search

hashicorp / consul-helm

Helm chart to install Consul and other associated components.
Mozilla Public License 2.0
419 stars 385 forks source link

Could not resolve host: static-server #1027

Closed lemonit-eric-mao closed 3 years ago

lemonit-eric-mao commented 3 years ago

Using kubectl to connect to the client and request data from the server

K8s environmental information
[root@master01 consul]# kubelet --version
Kubernetes v1.20.4
[root@master01 consul]#
[root@master01 consul]# kubectl version
Client Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.4", GitCommit:"e87da0bd6e03ec3fea7933c4b5263d151aafd07c", GitTreeState:"clean", BuildDate:"2021-02-18T16:12:00Z", GoVersion:"go1.15.8", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.4", GitCommit:"e87da0bd6e03ec3fea7933c4b5263d151aafd07c", GitTreeState:"clean", BuildDate:"2021-02-18T16:03:00Z", GoVersion:"go1.15.8", Compiler:"gc", Platform:"linux/amd64"}
[root@master01 consul]#
[root@master01 consul]#
[root@master01 consul]# kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.4", GitCommit:"e87da0bd6e03ec3fea7933c4b5263d151aafd07c", GitTreeState:"clean", BuildDate:"2021-02-18T16:09:38Z", GoVersion:"go1.15.8", Compiler:"gc", Platform:"linux/amd64"}
[root@master01 consul]#
[root@master01 consul]#

[root@master01 consul]# kubectl config get-contexts
CURRENT   NAME         CLUSTER      AUTHINFO     NAMESPACE
*         cluster-01   cluster-01   cluster-01
          cluster-02   cluster-02   cluster-02
[root@master01 consul]#

Reference deployment document

Primary Cluster DC1 information
[root@master01 consul]# kubectl get all -n dhc-consul
NAME                                                              READY   STATUS    RESTARTS   AGE
pod/consul-7kwgh                                                  1/1     Running   0          104m
pod/consul-bn7p9                                                  1/1     Running   0          104m
pod/consul-connect-injector-webhook-deployment-57b9b48698-7v4vc   1/1     Running   0          104m
pod/consul-connect-injector-webhook-deployment-57b9b48698-gbvbc   1/1     Running   0          104m
pod/consul-controller-5f86649488-7cbww                            1/1     Running   0          104m
pod/consul-mesh-gateway-bb9f58f84-cvnfp                           2/2     Running   0          104m
pod/consul-rp94t                                                  1/1     Running   0          104m
pod/consul-server-0                                               1/1     Running   0          104m
pod/consul-server-1                                               1/1     Running   0          104m
pod/consul-server-2                                               1/1     Running   0          104m
pod/consul-webhook-cert-manager-69f4f5f6fd-9ptqc                  1/1     Running   0          104m

NAME                                  TYPE           CLUSTER-IP      EXTERNAL-IP       PORT(S)                                                                   AGE
service/consul-connect-injector-svc   ClusterIP      10.96.236.52    <none>            443/TCP                                                                   104m
service/consul-controller-webhook     ClusterIP      10.96.223.151   <none>            443/TCP                                                                   104m
service/consul-dns                    ClusterIP      10.96.175.132   <none>            53/TCP,53/UDP                                                             104m
service/consul-mesh-gateway           LoadBalancer   10.96.153.217   192.168.103.253   443:32538/TCP                                                             104m
service/consul-server                 ClusterIP      None            <none>            8501/TCP,8301/TCP,8301/UDP,8302/TCP,8302/UDP,8300/TCP,8600/TCP,8600/UDP   104m
service/consul-ui                     NodePort       10.96.220.118   <none>            443:30443/TCP                                                             104m

NAME                    DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
daemonset.apps/consul   3         3         3       3            3           <none>          104m

NAME                                                         READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/consul-connect-injector-webhook-deployment   2/2     2            2           104m
deployment.apps/consul-controller                            1/1     1            1           104m
deployment.apps/consul-mesh-gateway                          1/1     1            1           104m
deployment.apps/consul-webhook-cert-manager                  1/1     1            1           104m

NAME                                                                    DESIRED   CURRENT   READY   AGE
replicaset.apps/consul-connect-injector-webhook-deployment-57b9b48698   2         2         2       104m
replicaset.apps/consul-controller-5f86649488                            1         1         1       104m
replicaset.apps/consul-mesh-gateway-bb9f58f84                           1         1         1       104m
replicaset.apps/consul-webhook-cert-manager-69f4f5f6fd                  1         1         1       104m

NAME                             READY   AGE
statefulset.apps/consul-server   3/3     104m
[root@master01 consul]#

## ServiceIntentions
[root@master01 consul]# kubectl get ServiceIntentions
NAME                             SYNCED   LAST SYNCED   AGE
static-client-to-static-server   True     26m           26m
[root@master01 consul]#

## ProxyDefaults
[root@master01 consul]# kubectl get ProxyDefaults -A
NAMESPACE    NAME     SYNCED   LAST SYNCED   AGE
dhc-consul   global   True     106m          106m
[root@master01 consul]#
static-client
[root@master01 consul]# kubectl get po
NAME                            READY   STATUS    RESTARTS   AGE
static-client-9968fddc8-zfdz9   2/2     Running   0          24m
[root@master01 consul]#
Primary Cluster Consul CLI
[root@master01 consul]# kubectl -n dhc-consul exec statefulset/consul-server -- consul catalog services -datacenter dc1
consul
mesh-gateway
static-client
static-client-sidecar-proxy
[root@master01 consul]#
[root@master01 consul]#
[root@master01 consul]# kubectl -n dhc-consul exec statefulset/consul-server -- consul catalog services -datacenter dc2
consul
mesh-gateway
static-server
static-server-sidecar-proxy
[root@master01 consul]#
Secondary Cluster DC2 information
[root@master01 consul]# kubectl config use-context cluster-02
Switched to context "cluster-02".
[root@master01 consul]#

[root@master01 consul]# kubectl get all -n dhc-consul
NAME                                                             READY   STATUS    RESTARTS   AGE
pod/consul-connect-injector-webhook-deployment-fb4dc9db6-lft6d   1/1     Running   0          41m
pod/consul-connect-injector-webhook-deployment-fb4dc9db6-zvhcz   1/1     Running   0          41m
pod/consul-controller-66847c9c9f-8tnsn                           1/1     Running   0          41m
pod/consul-hf6h7                                                 1/1     Running   0          41m
pod/consul-mesh-gateway-6f859d9d5b-ndllc                         2/2     Running   0          41m
pod/consul-mqchq                                                 1/1     Running   0          41m
pod/consul-rr5cn                                                 1/1     Running   0          41m
pod/consul-server-0                                              1/1     Running   0          41m
pod/consul-server-1                                              1/1     Running   0          41m
pod/consul-server-2                                              1/1     Running   0          41m
pod/consul-webhook-cert-manager-69f4f5f6fd-mnjvk                 1/1     Running   0          41m

NAME                                  TYPE           CLUSTER-IP      EXTERNAL-IP       PORT(S)                                                                   AGE
service/consul-connect-injector-svc   ClusterIP      10.96.166.174   <none>            443/TCP                                                                   41m
service/consul-controller-webhook     ClusterIP      10.96.121.129   <none>            443/TCP                                                                   41m
service/consul-dns                    ClusterIP      10.96.115.60    <none>            53/TCP,53/UDP                                                             41m
service/consul-mesh-gateway           LoadBalancer   10.96.183.214   192.168.103.254   443:31219/TCP                                                             41m
service/consul-server                 ClusterIP      None            <none>            8501/TCP,8301/TCP,8301/UDP,8302/TCP,8302/UDP,8300/TCP,8600/TCP,8600/UDP   41m
service/consul-ui                     ClusterIP      10.96.12.94     <none>            443/TCP                                                                   41m

NAME                    DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
daemonset.apps/consul   3         3         3       3            3           <none>          41m

NAME                                                         READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/consul-connect-injector-webhook-deployment   2/2     2            2           41m
deployment.apps/consul-controller                            1/1     1            1           41m
deployment.apps/consul-mesh-gateway                          1/1     1            1           41m
deployment.apps/consul-webhook-cert-manager                  1/1     1            1           41m

NAME                                                                   DESIRED   CURRENT   READY   AGE
replicaset.apps/consul-connect-injector-webhook-deployment-fb4dc9db6   2         2         2       41m
replicaset.apps/consul-controller-66847c9c9f                           1         1         1       41m
replicaset.apps/consul-mesh-gateway-6f859d9d5b                         1         1         1       41m
replicaset.apps/consul-webhook-cert-manager-69f4f5f6fd                 1         1         1       41m

NAME                             READY   AGE
statefulset.apps/consul-server   3/3     41m
[root@master01 consul]#

## ServiceIntentions
[root@master01 consul]# kubectl get ServiceIntentions
No resources found in default namespace.
[root@master01 consul]#

## ProxyDefaults
[root@master01 consul]# kubectl get ProxyDefaults -A
No resources found
[root@master01 consul]#
static-server
[root@master01 consul]# kubectl get po
NAME                             READY   STATUS    RESTARTS   AGE
static-server-76557c7487-wqfnn   2/2     Running   0          29m
[root@master01 consul]#
Secondary Cluster Consul CLI
[root@master01 consul]# kubectl -n dhc-consul exec statefulset/consul-server -- consul catalog services -datacenter dc1
consul
mesh-gateway
static-client
static-client-sidecar-proxy
[root@master01 consul]#
[root@master01 consul]#
[root@master01 consul]#
[root@master01 consul]#
[root@master01 consul]# kubectl -n dhc-consul exec statefulset/consul-server -- consul catalog services -datacenter dc2
consul
mesh-gateway
static-server
static-server-sidecar-proxy
[root@master01 consul]#
Test
[root@master01 consul]# kubectl config use-context cluster-01
Switched to context "cluster-01".
[root@master01 consul]#
[root@master01 consul]#
[root@master01 consul]#
[root@master01 consul]#
[root@master01 consul]# kubectl exec deploy/static-client -c static-client -- curl -sS http://static-server
curl: (6) Could not resolve host: static-server
command terminated with exit code 6
[root@master01 consul]#
[root@master01 consul]#
[root@master01 consul]#
[root@master01 consul]# kubectl exec deploy/static-client -c static-client -- curl -sS http://static-server:1234
curl: (6) Could not resolve host: static-server
command terminated with exit code 6
[root@master01 consul]#

Dear engineers, Hello, I did not have a successful visit according to the official documents. I hope I can get official help and guidance.

Chinese translation of documents

image

image

image

ZEROYXY commented 3 years ago

I got the same issue as above, too. [root@consul-dc1-master consul_test]# kubectl exec deploy/static-client -c static-client -- curl -sS http://static-server curl: (6) Could not resolve host: static-server command terminated with exit code 6

And I have set the consul in the k8s cluster as the official documents said as below:

  1. The Primary Cluster DC1: [root@consul-dc1-master consul_test]# kubectl get all NAME READY STATUS RESTARTS AGE pod/consul-bshpb 1/1 Running 0 25h pod/consul-connect-injector-webhook-deployment-54f5796745-t82ss 1/1 Running 6 38d pod/consul-controller-565f495b94-7sg9t 1/1 Running 3 38d pod/consul-hwkbq 1/1 Running 0 25h pod/consul-mesh-gateway-5fb7dd646f-7vjl5 2/2 Running 2 38d pod/consul-mesh-gateway-5fb7dd646f-rmwbl 2/2 Running 2 38d pod/consul-pgh6l 1/1 Running 0 25h pod/consul-server-0 1/1 Running 0 25h pod/consul-server-1 1/1 Running 0 25h pod/consul-server-2 1/1 Running 0 25h pod/consul-webhook-cert-manager-5745cbb9d-khl4j 1/1 Running 1 38d pod/static-client-7546c78c97-8z4sm 3/3 Running 0 51m

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/consul-connect-injector-svc ClusterIP 10.108.255.227 443/TCP 38d service/consul-controller-webhook ClusterIP 10.100.180.225 443/TCP 38d service/consul-dns ClusterIP 10.111.183.245 53/TCP,53/UDP 38d service/consul-mesh-gateway LoadBalancer 10.96.247.143 192.168.20.38 443:32301/TCP 38d service/consul-server ClusterIP None 8501/TCP,8301/TCP,8301/UDP,8302/TCP,8302/UDP,8300/TCP,8600/TCP,8600/UDP 38d service/consul-ui NodePort 10.100.128.232 443:30443/TCP 38d service/kubernetes ClusterIP 10.96.0.1 443/TCP 72d service/static-client ClusterIP 10.107.73.30 4321/TCP 76m

NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE daemonset.apps/consul 3 3 3 3 3 38d

NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/consul-connect-injector-webhook-deployment 1/1 1 1 38d deployment.apps/consul-controller 1/1 1 1 38d deployment.apps/consul-mesh-gateway 2/2 2 2 38d deployment.apps/consul-webhook-cert-manager 1/1 1 1 38d deployment.apps/static-client 1/1 1 1 76m

NAME DESIRED CURRENT READY AGE replicaset.apps/consul-connect-injector-webhook-deployment-54f5796745 1 1 1 38d replicaset.apps/consul-controller-565f495b94 1 1 1 38d replicaset.apps/consul-mesh-gateway-5fb7dd646f 2 2 2 38d replicaset.apps/consul-webhook-cert-manager-5745cbb9d 1 1 1 38d replicaset.apps/static-client-7546c78c97 1 1 1 51m

NAME READY AGE statefulset.apps/consul-server 3/3 38d

[root@consul-dc1-master consul_test]# kubectl exec statefulset/consul-server -- consul members -wan Node Address Status Type Build Protocol DC Segment consul-server-0.dc1 172.0.0.212:8302 alive server 1.9.4 2 dc1 consul-server-0.dc2 173.0.0.181:8302 alive server 1.9.4 2 dc2 consul-server-0.dc3 10.100.186.239:8302 alive server 1.9.4 2 dc3 consul-server-1.dc1 172.0.0.87:8302 alive server 1.9.4 2 dc1 consul-server-1.dc2 173.0.0.65:8302 alive server 1.9.4 2 dc2 consul-server-1.dc3 10.100.248.251:8302 alive server 1.9.4 2 dc3 consul-server-2.dc1 172.0.0.171:8302 alive server 1.9.4 2 dc1 consul-server-2.dc2 173.0.0.251:8302 alive server 1.9.4 2 dc2 consul-server-2.dc3 10.100.140.75:8302 alive server 1.9.4 2 dc3

[root@consul-dc1-master consul_test]# kubectl exec statefulset/consul-server -- consul catalog services -datacenter dc1 consul mesh-gateway static-client static-client-sidecar-proxy [root@consul-dc1-master consul_test]# kubectl exec statefulset/consul-server -- consul catalog services -datacenter dc2 consul mesh-gateway static-server static-server-sidecar-proxy [root@consul-dc1-master consul_test]# kubectl exec statefulset/consul-server -- consul catalog services -datacenter dc3 consul demo-four mesh-gateway

[root@consul-dc1-master consul_test]# kubectl get ServiceIntentions NAME SYNCED LAST SYNCED AGE static-client-to-static-server True 70m 70m

[root@consul-dc1-master consul_test]# kubectl get proxydefaults NAME SYNCED LAST SYNCED AGE global True 3d18h 38d

The Secondary Cluster DC2: [root@consul-dc2-master consul_test]# kubectl get all NAME READY STATUS RESTARTS AGE pod/consul-connect-injector-webhook-deployment-b8bbbcfcc-prbtr 1/1 Running 3 20h pod/consul-controller-d5cd45947-v5h86 1/1 Running 0 20h pod/consul-d6f5q 1/1 Running 0 20h pod/consul-jns6b 1/1 Running 0 20h pod/consul-mesh-gateway-78df87f45c-6r5gf 2/2 Running 0 91m pod/consul-server-0 1/1 Running 0 20h pod/consul-server-1 1/1 Running 0 20h pod/consul-server-2 1/1 Running 0 20h pod/consul-wdbz2 1/1 Running 0 20h pod/consul-webhook-cert-manager-5745cbb9d-t5qwc 1/1 Running 0 20h pod/static-server-b4c7ff6fc-6zcq4 3/3 Running 0 22m

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/consul-connect-injector-svc ClusterIP 10.101.32.14 443/TCP 20h service/consul-controller-webhook ClusterIP 10.105.55.241 443/TCP 20h service/consul-dns ClusterIP 10.103.179.41 53/TCP,53/UDP 20h service/consul-mesh-gateway LoadBalancer 10.98.73.221 192.168.20.40 443:31791/TCP 20h service/consul-server ClusterIP None 8501/TCP,8301/TCP,8301/UDP,8302/TCP,8302/UDP,8300/TCP,8600/TCP,8600/UDP 20h service/consul-ui ClusterIP 10.97.114.175 443/TCP 20h service/kubernetes ClusterIP 10.96.0.1 443/TCP 72d service/static-server ClusterIP 10.106.232.50 1234/TCP 75m

NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE daemonset.apps/consul 3 3 3 3 3 20h

NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/consul-connect-injector-webhook-deployment 1/1 1 1 20h deployment.apps/consul-controller 1/1 1 1 20h deployment.apps/consul-mesh-gateway 1/1 1 1 20h deployment.apps/consul-webhook-cert-manager 1/1 1 1 20h deployment.apps/static-server 1/1 1 1 75m

NAME DESIRED CURRENT READY AGE replicaset.apps/consul-connect-injector-webhook-deployment-b8bbbcfcc 1 1 1 20h replicaset.apps/consul-controller-d5cd45947 1 1 1 20h replicaset.apps/consul-mesh-gateway-78df87f45c 1 1 1 20h replicaset.apps/consul-webhook-cert-manager-5745cbb9d 1 1 1 20h replicaset.apps/static-server-b4c7ff6fc 1 1 1 22m

NAME READY AGE statefulset.apps/consul-server 3/3 20h

[root@consul-dc2-master consul_test]# kubectl exec statefulset/consul-server -- consul members -wan Node Address Status Type Build Protocol DC Segment consul-server-0.dc1 172.0.0.212:8302 alive server 1.9.4 2 dc1 consul-server-0.dc2 173.0.0.181:8302 alive server 1.9.4 2 dc2 consul-server-0.dc3 10.100.186.239:8302 alive server 1.9.4 2 dc3 consul-server-1.dc1 172.0.0.87:8302 alive server 1.9.4 2 dc1 consul-server-1.dc2 173.0.0.65:8302 alive server 1.9.4 2 dc2 consul-server-1.dc3 10.100.248.251:8302 alive server 1.9.4 2 dc3 consul-server-2.dc1 172.0.0.171:8302 alive server 1.9.4 2 dc1 consul-server-2.dc2 173.0.0.251:8302 alive server 1.9.4 2 dc2 consul-server-2.dc3 10.100.140.75:8302 alive server 1.9.4 2 dc3

[root@consul-dc2-master consul_test]# kubectl exec statefulset/consul-server -- consul catalog services -datacenter dc1 consul mesh-gateway static-client static-client-sidecar-proxy [root@consul-dc2-master consul_test]# kubectl exec statefulset/consul-server -- consul catalog services -datacenter dc2 consul mesh-gateway static-server static-server-sidecar-proxy [root@consul-dc2-master consul_test]# kubectl exec statefulset/consul-server -- consul catalog services -datacenter dc3 consul demo-four mesh-gateway

[root@consul-dc1-master consul_test]# kubectl get ServiceIntentions NAME SYNCED LAST SYNCED AGE static-client-to-static-server True 172m 172m

ZEROYXY commented 3 years ago

image

I also set the upstream from the static-client to the static-server, it still not work.

david-yu commented 3 years ago

@lemonit-eric-mao Could you post your YAML for static-client and static-server? Also could you point us to where you got the examples? I assume we would need to update Learn guides or docs to reflect changes we made in Consul 1.10 so that you no longer need to point your apps to localhost to hit the Envoy proxy directly. See https://www.consul.io/docs/connect/transparent-proxy#enabling-transparent-proxy for a better example for static-server and static-client on Consul 1.10.

@ZEROYXY it looks like you are not on Consul 1.10 is that correct?

lemonit-eric-mao commented 3 years ago

@david-yu Hello, I refer to the following official website for deployment https://learn.hashicorp.com/tutorials/consul/kubernetes-mesh-gateways?in=consul/kubernetes https://www.consul.io/docs/k8s/installation/multi-cluster/kubernetes https://learn.hashicorp.com/tutorials/consul/kubernetes-mesh-gateways https://learn.hashicorp.com/tutorials/consul/kubernetes-mesh-gateways#deploy-microservices https://github.com/hashicorp/consul/blob/v1.10.0/website/content/docs/k8s/installation/multi-cluster/kubernetes.mdx#primary-datacenter

I installed consumer 1.10 directly, not upgraded from the old version. Do I need this document? https://www.consul.io/docs/connect/transparent-proxy#enabling-transparent-proxy image https://github.com/hashicorp/consul/blob/v1.10.0/website/content/docs/k8s/helm.mdx

lemonit-eric-mao commented 3 years ago
dc1-values.yaml
global:
  name: consul
  datacenter: dc1

  # TLS configures whether Consul components use TLS.
  tls:
    # TLS must be enabled for federation in Kubernetes.
    enabled: true

  federation:
    enabled: true
    # This will cause a Kubernetes secret to be created that
    # can be imported by secondary datacenters to configure them
    # for federation.
    createFederationSecret: true

  acls:
    manageSystemACLs: true
    # If ACLs are enabled, we must create a token for secondary
    # datacenters to replicate ACLs.
    createReplicationToken: true

  # Gossip encryption secures the protocol Consul uses to quickly
  # discover new nodes and detect failure.
  gossipEncryption:
    secretName: consul-gossip-encryption-key
    secretKey: key

connectInject:
  enabled: true
  transparentProxy:
    defaultEnabled: true

controller:
  enabled: true

meshGateway:
  # Mesh gateways are gateways between datacenters. They must be enabled
  # for federation in Kubernetes since the communication between datacenters
  # goes through the mesh gateways.
  enabled: true

helm install -f dc1-values.yaml consul hashicorp/consul -n dhc-consul --version "0.32.0" --wait
proxy-defaults.yaml Deploy in DC1
apiVersion: consul.hashicorp.com/v1alpha1
kind: ProxyDefaults
metadata:
  name: global
spec:
  meshGateway:
    mode: 'local'
dc2-values.yaml
global:
  name: consul
  datacenter: dc2
  tls:
    enabled: true

    # Here we're using the shared certificate authority from the primary
    # datacenter that was exported via the federation secret.
    caCert:
      secretName: consul-federation
      secretKey: caCert
    caKey:
      secretName: consul-federation
      secretKey: caKey

  acls:
    manageSystemACLs: true

    # Here we're importing the replication token that was
    # exported from the primary via the federation secret.
    replicationToken:
      secretName: consul-federation
      secretKey: replicationToken

  federation:
    enabled: true
  gossipEncryption:
    secretName: consul-federation
    secretKey: gossipEncryptionKey
connectInject:
  enabled: true
  transparentProxy:
    defaultEnabled: true

controller:
  enabled: true
meshGateway:
  enabled: true
server:
  # Here we're including the server config exported from the primary
  # via the federation secret. This config includes the addresses of
  # the primary datacenter's mesh gateways so Consul can begin federation.
  extraVolumes:
    - type: secret
      name: consul-federation
      items:
        - key: serverConfigJSON
          path: config.json
      load: true

helm install -f dc2-values.yaml consul hashicorp/consul -n dhc-consul --version "0.32.0" --wait
static-client.yaml Deploy in DC1
apiVersion: v1
kind: ServiceAccount
metadata:
  name: static-client
---
apiVersion: v1
kind: Service
metadata:
  name: static-client
spec:
  selector:
    app: static-client
  ports:
    - port: 4321
      targetPort: 4321
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: static-client
  name: static-client
spec:
  replicas: 1
  selector:
    matchLabels:
      app: static-client
  template:
    metadata:
      annotations:
        consul.hashicorp.com/connect-inject: 'true'
      labels:
        app: static-client
    spec:
      containers:
        - name: static-client
          image: curlimages/curl:7.77.0
          ports:
            - containerPort: 4321
          command: ['/bin/sh', '-c', '--']
          args: ['while true; do sleep 30; done;']
      serviceAccountName: static-client
static-server.yaml Deploy in DC2
apiVersion: v1
kind: Service
metadata:
  name: static-server
spec:
  selector:
    app: static-server
  ports:
    - protocol: TCP
      port: 80
      targetPort: 8080
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: static-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: static-server
spec:
  replicas: 1
  selector:
    matchLabels:
      app: static-server
  template:
    metadata:
      name: static-server
      labels:
        app: static-server
      annotations:
        'consul.hashicorp.com/connect-inject': 'true'
        'consul.hashicorp.com/transparent-proxy': 'true'
    spec:
      containers:
        - name: static-server
          image: hashicorp/http-echo:latest
          args:
            - -text="hello world"
            - -listen=:8080
          ports:
            - containerPort: 8080
              name: http
      serviceAccountName: static-server
consul-federation-secret.yaml
apiVersion: v1
data:
  caCert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURRakNDQXVpZ0F3SUJBZ0lVVDhiejdYcXUxWWZtUmVXbTlZM1p2aTBSZ1pVd0NnWUlLb1pJemowRUF3SXcKZ1pFeEN6QUpCZ05WQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFV01CUUdBMVVFQnhNTlUyRnVJRVp5WVc1agphWE5qYnpFYU1CZ0dBMVVFQ1JNUk1UQXhJRk5sWTI5dVpDQlRkSEpsWlhReERqQU1CZ05WQkJFVEJUazBNVEExCk1SY3dGUVlEVlFRS0V3NUlZWE5vYVVOdmNuQWdTVzVqTGpFWU1CWUdBMVVFQXhNUFEyOXVjM1ZzSUVGblpXNTAKSUVOQk1CNFhEVEl4TURjd09EQTJNVGMxTmxvWERUTXhNRGN3TmpBMk1UZzFObG93Z1pFeEN6QUpCZ05WQkFZVApBbFZUTVFzd0NRWURWUVFJRXdKRFFURVdNQlFHQTFVRUJ4TU5VMkZ1SUVaeVlXNWphWE5qYnpFYU1CZ0dBMVVFCkNSTVJNVEF4SUZObFkyOXVaQ0JUZEhKbFpYUXhEakFNQmdOVkJCRVRCVGswTVRBMU1SY3dGUVlEVlFRS0V3NUkKWVhOb2FVTnZjbkFnU1c1akxqRVlNQllHQTFVRUF4TVBRMjl1YzNWc0lFRm5aVzUwSUVOQk1Ga3dFd1lIS29aSQp6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVFZGZEektOa2ZDSXZtV0tQU0NiOWI0dGo5VVNNWjdLSkVLbkRuaTlTCmIzUTBxU1VWOGJpMGJWWmxPS0Yrbk9PNHUzSlBFRmtJdVhnbmdSOFNscGVid2FPQ0FSb3dnZ0VXTUE0R0ExVWQKRHdFQi93UUVBd0lCaGpBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdEd1lEVlIwVApBUUgvQkFVd0F3RUIvekJvQmdOVkhRNEVZUVJmWldNNlpqVTZZbUU2TVdVNlptUTZPVFE2WVRrNk9EUTZORFk2Ck0ySTZNVFU2TmprNk9EazZOelE2TVdVNllUUTZNalk2WmpjNlpHVTZaVFE2WlRZNk1qRTZNMk02TTJJNk9EazYKT1RRNlpqQTZOMkU2WldJNk1qZzZPV1k2TVdFd2FnWURWUjBqQkdNd1lZQmZaV002WmpVNlltRTZNV1U2Wm1RNgpPVFE2WVRrNk9EUTZORFk2TTJJNk1UVTZOams2T0RrNk56UTZNV1U2WVRRNk1qWTZaamM2WkdVNlpUUTZaVFk2Ck1qRTZNMk02TTJJNk9EazZPVFE2WmpBNk4yRTZaV0k2TWpnNk9XWTZNV0V3Q2dZSUtvWkl6ajBFQXdJRFNBQXcKUlFJZ1AvQkxEMXk2K1NVUVhJVm9jOXMvVU91R0FodGZKeHJSQ3F0ZFgycGNiZFFDSVFEWFVtWjg3eEd6azlZawo5cEZDbVd2TmtFeTRyeWNFRUlqbC9PbmVFWUZKY3c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
  caKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSU0xZk5OZFN0NUlJdGk3eTY4bGRvc2xvSkJsME92cFZFVnNqeGEreThDcEVvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFRWRmRHpLTmtmQ0l2bVdLUFNDYjliNHRqOVVTTVo3S0pFS25Ebmk5U2IzUTBxU1VWOGJpMApiVlpsT0tGK25PTzR1M0pQRUZrSXVYZ25nUjhTbHBlYndRPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
  gossipEncryptionKey: MndNTFJzMS8yT1RZdzdTeGxNODFXUEljVlI2ay9KM2VVcDFCVG1nY3RGcz0=
  replicationToken: YmQ2NDA4MmEtZjlhMy0yZDg0LTZlOWMtNTUxMDZhOWUzY2Ni
  serverConfigJSON: eyJwcmltYXJ5X2RhdGFjZW50ZXIiOiJkYzEiLCJwcmltYXJ5X2dhdGV3YXlzIjpbIjE5Mi4xNjguMTAzLjI1Mzo0NDMiXX0=
kind: Secret
metadata:
  creationTimestamp: "2021-07-08T06:20:44Z"
  managedFields:
  - apiVersion: v1
    fieldsType: FieldsV1
    fieldsV1:
      f:data:
        .: {}
        f:caCert: {}
        f:caKey: {}
        f:gossipEncryptionKey: {}
        f:replicationToken: {}
        f:serverConfigJSON: {}
      f:type: {}
    manager: consul-k8s
    operation: Update
    time: "2021-07-08T06:20:44Z"
  name: consul-federation
  namespace: dhc-consul
  resourceVersion: "5166737"
  uid: 6c58196f-b795-4a75-86d9-2843a120f1f7
type: Opaque
In the same cluster

image

Across multiple clusters

image

ZEROYXY commented 3 years ago

@david-yu Hi David

Firstly thank you so much for your kindly and quickly response on this. And it is currect that the version of Consul I used is 1.9.4.

The example which I used is as below:

  1. I followed the guide as below to build the Consul Mesh-Gateway Federation. https://www.consul.io/docs/k8s/installation/multi-cluster/kubernetes

  2. Then I followed the guide as below to deploy two services in two K8s clusters and tried to test if the services in different K8s clusters and DCs can communicate with each other. And the issue as above I am facing happened here. https://learn.hashicorp.com/tutorials/consul/kubernetes-mesh-gateways?in=consul/kubernetes

  3. I tried to sync the services between consul and K8s as below guide said but found the issue as above is still there even the sync has been successful. https://www.consul.io/docs/k8s/service-sync

david-yu commented 3 years ago

Transferring to Consul Helm.

lemonit-eric-mao commented 3 years ago

@david-yu I have tried this article, but still did not solve my problem. I wonder if you can provide the yaml files of the main data center and the yaml files of the auxiliary data center separately.

lemonit-eric-mao commented 3 years ago

https://github.com/hashicorp/consul-k8s/issues/564