mirror of
https://github.com/status-im/consul.git
synced 2025-01-09 13:26:07 +00:00
166d7a39e8
Remove outdated usage of "Consul Connect" instead of Consul service mesh. The connect subsystem in Consul provides Consul's service mesh capabilities. However, the term "Consul Connect" should not be used as an alternative to the name "Consul service mesh".
99 lines
3.8 KiB
Plaintext
99 lines
3.8 KiB
Plaintext
---
|
|
layout: commands
|
|
page_title: 'Commands: Intention'
|
|
description: >-
|
|
The `consul intention` command interacts with service intentions to secure service mesh traffic. It exposes top-level commands for interacting with intentions. It was deprecated in Consul v1.9.0. To interact with intentions, use `consul config` instead.
|
|
---
|
|
|
|
# Consul Intention
|
|
|
|
Command: `consul intention`
|
|
|
|
The `intention` command is used to interact with service mesh
|
|
[intentions](/consul/docs/connect/intentions). It exposes commands for
|
|
creating, updating, reading, deleting, checking, and managing intentions.
|
|
This command is available in Consul 1.2 and later.
|
|
|
|
Use the
|
|
[`service-intentions`](/consul/docs/connect/config-entries/service-intentions) configuration entry or the [HTTP
|
|
API](/consul/api-docs/connect/intentions) to manage intentions.
|
|
|
|
~> **Deprecated** - This command is deprecated in Consul 1.9.0 in favor of
|
|
using the [config entry CLI command](/consul/commands/config/write). To create an
|
|
intention, create or modify a
|
|
[`service-intentions`](/consul/docs/connect/config-entries/service-intentions) config
|
|
entry for the destination.
|
|
|
|
## Usage
|
|
|
|
Usage: `consul intention <subcommand>`
|
|
|
|
For the exact documentation for your Consul version, run `consul intention -h`
|
|
to view the complete list of subcommands.
|
|
|
|
```text
|
|
Usage: consul intention <subcommand> [options] [args]
|
|
|
|
...
|
|
|
|
Subcommands:
|
|
check Check whether a connection between two services is allowed.
|
|
create Create intentions for service connections.
|
|
delete Delete an intention.
|
|
list Lists all intentions.
|
|
get Show information about an intention.
|
|
match Show intentions that match a source or destination.
|
|
```
|
|
|
|
For more information, examples, and usage about a subcommand, click on the name
|
|
of the subcommand in the sidebar.
|
|
|
|
## Basic Examples
|
|
|
|
Create an intention to allow "web" to talk to "db":
|
|
|
|
```shell-session
|
|
$ consul intention create web db
|
|
```
|
|
|
|
Create an intention to deny "db" from initiating connections to _any_ service:
|
|
|
|
```shell-session
|
|
$ consul intention create -deny db '*'
|
|
Created: db => * (deny)
|
|
```
|
|
|
|
Test whether a "web" is allowed to connect to "db":
|
|
|
|
```shell-session
|
|
$ consul intention check web db
|
|
```
|
|
|
|
List all intentions:
|
|
|
|
```shell-session
|
|
$ consul intention list
|
|
```
|
|
|
|
Find all intentions for communicating to the "db" service:
|
|
|
|
```shell-session
|
|
$ consul intention match db
|
|
```
|
|
|
|
## Source and Destination Naming
|
|
|
|
Intention commands commonly take positional arguments referred to as `SRC` and
|
|
`DST` in the command documentation. These can take several forms:
|
|
|
|
| Format | Meaning |
|
|
| ----------------------------------- | --------------------------------------------------------------------------------------------- |
|
|
| `<service>` | the named service in the current namespace |
|
|
| `*` | any service in the current namespace |
|
|
| `<namespace>/<service>` | <EnterpriseAlert inline /> the named service in a specific namespace in the default partition |
|
|
| `<namespace>/*` | <EnterpriseAlert inline /> any service in the specified namespace in the default partition |
|
|
| `*/*` | <EnterpriseAlert inline /> any service in any namespace in the default partition |
|
|
| `<partition>/<namespace>/<service>` | <EnterpriseAlert inline /> the named service in a specific namespace |
|
|
| `<partition>/<namespace>/*` | <EnterpriseAlert inline /> any service in the specified namespace in a specific partition |
|
|
| `<partition>/*/*` | <EnterpriseAlert inline /> any service in any namespace in the a specific partition |
|