Consul
API gateways on Kubernetes overview
This topic provides overview information about API gateways for Consul on Kubernetes.
Introduction
API gateways enable external network clients to access applications and services running in a Consul datacenter. Consul API gateways can also forward requests from clients to specific destinations based on path or request protocol. Systems that access services in the mesh may be internal or external to your organizational network. North-south traffic is a common term to describe this type of network traffic.
Consul API gateway implements the Kubernetes Gateway API specification. For more information, refer to the official Kubernetes documentation
Workflow
To use an API gateway on Consul:
- Verify technical specifications for your cluster. OpenShift users in particular must verify specific parameters in the Helm chart.
- Configure the API gateway to enable it.
- Deploy listeners. Configure one or more listeners to serve as ingress points for requests to services in Consul's service mesh.
- Define a route so that the listener can forward the request to the service in the mesh. Routes can be tuned to define complex traffic shaping. For example, you can Reroute HTTP requests to define URL rewrite rules for the services in your Kubernetes cluster.
Guidance
The following resources are available to help you use Consul API gateways on Kubernetes.
Tutorials
- Enable external traffic ingress into Consul service mesh
- Control access into the service mesh with Consul API gateway
Usage documentation
- Deploy API gateway listeners to Kubernetes
- Deploy API gateway routes to Kubernetes
- Reroute HTTP requests in Kubernetes
- Route traffic to peered services in Kubernetes
- Use JWTs to verify requests to API gateways on Kubernetes
Reference documentation
To use Consul API gateway on Kubernetes, you must configure the following custom resource definitions (CRDs).
| Configuration | Description |
|---|---|
Gateway | Defines the main infrastructure resource for declaring an API gateway and listeners on the gateway. It also specifies the name of the GatewayClass. |
GatewayClass | Defines a class of gateway resources used as a template for creating gateways. The default gateway class is consul and is suitable for most API gateway implementations. |
GatewayClassConfig | Describes additional gateway-related configuration parameters for the GatewayClass resource. |
Routes | Specifies paths from the gateway listener to backend services. |
MeshServices | Enables routes to reference services in Consul. |
ServiceIntentions | Specifies traffic communication rules between services in the mesh. Intentions also enforce rules for service-to-service traffic routed through a Consul API gateway. |
Troubleshooting
API gateway on Kubernetes error messages can help you troubleshoot the most common API gateway errors on Kubernetes.