docs: add Consul policy for Consul Namespace support

CHANGELOG.md

@@ -5,7 +5,7 @@ IMPROVEMENTS:
  * api: Added support for cancellation contexts to HTTP API. [[GH-8836](https://github.com/hashicorp/nomad/issues/8836)]
  * client: Added support for Azure fingerprinting. [[GH-8979](https://github.com/hashicorp/nomad/issues/8979)]
  * client: Updated consul-template to v0.25.0 - config function_blacklist deprecated and replaced with function_denylist [[GH-8988](https://github.com/hashicorp/nomad/pull/8988)]
- * consul: Support consul namespace (consul enterprise) in client configuration. [[GH-8849](https://github.com/hashicorp/nomad/pull/8849)]
+ * consul: Support Consul namespace (Consul Enterprise) in client configuration. [[GH-8849](https://github.com/hashicorp/nomad/pull/8849)]
  * driver/docker: Upgrade pause container and detect architecture [[GH-8957](https://github.com/hashicorp/nomad/pull/8957)]
  * jobspec: Lowered minimum CPU allowed from 10 to 1. [[GH-8996](https://github.com/hashicorp/nomad/issues/8996)]
 

website/pages/docs/configuration/consul.mdx

@@ -180,5 +180,37 @@ consul {
 }
 ```
 
+### Consul Namespace
+
+Consul does not allow ACL policies associated with namespaces to use agent
+permissions. Nomad requires `agent:read` permissions. In order to use the
+`consul_namespace` feature, Nomad will need a token generated in Consul's
+default namespace. That token should be created from with `agent:read` as well
+as a `namespace` block with the other relevant permissions for running Nomad
+in the intended namespace. The Consul policy below shows the required policy
+configuration:
+
+```
+agent_prefix "" {
+  policy = "read"
+}
+
+namespace "nomad-ns" {
+  acl = "write"
+
+  key_prefix "" {
+    policy = "write"
+  }
+
+  node_prefix "" {
+    policy = "read"
+  }
+
+  service_prefix "" {
+    policy = "write"
+  }
+}
+```
+
 [consul]: https://www.consul.io/ 'Consul by HashiCorp'
 [bootstrap]: https://learn.hashicorp.com/tutorials/nomad/clustering 'Automatic Bootstrapping'