You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
consul/website/content/docs/k8s/deployment-configurations/consul-enterprise.mdx

139 lines
4.7 KiB

---
layout: docs
page_title: Deploy Consul Enterprise on Kubernetes
description: >-
Consul Enterprise features are available when running Consul on Kubernetes. Learn how to apply your license in the Helm chart and return the license information with the `consul license get` command.
---
# Deploy Consul Enterprise on Kubernetes
You can use this Helm chart to deploy Consul Enterprise by following a few extra steps.
Find the license file that you received in your welcome email. It should have a `.hclic` extension. You will use the contents of this file to create a Kubernetes secret before installing the Helm chart.
-> **Note:** This guide assumes you are storing your license as a Kubernetes Secret. If you would like to store the enterprise license in Vault, please reference [Storing the Enterprise License in Vault](/consul/docs/k8s/deployment-configurations/vault/data-integration/enterprise-license).
You can use the following commands to create the secret with name `consul-ent-license` and key `key`:
```bash
secret=$(cat 1931d1f4-bdfd-6881-f3f5-19349374841f.hclic)
kubectl create secret generic consul-ent-license --from-literal="key=${secret}"
```
-> **Note:** If you cannot find your `.hclic` file, please contact your sales team or Technical Account Manager.
In your `values.yaml`, change the value of `global.image` to one of the enterprise [release tags](https://hub.docker.com/r/hashicorp/consul-enterprise/tags).
<CodeBlockConfig filename="values.yaml" highlight="2">
```yaml
global:
image: 'hashicorp/consul-enterprise:1.10.0-ent'
```
</CodeBlockConfig>
Add the name and key of the secret you just created to `server.enterpriseLicense`, if using Consul version 1.10+.
<CodeBlockConfig filename="values.yaml" highlight="4-6">
```yaml
global:
image: 'hashicorp/consul-enterprise:1.10.0-ent'
enterpriseLicense:
secretName: 'consul-ent-license'
secretKey: 'key'
```
</CodeBlockConfig>
If the version of Consul is < 1.10, use the following config with the name and key of the secret you just created.
(These values are required on top of your normal configuration.)
-> **Note:** The value of `server.enterpriseLicense.enableLicenseAutoload` must be set to `false`.
<CodeBlockConfig filename="values.yaml" highlight="7">
```yaml
global:
image: 'hashicorp/consul-enterprise:1.8.3-ent'
enterpriseLicense:
secretName: 'consul-ent-license'
secretKey: 'key'
enableLicenseAutoload: false
```
</CodeBlockConfig>
Now run `helm install`:
```shell-session
$ helm install --wait hashicorp hashicorp/consul --values values.yaml
```
Once the cluster is up, you can verify the nodes are running Consul Enterprise by
using the `consul license get` command.
First, forward your local port 8500 to the Consul servers so you can run `consul`
commands locally against the Consul servers in Kubernetes:
```shell-session
$ kubectl port-forward service/hashicorp-consul-server 8500:8500
```
In a separate tab, run the `consul license get` command (if using ACLs see below):
```shell-session
$ consul license get
License is valid
License ID: 1931d1f4-bdfd-6881-f3f5-19349374841f
Customer ID: b2025a4a-8fdd-f268-95ce-1704723b9996
Expires At: 2020-03-09 03:59:59.999 +0000 UTC
Datacenter: *
Package: premium
Licensed Features:
Automated Backups
Automated Upgrades
Enhanced Read Scalability
Network Segments
Redundancy Zone
Advanced Network Federation
$ consul members
Node Address Status Type Build Protocol DC Segment
hashicorp-consul-server-0 10.60.0.187:8301 alive server 1.10.0+ent 2 dc1 <all>
hashicorp-consul-server-1 10.60.1.229:8301 alive server 1.10.0+ent 2 dc1 <all>
hashicorp-consul-server-2 10.60.2.197:8301 alive server 1.10.0+ent 2 dc1 <all>
```
If you get an error:
```bash
Error getting license: invalid character 'r' looking for beginning of value
```
Then you have likely enabled ACLs. You need to specify your ACL token when
running the `license get` command. First, assign the ACL token to the `CONSUL_HTTP_TOKEN` environment variable:
```shell-session
$ export CONSUL_HTTP_TOKEN=$(kubectl get secrets/hashicorp-consul-bootstrap-acl-token --template='{{.data.token | base64decode }}')
```
Now the token will be used when running Consul commands:
```shell-session
$ consul license get
License is valid
License ID: 1931d1f4-bdfd-6881-f3f5-19349374841f
Customer ID: b2025a4a-8fdd-f268-95ce-1704723b9996
Expires At: 2020-03-09 03:59:59.999 +0000 UTC
Datacenter: *
Package: premium
Licensed Features:
Automated Backups
Automated Upgrades
Enhanced Read Scalability
Network Segments
Redundancy Zone
Advanced Network Federation
```