我的书签
添加书签
移除书签Consul KV
The Consul KV datastore is located on the servers, but can be accessed by any agent (client or server). The natively integrated RPC functionality allows clients to forward requests to servers, including key/value reads and writes. Part of Consul’s core design allows data to be replicated automatically across all the servers. Having a quorum of servers will decrease the risk of data loss if an outage occurs.
If you have not used Consul KV, check out this on HashiCorp Learn.
The KV store can be accessed by the consul kv CLI subcommands, , and Consul UI. To restrict access, enable and configure ACLs. Once the ACL system has been bootstrapped, users and services, will need a valid token with KV to access the the data store, this includes even reads. We recommend creating a token with limited privileges, for example, you could create a token with write privileges on one key for developers to update the value related to their application.
Objects are opaque to Consul, meaning there are no restrictions on the type of object stored in a key/value entry. The main restriction on an object is size - the maximum is 512 KB. Due to the maximum object size and main use cases, you should not need extra storage; the general sizing recommendations are usually sufficient.
Keys, like objects are not restricted by type and can include any character. However, we recommend using URL-safe chars - with the exception of /, which can be used to help organize data. Note, / will be treated like any other character and is not fixed to the file system. Meaning, including / in a key does not fix it to a directory structure. This model is similar to Amazon S3 buckets. However, is still useful for organizing data and when recursively searching within the data store. We also recommend that you avoid the use of *, ?, ', and because they can cause issues when using the API and in shell scripts.
If you plan to use Consul KV as part of your configuration management process review the tutorial on how to update configuration based on value updates in the KV. Consul Template is based on Go Templates and allows for a series of scripted actions to be initiated on value changes to a Consul key.
Consul sessions can be used to build distributed locks with Consul KV. Sessions act as a binding layer between nodes, health checks, and key/value data. The KV API supports an acquire and release operation. The acquire operation acts like a Check-And-Set operation. On success, there is a key update and an increment to the and the session value is updated to reflect the session holding the lock. Review the session documentation for more information on the integration.
Review the following tutorials to learn how to use Consul sessions for and to build distributed semaphores.
If you plan to use Consul KV as a backend for Vault, please review .
