Hi,
I am aware that consul api gw is used to enable external network clients to access applications and services running inside the consul mesh (north-south traffic). I was wondering if the API gateway can be used for east-west traffic inside the consul mesh?
Thanks
This seems to work for me:
managedGatewayClass:
serviceType: NodePort
useHostPorts: true
Then I can do path based routing such as: http://clusterip:port/api/path_abc that’s defined under HTTPRoute
Thanks!
Same topic but another question:
Is it possible to deploy two consul api gateways on the same consul cluster where
- First one with serviceType = LoadBalancer
- Second one (internal routing) with serviceType = ClusterIP or NodePort
?
Thanks!
Hi @kha7281! The serviceType
is configured once per GatewayClass
- you’ll see the name of the class configured on a Gateway
object - so you’d essentially need a second GatewayClass
(and related GatewayClassConfig
) in order to use a different serviceType
within the same cluster.
Consul-k8s configures the “consul-api-gateway” GatewayClass
and related GatewayClassConfig
behind the scenes. This single GatewayClass
is what’s supported out of the box right now; however, if you really needed to have two different configurations in the same cluster, you could do so by creating your own secondary GatewayClassConfig
and GatewayClass
and then using gatewayClassName: my-other-gateway-class
when creating your Gateway
(see minimal example below).
The downside to this approach is that it isn’t officially supported today and isn’t managed by the consul-k8s Helm chart (assuming here that that’s your install method). Every time you completed an upgrade, you’d potentially need to mirror a set of changes over to your second GatewayClassConfig
+ GatewayClass
(in addition to figuring out what that set of changes should be).
Here’s an example of what I was talking about above. Disclaimer: this code is not guaranteed to work and, as I mentioned above, this approach isn’t officially supported today.
---
apiVersion: api-gateway.consul.hashicorp.com/v1alpha1
kind: GatewayClassConfig
metadata:
name: my-other-gateway-class-config
spec:
...
serviceType: NodePort
useHostPorts: true
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: GatewayClass
metadata:
name: my-other-gateway-class
spec:
controllerName: hashicorp.com/consul-api-gateway-controller
parametersRef:
group: api-gateway.consul.hashicorp.com
kind: GatewayClassConfig
name: my-other-gateway-class-config
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: nodeport-gateway
spec:
gatewayClassName: my-other-gateway-class
...
Hi @nathancoleman
Happy to report that it worked. Preliminary testing shows that I can hit my services internally (defined in HTTPRoute) via this internal api gw. Example:
curl -si http://internal-api-gateway:8081/api/service-a
curl si http://internal-api-gateway:8081/api/service-b
The consul api gw is so flexible. In the future I hope the internal routing use case like mine can be installed officially via Helm.
Many thanks again