Hi,
I’m trying to setup Consul API Gateway with TLS for my service mesh.
Here are the steps I followed:
- Applied CRDs
kubectl apply --kustomize="github.com/hashicorp/consul-api-gateway/config/crd?ref=v0.2.0"
``
2. created values.yaml for helm with the following content:
```yaml
global:
name: consul
connectInject:
enabled: true
default: true
transparentProxy:
defaultEnabled: true
namespaceSelector: |
matchLabels:
connect-inject : enabled
controller:
enabled: true
dns:
enabled: true
apiGateway:
enabled: true
image: "hashicorp/consul-api-gateway:0.2.0"
managedGatewayClass:
serviceType: LoadBalancer
useHostPorts: true
- Installed HelmChart with my values:
helm upgrade --install consul hashicorp/consul -f values.yaml
- Created TLS secret
kubectl create secret tls api-gw-cert --cert=api-gw.pem --key=api-gw-key.pem
- create consul-api-gateway.yaml with the following content:
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: Gateway
metadata:
name: selling-fears-gateway
spec:
gatewayClassName: consul-api-gateway
listeners:
- protocol: HTTPS
port: 8443
name: https
allowedRoutes:
namespaces:
from: Same
tls:
certificateRefs:
- name: api-gw-cert
- Executed
kubectl apply -f consul-api-gateway.yaml
API Gateway Controller and gateway pods are running
❯ kubectl get pods| grep gateway
consul-api-gateway-controller-97c4477d9-gjfct 1/1 Running 3 54m
selling-fears-gateway-68f5fb44-bjpp6 1/1 Running 0 49m
ELB was created for the gateway
❯ kubectl get svc | grep -i gateway
consul-api-gateway-controller ClusterIP 172.20.91.149 <none> 9090/TCP 7h26m
selling-fears-gateway LoadBalancer 172.20.66.53 abbd7ec5cde7348f4bde6443a180fc0e-605426254.eu-west-1.elb.amazonaws.com 8443:30991/TCP 50m
Gateway resource isn’t ready and doesn’t get address:
❯ kubectl get gateway
NAME CLASS ADDRESS READY AGE
selling-fears-gateway consul-api-gateway False 52m
Errors in consul-api-gateway-controller
2022-04-28T17:00:14.279Z [ERROR] k8s/logger.go:23: consul-api-gateway-server.controller-runtime.controller.gateway: Reconciler error: name=selling-fears-gateway namespace=default reconciler group=gateway.networking.k8s.io reconciler kind=Gateway
error=
| 1 error occurred:
| * Gateway.gateway.networking.k8s.io "selling-fears-gateway" is invalid: status.addresses.value: Invalid value: "": status.addresses.value in body should be at least 1 chars long
|
No errors in gateway pod
kubectl logs selling-fears-gateway-68f5fb44-bjpp6 | grep -v info | grep -v Deprecated
{"timestamp":"2022-04-28 16:21:46.505","thread":"13","level":"warning","name":"main","source":"source/server/server.cc:761","message":"there is no configured limit to the number of allowed active connections. Set a limit via the runtime key overload.global_downstream_max_connections"}
Kubernetes version - v1.21.5-eks-9017834
Consul version V1.12.0