From 499fbdabaf26d43281d7f4a8f1fe8bdbad2b262d Mon Sep 17 00:00:00 2001 From: David Yu Date: Wed, 11 May 2022 14:58:35 -0700 Subject: [PATCH] docs: Address comments from admin partitions docs changes around networking requirements (#13035) * docs: Address comments from admin partitions changes Co-authored-by: Blake Covarrubias --- .../docs/enterprise/admin-partitions.mdx | 24 ++++++------------- 1 file changed, 7 insertions(+), 17 deletions(-) diff --git a/website/content/docs/enterprise/admin-partitions.mdx b/website/content/docs/enterprise/admin-partitions.mdx index 9287fa63f7..089aac51db 100644 --- a/website/content/docs/enterprise/admin-partitions.mdx +++ b/website/content/docs/enterprise/admin-partitions.mdx @@ -70,13 +70,13 @@ Your Consul configuration must meet the following requirements to use admin part ### General Networking Requirements -All Consul clients must be able to communicate with the Consul servers in the `default` partition. All servers must also be able to communicate with the clients. +All Consul clients must be able to initiate Gossip, HTTPS, and RPC connections to the servers. All servers must also be able to initiate Gossip connections to the clients. For Consul on Kubernetes, a dedicated `partition` Kubernetes `LoadBalancer` service is deployed to allow communication from clients to servers for admin partitions support (refer to [Kubernetes Requirements](#kubernetes-requirements) for additional information). For other runtimes, refer to the documentation for your infrastructure environment for instructions on how to allow communication on the following ports: - 8300 (RPC) -- 8301 (gossip) +- 8301 (Gossip) - 443 (HTTPS API requests) ### Security Configurations @@ -106,7 +106,7 @@ One of the primary use cases for admin partitions is for enabling a service mesh - A Consul Enterprise license must be installed on each Kubernetes cluster. - The helm chart for consul-k8s v0.39.0 or greater. - Consul 1.11.1-ent or greater. -- A designated Kubernetes `LoadBalancer` service must be exposed on the Consul server cluster. This enable the following communication channels to the Consul servers and the `default` partition: +- A designated Kubernetes `LoadBalancer` service must be exposed on the Consul server cluster. This enable the following communication channels to the Consul servers: - RPC on port 8300 - Gossip on port 8301 - HTTPS API requests on port 443 API requests @@ -136,29 +136,19 @@ Verify that your Consul deployment meets the [Kubernetes Requirements](#kubernet $ export SERVER_CONTEXT= $ export CLIENT_CONTEXT= ``` -1. Set your context to the server cluster. - - ```shell-session - $ kubectl config use-context ${SERVER_CONTEXT} - ``` 1. Create the license secret in server cluster. ```shell-session - $ kubectl create secret --namespace consul generic license --from-file=key=./path/to/license.hclic - ``` - -1. Set your context to the workload client cluster. - - ```shell-session - $ kubectl config use-context ${CLIENT_CONTEXT} + $ kubectl create --context ${SERVER_CONTEXT} ns consul + $ kubectl create secret --context ${SERVER_CONTEXT} --namespace consul generic license --from-file=key=./path/to/license.hclic ``` 1. Create the license secret in the workload client cluster. This step must be repeated for every additional workload client cluster. ```shell-session - $ kubectl create ns consul - $ kubectl create secret --namespace consul generic license --from-file=key=./path/to/license.hclic + $ kubectl create --context ${CLIENT_CONTEXT} ns consul + $ kubectl create secret --context ${CLIENT_CONTEXT} --namespace consul generic license --from-file=key=./path/to/license.hclic ``` #### Install the Consul server cluster