Update Helm docs for consul-k8s 1.2.1 (#18450)
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
This commit is contained in:
parent
247fdc1f3d
commit
6512ef175a
|
@ -288,6 +288,8 @@ Use these links to navigate to a particular top-level stanza.
|
||||||
- `secretKey` ((#v-global-gossipencryption-secretkey)) (`string: ""`) - The key within the Kubernetes secret or Vault secret key that holds the gossip
|
- `secretKey` ((#v-global-gossipencryption-secretkey)) (`string: ""`) - The key within the Kubernetes secret or Vault secret key that holds the gossip
|
||||||
encryption key.
|
encryption key.
|
||||||
|
|
||||||
|
- `logLevel` ((#v-global-gossipencryption-loglevel)) (`string: ""`) - Override global log verbosity level for `gossip-encryption-autogenerate-job` pods. One of "trace", "debug", "info", "warn", or "error".
|
||||||
|
|
||||||
- `recursors` ((#v-global-recursors)) (`array<string>: []`) - A list of addresses of upstream DNS servers that are used to recursively resolve DNS queries.
|
- `recursors` ((#v-global-recursors)) (`array<string>: []`) - A list of addresses of upstream DNS servers that are used to recursively resolve DNS queries.
|
||||||
These values are given as `-recursor` flags to Consul servers and clients.
|
These values are given as `-recursor` flags to Consul servers and clients.
|
||||||
Refer to [`-recursor`](/consul/docs/agent/config/cli-flags#_recursor) for more details.
|
Refer to [`-recursor`](/consul/docs/agent/config/cli-flags#_recursor) for more details.
|
||||||
|
@ -302,6 +304,8 @@ Use these links to navigate to a particular top-level stanza.
|
||||||
authority (optional) and server and client certificates.
|
authority (optional) and server and client certificates.
|
||||||
This setting is required for [Cluster Peering](/consul/docs/connect/cluster-peering/k8s).
|
This setting is required for [Cluster Peering](/consul/docs/connect/cluster-peering/k8s).
|
||||||
|
|
||||||
|
- `logLevel` ((#v-global-tls-loglevel)) (`string: ""`) - Override global log verbosity level. One of "trace", "debug", "info", "warn", or "error".
|
||||||
|
|
||||||
- `enableAutoEncrypt` ((#v-global-tls-enableautoencrypt)) (`boolean: false`) - If true, turns on the auto-encrypt feature on clients and servers.
|
- `enableAutoEncrypt` ((#v-global-tls-enableautoencrypt)) (`boolean: false`) - If true, turns on the auto-encrypt feature on clients and servers.
|
||||||
It also switches consul-k8s-control-plane components to retrieve the CA from the servers
|
It also switches consul-k8s-control-plane components to retrieve the CA from the servers
|
||||||
via the API. Requires Consul 1.7.1+.
|
via the API. Requires Consul 1.7.1+.
|
||||||
|
@ -361,6 +365,15 @@ Use these links to navigate to a particular top-level stanza.
|
||||||
|
|
||||||
- `secretKey` ((#v-global-tls-cakey-secretkey)) (`string: null`) - The key within the Kubernetes or Vault secret that holds the CA key.
|
- `secretKey` ((#v-global-tls-cakey-secretkey)) (`string: null`) - The key within the Kubernetes or Vault secret that holds the CA key.
|
||||||
|
|
||||||
|
- `annotations` ((#v-global-tls-annotations)) (`string: null`) - This value defines additional annotations for
|
||||||
|
tls init jobs. Format this value as a multi-line string.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
annotations: |
|
||||||
|
"sample/annotation1": "foo"
|
||||||
|
"sample/annotation2": "bar"
|
||||||
|
```
|
||||||
|
|
||||||
- `enableConsulNamespaces` ((#v-global-enableconsulnamespaces)) (`boolean: false`) - <EnterpriseAlert inline /> `enableConsulNamespaces` indicates that you are running
|
- `enableConsulNamespaces` ((#v-global-enableconsulnamespaces)) (`boolean: false`) - <EnterpriseAlert inline /> `enableConsulNamespaces` indicates that you are running
|
||||||
Consul Enterprise v1.7+ with a valid Consul Enterprise license and would
|
Consul Enterprise v1.7+ with a valid Consul Enterprise license and would
|
||||||
like to make use of configuration beyond registering everything into
|
like to make use of configuration beyond registering everything into
|
||||||
|
@ -374,6 +387,8 @@ Use these links to navigate to a particular top-level stanza.
|
||||||
for all Consul and consul-k8s-control-plane components.
|
for all Consul and consul-k8s-control-plane components.
|
||||||
This requires Consul >= 1.4.
|
This requires Consul >= 1.4.
|
||||||
|
|
||||||
|
- `logLevel` ((#v-global-acls-loglevel)) (`string: ""`) - Override global log verbosity level. One of "trace", "debug", "info", "warn", or "error".
|
||||||
|
|
||||||
- `bootstrapToken` ((#v-global-acls-bootstraptoken)) - A Kubernetes or Vault secret containing the bootstrap token to use for creating policies and
|
- `bootstrapToken` ((#v-global-acls-bootstraptoken)) - A Kubernetes or Vault secret containing the bootstrap token to use for creating policies and
|
||||||
tokens for all Consul and consul-k8s-control-plane components. If `secretName` and `secretKey`
|
tokens for all Consul and consul-k8s-control-plane components. If `secretName` and `secretKey`
|
||||||
are unset, a default secret name and secret key are used. If the secret is populated, then
|
are unset, a default secret name and secret key are used. If the secret is populated, then
|
||||||
|
@ -447,6 +462,15 @@ Use these links to navigate to a particular top-level stanza.
|
||||||
beta.kubernetes.io/arch: amd64
|
beta.kubernetes.io/arch: amd64
|
||||||
```
|
```
|
||||||
|
|
||||||
|
- `annotations` ((#v-global-acls-annotations)) (`string: null`) - This value defines additional annotations for
|
||||||
|
acl init jobs. Format this value as a multi-line string.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
annotations: |
|
||||||
|
"sample/annotation1": "foo"
|
||||||
|
"sample/annotation2": "bar"
|
||||||
|
```
|
||||||
|
|
||||||
- `enterpriseLicense` ((#v-global-enterpriselicense)) - <EnterpriseAlert inline /> This value refers to a Kubernetes or Vault secret that you have created
|
- `enterpriseLicense` ((#v-global-enterpriselicense)) - <EnterpriseAlert inline /> This value refers to a Kubernetes or Vault secret that you have created
|
||||||
that contains your enterprise license. It is required if you are using an
|
that contains your enterprise license. It is required if you are using an
|
||||||
enterprise binary. Defining it here applies it to your cluster once a leader
|
enterprise binary. Defining it here applies it to your cluster once a leader
|
||||||
|
@ -500,6 +524,8 @@ Use these links to navigate to a particular top-level stanza.
|
||||||
-o jsonpath="{.clusters[?(@.name=='<your cluster name>')].cluster.server}"
|
-o jsonpath="{.clusters[?(@.name=='<your cluster name>')].cluster.server}"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
- `logLevel` ((#v-global-federation-loglevel)) (`string: ""`) - Override global log verbosity level for the `create-federation-secret-job` pods. One of "trace", "debug", "info", "warn", or "error".
|
||||||
|
|
||||||
- `metrics` ((#v-global-metrics)) - Configures metrics for Consul service mesh
|
- `metrics` ((#v-global-metrics)) - Configures metrics for Consul service mesh
|
||||||
|
|
||||||
- `enabled` ((#v-global-metrics-enabled)) (`boolean: false`) - Configures the Helm chart’s components
|
- `enabled` ((#v-global-metrics-enabled)) (`boolean: false`) - Configures the Helm chart’s components
|
||||||
|
@ -614,6 +640,8 @@ Use these links to navigate to a particular top-level stanza.
|
||||||
Consul server cluster. If you're running Consul externally and want agents
|
Consul server cluster. If you're running Consul externally and want agents
|
||||||
within Kubernetes to join that cluster, this should probably be false.
|
within Kubernetes to join that cluster, this should probably be false.
|
||||||
|
|
||||||
|
- `logLevel` ((#v-server-loglevel)) (`string: ""`) - Override global log verbosity level. One of "trace", "debug", "info", "warn", or "error".
|
||||||
|
|
||||||
- `image` ((#v-server-image)) (`string: null`) - The name of the Docker image (including any tag) for the containers running
|
- `image` ((#v-server-image)) (`string: null`) - The name of the Docker image (including any tag) for the containers running
|
||||||
Consul server agents.
|
Consul server agents.
|
||||||
|
|
||||||
|
@ -705,11 +733,11 @@ Use these links to navigate to a particular top-level stanza.
|
||||||
contains best practices and recommendations for selecting suitable
|
contains best practices and recommendations for selecting suitable
|
||||||
hardware sizes for your Consul servers.
|
hardware sizes for your Consul servers.
|
||||||
|
|
||||||
- `connect` ((#v-server-connect)) (`boolean: true`) - This will enable/disable [Connect](/consul/docs/connect). Setting this to true
|
- `connect` ((#v-server-connect)) (`boolean: true`) - This will enable/disable [service mesh](/consul/docs/connect). Setting this to true
|
||||||
_will not_ automatically secure pod communication, this
|
_will not_ automatically secure pod communication, this
|
||||||
setting will only enable usage of the feature. Consul will automatically initialize
|
setting will only enable usage of the feature. Consul will automatically initialize
|
||||||
a new CA and set of certificates. Additional Connect settings can be configured
|
a new CA and set of certificates. Additional service mesh settings can be configured
|
||||||
by setting the `server.extraConfig` value.
|
by setting the `server.extraConfig` value or by applying [configuration entries](/consul/docs/connect/config-entries).
|
||||||
|
|
||||||
- `serviceAccount` ((#v-server-serviceaccount))
|
- `serviceAccount` ((#v-server-serviceaccount))
|
||||||
|
|
||||||
|
@ -753,6 +781,10 @@ Use these links to navigate to a particular top-level stanza.
|
||||||
|
|
||||||
- `server` ((#v-server-containersecuritycontext-server)) (`map`) - The consul server agent container
|
- `server` ((#v-server-containersecuritycontext-server)) (`map`) - The consul server agent container
|
||||||
|
|
||||||
|
- `aclInit` ((#v-server-containersecuritycontext-aclinit)) (`map`) - The acl-init job
|
||||||
|
|
||||||
|
- `tlsInit` ((#v-server-containersecuritycontext-tlsinit)) (`map`) - The tls-init job
|
||||||
|
|
||||||
- `updatePartition` ((#v-server-updatepartition)) (`integer: 0`) - This value is used to carefully
|
- `updatePartition` ((#v-server-updatepartition)) (`integer: 0`) - This value is used to carefully
|
||||||
control a rolling update of Consul server agents. This value specifies the
|
control a rolling update of Consul server agents. This value specifies the
|
||||||
[partition](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions)
|
[partition](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions)
|
||||||
|
@ -1123,6 +1155,8 @@ Use these links to navigate to a particular top-level stanza.
|
||||||
the resources necessary for a Consul client on every Kubernetes node. This _does not_ require
|
the resources necessary for a Consul client on every Kubernetes node. This _does not_ require
|
||||||
`server.enabled`, since the agents can be configured to join an external cluster.
|
`server.enabled`, since the agents can be configured to join an external cluster.
|
||||||
|
|
||||||
|
- `logLevel` ((#v-client-loglevel)) (`string: ""`) - Override global log verbosity level. One of "trace", "debug", "info", "warn", or "error".
|
||||||
|
|
||||||
- `image` ((#v-client-image)) (`string: null`) - The name of the Docker image (including any tag) for the containers
|
- `image` ((#v-client-image)) (`string: null`) - The name of the Docker image (including any tag) for the containers
|
||||||
running Consul client agents.
|
running Consul client agents.
|
||||||
|
|
||||||
|
@ -1345,7 +1379,7 @@ Use these links to navigate to a particular top-level stanza.
|
||||||
|
|
||||||
- `enabled` ((#v-dns-enabled)) (`boolean: -`)
|
- `enabled` ((#v-dns-enabled)) (`boolean: -`)
|
||||||
|
|
||||||
- `enableRedirection` ((#v-dns-enableredirection)) (`boolean: -`) - If true, services using Consul Connect will use Consul DNS
|
- `enableRedirection` ((#v-dns-enableredirection)) (`boolean: -`) - If true, services using Consul service mesh will use Consul DNS
|
||||||
for default DNS resolution. The DNS lookups fall back to the nameserver IPs
|
for default DNS resolution. The DNS lookups fall back to the nameserver IPs
|
||||||
listed in /etc/resolv.conf if not found in Consul.
|
listed in /etc/resolv.conf if not found in Consul.
|
||||||
|
|
||||||
|
@ -1758,6 +1792,14 @@ Use these links to navigate to a particular top-level stanza.
|
||||||
|
|
||||||
- `minInstances` ((#v-connectinject-apigateway-managedgatewayclass-deployment-mininstances)) (`integer: 1`)
|
- `minInstances` ((#v-connectinject-apigateway-managedgatewayclass-deployment-mininstances)) (`integer: 1`)
|
||||||
|
|
||||||
|
- `openshiftSCCName` ((#v-connectinject-apigateway-managedgatewayclass-openshiftsccname)) (`string: restricted-v2`) - The name of the OpenShift SecurityContextConstraints resource to use for Gateways.
|
||||||
|
Only applicable if `global.openshift.enabled` is true.
|
||||||
|
|
||||||
|
- `mapPrivilegedContainerPorts` ((#v-connectinject-apigateway-managedgatewayclass-mapprivilegedcontainerports)) (`integer: 0`) - This value defines the amount Consul will add to privileged container ports on gateways that use this class.
|
||||||
|
This is useful if you don't want to give your containers extra permissions to run privileged ports.
|
||||||
|
Example: The gateway listener is defined on port 80, but the underlying value of the port on the container
|
||||||
|
will be the 80 + the number defined below.
|
||||||
|
|
||||||
- `serviceAccount` ((#v-connectinject-apigateway-serviceaccount)) - Configuration for the ServiceAccount created for the api-gateway component
|
- `serviceAccount` ((#v-connectinject-apigateway-serviceaccount)) - Configuration for the ServiceAccount created for the api-gateway component
|
||||||
|
|
||||||
- `annotations` ((#v-connectinject-apigateway-serviceaccount-annotations)) (`string: null`) - This value defines additional annotations for the client service account. This should be formatted as a multi-line
|
- `annotations` ((#v-connectinject-apigateway-serviceaccount-annotations)) (`string: null`) - This value defines additional annotations for the client service account. This should be formatted as a multi-line
|
||||||
|
@ -1839,7 +1881,7 @@ Use these links to navigate to a particular top-level stanza.
|
||||||
persistent: true
|
persistent: true
|
||||||
```
|
```
|
||||||
|
|
||||||
- `metrics` ((#v-connectinject-metrics)) - Configures metrics for Consul Connect services. All values are overridable
|
- `metrics` ((#v-connectinject-metrics)) - Configures metrics for Consul service mesh services. All values are overridable
|
||||||
via annotations on a per-pod basis.
|
via annotations on a per-pod basis.
|
||||||
|
|
||||||
- `defaultEnabled` ((#v-connectinject-metrics-defaultenabled)) (`string: -`) - If true, the connect-injector will automatically
|
- `defaultEnabled` ((#v-connectinject-metrics-defaultenabled)) (`string: -`) - If true, the connect-injector will automatically
|
||||||
|
@ -1962,7 +2004,7 @@ Use these links to navigate to a particular top-level stanza.
|
||||||
annotated. Use `["*"]` to automatically allow all k8s namespaces.
|
annotated. Use `["*"]` to automatically allow all k8s namespaces.
|
||||||
|
|
||||||
For example, `["namespace1", "namespace2"]` will only allow pods in the k8s
|
For example, `["namespace1", "namespace2"]` will only allow pods in the k8s
|
||||||
namespaces `namespace1` and `namespace2` to have Connect sidecars injected
|
namespaces `namespace1` and `namespace2` to have Consul service mesh sidecars injected
|
||||||
and registered with Consul. All other k8s namespaces will be ignored.
|
and registered with Consul. All other k8s namespaces will be ignored.
|
||||||
|
|
||||||
To deny all namespaces, set this to `[]`.
|
To deny all namespaces, set this to `[]`.
|
||||||
|
@ -2122,10 +2164,12 @@ Use these links to navigate to a particular top-level stanza.
|
||||||
- `meshGateway` ((#v-meshgateway)) - [Mesh Gateways](/consul/docs/connect/gateways/mesh-gateway) enable Consul Connect to work across Consul datacenters.
|
- `meshGateway` ((#v-meshgateway)) - [Mesh Gateways](/consul/docs/connect/gateways/mesh-gateway) enable Consul Connect to work across Consul datacenters.
|
||||||
|
|
||||||
- `enabled` ((#v-meshgateway-enabled)) (`boolean: false`) - If [mesh gateways](/consul/docs/connect/gateways/mesh-gateway) are enabled, a Deployment will be created that runs
|
- `enabled` ((#v-meshgateway-enabled)) (`boolean: false`) - If [mesh gateways](/consul/docs/connect/gateways/mesh-gateway) are enabled, a Deployment will be created that runs
|
||||||
gateways and Consul Connect will be configured to use gateways.
|
gateways and Consul service mesh will be configured to use gateways.
|
||||||
This setting is required for [Cluster Peering](/consul/docs/connect/cluster-peering/k8s).
|
This setting is required for [Cluster Peering](/consul/docs/connect/cluster-peering/k8s).
|
||||||
Requirements: consul 1.6.0+ if using `global.acls.manageSystemACLs``.
|
Requirements: consul 1.6.0+ if using `global.acls.manageSystemACLs``.
|
||||||
|
|
||||||
|
- `logLevel` ((#v-meshgateway-loglevel)) (`string: ""`) - Override global log verbosity level for `mesh-gateway-deployment` pods. One of "trace", "debug", "info", "warn", or "error".
|
||||||
|
|
||||||
- `replicas` ((#v-meshgateway-replicas)) (`integer: 1`) - Number of replicas for the Deployment.
|
- `replicas` ((#v-meshgateway-replicas)) (`integer: 1`) - Number of replicas for the Deployment.
|
||||||
|
|
||||||
- `wanAddress` ((#v-meshgateway-wanaddress)) - What gets registered as WAN address for the gateway.
|
- `wanAddress` ((#v-meshgateway-wanaddress)) - What gets registered as WAN address for the gateway.
|
||||||
|
@ -2289,6 +2333,8 @@ Use these links to navigate to a particular top-level stanza.
|
||||||
|
|
||||||
- `enabled` ((#v-ingressgateways-enabled)) (`boolean: false`) - Enable ingress gateway deployment. Requires `connectInject.enabled=true`.
|
- `enabled` ((#v-ingressgateways-enabled)) (`boolean: false`) - Enable ingress gateway deployment. Requires `connectInject.enabled=true`.
|
||||||
|
|
||||||
|
- `logLevel` ((#v-ingressgateways-loglevel)) (`string: ""`) - Override global log verbosity level for `ingress-gateways-deployment` pods. One of "trace", "debug", "info", "warn", or "error".
|
||||||
|
|
||||||
- `defaults` ((#v-ingressgateways-defaults)) - Defaults sets default values for all gateway fields. With the exception
|
- `defaults` ((#v-ingressgateways-defaults)) - Defaults sets default values for all gateway fields. With the exception
|
||||||
of annotations, defining any of these values in the `gateways` list
|
of annotations, defining any of these values in the `gateways` list
|
||||||
will override the default values provided here. Annotations will
|
will override the default values provided here. Annotations will
|
||||||
|
@ -2418,6 +2464,8 @@ Use these links to navigate to a particular top-level stanza.
|
||||||
|
|
||||||
- `enabled` ((#v-terminatinggateways-enabled)) (`boolean: false`) - Enable terminating gateway deployment. Requires `connectInject.enabled=true`.
|
- `enabled` ((#v-terminatinggateways-enabled)) (`boolean: false`) - Enable terminating gateway deployment. Requires `connectInject.enabled=true`.
|
||||||
|
|
||||||
|
- `logLevel` ((#v-terminatinggateways-loglevel)) (`string: ""`) - Override global log verbosity level. One of "trace", "debug", "info", "warn", or "error".
|
||||||
|
|
||||||
- `defaults` ((#v-terminatinggateways-defaults)) - Defaults sets default values for all gateway fields. With the exception
|
- `defaults` ((#v-terminatinggateways-defaults)) - Defaults sets default values for all gateway fields. With the exception
|
||||||
of annotations, defining any of these values in the `gateways` list
|
of annotations, defining any of these values in the `gateways` list
|
||||||
will override the default values provided here. Annotations will
|
will override the default values provided here. Annotations will
|
||||||
|
@ -2674,6 +2722,8 @@ Use these links to navigate to a particular top-level stanza.
|
||||||
|
|
||||||
- `enabled` ((#v-telemetrycollector-enabled)) (`boolean: false`) - Enables the consul-telemetry-collector deployment
|
- `enabled` ((#v-telemetrycollector-enabled)) (`boolean: false`) - Enables the consul-telemetry-collector deployment
|
||||||
|
|
||||||
|
- `logLevel` ((#v-telemetrycollector-loglevel)) (`string: ""`) - Override global log verbosity level. One of "trace", "debug", "info", "warn", or "error".
|
||||||
|
|
||||||
- `image` ((#v-telemetrycollector-image)) (`string: hashicorp/consul-telemetry-collector:0.0.1`) - The name of the Docker image (including any tag) for the containers running
|
- `image` ((#v-telemetrycollector-image)) (`string: hashicorp/consul-telemetry-collector:0.0.1`) - The name of the Docker image (including any tag) for the containers running
|
||||||
the consul-telemetry-collector
|
the consul-telemetry-collector
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue