update helm docs for sync catalog and vault (#14733)

This commit is contained in:
Kyle Schochenmaier 2022-09-23 12:16:05 -05:00 committed by GitHub
parent b5bdacd972
commit fc16f7ab6a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 32 additions and 26 deletions

View File

@ -361,7 +361,7 @@ Use these links to navigate to a particular top-level stanza.
See https://www.consul.io/docs/agent/config/cli-flags#_recursor for more details.
If this is an empty array (the default), then Consul DNS will only resolve queries for the Consul top level domain (by default `.consul`).
- `tls` ((#v-global-tls)) - Enables TLS (https://learn.hashicorp.com/tutorials/consul/tls-encryption-secure?utm_source=docs)
- `tls` ((#v-global-tls)) - Enables TLS (https://learn.hashicorp.com/tutorials/consul/tls-encryption-secure)
across the cluster to verify authenticity of the Consul servers and clients.
Requires Consul v1.4.1+.
@ -516,7 +516,7 @@ Use these links to navigate to a particular top-level stanza.
This address must be reachable from the Consul servers in the primary datacenter.
This auth method will be used to provision ACL tokens for Consul components and is different
from the one used by the Consul Service Mesh.
Please see the [Kubernetes Auth Method documentation](/docs/security/acl/auth-methods/kubernetes).
Please see the [Kubernetes Auth Method documentation](https://consul.io/docs/acl/auth-methods/kubernetes).
You can retrieve this value from your `kubeconfig` by running:
@ -527,7 +527,7 @@ Use these links to navigate to a particular top-level stanza.
- `metrics` ((#v-global-metrics)) - Configures metrics for Consul service mesh
- `enabled` ((#v-global-metrics-enabled)) (`boolean: false`) - Configures the Helm chart's components
- `enabled` ((#v-global-metrics-enabled)) (`boolean: false`) - Configures the Helm charts components
to expose Prometheus metrics for the Consul service mesh. By default
this includes gateway metrics and sidecar metrics.
@ -621,7 +621,8 @@ Use these links to navigate to a particular top-level stanza.
Vault Secrets backend:
If you are using Vault as a secrets backend, a Vault Policy must be created which allows `["create", "update"]`
capabilities on the PKI issuing endpoint, which is usually of the form `pki/issue/consul-server`.
Please refer the [Consul and Vault tutorial](https://learn.hashicorp.com/tutorials/consul/vault-pki-consul-secure-tls?utm_source=docs) for steps to generate a compatible certificate.
Please see the following guide for steps to generate a compatible certificate:
https://learn.hashicorp.com/tutorials/consul/vault-pki-consul-secure-tls
Note: when using TLS, both the `server.serverCert` and `global.tls.caCert` which points to the CA endpoint of this PKI engine
must be provided.
@ -655,13 +656,18 @@ Use these links to navigate to a particular top-level stanza.
- `storageClass` ((#v-server-storageclass)) (`string: null`) - The StorageClass to use for the servers' StatefulSet storage. It must be
able to be dynamically provisioned if you want the storage
to be automatically created. For example, to use local
(https://kubernetes.io/docs/concepts/storage/storage-classes/#local)
to be automatically created. For example, to use
local(https://kubernetes.io/docs/concepts/storage/storage-classes/#local)
storage classes, the PersistentVolumeClaims would need to be manually created.
A `null` value will use the Kubernetes cluster's default StorageClass. If a default
StorageClass does not exist, you will need to create one.
See https://www.consul.io/docs/install/performance#read-write-tuning for considerations around choosing a
performant storage class.
Refer to the [Read/Write Tuning](https://www.consul.io/docs/install/performance#read-write-tuning)
section of the Server Performance Requirements documentation for considerations
around choosing a performant storage class.
~> **Note:** The [Reference Architecture](https://learn.hashicorp.com/tutorials/consul/reference-architecture#hardware-sizing-for-consul-servers)
contains best practices and recommendations for selecting suitable
hardware sizes for your Consul servers.
- `connect` ((#v-server-connect)) (`boolean: true`) - This will enable/disable Connect (https://consul.io/docs/connect). Setting this to true
_will not_ automatically secure pod communication, this
@ -1473,11 +1479,11 @@ Use these links to navigate to a particular top-level stanza.
- `aclSyncToken` ((#v-synccatalog-aclsynctoken)) - Refers to a Kubernetes secret that you have created that contains
an ACL token for your Consul cluster which allows the sync process the correct
permissions. This is only needed if ACLs are enabled on the Consul cluster.
permissions. This is only needed if ACLs are managed manually within the Consul cluster.
- `secretName` ((#v-synccatalog-aclsynctoken-secretname)) (`string: null`) - The name of the Vault secret that holds the acl sync token.
- `secretName` ((#v-synccatalog-aclsynctoken-secretname)) (`string: null`) - The name of the Kubernetes secret that holds the acl sync token.
- `secretKey` ((#v-synccatalog-aclsynctoken-secretkey)) (`string: null`) - The key within the Vault secret that holds the acl sync.
- `secretKey` ((#v-synccatalog-aclsynctoken-secretkey)) (`string: null`) - The key within the Kubernetes secret that holds the acl sync token.
- `nodeSelector` ((#v-synccatalog-nodeselector)) (`string: null`) - This value defines `nodeSelector` (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector)
labels for catalog sync pod assignment, formatted as a multi-line string.