From 1ef6bf3902624ba63cfb2e491cb287991a2bf499 Mon Sep 17 00:00:00 2001 From: Rebecca Zanzig Date: Thu, 7 Feb 2019 13:26:17 -0800 Subject: [PATCH] Add additional clarification to the ACL token wording --- website/source/docs/platform/k8s/service-sync.html.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/website/source/docs/platform/k8s/service-sync.html.md b/website/source/docs/platform/k8s/service-sync.html.md index d75fe25083..66b36da6e5 100644 --- a/website/source/docs/platform/k8s/service-sync.html.md +++ b/website/source/docs/platform/k8s/service-sync.html.md @@ -72,9 +72,12 @@ and authentication information. The sync process will look into the default loca for both in-cluster and out-of-cluster authentication. If `kubectl` works, then the sync program should work. -For Consul, if ACLs are configured on the cluster, a Consul [ACL token](https://learn.hashicorp.com/consul/advanced/day-1-operations/acl-guide) -will need to be provided. Review the [ACL rules](/docs/agent/acl-rules.html) when creating a token with only the necessary privileges. The process accepts this token by using the -[`CONSUL_HTTP_TOKEN`](docs/commands/index.html#consul_http_token) environment variable. This token should be set as a +For Consul, if ACLs are configured on the cluster, a Consul +[ACL token](https://learn.hashicorp.com/consul/advanced/day-1-operations/acl-guide) +will need to be provided. Review the [ACL rules](/docs/agent/acl-rules.html) +when creating this token so that it only allows the necessary privileges. The catalog +sync process accepts this token by using the [`CONSUL_HTTP_TOKEN`](docs/commands/index.html#consul_http_token) +environment variable. This token should be set as a [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/#creating-your-own-secrets) and referenced in the Helm chart.