Connect to service registered in consul via consul dns

Hello,

I have Consul WAN Federation via mesh gateways with two datacenters in kubernetes clusters.
In one datacenter I have installed a service and registered it consul catalog.

Now I want to connect to this service from another service using consul dns name.

Inside pod in the same datacenter(kubernetes cluster) I’m able to connect to the service and get responce:

root@test-pod-7c885867d9-klwbh:/# dig static-server.service.consul

; <<>> DiG 9.11.3-1ubuntu1.18-Ubuntu <<>> static-server.service.consul
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38338
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: c86b072a8cd93538 (echoed)
;; QUESTION SECTION:
;static-server.service.consul.  IN      A

;; ANSWER SECTION:
static-server.service.consul. 5 IN      A       10.42.7.186

;; Query time: 3 msec
;; SERVER: 10.43.0.10#53(10.43.0.10)
;; WHEN: Wed May 10 13:57:37 UTC 2023
;; MSG SIZE  rcvd: 113
root@test-pod-7c885867d9-klwbh:/# curl static-server.service.consul:8080
"hello world"
root@test-pod-7c885867d9-klwbh:/#

But the same doesn’t work from pod in different datacenter:

root@test-pod-5698d99b64-8b79k:/# dig static-server.service.dc2.consul

; <<>> DiG 9.11.3-1ubuntu1.18-Ubuntu <<>> static-server.service.dc2.consul
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44561
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 67df76a622460363 (echoed)
;; QUESTION SECTION:
;static-server.service.dc2.consul. IN A

;; ANSWER SECTION:
static-server.service.dc2.consul. 5 IN A    10.42.7.186

;; Query time: 107 msec
;; SERVER: 10.43.0.10#53(10.43.0.10)
;; WHEN: Wed May 10 13:59:00 UTC 2023
;; MSG SIZE  rcvd: 129

root@test-pod-5698d99b64-8b79k:/# curl static-server.service.dc2.consul:8080
curl: (7) Failed to connect to static-server.service.dc2.consul port 8080: Connection timed out
root@test-pod-5698d99b64-8b79k:/#

I used this documentation Resolve Consul DNS requests in Kubernetes | Consul | HashiCorp Developer to configure dns in kubernetes cluster.

Is it possible at all to connect to the service from different datacenter via consul dns?
Shall I add anything more to my configuration?

Consul is a complex product with multiple layers of functionality.

One of the layers is service discovery - just resolving IP addresses.

Service mesh, also known as Consul Connect, is another layer on top of that.

From your post, you appear to have successfully resolved the IP address of the service from the other datacenter:

But, if this service is only integrated with Consul for service discovery only (and not service mesh), this just gives you an IP address which won’t be valid in other sites.

Based on the evidence shown, it seems likely to me that that’s the case here.

Hi @alina.freydina,

I assume you are using Consul Service Mesh, in which case, to dial cross-DC upstreams, you should explicitly define the upstream using the “consul.hashicorp.com/connect-service-upstreams”` annotation.

You can read about it here: Service Mesh - Enable Transparent Proxy Mode | Consul | HashiCorp Developer.