HashiCorp has announced the release of version 0.3 of their Consul on Amazon ECS service. The release includes support for additional configuration options, deployment without Terraform, and confirmed support for high traffic loads. They have also released, in partnership with AWS, a AWS Cloud Development Kit (CDK) to support using Consul on Amazon ECS.
HashiCorp Consul is a multi-platform service mesh providing service discovery, secure service-to-service communication, traffic management, and health monitoring. Consul Service Mesh on Amazon ECS installs the necessary Consul clients and Envoy proxies needed to enable the service mesh on Amazon ECS. It supports both Amazon ECS on AWS Fargate and Amazon ECS on EC2 launch types. The service will auto provision ACL tokens as needed for tasks running on the service mesh.
Tasks running on the ECS cluster are created via the mesh-task
module. This module adds additional sidecar containers to the task definition to enable Consul's services. This includes mesh-init
which runs at startup to configure both Consul and Envoy. The consul-client
container runs the Consul client that connects with the Consul servers. It is also responsible for configuring the sidecar proxy. This container (sidecar-proxy
) runs Envoy which handles all requests to and from the running application. Finally the optional health-sync
container synchronizes the health check statuses from ECS into Consul.
Health check syncing will occur only if the app container has been marked as essential
, has ECS healthChecks
, and is not configured with native Consul health checks. If the container meets those criteria then the mesh-init
container will create the TTL health check.
The CDK simplifies the process of adding ECS tasks into the service mesh. For example, declaring a service from a Docker image can be done as follows:
const greetingDescription = new ecs_extensions.ServiceDescription();
greetingDescription.add(new ecs_extensions.Container({
cpu: 512,
memoryMiB: 1024,
trafficPort: 3000,
image: ecs.ContainerImage.fromAsset(path.resolve(__dirname, '../../../services/greeting/src/'), {file: 'Dockerfile'}),
}));
greetingDescription.add(new consul_ecs.ECSConsulMeshExtension({
...baseProps,
serviceDiscoveryName: 'greeting',
}));
const greeting = new ecs_extensions.Service(this, 'greeting', {
environment: envProps.ecsEnvironment,
serviceDescription: greetingDescription,
});
In addition to using the CDK to deploy Consul onto Amazon ECS there is a Terraform module, consul-ecs, available in the Terraform registry. With the new extended configuration options in the 0.3 release it is now also simpler to configure and deploy without Terraform.
The release also improves the efficiency of the access control list (ACL) controller. With this improvement, Hashicorp indicates that the service "can safely churn thousands of tasks at a time."
More details on the release can be found on the HashiCorp blog. There are two new tutorials available that walk through deploying on HashiCorp Cloud Platform (HCP) and on Amazon EC2. The CDK for Consul on Amazon ECS is available via GitHub.