Can Consul work with any CNI's

pezig · November 3, 2022, 5:35pm

Hi,

My team has a lot of application code depending on Consul but we need to implement a Container Networking Interface (CNI) that can enforce network policies on EKS.

I’ve tried Cilium, Calico, Antrea and Weavenet. They all work without Consul but as soon as Consul is installed, something breaks - either the consul clients are unreachable or no pods can communicate to each other even with a network policy that specifically allows it.

Can anyone provide advice on running Consul with a CNI?

Anything would be much appreciated.

Cheers,

Peter

vjshar · May 26, 2023, 2:08pm

Consul required root privileges with init container mainly for ( CAP_NET_ADMIN) and that is restricted with most Openshift installations, for making it work with Openshift, please use Multus CNI (connectinject-cni-multus) also you can try this helm chart as a reference helm-chart-ocp

bcovieswex · July 14, 2023, 1:11pm

Hi, @pezig . Were you able to fix this issue?