mirror of https://github.com/hashicorp/consul
addtional feedback; added PartitionExports to CRDs section
parent
632e4bd35c
commit
0fb360211a
|
@ -28,11 +28,9 @@ You can configure the settings defined in the `partition-exports` configuration
|
||||||
|
|
||||||
1. Verify that your datacenter meets the conditions specified in the [Requirements](#requirements).
|
1. Verify that your datacenter meets the conditions specified in the [Requirements](#requirements).
|
||||||
1. Specify the `partition-exports` configuration in the agent configuration file (see [`config_entries`](/docs/agent/options#config_entries)) as described in [Configuration](#configuration).
|
1. Specify the `partition-exports` configuration in the agent configuration file (see [`config_entries`](/docs/agent/options#config_entries)) as described in [Configuration](#configuration).
|
||||||
1. Deploy the configuration per your runtime:
|
1. Apply the configuration using one of the following methods:
|
||||||
* [VM](/docs/install)
|
* Kubernetes CRD: Refer to the [Custom Resource Definitions](/docs/k8s/crds) documentation for details.
|
||||||
* [Kubernetes](/docs/k8s/installation/install)
|
* Issue the `consul config write` command: Refer to the [Consul Config Write](/commands/config/write) documentation for details.
|
||||||
* [HTTP API](/api-docs/config#apply-configuration)
|
|
||||||
* [CLI](/commands/config/write)
|
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
|
|
|
@ -24,7 +24,7 @@ Admin partitions exist a level above namespaces in the identity hierarchy. They
|
||||||
|
|
||||||
Each Consul cluster will have at least one default admin partition (named `default`). Any resource created without specifying an admin partition will inherit the partition of the ACL token.
|
Each Consul cluster will have at least one default admin partition (named `default`). Any resource created without specifying an admin partition will inherit the partition of the ACL token.
|
||||||
|
|
||||||
The `default` admin partition is special in that it may contain namespaces and other entities that are replicated between datacenters. The `default` partition should also contain the Consul servers.
|
The `default` admin partition is special in that it may contain namespaces and other entities that are replicated between datacenters. The `default` partition must also contain the Consul servers.
|
||||||
|
|
||||||
-> **Preexisting resources and the `default` partition**: Admin partitions were introduced in Consul 1.11. After upgrading to Consul 1.11 or later, the `default` partition will contain all resources created in previous versions.
|
-> **Preexisting resources and the `default` partition**: Admin partitions were introduced in Consul 1.11. After upgrading to Consul 1.11 or later, the `default` partition will contain all resources created in previous versions.
|
||||||
|
|
||||||
|
@ -73,7 +73,7 @@ Your Consul configuration must meet the following requirements to use admin part
|
||||||
* The `write` permission for `proxy-defaults` requires `mesh:write`. See [Admin Partition Rules](/docs/security/acl/acl-rules#admin-partition-rules) for additional information.
|
* The `write` permission for `proxy-defaults` requires `mesh:write`. See [Admin Partition Rules](/docs/security/acl/acl-rules#admin-partition-rules) for additional information.
|
||||||
* The `write` permissions for ingress and terminating gateways require `mesh:write` privileges.
|
* The `write` permissions for ingress and terminating gateways require `mesh:write` privileges.
|
||||||
* Wildcards (`*`) are not supported when creating intentions for admin partitions, but you can use a wildcard to specify services within a partition.
|
* Wildcards (`*`) are not supported when creating intentions for admin partitions, but you can use a wildcard to specify services within a partition.
|
||||||
* With the exception of the `default` admin partition, ACL rules configured for admin partitions are isolated, so policies defined in partitions outside of the `default` partition can only reference its local partition.
|
* With the exception of the `default` admin partition, ACL rules configured for admin partitions are isolated, so policies defined in partitions outside of the `default` partition can only reference their local partition.
|
||||||
|
|
||||||
### Agent Configurations
|
### Agent Configurations
|
||||||
|
|
||||||
|
|
|
@ -9,27 +9,33 @@ description: >-
|
||||||
|
|
||||||
# Custom Resource Definitions
|
# Custom Resource Definitions
|
||||||
|
|
||||||
-> This feature requires consul-helm >= 0.28.0, consul-k8s >= 0.22.0 and consul >= 1.8.4.
|
This topic describes how to manage Consul [configuration entries](/docs/agent/config-entries)
|
||||||
|
via Kubernetes Custom Resources. Configuration entries provide cluster-wide defaults for the service mesh.
|
||||||
|
|
||||||
We support managing Consul [configuration entries](/docs/agent/config-entries)
|
## Requirements
|
||||||
via Kubernetes Custom Resources. Configuration entries are used to provide
|
|
||||||
cluster-wide defaults for the service mesh.
|
|
||||||
|
|
||||||
We currently support the follow configuration entry kinds:
|
* consul-helm 0.28.0 or later
|
||||||
|
* consul-k8s 0.22.0 or later
|
||||||
|
* consul 1.8.4 or later; some configuration entries require a newer version of Consul
|
||||||
|
|
||||||
- [`Mesh`](/docs/connect/config-entries/mesh) (requires Consul >= 1.10.0)
|
## Supported Configuration Entries
|
||||||
|
|
||||||
|
You can specify the following values in the `kind` field. Click on a configuration entry to view its documentation:
|
||||||
|
|
||||||
|
- [`Mesh`](/docs/connect/config-entries/mesh) (requires Consul 1.10.0+)
|
||||||
|
- [`PartitionExports`](/docs/connect/config-entries/partition-exports)
|
||||||
- [`ProxyDefaults`](/docs/connect/config-entries/proxy-defaults)
|
- [`ProxyDefaults`](/docs/connect/config-entries/proxy-defaults)
|
||||||
- [`ServiceDefaults`](/docs/connect/config-entries/service-defaults)
|
- [`ServiceDefaults`](/docs/connect/config-entries/service-defaults)
|
||||||
- [`ServiceSplitter`](/docs/connect/config-entries/service-splitter)
|
- [`ServiceSplitter`](/docs/connect/config-entries/service-splitter)
|
||||||
- [`ServiceRouter`](/docs/connect/config-entries/service-router)
|
- [`ServiceRouter`](/docs/connect/config-entries/service-router)
|
||||||
- [`ServiceResolver`](/docs/connect/config-entries/service-resolver)
|
- [`ServiceResolver`](/docs/connect/config-entries/service-resolver)
|
||||||
- [`ServiceIntentions`](/docs/connect/config-entries/service-intentions) (requires Consul >= 1.9.0)
|
- [`ServiceIntentions`](/docs/connect/config-entries/service-intentions) (requires Consul 1.9.0+)
|
||||||
- [`IngressGateway`](/docs/connect/config-entries/ingress-gateway)
|
- [`IngressGateway`](/docs/connect/config-entries/ingress-gateway)
|
||||||
- [`TerminatingGateway`](/docs/connect/config-entries/terminating-gateway)
|
- [`TerminatingGateway`](/docs/connect/config-entries/terminating-gateway)
|
||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
|
|
||||||
Ensure you have at least version `0.28.0` of the helm chart:
|
Verify that the minimum version of the helm chart (`0.28.0`) is installed:
|
||||||
|
|
||||||
```shell-session
|
```shell-session
|
||||||
$ helm search repo hashicorp/consul
|
$ helm search repo hashicorp/consul
|
||||||
|
@ -37,7 +43,7 @@ NAME CHART VERSION APP VERSION DESCRIPTION
|
||||||
hashicorp/consul 0.28.0 1.9.1 Official HashiCorp Consul Chart
|
hashicorp/consul 0.28.0 1.9.1 Official HashiCorp Consul Chart
|
||||||
```
|
```
|
||||||
|
|
||||||
If you don't have `0.28.0`, you will need to update your helm repository cache:
|
Update your helm repository cache if necessary:
|
||||||
|
|
||||||
```shell-session
|
```shell-session
|
||||||
$ helm repo update
|
$ helm repo update
|
||||||
|
|
Loading…
Reference in New Issue