Consul service mesh

Consul service mesh provides service-to-service connection authorization and encryption using mutual Transport Layer Security (TLS).

Applications can use sidecar proxies in a service mesh configuration to establish TLS connections for inbound and outbound connections without being aware of the service mesh at all. Applications may also natively integrate with Consul service mesh for optimal performance and security. Consul service mesh can help you secure your services and provide data about service-to-service communications.

The noun connect is used throughout this documentation to refer to the connect subsystem that provides Consul’s service mesh capabilities. Where you encounter the noun connect, it is usually functionality specific to service mesh.

Review the video below to learn more about Consul service mesh from HashiCorp’s co-founder Armon.

Application security

Consul service mesh enables secure deployment best-practices with automatic service-to-service encryption, and identity-based authorization. Consul uses the registered service identity, rather than IP addresses, to enforce access control with intentions. This makes it easier to control access and enables services to be rescheduled by orchestrators, including Kubernetes and Nomad. Intention enforcement is network agnostic, so Consul service mesh works with physical networks, cloud networks, software-defined networks, cross-cloud, and more.

Observability

One of the key benefits of Consul service mesh is the uniform and consistent view it can provide of all the services on your network, irrespective of their different programming languages and frameworks. When you configure Consul service mesh to use sidecar proxies, those proxies see all service-to-service traffic and can collect data about it. Consul service mesh can configure Envoy proxies to collect layer 7 metrics and export them to tools like Prometheus. Correctly instrumented applications can also send open tracing data through Envoy.

Getting started with Consul service mesh

Complete the following tutorials try Consul service mesh in different environments:

  • The Getting Started with Consul Service Mesh collection walks you through installing Consul as service mesh for Kubernetes using the Helm chart, deploying services in the service mesh, and using intentions to secure service communications.

  • The Getting Started With Consul for Kubernetes tutorials guides you through installing Consul on Kubernetes to set up a service mesh for establishing communication between Kubernetes services.

  • The Secure Service-to-Service Communication tutorial is a simple walk through of connecting two services on your local machine and configuring your first intention.

  • The Kubernetes tutorial walks you through configuring Consul service mesh in Kubernetes using the Helm chart, and using intentions. You can run the guide on Minikube or an existing Kubernetes cluster.

  • The observability tutorial shows how to deploy a basic metrics collection and visualization pipeline on a Minikube or Kubernetes cluster using the official Helm charts for Consul, Prometheus, and Grafana.