Understanding the Separation of Topology View and Intentions in HCP Consul Dedicated – HashiCorp Help Center

Overview

In Consul, the Topology view and Intentions are distinct features and serve different purposes within the service mesh. This guide clarifies the differences between these entities, explaining how the Topology View is generated from upstream configurations in service definitions and how Intentions control service-to-service communication and has nothing to do with the topology graph.

Topology View

The Topology view in Consul provides a graphical representation of the service mesh dependencies, illustrating the relationships and dependencies between services. This visualization is derived from the upstream configurations defined for sidecar proxies in the service definition files of given services that are part of the service mesh.

Viewing the Topology in the Consul UI

1. Access the Consul UI:
  - Navigate to http://<consul_server>:8500 in your web browser.
2. Navigate to the Services Page:
  - Click on the "Services" tab.
3. Open the Topology View:
  - Look for the "Topology" button or tab to view the service mesh topology. This will display a graphical representation of your services and their dependencies based on the upstream configurations.

Configuring Upstreams

To visualize services in the Topology view, you need to configure upstream services in the service definition files. Here’s an example of how to define upstream configurations:

Service Definition File with Upstream Configuration:
```
service {
  name = "<service-name>"

connect {
    sidecar_service {
      proxy {
  upstreams = [
    {
      destination_name = "<destination1-service-name>"
      local_bind_port = <bind-port>
    },
    {
      destination_name = "<destination2-service-name>"
      local_bind_port = <bind-port>
    }
  ]
}
    }
  }
}
```
In this example, the service-name service has two upstream services: destination1-service-name and destination2-service-name. This configuration will be used by Consul to generate the topology graph, showing service-name depending on destination1-service-name and destination2-service-name.

Topological graph will look like as below :
Service Definition File without Upstream Configuration:

service {
  name = "<service-name>"

connect {
    sidecar_service {
      proxy {
  upstreams = []
}
    }
  }
}

In this example, when the upstream configuration is removed from the service definition file of the service-name service, the topology view shows nothing even if the intentions are defined for this.

Topological graph will look like as below :

Intentions

Intentions are policies that control which services can communicate with each other within the service mesh. They allow you to define allow or deny rules for service-to-service communication. Intentions can be defined via the Consul UI or using the Consul API or Consul CLI.

Sample screenshot of Intentions :

Point to Note : If the upstream configuration is not defined in the service definition file, the topological view of the service dependencies will not be visible, even if the intentions for the services are defined.

Conclusion

The Topology view and Intentions in Consul are separate entities serving distinct purposes. The Topology view is generated from upstream configurations in service definitions, providing a graphical representation of service dependencies. Intentions, on the other hand, control service-to-service communication policies.

Understanding the separation between these features is crucial for effectively managing and securing your service mesh in Consul.

References