I also found the docs for consul connect
to be confusing. They don't
clearly differentiate the difference between the client and server
proxy.
Some declarations that are worth stating explicitly:
consul acl
needs to be setup first, see consul acl for more info- acl and intention are used somewhat interchangeably here
- client side
consul connect
proxies can only talk to otherconsul connect
proxies - client side
consul connect
proxies can not talk directly to a service - the docs explaining
-service
vs-listen
vs-upstream
are terrible - I'll use the term proxy to mean
consul connect
process - the term service refers to the actual service (eg. redis)
- the term server proxy refers to the proxy that connects to a real service
- the term client proxy refers to the proxy that clients connect to
Having said all that, service mesh sounds like they're worth having.
Mitchell Hashimoto at least partly agrees with me.
