Update Helm docs for consul-k8s 1.2.1 (#18450)

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
This commit is contained in:
Melisa Griffin 2023-08-11 16:53:04 -04:00 committed by GitHub
parent 247fdc1f3d
commit 6512ef175a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 57 additions and 7 deletions

View File

@ -288,6 +288,8 @@ Use these links to navigate to a particular top-level stanza.
- `secretKey` ((#v-global-gossipencryption-secretkey)) (`string: ""`) - The key within the Kubernetes secret or Vault secret key that holds the gossip - `secretKey` ((#v-global-gossipencryption-secretkey)) (`string: ""`) - The key within the Kubernetes secret or Vault secret key that holds the gossip
encryption key. encryption key.
- `logLevel` ((#v-global-gossipencryption-loglevel)) (`string: ""`) - Override global log verbosity level for `gossip-encryption-autogenerate-job` pods. One of "trace", "debug", "info", "warn", or "error".
- `recursors` ((#v-global-recursors)) (`array<string>: []`) - A list of addresses of upstream DNS servers that are used to recursively resolve DNS queries. - `recursors` ((#v-global-recursors)) (`array<string>: []`) - A list of addresses of upstream DNS servers that are used to recursively resolve DNS queries.
These values are given as `-recursor` flags to Consul servers and clients. These values are given as `-recursor` flags to Consul servers and clients.
Refer to [`-recursor`](/consul/docs/agent/config/cli-flags#_recursor) for more details. Refer to [`-recursor`](/consul/docs/agent/config/cli-flags#_recursor) for more details.
@ -302,6 +304,8 @@ Use these links to navigate to a particular top-level stanza.
authority (optional) and server and client certificates. authority (optional) and server and client certificates.
This setting is required for [Cluster Peering](/consul/docs/connect/cluster-peering/k8s). This setting is required for [Cluster Peering](/consul/docs/connect/cluster-peering/k8s).
- `logLevel` ((#v-global-tls-loglevel)) (`string: ""`) - Override global log verbosity level. One of "trace", "debug", "info", "warn", or "error".
- `enableAutoEncrypt` ((#v-global-tls-enableautoencrypt)) (`boolean: false`) - If true, turns on the auto-encrypt feature on clients and servers. - `enableAutoEncrypt` ((#v-global-tls-enableautoencrypt)) (`boolean: false`) - If true, turns on the auto-encrypt feature on clients and servers.
It also switches consul-k8s-control-plane components to retrieve the CA from the servers It also switches consul-k8s-control-plane components to retrieve the CA from the servers
via the API. Requires Consul 1.7.1+. via the API. Requires Consul 1.7.1+.
@ -361,6 +365,15 @@ Use these links to navigate to a particular top-level stanza.
- `secretKey` ((#v-global-tls-cakey-secretkey)) (`string: null`) - The key within the Kubernetes or Vault secret that holds the CA key. - `secretKey` ((#v-global-tls-cakey-secretkey)) (`string: null`) - The key within the Kubernetes or Vault secret that holds the CA key.
- `annotations` ((#v-global-tls-annotations)) (`string: null`) - This value defines additional annotations for
tls init jobs. Format this value as a multi-line string.
```yaml
annotations: |
"sample/annotation1": "foo"
"sample/annotation2": "bar"
```
- `enableConsulNamespaces` ((#v-global-enableconsulnamespaces)) (`boolean: false`) - <EnterpriseAlert inline /> `enableConsulNamespaces` indicates that you are running - `enableConsulNamespaces` ((#v-global-enableconsulnamespaces)) (`boolean: false`) - <EnterpriseAlert inline /> `enableConsulNamespaces` indicates that you are running
Consul Enterprise v1.7+ with a valid Consul Enterprise license and would Consul Enterprise v1.7+ with a valid Consul Enterprise license and would
like to make use of configuration beyond registering everything into like to make use of configuration beyond registering everything into
@ -374,6 +387,8 @@ Use these links to navigate to a particular top-level stanza.
for all Consul and consul-k8s-control-plane components. for all Consul and consul-k8s-control-plane components.
This requires Consul >= 1.4. This requires Consul >= 1.4.
- `logLevel` ((#v-global-acls-loglevel)) (`string: ""`) - Override global log verbosity level. One of "trace", "debug", "info", "warn", or "error".
- `bootstrapToken` ((#v-global-acls-bootstraptoken)) - A Kubernetes or Vault secret containing the bootstrap token to use for creating policies and - `bootstrapToken` ((#v-global-acls-bootstraptoken)) - A Kubernetes or Vault secret containing the bootstrap token to use for creating policies and
tokens for all Consul and consul-k8s-control-plane components. If `secretName` and `secretKey` tokens for all Consul and consul-k8s-control-plane components. If `secretName` and `secretKey`
are unset, a default secret name and secret key are used. If the secret is populated, then are unset, a default secret name and secret key are used. If the secret is populated, then
@ -447,6 +462,15 @@ Use these links to navigate to a particular top-level stanza.
beta.kubernetes.io/arch: amd64 beta.kubernetes.io/arch: amd64
``` ```
- `annotations` ((#v-global-acls-annotations)) (`string: null`) - This value defines additional annotations for
acl init jobs. Format this value as a multi-line string.
```yaml
annotations: |
"sample/annotation1": "foo"
"sample/annotation2": "bar"
```
- `enterpriseLicense` ((#v-global-enterpriselicense)) - <EnterpriseAlert inline /> This value refers to a Kubernetes or Vault secret that you have created - `enterpriseLicense` ((#v-global-enterpriselicense)) - <EnterpriseAlert inline /> This value refers to a Kubernetes or Vault secret that you have created
that contains your enterprise license. It is required if you are using an that contains your enterprise license. It is required if you are using an
enterprise binary. Defining it here applies it to your cluster once a leader enterprise binary. Defining it here applies it to your cluster once a leader
@ -500,6 +524,8 @@ Use these links to navigate to a particular top-level stanza.
-o jsonpath="{.clusters[?(@.name=='<your cluster name>')].cluster.server}" -o jsonpath="{.clusters[?(@.name=='<your cluster name>')].cluster.server}"
``` ```
- `logLevel` ((#v-global-federation-loglevel)) (`string: ""`) - Override global log verbosity level for the `create-federation-secret-job` pods. One of "trace", "debug", "info", "warn", or "error".
- `metrics` ((#v-global-metrics)) - Configures metrics for Consul service mesh - `metrics` ((#v-global-metrics)) - Configures metrics for Consul service mesh
- `enabled` ((#v-global-metrics-enabled)) (`boolean: false`) - Configures the Helm charts components - `enabled` ((#v-global-metrics-enabled)) (`boolean: false`) - Configures the Helm charts components
@ -614,6 +640,8 @@ Use these links to navigate to a particular top-level stanza.
Consul server cluster. If you're running Consul externally and want agents Consul server cluster. If you're running Consul externally and want agents
within Kubernetes to join that cluster, this should probably be false. within Kubernetes to join that cluster, this should probably be false.
- `logLevel` ((#v-server-loglevel)) (`string: ""`) - Override global log verbosity level. One of "trace", "debug", "info", "warn", or "error".
- `image` ((#v-server-image)) (`string: null`) - The name of the Docker image (including any tag) for the containers running - `image` ((#v-server-image)) (`string: null`) - The name of the Docker image (including any tag) for the containers running
Consul server agents. Consul server agents.
@ -705,11 +733,11 @@ Use these links to navigate to a particular top-level stanza.
contains best practices and recommendations for selecting suitable contains best practices and recommendations for selecting suitable
hardware sizes for your Consul servers. hardware sizes for your Consul servers.
- `connect` ((#v-server-connect)) (`boolean: true`) - This will enable/disable [Connect](/consul/docs/connect). Setting this to true - `connect` ((#v-server-connect)) (`boolean: true`) - This will enable/disable [service mesh](/consul/docs/connect). Setting this to true
_will not_ automatically secure pod communication, this _will not_ automatically secure pod communication, this
setting will only enable usage of the feature. Consul will automatically initialize setting will only enable usage of the feature. Consul will automatically initialize
a new CA and set of certificates. Additional Connect settings can be configured a new CA and set of certificates. Additional service mesh settings can be configured
by setting the `server.extraConfig` value. by setting the `server.extraConfig` value or by applying [configuration entries](/consul/docs/connect/config-entries).
- `serviceAccount` ((#v-server-serviceaccount)) - `serviceAccount` ((#v-server-serviceaccount))
@ -753,6 +781,10 @@ Use these links to navigate to a particular top-level stanza.
- `server` ((#v-server-containersecuritycontext-server)) (`map`) - The consul server agent container - `server` ((#v-server-containersecuritycontext-server)) (`map`) - The consul server agent container
- `aclInit` ((#v-server-containersecuritycontext-aclinit)) (`map`) - The acl-init job
- `tlsInit` ((#v-server-containersecuritycontext-tlsinit)) (`map`) - The tls-init job
- `updatePartition` ((#v-server-updatepartition)) (`integer: 0`) - This value is used to carefully - `updatePartition` ((#v-server-updatepartition)) (`integer: 0`) - This value is used to carefully
control a rolling update of Consul server agents. This value specifies the control a rolling update of Consul server agents. This value specifies the
[partition](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions) [partition](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions)
@ -1123,6 +1155,8 @@ Use these links to navigate to a particular top-level stanza.
the resources necessary for a Consul client on every Kubernetes node. This _does not_ require the resources necessary for a Consul client on every Kubernetes node. This _does not_ require
`server.enabled`, since the agents can be configured to join an external cluster. `server.enabled`, since the agents can be configured to join an external cluster.
- `logLevel` ((#v-client-loglevel)) (`string: ""`) - Override global log verbosity level. One of "trace", "debug", "info", "warn", or "error".
- `image` ((#v-client-image)) (`string: null`) - The name of the Docker image (including any tag) for the containers - `image` ((#v-client-image)) (`string: null`) - The name of the Docker image (including any tag) for the containers
running Consul client agents. running Consul client agents.
@ -1345,7 +1379,7 @@ Use these links to navigate to a particular top-level stanza.
- `enabled` ((#v-dns-enabled)) (`boolean: -`) - `enabled` ((#v-dns-enabled)) (`boolean: -`)
- `enableRedirection` ((#v-dns-enableredirection)) (`boolean: -`) - If true, services using Consul Connect will use Consul DNS - `enableRedirection` ((#v-dns-enableredirection)) (`boolean: -`) - If true, services using Consul service mesh will use Consul DNS
for default DNS resolution. The DNS lookups fall back to the nameserver IPs for default DNS resolution. The DNS lookups fall back to the nameserver IPs
listed in /etc/resolv.conf if not found in Consul. listed in /etc/resolv.conf if not found in Consul.
@ -1758,6 +1792,14 @@ Use these links to navigate to a particular top-level stanza.
- `minInstances` ((#v-connectinject-apigateway-managedgatewayclass-deployment-mininstances)) (`integer: 1`) - `minInstances` ((#v-connectinject-apigateway-managedgatewayclass-deployment-mininstances)) (`integer: 1`)
- `openshiftSCCName` ((#v-connectinject-apigateway-managedgatewayclass-openshiftsccname)) (`string: restricted-v2`) - The name of the OpenShift SecurityContextConstraints resource to use for Gateways.
Only applicable if `global.openshift.enabled` is true.
- `mapPrivilegedContainerPorts` ((#v-connectinject-apigateway-managedgatewayclass-mapprivilegedcontainerports)) (`integer: 0`) - This value defines the amount Consul will add to privileged container ports on gateways that use this class.
This is useful if you don't want to give your containers extra permissions to run privileged ports.
Example: The gateway listener is defined on port 80, but the underlying value of the port on the container
will be the 80 + the number defined below.
- `serviceAccount` ((#v-connectinject-apigateway-serviceaccount)) - Configuration for the ServiceAccount created for the api-gateway component - `serviceAccount` ((#v-connectinject-apigateway-serviceaccount)) - Configuration for the ServiceAccount created for the api-gateway component
- `annotations` ((#v-connectinject-apigateway-serviceaccount-annotations)) (`string: null`) - This value defines additional annotations for the client service account. This should be formatted as a multi-line - `annotations` ((#v-connectinject-apigateway-serviceaccount-annotations)) (`string: null`) - This value defines additional annotations for the client service account. This should be formatted as a multi-line
@ -1839,7 +1881,7 @@ Use these links to navigate to a particular top-level stanza.
persistent: true persistent: true
``` ```
- `metrics` ((#v-connectinject-metrics)) - Configures metrics for Consul Connect services. All values are overridable - `metrics` ((#v-connectinject-metrics)) - Configures metrics for Consul service mesh services. All values are overridable
via annotations on a per-pod basis. via annotations on a per-pod basis.
- `defaultEnabled` ((#v-connectinject-metrics-defaultenabled)) (`string: -`) - If true, the connect-injector will automatically - `defaultEnabled` ((#v-connectinject-metrics-defaultenabled)) (`string: -`) - If true, the connect-injector will automatically
@ -1962,7 +2004,7 @@ Use these links to navigate to a particular top-level stanza.
annotated. Use `["*"]` to automatically allow all k8s namespaces. annotated. Use `["*"]` to automatically allow all k8s namespaces.
For example, `["namespace1", "namespace2"]` will only allow pods in the k8s For example, `["namespace1", "namespace2"]` will only allow pods in the k8s
namespaces `namespace1` and `namespace2` to have Connect sidecars injected namespaces `namespace1` and `namespace2` to have Consul service mesh sidecars injected
and registered with Consul. All other k8s namespaces will be ignored. and registered with Consul. All other k8s namespaces will be ignored.
To deny all namespaces, set this to `[]`. To deny all namespaces, set this to `[]`.
@ -2122,10 +2164,12 @@ Use these links to navigate to a particular top-level stanza.
- `meshGateway` ((#v-meshgateway)) - [Mesh Gateways](/consul/docs/connect/gateways/mesh-gateway) enable Consul Connect to work across Consul datacenters. - `meshGateway` ((#v-meshgateway)) - [Mesh Gateways](/consul/docs/connect/gateways/mesh-gateway) enable Consul Connect to work across Consul datacenters.
- `enabled` ((#v-meshgateway-enabled)) (`boolean: false`) - If [mesh gateways](/consul/docs/connect/gateways/mesh-gateway) are enabled, a Deployment will be created that runs - `enabled` ((#v-meshgateway-enabled)) (`boolean: false`) - If [mesh gateways](/consul/docs/connect/gateways/mesh-gateway) are enabled, a Deployment will be created that runs
gateways and Consul Connect will be configured to use gateways. gateways and Consul service mesh will be configured to use gateways.
This setting is required for [Cluster Peering](/consul/docs/connect/cluster-peering/k8s). This setting is required for [Cluster Peering](/consul/docs/connect/cluster-peering/k8s).
Requirements: consul 1.6.0+ if using `global.acls.manageSystemACLs``. Requirements: consul 1.6.0+ if using `global.acls.manageSystemACLs``.
- `logLevel` ((#v-meshgateway-loglevel)) (`string: ""`) - Override global log verbosity level for `mesh-gateway-deployment` pods. One of "trace", "debug", "info", "warn", or "error".
- `replicas` ((#v-meshgateway-replicas)) (`integer: 1`) - Number of replicas for the Deployment. - `replicas` ((#v-meshgateway-replicas)) (`integer: 1`) - Number of replicas for the Deployment.
- `wanAddress` ((#v-meshgateway-wanaddress)) - What gets registered as WAN address for the gateway. - `wanAddress` ((#v-meshgateway-wanaddress)) - What gets registered as WAN address for the gateway.
@ -2289,6 +2333,8 @@ Use these links to navigate to a particular top-level stanza.
- `enabled` ((#v-ingressgateways-enabled)) (`boolean: false`) - Enable ingress gateway deployment. Requires `connectInject.enabled=true`. - `enabled` ((#v-ingressgateways-enabled)) (`boolean: false`) - Enable ingress gateway deployment. Requires `connectInject.enabled=true`.
- `logLevel` ((#v-ingressgateways-loglevel)) (`string: ""`) - Override global log verbosity level for `ingress-gateways-deployment` pods. One of "trace", "debug", "info", "warn", or "error".
- `defaults` ((#v-ingressgateways-defaults)) - Defaults sets default values for all gateway fields. With the exception - `defaults` ((#v-ingressgateways-defaults)) - Defaults sets default values for all gateway fields. With the exception
of annotations, defining any of these values in the `gateways` list of annotations, defining any of these values in the `gateways` list
will override the default values provided here. Annotations will will override the default values provided here. Annotations will
@ -2418,6 +2464,8 @@ Use these links to navigate to a particular top-level stanza.
- `enabled` ((#v-terminatinggateways-enabled)) (`boolean: false`) - Enable terminating gateway deployment. Requires `connectInject.enabled=true`. - `enabled` ((#v-terminatinggateways-enabled)) (`boolean: false`) - Enable terminating gateway deployment. Requires `connectInject.enabled=true`.
- `logLevel` ((#v-terminatinggateways-loglevel)) (`string: ""`) - Override global log verbosity level. One of "trace", "debug", "info", "warn", or "error".
- `defaults` ((#v-terminatinggateways-defaults)) - Defaults sets default values for all gateway fields. With the exception - `defaults` ((#v-terminatinggateways-defaults)) - Defaults sets default values for all gateway fields. With the exception
of annotations, defining any of these values in the `gateways` list of annotations, defining any of these values in the `gateways` list
will override the default values provided here. Annotations will will override the default values provided here. Annotations will
@ -2674,6 +2722,8 @@ Use these links to navigate to a particular top-level stanza.
- `enabled` ((#v-telemetrycollector-enabled)) (`boolean: false`) - Enables the consul-telemetry-collector deployment - `enabled` ((#v-telemetrycollector-enabled)) (`boolean: false`) - Enables the consul-telemetry-collector deployment
- `logLevel` ((#v-telemetrycollector-loglevel)) (`string: ""`) - Override global log verbosity level. One of "trace", "debug", "info", "warn", or "error".
- `image` ((#v-telemetrycollector-image)) (`string: hashicorp/consul-telemetry-collector:0.0.1`) - The name of the Docker image (including any tag) for the containers running - `image` ((#v-telemetrycollector-image)) (`string: hashicorp/consul-telemetry-collector:0.0.1`) - The name of the Docker image (including any tag) for the containers running
the consul-telemetry-collector the consul-telemetry-collector