Consul ambassador connector


I’m having issues with the Consul ambassador connector. I was able to get all of the components up and running by following:

When I look at the logs I see that one error is repeating…the error is pointing to the host IP on port 8500 (is the host IP the node?) …it’s failing due to a permission problem, but I’m not sure where I should look to resolve this…

Here is a snippet from the logs:

level=info msg=“Starting Consul Connect Integration” consul_host= consul_port=8500 version=1.8.1

2020-11-05T02:07:49.846222558Z time=“2020-11-05T02:07:49Z” level=info msg=“Watching CA leaf for ambassador\n”

2020-11-05T02:07:49.846243147Z time=“2020-11-05T02:07:49Z” level=info msg="[ERR] Watch (type: connect_leaf) errored: Get “”: dial tcp connect: connection refused, retry in 5s"


Hi Michael,
What does your helm config look like? Consul should be listening on that port but maybe you have tls enabled?

Hi lkysow,

Yes, I have tls enabled, my config (values) file has this entry:

enabled: true
name: consul
datacenter: prod-dc1
image: ‘consul:1.8.4’
enableAutoEncrypt: true
enabled: true
verify: true
enabled: true

also, I haven’t been able to find where the ip: is coming from…so this is confusing…
should I disable tls and just use the end-to-end encryption that is provided with ambassador?

Regarding the ip in question, I spoke too soon, that particular ip is coming from a Node. When I accessed the node there is no 8500 listening. Any advice on what I’m missing in my configuration?

I just noticed this open issue, not sure if my problem is related:

Hi lkysow,

Just a polite ping… any feedback from my comments? Thanks…