Question for anyone who gets here. Which of the following options would work for you?
- Expose all services through an “ingress” proxy on separate ports.
- Pros: really simple to build and works for all protocols, the only option for TCP services
- Cons: Need to expose N ports to access N services through the proxy
- Expose http(1/2/grpc) services through an “ingress” proxy on a single port, using Hostname to address the required service.
- Pros: clean and natural, no need for an extra layer of routing edge->service to expose services.
-
Cons: Need to have external clients resolve Consul DNS so that we can provide the IP(s) of the ingress proxies for service-specific names. e.g.
<service>.ingress.consul
- Expose http(1/2/grpc) services through an “ingress” proxy on a single port, using a path prefix to address the required service.
- Pros: no need for external Consul DNS resolution - can just use proxy IPs or raw hostnames
-
Cons: need to have a whole new way to configure the mapping of path prefix to service (or just stick with
/<servicename>) and likely change clients who didn’t know about the prefix before when they connected directly etc.
It occurs to me writing this up that we’ll always need 1 for non-HTTP and we could do both 2 and 3 pretty easily especially if we just use a convention rather than a whole new routing layer to map path prefix to service so it might be something we can leave up to users at runtime.
Option 2 is more work to build though so would be good to hear if people would need/use that option over the others if available.