mirror of https://github.com/hashicorp/consul
76 lines
3.8 KiB
Markdown
76 lines
3.8 KiB
Markdown
---
|
|
layout: docs
|
|
page_title: Connect (Service Segmentation)
|
|
sidebar_title: 'Connect - Service Mesh'
|
|
sidebar_current: docs-connect-index
|
|
description: |-
|
|
Consul Connect provides service-to-service connection authorization and
|
|
encryption using mutual TLS.
|
|
---
|
|
|
|
# Connect
|
|
|
|
Consul Connect provides service-to-service connection authorization and
|
|
encryption using mutual Transport Layer Security (TLS). Applications can use
|
|
[sidecar proxies](/docs/connect/proxies.html) in a service mesh configuration to
|
|
establish TLS connections for inbound and outbound connections without being aware
|
|
of Connect at all. Applications may also [natively integrate with Connect](/docs/connect/native.html)
|
|
for optimal performance and security. Connect can help you secure your services and provide data
|
|
about service-to-service
|
|
communications.
|
|
|
|
Review the video below to learn more about Consul Connect from HashiCorp's co-founder Armon.
|
|
|
|
<iframe
|
|
src="https://www.youtube.com/embed/8T8t4-hQY74"
|
|
frameborder="0"
|
|
allowfullscreen="true"
|
|
width="560"
|
|
height="315"
|
|
></iframe>
|
|
|
|
## Application Security
|
|
|
|
Connect enables secure deployment best-practices with automatic
|
|
service-to-service encryption, and identity-based authorization.
|
|
Connect uses the registered service identity (rather than IP addresses) to
|
|
enforce access control with [intentions](/docs/connect/intentions.html). This
|
|
makes it easier to reason about access control and enables services to be
|
|
rescheduled by orchestrators including Kubernetes and Nomad. Intention
|
|
enforcement is network agnostic, so Connect works with physical networks, cloud
|
|
networks, software-defined networks, cross-cloud, and more.
|
|
|
|
## Observability
|
|
|
|
One of the key benefits of Consul Connect is the uniform and consistent view it can
|
|
provide of all the services on your network, irrespective of their different
|
|
programming languages and frameworks. When you configure Consul Connect to use
|
|
sidecar proxies, those proxies "see" all service-to-service traffic and can
|
|
collect data about it. Consul Connect can configure Envoy proxies to collect
|
|
layer 7 metrics and export them to tools like Prometheus. Correctly instrumented
|
|
applications can also send open tracing data through Envoy.
|
|
|
|
## Getting Started With Connect
|
|
|
|
There are several ways to try Connect in different environments.
|
|
|
|
- The [Getting Started with Consul Service Mesh track](https://learn.hashicorp.com/consul/gs-consul-service-mesh/understand-consul-service-mesh?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS)
|
|
walks you through installing Consul as service mesh for Kubernetes using the Helm
|
|
chart, deploying services in the service mesh, and using intentions to secure service
|
|
communications.
|
|
|
|
- The [Secure Service-to-Service Communication guide](https://learn.hashicorp.com/consul/developer-mesh/connect-services?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS)
|
|
is a simple walk through of connecting two services on your local machine
|
|
using Consul Connect's built-in proxy and configuring your first intention. The guide also includes an introduction to
|
|
using Envoy as the Connect sidecar proxy.
|
|
|
|
- The [Kubernetes guide](https://learn.hashicorp.com/consul/getting-started-k8s/minikube?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS)
|
|
walks you through configuring Consul Connect in Kubernetes using the Helm
|
|
chart, and using intentions. You can run the guide on Minikube or an existing
|
|
Kubernetes cluster.
|
|
|
|
- The [observability guide](https://learn.hashicorp.com/consul/kubernetes/l7-observability-k8s?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS)
|
|
shows how to deploy a basic metrics collection and visualization pipeline on
|
|
a Minikube or Kubernetes cluster using the official Helm charts for Consul,
|
|
Prometheus, and Grafana.
|