mirror of https://github.com/hashicorp/consul
Fix spelling errors
parent
0936a9a6e1
commit
f09aea524f
|
@ -122,7 +122,7 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | --------------- |
|
||||
| `NO` | `none` | `none` | `keyring:write` |
|
||||
|
||||
The corresponding CLI command is [`consul keyring -intstall`](/commands/keyring#install).
|
||||
The corresponding CLI command is [`consul keyring -install`](/commands/keyring#install).
|
||||
|
||||
### Parameters
|
||||
|
||||
|
|
|
@ -133,7 +133,7 @@ Success! Data written to: leaderboard/scores
|
|||
|
||||
~> **Warning**: For secret and sensitive values, you should consider using a
|
||||
secret management solution like **[HashiCorp's Vault](https://learn.hashicorp.com/tutorials/vault/static-secrets?in=vault/secrets-management)**.
|
||||
While it is possible to encrpyt data before writing it to Consul's KV store,
|
||||
While it is possible to encrypt data before writing it to Consul's KV store,
|
||||
Consul provides no built-in support for encryption at-rest.
|
||||
|
||||
### Atomic Check-And-Set (CAS)
|
||||
|
|
|
@ -686,7 +686,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
|
|||
leader node, the down policy is applied. In "allow" mode, all actions are permitted,
|
||||
"deny" restricts all operations, and "extend-cache" allows any cached objects
|
||||
to be used, ignoring the expiry time of the cached entry. If the request uses an
|
||||
ACL that is not in the cache, "extend-cache" falls back to the behaviour of
|
||||
ACL that is not in the cache, "extend-cache" falls back to the behavior of
|
||||
`default_policy`.
|
||||
The value "async-cache" acts the same way as "extend-cache"
|
||||
but performs updates asynchronously when ACL is present but its TTL is expired,
|
||||
|
@ -2068,7 +2068,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr
|
|||
|
||||
- `read_replica` - Equivalent to the [`-read-replica` command-line flag](#_read_replica).
|
||||
|
||||
- `session_ttl_min` The minimum allowed session TTL. This ensures sessions are not created with TTL's
|
||||
- `session_ttl_min` The minimum allowed session TTL. This ensures sessions are not created with TTLs
|
||||
shorter than the specified limit. It is recommended to keep this limit at or above
|
||||
the default to encourage clients to send infrequent heartbeats. Defaults to 10s.
|
||||
|
||||
|
|
|
@ -98,7 +98,7 @@ spec:
|
|||
</Tab>
|
||||
</Tabs>
|
||||
|
||||
Note that the Kuberetes example does not include a `partition` field. Configuration entries are applied on Kubernetes using [custom resource definitions (CRD)](/docs/k8s/crds), which can only be scoped to their own partition.
|
||||
Note that the Kubernetes example does not include a `partition` field. Configuration entries are applied on Kubernetes using [custom resource definitions (CRD)](/docs/k8s/crds), which can only be scoped to their own partition.
|
||||
|
||||
## Available Fields
|
||||
|
||||
|
|
|
@ -25,7 +25,7 @@ Ensure that your Consul environment meets the following requirements.
|
|||
* Consul Enterprise version 1.11.0 or newer.
|
||||
* A local Consul agent is required to manage its configuration.
|
||||
* Consul service mesh must be enabled in all partitions. Refer to the [`connect` documentation](/docs/agent/options#connect) for details.
|
||||
* Each partition must have a unique name. Refer to the [admin partitions documentation](/docs/enteprise/admin-partitions) for details.
|
||||
* Each partition must have a unique name. Refer to the [admin partitions documentation](/docs/enterprise/admin-partitions) for details.
|
||||
* If you want to [enable gateways globally](/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters#enabling-gateways-globally) you must enable [centralized configuration](/docs/agent/options#enable_central_service_config).
|
||||
|
||||
### Proxy
|
||||
|
|
|
@ -4,15 +4,15 @@ page_title: Compatibility Matrix
|
|||
description: Compatibility Matrix for Consul Kubernetes
|
||||
---
|
||||
|
||||
# Compatibility Matrix for Consul on Kubernetes
|
||||
# Compatibility Matrix for Consul on Kubernetes
|
||||
|
||||
For every release of Consul on Kubernetes, a Helm chart, `consul-k8s-control-plane` binary and a `consul-k8s` CLI binary is built and distributed through a single version. When deploying via Helm, the recommended best path for upgrading Consul on Kubernetes, is to upgrade using the same `consul-k8s-control-plane` version as the Helm Chart, as the Helm Chart and Control Plane binary are tightly coupled.
|
||||
For every release of Consul on Kubernetes, a Helm chart, `consul-k8s-control-plane` binary and a `consul-k8s` CLI binary is built and distributed through a single version. When deploying via Helm, the recommended best path for upgrading Consul on Kubernetes, is to upgrade using the same `consul-k8s-control-plane` version as the Helm Chart, as the Helm Chart and Control Plane binary are tightly coupled.
|
||||
|
||||
## Supported Consul versions
|
||||
|
||||
### Version 0.33.0 and above
|
||||
|
||||
Starting with Consul Kubernetes 0.33.0, Consul Kubernetes versions all of its components (`consul-k8s` CLI, `consul-k8s-control-plane`, and Helm chart) with a single semantic version.
|
||||
Starting with Consul Kubernetes 0.33.0, Consul Kubernetes versions all of its components (`consul-k8s` CLI, `consul-k8s-control-plane`, and Helm chart) with a single semantic version.
|
||||
|
||||
| Consul Version | Compatible consul-k8s Versions |
|
||||
| -------------- | ------------------------------- |
|
||||
|
@ -21,7 +21,7 @@ Starting with Consul Kubernetes 0.33.0, Consul Kubernetes versions all of its co
|
|||
|
||||
### Prior to version 0.33.0
|
||||
|
||||
Prior to Consul Kubernetes 0.33.0, a separately versioned Consul Helm chart was distributed to deploy the Consul on Kubernetes binary. The default version of the `consul-k8s` binary specified by the Helm chart should be used to ensure proper compatibility, since the Helm chart is designed and tested with the default `consul-k8s` version. To find the default version for the appropriate Helm chart version, navigate to the corresponding tag (i.e. 0.32.1) in [`values.yaml`](https://github.com/hashicorp/consul-helm/blob/v0.32.1/values.yaml) and retrieve the `imageK8S` global value.
|
||||
Prior to Consul Kubernetes 0.33.0, a separately versioned Consul Helm chart was distributed to deploy the Consul on Kubernetes binary. The default version of the `consul-k8s` binary specified by the Helm chart should be used to ensure proper compatibility, since the Helm chart is designed and tested with the default `consul-k8s` version. To find the default version for the appropriate Helm chart version, navigate to the corresponding tag (i.e. 0.32.1) in [`values.yaml`](https://github.com/hashicorp/consul-helm/blob/v0.32.1/values.yaml) and retrieve the `imageK8S` global value.
|
||||
|
||||
| Consul Version | Compatible Consul Helm Versions (default `consul-k8s` image) |
|
||||
| -------------- | -----------------------------------------------------------|
|
||||
|
@ -35,18 +35,18 @@ Prior to Consul Kubernetes 0.33.0, a separately versioned Consul Helm chart was
|
|||
|
||||
Supported versions of Envoy for Consul versions are also found in [Envoy - Supported Versions](/docs/connect/proxies/envoy#supported-versions). The recommended best practice is to use the default version of Envoy that is provided in the Helm values.yml file, as that is the version that has been tested with the default Consul and Consul Kubernetes binaries for a given Helm chart.
|
||||
|
||||
## Red Hat OpenShift compatability
|
||||
## Red Hat OpenShift compatibility
|
||||
|
||||
Consul Kubernetes delivered Red Hat OpenShift support starting with Consul Helm chart version 0.25.0 for Consul 1.8.4. Please note the following details regarding OpenShift support.
|
||||
Consul Kubernetes delivered Red Hat OpenShift support starting with Consul Helm chart version 0.25.0 for Consul 1.8.4. Please note the following details regarding OpenShift support.
|
||||
|
||||
- Red Hat OpenShift is only supported for OpenShift 4.4.x and above.
|
||||
- Only the default CNI Plugin, [OpenShift SDN CNI Plugin](https://docs.openshift.com/container-platform/4.9/networking/openshift_sdn/about-openshift-sdn.html) is currently supported.
|
||||
- Red Hat OpenShift is only supported for OpenShift 4.4.x and above.
|
||||
- Only the default CNI Plugin, [OpenShift SDN CNI Plugin](https://docs.openshift.com/container-platform/4.9/networking/openshift_sdn/about-openshift-sdn.html) is currently supported.
|
||||
|
||||
## Vault as a Secrets Backend compatibility
|
||||
|
||||
Starting with Consul K8s 0.39.0 and Consul 1.11.x, Consul Kubernetes supports the ability to utilize Vault as the secrets backend for all the secrets utilized by Consul on Kubernetes.
|
||||
Starting with Consul K8s 0.39.0 and Consul 1.11.x, Consul Kubernetes supports the ability to utilize Vault as the secrets backend for all the secrets utilized by Consul on Kubernetes.
|
||||
|
||||
| `consul-k8s` Versions | Compatible Vault Versions | Compatible `vault-k8s` Versions |
|
||||
| `consul-k8s` Versions | Compatible Vault Versions | Compatible `vault-k8s` Versions |
|
||||
| ------------------------ | --------------------------| ----------------------------- |
|
||||
| 0.39.0 - latest | 1.9.0 - latest | 0.14.0 - latest |
|
||||
|
||||
|
|
|
@ -60,7 +60,7 @@ $ vault secrets enable -path=consul kv-v2
|
|||
|
||||
### Vault PKI Engine
|
||||
|
||||
The Vault PKI Engine must be enabled in order to leverage Vault for issuiing Consul Server TLS certificates. More details for configuring the PKI Engine is found in [Bootstrapping the PKI Engine](/docs/k8s/installation/vault/server-tls#bootstrapping-the-pki-engine) under the Server TLS section.
|
||||
The Vault PKI Engine must be enabled in order to leverage Vault for issuing Consul Server TLS certificates. More details for configuring the PKI Engine is found in [Bootstrapping the PKI Engine](/docs/k8s/installation/vault/server-tls#bootstrapping-the-pki-engine) under the Server TLS section.
|
||||
|
||||
```shell-session
|
||||
$ vault secrets enable pki
|
||||
|
|
|
@ -28,7 +28,7 @@ Refer to the [Consul K8s CLI reference](/docs/k8s/k8s-cli#uninstall) topic for d
|
|||
|
||||
Run the `helm uninstall` **and** manually remove resources that Helm does not delete.
|
||||
|
||||
1. Although the Helm chart automates the deletion of CRDs upon uninstallation, sometimes the finalizers tied to those CRDs may not complete because the deletion of the CRDs rely on the Consul K8s controller running. Ensure that previously created CRDs for Consul on Kubernetes are deleted, so subsequent installs of Consul on Kubernetes on the same Kubernetes cluster do not get blocked.
|
||||
1. Although the Helm chart automates the deletion of CRDs upon uninstall, sometimes the finalizers tied to those CRDs may not complete because the deletion of the CRDs rely on the Consul K8s controller running. Ensure that previously created CRDs for Consul on Kubernetes are deleted, so subsequent installs of Consul on Kubernetes on the same Kubernetes cluster do not get blocked.
|
||||
|
||||
```shell-session
|
||||
$ kubectl delete crd --selector app=consul
|
||||
|
|
|
@ -14,18 +14,19 @@ Refer to the [introduction](https://learn.hashicorp.com/tutorials/consul/consul-
|
|||
<Tabs>
|
||||
<Tab heading="Pre-compiled binary">
|
||||
|
||||
To install Consul-Terraform-Sync, find the [appropriate package](https://releases.hashicorp.com/consul-terraform-sync/) for your system and download it as a zip archive. For the CTS Enterprise binary, download a zip archive with the `+ent` metadata. [CTS Enterprise requires a Consul Enterpise license](/docs/nia/enterprise/license) to run.
|
||||
To install Consul-Terraform-Sync, find the [appropriate package](https://releases.hashicorp.com/consul-terraform-sync/) for your system and download it as a zip archive. For the CTS Enterprise binary, download a zip archive with the `+ent` metadata. [CTS Enterprise requires a Consul Enterprise license](/docs/nia/enterprise/license) to run.
|
||||
|
||||
Unzip the package to extract the binary named `consul-terraform-sync`. Move the `consul-terraform-sync` binary to a location available on your `PATH`.
|
||||
|
||||
Example:
|
||||
|
||||
```shell-session
|
||||
$ echo $PATH
|
||||
/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin
|
||||
$ mv ./consul-terraform-sync /usr/local/bin/consul-terraform-sync
|
||||
```
|
||||
|
||||
Once installed, verify the installation works by prompting the `-version` or `-help` option. The version outputed for the CTS Enterpise binary includes the `+ent` metadata.
|
||||
Once installed, verify the installation works by prompting the `-version` or `-help` option. The version outputted for the CTS Enterprise binary includes the `+ent` metadata.
|
||||
|
||||
```shell-session
|
||||
$ consul-terraform-sync -version
|
||||
|
@ -42,7 +43,7 @@ For the CTS Enterprise, use the Docker image [`hashicorp/consul-terraform-sync-e
|
|||
$ docker pull hashicorp/consul-terraform-sync
|
||||
```
|
||||
|
||||
Once installed, verify the installation works by prompting the `-version` or `-help` option. The version outputed for the CTS Enterpise image includes the `+ent` metadata.
|
||||
Once installed, verify the installation works by prompting the `-version` or `-help` option. The version outputted for the CTS Enterprise image includes the `+ent` metadata.
|
||||
|
||||
```shell-session
|
||||
$ docker run --rm hashicorp/consul-terraform-sync -version
|
||||
|
|
|
@ -36,7 +36,7 @@ A task can also monitor, but not execute on, other variables that provide additi
|
|||
|
||||
A source input can be specified that implicitly includes variables to be provided to the task’s module. For example, a task can specify a Consul KV source input. The specified KV keys or key paths would be monitored for changes. Any changes detected would be included as input information for the modules. The module determines the details of what values are monitored and what values can execute the task.
|
||||
|
||||
~> **The source input block is currently only supported when using a schedule condition.** Adding a source input block alongside any other type of condition will result in an error. To accomplish a similar behaviour with other condition blocks, use the `source_includes_var` field.
|
||||
~> **The source input block is currently only supported when using a schedule condition.** Adding a source input block alongside any other type of condition will result in an error. To accomplish a similar behavior with other condition blocks, use the `source_includes_var` field.
|
||||
|
||||
Below are details on the types of execution conditions that Consul-Terraform-Sync supports.
|
||||
|
||||
|
|
|
@ -207,7 +207,7 @@ environment and adapt these configurations accordingly.
|
|||
- **Rotate Credentials** - Using short-lived credentials and rotating them frequently is highly recommended for
|
||||
production environments to limit the blast radius from potentially compromised secrets, and enabling basic auditing.
|
||||
|
||||
- **ACL Tokens** - Consul API’s require an ACL token to authorize actions within a cluster.
|
||||
- **ACL Tokens** - Consul APIs require an ACL token to authorize actions within a cluster.
|
||||
|
||||
- **X.509 Certificates** - Rotate certificates used by the Consul agent; e.g. integrate with Vault's PKI secret engine
|
||||
to automatically generate and renew dynamic, unique X.509 certificates for each Consul node with a short TTL. Client
|
||||
|
|
Loading…
Reference in New Issue