Consul Enterprise Namespaces
This feature requires Consul Enterprise with the Governance and Policy module.
With Consul Enterprise v1.7.0, data for different users or teams can be isolated from each other with the use of namespaces. Namespaces help reduce operational challenges by removing restrictions around uniqueness of resource names across distinct teams, and enable operators to provide self-service through delegation of administrative privileges.
For more information on how to use namespaces with Consul Enterprise please review the following HashiCorp Learn Guides:
- - Register multiple services within different namespaces in Consul.
- Setup Secure Namespaces - Secure resources within a namespace and delegate namespace ACL rights via ACL tokens.
An example namespace definition looks like the following:
JSON
- JSON
- HCL
Description = "Namespace for Team 1"
ACLs {
PolicyDefaults = [
{
},
{
Name = "node-read"
}
]
{
"ID": "69748856-ae69-d620-3ec4-07844b3c6be7"
},
{
"Name": "ns-team-2-read"
]
}
Meta {
foo = "bar"
(string: "")
- This field is intended to be a human readable description of the namespace’s purpose. It is not used internally.ACLs
(object: <optional>)
- This fields is a nested JSON/HCL object to contain the namespaces ACL configuration.(array<ACLLink>)
- A list of default policies to be applied to all tokens created in this namespace. The ACLLink object can contain anID
and/orName
field. When the policies ID is omitted Consul will resolve the name to an ID before writing the namespace definition internally. Note that all policies linked in a namespace definition must be defined within thedefault
namespace, and the ACL token used to create or edit the namespace must have acl:write access to the linked policy.
(map<string|string>: <optional>)
- Specifies arbitrary KV metadata to associate with this namespace.