2021-11-12 02:43:57 +00:00
---
layout: docs
2022-09-16 15:28:32 +00:00
page_title: Exported Services - Configuration Entry Reference
2021-11-12 02:43:57 +00:00
description: >-
2022-09-16 15:28:32 +00:00
An exported services configuration entry defines the availability of a cluster's services to cluster peers and local admin partitions. Learn about `""exported-services""` config entry parameters and exporting services to other datacenters.
2021-11-12 02:43:57 +00:00
---
2022-09-13 21:04:13 +00:00
# Exported Services Configuration Entry
2021-12-17 19:29:10 +00:00
2023-01-25 16:52:43 +00:00
This topic describes the `exported-services` configuration entry type. The `exported-services` configuration entry enables Consul to export service instances to other clusters from a single file and connect services across clusters. For additional information, refer to [Cluster Peering](/consul/docs/connect/cluster-peering) and [Admin Partitions](/consul/docs/enterprise/admin-partitions).
2021-11-12 02:43:57 +00:00
2022-06-18 00:40:38 +00:00
-> **v1.11.0+:** This config entry is supported in Consul versions 1.11.0+.
2021-11-12 02:43:57 +00:00
## Introduction
2022-06-18 00:40:38 +00:00
To configure Consul to export services contained in a Consul Enterprise admin partition or Consul OSS datacenter to one or more additional clusters, create a new configuration entry and declare `exported-services` in the `kind` field. This configuration entry enables you to route traffic between services in different clusters.
2021-11-14 02:52:58 +00:00
2022-06-18 00:40:38 +00:00
You can configure the settings defined in the `exported-services` configuration entry to apply to all namespaces in a Consul Enterprise admin partition.
2021-11-12 02:43:57 +00:00
## Requirements
2022-06-18 00:40:38 +00:00
- **Enterprise Only**: A corresponding partition that the configuration entry can export from. For example, the `exported-services` configuration entry for a partition named `frontend` requires an existing `frontend` partition.
2021-11-12 02:43:57 +00:00
## Usage
1. Verify that your datacenter meets the conditions specified in the [Requirements](#requirements).
2023-01-25 16:52:43 +00:00
1. Specify the `exported-services` configuration in the agent configuration file (see [`config_entries`](/consul/docs/agent/config/config-files#config_entries)) as described in [Configuration](#configuration).
2021-11-30 19:18:12 +00:00
1. Apply the configuration using one of the following methods:
2023-01-25 16:52:43 +00:00
- Kubernetes CRD: Refer to the [Custom Resource Definitions](/consul/docs/k8s/crds) documentation for details.
- Issue the `consul config write` command: Refer to the [Consul Config Write](/consul/commands/config/write) documentation for details.
2021-11-12 02:43:57 +00:00
## Configuration
2021-12-03 06:50:38 +00:00
Configure the following parameters to define a `exported-services` configuration entry:
2021-11-12 02:43:57 +00:00
2022-06-18 00:40:38 +00:00
<Tabs>
<Tab heading="Consul OSS">
<CodeTabs heading="Exported services configuration syntax" tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "exported-services"
Name = "default"
Services = [
{
Name = "<name of service to export>"
Consumers = [
{
2022-10-04 18:46:15 +00:00
Peer = "<name of the peered cluster that dials the exported service>"
2022-06-18 00:40:38 +00:00
}
]
}
]
```
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ExportedServices
metadata:
name: default
spec:
services:
- name: <name of service to export>
consumers:
2022-11-17 16:25:32 +00:00
- peer: <name of the peered cluster that dials the exported service>
2022-06-18 00:40:38 +00:00
```
```json
"Kind": "exported-services",
"Name": "default",
"Services": [
{
"Name": "<name of service to export>",
"Consumers": [
{
2022-10-04 18:46:15 +00:00
"Peer": "<name of the peered cluster that dials the exported service>"
2022-06-18 00:40:38 +00:00
}
]
}
]
```
</CodeTabs>
</Tab>
<Tab heading="Consul Enterprise (Peers)">
2021-12-04 22:16:15 +00:00
<CodeTabs heading="Exported services configuration syntax" tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
2021-11-12 02:43:57 +00:00
```hcl
2021-12-03 06:50:38 +00:00
Kind = "exported-services"
2021-11-12 02:43:57 +00:00
Partition = "<partition containing services to export>"
2021-12-14 20:10:30 +00:00
Name = "<partition containing services to export>"
2021-11-12 02:43:57 +00:00
Services = [
{
Name = "<name of service to export>"
2022-01-05 20:01:10 +00:00
Namespace = "<namespace in the partition containing the service to export>"
2021-11-12 02:43:57 +00:00
Consumers = [
{
2022-10-04 18:46:15 +00:00
Peer = "<name of the peered cluster that dials the exported service>"
2022-06-18 00:40:38 +00:00
}
2021-11-12 02:43:57 +00:00
]
}
]
```
2022-01-05 20:01:10 +00:00
2021-11-12 02:43:57 +00:00
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
2022-03-02 23:57:58 +00:00
kind: ExportedServices
2021-12-17 19:29:10 +00:00
metadata:
name: <partition containing services to export>
2022-01-05 20:01:10 +00:00
spec:
2021-12-17 19:29:10 +00:00
services:
2022-01-05 20:01:10 +00:00
- name: <name of service to export>
namespace: <namespace in the partition containing the service to export>
consumers:
2022-11-17 16:25:32 +00:00
- peer: <name of the peered cluster that dials the exported service>
2021-11-12 02:43:57 +00:00
```
2022-01-05 20:01:10 +00:00
2021-11-12 02:43:57 +00:00
```json
2021-12-03 06:50:38 +00:00
"Kind": "exported-services",
2021-11-12 02:43:57 +00:00
"Partition": "<partition containing services to export>",
2021-12-14 20:10:30 +00:00
"Name": "<partition containing services to export>",
2021-11-12 02:43:57 +00:00
"Services": [
{
2022-06-18 00:40:38 +00:00
"Name": "<name of service to export>",
"Namespace": "<namespace in the partition containing the service to export>"
2021-11-12 02:43:57 +00:00
"Consumers": [
{
2022-10-04 18:46:15 +00:00
"Peer": "<name of the peered cluster that dials the exported service>"
2021-11-12 02:43:57 +00:00
}
2022-06-18 00:40:38 +00:00
]
}
]
```
</CodeTabs>
</Tab>
<Tab heading="Consul Enterprise (Partitions)">
<CodeTabs heading="Exported services configuration syntax" tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "exported-services"
Partition = "<partition containing services to export>"
Name = "<partition containing services to export>"
Services = [
{
Name = "<name of service to export>"
Namespace = "<namespace in the partition containing the service to export>"
Consumers = [
{
Partition = "<name of the partition that dials the exported service>"
}
]
}
]
```
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ExportedServices
metadata:
name: <partition containing services to export>
spec:
services:
- name: <name of service to export>
namespace: <namespace in the partition containing the service to export>
consumers:
- partition: <name of the partition that dials the exported service>
```
```json
"Kind": "exported-services",
"Partition": "<partition containing services to export>",
"Name": "<partition containing services to export>",
"Services": [
{
2021-11-12 02:43:57 +00:00
"Name": "<name of service to export>",
2021-11-16 18:44:21 +00:00
"Namespace": "<namespace in the partition containing the service to export>"
2022-06-18 00:40:38 +00:00
"Consumers": [
{
"Partition": "<name of partition that dials the exported service>"
}
]
2021-11-12 02:43:57 +00:00
}
]
```
2022-01-05 20:01:10 +00:00
2021-11-12 02:43:57 +00:00
</CodeTabs>
2022-06-18 00:40:38 +00:00
</Tab>
</Tabs>
2021-11-12 02:43:57 +00:00
### Configuration Parameters
2021-12-03 06:50:38 +00:00
The following table describes the parameters associated with the `exported-services` configuration entry.
2021-11-12 02:43:57 +00:00
2022-01-05 20:01:10 +00:00
| Parameter | Description | Required | Default |
| ----------- | --------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- |
2022-06-18 00:40:38 +00:00
| `Kind` | String value that enables the configuration entry. The value should always be `exported-services` (HCL and JSON) or `ExportedServices` (YAML) | Required | None |
| `Partition` | <EnterpriseAlert inline /> String value that specifies the name of the partition that contains the services you want to export. | Required | None |
| `Name` | String value that specifies the name of the partition that contains the services you want to export. Must be `default` in Consul OSS. | Required | None |
| `Services` | List of objects that specify which services to export. For details, refer to [`Services`](#services). | Required | None |
| `Meta` | Object that defines a map of the max 64 key/value pairs. | Optional | None |
2021-11-12 02:43:57 +00:00
2021-12-15 23:51:24 +00:00
### Services
2021-11-12 02:43:57 +00:00
2022-06-18 00:40:38 +00:00
The `Services` parameter contains a list of one or more parameters that specify which services to export, which namespaces the services reside, and the destination cluster for the exported services. Each item in the `Services` list must contain the following parameters:
2021-11-12 02:43:57 +00:00
2022-06-18 00:40:38 +00:00
- `Name`: Specifies the name of the service to export. You can use an asterisk wildcard (`*`) to include all services in the namespace.
- `Namespace`: <EnterpriseAlert inline /> Specifies the namespace containing the services to export. You can use an asterisk wildcard (`*`) to include all namespaces in the partition.
- `Consumers`: Specifies one or more objects that identify a destination cluster for the exported services.
2021-11-12 02:43:57 +00:00
2022-06-18 00:40:38 +00:00
### Consumers
2021-11-12 02:43:57 +00:00
2022-06-18 00:40:38 +00:00
The `Consumers` parameter contains a list of one or more parameters that specify the destination cluster for
an exported service. Each item in the `Consumers` list must contain exactly one of the following parameters:
2021-11-12 02:43:57 +00:00
2022-10-04 18:46:15 +00:00
- `Peer`: Specifies the name of the peered cluster to export the service to.
A asterisk wildcard (`*`) cannot be specified as the `Peer`. Added in Consul 1.13.0.
2022-06-18 00:40:38 +00:00
- `Partition`: <EnterpriseAlert inline /> Specifies an admin partition in the datacenter to export the service to.
A asterisk wildcard (`*`) cannot be specified as the `Partition`.
## Examples
### Exporting services to peered clusters
<Tabs>
<Tab heading="Consul OSS">
The following example configures Consul to export the `payments` and `refunds` services to the peered `web-shop` cluster.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
2021-11-12 02:43:57 +00:00
```hcl
2022-01-05 20:01:10 +00:00
Kind = "exported-services"
2022-06-18 00:40:38 +00:00
Name = "default"
2021-11-12 02:43:57 +00:00
Services = [
{
2022-06-18 00:40:38 +00:00
Name = "payments"
2021-11-12 02:43:57 +00:00
Consumers = [
{
2022-10-04 18:46:15 +00:00
Peer = "web-shop"
2021-11-12 02:43:57 +00:00
},
2022-06-18 00:40:38 +00:00
]
},
{
Name = "refunds"
Consumers = [
2021-11-12 02:43:57 +00:00
{
2022-10-04 18:46:15 +00:00
Peer = "web-shop"
2021-11-12 02:43:57 +00:00
}
]
2022-06-18 00:40:38 +00:00
}
]
```
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
Kind: ExportedServices
metadata:
name: default
spec:
services:
- name: payments
consumers:
2022-11-17 16:25:32 +00:00
- peer: web-shop
2022-06-18 00:40:38 +00:00
- name: refunds
consumers:
2022-11-17 16:25:32 +00:00
- peer: web-shop
2022-06-18 00:40:38 +00:00
```
```json
"Kind": "exported-services",
"Name": "default",
"Services": [
{
"Name": "payments",
"Consumers": [
{
2022-10-04 18:46:15 +00:00
"Peer": "web-shop"
2022-06-18 00:40:38 +00:00
},
],
},
{
"Name": "refunds",
"Consumers": [
{
2022-10-04 18:46:15 +00:00
"Peer": "web-shop"
2022-06-18 00:40:38 +00:00
}
]
}
]
```
</CodeTabs>
</Tab>
<Tab heading="Consul Enterprise (Peers)">
The following example configures Consul to export the `payments` and `refunds` services from the `billing` namespace of the `finance` admin partition to the `web-shop` peer.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "exported-services"
Partition = "finance"
Name = "finance"
Services = [
{
Name = "payments"
Namespace = "billing"
Consumers = [
{
2022-10-04 18:46:15 +00:00
Peer = "web-shop"
2022-06-18 00:40:38 +00:00
},
]
2021-11-12 02:43:57 +00:00
},
{
2022-06-18 00:40:38 +00:00
Name = "refunds"
Namespace = "billing"
2021-11-12 02:43:57 +00:00
Consumers = [
{
2022-10-04 18:46:15 +00:00
Peer = "web-shop"
2021-11-12 02:43:57 +00:00
}
]
}
]
```
```yaml
2021-12-17 19:29:10 +00:00
apiVersion: consul.hashicorp.com/v1alpha1
2021-12-17 17:39:55 +00:00
Kind: ExportedServices
2022-01-05 20:01:10 +00:00
metadata:
2021-12-17 19:29:10 +00:00
name: finance
spec:
services:
2022-06-18 00:40:38 +00:00
- name: payments
namespace: billing
2022-01-05 20:01:10 +00:00
consumers:
2022-11-17 16:25:32 +00:00
- peer: web-shop
2022-06-18 00:40:38 +00:00
- name: refunds
namespace: billing
2022-01-05 20:01:10 +00:00
consumers:
2022-11-17 16:25:32 +00:00
- peer: web-shop
2021-11-12 02:43:57 +00:00
```
```json
2021-12-03 06:50:38 +00:00
"Kind": "exported-services",
2021-11-12 02:43:57 +00:00
"Partition": "finance",
2021-12-14 20:10:30 +00:00
"Name": "finance",
2021-11-12 02:43:57 +00:00
"Services": [
{
2022-06-18 00:40:38 +00:00
"Name": "payments",
"Namespace": "billing"
2021-11-12 02:43:57 +00:00
"Consumers": [
{
2022-10-04 18:46:15 +00:00
"Peer": "web-shop"
2021-11-12 02:43:57 +00:00
},
2022-06-18 00:40:38 +00:00
],
},
{
"Name": "refunds",
"Namespace": "billing",
"Consumers": [
{
2022-10-04 18:46:15 +00:00
"Peer": "web-shop"
2022-06-18 00:40:38 +00:00
}
]
}
]
```
</CodeTabs>
</Tab>
<Tab heading="Consul Enterprise (Partitions)">
The following example configures Consul to export the `payments` and `refunds` services from the `billing` namespace of the `finance` admin partition to the `web-shop` partition.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "exported-services"
Partition = "finance"
Name = "finance"
Services = [
{
Name = "payments"
Namespace = "billing"
Consumers = [
{
Partition = "web-shop"
},
]
},
{
Name = "refunds"
Namespace = "billing"
Consumers = [
2021-11-12 02:43:57 +00:00
{
2022-06-18 00:40:38 +00:00
Partition = "web-shop"
2021-11-12 02:43:57 +00:00
}
2022-06-18 00:40:38 +00:00
]
}
]
```
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
Kind: ExportedServices
metadata:
name: finance
spec:
services:
- name: payments
namespace: billing
consumers:
- partition: web-shop
- name: refunds
namespace: billing
consumers:
- partition: web-shop
```
```json
"Kind": "exported-services",
"Partition": "finance",
"Name": "finance",
"Services": [
{
"Name": "payments",
"Namespace": "billing"
"Consumers": [
{
"Partition": "web-shop"
},
2021-11-12 02:43:57 +00:00
],
},
{
2022-06-18 00:40:38 +00:00
"Name": "refunds",
"Namespace": "billing",
2021-11-12 02:43:57 +00:00
"Consumers": [
{
2022-06-18 00:40:38 +00:00
"Partition": "web-shop"
2021-11-12 02:43:57 +00:00
}
2022-06-18 00:40:38 +00:00
]
}
]
```
</CodeTabs>
</Tab>
</Tabs>
### Exporting all services
<Tabs>
<Tab heading="Consul OSS">
The following example configures Consul to export all services in the datacenter to the peered `monitoring` and `platform` clusters.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "exported-services"
Name = "default"
Services = [
{
Name = "*"
Consumers = [
{
2022-10-04 18:46:15 +00:00
Peer = "monitoring"
2022-06-18 00:40:38 +00:00
},
{
2022-10-04 18:46:15 +00:00
Peer = "platform"
2022-06-18 00:40:38 +00:00
}
]
}
]
```
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
Kind: ExportedServices
metadata:
name: default
spec:
services:
- name: *
consumers:
2022-11-17 16:25:32 +00:00
- peer: monitoring
- peer: platform
2022-06-18 00:40:38 +00:00
```
```json
"Kind": "exported-services",
"Name": "default",
"Services": [
{
2021-11-12 02:43:57 +00:00
"Name": "*",
"Namespace": "*"
2022-06-18 00:40:38 +00:00
"Consumers": [
{
2022-10-04 18:46:15 +00:00
"Peer": "monitoring"
2022-06-18 00:40:38 +00:00
},
{
2022-10-04 18:46:15 +00:00
"Peer": "platform"
2022-06-18 00:40:38 +00:00
}
]
2021-11-12 02:43:57 +00:00
}
]
```
</CodeTabs>
2022-06-18 00:40:38 +00:00
</Tab>
<Tab heading="Consul Enterprise (Peers)">
The following example configures Consul to export all services in all namespaces of the `finance` partition to the peered `monitoring` and `platform` clusters.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "exported-services"
Partition = "finance"
Name = "finance"
Services = [
{
Name = "*"
Namespace = "*"
Consumers = [
{
2022-10-04 18:46:15 +00:00
Peer = "monitoring"
2022-06-18 00:40:38 +00:00
},
{
2022-10-04 18:46:15 +00:00
Peer = "platform"
2022-06-18 00:40:38 +00:00
}
]
}
]
```
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
Kind: ExportedServices
metadata:
name: finance
spec:
services:
- name: *
namespace: *
consumers:
2022-11-17 16:25:32 +00:00
- peer: monitoring
- peer: platform
2022-06-18 00:40:38 +00:00
```
```json
"Kind": "exported-services",
"Partition": "finance",
"Name": "finance",
"Services": [
{
"Name": "*",
"Namespace": "*"
"Consumers": [
{
2022-10-04 18:46:15 +00:00
"Peer": "monitoring"
2022-06-18 00:40:38 +00:00
},
{
2022-10-04 18:46:15 +00:00
"Peer": "platform"
2022-06-18 00:40:38 +00:00
}
]
}
]
```
</CodeTabs>
</Tab>
<Tab heading="Consul Enterprise (Partitions)">
The following example configures Consul to export all services in all namespaces of the `finance` partition to the `monitoring` and `platform` partitions.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl
Kind = "exported-services"
Partition = "finance"
Name = "finance"
Services = [
{
Name = "*"
Namespace = "*"
Consumers = [
{
Partition = "monitoring"
},
{
Partition = "platform"
}
]
}
]
```
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
Kind: ExportedServices
metadata:
name: finance
spec:
services:
- name: *
namespace: *
consumers:
- partition: monitoring
- partition: platform
```
```json
"Kind": "exported-services",
"Partition": "finance",
"Name": "finance",
"Services": [
{
"Name": "*",
"Namespace": "*"
"Consumers": [
{
"Partition": "monitoring"
},
{
"Partition": "platform"
}
]
}
]
```
</CodeTabs>
</Tab>
</Tabs>
2021-11-12 02:43:57 +00:00
## Reading Services
2022-06-18 00:40:38 +00:00
When an exported service has been imported to another cluster, you can use the `health` REST API endpoint to query the service on the consumer cluster.
<Tabs>
<Tab heading="Consul OSS">
The following example queries the `finance` peer for the imported `payments` service:
```shell-session
$ curl 'localhost:8500/v1/health/service/payments?peer=finance'
```
2023-01-12 05:01:30 +00:00
An ACL token with either of the following permissions is required in the cluster where the query is made:
2022-11-18 22:39:41 +00:00
- `service:write` permissions for any service.
- `service:read` and `node:read` for all services and nodes, respectively.
If the call in the previous example is made from a service named `web`, then the request requires either:
- A token with `service:write` permissions to `web`.
- A token with `service:read` and `node:read` to all names in the datacenter.
<CodeTabs heading="Example ACL rules for reading imported services in Consul OSS">
```hcl
service "web" {
policy = "write"
}
# OR
service_prefix "" {
policy = "read"
}
node_prefix "" {
policy = "read"
}
```
```json
{
"service": {
"web": {
"policy": "write"
}
}
}
2023-01-12 05:01:30 +00:00
## OR
2022-11-18 22:39:41 +00:00
{
"service_prefix": {
"": {
"policy": "read"
}
},
"node_prefix": {
"": {
"policy": "read"
}
}
}
```
</CodeTabs>
2022-06-18 00:40:38 +00:00
</Tab>
2022-11-18 22:39:41 +00:00
<Tab heading="Consul Enterprise (Partitions)">
2022-06-18 00:40:38 +00:00
The following example queries the `finance` partition for the imported `payments` service:
2021-11-12 02:43:57 +00:00
```shell-session
2022-06-18 00:40:38 +00:00
$ curl 'localhost:8500/v1/health/service/payments?partition=finance'
2021-11-12 02:43:57 +00:00
```
2022-11-18 22:39:41 +00:00
2023-01-12 05:01:30 +00:00
An ACL token with either of the following permissions is required in the cluster where the query is made:
2022-11-18 22:39:41 +00:00
- `service:write` permissions for any service in the partition where the query is made.
- `service:read` and `node:read` for all services and nodes, respectively, in any namespace and the exact partition where the query is made.
If the call in the previous example is made from a service named `web` in a partition named `frontend`, then the request requires either:
- A token with `service:write` permissions to `web` in the `frontend` partition.
- A token with `service:read` and `node:read` to all names in the `frontend` partition, for any namespace.
<CodeTabs heading="Example ACL rules for reading imported services from a partition in Consul Enterprise">
```hcl
partition "frontend" {
namespace "dev" { # This could be any namespace
service "web" {
policy = "write"
}
}
}
# OR
partition "frontend" {
namespace "dev" { # This could be any namespace
service_prefix "" {
policy = "read"
}
node_prefix "" {
policy = "read"
}
}
}
```
```json
{
"partition": {
"frontend": {
"namespace": {
## The following could be any namespace
"dev": {
"service": {
"web": {
"policy": "write"
}
}
}
}
}
}
}
2023-01-12 05:01:30 +00:00
## OR
2022-11-18 22:39:41 +00:00
{
"partition": {
"frontend": {
"namespace": {
## The following could be any namespace
"dev": {
"service_prefix": {
"": {
"policy": "read"
}
},
"node_prefix": {
"": {
"policy": "read"
}
}
}
}
}
}
}
```
</CodeTabs>
2022-06-18 00:40:38 +00:00
</Tab>
2021-11-12 02:43:57 +00:00
2022-11-18 22:39:41 +00:00
<Tab heading="Consul Enterprise (Peers)">
The following example queries the `finance` peer for the imported `payments` service:
```shell-session
$ curl 'localhost:8500/v1/health/service/payments?peer=finance'
```
2023-01-12 05:01:30 +00:00
An ACL token with either of the following permissions is required in the cluster where the query is made:
2022-11-18 22:39:41 +00:00
- `service:write` permissions for any service in the partition where the query is made.
- `service:read` and `node:read` for all services and nodes, respectively, in any namespace and the exact partition where the query is made.
If the call in the previous example is made from a service named `web` in a partition named `frontend`, then the request requires either:
- A token with `service:write` permissions to `web` in the `frontend` partition.
- A token with `service:read` and `node:read` to all names in the `frontend` partition, for any namespace.
2021-11-16 18:44:21 +00:00
2022-11-18 22:39:41 +00:00
<CodeTabs heading="Example ACL rules for reading imported services from a peer in Consul Enterprise">
```hcl
partition "frontend" {
namespace "dev" { # This could be any namespace
service "web" {
policy = "write"
}
}
}
# OR
partition "frontend" {
namespace "dev" { # This could be any namespace
service_prefix "" {
policy = "read"
}
node_prefix "" {
policy = "read"
}
}
}
```
```json
{
"partition": {
"frontend": {
"namespace": {
## The following could be any namespace
"dev": {
"service": {
"web": {
"policy": "write"
}
}
}
}
}
}
}
2023-01-12 05:01:30 +00:00
## OR
2022-11-18 22:39:41 +00:00
{
"partition": {
"frontend": {
"namespace": {
## The following could be any namespace
"dev": {
"service_prefix": {
"": {
"policy": "read"
}
},
"node_prefix": {
"": {
"policy": "read"
}
}
}
}
}
}
}
```
</CodeTabs>
</Tab>
</Tabs>
2021-11-16 18:44:21 +00:00
2023-01-25 16:52:43 +00:00
For additional information, refer to [Health HTTP Endpoint](/consul/api-docs/health).