Consul
Config HTTP Endpoint
The /config
endpoints create, update, delete and query central configuration
entries registered with Consul. See the
agent configuration
for more information on how to enable this functionality for centrally
configuring services and configuration entries docs for a description
of the configuration entries content.
Apply Configuration
This endpoint creates or updates the given config entry.
Method | Path | Produces |
---|---|---|
PUT | /config | application/json |
The table below shows this endpoint's support for blocking queries, consistency modes, agent caching, and required ACLs.
Blocking Queries | Consistency Modes | Agent Caching | ACL Required |
---|---|---|---|
NO | none | none | Refer to Permissions |
The corresponding CLI command is consul config write
.
Permissions
The ACL required depends on the config entry being written:
Config Entry Kind | Required ACLs |
---|---|
api-gateway | mesh:write or operator:write |
bound-api-gateway | Not writable. |
exported-services | mesh:write or operator:write |
file-system-certificate | mesh:write or operator:write |
http-route | mesh:write or operator:write |
ingress-gateway | mesh:write or operator:write |
inline-certificate | mesh:write or operator:write |
mesh | mesh:write or operator:write |
proxy-defaults | mesh:write or operator:write |
service-defaults | service:write |
service-intentions | intentions:write |
service-resolver | service:write |
service-router | service:write |
service-splitter | service:write |
tcp-route | mesh:write or operator:write |
terminating-gateway | mesh:write or operator:write |
Query Parameters
dc
(string: "")
- Specifies the datacenter to query. This parameter defaults to the datacenter of the agent being queried.cas
(int: 0)
- Specifies to use a Check-And-Set operation. If the index is 0, Consul will only store the entry if it does not already exist. If the index is non-zero, the entry is only set if the current index matches theModifyIndex
of that entry.ns
(string: "")
Enterprise - Specifies the namespace of the config entry you apply. You can also specify the namespace through other methods.
partition
(string: "")
Enterprise - The partition to use. If not provided, the partition is inferred from the request's ACL token, or defaults to thedefault
partition.
Sample Payload
{
"Kind": "service-defaults",
"Name": "web",
"Protocol": "http"
}
Sample Request
$ curl \
--request PUT \
--data @payload \
http://127.0.0.1:8500/v1/config
Get Configuration
This endpoint returns a specific config entry.
Method | Path | Produces |
---|---|---|
GET | /config/:kind/:name | application/json |
The table below shows this endpoint's support for blocking queries, consistency modes, agent caching, and required ACLs.
Blocking Queries | Consistency Modes | Agent Caching | ACL Required |
---|---|---|---|
YES | all | none | Refer to Permissions |
The corresponding CLI command is consul config read
.
Permissions
The ACL required depends on the config entry kind being read:
Config Entry Kind | Required ACLs |
---|---|
api-gateway | service:read |
bound-api-gateway | service:read |
exported-services | mesh:read or operator:read |
file-system-certificate | mesh:read or operator:read |
http-route | mesh:read or operator:read |
ingress-gateway | service:read |
inline-certificate | mesh:read or operator:read |
mesh | No ACL required |
proxy-defaults | No ACL required |
service-defaults | service:read |
service-intentions | intentions:read |
service-resolver | service:read |
service-router | service:read |
service-splitter | service:read |
tcp-route | mesh:read or operator:read |
terminating-gateway | service:read |
Path Parameters
kind
(string: <required>)
- Specifies the kind of the entry to read.name
(string: <required>)
- Specifies the name of the entry to read. The name of theproxy-defaults
config entry must beglobal
, and the name of themesh
config entry must bemesh
.
Query Parameters
dc
(string: "")
- Specifies the datacenter to query. This parameter defaults to the datacenter of the agent being queried.ns
(string: "")
Enterprise - Specifies the namespace of the config entry you lookup You can also specify the namespace through other methods.
partition
(string: "")
Enterprise - The partition to use. If not provided, the partition is inferred from the request's ACL token, or defaults to thedefault
partition.
Sample Request
$ curl \
--request GET \
http://127.0.0.1:8500/v1/config/service-defaults/web
Sample Response
{
"Kind": "service-defaults",
"Name": "web",
"Protocol": "http",
"CreateIndex": 15,
"ModifyIndex": 35
}
List Configurations
This endpoint returns all config entries of the given kind.
The HTTP response includes the X-Consul-Results-Filtered-By-ACLs: true
header
if the response array excludes results due to ACL policy configuration.
Refer to the HTTP API documentation for more information.
Method | Path | Produces |
---|---|---|
GET | /config/:kind | application/json |
The table below shows this endpoint's support for blocking queries, consistency modes, agent caching, and required ACLs.
Blocking Queries | Consistency Modes | Agent Caching | ACL Required |
---|---|---|---|
YES | all | none | Refer to Permissions |
Permissions
The ACL required depends on the config entry kind being read:
Config Entry Kind | Required ACLs |
---|---|
api-gateway | service:read |
bound-api-gateway | service:read |
exported-services | mesh:read or operator:read |
file-system-certificate | mesh:read or operator:read |
http-route | mesh:read or operator:read |
ingress-gateway | service:read |
inline-certificate | mesh:read or operator:read |
mesh | No ACL required |
proxy-defaults | No ACL required |
service-defaults | service:read |
service-intentions | intentions:read |
service-resolver | service:read |
service-router | service:read |
service-splitter | service:read |
tcp-route | mesh:read or operator:read |
terminating-gateway | service:read |
The corresponding CLI command is consul config list
.
Path Parameters
kind
(string: <required>)
- Specifies the kind of the entry to list.filter
(string: "")
- Specifies an expression to use for filtering the results.
Query Parameters
dc
(string: "")
- Specifies the datacenter to query. This parameter defaults to the datacenter of the agent being queried.ns
(string: "")
Enterprise - Specifies the namespace of the config entries you lookup. You can also specify the namespace through other methods.
partition
(string: "")
Enterprise - The partition to use. If not provided, the partition is inferred from the request's ACL token, or defaults to thedefault
partition.
Sample Request
$ curl \
--request GET \
http://127.0.0.1:8500/v1/config/service-defaults
Sample Response
[
{
"Kind": "service-defaults",
"Name": "db",
"Protocol": "tcp",
"CreateIndex": 16,
"ModifyIndex": 16
},
{
"Kind": "service-defaults",
"Name": "web",
"Protocol": "http",
"CreateIndex": 13,
"ModifyIndex": 13
}
]
Delete Configuration
This endpoint deletes the given config entry.
Method | Path | Produces |
---|---|---|
DELETE | /config/:kind/:name | application/json |
The table below shows this endpoint's support for blocking queries, consistency modes, agent caching, and required ACLs.
Blocking Queries | Consistency Modes | Agent Caching | ACL Required |
---|---|---|---|
NO | none | none | Refer to Permissions |
Permissions
The ACL required depends on the config entry kind being deleted:
Config Entry Kind | Required ACLs |
---|---|
api-gateway | mesh:write or operator:write |
bound-api-gateway | Not writable. |
exported-services | mesh:write or operator:write |
file-system-certificate | mesh:write or operator:write |
http-route | mesh:write or operator:write |
ingress-gateway | mesh:write or operator:write |
inline-certificate | mesh:write or operator:write |
mesh | mesh:write or operator:write |
proxy-defaults | mesh:write or operator:write |
service-defaults | service:write |
service-intentions | intentions:write |
service-resolver | service:write |
service-router | service:write |
service-splitter | service:write |
tcp-route | mesh:write or operator:write |
terminating-gateway | mesh:write or operator:write |
The corresponding CLI command is consul config delete
.
Path Parameters
kind
(string: <required>)
- Specifies the kind of the entry to delete.name
(string: <required>)
- Specifies the name of the entry to delete. The name of theproxy-defaults
config entry must beglobal
, and the name of themesh
config entry must bemesh
.
Query Parameters
dc
(string: "")
- Specifies the datacenter to query. This parameter defaults to the datacenter of the agent being queried.cas
(int: 0)
- Specifies to use a Check-And-Set operation. UnlikePUT
, the index must be greater than 0 for Consul to take any action: a 0 index will not delete the config entry. If the index is non-zero, the config entry is only deleted if the index matches theModifyIndex
of that config entry.ns
(string: "")
Enterprise - Specifies the namespace of the config entry you delete. You can also specify the namespace through other methods.
partition
(string: "")
Enterprise - The partition to use. If not provided, the partition is inferred from the request's ACL token, or defaults to thedefault
partition.
Sample Request
$ curl \
--request DELETE \
http://127.0.0.1:8500/v1/config/service-defaults/web
Methods to specify namespace Enterprise
Config endpoints support several methods for specifying the namespace of configuration entry resources with the following order of precedence:
ns
query parameterX-Consul-Namespace
request header- Namespace is inherited from the namespace of the request's ACL token (if any)
- The
default
namespace