mirror of https://github.com/hashicorp/consul
docs: Add Helm docs for auto-encrypt and external servers (#7595)
* docs: Add Helm docs for auto-encrypt and external serverspull/7611/head
parent
c03e314c16
commit
74bd138bae
|
@ -70,10 +70,12 @@ and consider if they're appropriate for your deployment.
|
|||
|
||||
* <a name="v-global-acls-managesystemacls" href="#v-global-acls-managesystemacls">`manageSystemACLs`</a> (`boolean: false`) - If true, the Helm chart will automatically manage ACL tokens and policies for all Consul and consul-k8s components. This requires servers to be running inside Kubernetes. Additionally requires Consul >= 1.4 and consul-k8s >= 0.10.1.
|
||||
|
||||
* <a name="v-global-tls" href="#v-global-tls">`tls`</a> - Enables TLS [encryption](https://learn.hashicorp.com/consul/security-networking/agent-encryption) across the cluster to verify authenticity of the Consul servers and clients. Requires Consul v1.4.1+ and consul-k8s v0.16.2+
|
||||
* <a name="v-global-tls" href="#v-global-tls">`tls`</a> - Enables TLS [encryption](https://learn.hashicorp.com/consul/security-networking/agent-encryption) across the cluster to verify authenticity of the Consul servers and clients. Requires Consul v1.4.1+ and consul-k8s v0.16.2+.
|
||||
|
||||
* <a name="v-global-tls-enabled" href="#v-global-enabled">`enabled`</a> (`boolean: false`) - If true, the Helm chart will enable TLS for Consul servers and clients and all consul-k8s components, as well as generate certificate authority (optional) and server and client certificates.
|
||||
|
||||
* <a name="v-global-tls-enableautoencrypt" href="#v-global-enableautoencrypt">`enableAutoEncrypt`</a> (`boolean: false`) - If true, turns on the auto-encrypt feature on clients and servers. It also switches consul-k8s components to retrieve the CA from the servers via the API. Requires Consul 1.7.1+ and consul-k8s 0.13.0+.
|
||||
|
||||
* <a name="v-global-tls-serveradditionaldnsssans" href="#v-global-serveradditionaldnsssans">`serverAdditionalDNSSANs`</a> (`array<string>: []`) - A list of additional DNS names to set as Subject Alternative Names (SANs) in the server certificate. This is useful when you need to access the Consul server(s) externally, for example, if you're using the UI.
|
||||
|
||||
* <a name="v-global-tls-serveradditionalipsans" href="#v-global-serveradditionalipsans">`serverAdditionalIPSANs`</a> (`array<string>: []`) - A list of additional IP addresses to set as Subject Alternative Names (SANs) in the server certificate. This is useful when you need to access the Consul server(s) externally, for example, if you're using the UI.
|
||||
|
@ -234,6 +236,19 @@ and consider if they're appropriate for your deployment.
|
|||
annotations: |
|
||||
"annotation-key": "annotation-value"
|
||||
```
|
||||
* <a name="v-externalservers" href="#v-externalservers">`externalServers`</a> - Configuration for Consul servers running externally. This information is required if Consul servers are running outside of Kubernetes and you’re setting `global.tls.enableAutoEncrypt` to `true`.
|
||||
|
||||
* <a name="v-externalservers-enabled" href="#v-externalservers-enabled">`enabled`</a> (`boolean: false`) - If true, the chart will talk to external servers configured here.
|
||||
|
||||
* <a name="v-externalservers-https" href="#v-externalservers-https">`https`</a> - HTTPS configuration for external servers. Note: HTTP connections to the servers are not supported.
|
||||
|
||||
* <a name="v-externalservers-address" href="#v-externalservers-address">`address`</a> (`string: null`) - IP, DNS name, or [cloud auto-join](https://www.consul.io/docs/agent/cloud-auto-join.html) string pointing to the external Consul servers. Note that if you’re providing the cloud auto-join string and multiple addresses can be returned, only the first address will be used. This value is required only if you would like to use a different server address from the one specified in the `client.join` property.
|
||||
|
||||
* <a name="v-externalservers-port" href="#v-externalservers-port">`port`</a> (`integer: 443`) - The HTTPS port of the server.
|
||||
|
||||
* <a name="v-externalservers-tlsservername" href="#v-externalservers-tlsservername">`tlsServerName`</a> (`string: null`) - The server name to use as the SNI host header when connecting with HTTPS. This property is useful in case `externalServers.https.address` is not or can not be included in the server certificate’s SANs.
|
||||
|
||||
* <a name="v-externalservers-usesystemroots" href="#v-externalservers-usesystemroots">`useSystemRoots`</a> (`boolean: false`) - If true, the Helm chart will ignore the CA set in `global.tls.caCert` or generated by the `tls-init` job and will rely on the container's system CAs for TLS verification when talking to Consul servers.
|
||||
|
||||
* <a name="v-client" href="#v-client">`client`</a> - Values that configure running a Consul client on Kubernetes nodes.
|
||||
|
||||
|
|
Loading…
Reference in New Issue