Consul
Deploy API gateway listeners in Kubernetes
This topic describes how to deploy Consul API gateway listeners to Kubernetes-orchestrated environments. If you want to implement API gateway listeners on VMs, refer to Deploy API gateway listeners to virtual machines.
Overview
API gateways have one or more listeners that serve as ingress points for requests to services in a Consul service mesh. Create an API gateway configuration and define listeners that expose ports on the endpoint for ingress. Apply the configuration to direct Kubernetes to start API gateway services.
Routes
After deploying the gateway, attach HTTP or TCP routes to listeners defined in the gateway to control how requests route to services in the network.
Intentions
Configure Consul intentions to allow or prevent traffic between gateway listeners and services in the mesh. Refer to Service intentions for additional information.
Requirements
- Verify that your environment meets the requirements specified in Technical specifications for Kubernetes.
- Verify that the Consul API Gateway CRDs were applied. Refer to Installation for details.
- If your Kubernetes-orchestrated network runs on OpenShift, verify that OpenShift is enabled for your Consul installation. Refer to OpenShift requirements for additional information.
Define the gateway and listeners
Create an API gateway values file that defines the gateway and listeners.
- Specify the following fields:
apiVersion
: Specifies the Kubernetes gateway API version. Must begateway.networking.k8s.io/v1beta1
.kind
: Specifies the type of configuration entry to implement. This must beGateway
.metadata.name
: Specify a name for the gateway configuration. The name is metadata that you can use to reference the configuration when performing Consul operations.spec.gatewayClassName
: Specify the name of agatewayClass
configuration. Gateway classes are template-like resources in Kubernetes for instantiating gateway services. Specifyconsul
to use the default gateway class shipped with Consul. Refer to the GatewayClass configuration reference for additional information.spec.listeners
: Specify a list of listener configurations. Each listener is map containing the following fields:port
: Specifies the port that the listener receives traffic on.name
: Specifies a unique name for the listener.protocol
: You can set eithertcp
orhttp
allowedRoutes.namespaces
: Contains configurations for determining which namespaces are allowed to attach a route to the listener.
- Configure any additional fields necessary for your use case, such as the namespace or admin partition. Refer to the API gateway configuration entry reference for additional information.
- Save the configuration.
In the following example, the API gateway specifies an HTTP listener on port 80
:
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: my-gateway
namespace: consul
spec:
gatewayClassName: consul
listeners:
- protocol: HTTP
port: 80
name: http
allowedRoutes:
namespaces:
from: "All"
Deploy the API gateway and listeners
Apply the configuration to your cluster using the kubectl
command. The following command applies the configuration to the consul
namespace:
$ kubectl apply -f my-gateway.yaml -n consul