addtional feedback; added PartitionExports to CRDs section

This commit is contained in:
trujillo-adam 2021-11-30 11:18:12 -08:00
parent 632e4bd35c
commit 0fb360211a
4 changed files with 21 additions and 17 deletions

View File

@ -28,11 +28,9 @@ You can configure the settings defined in the `partition-exports` configuration
1. Verify that your datacenter meets the conditions specified in the [Requirements](#requirements). 1. Verify that your datacenter meets the conditions specified in the [Requirements](#requirements).
1. Specify the `partition-exports` configuration in the agent configuration file (see [`config_entries`](/docs/agent/options#config_entries)) as described in [Configuration](#configuration). 1. Specify the `partition-exports` configuration in the agent configuration file (see [`config_entries`](/docs/agent/options#config_entries)) as described in [Configuration](#configuration).
1. Deploy the configuration per your runtime: 1. Apply the configuration using one of the following methods:
* [VM](/docs/install) * Kubernetes CRD: Refer to the [Custom Resource Definitions](/docs/k8s/crds) documentation for details.
* [Kubernetes](/docs/k8s/installation/install) * Issue the `consul config write` command: Refer to the [Consul Config Write](/commands/config/write) documentation for details.
* [HTTP API](/api-docs/config#apply-configuration)
* [CLI](/commands/config/write)
## Configuration ## Configuration

View File

@ -182,7 +182,7 @@ You can configure the service mesh proxy to create listeners for upstream servic
| `destination_partition` | String value that specifies the name of the admin partition containing the upstream service. | Optional | `default` | | `destination_partition` | String value that specifies the name of the admin partition containing the upstream service. | Optional | `default` |
| `local_bind_port` | Integer value that specifies the port to bind a local listener to. The application will make outbound connections to the upstream from the local port. | Required | None | | `local_bind_port` | Integer value that specifies the port to bind a local listener to. The application will make outbound connections to the upstream from the local port. | Required | None |
| `local_bind_address` | String value that specifies the address to bind a local listener to. The application will make outbound connecttions to the upstream service from the local bind address. | Optional | `127.0.0.1` | | `local_bind_address` | String value that specifies the address to bind a local listener to. The application will make outbound connecttions to the upstream service from the local bind address. | Optional | `127.0.0.1` |
| `local_bind_socket_path` | String value that specifies the path at which to bind a Unix domain socket listener. The application will make outbound connections to the upstream from the local bind socket path. <br/>This parameter conflicts with the `local_bind_port` or `local_bind_address` parameters. <br/>Supported when using Envoy as a proxy. | Optional | None| | `local_bind_socket_path` | String value that specifies the path at which to bind a Unix domain socket listener. The application will make outbound connections to the upstream from the local bind socket path. <br/>This parameter conflicts with the `local_bind_port` or `local_bind_address` parameters. <br/>Supported when using Envoy as a proxy. | Optional | None|
| `local_bind_socket_mode` | String value that specifies a Unix octal that configures file permissions for the socket. | Optional | None | | `local_bind_socket_mode` | String value that specifies a Unix octal that configures file permissions for the socket. | Optional | None |
| `destination_type` | String value that specifies the type of discovery query the proxy should use for finding service mesh instances. The following values are supported: <li>`service`: Queries for upstream `service` types. </li><li> `prepared_query`: Queries for upstream prepared queries.</li> | Optional | `service` | | `destination_type` | String value that specifies the type of discovery query the proxy should use for finding service mesh instances. The following values are supported: <li>`service`: Queries for upstream `service` types. </li><li> `prepared_query`: Queries for upstream prepared queries.</li> | Optional | `service` |
| `datacenter` | String value that specifies the datacenter to issue the discovery query to. | Optional | Defaults to the local datacenter. | | `datacenter` | String value that specifies the datacenter to issue the discovery query to. | Optional | Defaults to the local datacenter. |

View File

@ -24,7 +24,7 @@ Admin partitions exist a level above namespaces in the identity hierarchy. They
Each Consul cluster will have at least one default admin partition (named `default`). Any resource created without specifying an admin partition will inherit the partition of the ACL token. Each Consul cluster will have at least one default admin partition (named `default`). Any resource created without specifying an admin partition will inherit the partition of the ACL token.
The `default` admin partition is special in that it may contain namespaces and other entities that are replicated between datacenters. The `default` partition should also contain the Consul servers. The `default` admin partition is special in that it may contain namespaces and other entities that are replicated between datacenters. The `default` partition must also contain the Consul servers.
-> **Preexisting resources and the `default` partition**: Admin partitions were introduced in Consul 1.11. After upgrading to Consul 1.11 or later, the `default` partition will contain all resources created in previous versions. -> **Preexisting resources and the `default` partition**: Admin partitions were introduced in Consul 1.11. After upgrading to Consul 1.11 or later, the `default` partition will contain all resources created in previous versions.
@ -73,7 +73,7 @@ Your Consul configuration must meet the following requirements to use admin part
* The `write` permission for `proxy-defaults` requires `mesh:write`. See [Admin Partition Rules](/docs/security/acl/acl-rules#admin-partition-rules) for additional information. * The `write` permission for `proxy-defaults` requires `mesh:write`. See [Admin Partition Rules](/docs/security/acl/acl-rules#admin-partition-rules) for additional information.
* The `write` permissions for ingress and terminating gateways require `mesh:write` privileges. * The `write` permissions for ingress and terminating gateways require `mesh:write` privileges.
* Wildcards (`*`) are not supported when creating intentions for admin partitions, but you can use a wildcard to specify services within a partition. * Wildcards (`*`) are not supported when creating intentions for admin partitions, but you can use a wildcard to specify services within a partition.
* With the exception of the `default` admin partition, ACL rules configured for admin partitions are isolated, so policies defined in partitions outside of the `default` partition can only reference its local partition. * With the exception of the `default` admin partition, ACL rules configured for admin partitions are isolated, so policies defined in partitions outside of the `default` partition can only reference their local partition.
### Agent Configurations ### Agent Configurations

View File

@ -9,27 +9,33 @@ description: >-
# Custom Resource Definitions # Custom Resource Definitions
-> This feature requires consul-helm >= 0.28.0, consul-k8s >= 0.22.0 and consul >= 1.8.4. This topic describes how to manage Consul [configuration entries](/docs/agent/config-entries)
via Kubernetes Custom Resources. Configuration entries provide cluster-wide defaults for the service mesh.
We support managing Consul [configuration entries](/docs/agent/config-entries) ## Requirements
via Kubernetes Custom Resources. Configuration entries are used to provide
cluster-wide defaults for the service mesh.
We currently support the follow configuration entry kinds: * consul-helm 0.28.0 or later
* consul-k8s 0.22.0 or later
* consul 1.8.4 or later; some configuration entries require a newer version of Consul
- [`Mesh`](/docs/connect/config-entries/mesh) (requires Consul >= 1.10.0) ## Supported Configuration Entries
You can specify the following values in the `kind` field. Click on a configuration entry to view its documentation:
- [`Mesh`](/docs/connect/config-entries/mesh) (requires Consul 1.10.0+)
- [`PartitionExports`](/docs/connect/config-entries/partition-exports)
- [`ProxyDefaults`](/docs/connect/config-entries/proxy-defaults) - [`ProxyDefaults`](/docs/connect/config-entries/proxy-defaults)
- [`ServiceDefaults`](/docs/connect/config-entries/service-defaults) - [`ServiceDefaults`](/docs/connect/config-entries/service-defaults)
- [`ServiceSplitter`](/docs/connect/config-entries/service-splitter) - [`ServiceSplitter`](/docs/connect/config-entries/service-splitter)
- [`ServiceRouter`](/docs/connect/config-entries/service-router) - [`ServiceRouter`](/docs/connect/config-entries/service-router)
- [`ServiceResolver`](/docs/connect/config-entries/service-resolver) - [`ServiceResolver`](/docs/connect/config-entries/service-resolver)
- [`ServiceIntentions`](/docs/connect/config-entries/service-intentions) (requires Consul >= 1.9.0) - [`ServiceIntentions`](/docs/connect/config-entries/service-intentions) (requires Consul 1.9.0+)
- [`IngressGateway`](/docs/connect/config-entries/ingress-gateway) - [`IngressGateway`](/docs/connect/config-entries/ingress-gateway)
- [`TerminatingGateway`](/docs/connect/config-entries/terminating-gateway) - [`TerminatingGateway`](/docs/connect/config-entries/terminating-gateway)
## Installation ## Installation
Ensure you have at least version `0.28.0` of the helm chart: Verify that the minimum version of the helm chart (`0.28.0`) is installed:
```shell-session ```shell-session
$ helm search repo hashicorp/consul $ helm search repo hashicorp/consul
@ -37,7 +43,7 @@ NAME CHART VERSION APP VERSION DESCRIPTION
hashicorp/consul 0.28.0 1.9.1 Official HashiCorp Consul Chart hashicorp/consul 0.28.0 1.9.1 Official HashiCorp Consul Chart
``` ```
If you don't have `0.28.0`, you will need to update your helm repository cache: Update your helm repository cache if necessary:
```shell-session ```shell-session
$ helm repo update $ helm repo update