Consul API Gateway 0.1.0
Overview
This is the first general availability (GA) release of Consul API Gateway. It provides controlled access for network traffic from outside a Consul service mesh to Services on the mesh
You can use API Gateway in Kubernetes deployments as an alternative to Consul’s ingress gateway functionality. It provides additional capabilities that ingress gateway does not. These include:
- It allows you to configure and deploy new gateways at any time, without rerunning the Consul Helm chart. The configuration of a running gateway can be changed dynamically at anytime, usually without disrupting any the the traffic flowing through it.
- Listeners on a gateway can use TLS server certificates signed by any certificate authority (CA). This allows you to use certificates from public CA’s, such as Verisign and Let’s Encrypt, and private CA’s, such as a company’s internal CA.
Release Highlights
This release includes the following features and capabilities:
- Can be deployed in the following run time environments:
- Self-managed Kubernetes
- AWS EKS
- Google GKE
- Azure AKS.
- Install via the HashiCorp Consul Helm chart.
- Works with self-managed Consul servers and HCP Consul servers
- Configure via Kubernetes Gateway API - v1alpha2
- Deploy 1 or more logical API Gateways per Kubernetes cluster
- Support for HTTP, HTTPS, TCP, and TCP+TLS
- Support for HTTP versions 1.1 and 2
- Load balance across a service’s instances
- Listeners load TLS certificates, signed by any CA, from Kubernetes secret storage
- Route HTTP/S traffic to Services based on matching:
- Hostname
- URI Path
- HTTP Header
- HTTP Method
- HTTP Query parameters
- HTTP header manipulation:
- Set header value
- Add header and/or value
- Remove header and/or value
- TLS settings configurable per Kubernetes Listener:
- Set minimum allowed TLS version
- Enabled cipher-suites (a.k.a. cipher string)
- Route to services in different namespaces
- Split traffic across multiple services based on weight
- Support for multi-runtime service mesh deployments
- Consul API Gateway must be running on Kubernetes, but it can route traffic to services running outside of K8s as long the service is connected to the Consul service mesh.
Supported Software
- Consul 1.11.2+
- HashiCorp Consul Helm chart 0.41.1+
- Kubernetes 1.21+
- Kubectl 1.21+
- Envoy proxy support is determined by the Consul version deployed. Refer to Envoy Integration for details.
Kubernetes Gateway API Specification
Supported version of the Gateway API spec: v1alpha2
(v0.4.1)
For more detailed information, please refer to the product documentation.