You can use this Helm chart to deploy Consul Enterprise by following a few extra steps.
Find the license file that you received in your welcome email. It should have a .hclic extension. You will use the contents of this file to create a Kubernetes secret before installing the Helm chart.
Note: This guide assumes you are storing your license as a Kubernetes Secret. If you would like to store the enterprise license in Vault, please reference Storing the Enterprise License in Vault.
You can use the following commands to create the secret with name consul-ent-license and key key:
If the version of Consul is < 1.10, use the following config with the name and key of the secret you just created.
(These values are required on top of your normal configuration.)
Note: The value of server.enterpriseLicense.enableLicenseAutoload must be set to false.
In a separate tab, run the consul license get command (if using ACLs see below):
$consul license getLicense is validLicense ID: 1931d1f4-bdfd-6881-f3f5-19349374841fCustomer ID: b2025a4a-8fdd-f268-95ce-1704723b9996Expires At: 2020-03-09 03:59:59.999 +0000 UTCDatacenter: *Package: premiumLicensed Features: Automated Backups Automated Upgrades Enhanced Read Scalability Network Segments Redundancy Zone Advanced Network Federation$consul membersNode Address Status Type Build Protocol DC Segmenthashicorp-consul-server-0 10.60.0.187:8301 alive server 1.10.0+ent 2 dc1 <all>hashicorp-consul-server-1 10.60.1.229:8301 alive server 1.10.0+ent 2 dc1 <all>hashicorp-consul-server-2 10.60.2.197:8301 alive server 1.10.0+ent 2 dc1 <all>
$consul license getLicense is validLicense ID: 1931d1f4-bdfd-6881-f3f5-19349374841fCustomer ID: b2025a4a-8fdd-f268-95ce-1704723b9996Expires At: 2020-03-09 03:59:59.999 +0000 UTCDatacenter: *Package: premiumLicensed Features: Automated Backups Automated Upgrades Enhanced Read Scalability Network Segments Redundancy Zone Advanced Network Federation$consul membersNode Address Status Type Build Protocol DC Segmenthashicorp-consul-server-0 10.60.0.187:8301 alive server 1.10.0+ent 2 dc1 <all>hashicorp-consul-server-1 10.60.1.229:8301 alive server 1.10.0+ent 2 dc1 <all>hashicorp-consul-server-2 10.60.2.197:8301 alive server 1.10.0+ent 2 dc1 <all>
If you get an error:
Error getting license: invalid character 'r' looking for beginning of value
Error getting license: invalid character 'r' looking for beginning of value
Then you have likely enabled ACLs. You need to specify your ACL token when
running the license get command. First, assign the ACL token to the CONSUL_HTTP_TOKEN environment variable:
$exportCONSUL_HTTP_TOKEN=$(kubectl get secrets/hashicorp-consul-bootstrap-acl-token --template='{{.data.token | base64decode }}')
$exportCONSUL_HTTP_TOKEN=$(kubectl get secrets/hashicorp-consul-bootstrap-acl-token --template='{{.data.token | base64decode }}')
Now the token will be used when running Consul commands: