From a3b830f68f439f39a093cf956c882d8ec423323e Mon Sep 17 00:00:00 2001 From: Rebecca Zanzig Date: Tue, 29 Jan 2019 15:37:13 -0800 Subject: [PATCH] Update k8s ACL documentation Clarifies that an ACL token only needs to be provided when ACLs are enabled within the Consul cluster. --- .../source/docs/platform/k8s/service-sync.html.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/website/source/docs/platform/k8s/service-sync.html.md b/website/source/docs/platform/k8s/service-sync.html.md index ff2af3ddaf..952e451baf 100644 --- a/website/source/docs/platform/k8s/service-sync.html.md +++ b/website/source/docs/platform/k8s/service-sync.html.md @@ -67,17 +67,17 @@ sync to understand how the syncing works. The sync process must authenticate to both Kubernetes and Consul to read and write services. -For Consul, the process accepts both the standard CLI flag `-token` and -the environment variable `CONSUL_HTTP_TOKEN`. This should be set to an -Consul [ACL token](/docs/guides/acl.html) if ACLs are enabled. This -can also be configured using the Helm chart to read from a Kubernetes -secret. - For Kubernetes, a valid kubeconfig file must be provided with cluster and auth information. The sync process will look into the default locations for both in-cluster and out-of-cluster authentication. If `kubectl` works, then the sync program should work. +For Consul, if ACLs are configured on the cluster, a Consul [ACL token](/docs/guides/acl.html) +will need to be provided. The process accepts this token by using the +`CONSUL_HTTP_TOKEN` environment variable. This token should be set as a +[Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/#creating-your-own-secrets) +and referenced in the Helm chart. + ## Kubernetes to Consul This sync registers Kubernetes services to the Consul catalog automatically.