HashiCorp claims a first with open source service mesh for Amazon ECS


HashiCorp has made available a tech preview of its Consul service mesh to deploy on Amazon’s Elastic Container Service, with the goal of a delivering a true multi-platform service mesh able to support distributed applications on multiple runtime platforms.

Currently, this is a tech preview release and so it is designed to let users deploy a non-production version of Consul for testing on the Amazon ECS. HashiCorp claims this makes it the first open source service mesh to be deployable on ECS.

Amazon ECS is a fully managed container orchestration service that is popular with organisations that already use AWS for a significant amount of their IT infrastructure. However, HashiCorp contends that customers frequently opt for multiple kinds of orchestration services. Adding ECS to the list of runtime platforms supported by Consul is another step towards the goal of a true multi-platform service mesh, the firm says.

According to HashiCorp, running Consul on ECS lets developers take advantage of key features supported by its service mesh. These include zero trust networking, whereby all traffic between tasks is fully encrypted with mTLS. Consul’s configuration entries can be used to configure the behaviour of proxies to retry failed requests and increase the reliability of microservices, while the sidecar proxies can be configured to emit consistent request metrics to improve observability.

The HashiCorp Blog details how users interested in trying out the integration can start using the Consul service mesh tech preview on Amazon ECS. The firm suggests that such users deploy Consul service mesh onto ECS using HashiCorp’s Terraform provisioning tool, specifically the mesh-task and dev-server Terraform modules.

In this scenario, the dev-server module will deploy a DevTest Consul server task onto ECS Fargate. The mesh-task module is then used to deploy application tasks into the service mesh. In addition to the application containers, the mesh-task module adds additional containers to the task, the Consul client container and the sidecar proxy container.

The Consul client container communicates with the Consul server and acts as part of the control plane for the service mesh. The sidecar proxy container runs Envoy and proxies all traffic into and out of the task.

HashiCorp says it aims to further enhance the platform as it moves towards general availability for Consul service mesh for Amazon ECS, and welcomes feedback from developers who try out the tech preview.