luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Update agent.html.markdown.erb (#6380) 

Adding a note on how to make Consul trust S3-compatible storage that expose a self-signed certificate.
This commit is contained in:
danielehc 2019-08-23 16:09:41 +02:00 committed by GitHub
parent aada537d87
commit 992b1a8d88
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
website/source/docs/commands/snapshot/agent.html.markdown.erb
View File

@ -218,6 +218,10 @@ Note that despite the AWS references, any S3-compatible endpoint can be specifie
* `-aws-s3-kms-key` - Optional Amazon KMS key to use, if this is not set the default KMS master key will be used. Set this if you want to manage key rotation yourself.
-> When using a S3-compatible storage exposing a self-signed certificate the agent will not be able to perform
the snapshot operations unless the CA used to sign the storage certificate is trusted by the node running
the agent. You can add the CA root certificate to the OS trust store to have Consul trust the storage endpoint.
#### S3 Required Permissions
Different S3 permissions are required depending on the configuration of the snapshot agent. In particular extra permissions are required when