From 69d07dcc928406490f81753242f56f5595d8c0b7 Mon Sep 17 00:00:00 2001 From: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Date: Tue, 14 Dec 2021 11:51:34 -0800 Subject: [PATCH] Apply suggestions from code review Apply suggestions from code review Co-authored-by: Ashwin Venkatesh Co-authored-by: David Yu --- .../content/docs/enterprise/admin-partitions.mdx | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/website/content/docs/enterprise/admin-partitions.mdx b/website/content/docs/enterprise/admin-partitions.mdx index 97511a38da..370887c6e6 100644 --- a/website/content/docs/enterprise/admin-partitions.mdx +++ b/website/content/docs/enterprise/admin-partitions.mdx @@ -22,7 +22,7 @@ Admin partitions exist a level above namespaces in the identity hierarchy. They ### Default Admin Partition -Each Consul cluster will have a default admin partition (named `default`). The `default` admin partition is special because it may contain namespaces and other entities that are replicated between datacenters. The `default` partition must also contain the Consul servers. +Each Consul cluster will have a default admin partition (named `default`). The `default` admin partition is special because it can contain namespaces and other resources that are replicated between datacenters. The `default` partition must also contain the Consul servers. Any resource created without specifying an admin partition will inherit the partition of the ACL token. @@ -66,7 +66,7 @@ Your Consul configuration must meet the following requirements to use admin part * The agent token used by the client agent must allow `node:write` in the admin partition. * The `write` permission for `proxy-defaults` requires `mesh:write`. See [Admin Partition Rules](/docs/security/acl/acl-rules#admin-partition-rules) for additional information. * The `write` permissions for ingress and terminating gateways require `mesh:write` privileges. -* Wildcards (`*`) are not supported when creating intentions for admin partitions. The partition name must be explicitly specified. +* Wildcards (`*`) are not supported for the partition field when creating intentions for admin partitions. The partition name must be explicitly specified. * With the exception of the `default` admin partition, ACL rules configured for admin partitions are isolated, so policies defined in partitions outside of the `default` partition can only reference their local partition. ### Agent Configurations @@ -84,7 +84,7 @@ One of the primary use cases for admin partitions is for enabling a service mesh * Two or more Kubernetes clusters. Consul servers must be deployed to a single cluster. The other clusters should run Consul clients. * A Consul Enterprise license must be installed on each Kubernetes cluster. -* The helm chart for consul-k8s v0.34.1 or greater. +* The helm chart for consul-k8s v0.38.0 or greater. * Consul 1.11.0-ent or greater. * All Consul clients must be able to communicate with the Consul servers in the `default` partition, and all servers must be able to communicate with the clients. @@ -118,7 +118,7 @@ Verify that your Consul deployment meets the [Kubernetes Requirements](#kubernet enableConsulNamespaces: true tls: enabled: true - image: hashicorp/consul-enterprise:1.11.0-ent-beta3 + image: hashicorp/consul-enterprise:1.11.0-ent-rc adminPartitions: enabled: true acls: @@ -137,6 +137,9 @@ Verify that your Consul deployment meets the [Kubernetes Requirements](#kubernet meshGateway: enabled: true replicas: 1 + dns: + enabled: true + enableRedirection: true ``` @@ -191,7 +194,7 @@ Verify that your Consul deployment meets the [Kubernetes Requirements](#kubernet global: enabled: false enableConsulNamespaces: true - image: hashicorp/consul-enterprise:1.11.0-ent-beta3 + image: hashicorp/consul-enterprise:1.11.0-ent-rc adminPartitions: enabled: true name: clients @@ -229,6 +232,9 @@ Verify that your Consul deployment meets the [Kubernetes Requirements](#kubernet meshGateway: enabled: true replicas: 1 + dns: + enabled: true + enableRedirection: true ```