status-im/consul
2
0
Fork 0
mirror of https://github.com/status-im/consul.git synced 2025-02-08 11:54:12 +00:00
Code Issues Projects Releases Wiki Activity

k8s docs - ACLs refactor - Updating terminating gateway documentation to call out updating the role rather than the token with the policy (#12612)

Browse Source 
* k8s docs - ACLs refactor - Updating terminating gateway documentation to call out updating the role rather than the token with the policy

* Modifying role and policy names based on naming convention change.
This commit is contained in:
John Murret 2022-04-06 15:54:27 -06:00 committed by GitHub
parent 5245251bbf
commit 25c32be517
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
website/content/docs/k8s/connect/terminating-gateways.mdx
View File

@ -138,16 +138,13 @@ $ curl --request PUT --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" --data @exter
true true
``` ```
### Update terminating gateway ACL token if ACLs are enabled ### Update terminating gateway ACL role if ACLs are enabled
If ACLs are enabled, update the terminating gateway acl token to have `service: write` permissions on all of the services If ACLs are enabled, update the terminating gateway acl role to have `service: write` permissions on all of the services
being represented by the gateway: being represented by the gateway:
- Create a new policy that includes these permissions - Create a new policy that includes these permissions
- Update the existing token to include the new policy - Update the existing rolc to include the new policy
~> The CLI command should be run with the `-merge-policies`, `-merge-roles` and `-merge-service-identities` so
nothing is removed from the terminating gateway token
<CodeBlockConfig filename="write-policy.hcl"> <CodeBlockConfig filename="write-policy.hcl">
@ -174,28 +171,28 @@ service "example-https" {
Now fetch the ID of the terminating gateway token Now fetch the ID of the terminating gateway token
```shell-session ```shell-session
consul acl token list | grep -B 6 -- "- terminating-gateway-terminating-gateway-token" | grep AccessorID consul acl role list | grep -B 6 -- "- RELEASE_NAME-terminating-gateway-policy" | grep ID
AccessorID: <token id> ID: <role id>
``` ```
Update the terminating gateway acl token with the new policy Update the terminating gateway acl token with the new policy
```shell-session ```shell-session
$ consul acl token update -id <token-id> -policy-name example-https-write-policy -merge-policies -merge-roles -merge-service-identities $ consul acl role update -id <role id> -policy-name example-https-write-policy
AccessorID: <token id> AccessorID: <role id>
SecretID: <secret id> SecretID: <secret id>
Description: terminating-gateway-terminating-gateway-token Token Description: RELEASE_NAME-terminating-gateway-acl-role
Local: true Local: true
Create Time: 2021-01-08 21:18:47.957450486 +0000 UTC Create Time: 2021-01-08 21:18:47.957450486 +0000 UTC
Policies: Policies:
63bf1d9b-a87d-8672-ddcb-d25e2d88adb8 - terminating-gateway-terminating-gateway-token 63bf1d9b-a87d-8672-ddcb-d25e2d88adb8 - RELEASE_NAME-terminating-gateway-policy
f63d1ae6-ffe7-44bd-bf7a-704a86939a63 - example-https-write-policy f63d1ae6-ffe7-44bd-bf7a-704a86939a63 - example-https-write-policy
``` ```
### Create the configuration entry for the terminating gateway ### Create the configuration entry for the terminating gateway
Once the tokens have been updated, create the [TerminatingGateway](/docs/connect/config-entries/terminating-gateway) Once the roles have been updated, create the [TerminatingGateway](/docs/connect/config-entries/terminating-gateway)
resource to configure the terminating gateway: resource to configure the terminating gateway:
<CodeBlockConfig filename="terminating-gateway.yaml"> <CodeBlockConfig filename="terminating-gateway.yaml">