mirror of https://github.com/status-im/consul.git
docs: small typos in single dc k8s clusters (#14484)
* docs: small typos in single dc k8s clusters Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
This commit is contained in:
parent
8c46e48e0d
commit
7d580b3857
|
@ -6,7 +6,7 @@ description: Single Consul Datacenter deployed in multiple Kubernetes clusters
|
|||
|
||||
# Single Consul Datacenter in Multiple Kubernetes Clusters
|
||||
|
||||
~> **Note:** For running Consul across multiple Kubernetes, it is generally recommended to utilize [Admin Partitions](/docs/enterprise/admin-partitions) for production environments. This Consul Enterprise feature allows for the ability to accommodate for multiple tenants without concerns of resource collisions when administering a cluster at scale, and for the ability to run Consul on Kubernetes clusters across a non-flat network.
|
||||
~> **Note:** When running Consul across multiple Kubernetes clusters, we recommend using [admin partitions](/docs/enterprise/admin-partitions) for production environments. This Consul Enterprise feature allows you to accommodate multiple tenants without resource collisions when administering a cluster at scale. Admin partitions also enable you to run Consul on Kubernetes clusters across a non-flat network.
|
||||
|
||||
This page describes deploying a single Consul datacenter in multiple Kubernetes clusters,
|
||||
with servers and clients running in one cluster and only clients in the rest of the clusters.
|
||||
|
@ -76,7 +76,7 @@ which are likely going to change.
|
|||
|
||||
To deploy, first generate the Gossip encryption key and save it as a Kubernetes secret.
|
||||
|
||||
```shell
|
||||
```shell-session
|
||||
$ kubectl create secret generic consul-gossip-encryption-key --from-literal=key=$(consul keygen)
|
||||
```
|
||||
|
||||
|
@ -163,7 +163,7 @@ which can be seen by running `kubectl get nodes --output wide`.
|
|||
Set `externalServers.httpsPort` to the `nodePort` of the `cluster1-consul-ui` service.
|
||||
In our example, the port is `31557`.
|
||||
|
||||
```shell
|
||||
```shell-session
|
||||
$ kubectl get service cluster1-consul-ui --context cluster1
|
||||
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
|
||||
cluster1-consul-ui NodePort 10.0.240.80 <none> 443:31557/TCP 40h
|
||||
|
|
|
@ -109,7 +109,7 @@ NAME: consul
|
|||
|
||||
### Enable the Consul CNI plugin
|
||||
|
||||
By default, Consul generates a `connect-inject init` container as part of the Kubernetes pod startup process when Consul is in [transparent proxy mode](/docs/connect/transparent-proxy). The container configures traffic redirection in the service mesh through the sidecar proxy. To configure redirection, the container requires elevated CAP_NET_ADMIN privileges, which may not be compatible with security policies in your organization.
|
||||
By default, Consul generates a `connect-inject init` container as part of the Kubernetes pod startup process when Consul is in [transparent proxy mode](/docs/connect/transparent-proxy). The container configures traffic redirection in the service mesh through the sidecar proxy. To configure redirection, the container requires elevated `CAP_NET_ADMIN` privileges, which may not be compatible with security policies in your organization.
|
||||
|
||||
Instead, you can enable the Consul container network interface (CNI) plugin to perform traffic redirection. Because the plugin is executed by the Kubernetes kubelet, the plugin already has the elevated privileges necessary to configure the network.
|
||||
|
||||
|
|
Loading…
Reference in New Issue