Difficulty: Beginner
Estimated Time: 15 minutes

Consul Connect Service Mesh

Consul service mesh secures service-to-service communication with authorization and encryption. Applications can use sidecar proxies in a service mesh configuration to automatically establish TLS connections for inbound and outbound connections without being aware of the network configuration and topology.

In this hands-on lab, you'll start two services and connect them over a TLS encrypted proxy with Consul service mesh.

Specifically, you'll start four processes.

  • The frontend service is a dashboard that displays a number.
  • The backend service is a counting application that serves a JSON feed with a constantly incrementing number.
  • Two consul connect sidecar proxies represent the dashboard and counting services so they can communicate securely with each other.

The frontend service uses websockets to update its user interface every few seconds with fresh data from the backend service. It also displays status information so you can see if the connection can be established.

You'll spend most of your time executing commands against our demo services (dashboard and counting), but Consul works in the background to help services discover each other and connect through encrypted proxies.

We've configured Consul for you and started a single agent, so it's ready to go. Let's get started!

Congratulations!

You've configured Consul service mesh by completing the following steps:

  • Configured a backend service to run on a specific port with a name
  • Configured a frontend service to proxy to an upstream service over a local port
  • Started a sidecar proxy for each
  • Created a zero-trust network by denying connections by default with Consul intentions
  • Allowed specific communication between services with a Consul intention

Continue Learning about Consul service at HashiCorp Learn.

Consul Connect Service Mesh

Step 1 of 5

Access the Consul UI and Start Backend Service

Consul is already running on a publicly accessible IP address.

Access the Consul UI

The Consul web UI runs on port 8500. Visit it in a new tab here:

Since health checks have been configured, there will be a red X next to the counting, counting-sidecar-proxy, dashboard, and dashboard-sidecar-proxy. The services are not healthy because they are not running.

Start the Backend Service

Start the backend service, counting-service. First, you'll examine the configuration for this service and then start the it on port 9003.

The service definition instructs Consul to look for the counting-service on port 9003. You can see the service definition by looking at the configuration file at /etc/consul.d/counting.json.

cat /etc/consul.d/counting.json

There are three important settings in the service definition.

  • Consul will look for a service running on port 9003. It will advertise that as the counting service. On a properly configured node, this can be reached as counting.service.consul through Consul DNS interface.
  • A service sidecar proxy is defined. This enables proxy communication through Consul service mesh but doesn't define any connections right away. The proxy must be manually started, which we will do later.
  • A health check examines the local /health endpoint every second to determine whether the service is healthy and can be exposed to other services.

Now, start the service, specifying PORT as an environment variable.

PORT=9003 counting-service

Review the output of the counting service at this URL. It's a JSON API with a few keys and values.

If you go back to the Consul Web UI, you'll notice that it automatically updated the counting service which is now healthy and the red X is gone.