The Consul API Gateway add-on module helps users control access to services running within a Consul service mesh. Using the API Gateway, applications and services running in a Consul datacenter can be accessed by network clients residing outside of the datacenter. This type of network traffic is commonly referred to as "north-south" network traffic as it refers to the flow of data into and out of a specific environment. Requests from clients can also be forwarded based on path or request protocol.
Consul API Gateway is an implementation of the Kubernetes Gateway [API Specification](https://gateway-api.sigs.k8s.io/). This specification defines a set of custom resource definitions (CRD) that can create logical gateways and routes based on the path or protocol of a client request. The Consul API gateway solves for two primary use cases:
* **Controlling access at the point entry** - The Consul API Gateway allows users to set the protocols of external connection requests and provide clients with TLS certificates from trusted providers (e.g. VeriSign, Let’sEncrypt).
* **Simplifying traffic management** - The Consul API Gateway can be used to load balance requests across services and route traffic to the appropriate service based on matching one or more criteria such as hostname, path, header presence or value, and HTTP Method type (e.g. Get, Post, Patch).
The following components will be installed: - Gateway controller - CRDs required by the Kubernetes Gateway API specification - `kustomize` manifests for completing the installation
| `-ca-file` | String value that specifies the path to the CA for the Consul server. | Required | none |
| `-ca-secret` | String value that specifies the CA secret for the Consul server. | Required | none |
| `-ca-secret-namespace` | String value that specifies the CA secret namespace for the Consul server. | Required | none |
| `-k8-context` | String value that specifies the Kubernetes context to use when starting the Consul server. | Optional | current context |
| `-k8-namespace` | String value that specifies the Kubernetes namespace to use when starting the Consul server. | Optional | `default` |
| `-log-json` | Boolean value that enables or disables JSON format for the log output. | Required | `false` |
| `-log-level` | String value that specifies the logging level. The following values are supported: <br/>- `trace` (highest level of detail) <br/>- `debug` <br/>- `info` <br/>- `warn` <br/>- `error` | Optional | `info` |
| `-metrics-port` | Integer value that specifies the port number for collecting metrics. | Optional | none |
| `-pprof` | Integer value that specifies the Go pprof port number for collecting metrics. | Optional | none |
| `-sds-server-host` | String value that specifies the host server for the secret discovery service (SDS). | Optional | `consul-api-gateway-controller.default.`<br/>`svc.cluster.`<br/>`local` |
| `-sds-server-host` | Integer value that specifies the port number for the secret discovery service (SDS). | Optional | `9090` |
The following example creates a gateway called `example-gateway` that includes a listener called `https` (see [Listeners](#listeners) for details about the `listener` configuration).
