consul/website/content/docs/k8s/deployment-configurations/consul-enterprise.mdx

138 lines
4.5 KiB
Plaintext
Raw Normal View History

2019-12-19 02:02:26 +00:00
---
2020-04-07 18:55:19 +00:00
layout: docs
page_title: Consul Enterprise
description: Configuration for running Consul Enterprise
2019-12-19 02:02:26 +00:00
---
# Consul Enterprise
You can use this Helm chart to deploy Consul Enterprise by following a few extra steps.
Find the license file that you received in your welcome email. It should have a `.hclic` extension. You will use the contents of this file to create a Kubernetes secret before installing the Helm chart.
-> **Note:** This guide assumes you are storing your license as a Kubernetes Secret. If you would like to store the enterprise license in Vault, please reference [Storing the Enterprise License in Vault](/docs/k8s/installation/vault/enterprise-license).
2019-12-19 02:02:26 +00:00
You can use the following commands to create the secret with name `consul-ent-license` and key `key`:
```bash
secret=$(cat 1931d1f4-bdfd-6881-f3f5-19349374841f.hclic)
kubectl create secret generic consul-ent-license --from-literal="key=${secret}"
```
-> **Note:** If you cannot find your `.hclic` file, please contact your sales team or Technical Account Manager.
In your `config.yaml`, change the value of `global.image` to one of the enterprise [release tags](https://hub.docker.com/r/hashicorp/consul-enterprise/tags).
<CodeBlockConfig filename="config.yaml" highlight="2">
2019-12-19 02:02:26 +00:00
```yaml
global:
image: 'hashicorp/consul-enterprise:1.10.0-ent'
2019-12-19 02:02:26 +00:00
```
</CodeBlockConfig>
Add the name and key of the secret you just created to `server.enterpriseLicense`, if using Consul version 1.10+.
2019-12-19 02:02:26 +00:00
<CodeBlockConfig filename="config.yaml" highlight="4-6">
2019-12-19 02:02:26 +00:00
```yaml
global:
image: 'hashicorp/consul-enterprise:1.10.0-ent'
2019-12-19 02:02:26 +00:00
enterpriseLicense:
2020-04-06 20:27:35 +00:00
secretName: 'consul-ent-license'
secretKey: 'key'
2019-12-19 02:02:26 +00:00
```
</CodeBlockConfig>
If the version of Consul is < 1.10, use the following config with the name and key of the secret you just created.
(These values are required on top of your normal configuration.)
-> **Note:** The value of `server.enterpriseLicense.enableLicenseAutoload` must be set to `false`.
<CodeBlockConfig filename="config.yaml" highlight="7">
```yaml
global:
image: 'hashicorp/consul-enterprise:1.8.3-ent'
enterpriseLicense:
secretName: 'consul-ent-license'
secretKey: 'key'
enableLicenseAutoload: false
```
</CodeBlockConfig>
2019-12-19 02:02:26 +00:00
Now run `helm install`:
2020-05-19 18:32:38 +00:00
```shell-session
$ helm install --wait hashicorp hashicorp/consul --values config.yaml
2019-12-19 02:02:26 +00:00
```
Once the cluster is up, you can verify the nodes are running Consul Enterprise by
using the `consul license get` command.
First, forward your local port 8500 to the Consul servers so you can run `consul`
commands locally against the Consul servers in Kubernetes:
2020-05-19 18:32:38 +00:00
```shell-session
2019-12-19 02:02:26 +00:00
$ kubectl port-forward service/hashicorp-consul-server 8500:8500
```
In a separate tab, run the `consul license get` command (if using ACLs see below):
2020-05-19 18:32:38 +00:00
```shell-session
2019-12-19 02:02:26 +00:00
$ consul license get
License is valid
License ID: 1931d1f4-bdfd-6881-f3f5-19349374841f
Customer ID: b2025a4a-8fdd-f268-95ce-1704723b9996
Expires At: 2020-03-09 03:59:59.999 +0000 UTC
Datacenter: *
Package: premium
Licensed Features:
Automated Backups
Automated Upgrades
Enhanced Read Scalability
Network Segments
Redundancy Zone
Advanced Network Federation
$ consul members
Node Address Status Type Build Protocol DC Segment
hashicorp-consul-server-0 10.60.0.187:8301 alive server 1.10.0+ent 2 dc1 <all>
hashicorp-consul-server-1 10.60.1.229:8301 alive server 1.10.0+ent 2 dc1 <all>
hashicorp-consul-server-2 10.60.2.197:8301 alive server 1.10.0+ent 2 dc1 <all>
2019-12-19 02:02:26 +00:00
```
If you get an error:
```bash
Error getting license: invalid character 'r' looking for beginning of value
```
Then you have likely enabled ACLs. You need to specify your ACL token when
running the `license get` command. First, assign the ACL token to the `CONSUL_HTTP_TOKEN` environment variable:
2020-05-19 18:32:38 +00:00
```shell-session
$ export CONSUL_HTTP_TOKEN=$(kubectl get secrets/hashicorp-consul-bootstrap-acl-token --template='{{.data.token | base64decode }}')
2019-12-19 02:02:26 +00:00
```
Now the token will be used when running Consul commands:
2020-05-19 18:32:38 +00:00
```shell-session
2019-12-19 02:02:26 +00:00
$ consul license get
License is valid
License ID: 1931d1f4-bdfd-6881-f3f5-19349374841f
Customer ID: b2025a4a-8fdd-f268-95ce-1704723b9996
Expires At: 2020-03-09 03:59:59.999 +0000 UTC
Datacenter: *
Package: premium
Licensed Features:
Automated Backups
Automated Upgrades
Enhanced Read Scalability
Network Segments
Redundancy Zone
Advanced Network Federation
```