Update k8s ACL documentation

Clarifies that an ACL token only needs to be provided when ACLs are
enabled within the Consul cluster.
This commit is contained in:
Rebecca Zanzig 2019-01-29 15:37:13 -08:00
parent 7302285321
commit a3b830f68f

View File

@ -67,17 +67,17 @@ sync to understand how the syncing works.
The sync process must authenticate to both Kubernetes and Consul to read The sync process must authenticate to both Kubernetes and Consul to read
and write services. and write services.
For Consul, the process accepts both the standard CLI flag `-token` and
the environment variable `CONSUL_HTTP_TOKEN`. This should be set to an
Consul [ACL token](/docs/guides/acl.html) if ACLs are enabled. This
can also be configured using the Helm chart to read from a Kubernetes
secret.
For Kubernetes, a valid kubeconfig file must be provided with cluster For Kubernetes, a valid kubeconfig file must be provided with cluster
and auth information. The sync process will look into the default locations and auth information. The sync process will look into the default locations
for both in-cluster and out-of-cluster authentication. If `kubectl` works, for both in-cluster and out-of-cluster authentication. If `kubectl` works,
then the sync program should work. then the sync program should work.
For Consul, if ACLs are configured on the cluster, a Consul [ACL token](/docs/guides/acl.html)
will need to be provided. The process accepts this token by using the
`CONSUL_HTTP_TOKEN` environment variable. This token should be set as a
[Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/#creating-your-own-secrets)
and referenced in the Helm chart.
## Kubernetes to Consul ## Kubernetes to Consul
This sync registers Kubernetes services to the Consul catalog automatically. This sync registers Kubernetes services to the Consul catalog automatically.