What Consul Does
- Service Discovery: Register services and discover them via DNS or HTTP API
- Health Checking: Continuously monitor service health and remove unhealthy instances
- KV Store: Distributed key-value storage for dynamic configuration
- Service Mesh: Full mTLS service mesh with Envoy sidecar proxies
- Intentions: Declarative access control between services
- Multi-Datacenter: Federate Consul clusters across regions and clouds
- Network Segmentation: Isolate services via Consul Namespaces and Admin Partitions
- ACL: Fine-grained access control with tokens and policies
- Event System: Trigger events across clusters for coordinated actions
Architecture
┌─────────────────────────────────────────────┐
│ Datacenter 1 │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ Consul │──│ Consul │──│ Consul │ │
│ │ Server 1 │ │ Server 2 │ │ Server 3 │ │
│ └──────────┘ └──────────┘ └──────────┘ │
│ ▲ ▲ ▲ │
│ │ Raft Consensus │ │
│ ┌────┴──────────────┴──────────┴────┐ │
│ │ │ │
│ │ ┌─────┐ ┌─────┐ ┌─────┐ ┌─────┐ │ │
│ │ │Agent│ │Agent│ │Agent│ │Agent│ │ │
│ │ │ Web │ │ API │ │ DB │ │Cache│ │ │
│ │ └─────┘ └─────┘ └─────┘ └─────┘ │ │
│ │ Client Agents │ │
│ └────────────────────────────────────┘ │
└─────────────────────────────────────────────┘
│ WAN Federation
▼
┌─────────────────────────────────────────────┐
│ Datacenter 2 (Another region/cloud) │
└─────────────────────────────────────────────┘Self-Hosting
Docker Compose (Dev)
services:
consul:
image: hashicorp/consul:latest
ports:
- "8500:8500" # HTTP API / UI
- "8600:8600/udp" # DNS
- "8600:8600/tcp"
command: agent -server -ui -bootstrap-expect=1 -client=0.0.0.0
volumes:
- consul-data:/consul/data
volumes:
consul-data:Production Cluster (3 Servers)
services:
consul-server-1:
image: hashicorp/consul:latest
command: agent -server -ui -bootstrap-expect=3 -retry-join=consul-server-2 -retry-join=consul-server-3 -client=0.0.0.0
volumes:
- consul-1:/consul/data
consul-server-2:
image: hashicorp/consul:latest
command: agent -server -bootstrap-expect=3 -retry-join=consul-server-1 -retry-join=consul-server-3 -client=0.0.0.0
volumes:
- consul-2:/consul/data
consul-server-3:
image: hashicorp/consul:latest
command: agent -server -bootstrap-expect=3 -retry-join=consul-server-1 -retry-join=consul-server-2 -client=0.0.0.0
volumes:
- consul-3:/consul/data
volumes:
consul-1:
consul-2:
consul-3:Service Discovery
Register a Service
{
"service": {
"name": "web",
"id": "web-1",
"address": "10.0.1.5",
"port": 8080,
"tags": ["primary", "v2"],
"checks": [
{
"http": "http://10.0.1.5:8080/health",
"interval": "10s",
"timeout": "5s"
}
]
}
}curl -X PUT -d @service.json http://localhost:8500/v1/agent/service/registerDiscover Services
# HTTP API
curl http://localhost:8500/v1/catalog/service/web
# DNS query (SRV record)
dig @localhost -p 8600 web.service.consul SRV
# Only healthy instances
curl http://localhost:8500/v1/health/service/web?passing=trueIntegration in Code
// Go example
import "github.com/hashicorp/consul/api"
config := api.DefaultConfig()
client, _ := api.NewClient(config)
// Find web service
services, _, _ := client.Health().Service("web", "", true, nil)
for _, entry := range services {
fmt.Printf("%s:%d
", entry.Service.Address, entry.Service.Port)
}KV Store
# Write
curl -X PUT -d 'production' http://localhost:8500/v1/kv/config/app/environment
curl -X PUT -d '5432' http://localhost:8500/v1/kv/config/db/port
# Read
curl http://localhost:8500/v1/kv/config/app/environment?raw
# List keys
curl http://localhost:8500/v1/kv/config/?keys
# Watch for changes (long polling)
curl "http://localhost:8500/v1/kv/config/app/environment?index=123&wait=5m"Service Mesh (Connect)
Enable Connect
{
"service": {
"name": "web",
"port": 8080,
"connect": {
"sidecar_service": {
"proxy": {
"upstreams": [
{
"destination_name": "database",
"local_bind_port": 9191
}
]
}
}
}
}
}Intentions (Access Control)
# Allow web service to access database
consul intention create web database
# Deny all except explicitly allowed
consul intention create -deny "*" "*"
consul intention create web databaseConsul vs Alternatives
| Feature | Consul | Etcd | Eureka | Istio |
|---|---|---|---|---|
| Service discovery | Yes | Kv only | Yes | Via K8s |
| KV store | Yes | Yes | No | No |
| Health checks | Yes | No | Yes | Yes |
| Service mesh | Yes | No | No | Yes |
| Multi-DC | Yes | Limited | Yes | Complex |
| DNS interface | Yes | No | No | No |
| Language | Go | Go | Java | Go |
| Stack | Any | K8s native | Java focus | K8s focus |
常见问题
Q: Consul 和 etcd 怎么选? A: etcd 主要是分布式 KV 存储(K8s 用它存储集群状态)。Consul 是完整的服务网络平台,包含 KV + 服务发现 + 健康检查 + 服务网格。如果你只需要 KV 存储,etcd 更轻量。如果需要服务发现和健康检查,选 Consul。
Q: Consul 和 Istio 怎么选? A: Istio 是 Kubernetes 原生服务网格(只能在 K8s 上用)。Consul 既支持 K8s 也支持 VM 和混合环境。如果你的服务混合部署在 K8s 和传统 VM 上,选 Consul。纯 K8s 环境下 Istio 功能更丰富。
Q: BSL 许可证影响使用吗? A: BSL(Business Source License)允许自由使用和修改,限制是不能作为 Consul 的竞品商业产品。对于绝大多数用户(自托管、内部使用),BSL 等同于开源许可。
来源与致谢
- GitHub: hashicorp/consul — 29.8K+ ⭐ | BSL
- 官网: consul.io