As shown above there are two main components to the architecture.
- Consul Server task: Runs the Consul server.
- Application tasks: Runs user application containers along with two helper containers:
- Consul Client: The Consul client container runs Consul. The Consul client communicates with the Consul server and configures the Envoy proxy sidecar. This communication is called control plane communication.
- Sidecar Proxy: The sidecar proxy container runs Envoy. All requests to and from the application container(s) run through the sidecar proxy. This communication is called data plane communication.
For more information about how Consul works in general, see Consul's Architecture Overview.
In addition to the long-running Consul Client and Sidecar Proxy containers, there are also two initialization containers that run:
discover-servers: This container runs at startup and uses the AWS API to determine the IP address of the Consul server task.
mesh-init: This container runs at startup and sets up initial configuration for Consul and Envoy.
This diagram shows the timeline of a task starting up and all its containers:
- T0: ECS starts the task. The
discover-serverscontainer starts looking for the Consul server task’s IP. It waits for the Consul server task to be running on ECS, looks up its IP and then writes the address to a file. Then the container exits.
- T1: Both the
consul-clientstarts up and uses the server IP to join the cluster.
mesh-initregisters the service for this task and its sidecar proxy into Consul. It runs
consul connect envoy -bootstrapto generate Envoy’s bootstrap JSON file and write it to a shared volume. After registration and bootstrapping,
- T2: The
sidecar-proxycontainer starts. It runs Envoy by executing
envoy -c <path-to-bootstrap-json>.
- T3: The
sidecar-proxycontainer is marked as healthy by ECS. It uses a health check that detects if its public listener port is open. At this time, the user’s application containers are started since all the Consul machinery is ready to service requests.
- T4: Consul marks the service as healthy by running the health checks specified in the task Terraform. The service will now receive traffic. At this time the only running containers are
sidecar-proxyand the user’s application container(s).