docs: add Consul policy for Consul Namespace support (#9014)

Co-authored-by: Seth Hoenig <shoenig@hashicorp.com>
2026-01-06 10:25:42 +03:00 · 2020-10-02 15:13:33 -04:00
parent 4a7502847d
commit 38d2a80e2f
2 changed files with 33 additions and 1 deletions
--- a/website/pages/docs/configuration/consul.mdx
+++ b/website/pages/docs/configuration/consul.mdx
@@ -180,5 +180,37 @@ consul {
 }
 ```

+### Consul Namespace
+
+Consul does not allow ACL policies associated with namespaces to use agent
+permissions. Nomad requires `agent:read` permissions. In order to use the
+`consul_namespace` feature, Nomad will need a token generated in Consul's
+default namespace. That token should be created with `agent:read` as well
+as a `namespace` block with the other relevant permissions for running Nomad
+in the intended namespace. The Consul policy below shows an example policy
+configuration for a Nomad server:
+
+```
+agent_prefix "" {
+  policy = "read"
+}
+
+namespace "nomad-ns" {
+  acl = "write"
+
+  key_prefix "" {
+    policy = "read"
+  }
+
+  node_prefix "" {
+    policy = "read"
+  }
+
+  service_prefix "" {
+    policy = "write"
+  }
+}
+```
+
 [consul]: https://www.consul.io/ 'Consul by HashiCorp'
 [bootstrap]: https://learn.hashicorp.com/tutorials/nomad/clustering 'Automatic Bootstrapping'