From e0af4da0ff0d424faab57b61c02f12138628c067 Mon Sep 17 00:00:00 2001 From: Rebecca Zanzig Date: Thu, 9 May 2019 15:00:30 -0700 Subject: [PATCH] Add docs for Helm chart features introduced in v0.8.0 Additionally defines a new annotation that is used with these new features. --- .../source/docs/platform/k8s/connect.html.md | 9 +++++ website/source/docs/platform/k8s/helm.html.md | 38 +++++++++++++++++++ 2 files changed, 47 insertions(+) diff --git a/website/source/docs/platform/k8s/connect.html.md b/website/source/docs/platform/k8s/connect.html.md index fd231d8b5..17fdbc476 100644 --- a/website/source/docs/platform/k8s/connect.html.md +++ b/website/source/docs/platform/k8s/connect.html.md @@ -179,6 +179,15 @@ Annotations can be used to configure the injection behavior. 6789, respectively. The name of the service is the name of the service registered with Consul. This value defaults to no upstreams. +* `consul.hashicorp.com/connect-service-protocol` - For pods that will be + registered with Consul's [central configuration](/docs/agent/config_entries.html) + feature, information about the protocol the service uses is required. Users + can define the protocol directly using this annotation on the pod spec, or by + defining a default value for all services using the Helm chart's + [defaultProtocol](/docs/platform/k8s/helm.html#v-connectinject-centralconfig-defaultprotocol) + option. Specific annotations will always override the default value. + + ### Deployments, StatefulSets, etc. The annotations for configuring Connect must be on the pod specification. diff --git a/website/source/docs/platform/k8s/helm.html.md b/website/source/docs/platform/k8s/helm.html.md index b8c69a33c..f8bbd3eb1 100644 --- a/website/source/docs/platform/k8s/helm.html.md +++ b/website/source/docs/platform/k8s/helm.html.md @@ -85,6 +85,14 @@ and consider if they're appropriate for your deployment. * `datacenter` (`string: "dc1"`) - The name of the datacenter that the agent cluster should register as. This may not be changed once the cluster is bootstrapped and running, since Consul doesn't yet support an automatic way to change this value. + * `enablePodSecurityPolicies` (`boolean: false`) - + This flag controls whether [`PodSecurityPolicies`](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) are created + for the Consul components that this chart creates. + + * `bootstrapACLs` (`boolean: false`) - This flag controls + whether the Helm chart automatically enables ACLs within the Consul cluster. This requires both Consul servers and clients to be run within + Kubernetes. Requires Consul v1.5+ and consul-k8s v0.8.0+. + * `server` - Values that configure running a Consul server within Kubernetes. * `enabled` (`boolean: global.enabled`) - If true, the chart will install all the resources necessary for a Consul server cluster. If you're running Consul externally and want agents within Kubernetes to join that cluster, this should probably be false. @@ -256,6 +264,7 @@ and consider if they're appropriate for your deployment. "sample/annotation2": "bar" ``` + * `dns` - Values that configure Consul DNS service. * `enabled` (`boolean: global.enabled`) - If true, a `consul-dns` service will be created that exposes port 53 for TCP and UDP to the running Consul agents (servers and clients). This can then be used to [configure kube-dns](/docs/platform/k8s/dns.html). The Helm chart _does not_ automatically configure kube-dns. @@ -340,6 +349,35 @@ to run the sync program. The name of the private key for the certificate file within the `secretName` secret. + * `namespaceSelector` (`string: "serviceaccount.name!=default"`) - + A [selector](/docs/acl/acl-auth-methods.html#binding-rules) for restricting automatic injection to only matching services based on + their associated service account. By default, services using the `default` Kubernetes service account will not have a proxy injected. + + * `centralConfig` - Values that configure + Consul's [central configuration](/docs/agent/config_entries.html) feature (requires Consul v1.5+ and consul-k8s v0.8.1+). + + - `enabled` (`boolean: false`) - + Turns on the central configuration feature. Pods that have a Connect proxy injected will have their service + automatically registered in this central configuration. + + - `defaultProtocol` (`string: null`) - + If defined, this value will be used as the default protocol type for all services registered with the central configuration. + This can be overridden by using the + [protocol annotation](/docs/platform/k8s/connect.html#consul-hashicorp-com-connect-service-protocol) + directly on any pod spec. + + - `proxyDefaults` (`string: "{}"`) - + This value is a raw json string that will be applied to all Connect proxy sidecar pods. It can include any valid configuration + for the configured proxy. + + ```yaml + # proxyDefaults values are formatted as a multi-line string: + proxyDefaults: | + { + "envoy_dogstatsd_url": "udp://127.0.0.1:9125" + } + ``` + ## Using the Helm Chart to deploy Consul Enterprise You can also use this Helm chart to deploy Consul Enterprise by following a few extra steps.