Go to file
Paul Glass d8d89d4b59
Permissive mTLS (#17035)
This implements permissive mTLS , which allows toggling services into "permissive" mTLS mode.
Permissive mTLS mode allows incoming "non Consul-mTLS" traffic to be forward unmodified to the application.

* Update service-defaults and proxy-defaults config entries with a MutualTLSMode field
* Update the mesh config entry with an AllowEnablingPermissiveMutualTLS field and implement the necessary validation. AllowEnablingPermissiveMutualTLS must be true to allow changing to MutualTLSMode=permissive, but this does not require that all proxy-defaults and service-defaults are currently in strict mode.
* Update xDS listener config to add a "permissive filter chain" when MutualTLSMode=permissive for a particular service. The permissive filter chain matches incoming traffic by the destination port. If the destination port matches the service port from the catalog, then no mTLS is required and the traffic sent is forwarded unmodified to the application.
2023-04-19 14:45:00 -05:00
.changelog Permissive mTLS (#17035) 2023-04-19 14:45:00 -05:00
.github ci: remove test-integrations CircleCI workflow (#16928) 2023-04-19 16:19:29 +00:00
.release Remove version bump from CRT workflow (#16728) 2023-03-23 11:21:27 -05:00
acl server: wire up in-process Resource Service (#16978) 2023-04-18 10:03:23 +01:00
agent Permissive mTLS (#17035) 2023-04-19 14:45:00 -05:00
api Permissive mTLS (#17035) 2023-04-19 14:45:00 -05:00
bench Gets benchmarks running again and does a rough pass for 0.7.1. 2016-11-29 13:02:26 -08:00
build-support add ability to start container tests in debug mode and attach a debugger (#16887) 2023-04-18 09:49:53 -04:00
command Raft storage backend (#16619) 2023-04-04 17:30:06 +01:00
connect Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
contributing Move contributing to docs 2021-08-30 16:17:09 -04:00
docs ci: remove test-integrations CircleCI workflow (#16928) 2023-04-19 16:19:29 +00:00
envoyextensions Update list of Envoy versions (#16889) 2023-04-12 17:43:15 -04:00
grafana add readme outlining how to edit and publish 2021-01-12 14:47:11 -08:00
internal Tenancy wildcard validaton for `Write`, `Read`, and `Delete` endpoints (#17004) 2023-04-17 16:33:20 -05:00
ipaddr Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
lib Avoid decoding nil pointer in map walker (#17048) 2023-04-19 10:23:38 -07:00
logging Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
proto Permissive mTLS (#17035) 2023-04-19 14:45:00 -05:00
proto-public resource: `WriteStatus` endpoint (#16886) 2023-04-11 19:23:14 +01:00
sdk Test: add noCleanup to TestServer stop (#16919) 2023-04-07 20:47:54 -04:00
sentinel Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
service_os Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
snapshot Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
test ci: remove test-integrations CircleCI workflow (#16928) 2023-04-19 16:19:29 +00:00
testrpc Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
tlsutil Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
tools/internal-grpc-proxy Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
troubleshoot Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
types Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
ui ci: remove test-integrations CircleCI workflow (#16928) 2023-04-19 16:19:29 +00:00
version Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
website docs: update docs related to GH-16779 (#17020) 2023-04-17 23:41:31 +00:00
.copywrite.hcl Remove UI brand-loader copyright headers as they do not render appropriately (#16835) 2023-03-31 11:29:19 -04:00
.dockerignore Update the scripting 2018-06-14 21:42:47 -04:00
.gitattributes Initial commit 2013-11-04 14:15:27 -08:00
.gitignore grpc: `protoc` plugin for generating gRPC rate limit specifications (#15564) 2023-01-04 16:07:02 +00:00
.golangci.yml Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
CHANGELOG.md docs: update docs related to GH-16779 (#17020) 2023-04-17 23:41:31 +00:00
Dockerfile Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
GNUmakefile ci: remove test-integrations CircleCI workflow (#16928) 2023-04-19 16:19:29 +00:00
LICENSE [COMPLIANCE] Update MPL-2.0 LICENSE (#14964) 2022-11-09 12:24:14 -06:00
NOTICE.md add copyright notice file 2018-07-09 10:58:26 -07:00
README.md Fixed broken links referring to tutorials running as local agent (#14954) 2022-10-11 13:01:29 -07:00
buf.work.yaml Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
fixup_acl_move.sh Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00
go.mod Bump the golang.org/x/net to 0.7.0 to address CVE-2022-41723 (#16754) 2023-04-18 17:31:08 +00:00
go.sum Bump the golang.org/x/net to 0.7.0 to address CVE-2022-41723 (#16754) 2023-04-18 17:31:08 +00:00
main.go Copyright headers for missing files/folders (#16708) 2023-03-28 18:48:58 -04:00

README.md

Consul logo Consul

Docker Pulls Go Report Card

Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.

Consul provides several key features:

  • Multi-Datacenter - Consul is built to be datacenter aware, and can support any number of regions without complex configuration.

  • Service Mesh - Consul Service Mesh enables secure service-to-service communication with automatic TLS encryption and identity-based authorization. Applications can use sidecar proxies in a service mesh configuration to establish TLS connections for inbound and outbound connections with Transparent Proxy.

  • Service Discovery - Consul makes it simple for services to register themselves and to discover other services via a DNS or HTTP interface. External services such as SaaS providers can be registered as well.

  • Health Checking - Health Checking enables Consul to quickly alert operators about any issues in a cluster. The integration with service discovery prevents routing traffic to unhealthy hosts and enables service level circuit breakers.

  • Key/Value Storage - A flexible key/value store enables storing dynamic configuration, feature flagging, coordination, leader election and more. The simple HTTP API makes it easy to use anywhere.

Consul runs on Linux, macOS, FreeBSD, Solaris, and Windows and includes an optional browser based UI. A commercial version called Consul Enterprise is also available.

Please note: We take Consul's security and our users' trust very seriously. If you believe you have found a security issue in Consul, please responsibly disclose by contacting us at security@hashicorp.com.

Quick Start

A few quick start guides are available on the Consul website:

Documentation

Full, comprehensive documentation is available on the Consul website: https://consul.io/docs

Contributing

Thank you for your interest in contributing! Please refer to CONTRIBUTING.md for guidance. For contributions specifically to the browser based UI, please refer to the UI's README.md for guidance.