You have a Consul cluster running production workloads in your environment. However, you've discovered that the cluster was initially deployed without gossip
encryption configured, which means that traffic is being sent in cleartext. The security team has requested this to be updated ASAP. However, you can't take an outage on
the Consul service right now, knowing the server nodes will stop communicating once you start editing the configuration files one by one.
How can you enable gossip encryption on the existing cluster without affecting the services it is currently providing the business?
You need to deny communication between the customer-db service and the payment service using an intention. You open the command line and issue the following
command:
$ consul intention create customer-db payment
However, the two services can still initiate new connections even after the intention is created. What would explain this?
You have created a new gossip encryption key using consul keygen and installed it using the command consul keyring -install
TX/1dsj67x/4XdTeSG1Cb5RdC/cbAbv9Hch4H8cL8nk=.
However, when you try and delete the original gossip encryption key, you receive an error. Based on the error message below, what steps need to be taken in order to be
able to remove the old gossip encryption key?
1. $ consul keyring -remove /d+jMNoQWICjMvddXJXzyGPDWiEOFgApvUJcuPRcves=