mirror of https://github.com/status-im/consul.git
docs: admin partition docs improvements (#14774)
* docs: Update admin partitions versions and add requirement for unique `global.name` Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
This commit is contained in:
parent
7f8971d77f
commit
eb5713ccbc
|
@ -104,6 +104,7 @@ One of the primary use cases for admin partitions is for enabling a service mesh
|
||||||
|
|
||||||
- If you are deploying Consul servers on Kubernetes, then ensure that the Consul servers are deployed within the same Kubernetes cluster. Consul servers may be deployed external to Kubernetes and configured using the `externalServers` stanza.
|
- If you are deploying Consul servers on Kubernetes, then ensure that the Consul servers are deployed within the same Kubernetes cluster. Consul servers may be deployed external to Kubernetes and configured using the `externalServers` stanza.
|
||||||
- Consul clients deployed on the same Kubernetes cluster as the Consul Servers must use the `default` partition. If the clients are required to run on a non-default partition, then the clients must be deployed in a separate Kubernetes cluster.
|
- Consul clients deployed on the same Kubernetes cluster as the Consul Servers must use the `default` partition. If the clients are required to run on a non-default partition, then the clients must be deployed in a separate Kubernetes cluster.
|
||||||
|
- For Kubernetes clusters that join the Consul datacenter as admin partitions, ensure that a unique `global.name` value is assigned for the corresponding Helm `values.yaml` file.
|
||||||
- A Consul Enterprise license must be installed on each Kubernetes cluster.
|
- A Consul Enterprise license must be installed on each Kubernetes cluster.
|
||||||
- The helm chart for consul-k8s v0.39.0 or greater.
|
- The helm chart for consul-k8s v0.39.0 or greater.
|
||||||
- Consul 1.11.1-ent or greater.
|
- Consul 1.11.1-ent or greater.
|
||||||
|
@ -171,7 +172,7 @@ Verify that your Consul deployment meets the [Kubernetes Requirements](#kubernet
|
||||||
enableConsulNamespaces: true
|
enableConsulNamespaces: true
|
||||||
tls:
|
tls:
|
||||||
enabled: true
|
enabled: true
|
||||||
image: hashicorp/consul-enterprise:1.12.0-ent
|
image: hashicorp/consul-enterprise:1.13.2-ent
|
||||||
adminPartitions:
|
adminPartitions:
|
||||||
enabled: true
|
enabled: true
|
||||||
acls:
|
acls:
|
||||||
|
@ -203,7 +204,7 @@ Verify that your Consul deployment meets the [Kubernetes Requirements](#kubernet
|
||||||
1. Install the Consul server(s) using the values file created in the previous step:
|
1. Install the Consul server(s) using the values file created in the previous step:
|
||||||
|
|
||||||
```shell-session
|
```shell-session
|
||||||
$ helm install ${HELM_RELEASE_SERVER} hashicorp/consul --version "0.43.0" --create-namespace --namespace consul --values server.yaml
|
$ helm install ${HELM_RELEASE_SERVER} hashicorp/consul --version "0.49.0" --create-namespace --namespace consul --values server.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
1. After the server starts, get the external IP address for partition service so that it can be added to the client configuration. The IP address is used to bootstrap connectivity between servers and clients. <a name="get-external-ip-address"/>
|
1. After the server starts, get the external IP address for partition service so that it can be added to the client configuration. The IP address is used to bootstrap connectivity between servers and clients. <a name="get-external-ip-address"/>
|
||||||
|
@ -248,7 +249,7 @@ Verify that your Consul deployment meets the [Kubernetes Requirements](#kubernet
|
||||||
```
|
```
|
||||||
|
|
||||||
1. Create the workload configuration for client nodes in your cluster. Create a configuration for each admin partition.
|
1. Create the workload configuration for client nodes in your cluster. Create a configuration for each admin partition.
|
||||||
In the following example, the external IP address and the Kubernetes authentication method IP address from the previous steps have been applied. Also, ensure a unique global name is assigned.
|
In the following example, the external IP address and the Kubernetes authentication method IP address from the previous steps have been applied. Also, ensure a unique `global.name` value is assigned.
|
||||||
|
|
||||||
<CodeTabs heading="client.yaml">
|
<CodeTabs heading="client.yaml">
|
||||||
|
|
||||||
|
@ -259,7 +260,7 @@ Verify that your Consul deployment meets the [Kubernetes Requirements](#kubernet
|
||||||
name: client
|
name: client
|
||||||
enabled: false
|
enabled: false
|
||||||
enableConsulNamespaces: true
|
enableConsulNamespaces: true
|
||||||
image: hashicorp/consul-enterprise:1.12.0-ent
|
image: hashicorp/consul-enterprise:1.13.2-ent
|
||||||
adminPartitions:
|
adminPartitions:
|
||||||
enabled: true
|
enabled: true
|
||||||
name: clients
|
name: clients
|
||||||
|
@ -308,7 +309,7 @@ Verify that your Consul deployment meets the [Kubernetes Requirements](#kubernet
|
||||||
1. Install the workload client clusters:
|
1. Install the workload client clusters:
|
||||||
|
|
||||||
```shell-session
|
```shell-session
|
||||||
$ helm install ${HELM_RELEASE_CLIENT} hashicorp/consul --version "0.43.0" --create-namespace --namespace consul --values client.yaml
|
$ helm install ${HELM_RELEASE_CLIENT} hashicorp/consul --version "0.49.0" --create-namespace --namespace consul --values client.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
### Verifying the Deployment
|
### Verifying the Deployment
|
||||||
|
|
|
@ -70,7 +70,7 @@ To find out the service account name of the Consul server-acl-init job (i.e. the
|
||||||
you can run the following `helm template` command with your Consul on Kubernetes values file:
|
you can run the following `helm template` command with your Consul on Kubernetes values file:
|
||||||
|
|
||||||
```shell-session
|
```shell-session
|
||||||
$ helm template --release-name ${RELEASE_NAME} -s templates/server-acl-init-serviceaccount.yaml hashicorp/consul
|
$ helm template --release-name ${RELEASE_NAME} -s templates/server-acl-init-serviceaccount.yaml hashicorp/consul -f values.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
## Update Consul on Kubernetes Helm chart
|
## Update Consul on Kubernetes Helm chart
|
||||||
|
|
|
@ -51,7 +51,7 @@ To find out the service account name of the Consul server,
|
||||||
you can run:
|
you can run:
|
||||||
|
|
||||||
```shell-session
|
```shell-session
|
||||||
$ helm template --release-name ${RELEASE_NAME} --show-only templates/server-serviceaccount.yaml hashicorp/consul
|
$ helm template --release-name ${RELEASE_NAME} --show-only templates/server-serviceaccount.yaml hashicorp/consul -f values.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
## Update Consul on Kubernetes Helm chart
|
## Update Consul on Kubernetes Helm chart
|
||||||
|
|
|
@ -79,12 +79,12 @@ you can run the following `helm template` commands with your Consul on Kubernete
|
||||||
|
|
||||||
- Generate Consul server service account name
|
- Generate Consul server service account name
|
||||||
```shell-session
|
```shell-session
|
||||||
$ helm template --release-name ${RELEASE_NAME} -s templates/server-serviceaccount.yaml hashicorp/consul
|
$ helm template --release-name ${RELEASE_NAME} -s templates/server-serviceaccount.yaml hashicorp/consul -f values.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
- Generate Consul client service account name
|
- Generate Consul client service account name
|
||||||
```shell-session
|
```shell-session
|
||||||
$ helm template --release-name ${RELEASE_NAME} -s templates/client-serviceaccount.yaml hashicorp/consul
|
$ helm template --release-name ${RELEASE_NAME} -s templates/client-serviceaccount.yaml hashicorp/consul -f values.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
## Update Consul on Kubernetes Helm chart.
|
## Update Consul on Kubernetes Helm chart.
|
||||||
|
|
|
@ -78,12 +78,12 @@ you can run the following `helm template` commands with your Consul on Kubernete
|
||||||
|
|
||||||
- Generate Consul server service account name
|
- Generate Consul server service account name
|
||||||
```shell-session
|
```shell-session
|
||||||
$ helm template --release-name ${RELEASE_NAME} -s templates/server-serviceaccount.yaml hashicorp/consul
|
$ helm template --release-name ${RELEASE_NAME} -s templates/server-serviceaccount.yaml hashicorp/consul -f values.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
- Generate Consul client service account name
|
- Generate Consul client service account name
|
||||||
```shell-session
|
```shell-session
|
||||||
$ helm template --release-name ${RELEASE_NAME} -s templates/client-serviceaccount.yaml hashicorp/consul
|
$ helm template --release-name ${RELEASE_NAME} -s templates/client-serviceaccount.yaml hashicorp/consul -f values.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
## Update Consul on Kubernetes Helm chart
|
## Update Consul on Kubernetes Helm chart
|
||||||
|
|
|
@ -71,7 +71,7 @@ To find out the service account name of the `partition-init` job,
|
||||||
you can run the following `helm template` command with your Consul on Kubernetes values file:
|
you can run the following `helm template` command with your Consul on Kubernetes values file:
|
||||||
|
|
||||||
```shell-session
|
```shell-session
|
||||||
$ helm template --release-name ${RELEASE_NAME} -s templates/partition-init-serviceaccount.yaml hashicorp/consul
|
$ helm template --release-name ${RELEASE_NAME} -s templates/partition-init-serviceaccount.yaml hashicorp/consul -f values.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
## Update Consul on Kubernetes Helm chart
|
## Update Consul on Kubernetes Helm chart
|
||||||
|
|
|
@ -138,7 +138,7 @@ this is required for the Consul components to communicate with the Consul server
|
||||||
you can run:
|
you can run:
|
||||||
|
|
||||||
```shell-session
|
```shell-session
|
||||||
$ helm template --release-name ${RELEASE_NAME} --show-only templates/server-serviceaccount.yaml hashicorp/consul
|
$ helm template --release-name ${RELEASE_NAME} --show-only templates/server-serviceaccount.yaml hashicorp/consul -f values.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
Role for Consul clients:
|
Role for Consul clients:
|
||||||
|
@ -153,7 +153,7 @@ this is required for the Consul components to communicate with the Consul server
|
||||||
|
|
||||||
To find out the service account name of the Consul client, use the command below.
|
To find out the service account name of the Consul client, use the command below.
|
||||||
```shell-session
|
```shell-session
|
||||||
$ helm template --release-name ${RELEASE_NAME} --show-only templates/client-serviceaccount.yaml hashicorp/consul
|
$ helm template --release-name ${RELEASE_NAME} --show-only templates/client-serviceaccount.yaml hashicorp/consul -f values.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
Role for CA components:
|
Role for CA components:
|
||||||
|
|
|
@ -70,7 +70,7 @@ To find out the service account name of the Consul snapshot agent,
|
||||||
you can run the following `helm template` command with your Consul on Kubernetes values file:
|
you can run the following `helm template` command with your Consul on Kubernetes values file:
|
||||||
|
|
||||||
```shell-session
|
```shell-session
|
||||||
$ helm template --release-name ${RELEASE_NAME} -s templates/client-snapshot-agent-serviceaccount.yaml hashicorp/consul
|
$ helm template --release-name ${RELEASE_NAME} -s templates/client-snapshot-agent-serviceaccount.yaml hashicorp/consul -f values.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
## Update Consul on Kubernetes Helm chart
|
## Update Consul on Kubernetes Helm chart
|
||||||
|
|
|
@ -169,7 +169,7 @@ this is required for the Consul components to communicate with the Consul server
|
||||||
you can run:
|
you can run:
|
||||||
|
|
||||||
```shell-session
|
```shell-session
|
||||||
$ helm template --release-name ${RELEASE_NAME} --show-only templates/controller-serviceaccount.yaml hashicorp/consul
|
$ helm template --release-name ${RELEASE_NAME} --show-only templates/controller-serviceaccount.yaml hashicorp/consul -f values.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
Role for Consul connect inject webhooks:
|
Role for Consul connect inject webhooks:
|
||||||
|
@ -184,7 +184,7 @@ this is required for the Consul components to communicate with the Consul server
|
||||||
|
|
||||||
To find out the service account name of the Consul connect inject, use the command below.
|
To find out the service account name of the Consul connect inject, use the command below.
|
||||||
```shell-session
|
```shell-session
|
||||||
$ helm template --release-name ${RELEASE_NAME} --show-only templates/connect-inject-serviceaccount.yaml hashicorp/consul
|
$ helm template --release-name ${RELEASE_NAME} --show-only templates/connect-inject-serviceaccount.yaml hashicorp/consul -f values.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
## Update Consul on Kubernetes Helm chart
|
## Update Consul on Kubernetes Helm chart
|
||||||
|
|
Loading…
Reference in New Issue