ConsulConsul

概述Overview

Consul 是一项能够感知多数据中心的服务网络解决方案,可以跨运行时平台连接服务并确保其安全。Consul is a multi data centre aware service networking solution to connect and secure services across runtime platforms. Connect 是提供服务网格功能的组件。Connect is the component that provides service mesh capabilities.

体系结构Architecture

默认情况下,Consul 提供由基于 Envoy挎斗组成的数据平面。Consul provides a data plane that is composed of Envoy-based sidecars by default. Consul 有一个可插入的代理体系结构。Consul has a pluggable proxy architecture. 这些智能代理控制进出网格应用和工作负荷的所有网络流量。These intelligent proxies control all network traffic in and out of your meshed apps and workloads.

控制平面通过以下组件管理配置和策略:The control plane manages the configuration, and policy via the following components:

  • 服务器 - 一个以“服务器”模式运行的 Consul 代理,可保留 Consul 群集状态。Server - A Consul Agent running in Server mode that maintains Consul cluster state.

  • 客户端 - 一个 Consul 代理,在轻型客户端模式下运行。Client - A Consul Agent running in lightweight Client Mode. 每个计算节点必须有一个正在运行的客户端代理。Each compute node must have a Client agent running. 此客户端代理工作负荷和 Consul 配置之间的配置和策略。This client brokers configuration and policy between the workloads and the Consul configuration.

下面的体系结构关系图演示了数据平面和控制平面内的各种组件如何交互。The following architecture diagram demonstrates how the various components within the data plane and control plane interact.

Consul 组件和体系结构概述。

选择条件Selection criteria

为工作负荷评估 Consul 时,请务必了解并考虑以下方面:It's important to understand and consider the following areas when evaluating Consul for your workloads:

Consul 原则Consul principles

以下原则指导 Consul 项目:The following principles guide the Consul project:

  • API 驱动 - 对所有配置和策略进行编码。API-Driven - Codify all configuration and policy.

  • 在任意位置运行并连接 - 跨运行时平台(Kubernetes、VM、无服务器)连接工作负荷。Run and Connect Anywhere - Connect workloads across runtime platforms (Kubernetes, VMs, Serverless).

  • 扩展和集成 - 跨基础结构安全地连接工作负荷。Extend and Integrate - Securely connect workloads across infrastructure.

功能Capabilities

Consul 提供下述功能集:Consul provides the following set of capabilities:

  • 网格 - 网关(多数据中心)、虚拟机(源自群集节点)、服务同步、内置调试选项Mesh - gateway (multi data centre), virtual machines (out of cluster nodes), service sync, built in debugging option

  • 代理 - Envoy、内置代理、可插入、适用于 Windows 工作负荷的 l4 代理Proxies - Envoy, built-in proxy, pluggable, l4 proxy available for Windows workloads

  • 流量管理 - 路由、拆分、解析Traffic Management - routing, splitting, resolution

  • 策略 - 意向、ACLPolicy - intentions, ACLs

  • 安全性 - 授权、身份验证、加密、基于 SPIFFE 的标识、外部 CA(保管库)、证书管理、轮换Security - authorisation, authentication, encryption, SPIFFE-based identities, external CA (Vault), certificate management, and rotation

  • 可观测性 - 指标、UI 仪表板、prometheus、grafanaObservability - metrics, ui dashboard, prometheus, grafana

方案Scenarios

Consul 非常适合以下方案,建议采用:Consul is well suited to and suggested for the following scenarios:

  • 扩展现有的 Consul 连接的工作负荷Extending existing Consul connected workloads

  • 围绕证书管理制定的符合性要求Compliance requirements around certificate management

  • 多群集服务网格Multi cluster service mesh

  • 基于 VM 的工作负荷,将会包括在服务网格中VM-based workloads to be included in the service mesh

后续步骤Next steps

以下文档介绍如何在 Azure Kubernetes 服务 (AKS) 上安装 Consul:The following documentation describes how you can install Consul on Azure Kubernetes Service (AKS):

此外,还可以通过以下文章进一步了解 Consul 的功能和体系结构:You can also further explore Consul features and architecture: