In your setup to keep things simple you could do the following: A container in a docker network on one machine will not be accessible from a docker container in another machine unless you are doing one of three things. Something to think about when using Docker containers is that Docker containers by default will run in their own virtual network. The registration of all these services forms the service catalog which is used by the service mesh. When you register a container on a virtual machine you register it with the local consul agent, the IP address and port the service in the container runs on is registered in Consul.
I say eventually as data is cached on the agent and will tolerate temporary outages. One thing to note about this approach is that there is no redundancy, if the Consul server fails, all of your service mesh will eventually fail. The Consul server could reside on one of the Virtual Machines where your workload is. Running Consul in this environment would need a consul server and an agent deployed to each virtual machine.
Consul connect will certainly help with ensuring the traffic is encrypted between services, from a micro-segmentation approach you also have the ability to control which service is allowed to talk to another service.
0 kommentar(er)
