Consul's UI allows you to view and interact with Consul via a graphical user interface, which can lower the barrier of entry for new users, and ease troubleshooting.
The Consul UI enables you to view all information about your Consul datacenter, including:
- Registered nodes, both Consul servers and clients.
- Registered services and their sidecar proxies.
- Registered gateways including terminating, ingress, and mesh.
Additionally, you can view and update the following information through the Consul UI:
- Key-value pairs.
- Access Control List (ACL) tokens.
- Service mesh intentions.
In this tutorial, you will explore your Consul development environment through the Consul UI.
»Navigate to the UI
If you were running Consul in production you would need to enable the UI in
Consul's configuration file or using the
-ui command line flag, but because
your agent is running in development mode, the UI is automatically enabled.
The landing page for the Consul UI is the services page, which gives you a list of all registered services and gateways including their health, tags, type, and source. You can filter the services visible on the page based on their name, tag, status, or other search terms.
Click on a specific service to learn more about its instance count, the health of individual instances, and which agent each instance is registered with.
Try it: Select the Consul service and then an instance of Consul. You will discover which node the instance is registered on and the instance's health status.
Click on the "Nodes" option in the top navigation bar to go to the nodes page. There you'll find an overview of the entire datacenter including the health status of each node, IPAddress, number of registered services, and a leader badge indicating which node is hosting the leading Consul server.
You can select individual nodes to learn about their health checks, registered services, round trip time, lock sessions, and metadata.
You can also filter the nodes by heath status, or search for them in the search bar.
Try it: Select the Nodes page from the top menu bar, and then click the leading Consul server from the list of nodes.
»Manage the Key-Value store
In the top navigation, select "Key/Value" to view the page for Consul KV.
The Key/Value page has a folder-like structure. Objects appear nested according to their key prefix. For example, you could have a folder for each application, business function, or a nested combination of the two.
Try it: From the main page, click the "Create" button to add a new
key-value pair. Call the key
redis/user with a value
Alice. Now create
another pair with the key
redis/password and the value
123. On the main
page, notice that there is only one new entry, called "redis", with a folder
icon next to it.
»Manage ACL tokens
Consul uses Access Control Lists (ACLs) to secure access to the UI, API, CLI, service
communications, and agent communications. You need to configure
ACLs in your Consul datacenter to
secure it for production. However, on a local development agent started with
consul agent -dev,
they aren't enabled, so there would be no data on your "ACL" page.
You can secure the UI itself with ACLs, by limiting read, write, and update permissions for the various pages in the UI. You do this by creating a token with the appropriate privileges and adding it to the UI under the ACL page.
To remove access, simply select "Stop using" from your tokens action menu in the token list.
Security Warning: The browser can store tokens that you add to the UI.
Select the "Intentions" option in the top navigation menu to view intention data for Consul service mesh. To create new intentions, click on the "Create" button at the top right of the page.
The new intention page allows you to specify the source and destination services, configure service communication, and add a description. Notice that you have three options for service communication; Allow, Deny, and Application Aware. The Application Aware option enables you to more granularly allow or deny communication between services based on path, header, or method.
Try it: If you followed the previous tutorials in the Get Started collection, you
can create an intention for the "web" and "socat" services.
Click on the blue "Create" button. On the creation page, set the
source service to "web" and the destination to "socat". Make a deny intention.
Open a terminal window and try to connect to to the socat service with the
nc 127.0.0.1 9191. It should exit immediately. Now on the main
intentions page, click on the "..." menu item at the right of the new intention.
Delete it and try to connect again. This time it should succeed.
»Adjust UI settings
To edit the UI's settings, select the "Settings" option at the far-right of the top navigation menu.
You can select whether or not you would like to set up a blocking query to update the UI in real time, rather than upon refresh. This is on by default, but may need to be disabled for large datacenters due to performance concerns.
»UI task table
As you may have noticed, some pages of the web UI are read-only, while others are interactive. Below is a table with the CRUD actions available for each page.
|Key/Value||Create, Read, Update, Delete|
|Intentions||Create, Read, Update, Delete|
|ACLs||Create, Read, Update, Delete|
In this tutorial, you explored the Consul UI for a Consul development environment. You should now be able to navigate the Consul UI to learn more about your services, gateways, key-value pairs, service mesh intentions, and ACL tokens.
To continue you can: