parent
5c958dc8bd
commit
4da99dc4a1
|
@ -134,6 +134,10 @@ Use these links to navigate to a particular top-level stanza.
|
|||
|
||||
- `vault` ((#v-global-secretsbackend-vault))
|
||||
|
||||
- `vaultNamespace` ((#v-global-secretsbackend-vault-vaultnamespace)) (`string: ""`) - Vault namespace (optional). This sets the Vault namespace for the `vault.hashicorp.com/namespace`
|
||||
agent annotation and [Vault Connect CA namespace](/consul/docs/connect/ca/vault#namespace).
|
||||
To override one of these values individually, see `agentAnnotations` and `connectCA.additionalConfig`.
|
||||
|
||||
- `enabled` ((#v-global-secretsbackend-vault-enabled)) (`boolean: false`) - Enabling the Vault secrets backend will replace Kubernetes secrets with referenced Vault secrets.
|
||||
|
||||
- `consulServerRole` ((#v-global-secretsbackend-vault-consulserverrole)) (`string: ""`) - The Vault role for the Consul server.
|
||||
|
@ -235,7 +239,6 @@ Use these links to navigate to a particular top-level stanza.
|
|||
{
|
||||
"connect": [{
|
||||
"ca_config": [{
|
||||
"namespace": "my-vault-ns",
|
||||
"leaf_cert_ttl": "36h"
|
||||
}]
|
||||
}]
|
||||
|
@ -420,7 +423,7 @@ Use these links to navigate to a particular top-level stanza.
|
|||
|
||||
- `secretKey` ((#v-global-acls-replicationtoken-secretkey)) (`string: null`) - The key within the Kubernetes or Vault secret that holds the replication token.
|
||||
|
||||
- `resources` ((#v-global-acls-resources)) (`map`) - The resource requests (CPU, memory, etc.) for the server-acl-init and server-acl-init-cleanup pods.
|
||||
- `resources` ((#v-global-acls-resources)) (`map`) - The resource requests (CPU, memory, etc.) for the server-acl-init and server-acl-init-cleanup pods.
|
||||
This should be a YAML map corresponding to a Kubernetes
|
||||
[`ResourceRequirements``](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core)
|
||||
object.
|
||||
|
@ -446,7 +449,7 @@ Use these links to navigate to a particular top-level stanza.
|
|||
|
||||
- `secretName` ((#v-global-acls-partitiontoken-secretname)) (`string: null`) - The name of the Vault secret that holds the partition token.
|
||||
|
||||
- `secretKey` ((#v-global-acls-partitiontoken-secretkey)) (`string: null`) - The key within the Vault secret that holds the partition token.
|
||||
- `secretKey` ((#v-global-acls-partitiontoken-secretkey)) (`string: null`) - The key within the Vault secret that holds the parition token.
|
||||
|
||||
- `tolerations` ((#v-global-acls-tolerations)) (`string: ""`) - tolerations configures the taints and tolerations for the server-acl-init
|
||||
and server-acl-init-cleanup jobs. This should be a multi-line string matching the
|
||||
|
@ -471,6 +474,14 @@ Use these links to navigate to a particular top-level stanza.
|
|||
"sample/annotation2": "bar"
|
||||
```
|
||||
|
||||
- `argocd` ((#v-global-argocd)) - If argocd.enabled is set to true, following annotations are added to
|
||||
job - server-acl-init-job
|
||||
annotations -
|
||||
argocd.argoproj.io/hook: Sync
|
||||
argocd.argoproj.io/hook-delete-policy: HookSucceeded
|
||||
|
||||
- `enabled` ((#v-global-argocd-enabled)) (`boolean: false`)
|
||||
|
||||
- `enterpriseLicense` ((#v-global-enterpriselicense)) - <EnterpriseAlert inline /> This value refers to a Kubernetes or Vault secret that you have created
|
||||
that contains your enterprise license. It is required if you are using an
|
||||
enterprise binary. Defining it here applies it to your cluster once a leader
|
||||
|
@ -490,7 +501,7 @@ Use these links to navigate to a particular top-level stanza.
|
|||
- `enabled` ((#v-global-federation-enabled)) (`boolean: false`) - If enabled, this datacenter will be federation-capable. Only federation
|
||||
via mesh gateways is supported.
|
||||
Mesh gateways and servers will be configured to allow federation.
|
||||
Requires `global.tls.enabled`, `connectInject.enabled`, and one of
|
||||
Requires `global.tls.enabled`, `connectInject.enabled`, and one of
|
||||
`meshGateway.enabled` or `externalServers.enabled` to be true.
|
||||
Requires Consul 1.8+.
|
||||
|
||||
|
@ -514,7 +525,7 @@ Use these links to navigate to a particular top-level stanza.
|
|||
from the one used by the Consul Service Mesh.
|
||||
Please refer to the [Kubernetes Auth Method documentation](/consul/docs/security/acl/auth-methods/kubernetes).
|
||||
|
||||
If `externalServers.enabled` is set to true, `global.federation.k8sAuthMethodHost` and
|
||||
If `externalServers.enabled` is set to true, `global.federation.k8sAuthMethodHost` and
|
||||
`externalServers.k8sAuthMethodHost` should be set to the same value.
|
||||
|
||||
You can retrieve this value from your `kubeconfig` by running:
|
||||
|
@ -1045,7 +1056,7 @@ Use these links to navigate to a particular top-level stanza.
|
|||
See https://en.wikipedia.org/wiki/Token_bucket for more about token
|
||||
buckets.
|
||||
|
||||
- `auditLogs` ((#v-server-auditlogs)) - <EnterpriseAlert inline /> Added in Consul 1.8, the audit object allow users to enable auditing
|
||||
- `auditLogs` ((#v-server-auditlogs)) - <EnterpriseAlert inline /> Added in Consul 1.8, the audit object allow users to enable auditing
|
||||
and configure a sink and filters for their audit logs. Please refer to
|
||||
[audit logs](/consul/docs/enterprise/audit-logging) documentation
|
||||
for further information.
|
||||
|
@ -1134,7 +1145,7 @@ Use these links to navigate to a particular top-level stanza.
|
|||
This address must be reachable from the Consul servers.
|
||||
Please refer to the [Kubernetes Auth Method documentation](/consul/docs/security/acl/auth-methods/kubernetes).
|
||||
|
||||
If `global.federation.enabled` is set to true, `global.federation.k8sAuthMethodHost` and
|
||||
If `global.federation.enabled` is set to true, `global.federation.k8sAuthMethodHost` and
|
||||
`externalServers.k8sAuthMethodHost` should be set to the same value.
|
||||
|
||||
You could retrieve this value from your `kubeconfig` by running:
|
||||
|
@ -1754,6 +1765,10 @@ Use these links to navigate to a particular top-level stanza.
|
|||
These CRDs can clash with existing Gateway API CRDs if they are already installed in your cluster.
|
||||
If this setting is false, you will need to install the Gateway API CRDs manually.
|
||||
|
||||
- `manageNonStandardCRDs` ((#v-connectinject-apigateway-managenonstandardcrds)) (`boolean: false`) - Enables Consul on Kubernets to manage only the non-standard CRDs used for Gateway API. If manageExternalCRDs is true
|
||||
then all CRDs will be installed; otherwise, if manageNonStandardCRDs is true then only TCPRoute, GatewayClassConfig and MeshService
|
||||
will be installed.
|
||||
|
||||
- `managedGatewayClass` ((#v-connectinject-apigateway-managedgatewayclass)) - Configuration settings for the GatewayClass installed by Consul on Kubernetes.
|
||||
|
||||
- `nodeSelector` ((#v-connectinject-apigateway-managedgatewayclass-nodeselector)) (`string: null`) - This value defines [`nodeSelector`](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector)
|
||||
|
@ -1784,6 +1799,8 @@ Use these links to navigate to a particular top-level stanza.
|
|||
- external-dns.alpha.kubernetes.io/hostname
|
||||
```
|
||||
|
||||
- `resources` ((#v-connectinject-apigateway-managedgatewayclass-resources)) (`map`) - The resource settings for Pods handling traffic for Gateway API.
|
||||
|
||||
- `deployment` ((#v-connectinject-apigateway-managedgatewayclass-deployment)) - This value defines the number of pods to deploy for each Gateway as well as a min and max number of pods for all Gateways
|
||||
|
||||
- `defaultInstances` ((#v-connectinject-apigateway-managedgatewayclass-deployment-defaultinstances)) (`integer: 1`)
|
||||
|
@ -1811,8 +1828,6 @@ Use these links to navigate to a particular top-level stanza.
|
|||
"sample/annotation2": "bar"
|
||||
```
|
||||
|
||||
- `resources` ((#v-connectinject-apigateway-resources)) (`map`) - The resource settings for Pods handling traffic for Gateway API.
|
||||
|
||||
- `cni` ((#v-connectinject-cni)) - Configures consul-cni plugin for Consul Service mesh services
|
||||
|
||||
- `enabled` ((#v-connectinject-cni-enabled)) (`boolean: false`) - If true, then all traffic redirection setup uses the consul-cni plugin.
|
||||
|
@ -1946,7 +1961,7 @@ Use these links to navigate to a particular top-level stanza.
|
|||
- `imageConsul` ((#v-connectinject-imageconsul)) (`string: null`) - The Docker image for Consul to use when performing Connect injection.
|
||||
Defaults to global.image.
|
||||
|
||||
- `logLevel` ((#v-connectinject-loglevel)) (`string: ""`) - Override global log verbosity level. One of "debug", "info", "warn", or "error".
|
||||
- `logLevel` ((#v-connectinject-loglevel)) (`string: ""`) - Sets the `logLevel` for the `consul-dataplane` sidecar and the `consul-connect-inject-init` container. When set, this value overrides the global log verbosity level. One of "debug", "info", "warn", or "error".
|
||||
|
||||
- `serviceAccount` ((#v-connectinject-serviceaccount))
|
||||
|
||||
|
@ -2447,8 +2462,9 @@ Use these links to navigate to a particular top-level stanza.
|
|||
|
||||
- `gateways` ((#v-ingressgateways-gateways)) (`array<map>`) - Gateways is a list of gateway objects. The only required field for
|
||||
each is `name`, though they can also contain any of the fields in
|
||||
`defaults`. Values defined here override the defaults except in the
|
||||
case of annotations where both will be applied.
|
||||
`defaults`. You must provide a unique name for each ingress gateway. These names
|
||||
must be unique across different namespaces.
|
||||
Values defined here override the defaults, except in the case of annotations where both will be applied.
|
||||
|
||||
- `name` ((#v-ingressgateways-gateways-name)) (`string: ingress-gateway`)
|
||||
|
||||
|
|
Loading…
Reference in New Issue