mirror of https://github.com/status-im/consul.git
update docs (#12543)
This commit is contained in:
parent
0e122479fa
commit
d6792f14a3
|
@ -1366,9 +1366,26 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr
|
||||||
as well as permission to mount the backend at this path if it is not already
|
as well as permission to mount the backend at this path if it is not already
|
||||||
mounted.
|
mounted.
|
||||||
|
|
||||||
#### Common CA Config Options
|
- `auth_method` ((#vault_ca_auth_method))
|
||||||
|
Vault auth method to use for logging in to Vault.
|
||||||
|
Please see [Vault Auth Methods](https://www.vaultproject.io/docs/auth) for more information
|
||||||
|
on how to configure individual auth methods. If auth method is provided, Consul will obtain a
|
||||||
|
new token from Vault when the token can no longer be renewed.
|
||||||
|
|
||||||
There are also a number of common configuration options supported by all providers:
|
- `type` The type of Vault auth method.
|
||||||
|
|
||||||
|
- `mount_path` The mount path of the auth method.
|
||||||
|
If not provided the auth method type will be used as the mount path.
|
||||||
|
|
||||||
|
- `params` The parameters to configure the auth method.
|
||||||
|
Please see [Vault Auth Methods](https://www.vaultproject.io/docs/auth) for information on how
|
||||||
|
to configure the auth method you wish to use. If using the Kubernetes auth method, Consul will
|
||||||
|
read the service account token from the default mount path `/var/run/secrets/kubernetes.io/serviceaccount/token`
|
||||||
|
if the `jwt` parameter is not provided.
|
||||||
|
|
||||||
|
#### Common CA Config Options
|
||||||
|
|
||||||
|
There are also a number of common configuration options supported by all providers:
|
||||||
|
|
||||||
- `csr_max_concurrent` ((#ca_csr_max_concurrent)) Sets a limit on the number
|
- `csr_max_concurrent` ((#ca_csr_max_concurrent)) Sets a limit on the number
|
||||||
of Certificate Signing Requests that can be processed concurrently. Defaults
|
of Certificate Signing Requests that can be processed concurrently. Defaults
|
||||||
|
|
|
@ -99,7 +99,7 @@ The configuration options are listed below.
|
||||||
|
|
||||||
- `AuthMethod` / `auth_method` (`map: nil`) - Vault auth method to use for logging in to Vault.
|
- `AuthMethod` / `auth_method` (`map: nil`) - Vault auth method to use for logging in to Vault.
|
||||||
Please see [Vault Auth Methods](https://www.vaultproject.io/docs/auth) for more information
|
Please see [Vault Auth Methods](https://www.vaultproject.io/docs/auth) for more information
|
||||||
on how to configure individual auth methods. If auth method is provided, Consul will obtain a
|
on how to configure individual auth methods. If auth method is provided, Consul will obtain
|
||||||
a new token from Vault when the token can no longer be renewed.
|
a new token from Vault when the token can no longer be renewed.
|
||||||
|
|
||||||
- `Type`/ `type` (`string: ""`) - The type of Vault auth method.
|
- `Type`/ `type` (`string: ""`) - The type of Vault auth method.
|
||||||
|
@ -122,9 +122,9 @@ The configuration options are listed below.
|
||||||
exist, Consul will mount a new PKI secrets engine at the specified path with the
|
exist, Consul will mount a new PKI secrets engine at the specified path with the
|
||||||
`RootCertTTL` value as the root certificate's TTL. If the `RootCertTTL` is not set,
|
`RootCertTTL` value as the root certificate's TTL. If the `RootCertTTL` is not set,
|
||||||
a [`max_lease_ttl`](https://www.vaultproject.io/api/system/mounts#max_lease_ttl)
|
a [`max_lease_ttl`](https://www.vaultproject.io/api/system/mounts#max_lease_ttl)
|
||||||
of 87600 hours, or 10 years is applied by default as of Consul 1.11 and later. Prior to Consul 1.11,
|
of 87600 hours, or 10 years is applied by default as of Consul 1.11 and later. Prior to Consul 1.11,
|
||||||
the root certificate TTL was set to 8760 hour, or 1 year, and was not configurable.
|
the root certificate TTL was set to 8760 hour, or 1 year, and was not configurable.
|
||||||
The root certificate will expire at the end of the specified period.
|
The root certificate will expire at the end of the specified period.
|
||||||
|
|
||||||
When WAN Federation is enabled, each secondary datacenter must use the same Vault cluster and share the same `root_pki_path`
|
When WAN Federation is enabled, each secondary datacenter must use the same Vault cluster and share the same `root_pki_path`
|
||||||
with the primary datacenter.
|
with the primary datacenter.
|
||||||
|
@ -140,10 +140,10 @@ The configuration options are listed below.
|
||||||
The path to a PKI secrets engine for the generated intermediate certificate.
|
The path to a PKI secrets engine for the generated intermediate certificate.
|
||||||
This certificate will be signed by the configured root PKI path. If this
|
This certificate will be signed by the configured root PKI path. If this
|
||||||
path does not exist, Consul will attempt to mount and configure this
|
path does not exist, Consul will attempt to mount and configure this
|
||||||
automatically.
|
automatically.
|
||||||
|
|
||||||
When WAN Federation is enabled, every secondary
|
When WAN Federation is enabled, every secondary
|
||||||
datacenter must specify a unique `intermediate_pki_path`.
|
datacenter must specify a unique `intermediate_pki_path`.
|
||||||
|
|
||||||
- `CAFile` / `ca_file` (`string: ""`) - Specifies an optional path to the CA
|
- `CAFile` / `ca_file` (`string: ""`) - Specifies an optional path to the CA
|
||||||
certificate used for Vault communication. If unspecified, this will fallback
|
certificate used for Vault communication. If unspecified, this will fallback
|
||||||
|
|
Loading…
Reference in New Issue