我的书签
添加书签
移除书签Consul Enterprise
Find the license file that you received in your welcome email. It should have a extension. You will use the contents of this file to create a Kubernetes secret before installing the Helm chart.
Note: This guide assumes you are storing your license as a Kubernetes Secret. If you would like to store the enterprise license in Vault, please reference Storing the Enterprise License in Vault.
You can use the following commands to create the secret with name consul-ent-license and key key:
secret=$(cat 1931d1f4-bdfd-6881-f3f5-19349374841f.hclic)kubectl create secret generic consul-ent-license --from-literal="key=${secret}"
Note: If you cannot find your .hclic file, please contact your sales team or Technical Account Manager.
In your config.yaml, change the value of global.image to one of the enterprise .
global:image: 'hashicorp/consul-enterprise:1.10.0-ent'
global:image: 'hashicorp/consul-enterprise:1.10.0-ent'
Add the name and key of the secret you just created to server.enterpriseLicense, if using Consul version 1.10+.
global:image: 'hashicorp/consul-enterprise:1.10.0-ent'enterpriseLicense:secretName: 'consul-ent-license'secretKey: 'key'
config.yaml
global:image: 'hashicorp/consul-enterprise:1.10.0-ent'enterpriseLicense:secretName: 'consul-ent-license'secretKey: 'key'
If the version of Consul is < 1.10, use the following config with the name and key of the secret you just created. (These values are required on top of your normal configuration.)
Note: The value of server.enterpriseLicense.enableLicenseAutoload must be set to false.
global:enterpriseLicense:secretName: 'consul-ent-license'enableLicenseAutoload: false
Now run helm install:
$ helm install --wait hashicorp hashicorp/consul --values config.yaml
$ helm install --wait hashicorp hashicorp/consul --values config.yaml
Once the cluster is up, you can verify the nodes are running Consul Enterprise by using the consul license get command.
First, forward your local port 8500 to the Consul servers so you can run consul commands locally against the Consul servers in Kubernetes:
$ kubectl port-forward service/hashicorp-consul-server 8500:8500
$ kubectl port-forward service/hashicorp-consul-server 8500:8500
In a separate tab, run the consul license get command (if using ACLs see below):
$ consul license getLicense is validLicense ID: 1931d1f4-bdfd-6881-f3f5-19349374841fCustomer ID: b2025a4a-8fdd-f268-95ce-1704723b9996Expires At: 2020-03-09 03:59:59.999 +0000 UTCDatacenter: *Package: premiumLicensed Features:Automated BackupsAutomated UpgradesEnhanced Read ScalabilityNetwork SegmentsRedundancy Zone$ consul membershashicorp-consul-server-0 10.60.0.187:8301 alive server 1.10.0+ent 2 dc1 <all>hashicorp-consul-server-1 10.60.1.229:8301 alive server 1.10.0+ent 2 dc1 <all>hashicorp-consul-server-2 10.60.2.197:8301 alive server 1.10.0+ent 2 dc1 <all>
If you get an error:
Error getting license: invalid character 'r' looking for beginning of value
Error getting license: invalid character 'r' looking for beginning of value
Then you have likely enabled ACLs. You need to specify your ACL token when running the license get command. First, assign the ACL token to the CONSUL_HTTP_TOKEN environment variable:
$ export CONSUL_HTTP_TOKEN=$(kubectl get secrets/hashicorp-consul-bootstrap-acl-token --template='{{.data.token | base64decode }}')
$ export CONSUL_HTTP_TOKEN=$(kubectl get secrets/hashicorp-consul-bootstrap-acl-token --template='{{.data.token | base64decode }}')
$ consul license getLicense is validLicense ID: 1931d1f4-bdfd-6881-f3f5-19349374841fCustomer ID: b2025a4a-8fdd-f268-95ce-1704723b9996Expires At: 2020-03-09 03:59:59.999 +0000 UTCDatacenter: *Package: premiumLicensed Features:Automated BackupsAutomated UpgradesEnhanced Read ScalabilityNetwork SegmentsRedundancy Zone
