Ingress Gateways

Ingress gateways enable ingress traffic from services outside the Consul service mesh to services inside the Consul service mesh. An ingress gateway is a type of proxy and must be registered as a service in Consul, with the kind set to “ingress-gateway”. They are an entrypoint for outside traffic and allow you to define what services should be exposed and on what port. You configure an ingress gateway by defining a set of that each map to a set of backing services.

To enable easier service discovery, a new Consul is provided, on .

Ingress gateways also require that your Consul datacenters are configured correctly:

Consul Connect must be enabled on the datacenter’s Consul servers.

For a complete example of how to allow external traffic inside your Consul service mesh, review the .

Ingress gateways are configured in service definitions and registered with Consul like other services, with two exceptions. The first is that the kind must be “ingress-gateway”. Second, the ingress gateway service definition may contain a entry just like a Connect proxy service, to define opaque configuration parameters useful for the actual proxy software. For Envoy there are some supported as well as escape-hatch overrides.

are global in scope. A configuration entry for a gateway name applies across all federated Consul datacenters. If ingress gateways in different Consul datacenters need to route to different sets of services within their datacenter then the ingress gateways must be registered with different names.

External <> Internal Services - Ingress Gateways

Ingress Gateways