-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
contrib: add first draft of Connect CA developer docs #10578
Conversation
602ab21
to
c3c748a
Compare
5b98336
to
5887acc
Compare
Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
And links to code
5887acc
to
2e2156a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We will probably need to revise this doc as we go, but let's get it merged and improve it as we go.
LGTM!
of trust. | ||
|
||
In the primary datacenter, the Consul and AWS providers use the Primary Root CA to sign | ||
leaf certificates. The Vault provider uses an intermediate CA to sign leaf certificates. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this currently true? I thought you are working on making this possible @dnephin
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ya, this is currently true.
The work I'm doing in #11910 is to use an intermediate as the Primary CA, and an external root.
🍒 If backport labels were added before merging, cherry-picking will start automatically. To retroactively trigger a backport after merging, add backport labels and re-run https://circleci.com/gh/hashicorp/consul/566566. |
Preview: https://github.com/hashicorp/consul/tree/pairing/contrib-ca-docs/docs/service-mesh/ca