Update k8s ACL documentation

Clarifies that an ACL token only needs to be provided when ACLs are enabled within the Consul cluster.
2019-01-29 15:37:13 -08:00 · 2019-01-29 15:37:13 -08:00 · 0ec987d94f
parent a26002000c
commit 0ec987d94f
1 changed files with 6 additions and 6 deletions
--- a/website/source/docs/platform/k8s/service-sync.html.md
+++ b/website/source/docs/platform/k8s/service-sync.html.md
@ -67,17 +67,17 @@ sync to understand how the syncing works.
 The sync process must authenticate to both Kubernetes and Consul to read
 and write services.

-For Consul, the process accepts both the standard CLI flag `-token` and
-the environment variable `CONSUL_HTTP_TOKEN`. This should be set to an
-Consul [ACL token](/docs/guides/acl.html) if ACLs are enabled. This
-can also be configured using the Helm chart to read from a Kubernetes
-secret.
-
 For Kubernetes, a valid kubeconfig file must be provided with cluster
 and auth information. The sync process will look into the default locations
 for both in-cluster and out-of-cluster authentication. If `kubectl` works,
 then the sync program should work.

+For Consul, if ACLs are configured on the cluster, a Consul [ACL token](/docs/guides/acl.html)
+will need to be provided. The process accepts this token by using the
+`CONSUL_HTTP_TOKEN` environment variable. This token should be set as a
+[Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/#creating-your-own-secrets)
+and referenced in the Helm chart.
+
 ## Kubernetes to Consul

 This sync registers Kubernetes services to the Consul catalog automatically.