Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure. https://www.consul.io
Go to file
freddygv fac3ddc857 Use internal server certificate for peering TLS
A previous commit introduced an internally-managed server certificate
to use for peering-related purposes.

Now the peering token has been updated to match that behavior:
- The server name matches the structure of the server cert
- The CA PEMs correspond to the Connect CA

Note that if Conect is disabled, and by extension the Connect CA, we
fall back to the previous behavior of returning the manually configured
certs and local server SNI.

Several tests were updated to use the gRPC TLS port since they enable
Connect by default. This means that the peering token will embed the
Connect CA, and the dialer will expect a TLS listener.
2022-10-07 09:05:32 -06:00
.changelog ui: Remove node name from agentless service instance (#14903) 2022-10-07 04:01:34 -06:00
.circleci connect: Bump Envoy 1.20 to 1.20.7, 1.21 to 1.21.5 and 1.22 to 1.22.5 (#14831) 2022-10-04 13:15:01 -07:00
.github ci: Fix changelog-checker GHA workflow (#14842) 2022-10-03 16:49:24 -07:00
.release Merge pull request #13790 from hashicorp/post-publish-website 2022-08-08 10:55:11 -05:00
acl Add ACL enforcement to peering endpoints 2022-07-25 09:34:29 -06:00
agent Use internal server certificate for peering TLS 2022-10-07 09:05:32 -06:00
api Use internal server certificate for peering TLS 2022-10-07 09:05:32 -06:00
bench
build-support Add mocks for probuf generation 2022-09-29 21:17:30 -07:00
command Use internal server certificate for peering TLS 2022-10-07 09:05:32 -06:00
connect Add retries and debugging to flaky test 2022-08-08 15:26:44 -04:00
contributing Move contributing to docs 2021-08-30 16:17:09 -04:00
docs fix: missing UDP field in checkType (#14885) 2022-10-05 15:57:21 -04:00
grafana add readme outlining how to edit and publish 2021-01-12 14:47:11 -08:00
internal Extract AWS auth implementation out of Consul (#13760) 2022-07-19 16:26:44 -05:00
ipaddr Ensure Consul is IPv6 compliant (#5468) 2019-06-04 10:02:38 -04:00
lib Share mgw addrs in peering stream if needed 2022-10-03 11:42:20 -06:00
logging xDS Load Balancing (#14397) 2022-09-09 15:02:01 +01:00
proto Add exported services event to cluster peering replication. (#14797) 2022-09-29 15:37:19 -04:00
proto-public Regenerate protos with mocks 2022-09-29 21:18:40 -07:00
sdk Use internal server certificate for peering TLS 2022-10-07 09:05:32 -06:00
sentinel re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
service_os re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
snapshot Vendor in rpc mono repo for net/rpc fork, go-msgpack, msgpackrpc. (#12311) 2022-02-14 09:45:45 -08:00
test Make the mesh gateway changes to allow `local` mode for cluster peering data plane traffic (#14817) 2022-10-06 09:54:14 -04:00
testrpc feat(cli): add initial peering cli commands 2022-09-01 17:20:13 -04:00
tlsutil Add awareness of server mode to TLS configurator 2022-09-16 17:57:10 -06:00
tools/internal-grpc-proxy grpc: rename public/private directories to external/internal (#13721) 2022-07-13 16:33:48 +01:00
types agent: convert listener config to TLS types (#12522) 2022-03-24 15:32:25 -04:00
ui ui: Remove node name from agentless service instance (#14903) 2022-10-07 04:01:34 -06:00
version Sync changes from 1.13.0 release (#14104) 2022-08-10 12:21:21 -07:00
website Fixes broken URLs in Dataplane docs (#14910) 2022-10-06 19:23:02 -07:00
.dockerignore Update the scripting 2018-06-14 21:42:47 -04:00
.gitignore chore: ignore vscode files 2022-07-25 12:31:58 -04:00
.golangci.yml lint net/rpc usage (#12816) 2022-09-02 09:56:40 -07:00
CHANGELOG.md docs: vault ca provider patch upgrade guidance 2022-10-06 16:04:43 -07:00
Dockerfile Add version label to Docker image (#14204) 2022-08-18 14:41:34 -04:00
GNUmakefile Add mocks for probuf generation 2022-09-29 21:17:30 -07:00
LICENSE
NOTICE.md add copyright notice file 2018-07-09 10:58:26 -07:00
README.md README: Consul Readme improvements (#14773) 2022-09-27 16:18:43 -07:00
Vagrantfile
fixup_acl_move.sh Fixup script 2 2022-04-05 14:52:43 -07:00
go.mod Upgrade serf to v0.10.1 and memberlist to v0.5.0 to get memberlist size metrics and broadcast queue depth metric (#14873) 2022-10-04 17:51:37 -06:00
go.sum Upgrade serf to v0.10.1 and memberlist to v0.5.0 to get memberlist size metrics and broadcast queue depth metric (#14873) 2022-10-04 17:51:37 -06:00
main.go Refactor some functions for better enterprise use (#13280) 2022-05-30 09:46:55 -04:00

README.md

Consul logo Consul

Docker Pulls Go Report Card

Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.

Consul provides several key features:

  • Multi-Datacenter - Consul is built to be datacenter aware, and can support any number of regions without complex configuration.

  • Service Mesh - Consul Service Mesh enables secure service-to-service communication with automatic TLS encryption and identity-based authorization. Applications can use sidecar proxies in a service mesh configuration to establish TLS connections for inbound and outbound connections with Transparent Proxy.

  • Service Discovery - Consul makes it simple for services to register themselves and to discover other services via a DNS or HTTP interface. External services such as SaaS providers can be registered as well.

  • Health Checking - Health Checking enables Consul to quickly alert operators about any issues in a cluster. The integration with service discovery prevents routing traffic to unhealthy hosts and enables service level circuit breakers.

  • Key/Value Storage - A flexible key/value store enables storing dynamic configuration, feature flagging, coordination, leader election and more. The simple HTTP API makes it easy to use anywhere.

Consul runs on Linux, macOS, FreeBSD, Solaris, and Windows and includes an optional browser based UI. A commercial version called Consul Enterprise is also available.

Please note: We take Consul's security and our users' trust very seriously. If you believe you have found a security issue in Consul, please responsibly disclose by contacting us at security@hashicorp.com.

Quick Start

A few quick start guides are available on the Consul website:

Documentation

Full, comprehensive documentation is available on the Consul website: https://consul.io/docs

Contributing

Thank you for your interest in contributing! Please refer to CONTRIBUTING.md for guidance. For contributions specifically to the browser based UI, please refer to the UI's README.md for guidance.