Introduction
Admin partitions exist a level above namespaces in the identity hierarchy. They contain one or more namespaces and allow multiple independent tenants to share a Consul server cluster. As a result, admin partitions enable you to define administrative and communication boundaries between services managed by separate teams or belonging to separate stakeholders. They can also segment production and non-production services within the Consul deployment.
Scenarios
Config Files
It is important to specify the correct enterprise image version when building helm charts or any other config that requires to specify a consul image. See examples below:
Consul helm chart
global:
enableConsulNamespaces: true
tls:
enabled: true
image: hashicorp/consul-enterprise:1.14.0-ent
adminPartitions:
enabled: true
acls:
manageSystemACLs: true
enterpriseLicense:
secretName: license
secretKey: key
meshGateway:
enabled: true
Mesh-task for HCP Consul with ECS
variable "consul_image" {
description = "Consul Docker image."
type = string
default = "public.ecr.aws/hashicorp/consul-enterprise:1.12.7+ent"
}
For CLI Use
Please follow this guide to install Consul CLI. Make sure you use the appropriate enterprise binary version to be able to manage admin partitions when using the CLI to interact with your HCP Consul cluster. Example of enterprise version below (usually ends with "+ent").
Recommendations
When using admin partition we need to be aware this feature requires version 1.11.0+ of HashiCorp Cloud Platform (HCP) or self-managed Consul Enterprise. Refer to the enterprise feature matrix for additional information.
Known Limitations
- Only the default admin partition is supported when federating multiple Consul datacenters in a WAN.
- Admin partitions have no theoretical limit. We intend to conduct a large-scale test to identify a recommended max in the future.