Visualize Service Mesh Communication in the Consul UI
You can visualize the communication flow between services registered in your mesh with the topology diagram in the Consul UI. This can be helpful when configuring new services and when troubleshooting existing connections.
In this tutorial, you will view the service mesh topology diagram for two example services. You will then use Consul intentions to control communication between the services.
Prerequisites
You will need to be familiar with the Consul deployment process and how to register services in Consul service mesh to complete this tutorial.
If you do not have experience with service mesh, complete the Getting Started with Consul Service Mesh tutorial for configuration guidance.
For this tutorial, you will need the following.
- A Consul version 1.13.1 cluster or later with service mesh enabled
- At least two services deployed
Tip
The content of this tutorial also applies to Consul clusters hosted on HashiCorp Cloud (HCP).
Register two services in the service mesh
All registered services will be listed on the services page of the Consul UI. Once you select a service, you will be able to learn more about it.
Below are two sample service registrations. To view the topology diagram for this tutorial you do not need to start the services or their proxies.
The upstream service definition, for counting.
The downstream service definition, for dashboard.
Register the services with the Consul CLI.
View the services in the Consul UI at http://localhost:8500.
Explore the service topology diagram
Select one of the services you deployed to get more information. The first tab will be the topology diagram. It provides an overview of the service with the following information. The service instance's health status, including custom health checks if you defined them. Service dependencies as directional arrows. Consul intentions between dependent services.
To review the information in more depth, you can select the other tabs.
Observe service dependencies and connections
You can use the diagram to understand the service mesh configuration for your services, without needing to access each individual service’s configuration file. The directional arrow between services indicates the communication flow between them.
For the services in this tutorial, notice that the dashboard service is the start of the directional arrow. This is because the dashboard service relies on data from the counting service. This is also a visual hint that the dashboard service is the downstream and therefore has the count service defined as an upstream in the upstreams
option in its service registration..
Below is the upstreams
option, configured in the dashboard service file, that is illustrated by this arrow.
Manage service communication
To ensure that the connections are properly configured, you can also use the diagram to quickly visualize allowed and denied connections between services. If the connection is allowed, the arrow from the downstream to the upstream service will be grey. If the connection is denied, the arrow will be red and there will be an "x". Below, the connection between dashboard and counting is denied.
First, you may need to add a deny intention. You can add an intention in the UI or with the following CLI procedure.
First, create a file for a config entry definition named intention-config.hcl
.
From the same directory where you saved this file, run the following command on your terminal to initialize these intention rules.
To update the Consul intention from the topology diagram, to allow communication between the dashboard and counting service, click on the "x" and then select the edit option.
After selecting the edit button, you will be directed to the Intentions tab for the service where you can update or delete the intention. The service information will be automatically generated for you.
Note that if you have ACL's configured with a default deny policy, all services registered in the mesh will have all connections denied by default.
Next steps
In this tutorial you used the service mesh topology diagram to better understand service connections. You were able to visualize the upstream and downstream services, and update the Consul intention in the Consul UI.