diff --git a/website/content/docs/enterprise/admin-partitions.mdx b/website/content/docs/enterprise/admin-partitions.mdx
index 69cff29b2..604e86cbf 100644
--- a/website/content/docs/enterprise/admin-partitions.mdx
+++ b/website/content/docs/enterprise/admin-partitions.mdx
@@ -117,31 +117,33 @@ Verify that your Consul deployment meets the [Kubernetes Requirements](#kubernet
1. Create a server configuration file to override the default Consul Helm chart settings:
+
```yaml
global:
enableConsulNamespaces: true
- tls:
- enabled: true
- image: hashicorp/consul-enterprise:1.11.0-ent-beta3
- adminPartitions:
- enabled: true
+ tls:
+ enabled: true
+ image: hashicorp/consul-enterprise:1.11.0-ent-beta3
+ adminPartitions:
+ enabled: true
+ enterpriseLicense:
+ secretName: consul-ent-license
+ secretKey: key
server:
exposeGossipAndRPCPorts: true
- enterpriseLicense:
- secretName: license
- secretKey: key
connectInject:
enabled: true
transparentProxy:
defaultEnabled: false
consulNamespaces:
- mirroringK8S: true
+ mirroringK8S: true
controller:
enabled: true
```
+
Note that the `transparentProxy` configuration is disabled. This is to enable multi-cluster networking.
@@ -154,15 +156,25 @@ Verify that your Consul deployment meets the [Kubernetes Requirements](#kubernet
```shell-session
kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
- kubernetes ClusterIP 10.96.0.1 443/TCP 3m
- servers-consul-connect-injector-svc ClusterIP 10.97.175.39 443/TCP 30s
- servers-consul-controller-webhook ClusterIP 10.100.22.99 443/TCP 30s
- servers-consul-dns ClusterIP 10.103.43.20 53/TCP,53/UDP 30s
- servers-consul-partition-service LoadBalancer 10.111.255.152 35.192.119.38 8501:30643/TCP,8301:30466/TCP,8300:30657/TCP 30s
- servers-consul-server ClusterIP None 8501/TCP,8301/TCP,8301/UDP,8302/TCP,8302/UDP,8300/TCP,8600/TCP,8600/UDP 30s
- servers-consul-ui ClusterIP 10.106.240.55 443/TCP 30s
+ kubernetes ClusterIP 10.8.0.1 443/TCP 77m
+ server-consul-connect-injector-svc ClusterIP 10.8.13.188 443/TCP 76s
+ server-consul-controller-webhook ClusterIP 10.8.14.178 443/TCP 77s
+ server-consul-dns ClusterIP 10.8.6.6 53/TCP,53/UDP 77s
+ server-consul-partition-service LoadBalancer 10.8.1.186 34.135.103.67 8501:31130/TCP,8301:31587/TCP,8300:30378/TCP 76s
+ server-consul-server ClusterIP None 8501/TCP,8301/TCP,8301/UDP,8302/TCP,8302/UDP,8300/TCP,8600/TCP,8600/UDP 76s
+ server-consul-ui ClusterIP 10.8.0.218 443/TCP 77s
+ ```
+1. Get the Kubernetes authentication method URL for the workload cluster:
-1. Create the workload configuration for client nodes in your cluster. Create a configuration for each admin partition. In the following example, the external IP address from the previous step has been applied:
+ ```shell-session
+ kubectl config view -o "jsonpath={.clusters[?(@.name=='')].cluster.server}"
+ ```
+ Use the IP address printed to the console to configure the `k8sAuthMethodHost` parameter in the workload configuration file for your client nodes.
+
+1. Create the workload configuration for client nodes in your cluster. Create a configuration for each admin partition. In the following example, the external IP address and the Kubernetes authentication method IP address from the previous steps have been applied:
+
+
+
```yaml
global:
@@ -171,7 +183,7 @@ Verify that your Consul deployment meets the [Kubernetes Requirements](#kubernet
image: hashicorp/consul-enterprise:1.11.0-ent-beta3
adminPartitions:
enabled: true
- name: "clients" // partition name
+ name: "clients"
tls:
enabled: true
caCert:
@@ -180,36 +192,40 @@ Verify that your Consul deployment meets the [Kubernetes Requirements](#kubernet
caKey:
secretName: consul-consul-ca-key
secretKey: tls.key
- server:
- enterpriseLicense:
- secretName: license
- secretKey: key
+ enterpriseLicense:
+ secretName: license
+ secretKey: key
externalServers:
enabled: true
- hosts: "35.192.119.38" # Insert External IP of LoadBalancer here
+ hosts: [ "34.135.103.67" ]
tlsServerName: server.dc1.consul
+ k8sAuthMethodHost: "104.154.156.146"
client:
enabled: true
exposeGossipPorts: true
- join: "35.192.119.38"
+ join: [ "34.135.103.67" ]
connectInject:
enabled: true
consulNamespaces:
- mirroringK8S: true
+ mirroringK8S: true
controller:
enabled: true
+ meshGateway:
+ enabled: true
```
+
+
1. Copy the server certificate to the workload cluster.
```shell-session
- kubectl get secret server-consul-ca-cert --context server -o yaml | kubectl apply --context client -f -
+ kubectl get secret server-consul-ca-cert --context -o yaml | kubectl apply --context -f -
```
1. Copy the server key to the workload cluster.
```shell-session
- kubectl get secret consul-consul-ca-key --context server -o yaml | kubectl apply --context client -f -
+ kubectl get secret server-consul-ca-key --context -o yaml | kubectl apply --context -f -
```
1. Start the workload client clusters: