Backport of docs: Remove ACLs section from k8s cluster peering page i…

…nto release/1.17.x (#20198) * backport of commit ce0c9be * backport of commit 98bb280 --------- Co-authored-by: boruszak <jeffrey.boruszak@hashicorp.com>
hashicorp · Jan 16, 2024 · 9a36b73 · 9a36b73
1 parent 0b4f4fd
commit 9a36b73
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 25 deletions.
diff --git a/website/content/docs/k8s/connect/cluster-peering/tech-specs.mdx b/website/content/docs/k8s/connect/cluster-peering/tech-specs.mdx
@@ -158,12 +158,4 @@ To learn how to change the mesh gateway mode to `local` on your Kubernetes deplo
 
 The `exported-services` CRD is required in order for services to communicate across partitions with cluster peering connections. Basic guidance on using the `exported-services` configuration entry is included in [Establish cluster peering connections](/consul/docs/k8s/connect/cluster-peering/usage/establish-peering#export-services-between-clusters).
 
-Refer to [`exported-services` configuration entry](/consul/docs/connect/config-entries/exported-services) for more information.
-
-## ACL specifications
-
-If ACLs are enabled, you must add tokens to grant the following permissions:
-
-- Grant `service:write` permissions to services that define mesh gateways in their server definition.
-- Grant `service:read` permissions for all services on the partition.
-- Grant `mesh:write` permissions to the mesh gateways that participate in cluster peering connections. This permission allows a leaf certificate to be issued for mesh gateways to terminate TLS sessions for HTTP requests.
+Refer to [`exported-services` configuration entry](/consul/docs/connect/config-entries/exported-services) for more information.
diff --git a/website/content/docs/k8s/connect/cluster-peering/usage/establish-peering.mdx b/website/content/docs/k8s/connect/cluster-peering/usage/establish-peering.mdx
@@ -439,19 +439,4 @@ Before you can call services from peered clusters, you must set service intentio
     }
     ```
 
-    </CodeBlockConfig>
-
-### Authorize service reads with ACLs
-
-If ACLs are enabled on a Consul cluster, sidecar proxies that access exported services as an upstream must have an ACL token that grants read access.
-
-Read access to all imported services is granted using either of the following rules associated with an ACL token:
-
-- `service:write` permissions for any service in the sidecar's partition.
-- `service:read` and `node:read` for all services and nodes, respectively, in sidecar's namespace and partition.
-
-For Consul Enterprise, the permissions apply to all imported services in the service's partition. These permissions are satisfied when using a [service identity](/consul/docs/security/acl/acl-roles#service-identities).
-
-Refer to [Reading servers](/consul/docs/connect/config-entries/exported-services#reading-services) in the `exported-services` configuration entry documentation for example rules.
-
-For additional information about how to configure and use ACLs, refer to [ACLs system overview](/consul/docs/security/acl).
+    </CodeBlockConfig>