diff --git a/website/content/docs/k8s/connect/terminating-gateways.mdx b/website/content/docs/k8s/connect/terminating-gateways.mdx index c4a90a923..1522035dd 100644 --- a/website/content/docs/k8s/connect/terminating-gateways.mdx +++ b/website/content/docs/k8s/connect/terminating-gateways.mdx @@ -138,16 +138,13 @@ $ curl --request PUT --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" --data @exter true ``` -### Update terminating gateway ACL token if ACLs are enabled +### Update terminating gateway ACL role if ACLs are enabled -If ACLs are enabled, update the terminating gateway acl token to have `service: write` permissions on all of the services +If ACLs are enabled, update the terminating gateway acl role to have `service: write` permissions on all of the services being represented by the gateway: - Create a new policy that includes these permissions -- Update the existing token to include the new policy - -~> The CLI command should be run with the `-merge-policies`, `-merge-roles` and `-merge-service-identities` so -nothing is removed from the terminating gateway token +- Update the existing rolc to include the new policy @@ -174,28 +171,28 @@ service "example-https" { Now fetch the ID of the terminating gateway token ```shell-session -consul acl token list | grep -B 6 -- "- terminating-gateway-terminating-gateway-token" | grep AccessorID +consul acl role list | grep -B 6 -- "- RELEASE_NAME-terminating-gateway-policy" | grep ID -AccessorID: +ID: ``` Update the terminating gateway acl token with the new policy ```shell-session -$ consul acl token update -id -policy-name example-https-write-policy -merge-policies -merge-roles -merge-service-identities -AccessorID: +$ consul acl role update -id -policy-name example-https-write-policy +AccessorID: SecretID: -Description: terminating-gateway-terminating-gateway-token Token +Description: RELEASE_NAME-terminating-gateway-acl-role Local: true Create Time: 2021-01-08 21:18:47.957450486 +0000 UTC Policies: - 63bf1d9b-a87d-8672-ddcb-d25e2d88adb8 - terminating-gateway-terminating-gateway-token + 63bf1d9b-a87d-8672-ddcb-d25e2d88adb8 - RELEASE_NAME-terminating-gateway-policy f63d1ae6-ffe7-44bd-bf7a-704a86939a63 - example-https-write-policy ``` ### Create the configuration entry for the terminating gateway -Once the tokens have been updated, create the [TerminatingGateway](/docs/connect/config-entries/terminating-gateway) +Once the roles have been updated, create the [TerminatingGateway](/docs/connect/config-entries/terminating-gateway) resource to configure the terminating gateway: