Our great sponsors
-
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
helmfile
Declaratively deploy your Kubernetes manifests, Kustomize configs, and Charts as Helm releases. Generate all-in-one manifests for use with ArgoCD. (by helmfile)
-
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
eks-consul-ingressnginx
This a basic deployment to show case using nginx as ingress with Consul in transparent mode
-
consul-demo-tracing
Examples using Distributed tracing with Datadog and Jaeger for Consul Service Mesh
-
-
-
consul
Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.
-
Nginx
An official read-only mirror of http://hg.nginx.org/nginx/ which is updated hourly. Pull requests on GitHub cannot be accepted and will be automatically closed. The proper way to submit changes to nginx is via the nginx development mailing list, see http://nginx.org/en/docs/contributing_changes.html
-
-
-
-
-
-
-
-
-
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
If however, you have an application service that needs support for 2+ ports, because you know, Kubernetes supports this, I would recommend avoiding Consul Connect, as it is not functional to meet minimum requirements for a service mesh. Perhaps someday, when Hashicorp prioritizes basic functionality and usability in future version, this product can be considered.
This Helm chart configuration values will install Consul Connect service mesh with automatic injection enabled. When you deploy a pod with annotation of consul.hashicorp.com/connect-inject: "true", side-car containers will be installed to copy the consul binary into the container and setup and configure Envoy proxy. The service resources will be used a a blueprint to register the service with Consul's service catalog and configure the Envoy proxy.
helm-diff plugin to see differences about what will be deployed.
Using Helmfile to deploy Helm charts with templated chart config values, where values and branch logic is set by env vars.
This section covers deploying Kubernetes resources such as Deployment, StatefulSet, ServiceAccount, Service, and so on. This will cover installing the Consul Connect service mesh, Dgraph, and pydgraph-client to access Dgraph through the service mesh.
injection stack traces when deploying multi-port application (issue 1594)
Now you can you can point the connection configuration in Ratel to http://localhost:8080:
traefik-consul walk-through
consul ingress controllers integration with Traefik or Kong using terrafom
Consul on EKS using nginx as ingress (transparent mode)
Consul Service Mesh Tracing Demo
Blog Source Code: https://github.com/darkn3rd/blog_tutorials/tree/master/kubernetes/gke/service-mesh/consul-connect
HTTP/gRPC Greeter Application: https://github.com/darkn3rd/greeter
POSIX shell (sh) such as GNU Bash (bash) or Zsh (zsh): these scripts in this guide were tested using either of these shells on macOS and Ubuntu Linux.
The underlying tool Consul is very powerful, and Consul Connect service mesh on top of this tool is quite robust and extremely flexible where you can swap out the default CA for other solutions, like Vault CA, and swap out the Envoy proxy for another solution, like NGINX or HAProxy. For ingress into the cluster, you can use Consul API Gateway, or another API Gateway or an ingress controller.
The underlying tool Consul is very powerful, and Consul Connect service mesh on top of this tool is quite robust and extremely flexible where you can swap out the default CA for other solutions, like Vault CA, and swap out the Envoy proxy for another solution, like NGINX or HAProxy. For ingress into the cluster, you can use Consul API Gateway, or another API Gateway or an ingress controller.
The underlying tool Consul is very powerful, and Consul Connect service mesh on top of this tool is quite robust and extremely flexible where you can swap out the default CA for other solutions, like Vault CA, and swap out the Envoy proxy for another solution, like NGINX or HAProxy. For ingress into the cluster, you can use Consul API Gateway, or another API Gateway or an ingress controller.
I have experimented with other service meshes and I was able to get up to speed quickly: Linkerd = 1 day, Istio = 3 days, NGINX Service Mesh = 5 days, but Consul Connect service mesh took at least 11 days to get off the ground. This is by far the most complex solution available.
Consul Connect service mesh has a higher memory footprint, so on a small cluster with e5-medium nodes (2 vCPUs, 4 GB memory), you will only be able to support a maximum of 6 side-car proxies. In order to get an application like Dgraph working, which will have 6 nodes (3 Dgraph Alpha pods and 3 Dgraph Zero pods) for high availability along with at least one client, a larger footprint with more robust Kubernetes worker nodes were required.
I have experimented with other service meshes and I was able to get up to speed quickly: Linkerd = 1 day, Istio = 3 days, NGINX Service Mesh = 5 days, but Consul Connect service mesh took at least 11 days to get off the ground. This is by far the most complex solution available.
source env.sh # https://hub.docker.com/r/darknerd/pydgraph-client export DOCKER_REGISTRY=darknerd export CCSM_ENABLED=true helmfile --file ./examples/dgraph/pydgraph_client.yaml apply
For Kubernetes, experience with deploying applications with service resources is useful, but even if you don’t have this, this guide will walk you through it. Configuring KUBECONFIG to access the Kubernetes cluster with Kubernetes client (kubectl) and using Helm (helm), so familiarity to this is useful.
Deploying a server and a client with multiport support: HTTP and gRPC
git (git command) to download source code from git code repositories.
Consul Connect service mesh has a higher memory footprint, so on a small cluster with e5-medium nodes (2 vCPUs, 4 GB memory), you will only be able to support a maximum of 6 side-car proxies. In order to get an application like Dgraph working, which will have 6 nodes (3 Dgraph Alpha pods and 3 Dgraph Zero pods) for high availability along with at least one client, a larger footprint with more robust Kubernetes worker nodes were required.
For Google Cloud, you should be familiar Google Cloud SDK (gcloud tool) with setting up an account, project, and provisioning resources. This is important as there are cost factors involved in setting these things up.
repositories: # https://artifacthub.io/packages/helm/dgraph/dgraph/0.0.19 - name: dgraph url: https://charts.dgraph.io # https://artifacthub.io/packages/helm/main/raw - name: bedag url: https://bedag.github.io/helm-charts/ releases: # Dgraph additional resources required to support Consul - name: dgraph-extra chart: bedag/raw namespace: dgraph version: 1.1.0 values: - resources: - apiVersion: v1 kind: ServiceAccount metadata: name: dgraph-dgraph-zero - apiVersion: v1 kind: ServiceAccount metadata: name: dgraph-dgraph-alpha - apiVersion: v1 kind: ServiceAccount metadata: name: dgraph-dgraph-alpha-grpc - apiVersion: v1 kind: Service metadata: name: dgraph-dgraph-alpha-grpc spec: ports: - name: grpc-alpha port: 9080 publishNotReadyAddresses: true selector: app: dgraph chart: dgraph-0.0.19 component: alpha release: dgraph type: ClusterIP # Dgraph cluster with 2 x StatefulSet (3 Zero pods, 3 Alpha pods) - name: dgraph namespace: dgraph chart: dgraph/dgraph version: 0.0.19 needs: - dgraph/dgraph-extra values: - image: tag: v21.03.2 zero: extraAnnotations: consul.hashicorp.com/connect-inject: 'true' # disable transparent-proxy for multi-port services consul.hashicorp.com/transparent-proxy: 'false' consul.hashicorp.com/transparent-proxy-exclude-inbound-ports: "5080,7080" consul.hashicorp.com/transparent-proxy-exclude-outbound-ports: "5080,7080" alpha: extraAnnotations: consul.hashicorp.com/connect-inject: 'true' # disable transparent-proxy for multi-port services consul.hashicorp.com/transparent-proxy: 'false' # use these registered consul services for different ports consul.hashicorp.com/connect-service: 'dgraph-dgraph-alpha,dgraph-dgraph-alpha-grpc' consul.hashicorp.com/connect-service-port: '8080,9080' consul.hashicorp.com/transparent-proxy-exclude-inbound-ports: "5080,7080" consul.hashicorp.com/transparent-proxy-exclude-outbound-ports: "5080,7080" configFile: config.yaml: | security: whitelist: {{ env "DG_ACCEPT_LIST" | default "0.0.0.0/0" | quote }} # patch existing resources using merge patches strategicMergePatches: # add serviceAccountName to Alpha StatefulSet - apiVersion: apps/v1 kind: StatefulSet metadata: name: dgraph-dgraph-alpha spec: template: spec: serviceAccountName: dgraph-dgraph-alpha # add serviceAccountName to Zero StatefulSet - apiVersion: apps/v1 kind: StatefulSet metadata: name: dgraph-dgraph-zero spec: template: spec: serviceAccountName: dgraph-dgraph-zero # add label to Alpha headless service - apiVersion: v1 kind: Service metadata: name: dgraph-dgraph-alpha-headless labels: consul.hashicorp.com/service-ignore: 'true' # add label to Zero headless service - apiVersion: v1 kind: Service metadata: name: dgraph-dgraph-zero-headless labels: consul.hashicorp.com/service-ignore: 'true' # patch existing resource using jsonPatches jsonPatches: # remove existing grpc port from serivce - target: version: v1 kind: Service name: dgraph-dgraph-alpha patch: - op: remove path: /spec/ports/1