github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Remove ACLs section

pull/20176/head
boruszak 2024-01-11 15:20:44 -08:00
parent 1e351e286e
commit ce0c9be799
1 changed files with 1 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
website/content/docs/k8s/connect/cluster-peering/usage/establish-peering.mdx
View File

@ -440,18 +440,3 @@ Before you can call services from peered clusters, you must set service intentio
``` ```
</CodeBlockConfig> </CodeBlockConfig>
### Authorize service reads with ACLs
If ACLs are enabled on a Consul cluster, sidecar proxies that access exported services as an upstream must have an ACL token that grants read access.
Read access to all imported services is granted using either of the following rules associated with an ACL token:
- `service:write` permissions for any service in the sidecar's partition.
- `service:read` and `node:read` for all services and nodes, respectively, in sidecar's namespace and partition.
For Consul Enterprise, the permissions apply to all imported services in the service's partition. These permissions are satisfied when using a [service identity](/consul/docs/security/acl/acl-roles#service-identities).
Refer to [Reading servers](/consul/docs/connect/config-entries/exported-services#reading-services) in the `exported-services` configuration entry documentation for example rules.
For additional information about how to configure and use ACLs, refer to [ACLs system overview](/consul/docs/security/acl).