Consul ambassador connector

Hello,

I’m having issues with the Consul ambassador connector. I was able to get all of the components up and running by following: https://www.consul.io/docs/k8s/connect/ambassador

When I look at the logs I see that one error is repeating…the error is pointing to the host IP on port 8500 (is the host IP the node?) …it’s failing due to a permission problem, but I’m not sure where I should look to resolve this…

Here is a snippet from the logs:

level=info msg=“Starting Consul Connect Integration” consul_host=13.42.51.35 consul_port=8500 version=1.8.1

2020-11-05T02:07:49.846222558Z time=“2020-11-05T02:07:49Z” level=info msg=“Watching CA leaf for ambassador\n”

2020-11-05T02:07:49.846243147Z time=“2020-11-05T02:07:49Z” level=info msg="[ERR] consul.watch: Watch (type: connect_leaf) errored: Get “http://13.42.51.35:8500/v1/agent/connect/ca/leaf/ambassador”: dial tcp 13.42.51.35:8500: connect: connection refused, retry in 5s"

thanks,
michael…

Hi Michael,
What does your helm config look like? Consul should be listening on that port but maybe you have tls enabled?

Hi lkysow,

Yes, I have tls enabled, my config (values) file has this entry:

global:
enabled: true
name: consul
datacenter: prod-dc1
image: ‘consul:1.8.4’
enableAutoEncrypt: true
tls:
enabled: true
verify: true
gossipEncryption:
tls:
enabled: true

also, I haven’t been able to find where the ip: 13.42.51.35 is coming from…so this is confusing…
should I disable tls and just use the end-to-end encryption that is provided with ambassador?

Regarding the ip in question, I spoke too soon, that particular ip is coming from a Node. When I accessed the node there is no 8500 listening. Any advice on what I’m missing in my configuration?

I just noticed this open issue, not sure if my problem is related: https://github.com/datawire/ambassador/issues/2515

Hi lkysow,

Just a polite ping… any feedback from my comments? Thanks…