/checks.mdx index 2ee0ea8db835..a9ab2a5d33b4 100644 --- a/website/content/docs/discovery/checks.mdx +++ b/website/content/docs/discovery/checks.mdx @@ -1,14 +1,11 @@ --- layout: docs -page_title: Monitor Services - Check Definitions +page_title: Configure Health Checks description: >- - One of the primary roles of the agent is management of system- and - application-level health checks. A health check is considered to be - application-level if it is associated with a service. A check is defined in a - configuration file or added at runtime over the HTTP interface. +Agents can be configured to periodically perform custom checks on the health of a service instance or node. Learn about the types of health checks and how to define them in agent and service configuration files. --- -# Checks +# Health Checks One of the primary roles of the agent is management of system-level and application-level health checks. A health check is considered to be application-level if it is associated with a diff --git a/website/content/docs/discovery/dns.mdx b/website/content/docs/discovery/dns.mdx index 72fe5e208a66..3566aa7c34d1 100644 --- a/website/content/docs/discovery/dns.mdx +++ b/website/content/docs/discovery/dns.mdx @@ -1,13 +1,11 @@ --- layout: docs -page_title: Find Services - DNS Interface +page_title: Find services with DNS description: >- - One of the primary query interfaces for Consul is DNS. The DNS interface - allows applications to make use of service discovery without any high-touch - integration with Consul. +For service discovery use cases, Domain Name Service (DNS) is the main interface to look up, query, and address Consul nodes and services. Learn how a Consul DNS lookup can help you find services by tag, name, namespace, partition, datacenter, or domain. --- -# DNS Interface +# Query services with DNS One of the primary query interfaces for Consul is DNS. The DNS interface allows applications to make use of service diff --git a/website/content/docs/discovery/services.mdx b/website/content/docs/discovery/services.mdx index 8cc526f4ba10..b93e5d86c226 100644 --- a/website/content/docs/discovery/services.mdx +++ b/website/content/docs/discovery/services.mdx @@ -1,16 +1,11 @@ --- layout: docs -page_title: Register Services - Service Definitions +page_title: Register Services with Service Definitions description: >- - One of the main goals of service discovery is to provide a catalog of - available services. To that end, the agent provides a simple service - definition format to declare the availability of a service and to potentially - associate it with a health check. A health check is considered to be - application level if it is associated with a service. A service is defined in - a configuration file or added at runtime over the HTTP interface. +Define and register services and their health checks with Consul to make a service available for service discovery or service mesh access. Learn how to format service definitions with this reference page and sample code. --- -# Services +# Register Services with Service Definitions One of the main goals of service discovery is to provide a catalog of available services. To that end, the agent provides a simple service definition format diff --git a/website/content/docs/dynamic-app-config/kv.mdx b/website/content/docs/dynamic-app-config/kv.mdx index f94a81c70a05..b6f7631b7278 100644 --- a/website/content/docs/dynamic-app-config/kv.mdx +++ b/website/content/docs/dynamic-app-config/kv.mdx @@ -94,4 +94,4 @@ to [build distributed semaphores](https://learn.hashicorp.com/consul/developer-c ### Vault If you plan to use Consul KV as a backend for Vault, please review [this -tutorial](https://learn.hashicorp.com/tutorials/vault/ha-with-consul). +tutorial](/vault/tutorials/day-one-consul/ha-with-consul?utm_source=docs). diff --git a/website/content/docs/enterprise/admin-partitions.mdx b/website/content/docs/enterprise/admin-partitions.mdx index cfe962ff9477..5d765e7a2744 100644 --- a/website/content/docs/enterprise/admin-partitions.mdx +++ b/website/content/docs/enterprise/admin-partitions.mdx @@ -1,7 +1,8 @@ --- layout: docs -page_title: Consul Enterprise Admin Partitions -description: Consul Enterprise enables you to create partitions that can be administrated across namespaces. +page_title: Admin Partitions (Enterprise) +description: >- +Admin partitions define boundaries between services managed by separate teams, enabling a service mesh across k8s clusters controlled by a single Consul server. Learn about their requirements and how to deploy admin partitions on Kubernetes. --- # Consul Enterprise Admin Partitions diff --git a/website/content/docs/enterprise/audit-logging.mdx b/website/content/docs/enterprise/audit-logging.mdx index 90f876f434c0..fc21432323b5 100644 --- a/website/content/docs/enterprise/audit-logging.mdx +++ b/website/content/docs/enterprise/audit-logging.mdx @@ -1,8 +1,8 @@ --- layout: docs -page_title: Consul Enterprise Audit Logging +page_title: Audit Logging (Enterprise) description: >- - Consul Enterprise provides the ability to write events of user behavior with Consul's API so operations and security users can perform legal compliance auditing. +Audit logging secures Consul by capturing a record of HTTP API access and usage. Learn how to format agent configuration files to enable audit logs and specify the path to save logs to. --- # Audit Logging diff --git a/website/content/docs/enterprise/backups.mdx b/website/content/docs/enterprise/backups.mdx index 0a99c68b3b11..a90825a892e6 100644 --- a/website/content/docs/enterprise/backups.mdx +++ b/website/content/docs/enterprise/backups.mdx @@ -1,10 +1,8 @@ --- layout: docs -page_title: Consul Enterprise Automated Backups +page_title: Automated Backups (Enterprise) description: >- - Consul Enterprise provides a highly available service that manages taking - snapshots, rotation and sending backup files offsite to Amazon S3 (or - S3-compatible endpoints), Google Cloud Storage, or Azure Blob Storage. +Learn about launching the snapshot agent to automatically backup files to a cloud storage provider so that you can restore Consul servers. Supported providers include: Amazon S3, Google Cloud Storage, and Azure Blob Storage. --- # Automated Backups diff --git a/website/content/docs/enterprise/federation.mdx b/website/content/docs/enterprise/federation.mdx index e43aabd41eb2..0f96d6a4d8a7 100644 --- a/website/content/docs/enterprise/federation.mdx +++ b/website/content/docs/enterprise/federation.mdx @@ -1,10 +1,8 @@ --- layout: docs -page_title: Consul Enterprise Advanced Federation +page_title: Federated Network Areas (Enterprise) description: >- - Consul Enterprise enables you to federate Consul datacenters together on a - pairwise basis, enabling partially-connected network topologies like - hub-and-spoke. +Network areas connect individual datacenters in a WAN federation, providing an alternative to connecting every datacenter. Learn how to support hub-and-spoke network topologies in a WAN federated Consul deployment. --- # Consul Enterprise Advanced Federation diff --git a/website/content/docs/enterprise/index.mdx b/website/content/docs/enterprise/index.mdx index 536849ffb83c..ecefc803f369 100644 --- a/website/content/docs/enterprise/index.mdx +++ b/website/content/docs/enterprise/index.mdx @@ -2,8 +2,7 @@ layout: docs page_title: Consul Enterprise description: >- - Consul Enterprise features a number of capabilities beyond the open source - offering that may be beneficial in certain workflows. +Consul Enterprise is a paid offering that extends Consul’s open source functions to support large and complex deployments. Learn about scaling infrastructure, simplifying operations, and making networks more resilient with Enterprise. --- # Consul Enterprise diff --git a/website/content/docs/enterprise/license/faq.mdx b/website/content/docs/enterprise/license/faq.mdx index 167cc5e50bc8..2ba3e2cb1bd8 100644 --- a/website/content/docs/enterprise/license/faq.mdx +++ b/website/content/docs/enterprise/license/faq.mdx @@ -1,7 +1,8 @@ --- layout: docs -page_title: Consul Enterprise License FAQ -description: Frequently Asked Questions pertaining to Consul Enterprise Licensing. +page_title: Enterprise License FAQ +description: >- +Review frequently asked questions (FAQs) about Consul Enterprise licenses to learn more about how licenses work, what happens when they expire, and how to get a trial license. --- # Frequently Asked Questions (FAQ) diff --git a/website/content/docs/enterprise/license/overview.mdx b/website/content/docs/enterprise/license/overview.mdx index 2959ef67f9c8..f46d372c39b0 100644 --- a/website/content/docs/enterprise/license/overview.mdx +++ b/website/content/docs/enterprise/license/overview.mdx @@ -1,7 +1,8 @@ --- layout: docs -page_title: Consul Enterprise License -description: Consul Enterprise License Overview. +page_title: Enterprise Licenses +description: >- +Consul Enterprise server, client, and snapshot agents require a license on startup in order to use Enterprise features. Learn how to apply licenses using environment variables or configuration files. --- # Consul Enterprise License diff --git a/website/content/docs/enterprise/namespaces.mdx b/website/content/docs/enterprise/namespaces.mdx index 612c47a65a26..598d2c8e5da9 100644 --- a/website/content/docs/enterprise/namespaces.mdx +++ b/website/content/docs/enterprise/namespaces.mdx @@ -1,7 +1,8 @@ --- layout: docs -page_title: Consul Enterprise Namespaces -description: Consul Enterprise enables data isolation with Namespaces. +page_title: Namespaces (Enterprise) +description: >- +Namespaces reduce operational challenges in large deployments. Learn how to define a namespace so that multiple users or teams can access and use the same datacenter without impacting each other. --- # Consul Enterprise Namespaces diff --git a/website/content/docs/enterprise/network-segments.mdx b/website/content/docs/enterprise/network-segments.mdx index 000316c6bccd..8b6b7ce951a2 100644 --- a/website/content/docs/enterprise/network-segments.mdx +++ b/website/content/docs/enterprise/network-segments.mdx @@ -1,9 +1,8 @@ --- layout: docs -page_title: Consul Enterprise Network Segments -description: |- - Consul Enterprise enables you create separate LAN gossip pools within one - cluster to segment network groups. +page_title: Network Segments (Enterprise) +description: >- +Network segments enable LAN gossip in a datacenter when network rules or firewalls prevent specific sets of clients from communicating directly. Learn about configuring server and client agents to operate in segmented networks. --- # Network Segments diff --git a/website/content/docs/enterprise/read-scale.mdx b/website/content/docs/enterprise/read-scale.mdx index c33f0d774f99..25629f057ba5 100644 --- a/website/content/docs/enterprise/read-scale.mdx +++ b/website/content/docs/enterprise/read-scale.mdx @@ -1,9 +1,8 @@ --- layout: docs -page_title: Consul Enterprise Enhanced Read Scalability +page_title: Read Replicas (Enterprise) description: >- - Consul Enterprise supports increased read scalability without impacting write - latency by introducing read replicas. +Learn how you can add non-voting servers to datacenters as read replicas to provide enhanced read scalability without impacting write latency. --- # Enhanced Read Scalability with Read Replicas diff --git a/website/content/docs/enterprise/redundancy.mdx b/website/content/docs/enterprise/redundancy.mdx index 3a7fa145dee9..e5d3a2433d5a 100644 --- a/website/content/docs/enterprise/redundancy.mdx +++ b/website/content/docs/enterprise/redundancy.mdx @@ -1,9 +1,8 @@ --- layout: docs -page_title: Consul Enterprise Redundancy Zones +page_title: Redundancy Zones (Enterprise) description: >- - Consul Enterprise redundancy zones enable hot standby servers on a per - availability zone basis. +Redundancy zones are regions of a cluster containing "hot standby" servers, or non-voting servers that can replace voting servers in the event of a failure. Learn about redundancy zones and how they improve resiliency and increase fault tolerance without affecting latency. --- # Redundancy Zones diff --git a/website/content/docs/enterprise/sentinel.mdx b/website/content/docs/enterprise/sentinel.mdx index 7cb532ebe4b0..9430e929b269 100644 --- a/website/content/docs/enterprise/sentinel.mdx +++ b/website/content/docs/enterprise/sentinel.mdx @@ -1,10 +1,8 @@ --- layout: docs -page_title: Sentinel in Consul +page_title: Sentinel in Consul (Enterprise) description: >- - Consul Enterprise uses Sentinel to augment the built-in ACL system to provide - advanced policy enforcement. Sentinel policies can currently execute on KV - modify and service registration. +Sentinel is an access-control-policy-as-code framework and language. Learn how Consul can use Sentinel policies to extend the ACL system's capabilities and further secure your clusters by controlling key-value (KV) store write access. --- # Sentinel in Consul diff --git a/website/content/docs/enterprise/upgrades.mdx b/website/content/docs/enterprise/upgrades.mdx index 49cecf99c3e7..8ac8d075950a 100644 --- a/website/content/docs/enterprise/upgrades.mdx +++ b/website/content/docs/enterprise/upgrades.mdx @@ -1,10 +1,8 @@ --- layout: docs -page_title: Consul Enterprise Automated Upgrades +page_title: Automated Upgrades (Enterprise) description: >- - Consul Enterprise supports an upgrade pattern that allows operators to deploy - a complete cluster of new servers and then just wait for the upgrade to - complete. +Automated upgrades simplify the process for updating Consul. Learn how Consul can gracefully transition from existing server agents to a new set of server agents without Consul downtime. --- # Automated Upgrades diff --git a/website/content/docs/install/bootstrapping.mdx b/website/content/docs/install/bootstrapping.mdx index 849a3fc3c590..3d1824b50093 100644 --- a/website/content/docs/install/bootstrapping.mdx +++ b/website/content/docs/install/bootstrapping.mdx @@ -1,15 +1,11 @@ --- layout: docs -page_title: Bootstrapping a Datacenter +page_title: Bootstrap a Datacenter description: >- - An agent can run in both client and server mode. Server nodes are responsible - for running the consensus protocol and storing the cluster state. Before a - Consul cluster can begin to service requests, a server node must be elected - leader. Thus, the first nodes that are started are generally the server nodes. - Bootstrapping is the process of joining these server nodes into a cluster. +Bootstrapping a datacenter is the initial deployment process in Consul that starts server agents and joins them together. Learn how to automatically or manually join servers in a cluster. --- -# Bootstrapping a Datacenter +# Bootstrap a Datacenter An agent can run in either client or server mode. Server nodes are responsible for running the [consensus protocol](/docs/architecture/consensus) and storing the cluster state. diff --git a/website/content/docs/install/cloud-auto-join.mdx b/website/content/docs/install/cloud-auto-join.mdx index 3d6072f9b926..0d2ff059e819 100644 --- a/website/content/docs/install/cloud-auto-join.mdx +++ b/website/content/docs/install/cloud-auto-join.mdx @@ -1,9 +1,8 @@ --- layout: docs -page_title: Cloud Auto-join +page_title: Auto-join a Cloud Provider description: >- - Consul supports automatically joining a Consul datacenter using cloud metadata - on various providers. +Auto-join enables agents to automatically join other agents running in the cloud. To configure auto-join, specify agent addresses with compute node metadata for the cloud provider instead of an IP address. Use the CLI or an agent configuration file to configure cloud auto-join. --- # Cloud Auto-join diff --git a/website/content/docs/install/glossary.mdx b/website/content/docs/install/glossary.mdx index 703761450af7..56b444eefa0e 100644 --- a/website/content/docs/install/glossary.mdx +++ b/website/content/docs/install/glossary.mdx @@ -2,8 +2,7 @@ layout: docs page_title: Glossary description: >- - This page collects brief definitions of some of the technical terms used in - the documentation. +The glossary is a list of technical terms with a specific meaning in Consul. Use the glossary to understand Consul concepts and study for the certification exam. --- # Consul Vocabulary diff --git a/website/content/docs/install/index.mdx b/website/content/docs/install/index.mdx index c57fb72d0d0c..fe092cda7e06 100644 --- a/website/content/docs/install/index.mdx +++ b/website/content/docs/install/index.mdx @@ -1,9 +1,8 @@ --- layout: docs -page_title: Get Started -description: |- - Installing Consul is simple. You can download a precompiled binary, compile - from source or run on Kubernetes. This page details these methods. +page_title: Install Consul +description: >- +Install Consul to get started with service discovery and service mesh. Follow the installation instructions to download the precompiled binary, or use Go to compile from source. --- # Install Consul diff --git a/website/content/docs/install/manual-bootstrap.mdx b/website/content/docs/install/manual-bootstrap.mdx index bb72b9aec377..eeaf6e7ec38e 100644 --- a/website/content/docs/install/manual-bootstrap.mdx +++ b/website/content/docs/install/manual-bootstrap.mdx @@ -1,11 +1,8 @@ --- layout: docs -page_title: Manual Bootstrapping +page_title: Manually Bootstrap a Datacenter description: >- - When deploying Consul to a datacenter for the first time, there is an initial - bootstrapping that must be done. As of Consul 0.4, an automatic bootstrapping - is available and is the recommended approach. However, older versions only - support a manual bootstrap that is documented here. +Manually bootstrap a datacenter to deploy your Consul servers and join them together for the first time. For Consul v0.4+, we recommend automatic bootstrapping instead. --- # Manually Bootstrapping a Datacenter diff --git a/website/content/docs/install/performance.mdx b/website/content/docs/install/performance.mdx index b3e560316a49..b0185dc076c6 100644 --- a/website/content/docs/install/performance.mdx +++ b/website/content/docs/install/performance.mdx @@ -1,10 +1,8 @@ --- layout: docs -page_title: Server Performance +page_title: Server Performance Requirements description: >- - Consul requires different amounts of compute resources, depending on cluster - size and expected workload. This guide provides guidance on choosing compute - resources. +Consul servers require sufficient compute resources to communicate and process data quickly. Learn about Consul's minimum server requirements and recommendations for different workloads. --- # Server Performance diff --git a/website/content/docs/install/ports.mdx b/website/content/docs/install/ports.mdx index 0923935ba1d3..d3479f5286d3 100644 --- a/website/content/docs/install/ports.mdx +++ b/website/content/docs/install/ports.mdx @@ -2,8 +2,7 @@ layout: docs page_title: Required Ports description: >- - Before starting Consul it is important to have the necessary bind ports - accessible. +Consul requires multiple ports for directing DNS, HTTP, gRPC, gossip, and sidecar proxy requests. Learn about required and optional ports, and how Consul uses them for specific communication functions. --- # Required Ports diff --git a/website/content/docs/integrate/download-tools.mdx b/website/content/docs/integrate/download-tools.mdx index a42e1c64d0ea..d9b817f572b5 100644 --- a/website/content/docs/integrate/download-tools.mdx +++ b/website/content/docs/integrate/download-tools.mdx @@ -1,9 +1,8 @@ --- layout: docs page_title: Consul Tools -description: |- - From this page you can download various tools for Consul. These tools are - maintained by HashiCorp and the Consul Community. +description: >- +Consul's capabilities can be extended through integration with other tools. Learn about Consul-related tools created by HashiCorp and by the Consul community. --- # Download Consul Tools diff --git a/website/content/docs/integrate/nia-integration.mdx b/website/content/docs/integrate/nia-integration.mdx index 73a0f7859aeb..a5e8345a36f7 100644 --- a/website/content/docs/integrate/nia-integration.mdx +++ b/website/content/docs/integrate/nia-integration.mdx @@ -1,7 +1,8 @@ --- layout: docs -page_title: Network Infrastructure Automation Integration Program -description: Guide to partnership integrations for Consul NIA +page_title: Network Infrastructure Automation (NIA) Integration Program +description: >- +The Network Infrastructure Automation (NIA) Integration Program allows partners to develop Terraform modules for Consul-Terraform-Sync (CTS) that HashiCorp reviews to consider publishing as officially verified. Learn about how to participate in the program. --- # Network Infrastructure Automation Integration Program diff --git a/website/content/docs/integrate/partnerships.mdx b/website/content/docs/integrate/partnerships.mdx index 327a8491028c..9f20a0d833d7 100644 --- a/website/content/docs/integrate/partnerships.mdx +++ b/website/content/docs/integrate/partnerships.mdx @@ -1,7 +1,8 @@ --- layout: docs page_title: Consul Integration Program -description: Guide to partnership integrations for Consul. +description: >- +The Consul Integration Program allows approved partners to develop Consul integrations that HashiCorp reviews to consider publishing as officially verified. Learn about how to participate in the program. --- # Consul Integration Program diff --git a/website/content/docs/internals/index.mdx b/website/content/docs/internals/index.mdx index ca353c2e66be..d34baedab6de 100644 --- a/website/content/docs/internals/index.mdx +++ b/website/content/docs/internals/index.mdx @@ -1,12 +1,11 @@ --- layout: docs -page_title: Internals +page_title: Internals Overview description: >- - This section covers some of the internals of Consul, such as the architecture, - consensus and gossip protocols, and security model. +To enhance your understanding of how to use, troubleshoot, and secure Consul, learn more about Consul's internal properties and how it works under the hood. --- -# Consul Internals +# Consul Internals Overview This section covers some of the internals of Consul. Understanding the internals of Consul is necessary to successfully use it in production. diff --git a/website/content/docs/k8s/annotations-and-labels.mdx b/website/content/docs/k8s/annotations-and-labels.mdx index 1c45a12c5721..dc95b8f216db 100644 --- a/website/content/docs/k8s/annotations-and-labels.mdx +++ b/website/content/docs/k8s/annotations-and-labels.mdx @@ -2,7 +2,7 @@ layout: docs page_title: Annotations and Labels description: >- - The list of available labels and annotations for running Consul on Kubernetes. +Annotations and labels configure Consul sidecar properties and injection behavior when scheduling Kubernetes clusters. Learn about the annotations and labels that enable Consul’s service mesh and secure upstream communication on k8s in this reference guide. --- # Annotations and Labels diff --git a/website/content/docs/k8s/architecture.mdx b/website/content/docs/k8s/architecture.mdx index ec020c3e300d..6367d3bcd6d9 100644 --- a/website/content/docs/k8s/architecture.mdx +++ b/website/content/docs/k8s/architecture.mdx @@ -1,8 +1,8 @@ --- layout: docs -page_title: Consul on Kubernetes Architecture +page_title: Consul on Kubernetes Control Plane Architecture description: >- - A high level overview of Consul on Kubernetes Architecture +When running on Kubernetes, Consul’s control plane architecture does not change significantly. Server agents are deployed as a StatefulSet with a persistent volume, while client agents run as a k8s DaemonSet with an exposed API port. --- diff --git a/website/content/docs/k8s/compatibility.mdx b/website/content/docs/k8s/compatibility.mdx index f5e362cb4637..84d12e1d7a12 100644 --- a/website/content/docs/k8s/compatibility.mdx +++ b/website/content/docs/k8s/compatibility.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Compatibility Matrix -description: Compatibility Matrix for Consul Kubernetes +page_title: Consul on Kubernetes Version Compatibility +description: >- +New releases require corresponding version updates to Consul on Kubernetes and its Helm chart. Review the compatibility matrix for Consul and consul-k8s and additional notes for integrating Vault and third-party platforms. --- -# Compatibility Matrix for Consul on Kubernetes +# Consul on Kubernetes Version Compatibility For every release of Consul on Kubernetes, a Helm chart, `consul-k8s-control-plane` binary and a `consul-k8s` CLI binary is built and distributed through a single version. When deploying via Helm, the recommended best path for upgrading Consul on Kubernetes, is to upgrade using the same `consul-k8s-control-plane` version as the Helm Chart, as the Helm Chart and Control Plane binary are tightly coupled. diff --git a/website/content/docs/k8s/connect/connect-ca-provider.mdx b/website/content/docs/k8s/connect/connect-ca-provider.mdx index 6598088fe96a..b8b419b718e8 100644 --- a/website/content/docs/k8s/connect/connect-ca-provider.mdx +++ b/website/content/docs/k8s/connect/connect-ca-provider.mdx @@ -1,10 +1,11 @@ ---- +"--- layout: docs -page_title: Configuring a Connect CA Provider -description: Configuring a Connect CA Provider ---- +page_title: Configure Certificate Authority (CA) for Consul on Kubernetes +description: >- +Consul includes a built-in CA, but when bootstrapping a cluster on k8s, you can configure your service mesh to use a custom certificate provider instead. Learn how to configure Vault as an external CA in primary and secondary datacenters and manually rotate Vault tokens. +---" -# Configuring a Connect CA Provider +# Configure Certificate Authority (CA) for Consul on Kubernetes ~> **NOTE:** The instructions below should only be used for initially bootstrapping a cluster with **Consul K8s 0.38.0+.** To update the Connect CA provider on an existing cluster or to update any properties, such as tokens, of the CA provider, diff --git a/website/content/docs/k8s/connect/health.mdx b/website/content/docs/k8s/connect/health.mdx index 2ff0d38133be..1b78c3e83b46 100644 --- a/website/content/docs/k8s/connect/health.mdx +++ b/website/content/docs/k8s/connect/health.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Kubernetes Health Checks -description: Configuring Kubernetes Health Checks +page_title: Configure Health Checks for Consul on Kubernetes +description: >- +Kubernetes has built-in health probes you can sync with Consul's health checks to ensure service mesh traffic is routed to healthy pods. Learn how to register a TTL Health check and use mutating webhooks to redirect k8s liveness, readiness, and startup probes through Envoy proxies. --- -# Kubernetes Health Checks in Consul on Kubernetes +# Configure Health Checks for Consul on Kubernetes ~> This topic requires familiarity with [Kubernetes Health Checks](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/). diff --git a/website/content/docs/k8s/connect/index.mdx b/website/content/docs/k8s/connect/index.mdx index c84729fe9b67..37ea5af0e3f4 100644 --- a/website/content/docs/k8s/connect/index.mdx +++ b/website/content/docs/k8s/connect/index.mdx @@ -1,14 +1,11 @@ --- layout: docs -page_title: Consul Service Mesh on Kubernetes +page_title: How does Consul Service Mesh Work on Kubernetes? description: >- - Consul Service Mesh is a feature built into to Consul that enables automatic - service-to-service authorization and connection encryption across your Consul - services. Consul Service Mesh can be used with Kubernetes to secure pod communication with - other services. +An injection annotation allows Consul to automatically deploy sidecar proxies on Kubernetes pods, enabling Consul's service mesh for containers running on k8s. Learn how to configure sidecars, enable services with multiple ports, change default injection settings. --- -# Consul Service Mesh on Kubernetes +# How does Consul Service Mesh Work on Kubernetes? [Consul Service Mesh](/docs/connect) is a feature built into to Consul that enables automatic service-to-service authorization and connection encryption across diff --git a/website/content/docs/k8s/connect/ingress-controllers.mdx b/website/content/docs/k8s/connect/ingress-controllers.mdx index 4201f6c4d7ef..10ba41b22c54 100644 --- a/website/content/docs/k8s/connect/ingress-controllers.mdx +++ b/website/content/docs/k8s/connect/ingress-controllers.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Ingress Controller Integrations -description: Configuring Ingress Controllers With Consul On Kubernetes +page_title: Configure Ingress Controllers for Consul on Kubernetes +description: >- +Ingress controllers are pluggable components that must be configured in k8s in order to use the Ingress resource. Learn how to deploy sidecars with the controller to secure its communication with Consul, review common configuration issues, and find links to example configurations. --- -# Configuring Ingress Controllers with Consul on Kubernetes +# Configure Ingress Controllers for Consul on Kubernetes -> This topic requires Consul 1.10+, Consul-k8s 0.26+, Consul-helm 0.32+ configured with [Transparent Proxy](/docs/connect/transparent-proxy) mode enabled. In addition, this topic assumes that the reader is familiar with [Ingress Controllers](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/) on Kubernetes. diff --git a/website/content/docs/k8s/connect/ingress-gateways.mdx b/website/content/docs/k8s/connect/ingress-gateways.mdx index 523299168afb..e9ec3bf195e1 100644 --- a/website/content/docs/k8s/connect/ingress-gateways.mdx +++ b/website/content/docs/k8s/connect/ingress-gateways.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Ingress Gateways - Kubernetes -description: Configuring Ingress Gateways on Kubernetes +page_title: Configure Ingress Gateways for Consul on Kubernetes +description: >- +Ingress gateways listen for external requests and route authorized traffic to instances in the service mesh running on Kubernetes. Learn how to configure ingress gateways, set intentions, and connect them to k8s applications. --- -# Ingress Gateways on Kubernetes +# Configure Ingress Gateways for Consul on Kubernetes -> 1.9.0+: This feature is available in Consul versions 1.9.0 and higher diff --git a/website/content/docs/k8s/connect/observability/metrics.mdx b/website/content/docs/k8s/connect/observability/metrics.mdx index 109c2d3e0c2e..91e9510921b9 100644 --- a/website/content/docs/k8s/connect/observability/metrics.mdx +++ b/website/content/docs/k8s/connect/observability/metrics.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Metrics -description: Metrics for Consul on Kubernetes +page_title: Configure metrics for Consul on Kubernetes +description: >- +Use the `connectInject.metrics` Helm values to enable Prometheus and Grafana integrations and capture metrics. Consul can collect metrics from the service mesh, sidecar proxies, agents, and gateways in a k8s cluster and then display service traffic metrics in Consul’s UI for additional observability. --- -# Metrics +# Configure Metrics for Consul on Kubernetes Consul on Kubernetes integrates with Prometheus and Grafana to provide metrics for Consul Service Mesh. The metrics available are: diff --git a/website/content/docs/k8s/connect/terminating-gateways.mdx b/website/content/docs/k8s/connect/terminating-gateways.mdx index e82bd773fb8a..ad571248f1e7 100644 --- a/website/content/docs/k8s/connect/terminating-gateways.mdx +++ b/website/content/docs/k8s/connect/terminating-gateways.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Terminating Gateways - Kubernetes -description: Configuring Terminating Gateways on Kubernetes +page_title: Configure Terminating Gateways for Consul on Kubernetes +description: >- +Terminating gateways send secure requests from the service mesh to locations outside of the Kubernetes cluster. Learn how to configure terminating gateways for k8s, register external services in Consul’s service catalog, and define external sources as upstreams in your service mesh. --- -# Terminating Gateways on Kubernetes +# Configure Terminating Gateways for Consul on Kubernetes -> 1.9.0+: This feature is available in Consul versions 1.9.0 and higher diff --git a/website/content/docs/k8s/crds/index.mdx b/website/content/docs/k8s/crds/index.mdx index 03757ff1d62f..b8598407fef2 100644 --- a/website/content/docs/k8s/crds/index.mdx +++ b/website/content/docs/k8s/crds/index.mdx @@ -1,13 +1,11 @@ --- layout: docs -page_title: Consul Custom Resource Definitions +page_title: Custom Resource Definitions for Consul on Kubernetes description: >- - Consul supports managing configuration entries via Kubernetes Custom Resources. - These custom resource can be used to manage the configuration for workloads - deployed within the cluster. +Consul on Kubernetes supports Consul's configuration entry kind through Custom Resource Definitions (CRDs). Learn how to configure Helm charts to enable CRDs and use kubectl to create, manage, and delete mesh components like gateways and intentions on k8s. --- -# Custom Resource Definitions +# Custom Resource Definitions (CRDs) for Consul on Kubernetes This topic describes how to manage Consul [configuration entries](/docs/agent/config-entries) via Kubernetes Custom Resources. Configuration entries provide cluster-wide defaults for the service mesh. diff --git a/website/content/docs/k8s/crds/upgrade-to-crds.mdx b/website/content/docs/k8s/crds/upgrade-to-crds.mdx index d5b07542063b..4dc5ab7325ab 100644 --- a/website/content/docs/k8s/crds/upgrade-to-crds.mdx +++ b/website/content/docs/k8s/crds/upgrade-to-crds.mdx @@ -1,11 +1,11 @@ --- layout: docs -page_title: Upgrade An Existing Cluster to CRDs +page_title: Upgrade Existing Clusters to Use Custom Resource Definitions description: >- - Upgrade an existing cluster to use custom resources. +Kubernetes clusters configured with a Consul Helm chart version older than 0.30.0 require updates in order to use CRDs. Learn about upgrading to a supported Helm version and how to migrate a Consul config entry to a k8s CRD. --- -# Upgrade An Existing Cluster to CRDs +# Upgrade Existing Clusters to Use Custom Resource Definitions Upgrading to consul-helm versions >= `0.30.0` will require some changes if you utilize the following: diff --git a/website/content/docs/k8s/dns.mdx b/website/content/docs/k8s/dns.mdx index 47c9fc189d3c..6db0f664e86c 100644 --- a/website/content/docs/k8s/dns.mdx +++ b/website/content/docs/k8s/dns.mdx @@ -1,13 +1,11 @@ --- layout: docs -page_title: Consul DNS - Kubernetes +page_title: Resolve Consul DNS requests in Kubernetes description: >- - One of the primary query interfaces to Consul is the DNS interface. The Consul - DNS interface can be exposed for all pods in Kubernetes using a stub-domain - configuration. +Use a k8s ConfigMap to configure KubeDNS or CoreDNS so that you can use Consul's `.service.consul` syntax for queries and other DNS requests. In Kubernetes, this process uses either stub-domain or proxy configuration. --- -# Consul DNS on Kubernetes +# Resolve Consul DNS Requests in Kubernetes One of the primary query interfaces to Consul is the [DNS interface](/docs/discovery/dns). You can configure Consul DNS in diff --git a/website/content/docs/k8s/helm.mdx b/website/content/docs/k8s/helm.mdx index 937bf8d55ada..538113ad53a6 100644 --- a/website/content/docs/k8s/helm.mdx +++ b/website/content/docs/k8s/helm.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Helm Chart Configuration -description: Configuration for the Consul Helm chart. +page_title: Helm Chart Reference +description: >- +The Helm Chart allows you to schedule Kubernetes clusters with injected Consul sidecars by defining custom values in a YAML configuration. Find stanza hierarchy, the parameters you can set, and their default values in this k8s reference guide. --- -# Helm Chart Configuration +# Helm Chart Reference The chart is highly customizable using [Helm configuration values](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). @@ -620,8 +621,7 @@ Use these links to navigate to a particular top-level stanza. Vault Secrets backend: If you are using Vault as a secrets backend, a Vault Policy must be created which allows `["create", "update"]` capabilities on the PKI issuing endpoint, which is usually of the form `pki/issue/consul-server`. - Please see the following guide for steps to generate a compatible certificate: - https://learn.hashicorp.com/tutorials/consul/vault-pki-consul-secure-tls + Please refer the [Consul and Vault tutorial](https://learn.hashicorp.com/tutorials/consul/vault-pki-consul-secure-tls?utm_source=docs) for steps to generate a compatible certificate. Note: when using TLS, both the `server.serverCert` and `global.tls.caCert` which points to the CA endpoint of this PKI engine must be provided. diff --git a/website/content/docs/k8s/index.mdx b/website/content/docs/k8s/index.mdx index 492f6eb5422e..8b3270c8caf2 100644 --- a/website/content/docs/k8s/index.mdx +++ b/website/content/docs/k8s/index.mdx @@ -1,14 +1,11 @@ --- layout: docs -page_title: Kubernetes +page_title: Consul on Kubernetes description: >- - Consul has many integrations with Kubernetes. You can deploy Consul to - Kubernetes using the Helm chart, sync services between Consul and Kubernetes, - automatically secure Pod communication with Connect, and more. This section - documents the official integrations between Consul and Kubernetes. +Consul supports Kubernetes natively, allowing you to deploy Consul sidecars to a Kubernetes service mesh and sync the k8s service registry with non-k8s services. Learn how to install Consul on Kubernetes with Helm or the Consul K8s CLI and get started with tutorials. --- -# Kubernetes +# Consul on Kubernetes Consul has many integrations with Kubernetes. You can deploy Consul to Kubernetes using the [Helm chart](/docs/k8s/installation/install#helm-chart-installation) or [Consul K8s CLI](/docs/k8s/installation/install-cli#consul-k8s-cli-installation), sync services between Consul and diff --git a/website/content/docs/k8s/installation/install-cli.mdx b/website/content/docs/k8s/installation/install-cli.mdx index ae6de69bf78e..63b890b51f10 100644 --- a/website/content/docs/k8s/installation/install-cli.mdx +++ b/website/content/docs/k8s/installation/install-cli.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Install Consul from the Consul K8s CLI +page_title: Install Consul on K8s CLI description: >- - This topic describes how to install Consul on Kubernetes using the Consul K8s CLI tool. +You can use the Consul K8s CLI tool to schedule Kubernetes deployments instead of using Helm. Learn how to download and install the tool to interact with Consul on Kubernetes using the `consul-k8s` command. --- +# Install Consul on K8s CLI # Install Consul on Kubernetes from Consul K8s CLI diff --git a/website/content/docs/k8s/installation/install.mdx b/website/content/docs/k8s/installation/install.mdx index 49961a6270e9..17c9daf359c9 100644 --- a/website/content/docs/k8s/installation/install.mdx +++ b/website/content/docs/k8s/installation/install.mdx @@ -1,11 +1,11 @@ --- layout: docs -page_title: Install Consul on Kubernetes from the Helm Chart +page_title: Install Consul on Kubernetes with Helm description: >- - This topic describes how to install Consul on Kubernetes using the official Consul Helm chart. +You can use Helm to configure Consul on Kubernetes deployments. Learn how to add the official Helm chart to your repository and the parameters that enable the service mesh, CNI plugins, Consul UI, and Consul HTTP API. --- -# Install Consul on Kubernetes from the Helm Chart +# Install Consul on Kubernetes with Helm This topic describes how to install Consul on Kubernetes using the official Consul Helm chart. For instruction on how to install Consul on Kubernetes using the Consul K8s CLI, refer to [Installing the Consul K8s CLI](/docs/k8s/installation/install-cli). @@ -25,7 +25,7 @@ Refer to the [architecture](/docs/k8s/installation/install#architecture) section For a hands-on experience with Consul as a service mesh for Kubernetes, follow the [Getting Started with Consul service -mesh](https://learn.hashicorp.com/tutorials/consul/service-mesh-deploy?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) tutorial. +mesh](https://learn.hashicorp.com/tutorials/consul/service-mesh-deploy?in=consul/gs-consul-service-mesh?utm_source=docs) tutorial. ## Requirements diff --git a/website/content/docs/k8s/k8s-cli.mdx b/website/content/docs/k8s/k8s-cli.mdx index d85f56c39c3f..dfbe682a3d06 100644 --- a/website/content/docs/k8s/k8s-cli.mdx +++ b/website/content/docs/k8s/k8s-cli.mdx @@ -1,8 +1,8 @@ --- layout: docs -page_title: Consul K8s CLI Reference +page_title: Consul on Kubernetes CLI Reference description: >- - The Consul on Kubernetes CLI (consul-k8s) is a tool for installing and managing Consul on Kubernetes. +The Consul on Kubernetes CLI tool enables you to manage Consul with the `consul-k8s` command instead of direct interaction with Helm, kubectl, or Consul’s CLI. Learn about commands, their flags, and review examples in this reference guide. --- # Consul on Kubernetes CLI Reference diff --git a/website/content/docs/k8s/operations/certificate-rotation.mdx b/website/content/docs/k8s/operations/certificate-rotation.mdx index 6a73fdf4820b..a7337abb65e9 100644 --- a/website/content/docs/k8s/operations/certificate-rotation.mdx +++ b/website/content/docs/k8s/operations/certificate-rotation.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Certificate Rotation -description: Rotate Certificate on Kubernetes Cluster safely +page_title: Rotate TLS Certificates for Consul on Kubernetes +description: >- +In Consul Helm version 0.29.0 and later, new server agent TLS certificates are issued every time the Helm version is upgraded. Learn how to manually trigger certificate rotation if they do not rotate automatically. --- -# Rotating Server Certificates +# Rotate TLS Certificates for Consul on Kubernetes As of Consul Helm version `0.29.0`, if TLS is enabled, new TLS certificates for the Consul Server are issued every time the Helm chart is upgraded. These certificates are signed by the same CA and will diff --git a/website/content/docs/k8s/operations/gossip-encryption-key-rotation.mdx b/website/content/docs/k8s/operations/gossip-encryption-key-rotation.mdx index bad773f0bc35..4aec2d3382ca 100644 --- a/website/content/docs/k8s/operations/gossip-encryption-key-rotation.mdx +++ b/website/content/docs/k8s/operations/gossip-encryption-key-rotation.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Gossip Encryption Key Rotation -description: Rotate the Gossip Encryption Key on Kubernetes Cluster safely +page_title: Rotate Gossip Encryption Keys for Consul on Kubernetes +description: >- +Consul agents use encryption keys to secure their gossip communication, and you must rotate the keys periodically to maintain network security. Learn how to use `keygen` and `keyring` commands to rotate keys for agents on k8s clusters. --- -# Rotating Gossip Encryption Key +# Rotate Gossip Encryption Keys for Consul on Kubernetes The following instructions provides a step-by-step manual process for rotating [gossip encryption](/docs/security/encryption#gossip-encryption) keys on Consul clusters that are deployed onto a Kubernetes cluster with Consul on Kubernetes. diff --git a/website/content/docs/k8s/operations/tls-on-existing-cluster.mdx b/website/content/docs/k8s/operations/tls-on-existing-cluster.mdx index 2b69be5380e8..07ffa89ddc67 100644 --- a/website/content/docs/k8s/operations/tls-on-existing-cluster.mdx +++ b/website/content/docs/k8s/operations/tls-on-existing-cluster.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Configure TLS on an Existing Cluster -description: Configure TLS on an existing Consul cluster running in Kubernetes +page_title: Rolling Updates to TLS for Existing Clusters on Kubernetes +description: >- +Consul Helm chart 0.16.0 and later supports TLS communication within clusters. Follow the instructions to trigger rolling updates for consul-k8s without causing downtime. --- -# Configuring TLS on an Existing Cluster +# Rolling Updates to TLS for Existing Clusters on Kubernetes As of Consul Helm version `0.16.0`, the chart supports TLS for communication within the cluster. If you already have a Consul cluster deployed on Kubernetes, diff --git a/website/content/docs/k8s/operations/uninstall.mdx b/website/content/docs/k8s/operations/uninstall.mdx index 9e0a4e3185d7..bdcacca8554d 100644 --- a/website/content/docs/k8s/operations/uninstall.mdx +++ b/website/content/docs/k8s/operations/uninstall.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Uninstall -description: Uninstall Consul on Kubernetes +page_title: Uninstall Consul on Kubernetes +description: >- +You can use the Consul-K8s CLI tool to remove all or part of a Consul installation on Kubernetes. You can also use Helm and then manually remove resources that Helm does not delete. --- -# Uninstall Consul +# Uninstall Consul on Kubernetes You can uninstall Consul using Helm commands or the Consul K8s CLI. diff --git a/website/content/docs/k8s/platforms/self-hosted-kubernetes.mdx b/website/content/docs/k8s/platforms/self-hosted-kubernetes.mdx index e0ab7c68892a..60e7ce994cbe 100644 --- a/website/content/docs/k8s/platforms/self-hosted-kubernetes.mdx +++ b/website/content/docs/k8s/platforms/self-hosted-kubernetes.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Self Hosted Kubernetes -description: Installing Consul on Self Hosted Kubernetes +page_title: Install Consul on Self-Hosted Kubernetes Clusters +description: >- +The process for installing Consul on Kubernetes is the same as installing it on cloud-hosted k8s platforms, but requires additional configuration. Learn how to pre-define Persistent Volume Claims (PVCs) and a default storage class for server agents. --- -# Self Hosted Kubernetes +# Install Consul on Self-Hosted Kubernetes Clusters Except for creating persistent volumes and ensuring there is a storage class configured (see below), installing Consul on your diff --git a/website/content/docs/k8s/service-sync.mdx b/website/content/docs/k8s/service-sync.mdx index 5fbabe6b2791..9effcd05eaf8 100644 --- a/website/content/docs/k8s/service-sync.mdx +++ b/website/content/docs/k8s/service-sync.mdx @@ -1,13 +1,11 @@ --- layout: docs -page_title: Service Sync - Kubernetes +page_title: Service Sync for Consul on Kubernetes description: >- - The services in Kubernetes and Consul can be automatically synced so that - Kubernetes services are available to Consul agents and services in Consul can - be available as first-class Kubernetes services. +Service sync is a Consul on Kubernetes feature that makes Kubernetes and Consul services available to each other. Learn how to configure Helm values so services can communicate and make Kubernetes services appear in the Consul UI. --- -# Syncing Kubernetes and Consul Services +# Service Sync for Consul on Kubernetes The services in Kubernetes and Consul can be automatically synced so that Kubernetes services are available to Consul agents and services in Consul can be available diff --git a/website/content/docs/k8s/upgrade/index.mdx b/website/content/docs/k8s/upgrade/index.mdx index 9d7aa9bd72f9..65d7e643a33f 100644 --- a/website/content/docs/k8s/upgrade/index.mdx +++ b/website/content/docs/k8s/upgrade/index.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Upgrade -description: Upgrade Consul on Kubernetes +page_title: Upgrading Consul on Kubernetes Components +description: >- +Consul on Kubernetes relies on packages and binaries that have individual upgrade requirements. Learn how to update Helm configurations, Helm versions, Consul versions, and Consul agents, as well as how to determine what will change and its impact on your service mesh. --- -# Upgrade Consul on Kubernetes +# Upgrading Consul on Kubernetes Components ## Upgrade Types diff --git a/website/content/docs/k8s/upgrade/upgrade-cli.mdx b/website/content/docs/k8s/upgrade/upgrade-cli.mdx index fdb5139656d5..ae835a461363 100644 --- a/website/content/docs/k8s/upgrade/upgrade-cli.mdx +++ b/website/content/docs/k8s/upgrade/upgrade-cli.mdx @@ -1,11 +1,11 @@ --- layout: docs -page_title: Upgrade the Consul K8s CLI +page_title: Update the Consul K8s CLI description: >- - Consul K8s CLI is a tool for quickly installing and interacting with Consul on Kubernetes. +The Consul on Kubernetes CLI tool helps you schedule clusters without direct interaction with Helm or Consul’s CLI. Learn how to update the consul-k8s CLI tool to a new version. --- -# Upgrade the Consul K8s CLI +# Update the Consul K8s CLI Consul K8s CLI is a tool for quickly installing and interacting with Consul on Kubernetes. Ensure that you are running the correct version of the CLI prior to upgrading your Consul on Kubernetes deployment, as the CLI and the control plane are version dependent. diff --git a/website/content/docs/nia/architecture.mdx b/website/content/docs/nia/architecture.mdx index d7995e7ab3e8..8d564c9ace9e 100644 --- a/website/content/docs/nia/architecture.mdx +++ b/website/content/docs/nia/architecture.mdx @@ -76,4 +76,4 @@ CTS logs the error message and continues to run when it finds an incompatibility ## Security guidelines -We recommend following the network security guidelines described in the [Secure Consul-Terraform-Sync for Production](https://learn.hashicorp.com/tutorials/consul/consul-terraform-sync-secure?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) tutorial. The tutorial contains a checklist of best practices to secure your CTS installation for a production environment. \ No newline at end of file +We recommend following the network security guidelines described in the [Secure Consul-Terraform-Sync for Production](https://learn.hashicorp.com/tutorials/consul/consul-terraform-sync-secure?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) tutorial. The tutorial contains a checklist of best practices to secure your CTS installation for a production environment. diff --git a/website/content/docs/nia/configuration.mdx b/website/content/docs/nia/configuration.mdx index e4a39d0b09a0..d7b2290ef1bc 100644 --- a/website/content/docs/nia/configuration.mdx +++ b/website/content/docs/nia/configuration.mdx @@ -301,7 +301,7 @@ task { - `source` - (string: required) **Deprecated in CTS 0.5.0 and will be removed in a future major release. See the `module` field instead.** - `module` - (string: required) Module is the location the driver uses to discover the Terraform module used for automation. The module's source can be local or remote on the [Terraform Registry](https://registry.terraform.io/) or private module registry. Read more on [Terraform module source and other supported types here](https://www.terraform.io/language/modules/sources). - - To use a private module with the [`terraform` driver](#terraform-driver), run the command [`terraform login [hostname]`](https://learn.hashicorp.com/tutorials/terraform/cloud-login) to authenticate the local Terraform CLI prior to starting CTS. + - To use a private module with the [`terraform` driver](#terraform-driver), run the command [`terraform login [hostname]`](/terraform/tutorials/cloud/cloud-login?utm_source=docs) to authenticate the local Terraform CLI prior to starting CTS. - To use a private module with the [`terraform_cloud` driver](#terraform-cloud-driver), no extra steps are needed. ```hcl diff --git a/website/content/docs/security/acl/acl-federated-datacenters.mdx b/website/content/docs/security/acl/acl-federated-datacenters.mdx index 50335a423739..aedfd658e821 100644 --- a/website/content/docs/security/acl/acl-federated-datacenters.mdx +++ b/website/content/docs/security/acl/acl-federated-datacenters.mdx @@ -1,8 +1,8 @@ --- layout: docs -page_title: ACL in Federated Datacenters +page_title: ACL Setup for WAN Federated Datacenters description: >- - This topic describes the specific ACL bootstrapping policies that are necessary when ACLs are enabled for federated, multi-datacenter deployments. +Consul's access control list (ACL) system can span multiple datacenters that are WAN federated. Learn how to replicate the ACL system from the primary datacenter to secondary datacenters using a replication token. --- # ACLs in Federated Datacenters diff --git a/website/content/docs/security/acl/acl-legacy.mdx b/website/content/docs/security/acl/acl-legacy.mdx index 0b59ef0538d1..49832b9e1e31 100644 --- a/website/content/docs/security/acl/acl-legacy.mdx +++ b/website/content/docs/security/acl/acl-legacy.mdx @@ -1,11 +1,8 @@ --- layout: docs -page_title: ACL System (Legacy Mode) +page_title: Legacy ACL System description: >- - Consul provides an optional Access Control List (ACL) system which can be used - to control access to data and APIs. The ACL system is a Capability-based - system that relies on tokens which can have fine grained rules applied to - them. It is very similar to AWS IAM in many ways. +Consul's legacy ACL system was deprecated in version 1.4.0 and removed in version 1.11.0. Learn how Consul's legacy ACL system worked and how it differs from the current ACL system. --- # ACL System in Legacy Mode diff --git a/website/content/docs/security/acl/acl-migrate-tokens.mdx b/website/content/docs/security/acl/acl-migrate-tokens.mdx index 36387783c870..379f46e8c0b9 100644 --- a/website/content/docs/security/acl/acl-migrate-tokens.mdx +++ b/website/content/docs/security/acl/acl-migrate-tokens.mdx @@ -1,13 +1,8 @@ --- layout: docs -page_title: ACL Token Migration +page_title: Legacy ACL Token Migration description: >- - Consul 1.4.0 introduces a new ACL system with improvements for the security - and - - management of ACL tokens and policies. This guide documents how to upgrade - - existing (now called "legacy") tokens after upgrading to 1.4.0. +Migrate legacy tokens when updating to Consul 1.4.0+ from earlier versions to use the current ACL system. Learn about the migration process, how to update tokens, and examples for creating policies. --- # ACL Token Migration diff --git a/website/content/docs/security/acl/acl-policies.mdx b/website/content/docs/security/acl/acl-policies.mdx index 0099646b97cd..d2d37f6cac81 100644 --- a/website/content/docs/security/acl/acl-policies.mdx +++ b/website/content/docs/security/acl/acl-policies.mdx @@ -2,10 +2,10 @@ layout: docs page_title: ACL Policies description: >- - This topic describes policies as used in Consul's access control list (ACL) system. A policy is a group of one or more ACL rules that define which services and agents are authorized to communicate with other resources in the network. +ACL policies define access control rules for resources in Consul. When an ACL token is submitted with a request, Consul authorizes access based on the token's associated policies. Learn how to format and combine rules into policies and apply them to tokens. --- -# Policies +# ACL Policies This topic describes policies, which are components in Consul's access control list (ACL) system. Policies define which services and agents are authorized to interact with resources in the network. diff --git a/website/content/docs/security/acl/acl-roles.mdx b/website/content/docs/security/acl/acl-roles.mdx index 31aa98d109c0..e9dad9cdc170 100644 --- a/website/content/docs/security/acl/acl-roles.mdx +++ b/website/content/docs/security/acl/acl-roles.mdx @@ -1,12 +1,11 @@ --- layout: docs -page_title: Roles +page_title: ACL Roles description: >- - This topic describes roles within the access control list (ACL) system. A role is a named set of policies and service identities. - They enable you to reuse policies by decoupling the policies from the token distributed to team members. +Roles are a named collection of ACL policies, service identities, and node identities. Learn how roles allow you to reuse and update access control policies without needing to distribute new tokens to users. --- -# Roles +# ACL Roles A role is a collection of policies that your ACL administrator can link to a token. They enable you to reuse policies by decoupling the policies from the token distributed to team members. diff --git a/website/content/docs/security/acl/acl-rules.mdx b/website/content/docs/security/acl/acl-rules.mdx index d150648a6956..724108fb21ac 100644 --- a/website/content/docs/security/acl/acl-rules.mdx +++ b/website/content/docs/security/acl/acl-rules.mdx @@ -1,11 +1,11 @@ --- layout: docs -page_title: ACL Rules Reference +page_title: ACL Rules description: >- - This topic provides reference information for the types of access control level (ACL) rules you can create and how they affect access to datacenter resources. +Rules define read, write, and deny access controls for datacenter resources. Learn about these resources and how to assign rules to them, as well as their restrictions and API interactions. --- -# Rules Reference +# ACL Rules This topic provides reference information for the types of access control list (ACL) rules you can create and how they affect access to datacenter resources. For details on how to create rules and group them into policies, see [Policies](/docs/security/acl/acl-policies). diff --git a/website/content/docs/security/acl/acl-tokens.mdx b/website/content/docs/security/acl/acl-tokens.mdx index c6d6e9fb3c68..d3f3340f0c3f 100644 --- a/website/content/docs/security/acl/acl-tokens.mdx +++ b/website/content/docs/security/acl/acl-tokens.mdx @@ -1,11 +1,11 @@ --- layout: docs -page_title: Tokens +page_title: ACL Tokens description: >- - This topic describes access control list (ACL) tokens. Tokens are the core method of authentication in Consul. +Tokens are used to authenticate users, services, and agents and authorize their access to resources in Consul. Learn about token attributes, special-purpose and built-in tokens, and how to pass a token’s SecretID in the CLI and API. --- -# Tokens +# ACL Tokens This topic describes access control list (ACL) tokens, which are the core method of authentication in Consul. diff --git a/website/content/docs/security/acl/index.mdx b/website/content/docs/security/acl/index.mdx index 2b7ea78c113a..8b945786d99b 100644 --- a/website/content/docs/security/acl/index.mdx +++ b/website/content/docs/security/acl/index.mdx @@ -1,8 +1,8 @@ --- layout: docs -page_title: Access Control List (ACL) Overview +page_title: Access Control List (ACL): Overview description: >- - This topic describes provides an overview of the optional access control list (ACL) system shipped with Consul. The ACL system authenticates requests and authorizes access to resources. It is used by the UI, API, and CLI for service-to-service communication and agent-to-agent communication. +Consul's ACL system secures communication and controls access to the API, CLI, and UI. Learn about ACL components and how they interact to authenticate requests and authorize access for your network. --- # Access Control List (ACL) Overview diff --git a/website/content/docs/security/encryption.mdx b/website/content/docs/security/encryption.mdx index 88812feec1e1..3cde539f8ae1 100644 --- a/website/content/docs/security/encryption.mdx +++ b/website/content/docs/security/encryption.mdx @@ -1,10 +1,8 @@ --- layout: docs -page_title: Encryption +page_title: Encryption Systems description: >- - The Consul agent supports encrypting all of its network traffic. The exact - method of encryption is described on the encryption internals page. There are - two separate encryption systems, one for gossip traffic and one for RPC. +Consul supports encrypting all of its network traffic. Remote Process Calls (RPCs) between client and server agents can be encrypted with TLS and authenticated with certificates. Gossip communication between all agents can also be encrypted. --- # Encryption diff --git a/website/content/docs/security/index.mdx b/website/content/docs/security/index.mdx index 28451fd34ade..ef5e80d3f05f 100644 --- a/website/content/docs/security/index.mdx +++ b/website/content/docs/security/index.mdx @@ -1,12 +1,8 @@ --- layout: docs -page_title: Security +page_title: Security: Overview description: >- - Consul relies on both a lightweight gossip mechanism and an RPC system to - provide various features. Both of the systems have different security - mechanisms that stem from their designs. However, the security mechanisms of - Consul have a common goal: to provide confidentiality, integrity, and - authentication. +Security requirements and recommendations for Consul vary depending on workloads and environments. Learn how ACLs and encryption can protect access to and communication within your datacenter. --- ## Security Models diff --git a/website/content/docs/security/security-models/core.mdx b/website/content/docs/security/security-models/core.mdx index 33fe6e5380fa..bd7dacb27f04 100644 --- a/website/content/docs/security/security-models/core.mdx +++ b/website/content/docs/security/security-models/core.mdx @@ -1,8 +1,8 @@ --- layout: docs -page_title: Consul Core Security Model +page_title: Security Models: Consul description: >- - Security model including requirements, recommendations, and threats for the core Consul product. +The security model for Consul Core details requirements and recommendations for securing your deployment of Consul. Learn about potential threats and how to protect Consul from malicious actors. --- ## Overview diff --git a/website/content/docs/security/security-models/index.mdx b/website/content/docs/security/security-models/index.mdx index 51f83df46af7..abf86f186304 100644 --- a/website/content/docs/security/security-models/index.mdx +++ b/website/content/docs/security/security-models/index.mdx @@ -1,8 +1,8 @@ --- layout: docs -page_title: Security Models +page_title: Security Models: Overview description: >- - Overview and links to various Consul security models. +Security models are the set of requirements and recommendations for securely operating a Consul deployment. Learn about security models and how they differ between environments. --- ## Overview diff --git a/website/content/docs/security/security-models/nia.mdx b/website/content/docs/security/security-models/nia.mdx index d1af5019f090..fae5ac8a0d06 100644 --- a/website/content/docs/security/security-models/nia.mdx +++ b/website/content/docs/security/security-models/nia.mdx @@ -1,8 +1,8 @@ --- layout: docs -page_title: Consul NIA Security Model +page_title: Security Models: Network Infrastructure Automation (NIA) description: >- - Security model including requirements, recommendations, and threats for Consul Network Infrastructure Automation (NIA). +The NIA security model details requirements and recommendations for securing your Consul-Terraform-Sync (CTS) deployment. Learn about potential threats and how to protect CTS from malicious actors. --- ## Overview diff --git a/website/content/docs/troubleshoot/common-errors.mdx b/website/content/docs/troubleshoot/common-errors.mdx index 2ec8de87c137..ce3649e6305e 100644 --- a/website/content/docs/troubleshoot/common-errors.mdx +++ b/website/content/docs/troubleshoot/common-errors.mdx @@ -1,6 +1,8 @@ --- layout: docs -page_title: Common Error Messages +page_title: Common Error Messages - Troubleshoot +description: >- +Troubleshoot issues based on the error message. Common errors result from failed actions, timeouts, multiple entries, bad and expired certificates, invalid characters, syntax parsing, malformed responses, and exceeded deadlines. --- # Common Error Messages diff --git a/website/content/docs/troubleshoot/faq.mdx b/website/content/docs/troubleshoot/faq.mdx index 8c89582ec99b..10e5461d4b59 100644 --- a/website/content/docs/troubleshoot/faq.mdx +++ b/website/content/docs/troubleshoot/faq.mdx @@ -1,6 +1,8 @@ --- layout: docs -page_title: Frequently Asked Questions +page_title: Common Error Messages | Troubleshoot +description: >- +Troubleshoot issues based on the error message. Common errors result from failed actions, timeouts, multiple entries, bad and expired certificates, invalid characters, syntax parsing, malformed responses, and exceeded deadlines. --- # Frequently Asked Questions