Add docs for ocsp staple support (#13307)

* Add docs for ocsp staple support Signed-off-by: Faseela K <faseela.k@est.tech> * Update content/en/docs/tasks/traffic-management/ingress/secure-ingress/index.md Co-authored-by: Frank Budinsky <frankb@ca.ibm.com> --------- Signed-off-by: Faseela K <faseela.k@est.tech> Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
2023-06-08 20:58:05 +02:00 · 2023-06-08 20:58:05 +02:00 · 01da15421a
parent dd5f82d11a
commit 01da15421a
4 changed files with 9 additions and 3 deletions
--- a/content/en/boilerplates/crl-tip.md
+++ b/content/en/boilerplates/crl-tip.md
@ -1,6 +1,4 @@
 ---
 ---
-{{< tip >}}
 Optionally, the credential may include a [certificate revocation list (CRL)](https://datatracker.ietf.org/doc/html/rfc5280)
-using the key `ca.crl`. If so, add another argument to the above example to provide the CRL: `--from-file=ca.crl=/some/path/to/your-crl.pem`
-{{< /tip >}}
+using the key `ca.crl`. If so, add another argument to the above example to provide the CRL: `--from-file=ca.crl=/some/path/to/your-crl.pem`.
--- a/content/en/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/index.md
+++ b/content/en/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/index.md
@ -410,7 +410,9 @@ to hold the configuration of the NGINX server:

    In this example. a single generic Secret with keys `tls.key`, `tls.crt`, and `ca.crt` is used.

+    {{< tip >}}
    {{< boilerplate crl-tip >}}
+    {{< /tip >}}

 1.  Create an egress `Gateway` for `my-nginx.mesh-external.svc.cluster.local`, port 443, and destination rules and
    virtual services to direct the traffic through the egress gateway and from the egress gateway to the external
--- a/content/en/docs/tasks/traffic-management/egress/egress-tls-origination/index.md
+++ b/content/en/docs/tasks/traffic-management/egress/egress-tls-origination/index.md
@ -235,7 +235,9 @@ Follow [these steps](/docs/tasks/traffic-management/egress/egress-gateway-tls-or

    The secret **must** be created in the same namespace as the client pod is deployed in, `default` in this case.

+    {{< tip >}}
    {{< boilerplate crl-tip >}}
+    {{< /tip >}}

 1. Create required `RBAC` to make sure the secret created in the above step is accessible to the client pod, which is `sleep` in this case.

--- a/content/en/docs/tasks/traffic-management/ingress/secure-ingress/index.md
+++ b/content/en/docs/tasks/traffic-management/ingress/secure-ingress/index.md
@ -522,8 +522,12 @@ You can extend your gateway's definition to support [mutual TLS](https://en.wiki
      --from-file=ca.crt=example_certs1/example.com.crt
    {{< /text >}}

+    {{< tip >}}
    {{< boilerplate crl-tip >}}

+    The credential may also include an [OCSP Staple](https://datatracker.ietf.org/doc/html/rfc6961) using the key `tls.ocsp-staple` which can be specified by an additional argument: `--from-file=tls.ocsp-staple=/some/path/to/your-ocsp-staple.pem`.
+    {{< /tip >}}
+
 1. Configure the ingress gateway:

 {{< tabset category-name="config-api" >}}