intention command is used to interact with service mesh
intentions. It exposes commands for
creating, updating, reading, deleting, checking, and managing intentions.
This command is available in Consul 1.2 and later.
consul intention <subcommand>
For the exact documentation for your Consul version, run
consul intention -h
to view the complete list of subcommands.
Usage: consul intention <subcommand> [options] [args] ... Subcommands: check Check whether a connection between two services is allowed. create Create intentions for service connections. delete Delete an intention. list Lists all intentions. get Show information about an intention. match Show intentions that match a source or destination.
For more information, examples, and usage about a subcommand, click on the name of the subcommand in the sidebar.
Create an intention to allow "web" to talk to "db":
$ consul intention create web db
Create an intention to deny "db" from initiating connections to any service:
$ consul intention create -deny db '*' Created: db => * (deny)
Test whether a "web" is allowed to connect to "db":
$ consul intention check web db
List all intentions:
$ consul intention list
Find all intentions for communicating to the "db" service:
$ consul intention match db
Intention commands commonly take positional arguments referred to as
DST in the command documentation. These can take several forms:
|the named service in the current namespace|
|any service in the current namespace|
|Enterprise the named service in a specific namespace in the default partition|
|Enterprise any service in the specified namespace in the default partition|
|Enterprise any service in any namespace in the default partition|
|Enterprise the named service in a specific namespace|
|Enterprise any service in the specified namespace in a specific partition|
|Enterprise any service in any namespace in the a specific partition|