Consul Intention
Command: consul intention
The intention
command is used to interact with service mesh
intentions. It exposes commands for
creating, updating, reading, deleting, checking, and managing intentions.
This command is available in Consul 1.2 and later.
Use the
service-intentions
configuration entry or the HTTP
API to manage intentions.
Deprecated - This command is deprecated in Consul 1.9.0 in favor of
using the config entry CLI command. To create an
intention, create or modify a
service-intentions
config
entry for the destination.
Usage
Usage: consul intention <subcommand>
For the exact documentation for your Consul version, run consul intention -h
to view the complete list of subcommands.
For more information, examples, and usage about a subcommand, click on the name of the subcommand in the sidebar.
Basic Examples
Create an intention to allow "web" to talk to "db":
Create an intention to deny "db" from initiating connections to any service:
Test whether a "web" is allowed to connect to "db":
List all intentions:
Find all intentions for communicating to the "db" service:
Source and Destination Naming
Intention commands commonly take positional arguments referred to as SRC
and
DST
in the command documentation. These can take several forms:
Format | Meaning |
---|---|
<service> | the named service in the current namespace |
* | any service in the current namespace |
<namespace>/<service> | Enterprise the named service in a specific namespace in the default partition |
<namespace>/* | Enterprise any service in the specified namespace in the default partition |
*/* | Enterprise any service in any namespace in the default partition |
<partition>/<namespace>/<service> | Enterprise the named service in a specific namespace |
<partition>/<namespace>/* | Enterprise any service in the specified namespace in a specific partition |
<partition>/*/* | Enterprise any service in any namespace in the a specific partition |