API gateways overview
This topic provides overview information about API gateways in Consul. API gateways enable external network clients to access applications and services running in a Consul datacenter. Consul API gateways can also forward requests from clients to specific destinations based on path or request protocol.
API gateways solve the following primary use cases:
- Control access at the point of entry: Set the protocols of external connection requests and secure inbound connections with TLS certificates from trusted providers, such as Verisign and Let's Encrypt.
- Simplify traffic management: Load balance requests across services and route traffic to the appropriate service by matching one or more criteria, such as hostname, path, header presence or value, and HTTP method.
You can deploy API gateways to networks that implement a variety of computing environments:
- Services hosted on VMs
- Kubernetes-orchestrated service containers
- Kubernetes-orchestrated service containers in OpenShift
The following steps describe the general workflow for deploying a Consul API gateways:
- For Kubernetes-orchestrated services, install Consul on your cluster. For Kubernetes-orchestrated services on OpenShift, you must also enable the
openShift.enabledparameter. Refer to Install Consul on Kubernetes for additional information.
- Define and deploy the API gateway configurations to create the API gateway artifacts. For VM-hosted services, create configuration entries for the gateway service, listeners configurations, and references to TLS certificates. For Kubernetes-orchestrated, configurations also include
- Define and deploy routes between the gateway listeners and services in the mesh.
Gateway configurations are modular, so you can define and attach routes and inline certificates to multiple gateways.
Refer to Technical specifications for API gateways on Kubernetes for additional details and considerations about using API gateways in Kubernetes-orchestrated networks.
Refer to the following resources for help setting up and using API gateways:
- Deploy API gateway listeners to VMs
- Deploy API gateway listeners to Kubernetes
- Deploy API gateway routes to VMs
- Deploy API gateway routes to Kubernetes
- Reroute HTTP requests in Kubernetes
- Route traffic to peered services in Kubernetes
- Encrypt API gateway traffic on VMs
- Use JWTs to verify requests to API gateways on VMs
- Use JWTs to verify requests to API gateways on Kubernetes