Best practices for microservices development with Consul

Consul
1

Hello everyone,

We are exploring Consul as our mesh for microservices development. However, we have doubts about the best practices when developing locally microservices.

From what we have read online, ideally, (i.e. with 20 microservices) rather than deploying locally all those microservices, we should just deploy & develop the one we are working on and rely on the ones deployed in our cloud account for development.

We have thoughts about a building our own custom router using L7 capabilities. However, this has the downside of having to maintain a dedicated router in our dev account to support local development for our engineers.

Alternatively, we were considering the possibility of creating local clusters for our developers running on their laptops that connect to the consul mesh running in our AWS account. This would allow us to use Consul routing capabilities to achieve the same behaviour but without having to maintain an additional service.

A few questions around this topic:

  • Is this an acceptable usage of Consul Mesh Gateways?
  • Are there any other best practices to achieve this?

We have found Telepresence, which has been built specifically to solve this type of challenges but it’s only available for Kubernetes (and we are running on AWS Fargate + EC2).

Any help or guide on this topic would be highly appreciated!

Thx,
Isaac.

2

Hey Isaac, good question! I think you’ve thought through to a good solution. There aren’t any best practices that I know of around this so I look forward to your blog article!

There’s a couple of ways I’d go with this:

  1. You could definitely use mesh gateways but note that it’ll be complicated. You’d need to have each laptop be its own consul datacenter and federate with the dc on aws. It can definitely work so I think it’s a legitimate use.
  2. You could create your own “terminating gateway” in your dev account by following something similar to https://www.hashicorp.com/blog/proxy-ingress-to-consul-service-mesh. You’d run an app on your laptop and its service urls would point at the gateway. The gateway would then encrypt the traffic using consul connect and route to the destination service via the mesh. We’re also planning to build our own terminating gateway in the coming months. This is basically your custom L7 router so has the same downsides you outlined.
  3. In your dev account on aws, you could allow traffic to bypass the envoy proxy and route directly to the underlying apps. Then your laptop’s traffic could route to the underlying apps and it wouldn’t need to go through the service mesh. But then you can’t use the L7 config so maybe that’s a requirement.