From 0fb360211ac01cb2e9b01d356ea639ef3d515f93 Mon Sep 17 00:00:00 2001 From: trujillo-adam Date: Tue, 30 Nov 2021 11:18:12 -0800 Subject: [PATCH] addtional feedback; added PartitionExports to CRDs section --- .../config-entries/partition-exports.mdx | 8 +++---- .../registration/service-registration.mdx | 2 +- .../docs/enterprise/admin-partitions.mdx | 4 ++-- website/content/docs/k8s/crds/index.mdx | 24 ++++++++++++------- 4 files changed, 21 insertions(+), 17 deletions(-) diff --git a/website/content/docs/connect/config-entries/partition-exports.mdx b/website/content/docs/connect/config-entries/partition-exports.mdx index 0252d5f92b..94a61569d7 100644 --- a/website/content/docs/connect/config-entries/partition-exports.mdx +++ b/website/content/docs/connect/config-entries/partition-exports.mdx @@ -28,11 +28,9 @@ You can configure the settings defined in the `partition-exports` configuration 1. Verify that your datacenter meets the conditions specified in the [Requirements](#requirements). 1. Specify the `partition-exports` configuration in the agent configuration file (see [`config_entries`](/docs/agent/options#config_entries)) as described in [Configuration](#configuration). -1. Deploy the configuration per your runtime: - * [VM](/docs/install) - * [Kubernetes](/docs/k8s/installation/install) - * [HTTP API](/api-docs/config#apply-configuration) - * [CLI](/commands/config/write) +1. Apply the configuration using one of the following methods: + * Kubernetes CRD: Refer to the [Custom Resource Definitions](/docs/k8s/crds) documentation for details. + * Issue the `consul config write` command: Refer to the [Consul Config Write](/commands/config/write) documentation for details. ## Configuration diff --git a/website/content/docs/connect/registration/service-registration.mdx b/website/content/docs/connect/registration/service-registration.mdx index 4c42ab867b..92bcb1a93e 100644 --- a/website/content/docs/connect/registration/service-registration.mdx +++ b/website/content/docs/connect/registration/service-registration.mdx @@ -182,7 +182,7 @@ You can configure the service mesh proxy to create listeners for upstream servic | `destination_partition` | String value that specifies the name of the admin partition containing the upstream service. | Optional | `default` | | `local_bind_port` | Integer value that specifies the port to bind a local listener to. The application will make outbound connections to the upstream from the local port. | Required | None | | `local_bind_address` | String value that specifies the address to bind a local listener to. The application will make outbound connecttions to the upstream service from the local bind address. | Optional | `127.0.0.1` | -| `local_bind_socket_path` | String value that specifies the path at which to bind a Unix domain socket listener. The application will make outbound connections to the upstream from the local bind socket path.
This parameter conflicts with the `local_bind_port` or `local_bind_address` parameters.
Supported when using Envoy as a proxy. | Optional | None| +| `local_bind_socket_path` | String value that specifies the path at which to bind a Unix domain socket listener. The application will make outbound connections to the upstream from the local bind socket path.
This parameter conflicts with the `local_bind_port` or `local_bind_address` parameters.
Supported when using Envoy as a proxy. | Optional | None| | `local_bind_socket_mode` | String value that specifies a Unix octal that configures file permissions for the socket. | Optional | None | | `destination_type` | String value that specifies the type of discovery query the proxy should use for finding service mesh instances. The following values are supported:
  • `service`: Queries for upstream `service` types.
  • `prepared_query`: Queries for upstream prepared queries.
  • | Optional | `service` | | `datacenter` | String value that specifies the datacenter to issue the discovery query to. | Optional | Defaults to the local datacenter. | diff --git a/website/content/docs/enterprise/admin-partitions.mdx b/website/content/docs/enterprise/admin-partitions.mdx index 604e86cbf4..b00ac189fc 100644 --- a/website/content/docs/enterprise/admin-partitions.mdx +++ b/website/content/docs/enterprise/admin-partitions.mdx @@ -24,7 +24,7 @@ Admin partitions exist a level above namespaces in the identity hierarchy. They Each Consul cluster will have at least one default admin partition (named `default`). Any resource created without specifying an admin partition will inherit the partition of the ACL token. -The `default` admin partition is special in that it may contain namespaces and other entities that are replicated between datacenters. The `default` partition should also contain the Consul servers. +The `default` admin partition is special in that it may contain namespaces and other entities that are replicated between datacenters. The `default` partition must also contain the Consul servers. -> **Preexisting resources and the `default` partition**: Admin partitions were introduced in Consul 1.11. After upgrading to Consul 1.11 or later, the `default` partition will contain all resources created in previous versions. @@ -73,7 +73,7 @@ Your Consul configuration must meet the following requirements to use admin part * The `write` permission for `proxy-defaults` requires `mesh:write`. See [Admin Partition Rules](/docs/security/acl/acl-rules#admin-partition-rules) for additional information. * The `write` permissions for ingress and terminating gateways require `mesh:write` privileges. * Wildcards (`*`) are not supported when creating intentions for admin partitions, but you can use a wildcard to specify services within a partition. -* With the exception of the `default` admin partition, ACL rules configured for admin partitions are isolated, so policies defined in partitions outside of the `default` partition can only reference its local partition. +* With the exception of the `default` admin partition, ACL rules configured for admin partitions are isolated, so policies defined in partitions outside of the `default` partition can only reference their local partition. ### Agent Configurations diff --git a/website/content/docs/k8s/crds/index.mdx b/website/content/docs/k8s/crds/index.mdx index 4711c2d3a8..8364c22d32 100644 --- a/website/content/docs/k8s/crds/index.mdx +++ b/website/content/docs/k8s/crds/index.mdx @@ -9,27 +9,33 @@ description: >- # Custom Resource Definitions --> This feature requires consul-helm >= 0.28.0, consul-k8s >= 0.22.0 and consul >= 1.8.4. +This topic describes how to manage Consul [configuration entries](/docs/agent/config-entries) +via Kubernetes Custom Resources. Configuration entries provide cluster-wide defaults for the service mesh. -We support managing Consul [configuration entries](/docs/agent/config-entries) -via Kubernetes Custom Resources. Configuration entries are used to provide -cluster-wide defaults for the service mesh. +## Requirements -We currently support the follow configuration entry kinds: +* consul-helm 0.28.0 or later +* consul-k8s 0.22.0 or later +* consul 1.8.4 or later; some configuration entries require a newer version of Consul -- [`Mesh`](/docs/connect/config-entries/mesh) (requires Consul >= 1.10.0) +## Supported Configuration Entries + +You can specify the following values in the `kind` field. Click on a configuration entry to view its documentation: + +- [`Mesh`](/docs/connect/config-entries/mesh) (requires Consul 1.10.0+) +- [`PartitionExports`](/docs/connect/config-entries/partition-exports) - [`ProxyDefaults`](/docs/connect/config-entries/proxy-defaults) - [`ServiceDefaults`](/docs/connect/config-entries/service-defaults) - [`ServiceSplitter`](/docs/connect/config-entries/service-splitter) - [`ServiceRouter`](/docs/connect/config-entries/service-router) - [`ServiceResolver`](/docs/connect/config-entries/service-resolver) -- [`ServiceIntentions`](/docs/connect/config-entries/service-intentions) (requires Consul >= 1.9.0) +- [`ServiceIntentions`](/docs/connect/config-entries/service-intentions) (requires Consul 1.9.0+) - [`IngressGateway`](/docs/connect/config-entries/ingress-gateway) - [`TerminatingGateway`](/docs/connect/config-entries/terminating-gateway) ## Installation -Ensure you have at least version `0.28.0` of the helm chart: +Verify that the minimum version of the helm chart (`0.28.0`) is installed: ```shell-session $ helm search repo hashicorp/consul @@ -37,7 +43,7 @@ NAME CHART VERSION APP VERSION DESCRIPTION hashicorp/consul 0.28.0 1.9.1 Official HashiCorp Consul Chart ``` -If you don't have `0.28.0`, you will need to update your helm repository cache: +Update your helm repository cache if necessary: ```shell-session $ helm repo update