Apply suggestions from code review

Applying some of the feedback from review

Co-authored-by: Freddy <freddygv@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
This commit is contained in:
trujillo-adam 2021-10-19 15:27:23 -07:00 committed by GitHub
parent ef968aaf3f
commit b1d73bee0a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 7 deletions

View File

@ -42,7 +42,7 @@ Usage: consul admin-partition <subcommand> [options] [args]
Read an admin partition:
$ consul admin-partition read ns1
$ consul admin-partition read team1
List all admin partitions:
@ -54,7 +54,7 @@ Usage: consul admin-partition <subcommand> [options] [args]
Delete an admin partition:
$ consul admin-partition delete ns1
$ consul admin-partition delete team1
For more examples, ask for subcommand help or view the documentation.
```
@ -214,7 +214,7 @@ consul admin-partition delete webdev
## Admin Partition Definition
Namespaces are managed exclusively through the HTTP API and the Consul CLI. The HTTP API accepts only JSON formatted definitions while the CLI will parse either JSON or HCL.
Admin partitions are managed exclusively through the HTTP API and the Consul CLI. The HTTP API accepts only JSON formatted definitions while the CLI will parse either JSON or HCL.
The following parameters are supported in admin partition defintion files:

View File

@ -60,7 +60,7 @@ Your Consul configuration must meet the following requirements to use admin part
* The agent token used by the client agent will need to allow `node:write` in the admin partition.
* The `read` permission for `proxy-defaults` require `admin_partition:read` for the specific partition. The `write` permission for proxy-defaults require `mesh:write`. See [Admin Partition Rules](/docs/security/acl/acl-rules#admin-partition-rules) for additional information
* The write permissions for ingress and terminating gateways must be `operator:write`.
* The write permissions for ingress and terminating gateways must be `mesh:write`.
* Existing intentions must be set to `deny` all traffic from outside the admin partition.
* Wildcards (`*`) are not supported when creating intentions for admin partitions.
@ -122,7 +122,7 @@ Verify that your Consul deployment meets the [Kubernetes Requirements](#kubernet
1. Create the license secret in each cluster, e.g.:
```shell-session
kubectl create secret generic license --from-literal=key=<LICENSE_KEY>
kubectl create secret generic license --from-file=key=[license file path i.e. ./license.hclic]
```
This step must also be completed for each workload cluster.
@ -175,7 +175,7 @@ Verify that your Consul deployment meets the [Kubernetes Requirements](#kubernet
global:
enabled: false
enableConsulNamespaces: true
image: hashicorp/consul-enterprise:1.11.0-ent-alpha
image: hashicorp/consul-enterprise:1.11.0-ent-beta1
adminPartitions:
enabled: true
name: "clients" // partition name
@ -193,7 +193,7 @@ Verify that your Consul deployment meets the [Kubernetes Requirements](#kubernet
secretKey: key
externalServers:
enabled: true
hosts: "35.192.119.38"
hosts: "35.192.119.38" # Insert External IP of LoadBalancer here
tlsServerName: server.dc1.consul
client:
enabled: true