Enable service mesh

This page describes the process to enable Consul's service mesh features.

For more information about configurable options in the service mesh and the process to full bootstrap Consul's service mesh, refer to Connect services.

Enable mesh in server agent configuration

Consul's service mesh features are not enabled by default when running Consul on virtual machines. To enable the service mesh, you must change the configuration of your Consul servers. You do not need to change client agent configurations in order to use the service mesh.

To enable Consul's service mesh, set connect.enabled to true in a new or existing agent configuration file.

Service mesh is enabled by default on Kubernetes deployments.

connect {
  enabled = true
}

{
  "connect": {
    "enabled": true
  }
}

server:
  connect:
    enabled: true

Apply configuration to Consul

After you update your cluster's configuration, the Consul agent must restart before the service mesh is enabled.

On VM deployments, restart each server in the cluster one at a time in order to maintain the cluster's availability.

On Kubernetes deployments, you can run the following command to apply the configuration to your deployment:

$ kubectl apply -f values.yaml

If you use the Consul on Kubernetes CLI, you can run the following command instead:

$ consul-k8s upgrade -config-file values.yaml

For information about the consul-k8s CLI and how to install it, refer to Install Consul on Kubernetes from Consul K8s CLI

Next steps

After you enable Consul's service mesh, enable the built-in certificate authority to ensure secure service-to-service communication and configure defaults settings for the Envoy proxies in the service mesh. You can also enable Consul's Access Control List (ACL) system to provide additional security.

Refer to the following topics for more information:

• Bootstrap Consul's built-in CA
• Configure proxy defaults
• Enable Consul's ACL system