status-im/consul
2
0
Fork 0
mirror of https://github.com/status-im/consul.git synced 2025-01-22 11:40:06 +00:00
Code Issues Projects Releases Wiki Activity

applying most of blake's feedback - still have a question

Browse Source
This commit is contained in:
trujillo-adam 2021-10-20 08:12:07 -07:00
parent 12473899c7
commit e771d02c30
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
website/content/docs/enterprise/admin-partitions.mdx
View File

@ -16,7 +16,7 @@ This topic provides and overview of admin partitions, which are entities that de
## Introduction ## Introduction
Admin partitions exist a level above namespaces in the identity hierarchy and contain one or more namespaces. Admin partitions support multiple independent namespaces with the same name. As a result, admin partitions enable you to define administrative and communcation boundaries between services managed by separate teams or belonging to separate stakeholders. They can also segment production and non-production services within the Consul deployment. Admin partitions exist a level above namespaces in the identity hierarchy and contain one or more namespaces. Admin partitions allow multiple independent tenants to share a Consul server cluster. As a result, admin partitions enable you to define administrative and communication boundaries between services managed by separate teams or belonging to separate stakeholders. They can also segment production and non-production services within the Consul deployment.
### Default Admin Partition ### Default Admin Partition
@ -44,7 +44,7 @@ Only resources in the default admin partition will be replicated to secondary da
### DNS Queries ### DNS Queries
Client agents will be configured to operate within a specific admin partition. The DNS interface will only return results for a single admin partition. Client agents will be configured to operate within a specific admin partition. The DNS interface will only return results for the admin partition within the scope of the client.
### Service Mesh Configurations ### Service Mesh Configurations
@ -56,11 +56,15 @@ Values specified for [`proxy-defaults`](docs/connect/config-entries/proxy-defaul
Your Consul configuration must meet the following requirements to use admin partitions. Your Consul configuration must meet the following requirements to use admin partitions.
### Versions
* Consul 1.11.0 and newer
### Security Configurations ### Security Configurations
* The agent token used by the client agent will need to allow `node:write` in the admin partition. * The agent token used by the client agent will need to allow `node:write` in the admin partition.
* The `write` permission for `proxy-defaults` requires `mesh:write`. See [Admin Partition Rules](/docs/security/acl/acl-rules#admin-partition-rules) for additional information. * The `write` permission for `proxy-defaults` requires `mesh:write`. See [Admin Partition Rules](/docs/security/acl/acl-rules#admin-partition-rules) for additional information.
* The write permissions for ingress and terminating gateways must be `mesh:write`. * The `write` permissions for ingress and terminating gateways require `mesh:write` privileges.
* Wildcards (`*`) are not supported when creating intentions for admin partitions, but you can use a wildcard to specify services within a partition. * Wildcards (`*`) are not supported when creating intentions for admin partitions, but you can use a wildcard to specify services within a partition.
### Agent Configurations ### Agent Configurations
@ -128,7 +132,7 @@ kubectl create secret generic license --from-file=key=[license file path i.e. ./
enableConsulNamespaces: true enableConsulNamespaces: true
tls: tls:
enabled: true enabled: true
image: hashicorp/consul-enterprise:1.11.0-ent-alpha image: hashicorp/consul-enterprise:1.11.0-ent-beta1
adminPartitions: adminPartitions:
enabled: true enabled: true
server: server: