{"id":15873567,"url":"https://github.com/blake/vagrant-consul-tproxy","last_synced_at":"2026-03-18T17:07:07.210Z","repository":{"id":74601483,"uuid":"380391503","full_name":"blake/vagrant-consul-tproxy","owner":"blake","description":"A sample Vagrant and cloud-init configuration for using transparent proxy on VMs with Consul service mesh","archived":false,"fork":false,"pushed_at":"2022-03-25T23:30:55.000Z","size":1770,"stargazers_count":0,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-01T22:34:57.846Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/blake.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-06-26T01:49:32.000Z","updated_at":"2021-06-30T00:02:25.000Z","dependencies_parsed_at":null,"dependency_job_id":"5fa21891-bb7e-4c97-98ec-6e5f69a85dda","html_url":"https://github.com/blake/vagrant-consul-tproxy","commit_stats":{"total_commits":4,"total_committers":1,"mean_commits":4.0,"dds":0.0,"last_synced_commit":"7fc4664a6757d45d922053ad573b7c5de70b1ca7"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/blake/vagrant-consul-tproxy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blake%2Fvagrant-consul-tproxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blake%2Fvagrant-consul-tproxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blake%2Fvagrant-consul-tproxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blake%2Fvagrant-consul-tproxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/blake","download_url":"https://codeload.github.com/blake/vagrant-consul-tproxy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blake%2Fvagrant-consul-tproxy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":281584983,"owners_count":26526171,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-29T02:00:06.901Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-06T01:04:17.784Z","updated_at":"2025-10-29T07:43:09.346Z","avatar_url":"https://github.com/blake.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Consul service mesh transparent proxy on virtual machines\n\nThis repo contains example Vagrant environments for deploying Consul service\nmesh across multiple virtual machines with\n[transparent proxy]\nenabled for service-to-service communication.\n\n[transparent proxy]: https://www.consul.io/docs/connect/transparent-proxy\n\n## Test environments\n\nEach environment deploys a set of three servers. One of the servers acts as a\nConsul server. The other two servers run Consul client agents, as well as [Envoy]\nsidecar proxies for the deployed applications.\n\n[Envoy]: https://www.envoyproxy.io/\n\n```text\n            _________________\n            | Consul server |\n            -----------------\n               /          \\\n              /            \\\n             /              \\\n|----------------|      |----------------|\n| client agent   |      | client agent   |\n| _____  _______ |      | _______  _____ |\n| |app|-\u003e|proxy|-|------|\u003e|proxy|-\u003e|app| |\n| -----  ------- |      | -------  ----- |\n|----------------|      |----------------|\n```\n\nThe various environments are meant to highlight the different methods which can\nbe used by operators to deploy Consul service mesh alongside their application\nservices. Some operators may prefer to install and configure all service at\ndeployment time, while others may prefer to utilize a base image containing a\nstandard set of components, and customize it slightly at deployment time for\nthe contained application.\n\n* [examples/vagrant/cloud-init-injection](examples/vagrant/cloud-init-injection) -\n  Installs and configures Consul, Envoy, and the applications using cloud-init.\n* [examples/vagrant/prebuilt-image](examples/vagrant/prebuilt-image) - Uses a\n  prebuilt image which contains Consul and Envoy. The applications are installed\n  using shell scripts provided via cloud-init.\n\n## Sidecar initialization architecture\n\nAfter Consul and Envoy are installed into the environment, additional steps are\nneeded to optionally bring the deployed application into the service mesh.\nBroadly this translates into the following:\n\n1. Register the service with Consul.\n2. Install the iptables rules which handle traffic redirection for the\n   application.\n3. Start the service's Envoy sidecar proxy.\n\nThe test environments contain the following scripts and systemd services which\nwork together to provide a simple way to add an application to the service mesh through an opinionated bootstrapping/configuration process that closely resembles\nthe [sidecar injection] model supported by Consul on Kubernetes.\n\n[sidecar injection]: https://www.consul.io/docs/k8s/connect#installation-and-configuration\n\n```text\n/etc/systemd/system\n├── consul-sidecar-init.service\n├── envoy@.service\n/srv/consul\n├── generate-sidecar-configs.py\n/usr/local/bin\n├── consul-cleanup-iptables\n├── consul-redirect-traffic\n```\n\nThe general provisioning flow is as follows:\n\n1. When the server starts, `consul-sidecar-init.service` runs and checks for the\n   existence of `/srv/consul/service-config.json`. This file can be pre-baked into\n   the image, or installed at deploy time using cloud-init, Ansible, etc. The file\n   contains information about the deployed service such as its name, listening\n   port, etc. If this file exists, the service executes `generate-sidecar-configs.py`.\n1. `generate-sidecar-configs` reads the service configuration file and uses the\n   information to generate a Consul service registration file for the application\n   which contains the necessary [sidecar service registration] stanza to add the\n   service to the mesh.\n     1. The generated file is saved at `/etc/consul.d/service-registration.json`.\n     1. The script calls systemd to enable and start an Envoy proxy for the\n        application process (i.e., `systemctl start envoy@app`).\n1. When the systemd unit is started, it executes two commands;\n   `consul-redirect-traffic` to install the iptables redirection rules – if the\n   proxy is configured to operate in `transparent` mode – and `consul connect envoy`\n   to start the Envoy process. When the unit is stopped, the Envoy process is\n   terminated and the unit executes `consul-cleanup-iptables` to remove the\n   iptables redirection rules.\n\n[sidecar service registration]: https://www.consul.io/docs/connect/registration/sidecar-service\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblake%2Fvagrant-consul-tproxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fblake%2Fvagrant-consul-tproxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblake%2Fvagrant-consul-tproxy/lists"}