Merge pull request #34 from nginx/feat-csg-approved

feat: NGINX One Console. Deploy certs/keys on CSGs, part one

Author: mjang

content/nginx-one/changelog.md

@@ -46,11 +46,11 @@ For more information, see the full documentation on how you can [Manage Certific
 
 ## August 22, 2024
 
-### Config sync groups
+### Config Sync Groups
 
-Config sync groups are now available in the F5 NGINX One Console. This feature allows you to manage and synchronize NGINX configurations across multiple instances as a single entity, ensuring consistency and simplifying the management of your NGINX environment.
+Config Sync Groups are now available in the F5 NGINX One Console. This feature allows you to manage and synchronize NGINX configurations across multiple instances as a single entity, ensuring consistency and simplifying the management of your NGINX environment.
 
-For more information, see the full documentation on [Managing Config Sync Groups]({{< relref "/nginx-one/how-to/nginx-configs/manage-config-sync-groups.md" >}}).
+For more information, see the full documentation on [Managing Config Sync Groups]({{< relref "/nginx-one/how-to/config-sync-groups/manage-config-sync-groups.md" >}}).
 
 ## August 8, 2024
 

content/nginx-one/glossary.md

@@ -16,7 +16,9 @@ This glossary defines terms used in the F5 NGINX One Console and F5 Distributed
 {{<bootstrap-table "table table-striped table-bordered">}}
 | Term        | Definition |
 |-------------|-------------|
+| **Config Sync Group** | A group of NGINX systems (or instances) with identical configurations. They may also share the same certificates. However, the instances in a Config Sync Group could belong to different systems and even different clusters. For more information, see this explanation of [Important considerations]({{< relref "/nginx-one/how-to/config-sync-groups/manage-config-sync-groups.md#important-considerations" >}}) |
 | **Data Plane** | The data plane is the part of a network architecture that carries user traffic. It handles tasks like forwarding data packets between devices and managing network communication. In the context of NGINX, the data plane is responsible for tasks such as load balancing, caching, and serving web content. |
+| **Instance** | An instance is an individual system with NGINX installed. You can group the instances of your choice in a Config Sync Group. When you add an instance to NGINX One, you need to use a data plane key. | 
 | **Namespace** | In F5 Distributed Cloud, a namespace groups a tenant’s configuration objects, similar to administrative domains. Every object in a namespace must have a unique name, and each namespace must be unique to its tenant. This setup ensures isolation, preventing cross-referencing of objects between namespaces. |
 | **Tenant** | A tenant in F5 Distributed Cloud is an entity that owns a specific set of configuration and infrastructure. It is fundamental for isolation, meaning a tenant cannot access objects or infrastructure of other tenants. Tenants can be either individual or enterprise, with the latter allowing multiple users with role-based access control (RBAC). |
 {{</bootstrap-table>}}
@@ -25,4 +27,4 @@ This glossary defines terms used in the F5 NGINX One Console and F5 Distributed
 
 ## References
 
-- [F5 Distributed Cloud: Core Concepts](https://docs.cloud.f5.com/docs/ves-concepts/core-concepts)
+- [F5 Distributed Cloud: Core Concepts](https://docs.cloud.f5.com/docs/ves-concepts/core-concepts)

content/nginx-one/how-to/certificates/manage-certificates.md

@@ -20,7 +20,7 @@ From the NGINX One Console you can:
 - Ensure that your certificates are current and correct.
 - Manage your certificates from a central location. This can help you simplify operations and remotely update, rotate, and deploy those certificates.
 
-For more information on how you can use these certificates to secure your servers, refer to the section on [NGINX SSL termination]({{< relref "../../../nginx/admin-guide/security-controls/terminating-ssl-http.md" >}}).
+For more information on how you can use these certificates to secure your servers, refer to the section on [NGINX SSL termination]({{< relref "/nginx/admin-guide/security-controls/terminating-ssl-http.md" >}}).
 
 {{< tip >}}
 
@@ -128,9 +128,23 @@ In each case, you can upload files directly, or enter the content of the certifi
 
 You can modify existing certificates from the **Certificates** screen. Select the certificate of your choice. Depending on the type of certificate, you'll then see either a **Edit Certificate** or **Edit CA Bundle** option. The NGINX One Console then presents a window with the same options as shown when you [Add a new certificate](#add-a-new-certificate-or-bundle).
 
-## Delete a certificate
+If that certificate is already managed as part of a Config Sync Group, the changes you make affect all instances in that group.
 
-To delete a certificate, find the name in the **Certificates** screen. Find the **Actions** column associated with the certificate. Select the ellipsis and then select **Delete**.
+## Remove a deployed certificate
+
+You can remove a deployed certificate from an independent instance or from a Config Sync Group. This will remove the certificate's association with the instance or group, but it does not delete the certificate files from the instance(s).
+
+Every instance with a deployed certificate includes paths to certificates in their configuration files. If you remove the deployed file path to one certificate, that change is limited to that one instance.
+
+Every Config Sync Group also includes paths to certificates in its configuration files. If you remove the deployed path to one certificate, that change affects all instances which belong to that Config Sync Group. 
+
+## Delete a deployed certificate
+
+To delete a certificate, find the name in the **Certificates** screen. Find the **Actions** column associated with the certificate. Select the ellipsis (`...`) and then select **Delete**. Before deleting that certificate, you should see a warning.
+
+If that certificate is managed and is part of a Config Sync Group, that change affects all instances in that group.
+
+{{< warning >}} Do not delete certificates that are being used by an instance or a Config Sync Group. Deleting such certificates leads to failure in affected NGINX deployments. {{< /warning >}}
 
 ## Managed and unmanaged certificates
 
@@ -141,15 +155,15 @@ If you register an instance to NGINX One Console, as described in [Add your NGIN
 
 These certificates appear in the list of unmanaged certificates.
 
-We recommend that you convert your unmanaged certificates. Converting to a managed certificate allows you to centrally manage, update, and deploy a certificate to your NGINX instances from the NGINX One Console.
+We recommend that you convert your unmanaged certificates. Converting to a managed certificate allows you to centrally manage, update, and deploy a certificate to your data plane from the NGINX One Console.
 
 To convert these cerificates to managed, start with the Certificates menu, and select **Unmanaged**. You should see a list of **Unmanaged Certificates or CA Bundles**. Then:
 
 - Select a certificate
 - Select **Convert to Managed**
 - In the window that appears, you can now include the same information as shown in the [Add a new certificate](#add-a-new-certificate) section
 
-<!-- Once you've completed the process, NGINX One reassigns this as a managed certificate, and assigns it to the associated instance or config sync group. -->
+<!-- Once you've completed the process, NGINX One reassigns this as a managed certificate, and assigns it to the associated instance or Config Sync Group. -->
 
 ## See also
 

content/nginx-one/how-to/config-sync-groups/_index.md

@@ -0,0 +1,6 @@
+---
+description:
+title: Config Sync Groups
+weight: 250
+url: /nginx-one/how-to/config-sync-groups
+---