update helm docs for sync catalog and vault (#14733)
This commit is contained in:
parent
d0903c581d
commit
3eb708e964
|
@ -361,7 +361,7 @@ Use these links to navigate to a particular top-level stanza.
|
|||
See https://www.consul.io/docs/agent/config/cli-flags#_recursor for more details.
|
||||
If this is an empty array (the default), then Consul DNS will only resolve queries for the Consul top level domain (by default `.consul`).
|
||||
|
||||
- `tls` ((#v-global-tls)) - Enables TLS (https://learn.hashicorp.com/tutorials/consul/tls-encryption-secure?utm_source=docs)
|
||||
- `tls` ((#v-global-tls)) - Enables TLS (https://learn.hashicorp.com/tutorials/consul/tls-encryption-secure)
|
||||
across the cluster to verify authenticity of the Consul servers and clients.
|
||||
Requires Consul v1.4.1+.
|
||||
|
||||
|
@ -516,7 +516,7 @@ Use these links to navigate to a particular top-level stanza.
|
|||
This address must be reachable from the Consul servers in the primary datacenter.
|
||||
This auth method will be used to provision ACL tokens for Consul components and is different
|
||||
from the one used by the Consul Service Mesh.
|
||||
Please see the [Kubernetes Auth Method documentation](/docs/security/acl/auth-methods/kubernetes).
|
||||
Please see the [Kubernetes Auth Method documentation](https://consul.io/docs/acl/auth-methods/kubernetes).
|
||||
|
||||
You can retrieve this value from your `kubeconfig` by running:
|
||||
|
||||
|
@ -527,7 +527,7 @@ Use these links to navigate to a particular top-level stanza.
|
|||
|
||||
- `metrics` ((#v-global-metrics)) - Configures metrics for Consul service mesh
|
||||
|
||||
- `enabled` ((#v-global-metrics-enabled)) (`boolean: false`) - Configures the Helm chart's components
|
||||
- `enabled` ((#v-global-metrics-enabled)) (`boolean: false`) - Configures the Helm chart’s components
|
||||
to expose Prometheus metrics for the Consul service mesh. By default
|
||||
this includes gateway metrics and sidecar metrics.
|
||||
|
||||
|
@ -621,7 +621,8 @@ Use these links to navigate to a particular top-level stanza.
|
|||
Vault Secrets backend:
|
||||
If you are using Vault as a secrets backend, a Vault Policy must be created which allows `["create", "update"]`
|
||||
capabilities on the PKI issuing endpoint, which is usually of the form `pki/issue/consul-server`.
|
||||
Please refer the [Consul and Vault tutorial](https://learn.hashicorp.com/tutorials/consul/vault-pki-consul-secure-tls?utm_source=docs) for steps to generate a compatible certificate.
|
||||
Please see the following guide for steps to generate a compatible certificate:
|
||||
https://learn.hashicorp.com/tutorials/consul/vault-pki-consul-secure-tls
|
||||
Note: when using TLS, both the `server.serverCert` and `global.tls.caCert` which points to the CA endpoint of this PKI engine
|
||||
must be provided.
|
||||
|
||||
|
@ -655,13 +656,18 @@ Use these links to navigate to a particular top-level stanza.
|
|||
|
||||
- `storageClass` ((#v-server-storageclass)) (`string: null`) - The StorageClass to use for the servers' StatefulSet storage. It must be
|
||||
able to be dynamically provisioned if you want the storage
|
||||
to be automatically created. For example, to use local
|
||||
(https://kubernetes.io/docs/concepts/storage/storage-classes/#local)
|
||||
to be automatically created. For example, to use
|
||||
local(https://kubernetes.io/docs/concepts/storage/storage-classes/#local)
|
||||
storage classes, the PersistentVolumeClaims would need to be manually created.
|
||||
A `null` value will use the Kubernetes cluster's default StorageClass. If a default
|
||||
StorageClass does not exist, you will need to create one.
|
||||
See https://www.consul.io/docs/install/performance#read-write-tuning for considerations around choosing a
|
||||
performant storage class.
|
||||
Refer to the [Read/Write Tuning](https://www.consul.io/docs/install/performance#read-write-tuning)
|
||||
section of the Server Performance Requirements documentation for considerations
|
||||
around choosing a performant storage class.
|
||||
|
||||
~> **Note:** The [Reference Architecture](https://learn.hashicorp.com/tutorials/consul/reference-architecture#hardware-sizing-for-consul-servers)
|
||||
contains best practices and recommendations for selecting suitable
|
||||
hardware sizes for your Consul servers.
|
||||
|
||||
- `connect` ((#v-server-connect)) (`boolean: true`) - This will enable/disable Connect (https://consul.io/docs/connect). Setting this to true
|
||||
_will not_ automatically secure pod communication, this
|
||||
|
@ -1473,11 +1479,11 @@ Use these links to navigate to a particular top-level stanza.
|
|||
|
||||
- `aclSyncToken` ((#v-synccatalog-aclsynctoken)) - Refers to a Kubernetes secret that you have created that contains
|
||||
an ACL token for your Consul cluster which allows the sync process the correct
|
||||
permissions. This is only needed if ACLs are enabled on the Consul cluster.
|
||||
permissions. This is only needed if ACLs are managed manually within the Consul cluster.
|
||||
|
||||
- `secretName` ((#v-synccatalog-aclsynctoken-secretname)) (`string: null`) - The name of the Vault secret that holds the acl sync token.
|
||||
- `secretName` ((#v-synccatalog-aclsynctoken-secretname)) (`string: null`) - The name of the Kubernetes secret that holds the acl sync token.
|
||||
|
||||
- `secretKey` ((#v-synccatalog-aclsynctoken-secretkey)) (`string: null`) - The key within the Vault secret that holds the acl sync.
|
||||
- `secretKey` ((#v-synccatalog-aclsynctoken-secretkey)) (`string: null`) - The key within the Kubernetes secret that holds the acl sync token.
|
||||
|
||||
- `nodeSelector` ((#v-synccatalog-nodeselector)) (`string: null`) - This value defines `nodeSelector` (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector)
|
||||
labels for catalog sync pod assignment, formatted as a multi-line string.
|
||||
|
|
Loading…
Reference in New Issue