Deploy Ingress Gateway on production

Official document just show a simple command for testing

consul connect envoy -gateway=ingress -register -service ingress-gateway -address '{{ GetInterfaceIP "eth0" }}:8888'

I want to deploy Ingress Gateway on production but can’t find any document about this.
How can I run Envoy Ingress Gateway in background process? Can I run in container or systemd service?

actually you can do both.
one way is to build a docker image that inherits from both consul and envoy like this:

FROM consul:1.8.4
FROM envoyproxy/envoy:v1.14.4
COPY --from=0 /bin/consul /bin/consul
ENTRYPOINT ["consul", "connect", "envoy"]

and then run your service in a command like this:
docker run --restart always -d --network host --name ingress-gateway my-image -gateway=ingress -register -service ingress-gateway -address '{{ GetInterfaceIP "eth0" }}:8888'


You can also run the ingress as a systemd service. Here’s an example systemd file.

Description=Consul service mesh ingress gateway consul.service

ExecStart=/usr/local/bin/consul connect envoy -gateway=ingress -register -service ingress-gateway -address '{{ GetInterfaceIP "eth0" }}:8888'


If you’re using ACLs, you can add -token-file to the command and point it forward a file path on disk which contains the token.

1 Like

Can I hide sensitive headers returned from Envoy?
Envoy returns some headers X-Envoy-*, Server: Envoy…, I want to disable or hide those headers for security reason.