When I look at the logs I see that one error is repeating…the error is pointing to the host IP on port 8500 (is the host IP the node?) …it’s failing due to a permission problem, but I’m not sure where I should look to resolve this…
Here is a snippet from the logs:
level=info msg=“Starting Consul Connect Integration” consul_host=13.42.51.35 consul_port=8500 version=1.8.1
2020-11-05T02:07:49.846222558Z time=“2020-11-05T02:07:49Z” level=info msg=“Watching CA leaf for ambassador\n”
2020-11-05T02:07:49.846243147Z time=“2020-11-05T02:07:49Z” level=info msg="[ERR] consul.watch: Watch (type: connect_leaf) errored: Get “http://13.42.51.35:8500/v1/agent/connect/ca/leaf/ambassador”: dial tcp 13.42.51.35:8500: connect: connection refused, retry in 5s"
also, I haven’t been able to find where the ip: 13.42.51.35 is coming from…so this is confusing…
should I disable tls and just use the end-to-end encryption that is provided with ambassador?
Regarding the ip in question, I spoke too soon, that particular ip is coming from a Node. When I accessed the node there is no 8500 listening. Any advice on what I’m missing in my configuration?
When TLS is enabled in the Helm chart, Consul only listens on port 8501 (HTTPS) instead of 8500 (HTTP).
It appears from one of the comments in the issue you posted that its possible to pass a few environment variables to Ambassador to tell it to contact Consul on an alternate port.
Can you try adding the following to the ambassador-consul-connect-integration Deployment and see if that resolves the connetivity issues?