Hi Blake, thanks for getting back to my question.
I’m thinking of having a standalone ingress (public) but to a service mesh (consul) enabled cluster (private). So I’ll have two envoys running. One runs in public network and custom managed by myself and another runs in private network managed by Consul.
From my humble research, it looks like I can generate envoy configuration for the ingress by running this command
consul connect envoy and hopefully envoy ingress can discover nomad cluster as an EDS cluster and then forward traffic to one of the containers managed by nomad.
What I want to achieve is keeping my nomad/consul cluster running private and only exposed via this public facing envoy ingress.
Of course I still want to use sidecars for service-to-service communication, I recently discovered that I can leverage DNS capability of consul so that I can make calls like
GET http://users.service.consul/api/v1/users within the app code and the it will resolve to a container registered to
Maybe there are things I don’t understand quite clearly yet. I’d love to get the feedback from you.