Deploy API gateway listeners in Kubernetes
This topic describes how to deploy Consul API gateway listeners to Kubernetes-orchestrated environments. If you want to implement API gateway listeners on VMs, refer to Deploy API gateway listeners to virtual machines.
API gateways have one or more listeners that serve as ingress points for requests to services in a Consul service mesh. Create an API gateway configuration and define listeners that expose ports on the endpoint for ingress. Apply the configuration to direct Kubernetes to start API gateway services.
After deploying the gateway, attach HTTP or TCP routes to listeners defined in the gateway to control how requests route to services in the network.
Configure Consul intentions to allow or prevent traffic between gateway listeners and services in the mesh. Refer to Service intentions for additional information.
- Verify that your environment meets the requirements specified in Technical specifications for Kubernetes.
- Verify that the Consul API Gateway CRDs were applied. Refer to Installation for details.
- If your Kubernetes-orchestrated network runs on OpenShift, verify that OpenShift is enabled for your Consul installation. Refer to OpenShift requirements for additional information.
Create an API gateway values file that defines the gateway and listeners.
- Specify the following fields:
apiVersion: Specifies the Kubernetes gateway API version. Must be
kind: Specifies the type of configuration entry to implement. This must be
metadata.name: Specify a name for the gateway configuration. The name is metadata that you can use to reference the configuration when performing Consul operations.
spec.gatewayClassName: Specify the name of a
gatewayClassconfiguration. Gateway classes are template-like resources in Kubernetes for instantiating gateway services. Specify
consulto use the default gateway class shipped with Consul. Refer to the GatewayClass configuration reference for additional information.
spec.listeners: Specify a list of listener configurations. Each listener is map containing the following fields:
- Configure any additional fields necessary for your use case, such as the namespace or admin partition. Refer to the API gateway configuration entry reference for additional information.
- Save the configuration.
In the following example, the API gateway specifies an HTTP listener on port
apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: name: my-gateway namespace: consul spec: gatewayClassName: consul listeners: - protocol: HTTP port: 80 name: http allowedRoutes: namespaces: from: "All"
Apply the configuration to your cluster using the
kubectl command. The following command applies the configuration to the
$ kubectl apply -f my-gateway.yaml -n consul