mirror of https://github.com/status-im/consul.git
addtional feedback; added PartitionExports to CRDs section
This commit is contained in:
parent
632e4bd35c
commit
0fb360211a
|
@ -28,11 +28,9 @@ You can configure the settings defined in the `partition-exports` configuration
|
||||||
|
|
||||||
1. Verify that your datacenter meets the conditions specified in the [Requirements](#requirements).
|
1. Verify that your datacenter meets the conditions specified in the [Requirements](#requirements).
|
||||||
1. Specify the `partition-exports` configuration in the agent configuration file (see [`config_entries`](/docs/agent/options#config_entries)) as described in [Configuration](#configuration).
|
1. Specify the `partition-exports` configuration in the agent configuration file (see [`config_entries`](/docs/agent/options#config_entries)) as described in [Configuration](#configuration).
|
||||||
1. Deploy the configuration per your runtime:
|
1. Apply the configuration using one of the following methods:
|
||||||
* [VM](/docs/install)
|
* Kubernetes CRD: Refer to the [Custom Resource Definitions](/docs/k8s/crds) documentation for details.
|
||||||
* [Kubernetes](/docs/k8s/installation/install)
|
* Issue the `consul config write` command: Refer to the [Consul Config Write](/commands/config/write) documentation for details.
|
||||||
* [HTTP API](/api-docs/config#apply-configuration)
|
|
||||||
* [CLI](/commands/config/write)
|
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
|
|
|
@ -182,7 +182,7 @@ You can configure the service mesh proxy to create listeners for upstream servic
|
||||||
| `destination_partition` | String value that specifies the name of the admin partition containing the upstream service. | Optional | `default` |
|
| `destination_partition` | String value that specifies the name of the admin partition containing the upstream service. | Optional | `default` |
|
||||||
| `local_bind_port` | Integer value that specifies the port to bind a local listener to. The application will make outbound connections to the upstream from the local port. | Required | None |
|
| `local_bind_port` | Integer value that specifies the port to bind a local listener to. The application will make outbound connections to the upstream from the local port. | Required | None |
|
||||||
| `local_bind_address` | String value that specifies the address to bind a local listener to. The application will make outbound connecttions to the upstream service from the local bind address. | Optional | `127.0.0.1` |
|
| `local_bind_address` | String value that specifies the address to bind a local listener to. The application will make outbound connecttions to the upstream service from the local bind address. | Optional | `127.0.0.1` |
|
||||||
| `local_bind_socket_path` | String value that specifies the path at which to bind a Unix domain socket listener. The application will make outbound connections to the upstream from the local bind socket path. <br/>This parameter conflicts with the `local_bind_port` or `local_bind_address` parameters. <br/>Supported when using Envoy as a proxy. | Optional | None|
|
| `local_bind_socket_path` | String value that specifies the path at which to bind a Unix domain socket listener. The application will make outbound connections to the upstream from the local bind socket path. <br/>This parameter conflicts with the `local_bind_port` or `local_bind_address` parameters. <br/>Supported when using Envoy as a proxy. | Optional | None|
|
||||||
| `local_bind_socket_mode` | String value that specifies a Unix octal that configures file permissions for the socket. | Optional | None |
|
| `local_bind_socket_mode` | String value that specifies a Unix octal that configures file permissions for the socket. | Optional | None |
|
||||||
| `destination_type` | String value that specifies the type of discovery query the proxy should use for finding service mesh instances. The following values are supported: <li>`service`: Queries for upstream `service` types. </li><li> `prepared_query`: Queries for upstream prepared queries.</li> | Optional | `service` |
|
| `destination_type` | String value that specifies the type of discovery query the proxy should use for finding service mesh instances. The following values are supported: <li>`service`: Queries for upstream `service` types. </li><li> `prepared_query`: Queries for upstream prepared queries.</li> | Optional | `service` |
|
||||||
| `datacenter` | String value that specifies the datacenter to issue the discovery query to. | Optional | Defaults to the local datacenter. |
|
| `datacenter` | String value that specifies the datacenter to issue the discovery query to. | Optional | Defaults to the local datacenter. |
|
||||||
|
|
|
@ -24,7 +24,7 @@ Admin partitions exist a level above namespaces in the identity hierarchy. They
|
||||||
|
|
||||||
Each Consul cluster will have at least one default admin partition (named `default`). Any resource created without specifying an admin partition will inherit the partition of the ACL token.
|
Each Consul cluster will have at least one default admin partition (named `default`). Any resource created without specifying an admin partition will inherit the partition of the ACL token.
|
||||||
|
|
||||||
The `default` admin partition is special in that it may contain namespaces and other entities that are replicated between datacenters. The `default` partition should also contain the Consul servers.
|
The `default` admin partition is special in that it may contain namespaces and other entities that are replicated between datacenters. The `default` partition must also contain the Consul servers.
|
||||||
|
|
||||||
-> **Preexisting resources and the `default` partition**: Admin partitions were introduced in Consul 1.11. After upgrading to Consul 1.11 or later, the `default` partition will contain all resources created in previous versions.
|
-> **Preexisting resources and the `default` partition**: Admin partitions were introduced in Consul 1.11. After upgrading to Consul 1.11 or later, the `default` partition will contain all resources created in previous versions.
|
||||||
|
|
||||||
|
@ -73,7 +73,7 @@ Your Consul configuration must meet the following requirements to use admin part
|
||||||
* The `write` permission for `proxy-defaults` requires `mesh:write`. See [Admin Partition Rules](/docs/security/acl/acl-rules#admin-partition-rules) for additional information.
|
* The `write` permission for `proxy-defaults` requires `mesh:write`. See [Admin Partition Rules](/docs/security/acl/acl-rules#admin-partition-rules) for additional information.
|
||||||
* The `write` permissions for ingress and terminating gateways require `mesh:write` privileges.
|
* The `write` permissions for ingress and terminating gateways require `mesh:write` privileges.
|
||||||
* Wildcards (`*`) are not supported when creating intentions for admin partitions, but you can use a wildcard to specify services within a partition.
|
* Wildcards (`*`) are not supported when creating intentions for admin partitions, but you can use a wildcard to specify services within a partition.
|
||||||
* With the exception of the `default` admin partition, ACL rules configured for admin partitions are isolated, so policies defined in partitions outside of the `default` partition can only reference its local partition.
|
* With the exception of the `default` admin partition, ACL rules configured for admin partitions are isolated, so policies defined in partitions outside of the `default` partition can only reference their local partition.
|
||||||
|
|
||||||
### Agent Configurations
|
### Agent Configurations
|
||||||
|
|
||||||
|
|
|
@ -9,27 +9,33 @@ description: >-
|
||||||
|
|
||||||
# Custom Resource Definitions
|
# Custom Resource Definitions
|
||||||
|
|
||||||
-> This feature requires consul-helm >= 0.28.0, consul-k8s >= 0.22.0 and consul >= 1.8.4.
|
This topic describes how to manage Consul [configuration entries](/docs/agent/config-entries)
|
||||||
|
via Kubernetes Custom Resources. Configuration entries provide cluster-wide defaults for the service mesh.
|
||||||
|
|
||||||
We support managing Consul [configuration entries](/docs/agent/config-entries)
|
## Requirements
|
||||||
via Kubernetes Custom Resources. Configuration entries are used to provide
|
|
||||||
cluster-wide defaults for the service mesh.
|
|
||||||
|
|
||||||
We currently support the follow configuration entry kinds:
|
* consul-helm 0.28.0 or later
|
||||||
|
* consul-k8s 0.22.0 or later
|
||||||
|
* consul 1.8.4 or later; some configuration entries require a newer version of Consul
|
||||||
|
|
||||||
- [`Mesh`](/docs/connect/config-entries/mesh) (requires Consul >= 1.10.0)
|
## Supported Configuration Entries
|
||||||
|
|
||||||
|
You can specify the following values in the `kind` field. Click on a configuration entry to view its documentation:
|
||||||
|
|
||||||
|
- [`Mesh`](/docs/connect/config-entries/mesh) (requires Consul 1.10.0+)
|
||||||
|
- [`PartitionExports`](/docs/connect/config-entries/partition-exports)
|
||||||
- [`ProxyDefaults`](/docs/connect/config-entries/proxy-defaults)
|
- [`ProxyDefaults`](/docs/connect/config-entries/proxy-defaults)
|
||||||
- [`ServiceDefaults`](/docs/connect/config-entries/service-defaults)
|
- [`ServiceDefaults`](/docs/connect/config-entries/service-defaults)
|
||||||
- [`ServiceSplitter`](/docs/connect/config-entries/service-splitter)
|
- [`ServiceSplitter`](/docs/connect/config-entries/service-splitter)
|
||||||
- [`ServiceRouter`](/docs/connect/config-entries/service-router)
|
- [`ServiceRouter`](/docs/connect/config-entries/service-router)
|
||||||
- [`ServiceResolver`](/docs/connect/config-entries/service-resolver)
|
- [`ServiceResolver`](/docs/connect/config-entries/service-resolver)
|
||||||
- [`ServiceIntentions`](/docs/connect/config-entries/service-intentions) (requires Consul >= 1.9.0)
|
- [`ServiceIntentions`](/docs/connect/config-entries/service-intentions) (requires Consul 1.9.0+)
|
||||||
- [`IngressGateway`](/docs/connect/config-entries/ingress-gateway)
|
- [`IngressGateway`](/docs/connect/config-entries/ingress-gateway)
|
||||||
- [`TerminatingGateway`](/docs/connect/config-entries/terminating-gateway)
|
- [`TerminatingGateway`](/docs/connect/config-entries/terminating-gateway)
|
||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
|
|
||||||
Ensure you have at least version `0.28.0` of the helm chart:
|
Verify that the minimum version of the helm chart (`0.28.0`) is installed:
|
||||||
|
|
||||||
```shell-session
|
```shell-session
|
||||||
$ helm search repo hashicorp/consul
|
$ helm search repo hashicorp/consul
|
||||||
|
@ -37,7 +43,7 @@ NAME CHART VERSION APP VERSION DESCRIPTION
|
||||||
hashicorp/consul 0.28.0 1.9.1 Official HashiCorp Consul Chart
|
hashicorp/consul 0.28.0 1.9.1 Official HashiCorp Consul Chart
|
||||||
```
|
```
|
||||||
|
|
||||||
If you don't have `0.28.0`, you will need to update your helm repository cache:
|
Update your helm repository cache if necessary:
|
||||||
|
|
||||||
```shell-session
|
```shell-session
|
||||||
$ helm repo update
|
$ helm repo update
|
||||||
|
|
Loading…
Reference in New Issue