Best practice to deploy consul client on kubernetes

Consul
,
1

Hi,

I’m new to consul and in my understanding consul client is a lightweight and stateless agent for services to register themselves and query target services. From consul-helm I found consul-client is deployed by a DaemonSet so every node will has a consul-client agent running, and all services on the same node will use this agent to interact with consul cluster.

My questions are as follows:

  1. Why DaemonSet is selected, rather than a normal Deployment with a related Service?
  2. Will each consul-client be a SPoF(Single Point of Failure) on the node? because if it fails, all services on the same node will not be able to do register/query with consul
  3. Is it a good idea to deploy consul-client as a sidecar process in the same pod for each service? If it’s not, what’s the reason?

Thanks for any help.

2

Hi @shizhz,

Welcome to the HashiCorp Forums!

Please note that with Consul 1.14 and Consul-Helm (consul-k8s) >1.0, Consul on K8S replaces Consul Client agents with a lightweight process named consul-dataplane and you can read more about it here: Consul 1.14 GA: Announcing Simplified Service Mesh Deployments.

Please find the answers to your questions below based on my understanding. You might get more detailed answers from experts here :slight_smile:

  1. The reason why daemonsets are used is that all the nodes in the K8S cluster have an instance of the Consul Client agent. This will help the services run on any node and register with Consul.

  2. When a Consul Client fails, you won’t be able to register services on that host and all the services running on that host will be excluded from service discovery queries. But usually, you will have applications run with multiple replicas (spread across different hosts), and the instances of the application running on other hosts will be able to serve the traffic.

  3. It is not recommended to run consul-client per application as Consul Client agents use a specific gossip protocol (SWIM using HashiCorp Serf) which operates by broadcasting information about membership and distributed health checks. More client agents mean more network traffic. This is one of the reasons why consul-dataplane came into existence.

ref: