The Consul API Gateway has now reached its first GA release, adding TCPRoute support, Helm chart support, and a new HashiCorp Learn tutorial.
At HashiConf Global 2021 we introduced the Consul API Gateway, a solution to help users consistently manage access to their service mesh applications. Today, we are pleased to announce that the Consul API Gateway is now generally available to the public. This milestone further cements Consul’s ability to help users control access and manage north-south traffic from external clients in production ready environments. This blog post covers some of the features introduced at the tech preview and beta releases and provides instructions on how to get started.
At the core of the Consul API Gateway is the ability to dynamically create, modify, and delete routes for external client requests that hit the gateway. This is done using the HttpRoute spec from the Kubernetes Gateway API. Users configure how client requests are handled based on certain parameters, e.g. path prefixes, header values, or query parameters. These rules are then applied using a Custom Resource Definition and attached to the gateway as a route. Here is an example of an HTTPRoute for splitting client requests between two services based on the path prefix
/echo and weights:
- name: my-api-gateway
- kind: service
- kind: service
The Consul API Gateway can be used to manage route destinations and protocol connections between mesh services and external clients. In the tech preview, the API Gateway supported HTTP/S routes, but we recognize that some applications require different protocols, namely TCP. In the beta release, we added
TCPRoute support for both TCP and TCP+TLS connections between clients and service mesh applications. The example below uses the Kubernetes Gateway API CRD for implementing and managing these TCP routes:
- name: my-tcp-gateway
- name: my-foo-service
TLSRoute resource, users can also create a TCP-based route that leverages a TLS listener. For more information on these resources, please review the TCPRoute documentation in the API specification.
To improve security controls, we’ve added the ability to configure TLS settings on a per-listener basis. The settings can set the minimum and maximum enabled TLS versions, and the allowed cipher suites. The example below shows how to configure them on a listener:
- protocol: HTTPS
- name: consul-server-cert
As of version 0.41.0, the Consul Helm chart supports the installation and configuration of the Consul API Gateway and underlying components. Users need to add the following block to their Helm values file in order to get started:
The Consul servers must be running version 1.11.2 or higher for the Consul API Gateway.
A HashiCorp Learn tutorial is now available to help you get started with Consul API Gateway on Kubernetes. The tutorial steps through how to deploy a set of microservices using Consul API Gateway as an ingress point, and how to leverage the API Gateway as a load balancer.
We are excited to offer this new solution to our customers and look forward to your feedback. With the addition of the Consul API Gateway, HashiCorp Consul gives users the ability to discover services, secure networking, automate networking, and now manage access to those services. For more information, please read the Consul API Gateway documentation.
Learn the installation and verification workflow for any Linux distribution that does not include HashiCorp software in its package repository.
Integrating HCP Consul Central with Backstage can enhance your organization’s infrastructure-management capabilities. Here’s how to do it.
Managing multiple clusters of HashiCorp tools can be complicated. Target CLI eases the burden by using context profiles to easily switch between different clusters and environments.