Chapter 5. Ingress Gateways
Consul service mesh is secure by default. This means that Consul requires all requests to be authorized. Chapter 6 covers authorization in detail, but the long and short of it is that user-facing services can’t be accessed directly. Instead, they must be accessed through a gateway that sets the necessary authorization.
This is the purpose of a Consul ingress gateway. Ingress gateways take unauthorized requests from outside the service mesh and route the requests to services running securely inside the mesh.1
In this chapter, you’ll learn how ingress gateways work and how to deploy them on Kubernetes or VMs. You’ll then continue the exercise from Chapter 4 and expose the Birdwatcher frontend service via an ingress gateway.
Why You Need an Ingress Gateway
Most companies require some of their services to be accessed externally by users or API consumers. For example, an ecommerce company may have many internal services that only receive requests from other internal services, but they will also run public-facing services that are accessed by users. Figure 5-1 shows a typical architecture with a load balancer proxying traffic from the public internet directly through to the public-facing services.
Figure 5-1. A typical architecture with a public-facing service
In this architecture, if the public-facing service is running in the service mesh, it will reject ...
Get Consul: Up and Running now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
