mirror of https://github.com/hashicorp/consul
Kubernetes Service Mesh Overview
boruszak
parent
1cfeefe7c1
commit
a796b1b28d
|
|
@ -10,10 +10,9 @@ description: >-
|
|||
[Consul Service Mesh](/docs/connect) is a feature built into to Consul that enables
|
||||
automatic service-to-service authorization and connection encryption across
|
||||
your Consul services. Consul Service Mesh can be used with Kubernetes to secure pod
|
||||
communication with other pods and external Kubernetes services. "Consul Connect" refers to the service mesh functionality within Consul and is used interchangeably with the name
|
||||
"Consul Service Mesh."
|
||||
communication with other pods and external Kubernetes services. "Consul Connect" refers to the service mesh functionality within Consul and is used interchangeably with the name "Consul Service Mesh."
|
||||
|
||||
The Connect sidecar running Envoy can be automatically injected into pods in
|
||||
The sidecar running Envoy can be automatically injected into pods in
|
||||
your cluster, making configuration for Kubernetes automatic.
|
||||
This functionality is provided by the
|
||||
[consul-k8s project](https://github.com/hashicorp/consul-k8s) and can be
|
||||
|
|
@ -22,32 +21,11 @@ automatically installed and configured using the
|
|||
|
||||
## Usage
|
||||
|
||||
When the
|
||||
[Connect injector is installed](/docs/k8s/connect#installation-and-configuration),
|
||||
the Connect sidecar can be automatically added to all pods. This sidecar can both
|
||||
accept and establish connections using Connect, enabling the pod to communicate
|
||||
to clients and dependencies exclusively over authorized and encrypted
|
||||
connections.
|
||||
-> **Important:** As of consul-k8s `v0.26.0` and Consul Helm `v0.32.0`, having a Kubernetes
|
||||
service is required to run services on the Consul service mesh.
|
||||
|
||||
-> **Note:** The examples in this section are valid and use
|
||||
publicly available images. If you've installed the Connect injector, feel free
|
||||
to run the examples in this section to try Connect with Kubernetes.
|
||||
Please note the documentation below this section on how to properly install
|
||||
and configure the Connect injector.
|
||||
Installing Consul on Kubernetes with [`connect-inject` enabled](/docs/k8s/connect#installation-and-configuration) adds a sidecar to all pods. By default, it enables service mesh functionality with Consul Dataplane by injecting an Envoy proxy. You can also configure Consul to inject a client agent sidecar to connect to your service mesh. Refer to [Simplified Service Mesh with Consul Dataplane](/docs/connect/dataplane) for more information.
|
||||
|
||||
### Accepting Inbound Connections
|
||||
|
||||
An example Deployment is shown below with Connect enabled to accept inbound
|
||||
connections. Notice that the Deployment would still be fully functional without
|
||||
Connect. Minimal to zero modifications are required to enable Connect in Kubernetes.
|
||||
Notice also that even though we're using a Deployment here, the same configuration
|
||||
would work on a Pod, a StatefulSet, or a DaemonSet.
|
||||
|
||||
This Deployment specification starts a server that responds to any
|
||||
HTTP request with the static text "hello world".
|
||||
|
||||
-> **Note:** As of consul-k8s `v0.26.0` and Consul Helm `v0.32.0`, having a Kubernetes
|
||||
service is **required** to run services on the Consul Service Mesh.
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
|
|
|
|||
Loading…
Reference in New Issue