From 08df582e20ec402a5521c96acb6f1dca8a22e240 Mon Sep 17 00:00:00 2001 From: Luke Kysow <1034429+lkysow@users.noreply.github.com> Date: Thu, 2 Apr 2020 16:58:55 -0700 Subject: [PATCH] Document bootstrapACLs deprecation --- website/source/docs/platform/k8s/helm.html.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/website/source/docs/platform/k8s/helm.html.md b/website/source/docs/platform/k8s/helm.html.md index cfb5a57f73..c451b86472 100644 --- a/website/source/docs/platform/k8s/helm.html.md +++ b/website/source/docs/platform/k8s/helm.html.md @@ -64,7 +64,11 @@ and consider if they're appropriate for your deployment. * `enableConsulNamespaces` (`boolean: false`) - [Enterprise Only] `enableConsulNamespaces` indicates that you are running Consul Enterprise v1.7+ with a valid Consul Enterprise license and would like to make use of configuration beyond registering everything into the `default` Consul namespace. Requires consul-k8s v0.12+. Additional configuration options are found in the `consulNamespaces` section of both the catalog sync and connect injector. - * `bootstrapACLs` (`boolean: false`) - Automatically create and assign ACL tokens within the Consul cluster. This requires servers to be running inside Kubernetes. Additionally requires Consul >= 1.4 and consul-k8s >= 0.8.0. + * `bootstrapACLs` (`boolean: false`) - **[DEPRECATED]** Use `global.acls.manageSystemACLs` instead. + + * `acls` - Configure ACLs. + + * `manageSystemACLs` (`boolean: false`) - If true, the Helm chart will automatically manage ACL tokens and policies for all Consul components. This requires servers to be running inside Kubernetes. Additionally requires Consul >= 1.4 and consul-k8s >= 0.10.1. * `tls` - Enables TLS [encryption](https://learn.hashicorp.com/consul/security-networking/agent-encryption) across the cluster to verify authenticity of the Consul servers and clients. Requires Consul v1.4.1+ and consul-k8s v0.16.2+ @@ -510,9 +514,9 @@ to run the sync program. their associated service account. By default, services using the `default` Kubernetes service account will be prevented from logging in. This only has effect if ACLs are enabled. Requires Consul 1.5+ and consul-k8s 0.8.0+. - * `overrideAuthMethodName` (`string: ""`) - If not using `global.bootstrapACLs` and instead manually setting up an auth method for Connect inject, set this to the name of your Auth method. + * `overrideAuthMethodName` (`string: ""`) - If not using `global.acls.manageSystemACLs` and instead manually setting up an auth method for Connect inject, set this to the name of your Auth method. - * `aclInjectToken` - Refers to a Kubernetes secret that you have created that contains an ACL token for your Consul cluster which allows the Connect injector the correct permissions. This is only needed if Consul namespaces and ACLs are enabled on the Consul cluster and you are not setting `global.bootstrapACLs` to `true`. This token needs to have `operator = "write"` privileges so that it can create namespaces. + * `aclInjectToken` - Refers to a Kubernetes secret that you have created that contains an ACL token for your Consul cluster which allows the Connect injector the correct permissions. This is only needed if Consul namespaces and ACLs are enabled on the Consul cluster and you are not setting `global.acls.manageSystemACLs` to `true`. This token needs to have `operator = "write"` privileges so that it can create namespaces. - secretName `(string: null)` - The name of the Kubernetes secret.