|
| 1 | +--- |
| 2 | +layout: docs |
| 3 | +page_title: Deploy service mesh proxies |
| 4 | +description: Envoy and other proxies in Consul service mesh enable service-to-service communication across your network. Learn how to deploy service mesh proxies in this topic. |
| 5 | +--- |
| 6 | + |
| 7 | +# Deploy service mesh proxies services |
| 8 | + |
| 9 | +This topic describes how to create, register, and start service mesh proxies in Consul. Refer to [Service mesh proxies overview](/consul/docs/connect/proxies) for additional information about how proxies enable Consul functionalities. For information about deployed sidecar proxies, refer to [Deploy sidecar proxy services](/consul/docs/connect/proxies/sidecar-services). |
| 10 | + |
| 11 | +## Overview |
| 12 | + |
| 13 | +Complete the following steps to deploy a service mesh proxy: |
| 14 | + |
| 15 | +1. It is not required, but you can create a proxy defaults configuration entry that contains global passthrough settings for all Envoy proxies. Refer to [Proxy defaults configuration entry reference](/consul/docs/connect/config-entries/proxy-defaults) for additional information. |
| 16 | +1. Create a service definition file and specify the proxy configurations in the `proxy` block. |
| 17 | +1. Register the service using the API or CLI. |
| 18 | +1. Start the proxy service. |
| 19 | + |
| 20 | +## Requirements |
| 21 | + |
| 22 | +If [ACLs](/consul/docs/security/acl) are enabled and you want to configure global Envoy settings in the [proxy defaults configuration entry](/consul/docs/connect/config-entries/proxy-defaults), you must present a token with `operator:write` permissions. Refer to [Create a service token](/consul/docs/security/acl/tokens/create/create-a-service-token) for additional information. |
| 23 | + |
| 24 | +## Define service mesh proxy |
| 25 | + |
| 26 | +Create a service definition file and configure the following fields to define a service mesh proxy: |
| 27 | + |
| 28 | +1. Set the `kind` field to `connect-proxy`. Refer to the [services configuration reference](/consul/docs/services/configuration/services-configuration-reference#kind) for information about other kinds of proxies you can declare. |
| 29 | +1. Specify a name for the proxy service in the `name` field. Consul applies the configurations to any proxies you bootstrap with the same name. |
| 30 | +1. In the `proxy.destination_service_name` field, specify the name of the service that the proxy represents. |
| 31 | +1. Configure any additional proxy behaviors that you want to implement in the `proxy` block. Refer to the [Service mesh proxy configuration reference](/consul/docs/connect/registration/service-registration) for information about all parameters. |
| 32 | +1. Specify a port number where other services registered with Consul can discover and connect to the proxies service in the `port` field. To ensure that services only allow external connections established through the service mesh protocol, you should configure all services to only accept connections on a loopback address. |
| 33 | + |
| 34 | +Refer to the [Service mesh proxy configuration reference](/consul/docs/connect/proxy-config-reference) for example configurations. |
| 35 | + |
| 36 | + ## Register the service |
| 37 | + |
| 38 | +Provide the service definition to the Consul agent to register your proxy service. You can use the same methods for registering proxy services as you do for registering application services: |
| 39 | + |
| 40 | +- Place the service definition in a Consul agent's configuration directory and start, restart, or reload the agent. Use this method when implementing changes to an existing proxy service. |
| 41 | +- Use the `consul services register` command to register the proxy service with a running Consul agent. |
| 42 | +- Call the `/agent/service/register` HTTP API endpoint to register the proxy service with a running Consul agent. |
| 43 | + |
| 44 | +Refer to [Register services and health checks](/consul/docs/services/usage/register-services-checks) for instructions. |
| 45 | + |
| 46 | +In the following example, the `consul services register` command registers a proxy service stored in `proxy.hcl`: |
| 47 | + |
| 48 | +```shell-session |
| 49 | +$ consul services register proxy.hcl |
| 50 | +``` |
| 51 | + |
| 52 | +## Start the proxy |
| 53 | + |
| 54 | +Envoy requires a bootstrap configuration file before it can start. Use the [`consul connect envoy` command](/consul/commands/connect/envoy) to create the Envoy bootstrap configuration and start the proxy service. Specify the ID of the proxy you want to start with the `-proxy-id` option. |
| 55 | + |
| 56 | +The following example command starts an Envoy proxy for the `web-proxy` service: |
| 57 | + |
| 58 | +```shell-session |
| 59 | +$ consul connect envoy -proxy-id=web-proxy |
| 60 | +``` |
| 61 | + |
| 62 | +For details about operating an Envoy proxy in Consul, refer to the [Envoy proxy reference](/consul/docs/connect/proxies/envoy). |
0 commit comments