Official document just show a simple command for testing
consul connect envoy -gateway=ingress -register -service ingress-gateway -address '{{ GetInterfaceIP "eth0" }}:8888'
I want to deploy Ingress Gateway on production but can’t find any document about this.
How can I run Envoy Ingress Gateway in background process? Can I run in container or systemd service?
actually you can do both.
one way is to build a docker image that inherits from both consul and envoy like this:
FROM consul:1.8.4
FROM envoyproxy/envoy:v1.14.4
COPY --from=0 /bin/consul /bin/consul
ENTRYPOINT ["consul", "connect", "envoy"]
and then run your service in a command like this:
docker run --restart always -d --network host --name ingress-gateway my-image -gateway=ingress -register -service ingress-gateway -address '{{ GetInterfaceIP "eth0" }}:8888'
You can also run the ingress as a systemd service. Here’s an example systemd file.
[Unit]
Description=Consul service mesh ingress gateway
After=network.target consul.service
Requires=consul.service
[Service]
Type=simple
ExecStart=/usr/local/bin/consul connect envoy -gateway=ingress -register -service ingress-gateway -address '{{ GetInterfaceIP "eth0" }}:8888'
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
If you’re using ACLs, you can add -token-file to the command and point it forward a file path on disk which contains the token.
Can I hide sensitive headers returned from Envoy?
Envoy returns some headers X-Envoy-*, Server: Envoy…, I want to disable or hide those headers for security reason.