mirror of https://github.com/status-im/consul.git
Merge pull request #5302 from hashicorp/docs/k8s-acl
Update k8s ACL documentation
This commit is contained in:
commit
fc1d9e5d78
|
@ -67,17 +67,20 @@ sync to understand how the syncing works.
|
||||||
The sync process must authenticate to both Kubernetes and Consul to read
|
The sync process must authenticate to both Kubernetes and Consul to read
|
||||||
and write services.
|
and write services.
|
||||||
|
|
||||||
For Consul, the process accepts both the standard CLI flag `-token` and
|
|
||||||
the environment variable `CONSUL_HTTP_TOKEN`. This should be set to an
|
|
||||||
Consul [ACL token](/docs/guides/acl.html) if ACLs are enabled. This
|
|
||||||
can also be configured using the Helm chart to read from a Kubernetes
|
|
||||||
secret.
|
|
||||||
|
|
||||||
For Kubernetes, a valid kubeconfig file must be provided with cluster
|
For Kubernetes, a valid kubeconfig file must be provided with cluster
|
||||||
and auth information. The sync process will look into the default locations
|
and authentication information. The sync process will look into the default locations
|
||||||
for both in-cluster and out-of-cluster authentication. If `kubectl` works,
|
for both in-cluster and out-of-cluster authentication. If `kubectl` works,
|
||||||
then the sync program should work.
|
then the sync program should work.
|
||||||
|
|
||||||
|
For Consul, if ACLs are configured on the cluster, a Consul
|
||||||
|
[ACL token](https://learn.hashicorp.com/consul/advanced/day-1-operations/acl-guide)
|
||||||
|
will need to be provided. Review the [ACL rules](/docs/agent/acl-rules.html)
|
||||||
|
when creating this token so that it only allows the necessary privileges. The catalog
|
||||||
|
sync process accepts this token by using the [`CONSUL_HTTP_TOKEN`](docs/commands/index.html#consul_http_token)
|
||||||
|
environment variable. This token should be set as a
|
||||||
|
[Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/#creating-your-own-secrets)
|
||||||
|
and referenced in the Helm chart.
|
||||||
|
|
||||||
## Kubernetes to Consul
|
## Kubernetes to Consul
|
||||||
|
|
||||||
This sync registers Kubernetes services to the Consul catalog automatically.
|
This sync registers Kubernetes services to the Consul catalog automatically.
|
||||||
|
|
Loading…
Reference in New Issue