docs: add agent config options for connect/CA

2018-06-06 10:49:37 -07:00 · 2018-06-06 10:49:37 -07:00 · e401384194
parent 1ce8361aa2
commit e401384194
1 changed files with 36 additions and 0 deletions
--- a/website/source/docs/agent/options.html.md
+++ b/website/source/docs/agent/options.html.md
@ -669,6 +669,42 @@ Consul will not enable TLS for the HTTP API unless the `https` port has been ass
 * <a name="client_addr"></a><a href="#client_addr">`client_addr`</a> Equivalent to the
  [`-client` command-line flag](#_client).

+* <a name="connect"></a><a href="#connect">`connect`</a>
+    This object allows setting options for the Connect feature.
+
+    The following sub-keys are available:
+
+    * <a name="connect_enabled"></a><a href="#connect_enabled">`enabled`</a> Controls whether
+      Connect features are enabled on this agent. Should be enabled on all clients and
+      servers in the cluster in order for Connect to function properly. Defaults to false.
+
+    * <a name="connect_ca_provider"></a><a href="#connect_ca_provider">`ca_provider`</a> Controls
+      which CA provider to use for Connect's CA. Currently only `consul` is supported. This is only
+      used when initially bootstrapping the cluster. For an existing cluster, use the [Update CA
+      Configuration Endpoint](/api/connect/ca.html#update-ca-configuration).
+
+    * <a name="connect_ca_config"></a><a href="#connect_ca_config">`ca_config`</a> An object which
+      allows setting different config options based on the CA provider chosen. This is only
+      used when initially bootstrapping the cluster. For an existing cluster, use the [Update CA
+      Configuration Endpoint](/api/connect/ca.html#update-ca-configuration).
+
+        The following providers are supported:
+
+        ### Consul CA Provider
+
+        * <a name="consul_ca_private_key"></a><a href="#consul_ca_private_key">`private_key`</a> The
+        PEM contents of the private key to use for the CA.
+
+        * <a name="consul_ca_root_cert"></a><a href="#consul_ca_root_cert">`root_cert`</a> The
+        PEM contents of the root certificate to use for the CA.
+
+        * <a name="consul_ca_rotation_period"></a><a href="#consul_ca_rotation_period">`rotation_period`</a> The
+        frequency with which to re-generate and rotate the private key and root certificate, in the form of a
+        duration value such as `720h`. Only applies in the case where the private key or root certificate are
+        left blank. Defaults to `2160h` (90 days).
+
+    * <a name="connect_proxy_defaults"></a><a href="#connect_proxy_defaults">`proxy_defaults`</a> TODO
+
 * <a name="datacenter"></a><a href="#datacenter">`datacenter`</a> Equivalent to the
  [`-datacenter` command-line flag](#_datacenter).