search

hashicorp / consul-k8s

First-class support for Consul Service Mesh on Kubernetes
https://www.consul.io/docs/k8s
Mozilla Public License 2.0
668 stars 321 forks source link

Can Consul Service Mesh support pod-to-pod connectivity? #2997

Open r0ka opened 1 year ago

r0ka commented 1 year ago

Hello everyone,

I have a specific use case that involves establishing pod-to-pod connectivity within our environment. Can you please advise if Consul Service Mesh is capable of supporting such pod-to-pod connectivity scenarios.

Br, Roma

blake commented 1 year ago

Hi @r0ka, Consul supports direct pod-to-pod communication when the diailedDirectly configuration option is enabled for the upstream service in its service defaults configuration.

Below is an example config.

---
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceDefaults
metadata:
  name: upstream-service
spec:
  transparentProxy:
    dialedDirectly: true

See https://developer.hashicorp.com/consul/docs/k8s/connect/transparent-proxy/enable-transparent-proxy#headless-services and https://developer.hashicorp.com/consul/docs/connect/config-entries/service-defaults#spec-transparentproxy for more info.

r0ka commented 1 year ago

Hi @blake, Thank you very much for the answer, it works like a charm, however got one issue, maybe you can advise.

I have StatefulSet deployment, using dialedDirectly: true and 'consul.hashicorp.com/connect-inject': 'true' and don't have access to the internet from the container.

From other side, I have another service using regular Deployment and 'consul.hashicorp.com/connect-inject': 'true' and I have access to the internet from the container.

I see documentation about Termination Gateway but do not understand why in one case I have access to internet and don't have in another and when I should use Termination Gateway. https://developer.hashicorp.com/consul/tutorials/kubernetes-features/service-mesh-traffic-management#terminating-gateways

Thank you for your answer in advance.