docs: admin partition docs improvements (#14774)

* docs: Update admin partitions versions and add requirement for unique `global.name`

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
This commit is contained in:
David Yu 2022-09-30 09:13:44 -07:00 committed by GitHub
parent 7f8971d77f
commit eb5713ccbc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 18 additions and 17 deletions

View File

@ -104,6 +104,7 @@ One of the primary use cases for admin partitions is for enabling a service mesh
- If you are deploying Consul servers on Kubernetes, then ensure that the Consul servers are deployed within the same Kubernetes cluster. Consul servers may be deployed external to Kubernetes and configured using the `externalServers` stanza. - If you are deploying Consul servers on Kubernetes, then ensure that the Consul servers are deployed within the same Kubernetes cluster. Consul servers may be deployed external to Kubernetes and configured using the `externalServers` stanza.
- Consul clients deployed on the same Kubernetes cluster as the Consul Servers must use the `default` partition. If the clients are required to run on a non-default partition, then the clients must be deployed in a separate Kubernetes cluster. - Consul clients deployed on the same Kubernetes cluster as the Consul Servers must use the `default` partition. If the clients are required to run on a non-default partition, then the clients must be deployed in a separate Kubernetes cluster.
- For Kubernetes clusters that join the Consul datacenter as admin partitions, ensure that a unique `global.name` value is assigned for the corresponding Helm `values.yaml` file.
- A Consul Enterprise license must be installed on each Kubernetes cluster. - A Consul Enterprise license must be installed on each Kubernetes cluster.
- The helm chart for consul-k8s v0.39.0 or greater. - The helm chart for consul-k8s v0.39.0 or greater.
- Consul 1.11.1-ent or greater. - Consul 1.11.1-ent or greater.
@ -171,7 +172,7 @@ Verify that your Consul deployment meets the [Kubernetes Requirements](#kubernet
enableConsulNamespaces: true enableConsulNamespaces: true
tls: tls:
enabled: true enabled: true
image: hashicorp/consul-enterprise:1.12.0-ent image: hashicorp/consul-enterprise:1.13.2-ent
adminPartitions: adminPartitions:
enabled: true enabled: true
acls: acls:
@ -203,7 +204,7 @@ Verify that your Consul deployment meets the [Kubernetes Requirements](#kubernet
1. Install the Consul server(s) using the values file created in the previous step: 1. Install the Consul server(s) using the values file created in the previous step:
```shell-session ```shell-session
$ helm install ${HELM_RELEASE_SERVER} hashicorp/consul --version "0.43.0" --create-namespace --namespace consul --values server.yaml $ helm install ${HELM_RELEASE_SERVER} hashicorp/consul --version "0.49.0" --create-namespace --namespace consul --values server.yaml
``` ```
1. After the server starts, get the external IP address for partition service so that it can be added to the client configuration. The IP address is used to bootstrap connectivity between servers and clients. <a name="get-external-ip-address"/> 1. After the server starts, get the external IP address for partition service so that it can be added to the client configuration. The IP address is used to bootstrap connectivity between servers and clients. <a name="get-external-ip-address"/>
@ -248,7 +249,7 @@ Verify that your Consul deployment meets the [Kubernetes Requirements](#kubernet
``` ```
1. Create the workload configuration for client nodes in your cluster. Create a configuration for each admin partition. 1. Create the workload configuration for client nodes in your cluster. Create a configuration for each admin partition.
In the following example, the external IP address and the Kubernetes authentication method IP address from the previous steps have been applied. Also, ensure a unique global name is assigned. In the following example, the external IP address and the Kubernetes authentication method IP address from the previous steps have been applied. Also, ensure a unique `global.name` value is assigned.
<CodeTabs heading="client.yaml"> <CodeTabs heading="client.yaml">
@ -259,7 +260,7 @@ Verify that your Consul deployment meets the [Kubernetes Requirements](#kubernet
name: client name: client
enabled: false enabled: false
enableConsulNamespaces: true enableConsulNamespaces: true
image: hashicorp/consul-enterprise:1.12.0-ent image: hashicorp/consul-enterprise:1.13.2-ent
adminPartitions: adminPartitions:
enabled: true enabled: true
name: clients name: clients
@ -308,7 +309,7 @@ Verify that your Consul deployment meets the [Kubernetes Requirements](#kubernet
1. Install the workload client clusters: 1. Install the workload client clusters:
```shell-session ```shell-session
$ helm install ${HELM_RELEASE_CLIENT} hashicorp/consul --version "0.43.0" --create-namespace --namespace consul --values client.yaml $ helm install ${HELM_RELEASE_CLIENT} hashicorp/consul --version "0.49.0" --create-namespace --namespace consul --values client.yaml
``` ```
### Verifying the Deployment ### Verifying the Deployment

View File

@ -70,7 +70,7 @@ To find out the service account name of the Consul server-acl-init job (i.e. the
you can run the following `helm template` command with your Consul on Kubernetes values file: you can run the following `helm template` command with your Consul on Kubernetes values file:
```shell-session ```shell-session
$ helm template --release-name ${RELEASE_NAME} -s templates/server-acl-init-serviceaccount.yaml hashicorp/consul $ helm template --release-name ${RELEASE_NAME} -s templates/server-acl-init-serviceaccount.yaml hashicorp/consul -f values.yaml
``` ```
## Update Consul on Kubernetes Helm chart ## Update Consul on Kubernetes Helm chart

View File

@ -51,7 +51,7 @@ To find out the service account name of the Consul server,
you can run: you can run:
```shell-session ```shell-session
$ helm template --release-name ${RELEASE_NAME} --show-only templates/server-serviceaccount.yaml hashicorp/consul $ helm template --release-name ${RELEASE_NAME} --show-only templates/server-serviceaccount.yaml hashicorp/consul -f values.yaml
``` ```
## Update Consul on Kubernetes Helm chart ## Update Consul on Kubernetes Helm chart

View File

@ -79,12 +79,12 @@ you can run the following `helm template` commands with your Consul on Kubernete
- Generate Consul server service account name - Generate Consul server service account name
```shell-session ```shell-session
$ helm template --release-name ${RELEASE_NAME} -s templates/server-serviceaccount.yaml hashicorp/consul $ helm template --release-name ${RELEASE_NAME} -s templates/server-serviceaccount.yaml hashicorp/consul -f values.yaml
``` ```
- Generate Consul client service account name - Generate Consul client service account name
```shell-session ```shell-session
$ helm template --release-name ${RELEASE_NAME} -s templates/client-serviceaccount.yaml hashicorp/consul $ helm template --release-name ${RELEASE_NAME} -s templates/client-serviceaccount.yaml hashicorp/consul -f values.yaml
``` ```
## Update Consul on Kubernetes Helm chart. ## Update Consul on Kubernetes Helm chart.

View File

@ -78,12 +78,12 @@ you can run the following `helm template` commands with your Consul on Kubernete
- Generate Consul server service account name - Generate Consul server service account name
```shell-session ```shell-session
$ helm template --release-name ${RELEASE_NAME} -s templates/server-serviceaccount.yaml hashicorp/consul $ helm template --release-name ${RELEASE_NAME} -s templates/server-serviceaccount.yaml hashicorp/consul -f values.yaml
``` ```
- Generate Consul client service account name - Generate Consul client service account name
```shell-session ```shell-session
$ helm template --release-name ${RELEASE_NAME} -s templates/client-serviceaccount.yaml hashicorp/consul $ helm template --release-name ${RELEASE_NAME} -s templates/client-serviceaccount.yaml hashicorp/consul -f values.yaml
``` ```
## Update Consul on Kubernetes Helm chart ## Update Consul on Kubernetes Helm chart

View File

@ -71,7 +71,7 @@ To find out the service account name of the `partition-init` job,
you can run the following `helm template` command with your Consul on Kubernetes values file: you can run the following `helm template` command with your Consul on Kubernetes values file:
```shell-session ```shell-session
$ helm template --release-name ${RELEASE_NAME} -s templates/partition-init-serviceaccount.yaml hashicorp/consul $ helm template --release-name ${RELEASE_NAME} -s templates/partition-init-serviceaccount.yaml hashicorp/consul -f values.yaml
``` ```
## Update Consul on Kubernetes Helm chart ## Update Consul on Kubernetes Helm chart

View File

@ -138,7 +138,7 @@ this is required for the Consul components to communicate with the Consul server
you can run: you can run:
```shell-session ```shell-session
$ helm template --release-name ${RELEASE_NAME} --show-only templates/server-serviceaccount.yaml hashicorp/consul $ helm template --release-name ${RELEASE_NAME} --show-only templates/server-serviceaccount.yaml hashicorp/consul -f values.yaml
``` ```
Role for Consul clients: Role for Consul clients:
@ -153,7 +153,7 @@ this is required for the Consul components to communicate with the Consul server
To find out the service account name of the Consul client, use the command below. To find out the service account name of the Consul client, use the command below.
```shell-session ```shell-session
$ helm template --release-name ${RELEASE_NAME} --show-only templates/client-serviceaccount.yaml hashicorp/consul $ helm template --release-name ${RELEASE_NAME} --show-only templates/client-serviceaccount.yaml hashicorp/consul -f values.yaml
``` ```
Role for CA components: Role for CA components:

View File

@ -70,7 +70,7 @@ To find out the service account name of the Consul snapshot agent,
you can run the following `helm template` command with your Consul on Kubernetes values file: you can run the following `helm template` command with your Consul on Kubernetes values file:
```shell-session ```shell-session
$ helm template --release-name ${RELEASE_NAME} -s templates/client-snapshot-agent-serviceaccount.yaml hashicorp/consul $ helm template --release-name ${RELEASE_NAME} -s templates/client-snapshot-agent-serviceaccount.yaml hashicorp/consul -f values.yaml
``` ```
## Update Consul on Kubernetes Helm chart ## Update Consul on Kubernetes Helm chart

View File

@ -169,7 +169,7 @@ this is required for the Consul components to communicate with the Consul server
you can run: you can run:
```shell-session ```shell-session
$ helm template --release-name ${RELEASE_NAME} --show-only templates/controller-serviceaccount.yaml hashicorp/consul $ helm template --release-name ${RELEASE_NAME} --show-only templates/controller-serviceaccount.yaml hashicorp/consul -f values.yaml
``` ```
Role for Consul connect inject webhooks: Role for Consul connect inject webhooks:
@ -184,7 +184,7 @@ this is required for the Consul components to communicate with the Consul server
To find out the service account name of the Consul connect inject, use the command below. To find out the service account name of the Consul connect inject, use the command below.
```shell-session ```shell-session
$ helm template --release-name ${RELEASE_NAME} --show-only templates/connect-inject-serviceaccount.yaml hashicorp/consul $ helm template --release-name ${RELEASE_NAME} --show-only templates/connect-inject-serviceaccount.yaml hashicorp/consul -f values.yaml
``` ```
## Update Consul on Kubernetes Helm chart ## Update Consul on Kubernetes Helm chart