Azure MSI for cloud auto-join (#7000)

* Azure MSI documentation

Adding in note about support for Azure MSI authentication method for Cloud auto-join

* fixing text formatting

fixing text formatting

* missing word

missing word - variable

* Update website/source/docs/agent/cloud-auto-join.html.md

Language change to be specific about where the security risk mitigation is concerned

Co-Authored-By: Jack Pearkes <jackpearkes@gmail.com>

Co-authored-by: Jack Pearkes <jackpearkes@gmail.com>
This commit is contained in:
DevOps Rob 2020-01-09 01:43:45 +00:00 committed by Jack Pearkes
parent 15f070231a
commit 0785bcc8df
1 changed files with 3 additions and 1 deletions

View File

@ -123,6 +123,8 @@ When using tags the only permission needed is `Microsoft.Network/networkInterfac
When using Virtual Machine Scale Sets the only role action needed is `Microsoft.Compute/virtualMachineScaleSets/*/read`. When using Virtual Machine Scale Sets the only role action needed is `Microsoft.Compute/virtualMachineScaleSets/*/read`.
~> **Note:** If the Consul cluster is hosted on Azure, Consul can use Managed Service Identities (MSI) to access Azure instead of an environment variable and shared client id and secret. MSI must be enabled on the VMs hosting Consul, and it is the preferred configuration since MSI prevents your Azure credentials from being stored in Consul configuration. This feature is supported from Consul 1.7 and above.
### Google Compute Engine ### Google Compute Engine
This returns the first private IP address of all servers in the given This returns the first private IP address of all servers in the given
@ -402,4 +404,4 @@ $ consul agent -retry-join "provider=k8s label_selector=\"app=consul,component=s
- `field_selector` (optional) - the field selector for matching pods. - `field_selector` (optional) - the field selector for matching pods.
The Kubernetes token used by the provider needs to have permissions to list pods The Kubernetes token used by the provider needs to have permissions to list pods
in the desired namespace. in the desired namespace.