docs: K8s secondary DC requirements (#18280)

* Requested edit * Apply suggestions from code review Co-authored-by: trujillo-adam <[email protected]> --------- Co-authored-by: trujillo-adam <[email protected]> manual cherry-pick
hashicorp · Jul 26, 2023 · 5287bc4 · 5287bc4
1 parent 58ed2d3
commit 5287bc4
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 13 deletions.
diff --git a/.vscode/extensions.json b/.vscode/extensions.json
@@ -0,0 +1,5 @@
+{
+    "recommendations": [
+        "fredwangwang.vscode-hcl-format"
+    ]
+}
diff --git a/website/content/docs/k8s/installation/multi-cluster/kubernetes.mdx b/website/content/docs/k8s/installation/multi-cluster/kubernetes.mdx
@@ -13,8 +13,8 @@ description: >-
 
 -> Looking for a step-by-step guide? Please follow our Learn tutorial: [Secure and Route Service Mesh Communication Across Kubernetes](https://learn.hashicorp.com/tutorials/consul/kubernetes-mesh-gateways).
 
-This page describes how to federate multiple Kubernetes clusters. See [Multi-Cluster Overview](/docs/k8s/installation/multi-cluster)
-for more information on use-cases and how it works.
+This page describes how to federate multiple Kubernetes clusters. Refer to [Multi-Cluster Overview](/consul/docs/k8s/deployment-configurations/multi-cluster)
+for more information, including [networking requirements](/consul/docs/k8s/deployment-configurations/multi-cluster#network-requirements).
 
 ## Primary Datacenter
 
@@ -84,18 +84,17 @@ Modifications:
 
 1. The Consul datacenter name is `dc1`. The datacenter name in each federated
    cluster **must be unique**.
-1. ACLs are enabled in the above config file. They can be disabled by setting:
-
+1. ACLs are enabled in the template configuration. When ACLs are enabled, primary clusters must be able to make requests to the Kubernetes API URLs of secondary clusters. To disable ACLs for testing purposes, change the following settings:
 
    ```yaml
    global:
      acls:
        manageSystemACLs: false
        createReplicationToken: false
    ```
+
    ACLs secure Consul by requiring every API call to present an ACL token that
-   is validated to ensure it has the proper permissions. If you are only testing Consul,
-   this is not required.
+   is validated to ensure it has the proper permissions.
 1. Gossip encryption is enabled in the above config file. To disable it, comment
    out or delete the `gossipEncryption` key:
 

diff --git a/website/content/docs/k8s/installation/multi-cluster/vms-and-kubernetes.mdx b/website/content/docs/k8s/installation/multi-cluster/vms-and-kubernetes.mdx
@@ -11,14 +11,15 @@ description: >-
 
 ~> This topic requires familiarity with [Mesh Gateways](/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters) and [WAN Federation Via Mesh Gateways](/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways).
 
+This page describes how to federate Consul clusters separately deployed in VM and Kubernetes runtimes. Refer to [Multi-Cluster Overview](/consul/docs/k8s/deployment-configurations/multi-cluster)
+for more information, including [Kubernetes networking requirements](/consul/docs/k8s/deployment-configurations/multi-cluster#network-requirements).
+
 Consul datacenters running on non-kubernetes platforms like VMs or bare metal can
-be federated with Kubernetes datacenters. Just like with Kubernetes, one datacenter
-must be the [primary](/docs/k8s/installation/multi-cluster/kubernetes#primary-datacenter).
+be federated with Kubernetes datacenters. 
 
 ## Kubernetes as the Primary
 
-If your primary datacenter is running on Kubernetes, use the Helm config from the
-[Primary Datacenter](/docs/k8s/installation/multi-cluster/kubernetes#primary-datacenter) section to install Consul.
+One Consul datacenter must be the [primary](/consul/docs/k8s/deployment-configurations/multi-cluster/kubernetes#primary-datacenter). If your primary datacenter is running on Kubernetes, use the Helm config from the [Primary Datacenter](/consul/docs/k8s/deployment-configurations/multi-cluster/kubernetes#primary-datacenter) section to install Consul.
 
 Once installed on Kubernetes, and with the `ProxyDefaults` [resource created](/docs/k8s/installation/multi-cluster/kubernetes#proxydefaults),
 you'll need to export the following information from the primary Kubernetes cluster:
@@ -208,9 +209,9 @@ ports {
 
 ## Kubernetes as the Secondary
 
-If you're running your primary datacenter on VMs then you'll need to manually
-construct the [Federation Secret](/docs/k8s/installation/multi-cluster/kubernetes#federation-secret) in order to federate
-Kubernetes clusters as secondaries.
+If you're running your prgimary datacenter on VMs then you'll need to manually
+construct the [Federation Secret](/consul/docs/k8s/deployment-configurations/multi-cluster/kubernetes#federation-secret) in order to federate
+Kubernetes clusters as secondaries. In addition, primary clusters must be able to make requests to the Kubernetes API URLs of secondary clusters when ACLs are enabled.
 
 -> Your VM cluster must be running mesh gateways, and have mesh gateway WAN
 federation enabled. See [WAN Federation via Mesh Gateways](/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways).