trujillo-adam 90bbae5d75
Docs/intentions refactor docs day 2022 (#16758)
* converted intentions conf entry to ref CT format

* set up intentions nav

* add page for intentions usage

* final intentions usage page

* final intentions overview page

* fixed old relative links

* updated diagram for overview

* updated links to intentions content

* fixed typo in updated links

* rename intentions overview page file to index

* rollback link updates to intentions overview

* fixed nav

* Updated custom HTML in API and CLI pages to MD

* applied suggestions from review to index page

* moved conf examples from usage to conf ref

* missed custom HTML section

* applied additional feedback

* Apply suggestions from code review

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

* updated headings in usage page

* renamed files and udpated nav

* updated links to new file names

* added redirects and final tweaks

* typo

---------

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2023-03-24 15:16:06 -07:00

74 lines
4.1 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
layout: docs
page_title: Service Mesh on Consul
description: >-
Consuls service mesh makes application and microservice networking secure and observable with identity-based authentication, mutual TLS (mTLS) encryption, and explicit service-to-service authorization enforced by sidecar proxies. Learn how Consuls service mesh works and get started on VMs or Kubernetes.
---
# Consul service mesh
Consul Service Mesh provides service-to-service connection authorization and
encryption using mutual Transport Layer Security (TLS). Consul Connect is used interchangeably
with the name Consul Service Mesh and is what this document will use to refer to for Service Mesh functionality within Consul.
Applications can use [sidecar proxies](/consul/docs/connect/proxies) in a service mesh configuration to
establish TLS connections for inbound and outbound connections without being aware of Connect at all.
Applications may also [natively integrate with Connect](/consul/docs/connect/native) for optimal performance and security.
Connect can help you secure your services and provide data about service-to-service communications.
Review the video below to learn more about Consul Connect from HashiCorp's co-founder Armon.
<iframe
src="https://www.youtube.com/embed/8T8t4-hQY74"
frameborder="0"
allowfullscreen="true"
width="560"
height="315"
></iframe>
## Application security
Consul service mesh enables secure deployment best-practices with automatic
service-to-service encryption, and identity-based authorization.
Consul uses the registered service identity, rather than IP addresses, to
enforce access control with [intentions](/consul/docs/connect/intentions). This
makes it easier to control access and enables services to be
rescheduled by orchestrators, including Kubernetes and Nomad. Intention
enforcement is network agnostic, so Consul service mesh works with physical networks, cloud
networks, software-defined networks, cross-cloud, and more.
## Observability
One of the key benefits of Consul service mesh is the uniform and consistent view it can
provide of all the services on your network, irrespective of their different
programming languages and frameworks. When you configure Consul service mesh to use
sidecar proxies, those proxies see all service-to-service traffic and can
collect data about it. Consul service mesh can configure Envoy proxies to collect
layer 7 metrics and export them to tools like Prometheus. Correctly instrumented
applications can also send open tracing data through Envoy.
## Getting started with Consul service mesh
Complete the following tutorials try Consul service mesh in different environments:
- The [Getting Started with Consul Service Mesh collection](/consul/tutorials/kubernetes-deploy/service-mesh?utm_source=docs)
walks you through installing Consul as service mesh for Kubernetes using the Helm
chart, deploying services in the service mesh, and using intentions to secure service
communications.
- The [Getting Started With Consul for Kubernetes](/consul/tutorials/get-started-kubernetes?utm_source=docs) tutorials guides you through installing Consul on Kubernetes to set up a service mesh for establishing communication between Kubernetes services.
- The [Secure Service-to-Service Communication tutorial](/consul/tutorials/developer-mesh/service-mesh-with-envoy-proxy?utm_source=docs)
is a simple walk through of connecting two services on your local machine
using Consul Connect's built-in proxy and configuring your first intention. The guide also includes an introduction to
using Envoy as the Connect sidecar proxy.
- The [Kubernetes tutorial](/consul/tutorials/kubernetes/kubernetes-minikube?utm_source=docs)
walks you through configuring Consul Connect in Kubernetes using the Helm
chart, and using intentions. You can run the guide on Minikube or an existing
Kubernetes cluster.
- The [observability tutorial](/consul/tutorials/kubernetes/kubernetes-layer7-observability)
shows how to deploy a basic metrics collection and visualization pipeline on
a Minikube or Kubernetes cluster using the official Helm charts for Consul,
Prometheus, and Grafana.