mirror of https://github.com/status-im/consul.git
91 lines
6.6 KiB
Plaintext
91 lines
6.6 KiB
Plaintext
---
|
||
layout: docs
|
||
page_title: Simplified Service Mesh with Consul Dataplane
|
||
description: >-
|
||
Consul Dataplane removes the need to a run client agent for service discovery and service mesh by leveraging orchestrator functions. Learn about Consul Dataplane, how it can lower latency for Consul on Kubernetes, and how it enables Consul support for AWS Fargate and GKE Autopilot.
|
||
---
|
||
|
||
# Simplified Service Mesh with Consul Dataplane
|
||
|
||
This topic provides an overview of Consul Dataplane, a lightweight process for managing Envoy proxies introduced in Consul v1.14.0. Consul Dataplane removes the need to run client agents on every node in a cluster for service discovery and service mesh. Instead, Consul deploys sidecar proxies that provide lower latency, support additional runtimes, and integrate with cloud infrastructure providers.
|
||
|
||
Consul Dataplane requires servers running Consul v1.14.0+ and Consul K8s v1.0.0+.
|
||
|
||
## What is Consul Dataplane?
|
||
|
||
In standard deployments, Consul uses a control plane that contains both _server agents_ and _client agents_. Server agents maintain the service catalog and service mesh, including its security and consistency, while client agents manage communications between service instances, their sidecar proxies, and the servers. While this model is optimal for applications deployed on virtual machines or bare metal servers, orchestrators such as Kubernetes already include components called _kubelets_ that support health checking and service location functions typically provided by the client agent.
|
||
|
||
Consul Dataplane manages Envoy proxies and leaves responsibility for other functions to the orchestrator. As a result, it removes the need to run client agents on every node. In addition, services no longer need to be reregistered to a local client agent after restarting a service instance, as a client agent’s lack of access to persistent data storage in Kubernetes deployments is no longer an issue.
|
||
|
||
![Diagram of Consul Dataplanes in Kubernetes deployment](/img/k8s-dataplanes-architecture.png)
|
||
|
||
### Impact on performance
|
||
|
||
The most significant differences between traditional deployments and Consul Dataplane deployments result from the removal of node-level client agents with gossip communication. They are replaced by _dataplanes_, which are the sidecars injected alongside each service instance that handle communication between Consul servers and Envoy proxies.
|
||
|
||
Be aware of the following changes and their impact on your network's performance:
|
||
|
||
1. Consul servers consume additional resources in order to generate xDS resources for Envoy proxies. In our internal load tests, performing at high scale and churn resulted in additional CPU utilization rates under 10% on the control plane.
|
||
1. As you deploy more services, the resource usage for dataplanes grows on a linear scale.
|
||
1. Envoy reconfigurations are rate limited to prevent excessive configuration changes from generating significant load on the servers.
|
||
1. To avoid generating significant load on an individual server, proxy configuration is load balanced proactively.
|
||
1. The frequency of the orchestrator's liveness and readiness probes determine how quickly Consul's control plane can become aware of failures. There is no impact on service mesh applications, however, as Envoy proxies have a passive ability to detect endpoint failure and steer traffic to healthy instances.
|
||
|
||
## Benefits
|
||
|
||
**Fewer networking requirements**: Without client agents, Consul does not require bidirectional network connectivity across multiple protocols to enable gossip communication. Instead, it requires a single gRPC connection to the Consul servers, which significantly simplifies requirements for the operator.
|
||
|
||
**Simplified set up**: Because there are no client agents to engage in gossip, you do not have to generate and distribute a gossip encryption key to agents during the initial bootstrapping process. Securing agent communication also becomes simpler, with fewer tokens to track, distribute, and rotate.
|
||
|
||
**Additional environment and runtime support**: Current Consul on Kubernetes deployments require using `hostPorts` and `DaemonSets` for client agents, which limits Consul’s ability to be deployed in environments where those features are not supported. As a result, Consul Dataplane supports AWS Fargate and GKE Autopilot.
|
||
|
||
**Easier upgrades**: With Consul Dataplane, updating Consul to a new version no longer requires upgrading client agents. Consul Dataplane also has better compatibility across Consul server versions, so the process to upgrade Consul servers becomes easier.
|
||
|
||
## Get started
|
||
|
||
To get started with Consul Dataplane, use the following reference resources:
|
||
|
||
- For `consul-dataplane` commands and usage examples, including required flags for startup, refer to the [`consul-dataplane` CLI reference](/docs/connect/dataplane/consul-dataplane).
|
||
- For Helm chart information, refer to the [Helm Chart reference](/docs/k8s/helm).
|
||
- For Envoy, Consul, and Consul Dataplane version compatibility, refer to the [Envoy compatibility matrix](/docs/connect/proxies/envoy).
|
||
|
||
### Installation
|
||
|
||
To install Consul Dataplane, set `VERSION` to `1.0.0` and then follow the instructions to install a specific version of Consul [with the Helm Chart](/docs/k8s/installation/install#install-consul) or [with the Consul-k8s CLI](/docs/k8s/installation/install-cli#install-a-previous-version).
|
||
|
||
#### Helm
|
||
|
||
```shell-session
|
||
$ export VERSION=1.0.0
|
||
$ helm install consul hashicorp/consul --set global.name=consul --version ${VERSION} --create-namespace --namespace consul
|
||
```
|
||
|
||
#### Consul-k8s CLI
|
||
|
||
```shell-session
|
||
$ export VERSION=1.0.0 && \
|
||
curl --location "https://releases.hashicorp.com/consul-k8s/${VERSION}/consul-k8s_${VERSION}_darwin_amd64.zip" --output consul-k8s-cli.zip
|
||
```
|
||
|
||
### Upgrading
|
||
|
||
Before you upgrade Consul to a version that uses Consul Dataplane, you must edit your Helm chart so that client agents are removed from your deployments. Refer to [upgrading to Consul Dataplane](/docs/k8s/upgrade#upgrading-to-consul-dataplanes) for more information.
|
||
|
||
## Feature support
|
||
|
||
Consul Dataplane supports the following features:
|
||
|
||
- Single and multi-cluster installations, including those with WAN federation, cluster peering, and admin partitions are supported.
|
||
- Ingress, terminating, and mesh gateways are supported.
|
||
- Running Consul service mesh in AWS Fargate and GKE Autopilot is supported.
|
||
- xDS load balancing is supported.
|
||
- Servers running in Kubernetes and servers external to Kubernetes are both supported.
|
||
- HCP Consul is supported.
|
||
- Consul API Gateway is supported.
|
||
|
||
### Technical Constraints
|
||
|
||
Be aware of the following limitations and recommendations for Consul Dataplane:
|
||
|
||
- Consul Dataplane is not supported on Windows.
|