[docs] update CNI docs to indicate how the CNI plugin is installed (#14546)

* update CNI docs to indicate that the CNI plugin is installed through the helm chart
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
Co-authored-by: Paul Banks <banks@banksco.de>
This commit is contained in:
Kyle Schochenmaier 2022-09-09 12:28:15 -05:00 committed by GitHub
parent cf6c1d9388
commit 29772eac2a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -109,11 +109,15 @@ NAME: consul
### Enable the Consul CNI plugin
By default, Consul generates a `connect-inject init` container as part of the Kubernetes pod startup process when Consul is in [transparent proxy mode](/docs/connect/transparent-proxy). The container configures traffic redirection in the service mesh through the sidecar proxy. To configure redirection, the container requires elevated `CAP_NET_ADMIN` privileges, which may not be compatible with security policies in your organization.
By default, Consul injects a `connect-inject-init` init container as part of the Kubernetes pod startup process when Consul is in [transparent proxy mode](/docs/connect/transparent-proxy).
The container configures traffic redirection in the service mesh through the sidecar proxy.
To configure redirection, the container requires elevated `CAP_NET_ADMIN` privileges, which may not be compatible with security policies in your organization.
Instead, you can enable the Consul container network interface (CNI) plugin to perform traffic redirection. Because the plugin is executed by the Kubernetes kubelet, the plugin already has the elevated privileges necessary to configure the network.
Instead, you can enable the Consul container network interface (CNI) plugin to perform traffic redirection.
Because the plugin is executed by the local Kubernetes kubelet, the plugin already has the elevated privileges necessary to configure the network.
Add the following configuration to your `config.yaml` file to enable the Consul CNI plugin:
The Consul Helm Chart is responsible for installing the Consul CNI plugin.
To configure the plugin to be installed, add the following configuration to your `config.yaml` file:
<CodeTabs tabs={[ "Reference configuration","GKE configuration" ]}>