Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.

api-gateway consul ecs kubernetes service-discovery service-mesh vault

Go to file

Andy Lindeman fb0a990e4d agent: rewrite checks with proxy address, not local service address (#7518 ) Exposing checks is supposed to allow a Consul agent bound to a different IP address (e.g., in a different Kubernetes pod) to access healthchecks through the proxy while the underlying service binds to localhost. This is an important security feature that makes sure no external traffic reaches the service except through the proxy. However, as far as I can tell, this is subtly broken in the case where the Consul agent cannot reach the proxy over localhost. If a proxy is configured with: `{ LocalServiceAddress: "127.0.0.1", Checks: true }`, as is typical with a sidecar proxy, the Consul checks are currently rewritten to `127.0.0.1:<random port>`. A Consul agent that does not share the loopback address cannot reach this address. Just to make sure I was not misunderstanding, I tried configuring the proxy with `{ LocalServiceAddress: "<pod ip>", Checks: true }`. In this case, while the checks are rewritten as expected and the agent can reach the dynamic port, the proxy can no longer reach its backend because the traffic is no longer on the loopback interface. I think rewriting the checks to use `proxy.Address`, the proxy's own address, is more correct in this case. That is the IP where the proxy can be reached, both by other proxies and by a Consul agent running on a different IP. The local service address should continue to use `127.0.0.1` in most cases.		2020-04-02 09:35:43 +02:00
.circleci	ci: Fix working_directory for go mod download	2020-04-01 17:02:23 -04:00
.github	ci: Upgrade Go to 1.14.1	2020-03-24 15:55:47 -04:00
acl	Add managed service provider token (#7218 )	2020-02-04 13:58:56 -07:00
agent	agent: rewrite checks with proxy address, not local service address (#7518 )	2020-04-02 09:35:43 +02:00
api	tests: fixed unstable test TestAPI_AgentMonitor (#7561 )	2020-04-01 09:47:57 +02:00
bench	Gets benchmarks running again and does a rough pass for 0.7.1.	2016-11-29 13:02:26 -08:00
build-support	ci: Upgrade Go to 1.14.1	2020-03-24 15:55:47 -04:00
command	Merge pull request #7562 from hashicorp/dnephin/remove-tname-from-name	2020-04-01 11:48:45 -04:00
connect	Convert the remaining calls to NewTestAgentWithFields	2020-03-31 17:14:55 -04:00
contributing	Add contributing dir with Config file checklist (#7017 )	2020-01-14 12:24:03 +00:00
demo	demo: Added udp port forwarding	2018-05-30 13:56:56 +09:00
ipaddr	Ensure Consul is IPv6 compliant (#5468 )	2019-06-04 10:02:38 -04:00
lib	wan federation via mesh gateways (#6884 )	2020-03-09 15:59:02 -05:00
logging	wan federation via mesh gateways (#6884 )	2020-03-09 15:59:02 -05:00
sdk	[BUGFIX] Fix race condition in freeport (#7567 )	2020-04-01 13:14:33 -05:00
sentinel	Allow users to configure either unstructured or JSON logging (#7130 )	2020-01-28 17:50:41 -06:00
service_os	Changes made :	2018-06-28 21:18:14 -04:00
snapshot	fix use of hclog logger (#7264 )	2020-02-12 09:37:16 -06:00
terraform	terraform: remove modules in repo (#5085 )	2019-04-04 16:31:43 -07:00
test	tests: fixed bats warning (#7544 )	2020-03-31 22:29:27 +02:00
testrpc	connect: check if intermediate cert needs to be renewed. (#6835 )	2020-01-17 23:27:13 +01:00
tlsutil	tls: remove old ciphers (#7282 )	2020-03-10 21:44:26 +01:00
types	Removes remoteConsuls in favor of the new router.	2017-03-16 16:42:19 -07:00
ui-v2	ui: Fix token duplication bug (#7552 )	2020-04-01 09:55:20 +01:00
vendor	cli: send requested help text to stdout	2020-03-26 15:27:34 -04:00
version	Putting source back into Dev Mode	2020-02-11 11:54:35 -05:00
website	Merge pull request #7427 from hashicorp/dnephin/website-fix-errrors-in-upgrade-docs	2020-04-01 11:36:53 -04:00
.dockerignore	Update the scripting	2018-06-14 21:42:47 -04:00
.gitignore	.gitignore: cut IDE-specific entries, cleanup (#7083 )	2020-01-17 11:06:33 -08:00
.golangci.yml	Add lint to makefile	2020-03-24 16:34:02 -04:00
.hashibot.hcl	hashibot: let hashibot help us more (#7281 )	2020-02-19 15:30:27 +01:00
CHANGELOG.md	update changelog	2020-04-01 13:16:01 -05:00
GNUmakefile	Merge pull request #7485 from hashicorp/dnephin/do-not-skip-tests-on-ci	2020-03-31 11:15:44 -04:00
INTERNALS.md	Add contributing dir with Config file checklist (#7017 )	2020-01-14 12:24:03 +00:00
LICENSE	Initial commit	2013-11-04 14:15:27 -08:00
NOTICE.md	add copyright notice file	2018-07-09 10:58:26 -07:00
README.md	Add link to Learn to the top, move service mesh higher up on list of features. (#7474 )	2020-03-23 12:10:42 -05:00
Vagrantfile	Adds a basic Linux Vagrant setup, stolen from Nomad.	2017-10-06 08:10:12 -07:00
codecov.yml	Upload coverage from each job	2020-03-31 14:43:13 -04:00
go.mod	Merge pull request #7519 from hashicorp/dnephin/help-to-stdout	2020-04-01 11:26:12 -04:00
go.sum	cli: send requested help text to stdout	2020-03-26 15:27:34 -04:00
main.go	cli: slightly more direct way of printing custom version	2020-03-26 15:35:34 -04:00
main_test.go	Adding basic CLI infrastructure	2013-12-19 11:22:08 -08:00

README.md

Consul

Consul is a tool for service discovery and configuration. Consul is distributed, highly available, and extremely scalable.

Consul provides several key features:

Service Discovery - Consul makes it simple for services to register themselves and to discover other services via a DNS or HTTP interface. External services such as SaaS providers can be registered as well.
Health Checking - Health Checking enables Consul to quickly alert operators about any issues in a cluster. The integration with service discovery prevents routing traffic to unhealthy hosts and enables service level circuit breakers.
Service Segmentation/Service Mesh - Consul Connect enables secure service-to-service communication with automatic TLS encryption and identity-based authorization. Applications can use sidecar proxies in a service mesh configuration to establish TLS connections for inbound and outbound connections without being aware of Connect at all.
Key/Value Storage - A flexible key/value store enables storing dynamic configuration, feature flagging, coordination, leader election and more. The simple HTTP API makes it easy to use anywhere.
Multi-Datacenter - Consul is built to be datacenter aware, and can support any number of regions without complex configuration.

Consul runs on Linux, Mac OS X, FreeBSD, Solaris, and Windows. A commercial version called Consul Enterprise is also available.

Please note: We take Consul's security and our users' trust very seriously. If you believe you have found a security issue in Consul, please responsibly disclose by contacting us at security@hashicorp.com.

Quick Start

A few quick start guides are available on the Consul website:

Standalone binary install: https://learn.hashicorp.com/consul/getting-started/install
Minikube install: https://learn.hashicorp.com/consul/kubernetes/minikube
Kubernetes install: https://learn.hashicorp.com/consul/kubernetes/kubernetes-deployment-guide

Documentation

Full, comprehensive documentation is available on the Consul website:

https://www.consul.io/docs

Contributing

Thank you for your interest in contributing! Please refer to CONTRIBUTING.md for guidance.