From cdcfd0e4f95afd9f6d868b0e2fbed3044b41975e Mon Sep 17 00:00:00 2001 From: Iryna Shustava Date: Wed, 23 Dec 2020 11:42:36 -0800 Subject: [PATCH] Update Helm reference docs (#9463) --- website/content/docs/k8s/helm.mdx | 232 +++++------------------------- 1 file changed, 34 insertions(+), 198 deletions(-) diff --git a/website/content/docs/k8s/helm.mdx b/website/content/docs/k8s/helm.mdx index e53ca04215..7493c6cae1 100644 --- a/website/content/docs/k8s/helm.mdx +++ b/website/content/docs/k8s/helm.mdx @@ -34,7 +34,7 @@ and consider if they're appropriate for your deployment. (see `-domain` (https://consul.io/docs/agent/options#_domain)) and the domain services synced from Consul into Kubernetes will have, e.g. `service-name.service.consul`. - - `image` ((#v-global-image)) (`string: hashicorp/consul:1.9.0`) - The name (and tag) of the Consul Docker image for clients and servers. + - `image` ((#v-global-image)) (`string: hashicorp/consul:`) - The name (and tag) of the Consul Docker image for clients and servers. This can be overridden per component. This should be pinned to a specific version tag, otherwise you may inadvertently upgrade your Consul version. @@ -59,7 +59,7 @@ and consider if they're appropriate for your deployment. - name: pull-secret-name-2 ``` - - `imageK8S` ((#v-global-imagek8s)) (`string: hashicorp/consul-k8s:0.21.0`) - The name (and tag) of the consul-k8s (https://github.com/hashicorp/consul-k8s) + - `imageK8S` ((#v-global-imagek8s)) (`string: hashicorp/consul-k8s:`) - The name (and tag) of the consul-k8s (https://github.com/hashicorp/consul-k8s) Docker image that is used for functionality such the catalog sync. This can be overridden per component. @@ -216,25 +216,11 @@ and consider if they're appropriate for your deployment. `-federation` (if setting `global.name`), otherwise `-consul-federation`. Requires consul-k8s 0.15.0+. - - `lifecycleSidecarContainer` ((#v-global-lifecyclesidecarcontainer)) - The lifecycle sidecar ensures the Consul services + - `lifecycleSidecarContainer` ((#v-global-lifecyclesidecarcontainer)) (`map`) - The lifecycle sidecar ensures the Consul services are always registered with their local Consul clients and is used by the ingress/terminating/mesh gateways as well as with every Connect-injected service. - - `resources` ((#v-global-lifecyclesidecarcontainer-resources)) - - - `requests` ((#v-global-lifecyclesidecarcontainer-resources-requests)) - - - `memory` ((#v-global-lifecyclesidecarcontainer-resources-requests-memory)) (`string: 25Mi`) - - - `cpu` ((#v-global-lifecyclesidecarcontainer-resources-requests-cpu)) (`string: 20m`) - - - `limits` ((#v-global-lifecyclesidecarcontainer-resources-limits)) - - - `memory` ((#v-global-lifecyclesidecarcontainer-resources-limits-memory)) (`string: 50Mi`) - - - `cpu` ((#v-global-lifecyclesidecarcontainer-resources-limits-cpu)) (`string: 20m`) - - - `imageEnvoy` ((#v-global-imageenvoy)) (`string: envoyproxy/envoy-alpine:v1.16.0`) - The name (and tag) of the Envoy Docker image used for the + - `imageEnvoy` ((#v-global-imageenvoy)) (`string: envoyproxy/envoy-alpine:`) - The name (and tag) of the Envoy Docker image used for the connect-injected sidecar proxies and mesh, terminating, and ingress gateways. See https://www.consul.io/docs/connect/proxies/envoy for full compatibility matrix between Consul and Envoy. @@ -319,7 +305,7 @@ and consider if they're appropriate for your deployment. a new CA and set of certificates. Additional Connect settings can be configured by setting the `server.extraConfig` value. - - `resources` ((#v-server-resources)) - The resource requests (CPU, memory, etc.) + - `resources` ((#v-server-resources)) (`map`) - The resource requests (CPU, memory, etc.) for each of the server agents. This should be a YAML map corresponding to a Kubernetes ResourceRequirements (https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#resourcerequirements-v1-core) object. NOTE: The use of a YAML string is deprecated. @@ -336,17 +322,12 @@ and consider if they're appropriate for your deployment. cpu: '100m' ``` - - `requests` ((#v-server-resources-requests)) - - - `memory` ((#v-server-resources-requests-memory)) (`string: 100Mi`) - - - `cpu` ((#v-server-resources-requests-cpu)) (`string: 100m`) - - - `limits` ((#v-server-resources-limits)) - - - `memory` ((#v-server-resources-limits-memory)) (`string: 100Mi`) - - - `cpu` ((#v-server-resources-limits-cpu)) (`string: 100m`) + - `securityContext` ((#v-server-securitycontext)) (`map`) - The security context for the server pods. This should be a YAML map corresponding to a + Kubernetes [SecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) object. + By default, servers will run as non-root, with user ID `100` and group ID `1000`, + which correspond to the consul user and group created by the Consul docker image. + Note: if running on OpenShift, this setting is ignored because the user and group are set automatically + by the OpenShift platform. - `updatePartition` ((#v-server-updatepartition)) (`integer: 0`) - This value is used to carefully control a rolling update of Consul server agents. This value specifies the @@ -559,21 +540,16 @@ and consider if they're appropriate for your deployment. and the Consul servers are outside of the k8s cluster. This also changes the clients' advertised IP to the `hostIP` rather than `podIP`. - - `resources` ((#v-client-resources)) - Resource settings for Client agents. + - `resources` ((#v-client-resources)) (`map`) - Resource settings for Client agents. NOTE: The use of a YAML string is deprecated. Instead, set directly as a YAML map. - - `requests` ((#v-client-resources-requests)) - - - `memory` ((#v-client-resources-requests-memory)) (`string: 100Mi`) - - - `cpu` ((#v-client-resources-requests-cpu)) (`string: 100m`) - - - `limits` ((#v-client-resources-limits)) - - - `memory` ((#v-client-resources-limits-memory)) (`string: 100Mi`) - - - `cpu` ((#v-client-resources-limits-cpu)) (`string: 100m`) + - `securityContext` ((#v-client-securitycontext)) (`map`) - The security context for the client pods. This should be a YAML map corresponding to a + Kubernetes [SecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) object. + By default, servers will run as non-root, with user ID `100` and group ID `1000`, + which correspond to the consul user and group created by the Consul docker image. + Note: if running on OpenShift, this setting is ignored because the user and group are set automatically + by the OpenShift platform. - `extraConfig` ((#v-client-extraconfig)) (`string: {}`) - A raw string of extra JSON configuration (https://consul.io/docs/agent/options) for Consul clients. This will be saved as-is into a ConfigMap that is read by the Consul @@ -715,19 +691,7 @@ and consider if they're appropriate for your deployment. - `secretKey` ((#v-client-snapshotagent-configsecret-secretkey)) (`string: null`) - The key of the Kubernetes secret. - - `resources` ((#v-client-snapshotagent-resources)) - Resource settings for snapshot agent pods. - - - `requests` ((#v-client-snapshotagent-resources-requests)) - - - `memory` ((#v-client-snapshotagent-resources-requests-memory)) (`string: 50Mi`) - - - `cpu` ((#v-client-snapshotagent-resources-requests-cpu)) (`string: 50m`) - - - `limits` ((#v-client-snapshotagent-resources-limits)) - - - `memory` ((#v-client-snapshotagent-resources-limits-memory)) (`string: 50Mi`) - - - `cpu` ((#v-client-snapshotagent-resources-limits-cpu)) (`string: 50m`) + - `resources` ((#v-client-snapshotagent-resources)) (`map`) - Resource settings for snapshot agent pods. - `caCert` ((#v-client-snapshotagent-cacert)) (`string: null`) - Optional PEM-encoded CA certificate that will be added to the trusted system CAs. Useful if using an S3-compatible storage exposing a self-signed certificate. @@ -941,19 +905,7 @@ and consider if they're appropriate for your deployment. This should be a multi-line string matching the Toleration array in a PodSpec. - - `resources` ((#v-synccatalog-resources)) - Resource settings for sync catalog pods. - - - `requests` ((#v-synccatalog-resources-requests)) - - - `memory` ((#v-synccatalog-resources-requests-memory)) (`string: 50Mi`) - - - `cpu` ((#v-synccatalog-resources-requests-cpu)) (`string: 50m`) - - - `limits` ((#v-synccatalog-resources-limits)) - - - `memory` ((#v-synccatalog-resources-limits-memory)) (`string: 50Mi`) - - - `cpu` ((#v-synccatalog-resources-limits-cpu)) (`string: 50m`) + - `resources` ((#v-synccatalog-resources)) (`map`) - Resource settings for sync catalog pods. - `logLevel` ((#v-synccatalog-loglevel)) (`string: info`) - Log verbosity level. One of "trace", "debug", "info", "warn", or "error". @@ -994,19 +946,7 @@ and consider if they're appropriate for your deployment. - `logLevel` ((#v-connectinject-loglevel)) (`string: info`) - Log verbosity level. One of "debug", "info", "warn", or "error". - - `resources` ((#v-connectinject-resources)) - Resource settings for connect inject pods. - - - `requests` ((#v-connectinject-resources-requests)) - - - `memory` ((#v-connectinject-resources-requests-memory)) (`string: 50Mi`) - - - `cpu` ((#v-connectinject-resources-requests-cpu)) (`string: 50m`) - - - `limits` ((#v-connectinject-resources-limits)) - - - `memory` ((#v-connectinject-resources-limits-memory)) (`string: 50Mi`) - - - `cpu` ((#v-connectinject-resources-limits-cpu)) (`string: 50m`) + - `resources` ((#v-connectinject-resources)) (`map`) - Resource settings for connect inject pods. - `namespaceSelector` ((#v-connectinject-namespaceselector)) (`string: null`) - Selector for restricting the webhook to only specific namespaces. This should be set to a multiline string. @@ -1130,9 +1070,9 @@ and consider if they're appropriate for your deployment. This token needs to have `operator = "write"` privileges to be able to create Consul namespaces. - - `secretName` ((#v-connectinject-aclinjecttoken-secretname)) (`string: null`) + - `secretName` ((#v-connectinject-aclinjecttoken-secretname)) (`string: null`) - The name of the Kubernetes secret. - - `secretKey` ((#v-connectinject-aclinjecttoken-secretkey)) (`string: null`) + - `secretKey` ((#v-connectinject-aclinjecttoken-secretkey)) (`string: null`) - The key of the Kubernetes secret. - `centralConfig` ((#v-connectinject-centralconfig)) - Requires Consul >= v1.5 and consul-k8s >= v0.8.1. @@ -1155,7 +1095,7 @@ and consider if they're appropriate for your deployment. - `sidecarProxy` ((#v-connectinject-sidecarproxy)) - - `resources` ((#v-connectinject-sidecarproxy-resources)) - Set default resources for sidecar proxy. If null, that resource won't + - `resources` ((#v-connectinject-sidecarproxy-resources)) (`map`) - Set default resources for sidecar proxy. If null, that resource won't be set. These settings can be overridden on a per-pod basis via these annotations: @@ -1176,45 +1116,19 @@ and consider if they're appropriate for your deployment. - `cpu` ((#v-connectinject-sidecarproxy-resources-limits-cpu)) (`string: null`) - Recommended default: 100m - - `initContainer` ((#v-connectinject-initcontainer)) - Resource settings for the Connect injected init container. - - - `resources` ((#v-connectinject-initcontainer-resources)) - - - `requests` ((#v-connectinject-initcontainer-resources-requests)) - - - `memory` ((#v-connectinject-initcontainer-resources-requests-memory)) (`string: 25Mi`) - - - `cpu` ((#v-connectinject-initcontainer-resources-requests-cpu)) (`string: 50m`) - - - `limits` ((#v-connectinject-initcontainer-resources-limits)) - - - `memory` ((#v-connectinject-initcontainer-resources-limits-memory)) (`string: 150Mi`) - - - `cpu` ((#v-connectinject-initcontainer-resources-limits-cpu)) (`string: 50m`) + - `initContainer` ((#v-connectinject-initcontainer)) (`map`) - Resource settings for the Connect injected init container. - `controller` ((#v-controller)) - Controller handles config entry custom resources. Requires consul >= 1.8.4. ServiceIntentions require consul 1.9+. - - `enabled` ((#v-controller-enabled)) (`boolean: false`) + - `enabled` ((#v-controller-enabled)) (`boolean: false`) - Enables the controller for managing custom resources. - - `replicas` ((#v-controller-replicas)) (`integer: 1`) + - `replicas` ((#v-controller-replicas)) (`integer: 1`) - The number of deployment replicas. - `logLevel` ((#v-controller-loglevel)) (`string: info`) - Log verbosity level. One of "debug", "info", "warn", or "error". - - `resources` ((#v-controller-resources)) - Resource settings for controller pods. - - - `limits` ((#v-controller-resources-limits)) - - - `cpu` ((#v-controller-resources-limits-cpu)) (`string: 100m`) - - - `memory` ((#v-controller-resources-limits-memory)) (`string: 50Mi`) - - - `requests` ((#v-controller-resources-requests)) - - - `cpu` ((#v-controller-resources-requests-cpu)) (`string: 100m`) - - - `memory` ((#v-controller-resources-requests-memory)) (`string: 50Mi`) + - `resources` ((#v-controller-resources)) (`map`) - Resource settings for controller pods. - `nodeSelector` ((#v-controller-nodeselector)) (`string: null`) - Optional YAML string to specify a nodeSelector config. @@ -1323,37 +1237,11 @@ and consider if they're appropriate for your deployment. NOTE: Cannot set to 8500 or 8502 because those are reserved for the Consul agent. - - `resources` ((#v-meshgateway-resources)) - Resource settings for mesh gateway pods. + - `resources` ((#v-meshgateway-resources)) (`map`) - Resource settings for mesh gateway pods. NOTE: The use of a YAML string is deprecated. Instead, set directly as a YAML map. - - `requests` ((#v-meshgateway-resources-requests)) - - - `memory` ((#v-meshgateway-resources-requests-memory)) (`string: 100Mi`) - - - `cpu` ((#v-meshgateway-resources-requests-cpu)) (`string: 100m`) - - - `limits` ((#v-meshgateway-resources-limits)) - - - `memory` ((#v-meshgateway-resources-limits-memory)) (`string: 100Mi`) - - - `cpu` ((#v-meshgateway-resources-limits-cpu)) (`string: 100m`) - - - `initCopyConsulContainer` ((#v-meshgateway-initcopyconsulcontainer)) - Resource settings for the `copy-consul-bin` init container. - - - `resources` ((#v-meshgateway-initcopyconsulcontainer-resources)) - - - `requests` ((#v-meshgateway-initcopyconsulcontainer-resources-requests)) - - - `memory` ((#v-meshgateway-initcopyconsulcontainer-resources-requests-memory)) (`string: 25Mi`) - - - `cpu` ((#v-meshgateway-initcopyconsulcontainer-resources-requests-cpu)) (`string: 50m`) - - - `limits` ((#v-meshgateway-initcopyconsulcontainer-resources-limits)) - - - `memory` ((#v-meshgateway-initcopyconsulcontainer-resources-limits-memory)) (`string: 150Mi`) - - - `cpu` ((#v-meshgateway-initcopyconsulcontainer-resources-limits-cpu)) (`string: 50m`) + - `initCopyConsulContainer` ((#v-meshgateway-initcopyconsulcontainer)) (`map`) - Resource settings for the `copy-consul-bin` init container. - `affinity` ((#v-meshgateway-affinity)) (`string`) - By default, we set an anti-affinity so that two gateway pods won't be on the same node. NOTE: Gateways require that Consul client agents are @@ -1419,35 +1307,9 @@ and consider if they're appropriate for your deployment. - `additionalSpec` ((#v-ingressgateways-defaults-service-additionalspec)) (`string: null`) - Optional YAML string that will be appended to the Service spec. - - `resources` ((#v-ingressgateways-defaults-resources)) - Resource limits for all ingress gateway pods + - `resources` ((#v-ingressgateways-defaults-resources)) (`map`) - Resource limits for all ingress gateway pods - - `requests` ((#v-ingressgateways-defaults-resources-requests)) - - - `memory` ((#v-ingressgateways-defaults-resources-requests-memory)) (`string: 100Mi`) - - - `cpu` ((#v-ingressgateways-defaults-resources-requests-cpu)) (`string: 100m`) - - - `limits` ((#v-ingressgateways-defaults-resources-limits)) - - - `memory` ((#v-ingressgateways-defaults-resources-limits-memory)) (`string: 100Mi`) - - - `cpu` ((#v-ingressgateways-defaults-resources-limits-cpu)) (`string: 100m`) - - - `initCopyConsulContainer` ((#v-ingressgateways-defaults-initcopyconsulcontainer)) - Resource settings for the `copy-consul-bin` init container. - - - `resources` ((#v-ingressgateways-defaults-initcopyconsulcontainer-resources)) - - - `requests` ((#v-ingressgateways-defaults-initcopyconsulcontainer-resources-requests)) - - - `memory` ((#v-ingressgateways-defaults-initcopyconsulcontainer-resources-requests-memory)) (`string: 25Mi`) - - - `cpu` ((#v-ingressgateways-defaults-initcopyconsulcontainer-resources-requests-cpu)) (`string: 50m`) - - - `limits` ((#v-ingressgateways-defaults-initcopyconsulcontainer-resources-limits)) - - - `memory` ((#v-ingressgateways-defaults-initcopyconsulcontainer-resources-limits-memory)) (`string: 150Mi`) - - - `cpu` ((#v-ingressgateways-defaults-initcopyconsulcontainer-resources-limits-cpu)) (`string: 50m`) + - `initCopyConsulContainer` ((#v-ingressgateways-defaults-initcopyconsulcontainer)) (`map`) - Resource settings for the `copy-consul-bin` init container. - `affinity` ((#v-ingressgateways-defaults-affinity)) (`string`) - By default, we set an anti-affinity so that two of the same gateway pods won't be on the same node. NOTE: Gateways require that Consul client agents are @@ -1515,35 +1377,9 @@ and consider if they're appropriate for your deployment. path: path # secret will now mount to /consul/userconfig/my-secret/path ``` - - `resources` ((#v-terminatinggateways-defaults-resources)) - Resource limits for all terminating gateway pods + - `resources` ((#v-terminatinggateways-defaults-resources)) (`map`) - Resource limits for all terminating gateway pods - - `requests` ((#v-terminatinggateways-defaults-resources-requests)) - - - `memory` ((#v-terminatinggateways-defaults-resources-requests-memory)) (`string: 100Mi`) - - - `cpu` ((#v-terminatinggateways-defaults-resources-requests-cpu)) (`string: 100m`) - - - `limits` ((#v-terminatinggateways-defaults-resources-limits)) - - - `memory` ((#v-terminatinggateways-defaults-resources-limits-memory)) (`string: 100Mi`) - - - `cpu` ((#v-terminatinggateways-defaults-resources-limits-cpu)) (`string: 100m`) - - - `initCopyConsulContainer` ((#v-terminatinggateways-defaults-initcopyconsulcontainer)) - Resource settings for the `copy-consul-bin` init container. - - - `resources` ((#v-terminatinggateways-defaults-initcopyconsulcontainer-resources)) - - - `requests` ((#v-terminatinggateways-defaults-initcopyconsulcontainer-resources-requests)) - - - `memory` ((#v-terminatinggateways-defaults-initcopyconsulcontainer-resources-requests-memory)) (`string: 25Mi`) - - - `cpu` ((#v-terminatinggateways-defaults-initcopyconsulcontainer-resources-requests-cpu)) (`string: 50m`) - - - `limits` ((#v-terminatinggateways-defaults-initcopyconsulcontainer-resources-limits)) - - - `memory` ((#v-terminatinggateways-defaults-initcopyconsulcontainer-resources-limits-memory)) (`string: 150Mi`) - - - `cpu` ((#v-terminatinggateways-defaults-initcopyconsulcontainer-resources-limits-cpu)) (`string: 50m`) + - `initCopyConsulContainer` ((#v-terminatinggateways-defaults-initcopyconsulcontainer)) (`map`) - Resource settings for the `copy-consul-bin` init container. - `affinity` ((#v-terminatinggateways-defaults-affinity)) (`string`) - By default, we set an anti-affinity so that two of the same gateway pods won't be on the same node. NOTE: Gateways require that Consul client agents are