v2 Catalog API
Warning
The v2 catalog API is in a beta release for testing and development purposes. Do not use the v2 catalog or multi-port services in secure production environments.This topic provides conceptual information about version 2 of the Consul Catalog API. The catalog tracks registered services and their locations for both service discovery and service mesh use cases.
Consul supports the v2 catalog on Kubernetes deployments only. For more information about Consul’s default catalog, refer to v1 Catalog API.
Introduction
When Consul registers services, it records user-defined and Consul-assigned information. To determine a service’s identity, v1 of the catalog API records the following information:
- IDs of the specific service instances that are registered
- Locations of the nodes the instances run on
- Names of the services the instances are associated with
This information enables Consul to associate service names with the individual instances and their unique network addresses, and it is essential to Consul’s service discovery and service mesh operations.
The Consul v1 Catalog API was designed prior to the introduction of Consul’s service mesh features. Communication in Consul’s service mesh is secured through Consul's ACL system, which requires that a Kubernetes ServiceAccount resource match the Service name. As a result, only one service can represent a Kubernetes Workload in the v1 catalog.
Since then, the cloud networking needs for applications have evolved and workarounds were developed. For example, Kubernetes Pods with multiple ports demonstrates how you can schedule a service with multiple ports so that Consul registers it in the catalog as distinct services with their own service instances. However, this workaround results in additional resource consumption because Consul requires that each service and port use their own proxy and Consul dataplane so that it can recognize them as distinct services.
The v2 catalog API is available alongside the existing v1 catalog API, but the catalogs cannot be used simultaneously. The v2 catalog is disabled by default. This beta release is for testing and development purposes only. We do not recommend implementing v2 in production environments or migrating to v2 until the API is generally available.
Catalog structure
Consul v1.17 introduces a new version of the catalog API designed to bridge differences between the Consul and Kubernetes data models. The v2 catalog API still tracks services and nodes for Consul, but replaces service instances with workloads and workload identites.
The following table describes resources in the v2 catalog and compares them to the v1 catalog and Kubernetes resources. It also states whether these resources are defined by the user or computed by Consul when it registers a service.
v2 Catalog resource | Description | Catalog v1 resource analogue | Kubernetes resource analogue | Source |
---|---|---|---|---|
Service | The name of the service Consul registers a workload under | Service | None | Defined by user in Kubernetes |
Node | The address of the node where the workload runs. | Node | Node | Computed by Consul |
Workload | An application instance running in a set of one or more Pods scheduled according to a Kubernetes Workload resource such as a Deployment or StatefulSet. | Service instance | Kubernetes Workloads | Defined by user in Kubernetes |
Workload identities | Provides a distinct identity for a Kubernetes Workload to assume in a Kubernetes cluster. | Service instance | Kubernetes Service Accounts | Defin by user in Kubernetes |
Service endpoints | Maps services to workload addresses and endpoints. | None | Service backend | Computed by Consul |
Health status | A resource for reporting the health status of a workload | Agent check | None | Computed by Consul |
Health check | A resource for defining the health checks for a workload. | Health check | Liveness, Readiness, and Startup Probes | Defined by user in Kubernetes |
Proxy configuration | Represents a configuration for a sidecar or gateway proxy. | Proxy field in service definition | None | Defined by user in Consul |
Destinations | Represents explicit service upstreams | None | Upstream Service annotation | Defined by user in Kubernetes |
Traffic permissions | Enables L4 traffic authorization according to workload identity instead of service identity. | Service intentions | None | Defined by user in Consul |
Refer to consul resource
for more information about using the Consul CLI to interact with the v2 catalog.
Changes to Consul’s existing architecture
The change in data models introduced by the v2 Catalog API impacts several aspects of Consul’s operations.
Traffic permissions resource replaces service intentions
The most significant change to Consul’s architecture and operations when using the v2 catalog structure is the introduction of the TrafficPermissions resource. This resource replaces the service intentions configuration entry, and enables authorized service-to-service communication for both L4 and L7 applications.
For more information about this resource, including example configurations, refer to TrafficPermissions configuration reference.
HTTPRoute and GRPCRoute resources for L7 traffic management
You can configure L7 traffic management behavior, such as service splitting, in an HTTPRoute
or a GRPCRoute
resource. In the v1 catalog, this behavior is defined in dedicated configuration entries. For examples, refer to service splitter configuration entry reference.
For more information about these resource, including specifications and example configurations, refer to HTTPRoute resource configuration reference and GRPCRoute resource configuration reference.
New proxy configuration resource
In the v1 catalog, a service’s sidecar proxy and its behavior is defined in the Proxy
field of the service definition. You can also separately define a service mesh proxy and configure proxy defaults.
The v2 catalog introduces the ProxyConfiguration
resource, enabling the automatic configuration of sidecar proxy behavior according to Consul workload identity. Refer to ProxyConfiguration resource configuration reference for more information.