mirror of
https://github.com/kemko/nomad.git
synced 2026-01-05 01:45:44 +03:00
bf67f53ba2
When configuring Consul to use Nomad workload identities, you create the Consul auth method in the default namespace. If you're using Consul Enterprise namespaces, there are two available approaches: one is to create the tokens in the default namespace and give them policies that define cross-namespace access, and the other is to use binding rules that map the login to a particular namespace. The latter is what we show in our docs, but this was missing a note that any roles (and their associated policies) targetted by `-bind-type role` need to exist in the Consul namespace we're logging into. Also, in Nomad CE, the `consul.namespace` flag is always treated as having been set to `"default"`. That is, we ignore it and don't return an error even though it's a Nomad ENT-only feature. Clarify this in the documentation for the field the same way we've done for the `cluster` field. Co-authored-by: Aimee Ukasick <aimee.ukasick@hashicorp.com>