docs: provide example for enabling mesh on a per namespace basis (#12255)

* docs: provide example for enabling mesh on a per namespace basis

* add headings

* Update install.mdx

* Update install.mdx

* Update website/content/docs/k8s/installation/install.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update install.mdx

* Update website/content/docs/k8s/installation/install.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/k8s/installation/install.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* add changes from review

* Update install.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

website/content/docs/k8s/installation/install.mdx

@@ -76,7 +76,7 @@ The [Homebrew](https://brew.sh) package manager is required to complete the foll
     ✓ Consul installed into namespace "consul"
   ```
 
-1. (Optional) Run `consul-k8s status` command to quickly glance at the status of the installed Consul cluster. 
+1. (Optional) Issue the `consul-k8s status` command to quickly glance at the status of the installed Consul cluster. 
 
   ```shell-session
   $ consul-k8s status
@@ -175,8 +175,9 @@ create a `config.yaml` file to override the default settings.
 You can learn what settings are available by running `helm inspect values hashicorp/consul`
 or by reading the [Helm Chart Reference](/docs/k8s/helm).
 
-For example, if you want to enable the [Consul Connect](/docs/k8s/connect) feature,
-use the following config file:
+#### Minimal `config.yaml` for Consul Service Mesh
+
+The minimal settings to enable [Consul Service Mesh]((/docs/k8s/connect)) would be captured in the following `config.yaml` config file:
 
 <CodeBlockConfig filename="config.yaml">
 
@@ -199,6 +200,44 @@ NAME: consul
 ...
 ```
 
+#### Enable Consul Service Mesh on select namespaces
+
+By default, Consul Service Mesh is enabled on almost all namespaces (with the exception of `kube-system` and `local-path-storage`) within a Kubernetes cluster. You can restrict this to a subset of namespaces by specifying a `namespaceSelector` that matches a label attached to each namespace denoting whether to enable Consul service mesh. In order to default to enabling service mesh on select namespaces by label, the `connectInject.default` value must be set to `true`.
+
+<CodeBlockConfig filename="config.yaml">
+
+```yaml
+global:
+  name: consul
+connectInject:
+  enabled: true
+  default: true
+  namespaceSelector: |
+    matchLabels:
+      connect-inject : enabled
+controller:
+  enabled: true
+```
+  
+</CodeBlockConfig>
+
+Label the namespace(s), where you would like to enable Consul Service Mesh. 
+
+```shell-session
+$ kubectl create ns foo 
+$ kubectl label namespace foo connect-inject=enabled
+```
+
+Next, run `helm install` with the `--values` flag:
+
+```shell-session
+$ helm install consul hashicorp/consul --create-namespace --namespace consul --values config.yaml
+NAME: consul
+...
+```
+
+#### Updating your Consul on Kubernetes configuration 
+
 If you've already installed Consul and want to make changes, you'll need to run
 `helm upgrade`. See [Upgrading](/docs/k8s/upgrade) for more details.