update docs (#10405)

Consul 1.10 GA for Consul K8s
This commit is contained in:
Ashwin Venkatesh 2021-06-22 19:41:53 -04:00 committed by GitHub
parent b72ad40286
commit 17dc691c61
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 122 additions and 6 deletions

View File

@ -96,6 +96,11 @@ and consider if they're appropriate for your deployment.
- `secretKey` ((#v-global-gossipencryption-secretkey)) (`string: ""`) - secretKey is the key within the Kubernetes secret that holds the gossip - `secretKey` ((#v-global-gossipencryption-secretkey)) (`string: ""`) - secretKey is the key within the Kubernetes secret that holds the gossip
encryption key. encryption key.
- `recursors` ((#v-global-recursors)) (`array<string>: []`) - A list of addresses of upstream DNS servers that are used to recursively resolve DNS queries.
These values are given as `-recursor` flags to Consul servers and clients.
See https://www.consul.io/docs/agent/options#_recursor for more details.
If this is an empty array (the default), then Consul DNS will only resolve queries for the Consul top level domain (by default `.consul`).
- `tls` ((#v-global-tls)) - Enables TLS (https://learn.hashicorp.com/tutorials/consul/tls-encryption-secure) - `tls` ((#v-global-tls)) - Enables TLS (https://learn.hashicorp.com/tutorials/consul/tls-encryption-secure)
across the cluster to verify authenticity of the Consul servers and clients. across the cluster to verify authenticity of the Consul servers and clients.
Requires Consul v1.4.1+ and consul-k8s v0.16.2+ Requires Consul v1.4.1+ and consul-k8s v0.16.2+
@ -282,6 +287,8 @@ and consider if they're appropriate for your deployment.
- `secretKey` ((#v-server-enterpriselicense-secretkey)) (`string: null`) - The key within the Kubernetes secret that holds the enterprise license. - `secretKey` ((#v-server-enterpriselicense-secretkey)) (`string: null`) - The key within the Kubernetes secret that holds the enterprise license.
- `enableLicenseAutoload` ((#v-server-enterpriselicense-enablelicenseautoload)) (`boolean: true`) - Manages license autoload. Required in Consul 1.10.0+, 1.9.7+ and 1.8.12+.
- `exposeGossipAndRPCPorts` ((#v-server-exposegossipandrpcports)) (`boolean: false`) - Exposes the servers' gossip and RPC ports as hostPorts. To enable a client - `exposeGossipAndRPCPorts` ((#v-server-exposegossipandrpcports)) (`boolean: false`) - Exposes the servers' gossip and RPC ports as hostPorts. To enable a client
agent outside of the k8s cluster to join the datacenter, you would need to agent outside of the k8s cluster to join the datacenter, you would need to
enable `server.exposeGossipAndRPCPorts`, `client.exposeGossipPorts`, and enable `server.exposeGossipAndRPCPorts`, `client.exposeGossipPorts`, and
@ -322,6 +329,17 @@ and consider if they're appropriate for your deployment.
a new CA and set of certificates. Additional Connect settings can be configured a new CA and set of certificates. Additional Connect settings can be configured
by setting the `server.extraConfig` value. by setting the `server.extraConfig` value.
- `serviceAccount` ((#v-server-serviceaccount))
- `annotations` ((#v-server-serviceaccount-annotations)) (`string: null`) - This value defines additional annotations for the server service account. This should be formatted as a multi-line
string.
```yaml
annotations: |
"sample/annotation1": "foo"
"sample/annotation2": "bar"
```
- `resources` ((#v-server-resources)) (`map`) - The resource requests (CPU, memory, etc.) - `resources` ((#v-server-resources)) (`map`) - The resource requests (CPU, memory, etc.)
for each of the server agents. This should be a YAML map corresponding to a Kubernetes for each of the server agents. This should be a YAML map corresponding to a Kubernetes
ResourceRequirements (https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#resourcerequirements-v1-core) ResourceRequirements (https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#resourcerequirements-v1-core)
@ -577,6 +595,17 @@ and consider if they're appropriate for your deployment.
and the Consul servers are outside of the k8s cluster. and the Consul servers are outside of the k8s cluster.
This also changes the clients' advertised IP to the `hostIP` rather than `podIP`. This also changes the clients' advertised IP to the `hostIP` rather than `podIP`.
- `serviceAccount` ((#v-client-serviceaccount))
- `annotations` ((#v-client-serviceaccount-annotations)) (`string: null`) - This value defines additional annotations for the client service account. This should be formatted as a multi-line
string.
```yaml
annotations: |
"sample/annotation1": "foo"
"sample/annotation2": "bar"
```
- `resources` ((#v-client-resources)) (`map`) - Resource settings for Client agents. - `resources` ((#v-client-resources)) (`map`) - Resource settings for Client agents.
NOTE: The use of a YAML string is deprecated. Instead, set directly as a NOTE: The use of a YAML string is deprecated. Instead, set directly as a
YAML map. YAML map.
@ -738,6 +767,17 @@ and consider if they're appropriate for your deployment.
- `secretKey` ((#v-client-snapshotagent-configsecret-secretkey)) (`string: null`) - The key of the Kubernetes secret. - `secretKey` ((#v-client-snapshotagent-configsecret-secretkey)) (`string: null`) - The key of the Kubernetes secret.
- `serviceAccount` ((#v-client-snapshotagent-serviceaccount))
- `annotations` ((#v-client-snapshotagent-serviceaccount-annotations)) (`string: null`) - This value defines additional annotations for the snapshot agent service account. This should be formatted as a
multi-line string.
```yaml
annotations: |
"sample/annotation1": "foo"
"sample/annotation2": "bar"
```
- `resources` ((#v-client-snapshotagent-resources)) (`map`) - Resource settings for snapshot agent pods. - `resources` ((#v-client-snapshotagent-resources)) (`map`) - Resource settings for snapshot agent pods.
- `caCert` ((#v-client-snapshotagent-cacert)) (`string: null`) - Optional PEM-encoded CA certificate that will be added to the trusted system CAs. - `caCert` ((#v-client-snapshotagent-cacert)) (`string: null`) - Optional PEM-encoded CA certificate that will be added to the trusted system CAs.
@ -793,6 +833,14 @@ and consider if they're appropriate for your deployment.
- `type` ((#v-ui-service-type)) (`string: null`) - The service type to register. - `type` ((#v-ui-service-type)) (`string: null`) - The service type to register.
- `nodePort` ((#v-ui-service-nodeport)) - Optionally set the nodePort value of the ui service if using a NodePort service.
If not set and using a NodePort service, Kubernetes will automatically assign
a port.
- `http` ((#v-ui-service-nodeport-http)) (`integer: null`) - HTTP node port
- `https` ((#v-ui-service-nodeport-https)) (`integer: null`) - HTTPS node port
- `annotations` ((#v-ui-service-annotations)) (`string: null`) - Annotations to apply to the UI service. - `annotations` ((#v-ui-service-annotations)) (`string: null`) - Annotations to apply to the UI service.
Example: Example:
@ -1001,6 +1049,17 @@ and consider if they're appropriate for your deployment.
This should be a multi-line string matching the Toleration array This should be a multi-line string matching the Toleration array
in a PodSpec. in a PodSpec.
- `serviceAccount` ((#v-synccatalog-serviceaccount))
- `annotations` ((#v-synccatalog-serviceaccount-annotations)) (`string: null`) - This value defines additional annotations for the mesh gateways' service account. This should be formatted as a
multi-line string.
```yaml
annotations: |
"sample/annotation1": "foo"
"sample/annotation2": "bar"
```
- `resources` ((#v-synccatalog-resources)) (`map`) - Resource settings for sync catalog pods. - `resources` ((#v-synccatalog-resources)) (`map`) - Resource settings for sync catalog pods.
- `logLevel` ((#v-synccatalog-loglevel)) (`string: info`) - Log verbosity level. One of "trace", "debug", "info", "warn", or "error". - `logLevel` ((#v-synccatalog-loglevel)) (`string: info`) - Log verbosity level. One of "trace", "debug", "info", "warn", or "error".
@ -1037,6 +1096,13 @@ and consider if they're appropriate for your deployment.
i.e. we enforce that all traffic within the pod will go through the proxy. i.e. we enforce that all traffic within the pod will go through the proxy.
This value is overridable via the "consul.hashicorp.com/transparent-proxy" pod annotation. This value is overridable via the "consul.hashicorp.com/transparent-proxy" pod annotation.
- `defaultOverwriteProbes` ((#v-connectinject-transparentproxy-defaultoverwriteprobes)) (`boolean: true`) - If true, we will overwrite Kubernetes HTTP probes of the pod to point to the Envoy proxy instead.
This setting is recommended because with traffic being enforced to go through the Envoy proxy,
the probes on the pod will fail because kube-proxy doesn't have the right certificates
to talk to Envoy.
This value is also overridable via the "consul.hashicorp.com/transparent-proxy-overwrite-probes" annotation.
Note: This value has no effect if transparent proxy is disabled on the pod.
- `metrics` ((#v-connectinject-metrics)) - Configures metrics for Consul Connect services. All values are overridable - `metrics` ((#v-connectinject-metrics)) - Configures metrics for Consul Connect services. All values are overridable
via annotations on a per-pod basis. via annotations on a per-pod basis.
@ -1085,6 +1151,17 @@ and consider if they're appropriate for your deployment.
- `logLevel` ((#v-connectinject-loglevel)) (`string: info`) - Log verbosity level. One of "debug", "info", "warn", or "error". - `logLevel` ((#v-connectinject-loglevel)) (`string: info`) - Log verbosity level. One of "debug", "info", "warn", or "error".
- `serviceAccount` ((#v-connectinject-serviceaccount))
- `annotations` ((#v-connectinject-serviceaccount-annotations)) (`string: null`) - This value defines additional annotations for the injector service account. This should be formatted as a
multi-line string.
```yaml
annotations: |
"sample/annotation1": "foo"
"sample/annotation2": "bar"
```
- `resources` ((#v-connectinject-resources)) (`map`) - Resource settings for connect inject pods. - `resources` ((#v-connectinject-resources)) (`map`) - Resource settings for connect inject pods.
- `namespaceSelector` ((#v-connectinject-namespaceselector)) (`string: null`) - Selector for restricting the webhook to only - `namespaceSelector` ((#v-connectinject-namespaceselector)) (`string: null`) - Selector for restricting the webhook to only
@ -1226,6 +1303,17 @@ and consider if they're appropriate for your deployment.
- `logLevel` ((#v-controller-loglevel)) (`string: info`) - Log verbosity level. One of "debug", "info", "warn", or "error". - `logLevel` ((#v-controller-loglevel)) (`string: info`) - Log verbosity level. One of "debug", "info", "warn", or "error".
- `serviceAccount` ((#v-controller-serviceaccount))
- `annotations` ((#v-controller-serviceaccount-annotations)) (`string: null`) - This value defines additional annotations for the controller service account. This should be formatted as a
multi-line string.
```yaml
annotations: |
"sample/annotation1": "foo"
"sample/annotation2": "bar"
```
- `resources` ((#v-controller-resources)) (`map`) - Resource settings for controller pods. - `resources` ((#v-controller-resources)) (`map`) - Resource settings for controller pods.
- `nodeSelector` ((#v-controller-nodeselector)) (`string: null`) - Optional YAML string to specify a nodeSelector config. - `nodeSelector` ((#v-controller-nodeselector)) (`string: null`) - Optional YAML string to specify a nodeSelector config.
@ -1311,7 +1399,7 @@ and consider if they're appropriate for your deployment.
- `port` ((#v-meshgateway-service-port)) (`integer: 443`) - Port that the service will be exposed on. - `port` ((#v-meshgateway-service-port)) (`integer: 443`) - Port that the service will be exposed on.
The targetPort will be set to meshGateway.containerPort. The targetPort will be set to meshGateway.containerPort.
- `nodePort` ((#v-meshgateway-service-nodeport)) (`integer: null`) - Optionally hardcode the nodePort of the service if using a NodePort service. - `nodePort` ((#v-meshgateway-service-nodeport)) (`integer: null`) - Optionally set the nodePort value of the service if using a NodePort service.
If not set and using a NodePort service, Kubernetes will automatically assign If not set and using a NodePort service, Kubernetes will automatically assign
a port. a port.
@ -1345,6 +1433,17 @@ and consider if they're appropriate for your deployment.
NOTE: Cannot set to 8500 or 8502 because those are reserved for the Consul NOTE: Cannot set to 8500 or 8502 because those are reserved for the Consul
agent. agent.
- `serviceAccount` ((#v-meshgateway-serviceaccount))
- `annotations` ((#v-meshgateway-serviceaccount-annotations)) (`string: null`) - This value defines additional annotations for the mesh gateways' service account. This should be formatted as a
multi-line string.
```yaml
annotations: |
"sample/annotation1": "foo"
"sample/annotation2": "bar"
```
- `resources` ((#v-meshgateway-resources)) (`map`) - Resource settings for mesh gateway pods. - `resources` ((#v-meshgateway-resources)) (`map`) - Resource settings for mesh gateway pods.
NOTE: The use of a YAML string is deprecated. Instead, set directly as a NOTE: The use of a YAML string is deprecated. Instead, set directly as a
YAML map. YAML map.
@ -1415,6 +1514,17 @@ and consider if they're appropriate for your deployment.
- `additionalSpec` ((#v-ingressgateways-defaults-service-additionalspec)) (`string: null`) - Optional YAML string that will be appended to the Service spec. - `additionalSpec` ((#v-ingressgateways-defaults-service-additionalspec)) (`string: null`) - Optional YAML string that will be appended to the Service spec.
- `serviceAccount` ((#v-ingressgateways-defaults-serviceaccount))
- `annotations` ((#v-ingressgateways-defaults-serviceaccount-annotations)) (`string: null`) - This value defines additional annotations for the ingress gateways' service account. This should be formatted
as a multi-line string.
```yaml
annotations: |
"sample/annotation1": "foo"
"sample/annotation2": "bar"
```
- `resources` ((#v-ingressgateways-defaults-resources)) (`map`) - Resource limits for all ingress gateway pods - `resources` ((#v-ingressgateways-defaults-resources)) (`map`) - Resource limits for all ingress gateway pods
- `initCopyConsulContainer` ((#v-ingressgateways-defaults-initcopyconsulcontainer)) (`map`) - Resource settings for the `copy-consul-bin` init container. - `initCopyConsulContainer` ((#v-ingressgateways-defaults-initcopyconsulcontainer)) (`map`) - Resource settings for the `copy-consul-bin` init container.
@ -1510,6 +1620,17 @@ and consider if they're appropriate for your deployment.
'annotation-key': annotation-value 'annotation-key': annotation-value
``` ```
- `serviceAccount` ((#v-terminatinggateways-defaults-serviceaccount))
- `annotations` ((#v-terminatinggateways-defaults-serviceaccount-annotations)) (`string: null`) - This value defines additional annotations for the terminating gateways' service account. This should be
formatted as a multi-line string.
```yaml
annotations: |
"sample/annotation1": "foo"
"sample/annotation2": "bar"
```
- `consulNamespace` ((#v-terminatinggateways-defaults-consulnamespace)) (`string: default`) - <EnterpriseAlert inline /> `consulNamespace` defines the Consul namespace to register - `consulNamespace` ((#v-terminatinggateways-defaults-consulnamespace)) (`string: default`) - <EnterpriseAlert inline /> `consulNamespace` defines the Consul namespace to register
the gateway into. Requires `global.enableConsulNamespaces` to be true and the gateway into. Requires `global.enableConsulNamespaces` to be true and
Consul Enterprise v1.7+ with a valid Consul Enterprise license. Consul Enterprise v1.7+ with a valid Consul Enterprise license.
@ -1527,11 +1648,6 @@ and consider if they're appropriate for your deployment.
- `enabled` ((#v-prometheus-enabled)) (`boolean: false`) - When true, the Helm chart will install a demo Prometheus server instance - `enabled` ((#v-prometheus-enabled)) (`boolean: false`) - When true, the Helm chart will install a demo Prometheus server instance
alongside Consul. alongside Consul.
- `grafana` ((#v-grafana)) - Configures a demo Grafana installation.
- `enabled` ((#v-grafana-enabled)) (`boolean: false`) - When true, the Helm chart will install a demo Grafana instance
alongside Consul.
- `tests` ((#v-tests)) - Control whether a test Pod manifest is generated when running helm template. - `tests` ((#v-tests)) - Control whether a test Pod manifest is generated when running helm template.
When using helm install, the test Pod is not submitted to the cluster so this When using helm install, the test Pod is not submitted to the cluster so this
is only useful when running helm template. is only useful when running helm template.