consul/website/pages/docs/connect/index.mdx

76 lines
3.8 KiB
Markdown

---
layout: docs
page_title: Connect (Service Segmentation)
sidebar_title: 'Connect - Service Mesh'
sidebar_current: docs-connect-index
description: |-
Consul Connect provides service-to-service connection authorization and
encryption using mutual TLS.
---
# Connect
Consul Connect provides service-to-service connection authorization and
encryption using mutual Transport Layer Security (TLS). Applications can use
[sidecar proxies](/docs/connect/proxies.html) in a service mesh configuration to
establish TLS connections for inbound and outbound connections without being aware
of Connect at all. Applications may also [natively integrate with Connect](/docs/connect/native.html)
for optimal performance and security. Connect can help you secure your services and provide data
about service-to-service
communications.
Review the video below to learn more about Consul Connect from HashiCorp's co-founder Armon.
<iframe
src="https://www.youtube.com/embed/8T8t4-hQY74"
frameborder="0"
allowfullscreen="true"
width="560"
height="315"
></iframe>
## Application Security
Connect enables secure deployment best-practices with automatic
service-to-service encryption, and identity-based authorization.
Connect uses the registered service identity (rather than IP addresses) to
enforce access control with [intentions](/docs/connect/intentions.html). This
makes it easier to reason about access control and enables services to be
rescheduled by orchestrators including Kubernetes and Nomad. Intention
enforcement is network agnostic, so Connect works with physical networks, cloud
networks, software-defined networks, cross-cloud, and more.
## Observability
One of the key benefits of Consul Connect is the uniform and consistent view it can
provide of all the services on your network, irrespective of their different
programming languages and frameworks. When you configure Consul Connect to use
sidecar proxies, those proxies "see" all service-to-service traffic and can
collect data about it. Consul Connect can configure Envoy proxies to collect
layer 7 metrics and export them to tools like Prometheus. Correctly instrumented
applications can also send open tracing data through Envoy.
## Getting Started With Connect
There are several ways to try Connect in different environments.
- The [Getting Started with Consul Service Mesh track](https://learn.hashicorp.com/consul/gs-consul-service-mesh/understand-consul-service-mesh?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS)
walks you through installing Consul as service mesh for Kubernetes using the Helm
chart, deploying services in the service mesh, and using intentions to secure service
communications.
- The [Secure Service-to-Service Communication guide](https://learn.hashicorp.com/consul/developer-mesh/connect-services?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS)
is a simple walk through of connecting two services on your local machine
using Consul Connect's built-in proxy and configuring your first intention. The guide also includes an introduction to
using Envoy as the Connect sidecar proxy.
- The [Kubernetes guide](https://learn.hashicorp.com/consul/getting-started-k8s/minikube?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS)
walks you through configuring Consul Connect in Kubernetes using the Helm
chart, and using intentions. You can run the guide on Minikube or an existing
Kubernetes cluster.
- The [observability guide](https://learn.hashicorp.com/consul/kubernetes/l7-observability-k8s?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS)
shows how to deploy a basic metrics collection and visualization pipeline on
a Minikube or Kubernetes cluster using the official Helm charts for Consul,
Prometheus, and Grafana.