Consul API gateway running on VM issue

fmp88 · April 28, 2024, 8:01am

Hi,

I am trying to setup the API gateway on virtual machines.

The API Gateway service appears in the Consul UI, but the port for the listener is not opened on the gateway machines.

These are my configurations

Kind = "api-gateway"
Name = "consul-api-gw-fra1"

// Each listener configures a port which can be used to access the Consul cluster
Listeners = [
    {
        Port = 8443
        Name = "api-gw-listener"
        Protocol = "http"
        TLS = {
            Certificates = [
                {
                    Kind = "inline-certificate"
                    Name = "my-certificate"
                }
            ]
        }
    }
]

Kind = "http-route"
Name = "my-http-route"

// Rules define how requests will be routed
Rules = [
  // Send all requests to UI services with 10% going to the "experimental" UI
  {
    Matches = [
      {
        Path = {
          Match = "prefix"
          Value = "/"
        }
      }
    ]
    Services = [
      {
        Name = "ui"
        Weight = 90
      },
      {
        Name = "experimental-ui"
        Weight = 10
      }
    ]
  },
  // Send all requests that start with the path `/api` to the API service
  {
    Matches = [
      {
        Path = {
          Match = "prefix"
          Value = "/api"
        }
      }
    ]
    Services = [
      {
        Name = "example"
      }
    ]
  }
]

Parents = [
  {
    Kind = "api-gateway"
    Name = "consul-api-gw-fra1"
  }
]

I write the config for the certificate first, then the config for the listener and then the routes

But I don’t see the port 8443 open on my gateway

This is the output of the config for the http route

    "Kind": "http-route",
    "Name": "my-http-route",
    "Parents": [
        {
            "Kind": "api-gateway",
            "Name": "consul-api-gw-fra1",
            "SectionName": ""
        }
    ],
    "Rules": [
        {
            "Filters": {
                "Headers": null,
                "URLRewrite": null,
                "RetryFilter": null,
                "TimeoutFilter": null,
                "JWT": null
            },
            "ResponseFilters": {
                "Headers": null
            },
            "Matches": [
                {
                    "Headers": null,
                    "Method": "",
                    "Path": {
                        "Match": "prefix",
                        "Value": "/api"
                    },
                    "Query": null
                }
            ],
            "Services": [
                {
                    "Name": "example",
                    "Weight": 1,
                    "Filters": {
                        "Headers": null,
                        "URLRewrite": null,
                        "RetryFilter": null,
                        "TimeoutFilter": null,
                        "JWT": null
                    },
                    "ResponseFilters": {
                        "Headers": null
                    }
                }
            ]
        }
    ],
    "Hostnames": null,
    "CreateIndex": 454,
    "ModifyIndex": 1578,
    "Status": {
        "Conditions": [
            {
                "Type": "Accepted",
                "Status": "False",
                "Reason": "InvalidDiscoveryChain",
                "Message": "route protocol does not match targeted service protocol",
                "Resource": {
                    "Kind": "",
                    "Name": "",
                    "SectionName": ""
                },
                "LastTransitionTime": "2024-04-28T07:16:46.600163222Z"
            },
            {
                "Type": "Bound",
                "Status": "False",
                "Reason": "FailedToBind",
                "Message": "failed to bind route to gateway consul-api-gw-fra1: route has not been accepted",
                "Resource": {
                    "Kind": "api-gateway",
                    "Name": "consul-api-gw-fra1",
                    "SectionName": ""
                },
                "LastTransitionTime": "2024-04-28T07:16:46.600237032Z"
            }
        ]
    }
}

Any help is really appreciated,
Thanks

nathancoleman · April 29, 2024, 3:16pm

Hi @fmp88

The gateway won’t actually open listener ports until a route successfully binds to that listener.

Looking at the status on the http-route, it seems like the protocol on the example service is not http; however, it must be in order for it to be targeted by a http-route.

You can set the protocol of the example service using a proxy-defaults (link) or a service-defaults (link) configuration entry, and then your http-route should successfully bind.

Alternatively, you could use a tcp-route if your example service is using the tcp protocol and you’d like to keep it that way.

Let me know if this gets you up and running. I think our docs could use an addition explicitly pointing this requirement out.

fmp88 · April 29, 2024, 5:20pm

Hi @nathancoleman
that was exactly the advice one of your colleagues also gave me and it worked all smoothly.
Thank you all very much, i didn’t expect to get it running this quickly

Yes it might be a good addition to the documentation.
The docs in this part feel generally lighter

Best

Topic		Replies	Views
Cannot configure Consul API gateway to listen on kubernetes Node port Consul k8s , consul , consul-api-gateway	11	2678	November 22, 2022
Consul-ui through consul api gateway Consul k8s , consul-api-gateway	3	1550	March 11, 2022
Kubernetes with consul and api-gateway Consul consul-api-gateway	2	597	November 1, 2022
Consul API gateway with service mesh on EKS. Gateway ready - false Consul consul-api-gateway	8	1010	May 2, 2022
[Consul/K8S] api gateway has no address Consul consul-k8s	4	395	January 25, 2025

Consul API gateway running on VM issue

Related topics