Integrating HashiCorp Consul and Envoy using Gloo Connect

Note: HashiCorp recently released its native integration with Envoy on October 23, 2018 at HashiConf. Read the announcement blog to learn more.

Idit Levine is the founder and CEO of solo.io, a Boston-based company that develops tools to help the enterprise adopt and make the most of innovative cloud technologies. At solo, Idit leads the development of Qloo, the codeless GraphQL Engine, Gloo, the function gateway, Squash, a platform for debugging microservices applications, and UniK, an orchestration tool for unikernels. Prior to founding solo.io, Idit was the CTO of the cloud management division at EMC and a member of its global CTO Office. Previously, Idit gained first-hand experience in many aspects of the cloud infrastructure, working for both startup and enterprise companies.

»Consul Connect Announced at HashiDays

On June 26, 2018 at HashiDays, HashiCorp announced the release of Consul Connect, a new capability that extends Consul’s Service Mesh offering.

Connect is a new feature of the open-source project Consul which secures service-to-service networks using automatic TLS encryption and identity-based authorization. Connect provides an authentication and authorization platform based on service identity (already built into Consul) and a simple policy engine called intentions.

Connect deploys and manages network proxies as sidecars, providing certificates, certificate rotation, and configuration directly to the proxy. For simple security and routing between services on the L3/L4 (TCP/IP) level, Connect ships with a built-in proxy which allows users to develop and test without external dependencies. For more advanced Layer 7 use cases, Connect allows integration with other high-performance, sophisticated L7 proxies, such as Envoy. To provide first-class integration between Envoy and Consul Connect, we at Solo.io teamed up with our friends at HashiCorp to build a new open source project Gloo Connect, a Consul-Native Service Mesh.

»Introducing Gloo Connect

Also at HashiDays, Solo.io and HashiCorp announced day-one integration between Envoy and Consul Connect via Gloo Connect. Gloo Connect configures Envoy as a proxy managed by Consul Connect, with all the added functionalities provided by Gloo.

Solo.io is the creator of Gloo, an Envoy control plane with advanced features such as native serverless integration, transformation, and caching. Gloo provides a dynamic foundation on which users can build Envoy-based projects. Previously, we employed Gloo to develop our Function Gateway and QLoo, our Codeless GraphQL Server. Gloo’s design makes it the perfect glue between Consul and Envoy.

Our goal with Gloo Connect was to build a robust Consul-native service mesh powered by Envoy. Consul Connect provides the configuration and security necessary to form the base of the mesh and Gloo adds HTTP-aware traffic control, routing, and observability.

Consul currently focuses on connectivity and security. Consul Connect provides authentication and authorization via TLS certificates, which Consul issues, rotates, and verifies, all without certificates ever having to travel over the network. Consul additionally provides network management at the TCP level by providing all service-to-service connections through the managed proxy, allowing services to connect to each other using only the (inherently more secure) loopback interface.

Gloo delivers Envoy-based solutions to provide additional observability and traffic control capabilities. Gloo Connect integrates Consul with Envoy by translating its L4 configuration to Envoy config API, while enabling all of Gloo’s L7 features. Out of the box, Gloo Connect users will get Consul-powered security and connectivity features on L4 with zero configuration outside of Consul. Users can leverage HTTP-level features in Envoy by configuring Gloo directly via Gloo’s own API. Gloo Connect then intelligently merges the two sources of config into a single set of instructions for Envoy to perform, fulfilling all desired L4 and L7 responsibilities.

In combination, Gloo Connect provides a sophisticated yet simple service mesh solution powered by Envoy and natively integrated with the widespread Consul community. We encourage you to try Gloo Connect today by checking out the instructions at Gloo Connect Docs. Happy connecting!

For more information about Consul, please visit: https://www.consul.io/.