Deploy Ingress Gateway on production

Official document just show a simple command for testing

consul connect envoy -gateway=ingress -register -service ingress-gateway -address '{{ GetInterfaceIP "eth0" }}:8888'

I want to deploy Ingress Gateway on production but can’t find any document about this.
How can I run Envoy Ingress Gateway in background process? Can I run in container or systemd service?

actually you can do both.
one way is to build a docker image that inherits from both consul and envoy like this:

FROM consul:1.8.4
FROM envoyproxy/envoy:v1.14.4
COPY --from=0 /bin/consul /bin/consul
ENTRYPOINT ["consul", "connect", "envoy"]

and then run your service in a command like this:
docker run --restart always -d --network host --name ingress-gateway my-image -gateway=ingress -register -service ingress-gateway -address '{{ GetInterfaceIP "eth0" }}:8888'

2 Likes

You can also run the ingress as a systemd service. Here’s an example systemd file.

[Unit]
Description=Consul service mesh ingress gateway
After=network.target consul.service
Requires=consul.service

[Service]
Type=simple
ExecStart=/usr/local/bin/consul connect envoy -gateway=ingress -register -service ingress-gateway -address '{{ GetInterfaceIP "eth0" }}:8888'
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

If you’re using ACLs, you can add -token-file to the command and point it forward a file path on disk which contains the token.

1 Like

Can I hide sensitive headers returned from Envoy?
Envoy returns some headers X-Envoy-*, Server: Envoy…, I want to disable or hide those headers for security reason.