Backport of [NET-4122] Doc guidance for federation with externalServe…

…rs into release/1.2.x (#2606) ## Backport This PR is auto-generated from #2583 to be assessed for backporting due to the inclusion of the label backport/1.2.x. The below text is copied from the body of the original PR. --- Add guidance for proper configuration when joining to a secondary cluster using WAN fed with external servers also enabled. Also clarify federation requirements and fix formatting for an unrelated value. Changes proposed in this PR: - Update base content for generating Helm chart docs to clarify the use case encountered in #2138 - Minor additional fixes - _Follow-up: propagate generated doc changes to `consul` and additionally update https://developer.hashicorp.com/consul/docs/k8s/deployment-configurations/servers-outside-kubernetes there_ How I've tested this PR: N/A (docs only) How I expect reviewers to test this PR: 👀 Checklist: - [ ] Tests added - [ ] [CHANGELOG entry added](https://github.com/hashicorp/consul-k8s/blob/main/CONTRIBUTING.md#adding-a-changelog-entry) --- <details> <summary> Overview of commits </summary> - cd782d5 </details> Co-authored-by: Michael Zalimeni <[email protected]>
hashicorp · Jul 20, 2023 · e1ff085 · e1ff085
1 parent 8a55de0
commit e1ff085
Showing 1 changed file with 11 additions and 4 deletions.
diff --git a/charts/consul/values.yaml b/charts/consul/values.yaml
@@ -535,8 +535,9 @@ global:
     # If enabled, this datacenter will be federation-capable. Only federation
     # via mesh gateways is supported.
     # Mesh gateways and servers will be configured to allow federation.
-    # Requires `global.tls.enabled`, `meshGateway.enabled` and `connectInject.enabled`
-    # to be true. Requires Consul 1.8+.
+    # Requires `global.tls.enabled`, `connectInject.enabled`, and one of 
+    # `meshGateway.enabled` or `externalServers.enabled` to be true.
+    # Requires Consul 1.8+.
     enabled: false
 
     # If true, the chart will create a Kubernetes secret that can be imported
@@ -552,8 +553,8 @@ global:
     # @type: string
     primaryDatacenter: null
 
-    # A list of addresses of the primary mesh gateways in the form `<ip>:<port>`.
-    # (e.g. ["1.1.1.1:443", "2.3.4.5:443"]
+    # A list of addresses of the primary mesh gateways in the form `<ip>:<port>`
+    # (e.g. `["1.1.1.1:443", "2.3.4.5:443"]`).
     # @type: array<string>
     primaryGateways: []
 
@@ -564,6 +565,9 @@ global:
     # from the one used by the Consul Service Mesh.
     # Please refer to the [Kubernetes Auth Method documentation](https://developer.hashicorp.com/consul/docs/security/acl/auth-methods/kubernetes).
     #
+    # If `externalServers.enabled` is set to true, `global.federation.k8sAuthMethodHost` and 
+    # `externalServers.k8sAuthMethodHost` should be set to the same value.
+    #
     # You can retrieve this value from your `kubeconfig` by running:
     #
     # ```shell-session
@@ -1339,6 +1343,9 @@ externalServers:
   # This address must be reachable from the Consul servers.
   # Please refer to the [Kubernetes Auth Method documentation](https://developer.hashicorp.com/consul/docs/security/acl/auth-methods/kubernetes).
   #
+  # If `global.federation.enabled` is set to true, `global.federation.k8sAuthMethodHost` and 
+  # `externalServers.k8sAuthMethodHost` should be set to the same value.
+  #
   # You could retrieve this value from your `kubeconfig` by running:
   #
   # ```shell-session