2018-05-29 21:07:40 +00:00
---
2020-04-07 18:55:19 +00:00
layout: docs
2022-09-13 20:48:39 +00:00
page_title: Service Mesh on Consul
description: >-
2022-09-16 15:28:32 +00:00
Consul’ s service mesh makes application and microservice networking secure and observable with identity-based authentication, mutual TLS (mTLS) encryption, and explicit service-to-service authorization enforced by sidecar proxies. Learn how Consul’ s service mesh works and get started on VMs or Kubernetes.
2018-05-29 21:07:40 +00:00
---
2023-03-24 22:16:06 +00:00
# Consul service mesh
2018-05-29 21:07:40 +00:00
2023-05-05 17:41:40 +00:00
Consul service mesh provides service-to-service connection authorization and
encryption using mutual Transport Layer Security (TLS).
2023-01-25 16:52:43 +00:00
Applications can use [sidecar proxies](/consul/docs/connect/proxies) in a service mesh configuration to
2023-05-05 17:41:40 +00:00
establish TLS connections for inbound and outbound connections without being aware of the service mesh at all.
Applications may also [natively integrate with Consul service mesh](/consul/docs/connect/native) for optimal performance and security.
Consul service mesh can help you secure your services and provide data about service-to-service communications.
The noun _connect_ is used throughout this documentation to refer to the connect
subsystem that provides Consul's service mesh capabilities.
Where you encounter the _noun_ connect, it is usually functionality specific to
service mesh.
2019-06-14 05:52:50 +00:00
2023-05-05 17:41:40 +00:00
Review the video below to learn more about Consul service mesh from HashiCorp's co-founder Armon.
2019-12-18 18:54:39 +00:00
2020-04-07 18:55:19 +00:00
<iframe
src="https://www.youtube.com/embed/8T8t4-hQY74"
frameborder="0"
allowfullscreen="true"
width="560"
height="315"
></iframe>
2019-12-18 18:54:39 +00:00
2023-03-24 22:16:06 +00:00
## Application security
2019-06-14 05:52:50 +00:00
2023-03-24 22:16:06 +00:00
Consul service mesh enables secure deployment best-practices with automatic
2019-06-14 05:52:50 +00:00
service-to-service encryption, and identity-based authorization.
2023-03-24 22:16:06 +00:00
Consul uses the registered service identity, rather than IP addresses, to
2023-01-25 16:52:43 +00:00
enforce access control with [intentions](/consul/docs/connect/intentions). This
2023-03-24 22:16:06 +00:00
makes it easier to control access and enables services to be
rescheduled by orchestrators, including Kubernetes and Nomad. Intention
enforcement is network agnostic, so Consul service mesh works with physical networks, cloud
2019-06-14 05:52:50 +00:00
networks, software-defined networks, cross-cloud, and more.
## Observability
2023-03-24 22:16:06 +00:00
One of the key benefits of Consul service mesh is the uniform and consistent view it can
2020-04-06 20:27:35 +00:00
provide of all the services on your network, irrespective of their different
2023-03-24 22:16:06 +00:00
programming languages and frameworks. When you configure Consul service mesh to use
sidecar proxies, those proxies see all service-to-service traffic and can
collect data about it. Consul service mesh can configure Envoy proxies to collect
2019-06-14 05:52:50 +00:00
layer 7 metrics and export them to tools like Prometheus. Correctly instrumented
2020-01-14 22:59:27 +00:00
applications can also send open tracing data through Envoy.
2018-06-06 22:10:52 +00:00
2023-03-24 22:16:06 +00:00
## Getting started with Consul service mesh
2018-10-11 09:44:42 +00:00
2023-03-24 22:16:06 +00:00
Complete the following tutorials try Consul service mesh in different environments:
2018-10-11 09:44:42 +00:00
2023-01-25 16:52:43 +00:00
- The [Getting Started with Consul Service Mesh collection](/consul/tutorials/kubernetes-deploy/service-mesh?utm_source=docs)
2020-04-06 20:27:35 +00:00
walks you through installing Consul as service mesh for Kubernetes using the Helm
chart, deploying services in the service mesh, and using intentions to secure service
communications.
2022-03-18 15:55:57 +00:00
2023-01-25 16:52:43 +00:00
- The [Getting Started With Consul for Kubernetes](/consul/tutorials/get-started-kubernetes?utm_source=docs) tutorials guides you through installing Consul on Kubernetes to set up a service mesh for establishing communication between Kubernetes services.
2018-11-13 13:43:53 +00:00
2023-01-25 16:52:43 +00:00
- The [Secure Service-to-Service Communication tutorial](/consul/tutorials/developer-mesh/service-mesh-with-envoy-proxy?utm_source=docs)
2020-04-06 20:27:35 +00:00
is a simple walk through of connecting two services on your local machine
2023-05-05 17:41:40 +00:00
and configuring your first intention.
2018-11-13 13:43:53 +00:00
2023-01-25 16:52:43 +00:00
- The [Kubernetes tutorial](/consul/tutorials/kubernetes/kubernetes-minikube?utm_source=docs)
2023-05-05 17:41:40 +00:00
walks you through configuring Consul service mesh in Kubernetes using the Helm
2020-04-06 20:27:35 +00:00
chart, and using intentions. You can run the guide on Minikube or an existing
Kubernetes cluster.
2023-01-25 16:52:43 +00:00
- The [observability tutorial](/consul/tutorials/kubernetes/kubernetes-layer7-observability)
2020-04-06 20:27:35 +00:00
shows how to deploy a basic metrics collection and visualization pipeline on
a Minikube or Kubernetes cluster using the official Helm charts for Consul,
Prometheus, and Grafana.