Can not access consul UI when use loadbalancer

sinycn · November 21, 2023, 8:26am

HI ereryone:
i install consul in k8s with this values

global:
  enabled: true
  datacenter: aws1
  image: "hashicorp/consul:1.17.0"
  imageK8S: hashicorp/consul-k8s-control-plane:1.3.0
  tls:
    enabled: true
server:
  replicas: 5
  storage: 50Gi
  resources:
    requests:
      memory: "100Mi"
      cpu: "100m"
    limits:
      memory: "32Gi"
      cpu: "4"
  updatePartition: 3
  tolerations: ""
  nodeSelector: null
syncCatalog:
  enabled: true
  default: false
client:
  resources:
    requests:
      memory: '8Gi'
      cpu: '2'
      disk: '15Gi'
    limits:
      memory: '8Gi'
      cpu: '2'
      disk: '15Gi'
ui:
  service:
    enabled: true
    type: "LoadBalancer"
    annotations: |
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
      service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:XXXXX:certificate/XXXXXX
      service.beta.kubernetes.io/aws-load-balancer-type: nlb
      service.beta.kubernetes.io/aws-load-balancer-internal: "true"
      service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
      service.beta.kubernetes.io/aws-load-balancer-type: external
      service.beta.kubernetes.io/load-balancer-source-ranges: 10.0.0.0/8, 100.64.0.0/16      
connectInject:
  enabled: true
  replicas: 3
  resources:
    requests:
      # Recommended production default: 500Mi
      # @type: string
      memory: "500Mi"
      # Recommended production default: 250m
      # @type: string
      cpu: "250m"
    limits:
      # Recommended production default: 500Mi
      # @type: string
      memory: "1024Mi"
      # Recommended production default: 250m
      # @type: string
      cpu: "1024m"
sidecarProxy:
  concurrency: 2
  resources:
    requests:
      # Recommended production default: 100Mi
      # @type: string
      memory: "100Mi"
      # Recommended production default: 100m
      # @type: string
      cpu: "100m"
    limits:
      # Recommended production default: 100Mi
      # @type: string
      memory: "1024Mi"
      # Recommended production default: 100m
      # @type: string
      cpu: "1024m"
  initContainer:
    resources:
      requests:
        # Recommended production default: 150Mi
        # @type: string
        memory: "150Mi"
        # Recommended production default: 250m
        # @type: string
        cpu: "250m"
      limits:
        # Recommended production default: 150Mi
        # @type: string
        memory: "1024Mi"
        # Recommended production default: 500m
        # @type: string
        cpu: "1024m"

when deploy server works well

  NAME                                                  READY   STATUS    RESTARTS   AGE
consul-consul-connect-injector-68674c4cdf-2lhbk       1/1     Running   0          6h30m
consul-consul-connect-injector-68674c4cdf-6qpz6       1/1     Running   0          6h30m
consul-consul-connect-injector-68674c4cdf-ftz5b       1/1     Running   0          6h30m
consul-consul-server-0                                1/1     Running   0          6h30m
consul-consul-server-1                                1/1     Running   0          6h30m
consul-consul-server-2                                1/1     Running   0          6h30m
consul-consul-server-3                                1/1     Running   0          6h30m
consul-consul-server-4                                1/1     Running   0          6h30m
consul-consul-sync-catalog-955784c49-zb8hn            1/1     Running   0          6h30m
consul-consul-webhook-cert-manager-7c9cd7bd67-vh6kr   1/1     Running   0          6h30m

but consul UI is not working it shows connection reset and i changed ui expose to ingress it shows HTTP 400

do you have any ideas how to troubleshoot

blake · November 21, 2023, 6:05pm

Can you please provide the output of kubectl consul get service consul-ui? What URL path are you accessing when you receive the HTTP 400 error?

sinycn · November 22, 2023, 12:22am

Hi @blake

thank you for your reply
the output for consul ui service:

[root@controller ~]# k get svc consul-consul-ui  -n consul-stag
NAME               TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
consul-consul-ui   ClusterIP   172.16.242.126   <none>        443/TCP   22h

and ingress configuration is

ui:
  ingress:
    enabled: true
    ingressClassName: alb
    pathType: Prefix
    hosts:
      - host: consul-stag.XXXXX.com
        paths:
          - /
    annotations: |
      alb.ingress.kubernetes.io/group.name: 'rdsec.internal-services'
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]'
      alb.ingress.kubernetes.io/inbound-cidrs: 10.0.0.0/8, 100.64.0.0/16
      alb.ingress.kubernetes.io/target-type: 'ip'
      alb.ingress.kubernetes.io/certificate-arn: 'arn:aws:acm:us-west-2:XXXXX:certificate/XXXX'

UI HTTP 400 error: