docs: add agent config options for connect/CA
This commit is contained in:
parent
1ce8361aa2
commit
e401384194
|
@ -669,6 +669,42 @@ Consul will not enable TLS for the HTTP API unless the `https` port has been ass
|
|||
* <a name="client_addr"></a><a href="#client_addr">`client_addr`</a> Equivalent to the
|
||||
[`-client` command-line flag](#_client).
|
||||
|
||||
* <a name="connect"></a><a href="#connect">`connect`</a>
|
||||
This object allows setting options for the Connect feature.
|
||||
|
||||
The following sub-keys are available:
|
||||
|
||||
* <a name="connect_enabled"></a><a href="#connect_enabled">`enabled`</a> Controls whether
|
||||
Connect features are enabled on this agent. Should be enabled on all clients and
|
||||
servers in the cluster in order for Connect to function properly. Defaults to false.
|
||||
|
||||
* <a name="connect_ca_provider"></a><a href="#connect_ca_provider">`ca_provider`</a> Controls
|
||||
which CA provider to use for Connect's CA. Currently only `consul` is supported. This is only
|
||||
used when initially bootstrapping the cluster. For an existing cluster, use the [Update CA
|
||||
Configuration Endpoint](/api/connect/ca.html#update-ca-configuration).
|
||||
|
||||
* <a name="connect_ca_config"></a><a href="#connect_ca_config">`ca_config`</a> An object which
|
||||
allows setting different config options based on the CA provider chosen. This is only
|
||||
used when initially bootstrapping the cluster. For an existing cluster, use the [Update CA
|
||||
Configuration Endpoint](/api/connect/ca.html#update-ca-configuration).
|
||||
|
||||
The following providers are supported:
|
||||
|
||||
### Consul CA Provider
|
||||
|
||||
* <a name="consul_ca_private_key"></a><a href="#consul_ca_private_key">`private_key`</a> The
|
||||
PEM contents of the private key to use for the CA.
|
||||
|
||||
* <a name="consul_ca_root_cert"></a><a href="#consul_ca_root_cert">`root_cert`</a> The
|
||||
PEM contents of the root certificate to use for the CA.
|
||||
|
||||
* <a name="consul_ca_rotation_period"></a><a href="#consul_ca_rotation_period">`rotation_period`</a> The
|
||||
frequency with which to re-generate and rotate the private key and root certificate, in the form of a
|
||||
duration value such as `720h`. Only applies in the case where the private key or root certificate are
|
||||
left blank. Defaults to `2160h` (90 days).
|
||||
|
||||
* <a name="connect_proxy_defaults"></a><a href="#connect_proxy_defaults">`proxy_defaults`</a> TODO
|
||||
|
||||
* <a name="datacenter"></a><a href="#datacenter">`datacenter`</a> Equivalent to the
|
||||
[`-datacenter` command-line flag](#_datacenter).
|
||||
|
||||
|
|
Loading…
Reference in a new issue