Configure Consul via Helm chart in EKS without NLB

Consul
1

I’m attempting to deploy consul to EKS via helm chart. My current config spins up an ALB and and an NLB. Ideally the end should only utilize the ALB.
Any assistance would be greatly appreciated.

2

pasting in a bit of my values.yaml. I’m attempting to create an alb with aws load balancer controller, not an nlb

ui:
enabled: true
service:
enabled: true
ingress:
enabled: true
hosts:
- host: $HOST
paths:
- /
annotations: |
kubernetes.io/ingress.class’: alb
alb.ingress.kubernetes.io/target-type’: ip
alb.ingress.kubernetes.io/scheme’: internal
alb.ingress.kubernetes.io/load-balancer-name’: ${PREFIX}-eks-alb
alb.ingress.kubernetes.io/security-groups’: $ALB_SG
alb.ingress.kubernetes.io/certificate-arn’: $CERT_ARN
alb.ingress.kubernetes.io/subnets’: $SUB_A,$SUB_B

3

I’ve got the ALB up, albeit with the depricated ‘kubernetes.io/ingress.class’: alb. My nodes in the target group are unhealthy status 400. Anyone?

4

@Ranjandas might you be able to assist with this? This is the entire yaml file i’m deploying. Not able to access UI on alb.

global:
enabled: true
image: artifactory.NETWORK_DOMAIN/docker-authorized/hashicorp/consul:1.20.1-ubi
imageK8S: artifactory.NETWORK_DOMAIN/docker-authorized/hashicorp/consul-k8s-control-plane:1.6.1-ubi
datacenter: $ENV
logLevel: debug
imagePullPolicy: Always
tls:
enabled: true
tolerations: |
- key: “Internal”
operator: “Equal”
value: “true”
acls:
manageSystemACLs: true
tolerations: |
- key: “Internal”
operator: “Equal”
value: “true”
gossipEncryption:
autoGenerate: true
tolerations: |
- key: “Internal”
operator: “Equal”
value: “true”
connectInject:
enabled: false
server:
enabled: true
storageClass: gp3
replicas: 3
bootstrapExpect: 3
persistentVolumeClaimRetentionPolicy:
whenDeleted: Retain
whenScaled: Retain
tolerations: |
- key: “Internal”
operator: “Equal”
value: “true”
dns:
enabled: false
ui:
enabled: true
ingressClassName: ingress.k8s.aws/alb
service:
enabled: true
type: ClusterIP
ingress:
enabled: true
hosts:
- host: $HOST
paths:
- /
annotations: |

  'alb.ingress.kubernetes.io/group.name': ${PREFIX}-eks
  'alb.ingress.kubernetes.io/target-type': ip
  'alb.ingress.kubernetes.io/ssl-redirect': '443'
  'alb.ingress.kubernetes.io/scheme': internal
  'alb.ingress.kubernetes.io/listen-ports': '[{"HTTPS": 443}]'
  'alb.ingress.kubernetes.io/load-balancer-name': ${PREFIX}-eks-alb
  'alb.ingress.kubernetes.io/security-groups': $ALB_SG
  'alb.ingress.kubernetes.io/certificate-arn': $CERT_ARN
  'alb.ingress.kubernetes.io/subnets': $SUB_A,$SUB_B       
  'alb.ingress.kubernetes.io/ssl-policy': ELBSecurityPolicy-TLS13-1-2-2021-06
  'alb.ingress.kubernetes.io/healthcheck-port': traffic-port
  'alb.ingress.kubernetes.io/backend-protocol': HTTP
  'alb.ingress.kubernetes.io/backend-protocol-version': HTTP1
5

It was working all along, I needed to add the correct health check path to resolve the issue.

global:
enabled: true
image: artifactory.NETWORK_DOMAIN/docker-authorized/hashicorp/consul:1.20.1-ubi
imageK8S: artifactory.NETWORK_DOMAIN/docker-authorized/hashicorp/consul-k8s-control-plane:1.6.1-ubi
datacenter: $ENV
logLevel: debug
imagePullPolicy: Always
tls:
enabled: true
tolerations: |
- key: “Internal”
operator: “Equal”
value: “true”
acls:
manageSystemACLs: true
tolerations: |
- key: “Internal”
operator: “Equal”
value: “true”
gossipEncryption:
autoGenerate: true
tolerations: |
- key: “Internal”
operator: “Equal”
value: “true”
connectInject:
enabled: false
server:
enabled: true
storageClass: gp3
persistentVolumeClaimRetentionPolicy:
whenDeleted: Retain
whenScaled: Retain
tolerations: |
- key: “Internal”
operator: “Equal”
value: “true”
dns:
enabled: false
ui:
enabled: true
service:
enabled: true
type: NodePort

ingress:
enabled: true
hosts:
- host: HOST
paths:
- /
annotations: |
kubernetes.io/ingress.class’: alb
alb.ingress.kubernetes.io/group.name’: PREFIX-eks
alb.ingress.kubernetes.io/target-type’: instance
alb.ingress.kubernetes.io/ssl-redirect’: ‘443’
alb.ingress.kubernetes.io/scheme’: internal
alb.ingress.kubernetes.io/listen-ports’: ‘[{“HTTPS”: 443}]’
alb.ingress.kubernetes.io/load-balancer-name’: PREFIX-eks-alb
alb.ingress.kubernetes.io/security-groups’: ALB_SG
alb.ingress.kubernetes.io/certificate-arn’: CERT_ARN,BETA_ARN
alb.ingress.kubernetes.io/subnets’: SUB_A,SUB_B
alb.ingress.kubernetes.io/ssl-policy’: ELBSecurityPolicy-TLS13-1-2-2021-06
alb.ingress.kubernetes.io/healthcheck-path’: /v1/agent/checks
alb.ingress.kubernetes.io/healthcheck-port’: traffic-port
alb.ingress.kubernetes.io/backend-protocol’: HTTPS
alb.ingress.kubernetes.io/backend-protocol-version’: HTTP1

6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.