Overview
In Consul, the Topology view and Intentions are distinct features and serve different purposes within the service mesh. This guide clarifies the differences between these entities, explaining how the Topology View is generated from upstream configurations in service definitions and how Intentions control service-to-service communication and has nothing to do with the topology graph.
Topology View
The Topology view in Consul provides a graphical representation of the service mesh dependencies, illustrating the relationships and dependencies between services. This visualization is derived from the upstream configurations defined for sidecar proxies in the service definition files of given services that are part of the service mesh.
Viewing the Topology in the Consul UI
-
-
Access the Consul UI:
- Navigate to
http://<consul_server>:8500
in your web browser.
- Navigate to
-
Navigate to the Services Page:
- Click on the "Services" tab.
-
Open the Topology View:
- Look for the "Topology" button or tab to view the service mesh topology. This will display a graphical representation of your services and their dependencies based on the upstream configurations.
-
Configuring Upstreams
To visualize services in the Topology view, you need to configure upstream services in the service definition files. Here’s an example of how to define upstream configurations:
-
Service Definition File with Upstream Configuration:
service {
name = "<service-name>"
connect {
sidecar_service {
proxy {
upstreams = [
{
destination_name = "<destination1-service-name>"
local_bind_port = <bind-port>
},
{
destination_name = "<destination2-service-name>"
local_bind_port = <bind-port>
}
]
}
}
}
}
service has two upstream services:service-name
anddestination1-service-name
. This configuration will be used by Consul to generate the topology graph, showingdestination2-service-name
depending onservice-name
anddestination1-service-name
.destination2-service-name
Topological graph will look like as below :
- Service Definition File without Upstream Configuration:
service {
name = "<service-name>"
connect {
sidecar_service {
proxy {
upstreams = []
}
}
}
}
In this example, when the upstream configuration is removed from the service definition file of the
service, the topology view shows nothing even if the intentions are defined for this.service-name
Topological graph will look like as below :
Intentions
Intentions are policies that control which services can communicate with each other within the service mesh. They allow you to define allow or deny rules for service-to-service communication. Intentions can be defined via the Consul UI or using the Consul API or Consul CLI.
Point to Note : If the upstream configuration is not defined in the service definition file, the topological view of the service dependencies will not be visible, even if the intentions for the services are defined.
Conclusion
The Topology view and Intentions in Consul are separate entities serving distinct purposes. The Topology view is generated from upstream configurations in service definitions, providing a graphical representation of service dependencies. Intentions, on the other hand, control service-to-service communication policies.
Understanding the separation between these features is crucial for effectively managing and securing your service mesh in Consul.
References
- https://developer.hashicorp.com/consul/tutorials/get-started-hcp/hcp-gs-deploy
- https://www.hashicorp.com/blog/service-mesh-visualization-in-hashicorp-consul-1-9
- https://developer.hashicorp.com/consul/docs/connect/proxies
- https://developer.hashicorp.com/consul/docs/services/configuration/services-configuration-reference
- https://developer.hashicorp.com/consul/docs/services/usage/register-services-checks
- https://developer.hashicorp.com/consul/docs/connect/proxies/proxy-config-reference
- https://developer.hashicorp.com/consul/tutorials/get-started-hcp/hcp-gs-intentions