Backport of Update Helm docs for consul-k8s 1.3.0 into release/1.17.x (#19582)

backport of commit 309bd86e02

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
pull/19591/head
hc-github-team-consul-core 1 year ago committed by GitHub
parent 43ae89e12b
commit e2efc5b9c0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -134,6 +134,10 @@ Use these links to navigate to a particular top-level stanza.
- `vault` ((#v-global-secretsbackend-vault)) - `vault` ((#v-global-secretsbackend-vault))
- `vaultNamespace` ((#v-global-secretsbackend-vault-vaultnamespace)) (`string: ""`) - Vault namespace (optional). This sets the Vault namespace for the `vault.hashicorp.com/namespace`
agent annotation and [Vault Connect CA namespace](/consul/docs/connect/ca/vault#namespace).
To override one of these values individually, see `agentAnnotations` and `connectCA.additionalConfig`.
- `enabled` ((#v-global-secretsbackend-vault-enabled)) (`boolean: false`) - Enabling the Vault secrets backend will replace Kubernetes secrets with referenced Vault secrets. - `enabled` ((#v-global-secretsbackend-vault-enabled)) (`boolean: false`) - Enabling the Vault secrets backend will replace Kubernetes secrets with referenced Vault secrets.
- `consulServerRole` ((#v-global-secretsbackend-vault-consulserverrole)) (`string: ""`) - The Vault role for the Consul server. - `consulServerRole` ((#v-global-secretsbackend-vault-consulserverrole)) (`string: ""`) - The Vault role for the Consul server.
@ -235,7 +239,6 @@ Use these links to navigate to a particular top-level stanza.
{ {
"connect": [{ "connect": [{
"ca_config": [{ "ca_config": [{
"namespace": "my-vault-ns",
"leaf_cert_ttl": "36h" "leaf_cert_ttl": "36h"
}] }]
}] }]
@ -288,6 +291,8 @@ Use these links to navigate to a particular top-level stanza.
- `secretKey` ((#v-global-gossipencryption-secretkey)) (`string: ""`) - The key within the Kubernetes secret or Vault secret key that holds the gossip - `secretKey` ((#v-global-gossipencryption-secretkey)) (`string: ""`) - The key within the Kubernetes secret or Vault secret key that holds the gossip
encryption key. encryption key.
- `logLevel` ((#v-global-gossipencryption-loglevel)) (`string: ""`) - Override global log verbosity level for gossip-encryption-autogenerate-job pods. One of "trace", "debug", "info", "warn", or "error".
- `recursors` ((#v-global-recursors)) (`array<string>: []`) - A list of addresses of upstream DNS servers that are used to recursively resolve DNS queries. - `recursors` ((#v-global-recursors)) (`array<string>: []`) - A list of addresses of upstream DNS servers that are used to recursively resolve DNS queries.
These values are given as `-recursor` flags to Consul servers and clients. These values are given as `-recursor` flags to Consul servers and clients.
Refer to [`-recursor`](/consul/docs/agent/config/cli-flags#_recursor) for more details. Refer to [`-recursor`](/consul/docs/agent/config/cli-flags#_recursor) for more details.
@ -302,6 +307,8 @@ Use these links to navigate to a particular top-level stanza.
authority (optional) and server and client certificates. authority (optional) and server and client certificates.
This setting is required for [Cluster Peering](/consul/docs/connect/cluster-peering/k8s). This setting is required for [Cluster Peering](/consul/docs/connect/cluster-peering/k8s).
- `logLevel` ((#v-global-tls-loglevel)) (`string: ""`) - Override global log verbosity level. One of "trace", "debug", "info", "warn", or "error".
- `enableAutoEncrypt` ((#v-global-tls-enableautoencrypt)) (`boolean: false`) - If true, turns on the auto-encrypt feature on clients and servers. - `enableAutoEncrypt` ((#v-global-tls-enableautoencrypt)) (`boolean: false`) - If true, turns on the auto-encrypt feature on clients and servers.
It also switches consul-k8s-control-plane components to retrieve the CA from the servers It also switches consul-k8s-control-plane components to retrieve the CA from the servers
via the API. Requires Consul 1.7.1+. via the API. Requires Consul 1.7.1+.
@ -383,6 +390,8 @@ Use these links to navigate to a particular top-level stanza.
for all Consul and consul-k8s-control-plane components. for all Consul and consul-k8s-control-plane components.
This requires Consul >= 1.4. This requires Consul >= 1.4.
- `logLevel` ((#v-global-acls-loglevel)) (`string: ""`) - Override global log verbosity level. One of "trace", "debug", "info", "warn", or "error".
- `bootstrapToken` ((#v-global-acls-bootstraptoken)) - A Kubernetes or Vault secret containing the bootstrap token to use for creating policies and - `bootstrapToken` ((#v-global-acls-bootstraptoken)) - A Kubernetes or Vault secret containing the bootstrap token to use for creating policies and
tokens for all Consul and consul-k8s-control-plane components. If `secretName` and `secretKey` tokens for all Consul and consul-k8s-control-plane components. If `secretName` and `secretKey`
are unset, a default secret name and secret key are used. If the secret is populated, then are unset, a default secret name and secret key are used. If the secret is populated, then
@ -440,7 +449,7 @@ Use these links to navigate to a particular top-level stanza.
- `secretName` ((#v-global-acls-partitiontoken-secretname)) (`string: null`) - The name of the Vault secret that holds the partition token. - `secretName` ((#v-global-acls-partitiontoken-secretname)) (`string: null`) - The name of the Vault secret that holds the partition token.
- `secretKey` ((#v-global-acls-partitiontoken-secretkey)) (`string: null`) - The key within the Vault secret that holds the partition token. - `secretKey` ((#v-global-acls-partitiontoken-secretkey)) (`string: null`) - The key within the Vault secret that holds the parition token.
- `tolerations` ((#v-global-acls-tolerations)) (`string: ""`) - tolerations configures the taints and tolerations for the server-acl-init - `tolerations` ((#v-global-acls-tolerations)) (`string: ""`) - tolerations configures the taints and tolerations for the server-acl-init
and server-acl-init-cleanup jobs. This should be a multi-line string matching the and server-acl-init-cleanup jobs. This should be a multi-line string matching the
@ -465,6 +474,14 @@ Use these links to navigate to a particular top-level stanza.
"sample/annotation2": "bar" "sample/annotation2": "bar"
``` ```
- `argocd` ((#v-global-argocd)) - If argocd.enabled is set to true, following annotations are added to
job - server-acl-init-job
annotations -
argocd.argoproj.io/hook: Sync
argocd.argoproj.io/hook-delete-policy: HookSucceeded
- `enabled` ((#v-global-argocd-enabled)) (`boolean: false`)
- `enterpriseLicense` ((#v-global-enterpriselicense)) - <EnterpriseAlert inline /> This value refers to a Kubernetes or Vault secret that you have created - `enterpriseLicense` ((#v-global-enterpriselicense)) - <EnterpriseAlert inline /> This value refers to a Kubernetes or Vault secret that you have created
that contains your enterprise license. It is required if you are using an that contains your enterprise license. It is required if you are using an
enterprise binary. Defining it here applies it to your cluster once a leader enterprise binary. Defining it here applies it to your cluster once a leader
@ -518,6 +535,8 @@ Use these links to navigate to a particular top-level stanza.
-o jsonpath="{.clusters[?(@.name=='<your cluster name>')].cluster.server}" -o jsonpath="{.clusters[?(@.name=='<your cluster name>')].cluster.server}"
``` ```
- `logLevel` ((#v-global-federation-loglevel)) (`string: ""`) - Override global log verbosity level for the create-federation-secret-job pods. One of "trace", "debug", "info", "warn", or "error".
- `metrics` ((#v-global-metrics)) - Configures metrics for Consul service mesh - `metrics` ((#v-global-metrics)) - Configures metrics for Consul service mesh
- `enabled` ((#v-global-metrics-enabled)) (`boolean: false`) - Configures the Helm charts components - `enabled` ((#v-global-metrics-enabled)) (`boolean: false`) - Configures the Helm charts components
@ -622,6 +641,21 @@ Use these links to navigate to a particular top-level stanza.
] ]
``` ```
- `experiments` ((#v-global-experiments)) (`array<string>: []`) - Consul feature flags that will be enabled across components.
Supported feature flags:
* `resource-apis`:
_**Danger**_! This feature is under active development. It is not
recommended for production use. Setting this flag during an
upgrade could risk breaking your Consul cluster.
If this flag is set, Consul components will use the
V2 resources APIs for all operations.
Example:
```yaml
experiments: [ "resource-apis" ]
```
### server ((#h-server)) ### server ((#h-server))
- `server` ((#v-server)) - Server, when enabled, configures a server cluster to run. This should - `server` ((#v-server)) - Server, when enabled, configures a server cluster to run. This should
@ -632,6 +666,8 @@ Use these links to navigate to a particular top-level stanza.
Consul server cluster. If you're running Consul externally and want agents Consul server cluster. If you're running Consul externally and want agents
within Kubernetes to join that cluster, this should probably be false. within Kubernetes to join that cluster, this should probably be false.
- `logLevel` ((#v-server-loglevel)) (`string: ""`) - Override global log verbosity level. One of "trace", "debug", "info", "warn", or "error".
- `image` ((#v-server-image)) (`string: null`) - The name of the Docker image (including any tag) for the containers running - `image` ((#v-server-image)) (`string: null`) - The name of the Docker image (including any tag) for the containers running
Consul server agents. Consul server agents.
@ -1145,6 +1181,8 @@ Use these links to navigate to a particular top-level stanza.
the resources necessary for a Consul client on every Kubernetes node. This _does not_ require the resources necessary for a Consul client on every Kubernetes node. This _does not_ require
`server.enabled`, since the agents can be configured to join an external cluster. `server.enabled`, since the agents can be configured to join an external cluster.
- `logLevel` ((#v-client-loglevel)) (`string: ""`) - Override global log verbosity level. One of "trace", "debug", "info", "warn", or "error".
- `image` ((#v-client-image)) (`string: null`) - The name of the Docker image (including any tag) for the containers - `image` ((#v-client-image)) (`string: null`) - The name of the Docker image (including any tag) for the containers
running Consul client agents. running Consul client agents.
@ -1742,6 +1780,10 @@ Use these links to navigate to a particular top-level stanza.
These CRDs can clash with existing Gateway API CRDs if they are already installed in your cluster. These CRDs can clash with existing Gateway API CRDs if they are already installed in your cluster.
If this setting is false, you will need to install the Gateway API CRDs manually. If this setting is false, you will need to install the Gateway API CRDs manually.
- `manageNonStandardCRDs` ((#v-connectinject-apigateway-managenonstandardcrds)) (`boolean: false`) - Enables Consul on Kubernets to manage only the non-standard CRDs used for Gateway API. If manageExternalCRDs is true
then all CRDs will be installed; otherwise, if manageNonStandardCRDs is true then only TCPRoute, GatewayClassConfig and MeshService
will be installed.
- `managedGatewayClass` ((#v-connectinject-apigateway-managedgatewayclass)) - Configuration settings for the GatewayClass installed by Consul on Kubernetes. - `managedGatewayClass` ((#v-connectinject-apigateway-managedgatewayclass)) - Configuration settings for the GatewayClass installed by Consul on Kubernetes.
- `nodeSelector` ((#v-connectinject-apigateway-managedgatewayclass-nodeselector)) (`string: null`) - This value defines [`nodeSelector`](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) - `nodeSelector` ((#v-connectinject-apigateway-managedgatewayclass-nodeselector)) (`string: null`) - This value defines [`nodeSelector`](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector)
@ -1772,6 +1814,8 @@ Use these links to navigate to a particular top-level stanza.
- external-dns.alpha.kubernetes.io/hostname - external-dns.alpha.kubernetes.io/hostname
``` ```
- `resources` ((#v-connectinject-apigateway-managedgatewayclass-resources)) (`map`) - The resource settings for Pods handling traffic for Gateway API.
- `deployment` ((#v-connectinject-apigateway-managedgatewayclass-deployment)) - This value defines the number of pods to deploy for each Gateway as well as a min and max number of pods for all Gateways - `deployment` ((#v-connectinject-apigateway-managedgatewayclass-deployment)) - This value defines the number of pods to deploy for each Gateway as well as a min and max number of pods for all Gateways
- `defaultInstances` ((#v-connectinject-apigateway-managedgatewayclass-deployment-defaultinstances)) (`integer: 1`) - `defaultInstances` ((#v-connectinject-apigateway-managedgatewayclass-deployment-defaultinstances)) (`integer: 1`)
@ -1780,6 +1824,14 @@ Use these links to navigate to a particular top-level stanza.
- `minInstances` ((#v-connectinject-apigateway-managedgatewayclass-deployment-mininstances)) (`integer: 1`) - `minInstances` ((#v-connectinject-apigateway-managedgatewayclass-deployment-mininstances)) (`integer: 1`)
- `openshiftSCCName` ((#v-connectinject-apigateway-managedgatewayclass-openshiftsccname)) (`string: restricted-v2`) - The name of the OpenShift SecurityContextConstraints resource to use for Gateways.
Only applicable if `global.openshift.enabled` is true.
- `mapPrivilegedContainerPorts` ((#v-connectinject-apigateway-managedgatewayclass-mapprivilegedcontainerports)) (`integer: 0`) - This value defines the amount we will add to privileged container ports on gateways that use this class.
This is useful if you don't want to give your containers extra permissions to run privileged ports.
Example: The gateway listener is defined on port 80, but the underlying value of the port on the container
will be the 80 + the number defined below.
- `serviceAccount` ((#v-connectinject-apigateway-serviceaccount)) - Configuration for the ServiceAccount created for the api-gateway component - `serviceAccount` ((#v-connectinject-apigateway-serviceaccount)) - Configuration for the ServiceAccount created for the api-gateway component
- `annotations` ((#v-connectinject-apigateway-serviceaccount-annotations)) (`string: null`) - This value defines additional annotations for the client service account. This should be formatted as a multi-line - `annotations` ((#v-connectinject-apigateway-serviceaccount-annotations)) (`string: null`) - This value defines additional annotations for the client service account. This should be formatted as a multi-line
@ -1791,8 +1843,6 @@ Use these links to navigate to a particular top-level stanza.
"sample/annotation2": "bar" "sample/annotation2": "bar"
``` ```
- `resources` ((#v-connectinject-apigateway-resources)) (`map`) - The resource settings for Pods handling traffic for Gateway API.
- `cni` ((#v-connectinject-cni)) - Configures consul-cni plugin for Consul Service mesh services - `cni` ((#v-connectinject-cni)) - Configures consul-cni plugin for Consul Service mesh services
- `enabled` ((#v-connectinject-cni-enabled)) (`boolean: false`) - If true, then all traffic redirection setup uses the consul-cni plugin. - `enabled` ((#v-connectinject-cni-enabled)) (`boolean: false`) - If true, then all traffic redirection setup uses the consul-cni plugin.
@ -1926,7 +1976,7 @@ Use these links to navigate to a particular top-level stanza.
- `imageConsul` ((#v-connectinject-imageconsul)) (`string: null`) - The Docker image for Consul to use when performing Connect injection. - `imageConsul` ((#v-connectinject-imageconsul)) (`string: null`) - The Docker image for Consul to use when performing Connect injection.
Defaults to global.image. Defaults to global.image.
- `logLevel` ((#v-connectinject-loglevel)) (`string: ""`) - Override global log verbosity level. One of "debug", "info", "warn", or "error". - `logLevel` ((#v-connectinject-loglevel)) (`string: ""`) - Sets the `logLevel` for the `consul-dataplane` sidecar and the `consul-connect-inject-init` container. When set, this value overrides the global log verbosity level. One of "debug", "info", "warn", or "error".
- `serviceAccount` ((#v-connectinject-serviceaccount)) - `serviceAccount` ((#v-connectinject-serviceaccount))
@ -2148,6 +2198,8 @@ Use these links to navigate to a particular top-level stanza.
This setting is required for [Cluster Peering](/consul/docs/connect/cluster-peering/k8s). This setting is required for [Cluster Peering](/consul/docs/connect/cluster-peering/k8s).
Requirements: consul 1.6.0+ if using `global.acls.manageSystemACLs``. Requirements: consul 1.6.0+ if using `global.acls.manageSystemACLs``.
- `logLevel` ((#v-meshgateway-loglevel)) (`string: ""`) - Override global log verbosity level for mesh-gateway-deployment pods. One of "trace", "debug", "info", "warn", or "error".
- `replicas` ((#v-meshgateway-replicas)) (`integer: 1`) - Number of replicas for the Deployment. - `replicas` ((#v-meshgateway-replicas)) (`integer: 1`) - Number of replicas for the Deployment.
- `wanAddress` ((#v-meshgateway-wanaddress)) - What gets registered as WAN address for the gateway. - `wanAddress` ((#v-meshgateway-wanaddress)) - What gets registered as WAN address for the gateway.
@ -2311,6 +2363,8 @@ Use these links to navigate to a particular top-level stanza.
- `enabled` ((#v-ingressgateways-enabled)) (`boolean: false`) - Enable ingress gateway deployment. Requires `connectInject.enabled=true`. - `enabled` ((#v-ingressgateways-enabled)) (`boolean: false`) - Enable ingress gateway deployment. Requires `connectInject.enabled=true`.
- `logLevel` ((#v-ingressgateways-loglevel)) (`string: ""`) - Override global log verbosity level for ingress-gateways-deployment pods. One of "trace", "debug", "info", "warn", or "error".
- `defaults` ((#v-ingressgateways-defaults)) - Defaults sets default values for all gateway fields. With the exception - `defaults` ((#v-ingressgateways-defaults)) - Defaults sets default values for all gateway fields. With the exception
of annotations, defining any of these values in the `gateways` list of annotations, defining any of these values in the `gateways` list
will override the default values provided here. Annotations will will override the default values provided here. Annotations will
@ -2423,8 +2477,9 @@ Use these links to navigate to a particular top-level stanza.
- `gateways` ((#v-ingressgateways-gateways)) (`array<map>`) - Gateways is a list of gateway objects. The only required field for - `gateways` ((#v-ingressgateways-gateways)) (`array<map>`) - Gateways is a list of gateway objects. The only required field for
each is `name`, though they can also contain any of the fields in each is `name`, though they can also contain any of the fields in
`defaults`. Values defined here override the defaults except in the `defaults`. You must provide a unique name for each ingress gateway. These names
case of annotations where both will be applied. must be unique across different namespaces.
Values defined here override the defaults, except in the case of annotations where both will be applied.
- `name` ((#v-ingressgateways-gateways-name)) (`string: ingress-gateway`) - `name` ((#v-ingressgateways-gateways-name)) (`string: ingress-gateway`)
@ -2440,6 +2495,8 @@ Use these links to navigate to a particular top-level stanza.
- `enabled` ((#v-terminatinggateways-enabled)) (`boolean: false`) - Enable terminating gateway deployment. Requires `connectInject.enabled=true`. - `enabled` ((#v-terminatinggateways-enabled)) (`boolean: false`) - Enable terminating gateway deployment. Requires `connectInject.enabled=true`.
- `logLevel` ((#v-terminatinggateways-loglevel)) (`string: ""`) - Override global log verbosity level. One of "trace", "debug", "info", "warn", or "error".
- `defaults` ((#v-terminatinggateways-defaults)) - Defaults sets default values for all gateway fields. With the exception - `defaults` ((#v-terminatinggateways-defaults)) - Defaults sets default values for all gateway fields. With the exception
of annotations, defining any of these values in the `gateways` list of annotations, defining any of these values in the `gateways` list
will override the default values provided here. Annotations will will override the default values provided here. Annotations will
@ -2545,7 +2602,7 @@ Use these links to navigate to a particular top-level stanza.
### apiGateway ((#h-apigateway)) ### apiGateway ((#h-apigateway))
- `apiGateway` ((#v-apigateway)) - [DEPRECATED] Use connectInject.apiGateway instead. This stanza will be removed with the release of Consul 1.17 - `apiGateway` ((#v-apigateway)) - [DEPRECATED] Use connectInject.apiGateway instead.
Configuration settings for the Consul API Gateway integration Configuration settings for the Consul API Gateway integration
- `enabled` ((#v-apigateway-enabled)) (`boolean: false`) - When true the helm chart will install the Consul API Gateway controller - `enabled` ((#v-apigateway-enabled)) (`boolean: false`) - When true the helm chart will install the Consul API Gateway controller
@ -2696,7 +2753,9 @@ Use these links to navigate to a particular top-level stanza.
- `enabled` ((#v-telemetrycollector-enabled)) (`boolean: false`) - Enables the consul-telemetry-collector deployment - `enabled` ((#v-telemetrycollector-enabled)) (`boolean: false`) - Enables the consul-telemetry-collector deployment
- `image` ((#v-telemetrycollector-image)) (`string: hashicorp/consul-telemetry-collector:0.0.1`) - The name of the Docker image (including any tag) for the containers running - `logLevel` ((#v-telemetrycollector-loglevel)) (`string: ""`) - Override global log verbosity level. One of "trace", "debug", "info", "warn", or "error".
- `image` ((#v-telemetrycollector-image)) (`string: hashicorp/consul-telemetry-collector:0.0.2`) - The name of the Docker image (including any tag) for the containers running
the consul-telemetry-collector the consul-telemetry-collector
- `resources` ((#v-telemetrycollector-resources)) (`map`) - The resource settings for consul-telemetry-collector pods. - `resources` ((#v-telemetrycollector-resources)) (`map`) - The resource settings for consul-telemetry-collector pods.

Loading…
Cancel
Save