Consul API Gateway 0.1.0
- It allows you to configure and deploy new gateways at any time, without rerunning the Consul Helm chart. The configuration of a running gateway can be changed dynamically at anytime, usually without disrupting any the the traffic flowing through it.
- Listeners on a gateway can use TLS server certificates signed by any certificate authority (CA). This allows you to use certificates from public CA’s, such as Verisign and Let’s Encrypt, and private CA’s, such as a company’s internal CA.
- Can be deployed in the following run time environments:
- Self-managed Kubernetes
- AWS EKS
- Google GKE
- Azure AKS.
- Install via the HashiCorp Consul Helm chart.
- Works with self-managed Consul servers and HCP Consul servers
- Deploy 1 or more logical API Gateways per Kubernetes cluster
- Support for HTTP, HTTPS, TCP, and TCP+TLS
- Support for HTTP versions 1.1 and 2
- Load balance across a service’s instances
- Listeners load TLS certificates, signed by any CA, from Kubernetes secret storage
- Route HTTP/S traffic to Services based on matching:
- Hostname
- URI Path
- HTTP Header
- HTTP Method
- HTTP Query parameters
- HTTP header manipulation:
- Set header value
- Remove header and/or value
- TLS settings configurable per Kubernetes Listener:
- Set minimum allowed TLS version
- Enabled cipher-suites (a.k.a. cipher string)
- Route to services in different namespaces
- Split traffic across multiple services based on weight
- Support for multi-runtime service mesh deployments
- Consul API Gateway must be running on Kubernetes, but it can route traffic to services running outside of K8s as long the service is connected to the Consul service mesh.
- Consul 1.11.2+
- HashiCorp Consul Helm chart 0.41.1+
- Kubernetes 1.21+
- Kubectl 1.21+
- Envoy proxy support is determined by the Consul version deployed. Refer to Envoy Integration for details.