Document k8s auth support

[eikenb]

Kubernetes authentication support was added by an Envconsul community member to get support for it there (as it uses consul-template as a library). They documented it in Envconsul but not hear as this was just a library addition for them.

Write some docs on it.

See the PR #1580 for some details on this as well as the envconsul docs on it (search for k8s_service in the readme https://github.com/hashicorp/envconsul).

[ryanth2022]

Hi @eikenb,
May I know next version of consul template will support k8s auth like envconsul already had?
Thanks

[eikenb]

Hey @ryanth2022,

The functionality was included in consul-template 0.29.1 and should work now. It is missing the documentation for it though and that is what this ticket is for.

I updated the milestone to the next one (0.30.0) to better remind me to write these docs. Thanks for the ping.

[ryanth2022]

awesome, thanks @eikenb and it seems both consul-template, envconsul support vault k8s authentication only, for consul k8s authentication still don't yet. May I know the plan for consul k8s authentication?

[eikenb]

Hey @ryanth2022.. I'm not really up to speed on Consul's K8s support. I could ask there but after some digging I did find this...

https://developer.hashicorp.com/consul/docs/security/acl/auth-methods/kubernetes

Any chance that does what you need?

[ryanth2022]

@eikenb I mean can consul-template use consul k8s authentication (https://developer.hashicorp.com/consul/docs/security/acl/auth-methods/kubernetes) to authenticate with consul-server? Then we probably can define the configuration block code like

consul {
  address = "https://consul.service.consul:8501"
  k8s_auth_role_name = "<role-name>"
  k8s_service_account_token_path = "/run/secrets/kubernetes.io/serviceaccount/token"
  ssl {
    verify = false
  }
}

[eikenb]

Ok... I think I see what you're getting at now. The current K8s integration allows it to use K8s auth with Vault, but not with Consul. You'd like it to work with Consul + the K8s auth method as well. Correct?

[ryanth2022]

Yes correct that's what I mean @eikenb.

[eikenb]

@ryanth2022 ... sounds like a feature request issue that should get it's own entry. Would you like to create it or should I?

[ryanth2022]

sorry for late reply, I didn't be able to back to this thread earlier. I see you help me to create a request. Thanks a lot for that. Now I just wait for it gets finish

[eikenb]

No worries about the delay, happens to everyone.

Just and FYI... this is probably not going to get done in the near future unless someone pushes a PR soon. I'm being pulled off maintaining consul-template in the new year and won't be working on it for the foreseeable future after that. Sorry. :(

[eikenb]

Oh, remembered I was leaving this open for you to respond and you have. Closing this now in favor of the enhancement proposal #1667.