Consul-Connect fails with StatefulSets

darkn3rd · September 22, 2022, 6:06am

I just got started today.

It seems Consul is FAILING due to StatefulSet and headless service. The application I am using has 2 StatefulSets (which has 2 headless services) and 2 regular services (ClusterIP), but this causes issues, and I cannot find docs on this, output form consul-connect-inject-init container:

2022-09-22T05:49:16.015Z [ERROR] There are multiple Consul services registered for this pod when there must only be one. Check if there are multiple Kubernetes services selecting this pod and add the label `consul.hashicorp.com/service-ignore: "true"` to all services except the one used by Consul for handling requests.

The envoy-sidecar then says:

Failed to load logs: container "envoy-sidecar" in pod "dgraph-dgraph-alpha-0" is waiting to start: PodInitializing
Reason: BadRequest (400)

STEPS TO REPRODUCE

# install consul
# docs https://www.consul.io/docs/k8s/installation/install
helm install consul hashicorp/consul \
  --create-namespace \
  --namespace consul \
  --set global.name=consul \
  --set connectInject.enabled=consul \
  --set controller.enabled=consul

cat << EOF > dgraph_config.yaml
image:
  tag: v21.03.2
zero:
  extraAnnotations:
    consul.hashicorp.com/connect-inject: 'true'
    consul.hashicorp.com/transparent-proxy: 'true'
alpha:
  extraAnnotations:
    consul.hashicorp.com/connect-inject: 'true'
    consul.hashicorp.com/transparent-proxy: 'true'
  configFile:
    config.yaml: |
      security:
        whitelist: {{ env "DG_ACCEPT_LIST" | default "0.0.0.0/0" | quote }}
EOF 
helm repo add dgraph https://charts.dgraph.io
helm install dgraph dgraph/dgraph --values dgraph.yaml

What do I need to do? I cannot find docs on StatefulSet vs. Consul-Connect.

darkn3rd · September 24, 2022, 9:03pm

This is definitely a bug, as StatefulSet + headless service is a standard feature of Kubernetes and thus not an uncommon use case.

In the interim, I found a workaround to get at least partial functionality with CSM (Consul Connect) is to use service labels on the headless service. I added the label consul.hashicorp.com/service-ignore: 'true' to the headless services. Now I get some functionality.

The internal communication between cluster nodes are not encrypted, so for this solution, one has to either use another service mesh solution, or manually encrypt the internal traffic.

darkn3rd · October 1, 2022, 5:32am

Anyone interested in this?

I managed to get injection to work, but then connectivity does not work. Now sure what to do to debug further.

github.com/hashicorp/consul-k8s

Failed Connectivity to Service pointing to StatefulSet Server w mixed gRPC port and HTTP ports

opened 05:01AM - 01 Oct 22 UTC

darkn3rd

type/bug

### Community Note * Please vote on this issue by adding a 👍 [reaction](https…://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you! * Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request. * If you are interested in working on this issue or have submitted a pull request, please leave a comment. ### Overview of the Issue Unable to establish connectivity through either HTTP or gRPC with Consul Service Mesh. ### Reproduction Steps Overview of Steps: * Deploy Consul Service Mesh ```yaml global: name: consul enabled: true datacenter: dc1 server: replicas: 1 securityContext: runAsNonRoot: false runAsUser: 0 connectInject: enabled: true controller: enabled: true ``` * Deploy Dgraph distributed graph database: StatefulSet, **gRPC** (`9080`), **HTTP** (`8080`) with injection annotations and labels for headless services * Deploy client (pydgraph-client) with consul injection annotations. Also static-client (curl) from docs also works to reproduce failure. * Exec into client and attempt to connect to Dgraph Alpha service (`dgraph-dgraph-alpha.dgraph.svc.cluster.local`) on service mesh, cannot connect Detail of Steps. I used [helmfile](https://github.com/helmfile/helmfile) to automate [helm](https://helm.sh/) charts with [kustomize](https://kubectl.docs.kubernetes.io/installation/kustomize/) to patch annotations or service labels: ```bash cat << EOF > csm.yaml repositories: - name: hashicorp url: https://helm.releases.hashicorp.com releases: - name: consul namespace: consul chart: hashicorp/consul version: 0.48.0 values: - global: name: consul enabled: true datacenter: dc1 server: replicas: 1 securityContext: runAsNonRoot: false runAsUser: 0 connectInject: enabled: true controller: enabled: true EOF helmfile --file csm.yaml apply cat << EOF > dgraph.yaml repositories: - name: dgraph url: https://charts.dgraph.io releases: - name: dgraph namespace: dgraph chart: dgraph/dgraph version: 0.0.19 values: - image: tag: v21.03.2 zero: extraAnnotations: consul.hashicorp.com/connect-inject: 'true' consul.hashicorp.com/transparent-proxy: 'true' consul.hashicorp.com/transparent-proxy-exclude-inbound-ports : "5080,7080" consul.hashicorp.com/transparent-proxy-exclude-outbound-ports: "5080,7080" alpha: extraAnnotations: consul.hashicorp.com/connect-inject: 'true' consul.hashicorp.com/transparent-proxy: 'true' consul.hashicorp.com/transparent-proxy-exclude-inbound-ports : "5080,7080" consul.hashicorp.com/transparent-proxy-exclude-outbound-ports: "5080,7080" configFile: config.yaml: | security: whitelist: {{ env "DG_ACCEPT_LIST" | default "0.0.0.0/0" | quote }} service: type: ClusterIP strategicMergePatches: - apiVersion: v1 kind: Service metadata: name: dgraph-dgraph-alpha-headless labels: consul.hashicorp.com/service-ignore: 'true' - apiVersion: v1 kind: Service metadata: name: dgraph-dgraph-zero-headless labels: consul.hashicorp.com/service-ignore: 'true' EOF helmfile --file dgraph.yaml apply cat << EOF > client.yaml repositories: - name: itscontained url: https://charts.itscontained.io releases: - name: pydgraph-client chart: itscontained/raw namespace: pydgraph-client version: 0.2.5 values: - resources: - apiVersion: apps/v1 kind: Deployment metadata: name: pydgraph-client spec: replicas: 1 selector: matchLabels: app: pydgraph-client template: metadata: labels: app: pydgraph-client spec: containers: - name: pydgraph-client image: {{ requiredEnv "DOCKER_REGISTRY" }}/pydgraph-client:{{ env "BUILD_VERSION" | default "latest" }} ports: - containerPort: 5000 env: - name: DGRAPH_ALPHA_SERVER value: {{ env "DGRAPH_RELEASE" | default "dgraph" }}-dgraph-alpha.{{ env "DGRAPH_NS" | default "dgraph" }}.svc.cluster.local - apiVersion: v1 kind: Service metadata: name: pydgraph-client spec: type: ClusterIP ports: - port: 80 targetPort: 5000 selector: app: pydgraph-client strategicMergePatches: - apiVersion: apps/v1 kind: Deployment metadata: name: pydgraph-client spec: template: metadata: annotations: consul.hashicorp.com/connect-inject: "true" consul.hashicorp.com/transparent-proxy: "true" EOF # Note: Published container using this repo: https://github.com/darkn3rd/pydgraph-client/tree/consul-wip export DOCKER_REGISTRY="darknerd" export BUILD_VERSION="consul-v0.3" helmfile --file dgraph.yaml apply # exec into the client container PYDGRAPH_POD=$(kubectl get pods --namespace "pydgraph-client" --output name) kubectl exec -ti --container "pydgraph-client" --namespace "pydgraph-client" \ ${PYDGRAPH_POD} -- bash # INSIDE CLIENT CONTAINER # test http w/ curl curl --silent ${DGRAPH_ALPHA_SERVER}:8080/health # test grpc w/ grpcurl grpcurl -plaintext -proto api.proto ${DGRAPH_ALPHA_SERVER}:9080 api.Dgraph/CheckVersion ``` ### Logs <details> <summary>kubectl logs consul-client-57llb | grep -E 'WARN|ERROR'</summary> ``` 2022-09-30T23:17:50.546Z [WARN] agent.router.manager: No servers available 2022-09-30T23:17:50.546Z [ERROR] agent.anti_entropy: failed to sync remote state: error="No known Consul servers" 2022-09-30T23:17:50.693Z [WARN] agent.client.memberlist.lan: memberlist: Failed to resolve consul-server-0.consul-server.consul.svc:8301: lookup consul-server-0.consul-server.consul.svc on 10.24.0.10:53: no such host 2022-09-30T23:17:50.693Z [WARN] agent: (LAN) couldn't join: number_of_nodes=0 error="1 error occurred: 2022-09-30T23:17:50.693Z [WARN] agent: Join cluster failed, will retry: cluster=LAN retry_interval=30s error=<nil> 2022-09-30T23:17:50.752Z [WARN] agent.router.manager: No servers available 2022-09-30T23:17:50.752Z [ERROR] agent.http: Request error: method=GET url=/v1/status/leader from=127.0.0.1:51636 error="No known Consul servers" 2022-09-30T23:18:00.849Z [WARN] agent.router.manager: No servers available 2022-09-30T23:18:00.849Z [ERROR] agent.http: Request error: method=GET url=/v1/status/leader from=127.0.0.1:56794 error="No known Consul servers" 2022-09-30T23:18:10.844Z [WARN] agent.router.manager: No servers available 2022-09-30T23:18:10.844Z [ERROR] agent.http: Request error: method=GET url=/v1/status/leader from=127.0.0.1:51860 error="No known Consul servers" 2022-09-30T23:18:11.157Z [WARN] agent.router.manager: No servers available 2022-09-30T23:18:11.158Z [ERROR] agent.anti_entropy: failed to sync remote state: error="No known Consul servers" 2022-10-01T03:45:44.927Z [WARN] agent: Check socket connection failed: check=service:dgraph-dgraph-zero-0-dgraph-dgraph-zero-sidecar-proxy:1 error="dial tcp 10.20.1.16:20000: connect: connection refused" 2022-10-01T03:45:44.928Z [WARN] agent: Check is now critical: check=service:dgraph-dgraph-zero-0-dgraph-dgraph-zero-sidecar-proxy:1 2022-10-01T03:45:54.929Z [WARN] agent: Check socket connection failed: check=service:dgraph-dgraph-zero-0-dgraph-dgraph-zero-sidecar-proxy:1 error="dial tcp 10.20.1.16:20000: connect: connection refused" 2022-10-01T03:45:54.929Z [WARN] agent: Check is now critical: check=service:dgraph-dgraph-zero-0-dgraph-dgraph-zero-sidecar-proxy:1 2022-10-01T03:46:04.930Z [WARN] agent: Check socket connection failed: check=service:dgraph-dgraph-zero-0-dgraph-dgraph-zero-sidecar-proxy:1 error="dial tcp 10.20.1.16:20000: connect: connection refused" 2022-10-01T03:46:04.930Z [WARN] agent: Check is now critical: check=service:dgraph-dgraph-zero-0-dgraph-dgraph-zero-sidecar-proxy:1 2022-10-01T03:46:14.931Z [WARN] agent: Check socket connection failed: check=service:dgraph-dgraph-zero-0-dgraph-dgraph-zero-sidecar-proxy:1 error="dial tcp 10.20.1.16:20000: connect: connection refused" 2022-10-01T03:46:14.931Z [WARN] agent: Check is now critical: check=service:dgraph-dgraph-zero-0-dgraph-dgraph-zero-sidecar-proxy:1 2022-10-01T03:46:51.283Z [WARN] agent: Check socket connection failed: check=service:dgraph-dgraph-alpha-2-dgraph-dgraph-alpha-sidecar-proxy:1 error="dial tcp 10.20.1.17:20000: connect: connection refused" 2022-10-01T03:46:51.283Z [WARN] agent: Check is now critical: check=service:dgraph-dgraph-alpha-2-dgraph-dgraph-alpha-sidecar-proxy:1 2022-10-01T03:47:01.284Z [WARN] agent: Check socket connection failed: check=service:dgraph-dgraph-alpha-2-dgraph-dgraph-alpha-sidecar-proxy:1 error="dial tcp 10.20.1.17:20000: connect: connection refused" 2022-10-01T03:47:01.284Z [WARN] agent: Check is now critical: check=service:dgraph-dgraph-alpha-2-dgraph-dgraph-alpha-sidecar-proxy:1 ``` </details> <details> <summary>kubectl logs consul-client-87x2j | grep -E 'WARN|ERROR*</summary> ``` 2022-09-30T23:17:53.577Z [WARN] agent.router.manager: No servers available 2022-09-30T23:17:53.577Z [ERROR] agent.anti_entropy: failed to sync remote state: error="No known Consul servers" 2022-09-30T23:17:53.690Z [WARN] agent.client.memberlist.lan: memberlist: Failed to resolve consul-server-0.consul-server.consul.svc:8301: lookup consul-server-0.consul-server.consul.svc on 10.24.0.10:53: no such host 2022-09-30T23:17:53.690Z [WARN] agent: (LAN) couldn't join: number_of_nodes=0 error="1 error occurred: 2022-09-30T23:17:53.690Z [WARN] agent: Join cluster failed, will retry: cluster=LAN retry_interval=30s error=<nil> 2022-09-30T23:17:53.836Z [WARN] agent.router.manager: No servers available 2022-09-30T23:17:53.836Z [ERROR] agent.http: Request error: method=GET url=/v1/status/leader from=127.0.0.1:44862 error="No known Consul servers" 2022-09-30T23:18:00.535Z [WARN] agent.router.manager: No servers available 2022-09-30T23:18:00.535Z [ERROR] agent.http: Request error: method=GET url=/v1/status/leader from=127.0.0.1:33472 error="No known Consul servers" 2022-09-30T23:18:10.570Z [WARN] agent.router.manager: No servers available 2022-09-30T23:18:10.570Z [ERROR] agent.http: Request error: method=GET url=/v1/status/leader from=127.0.0.1:44384 error="No known Consul servers" 2022-09-30T23:18:12.717Z [WARN] agent.router.manager: No servers available 2022-09-30T23:18:12.717Z [ERROR] agent.anti_entropy: failed to sync remote state: error="No known Consul servers" 2022-09-30T23:18:20.531Z [WARN] agent.router.manager: No servers available 2022-09-30T23:18:20.531Z [ERROR] agent.http: Request error: method=GET url=/v1/status/leader from=127.0.0.1:42170 error="No known Consul servers" 2022-10-01T03:31:44.620Z [WARN] agent: Check socket connection failed: check=service:static-server-6468d5869-46p6z-static-server-sidecar-proxy:1 error="dial tcp 10.20.2.19:20000: connect: connection refused" 2022-10-01T03:31:44.620Z [WARN] agent: Check is now critical: check=service:static-server-6468d5869-46p6z-static-server-sidecar-proxy:1 2022-10-01T03:31:54.621Z [WARN] agent: Check socket connection failed: check=service:static-server-6468d5869-46p6z-static-server-sidecar-proxy:1 error="dial tcp 10.20.2.19:20000: connect: connection refused" 2022-10-01T03:31:54.621Z [WARN] agent: Check is now critical: check=service:static-server-6468d5869-46p6z-static-server-sidecar-proxy:1 2022-10-01T03:32:04.621Z [WARN] agent: Check socket connection failed: check=service:static-server-6468d5869-46p6z-static-server-sidecar-proxy:1 error="dial tcp 10.20.2.19:20000: connect: connection refused" 2022-10-01T03:32:04.622Z [WARN] agent: Check is now critical: check=service:static-server-6468d5869-46p6z-static-server-sidecar-proxy:1 2022-10-01T03:32:14.622Z [WARN] agent: Check socket connection failed: check=service:static-server-6468d5869-46p6z-static-server-sidecar-proxy:1 error="dial tcp 10.20.2.19:20000: connect: connection refused" 2022-10-01T03:32:14.622Z [WARN] agent: Check is now critical: check=service:static-server-6468d5869-46p6z-static-server-sidecar-proxy:1 2022-10-01T03:32:24.623Z [WARN] agent: Check socket connection failed: check=service:static-server-6468d5869-46p6z-static-server-sidecar-proxy:1 error="dial tcp 10.20.2.19:20000: connect: connection refused" 2022-10-01T03:32:24.623Z [WARN] agent: Check is now critical: check=service:static-server-6468d5869-46p6z-static-server-sidecar-proxy:1 2022-10-01T03:40:47.380Z [WARN] agent.cache: handling error in Cache.Notify: cache-type=service-http-checks error="Internal cache failure: service 'static-server-6468d5869-46p6z-static-server' not in agent state" index=1 2022-10-01T03:40:47.399Z [WARN] agent.cache: handling error in Cache.Notify: cache-type=service-http-checks error="Internal cache failure: service 'static-server-6468d5869-46p6z-static-server' not in agent state" index=1 2022-10-01T03:40:47.399Z [WARN] agent.cache: handling error in Cache.Notify: cache-type=service-http-checks error="Internal cache failure: service 'static-server-6468d5869-46p6z-static-server' not in agent state" index=1 2022-10-01T03:40:47.400Z [WARN] agent.cache: handling error in Cache.Notify: cache-type=service-http-checks error="Internal cache failure: service 'static-server-6468d5869-46p6z-static-server' not in agent state" index=1 2022-10-01T03:40:47.822Z [ERROR] agent.envoy: Error receiving new DeltaDiscoveryRequest; closing request channel: error="rpc error: code = Canceled desc = context canceled" 2022-10-01T03:42:33.368Z [WARN] agent: Check socket connection failed: check=service:static-server-6b89c44b55-4xqxn-static-server-sidecar-proxy:1 error="dial tcp 10.20.2.20:20000: connect: connection refused" 2022-10-01T03:42:33.368Z [WARN] agent: Check is now critical: check=service:static-server-6b89c44b55-4xqxn-static-server-sidecar-proxy:1 2022-10-01T03:42:43.369Z [WARN] agent: Check socket connection failed: check=service:static-server-6b89c44b55-4xqxn-static-server-sidecar-proxy:1 error="dial tcp 10.20.2.20:20000: connect: connection refused" 2022-10-01T03:42:43.369Z [WARN] agent: Check is now critical: check=service:static-server-6b89c44b55-4xqxn-static-server-sidecar-proxy:1 2022-10-01T03:42:53.371Z [WARN] agent: Check socket connection failed: check=service:static-server-6b89c44b55-4xqxn-static-server-sidecar-proxy:1 error="dial tcp 10.20.2.20:20000: connect: connection refused" 2022-10-01T03:42:53.371Z [WARN] agent: Check is now critical: check=service:static-server-6b89c44b55-4xqxn-static-server-sidecar-proxy:1 2022-10-01T03:44:01.397Z [ERROR] agent.envoy: Error receiving new DeltaDiscoveryRequest; closing request channel: error="rpc error: code = Canceled desc = context canceled" 2022-10-01T03:45:48.997Z [WARN] agent: Check socket connection failed: check=service:dgraph-dgraph-alpha-0-dgraph-dgraph-alpha-sidecar-proxy:1 error="dial tcp 10.20.2.21:20000: connect: connection refused" 2022-10-01T03:45:48.997Z [WARN] agent: Check is now critical: check=service:dgraph-dgraph-alpha-0-dgraph-dgraph-alpha-sidecar-proxy:1 2022-10-01T03:46:39.554Z [WARN] agent: Check socket connection failed: check=service:dgraph-dgraph-zero-1-dgraph-dgraph-zero-sidecar-proxy:1 error="dial tcp 10.20.2.22:20000: connect: connection refused" 2022-10-01T03:46:39.554Z [WARN] agent: Check is now critical: check=service:dgraph-dgraph-zero-1-dgraph-dgraph-zero-sidecar-proxy:1 2022-10-01T03:47:56.531Z [WARN] agent: Check socket connection failed: check=service:pydgraph-client-89f8f7fb6-8nsfx-pydgraph-client-sidecar-proxy:1 error="dial tcp 10.20.2.23:20000: connect: connection refused" 2022-10-01T03:47:56.531Z [WARN] agent: Check is now critical: check=service:pydgraph-client-89f8f7fb6-8nsfx-pydgraph-client-sidecar-proxy:1 2022-10-01T03:48:06.532Z [WARN] agent: Check socket connection failed: check=service:pydgraph-client-89f8f7fb6-8nsfx-pydgraph-client-sidecar-proxy:1 error="dial tcp 10.20.2.23:20000: connect: connection refused" 2022-10-01T03:48:06.532Z [WARN] agent: Check is now critical: check=service:pydgraph-client-89f8f7fb6-8nsfx-pydgraph-client-sidecar-proxy:1 2022-10-01T03:48:16.533Z [WARN] agent: Check socket connection failed: check=service:pydgraph-client-89f8f7fb6-8nsfx-pydgraph-client-sidecar-proxy:1 error="dial tcp 10.20.2.23:20000: connect: connection refused" 2022-10-01T03:48:16.533Z [WARN] agent: Check is now critical: check=service:pydgraph-client-89f8f7fb6-8nsfx-pydgraph-client-sidecar-proxy:1 2022-10-01T03:48:19.117Z [ERROR] agent.envoy: Error receiving new DeltaDiscoveryRequest; closing request channel: error="rpc error: code = Canceled desc = context canceled" 2022-10-01T03:48:19.173Z [WARN] agent.cache: handling error in Cache.Notify: cache-type=service-http-checks error="Internal cache failure: service 'pydgraph-client-6ff685dd55-zv62k-pydgraph-client' not in agent state" index=52 2022-10-01T03:48:19.195Z [WARN] agent.cache: handling error in Cache.Notify: cache-type=service-http-checks error="Internal cache failure: service 'pydgraph-client-6ff685dd55-zv62k-pydgraph-client' not in agent state" index=52 2022-10-01T03:48:19.196Z [WARN] agent.cache: handling error in Cache.Notify: cache-type=service-http-checks error="Internal cache failure: service 'pydgraph-client-6ff685dd55-zv62k-pydgraph-client' not in agent state" index=52 2022-10-01T03:48:19.198Z [WARN] agent.cache: handling error in Cache.Notify: cache-type=service-http-checks error="Internal cache failure: service 'pydgraph-client-6ff685dd55-zv62k-pydgraph-client' not in agent state" index=52 ``` </details> <details> <summary>kubectl logs consul-client-8j2z4 | grep -E 'WARN|ERROR'</summary> ``` 2022-09-30T23:17:51.372Z [WARN] agent.router.manager: No servers available 2022-09-30T23:17:51.372Z [ERROR] agent.anti_entropy: failed to sync remote state: error="No known Consul servers" 2022-09-30T23:17:56.506Z [WARN] agent.client.memberlist.lan: memberlist: Failed to resolve consul-server-0.consul-server.consul.svc:8301: lookup consul-server-0.consul-server.consul.svc on 10.24.0.10:53: no such host 2022-09-30T23:17:56.506Z [WARN] agent: (LAN) couldn't join: number_of_nodes=0 error="1 error occurred: 2022-09-30T23:17:56.506Z [WARN] agent: Join cluster failed, will retry: cluster=LAN retry_interval=30s error=<nil> 2022-09-30T23:18:00.370Z [WARN] agent.router.manager: No servers available 2022-09-30T23:18:00.370Z [ERROR] agent.http: Request error: method=GET url=/v1/status/leader from=127.0.0.1:36886 error="No known Consul servers" 2022-09-30T23:18:10.369Z [WARN] agent.router.manager: No servers available 2022-09-30T23:18:10.369Z [ERROR] agent.http: Request error: method=GET url=/v1/status/leader from=127.0.0.1:51414 error="No known Consul servers" 2022-09-30T23:18:16.222Z [WARN] agent.router.manager: No servers available 2022-09-30T23:18:16.222Z [ERROR] agent.anti_entropy: failed to sync remote state: error="No known Consul servers" 2022-09-30T23:18:20.369Z [WARN] agent.router.manager: No servers available 2022-09-30T23:18:20.369Z [ERROR] agent.http: Request error: method=GET url=/v1/status/leader from=127.0.0.1:42958 error="No known Consul servers" 2022-10-01T03:31:54.980Z [WARN] agent: Check socket connection failed: check=service:static-client-57bd8b6797-244tw-static-client-sidecar-proxy:1 error="dial tcp 10.20.0.16:20000: connect: connection refused" 2022-10-01T03:31:54.980Z [WARN] agent: Check is now critical: check=service:static-client-57bd8b6797-244tw-static-client-sidecar-proxy:1 2022-10-01T03:32:04.981Z [WARN] agent: Check socket connection failed: check=service:static-client-57bd8b6797-244tw-static-client-sidecar-proxy:1 error="dial tcp 10.20.0.16:20000: connect: connection refused" 2022-10-01T03:32:04.981Z [WARN] agent: Check is now critical: check=service:static-client-57bd8b6797-244tw-static-client-sidecar-proxy:1 2022-10-01T03:40:31.268Z [WARN] agent.cache: handling error in Cache.Notify: cache-type=service-http-checks error="Internal cache failure: service 'static-client-57bd8b6797-244tw-static-client' not in agent state" index=1 2022-10-01T03:40:31.368Z [WARN] agent.cache: handling error in Cache.Notify: cache-type=service-http-checks error="Internal cache failure: service 'static-client-57bd8b6797-244tw-static-client' not in agent state" index=1 2022-10-01T03:40:31.369Z [WARN] agent.cache: handling error in Cache.Notify: cache-type=service-http-checks error="Internal cache failure: service 'static-client-57bd8b6797-244tw-static-client' not in agent state" index=1 2022-10-01T03:4040:31.779Z [ERROR] agent.envoy: Error receiving new DeltaDiscoveryRequest; closing request channel: error="rpc error: code = Canceled desc = context canceled" 2022-10-01T03:42:49.960Z [WARN] agent: Check socket connection failed: check=service:static-client-5f75464cdc-7qccj-static-client-sidecar-proxy:1 error="dial tcp 10.20.0.17:20000: connect: connection refused" 2022-10-01T03:42:49.960Z [WARN] agent: Check is now critical: check=service:static-client-5f75464cdc-7qccj-static-client-sidecar-proxy:1 2022-10-01T03:44:11.111Z [WARN] agent.cache: handling error in Cache.Notify: cache-type=service-http-checks error="Internal cache failure: service 'static-client-5f75464cdc-7qccj-static-client' not in agent state" index=0 2022-10-01T03:44:11.112Z [ERROR] agent.proxycfg: Failed to handle update from watch: kind=connect-proxy proxy=static-client-5f75464cdc-7qccj-static-client-sidecar-proxy service_id=static-client-5f75464cdc-7qccj-static-client-sidecar-proxy id=service-http-checks:static-client-5f75464cdc-7qccj-static-client error="error filling agent cache: Internal cache failure: service 'static-client-5f75464cdc-7qccj-static-client' not in agent state" 2022-10-01T03:44:11.117Z [WARN] agent.cache: handling error in Cache.Notify: cache-type=service-http-checks error="Internal cache failure: service 'static-client-5f75464cdc-7qccj-static-client' not in agent state" index=0 2022-10-01T03:44:11.117Z [ERROR] agent.proxycfg: Failed to handle update from watch: kind=connect-proxy proxy=static-client-5f75464cdc-7qccj-static-client-sidecar-proxy service_id=static-client-5f75464cdc-7qccj-static-client-sidecar-proxy id=service-http-checks:static-client-5f75464cdc-7qccj-static-client error="error filling agent cache: Internal cache failure: service 'static-client-5f75464cdc-7qccj-static-client' not in agent state" 2022-10-01T03:44:11.117Z [WARN] agent.cache: handling error in Cache.Notify: cache-type=service-http-checks error="Internal cache failure: service 'static-client-5f75464cdc-7qccj-static-client' not in agent state" index=0 2022-10-01T03:44:11.118Z [ERROR] agent.proxycfg: Failed to handle update from watch: kind=connect-proxy proxy=static-client-5f75464cdc-7qccj-static-client-sidecar-proxy service_id=static-client-5f75464cdc-7qccj-static-client-sidecar-proxy id=service-http-checks:static-client-5f75464cdc-7qccj-static-client error="error filling agent cache: Internal cache failure: service 'static-client-5f75464cdc-7qccj-static-client' not in agent state" 2022-10-01T03:44:11.118Z [WARN] agent.cache: handling error in Cache.Notify: cache-type=service-http-checks error="Internal cache failure: service 'static-client-5f75464cdc-7qccj-static-client' not in agent state" index=0 2022-10-01T03:44:11.118Z [ERROR] agent.proxycfg: Failed to handle update from watch: kind=connect-proxy proxy=static-client-5f75464cdc-7qccj-static-client-sidecar-proxy service_id=static-client-5f75464cdc-7qccj-static-client-sidecar-proxy id=service-http-checks:static-client-5f75464cdc-7qccj-static-client error="error filling agent cache: Internal cache failure: service 'static-client-5f75464cdc-7qccj-static-client' not in agent state" 2022-10-01T03:44:11.365Z [ERROR] agent.envoy: Error receiving new DeltaDiscoveryRequest; closing request channel: error="rpc error: code = Canceled desc = context canceled" 2022-10-01T03:46:20.032Z [WARN] agent: Check socket connection failed: check=service:dgraph-dgraph-alpha-1-dgraph-dgraph-alpha-sidecar-proxy:1 error="dial tcp 10.20.0.18:20000: connect: connection refused" 2022-10-01T03:46:20.032Z [WARN] agent: Check is now critical: check=service:dgraph-dgraph-alpha-1-dgraph-dgraph-alpha-sidecar-proxy:1 2022-10-01T03:47:09.808Z [WARN] agent: Check socket connection failed: check=service:dgraph-dgraph-zero-2-dgraph-dgraph-zero-sidecar-proxy:1 error="dial tcp 10.20.0.19:20000: connect: connection refused" 2022-10-01T03:47:09.809Z [WARN] agent: Check is now critical: check=service:dgraph-dgraph-zero-2-dgraph-dgraph-zero-sidecar-proxy:1:31.370Z [WARN] agent.cache: handling error in Cache.Notify: cache-type=service-http-checks error="Internal cache failure: service 'static-client-57bd8b6797-244tw-static-client' not in agent state" index=1 2022-10-01T03:40:31.779Z [ERROR] agent.envoy: Error receiving new DeltaDiscoveryRequest; closing request channel: error="rpc error: code = Canceled desc = context canceled" 2022-10-01T03:42:49.960Z [WARN] agent: Check socket connection failed: check=service:static-client-5f75464cdc-7qccj-static-client-sidecar-proxy:1 error="dial tcp 10.20.0.17:20000: connect: connection refused" 2022-10-01T03:42:49.960Z [WARN] agent: Check is now critical: check=service:static-client-5f75464cdc-7qccj-static-client-sidecar-proxy:1 2022-10-01T03:44:11.111Z [WARN] agent.cache: handling error in Cache.Notify: cache-type=service-http-checks error="Internal cache failure: service 'static-client-5f75464cdc-7qccj-static-client' not in agent state" index=0 2022-10-01T03:44:11.112Z [ERROR] agent.proxycfg: Failed to handle update from watch: kind=connect-proxy proxy=static-client-5f75464cdc-7qccj-static-client-sidecar-proxy service_id=static-client-5f75464cdc-7qccj-static-client-sidecar-proxy id=service-http-checks:static-client-5f75464cdc-7qccj-static-client error="error filling agent cache: Internal cache failure: service 'static-client-5f75464cdc-7qccj-static-client' not in agent state" 2022-10-01T03:44:11.117Z [WARN] agent.cache: handling error in Cache.Notify: cache-type=service-http-checks error="Internal cache failure: service 'static-client-5f75464cdc-7qccj-static-client' not in agent state" index=0 2022-10-01T03:44:11.117Z [ERROR] agent.proxycfg: Failed to handle update from watch: kind=connect-proxy proxy=static-client-5f75464cdc-7qccj-static-client-sidecar-proxy service_id=static-client-5f75464cdc-7qccj-static-client-sidecar-proxy id=service-http-checks:static-client-5f75464cdc-7qccj-static-client error="error filling agent cache: Internal cache failure: service 'static-client-5f75464cdc-7qccj-static-client' not in agent state" 2022-10-01T03:44:11.117Z [WARN] agent.cache: handling error in Cache.Notify: cache-type=service-http-checks error="Internal cache failure: service 'static-client-5f75464cdc-7qccj-static-client' not in agent state" index=0 2022-10-01T03:44:11.118Z [ERROR] agent.proxycfg: Failed to handle update from watch: kind=connect-proxy proxy=static-client-5f75464cdc-7qccj-static-client-sidecar-proxy service_id=static-client-5f75464cdc-7qccj-static-client-sidecar-proxy id=service-http-checks:static-client-5f75464cdc-7qccj-static-client error="error filling agent cache: Internal cache failure: service 'static-client-5f75464cdc-7qccj-static-client' not in agent state" 2022-10-01T03:44:11.118Z [WARN] agent.cache: handling error in Cache.Notify: cache-type=service-http-checks error="Internal cache failure: service 'static-client-5f75464cdc-7qccj-static-client' not in agent state" index=0 2022-10-01T03:44:11.118Z [ERROR] agent.proxycfg: Failed to handle update from watch: kind=connect-proxy proxy=static-client-5f75464cdc-7qccj-static-client-sidecar-proxy service_id=static-client-5f75464cdc-7qccj-static-client-sidecar-proxy id=service-http-checks:static-client-5f75464cdc-7qccj-static-client error="error filling agent cache: Internal cache failure: service 'static-client-5f75464cdc-7qccj-static-client' not in agent state" 2022-10-01T03:44:11.365Z [ERROR] agent.envoy: Error receiving new DeltaDiscoveryRequest; closing request channel: error="rpc error: code = Canceled desc = context canceled" 2022-10-01T03:46:20.032Z [WARN] agent: Check socket connection failed: check=service:dgraph-dgraph-alpha-1-dgraph-dgraph-alpha-sidecar-proxy:1 error="dial tcp 10.20.0.18:20000: connect: connection refused" 2022-10-01T03:46:20.032Z [WARN] agent: Check is now critical: check=service:dgraph-dgraph-alpha-1-dgraph-dgraph-alpha-sidecar-proxy:1 2022-10-01T03:47:09.808Z [WARN] agent: Check socket connection failed: check=service:dgraph-dgraph-zero-2-dgraph-dgraph-zero-sidecar-proxy:1 error="dial tcp 10.20.0.19:20000: connect: connection refused" 2022-10-01T03:47:09.809Z [WARN] agent: Check is now critical: check=service:dgraph-dgraph-zero-2-dgraph-dgraph-zero-sidecar-proxy:14:11.111Z [WARN] agent.cache: handling error in Cache.Notify: cache-type=service-http-checks error="Internal cache failure: service 'static-client-5f75464cdc-7qccj-static-client' not in agent state" index=0 2022-10-01T03:44:11.112Z [ERROR] agent.proxycfg: Failed to handle update from watch: kind=connect-proxy proxy=static-client-5f75464cdc-7qccj-static-client-sidecar-proxy service_id=static-client-5f75464cdc-7qccj-static-client-sidecar-proxy id=service-http-checks:static-client-5f75464cdc-7qccj-static-client error="error filling agent cache: Internal cache failure: service 'static-client-5f75464cdc-7qccj-static-client' not in agent state" 2022-10-01T03:44:11.117Z [WARN] agent.cache: handling error in Cache.Notify: cache-type=service-http-checks error="Internal cache failure: service 'static-client-5f75464cdc-7qccj-static-client' not in agent state" index=0 2022-10-01T03:44:11.117Z [ERROR] agent.proxycfg: Failed to handle update from watch: kind=connect-proxy proxy=static-client-5f75464cdc-7qccj-static-client-sidecar-proxy service_id=static-client-5f75464cdc-7qccj-static-client-sidecar-proxy id=service-http-checks:static-client-5f75464cdc-7qccj-static-client error="error filling agent cache: Internal cache failure: service 'static-client-5f75464cdc-7qccj-static-client' not in agent state" 2022-10-01T03:44:11.117Z [WARN] agent.cache: handling error in Cache.Notify: cache-type=service-http-checks error="Internal cache failure: service 'static-client-5f75464cdc-7qccj-static-client' not in agent state" index=0 2022-10-01T03:44:11.118Z [ERROR] agent.proxycfg: Failed to handle update from watch: kind=connect-proxy proxy=static-client-5f75464cdc-7qccj-static-client-sidecar-proxy service_id=static-client-5f75464cdc-7qccj-static-client-sidecar-proxy id=service-http-checks:static-client-5f75464cdc-7qccj-static-client error="error filling agent cache: Internal cache failure: service 'static-client-5f75464cdc-7qccj-static-client' not in agent state" 2022-10-01T03:44:11.118Z [WARN] agent.cache: handling error in Cache.Notify: cache-type=service-http-checks error="Internal cache failure: service 'static-client-5f75464cdc-7qccj-static-client' not in agent state" index=0 2022-10-01T03:44:11.118Z [ERROR] agent.proxycfg: Failed to handle update from watch: kind=connect-proxy proxy=static-client-5f75464cdc-7qccj-static-client-sidecar-proxy service_id=static-client-5f75464cdc-7qccj-static-client-sidecar-proxy id=service-http-checks:static-client-5f75464cdc-7qccj-static-client error="error filling agent cache: Internal cache failure: service 'static-client-5f75464cdc-7qccj-static-client' not in agent state" 2022-10-01T03:44:11.365Z [ERROR] agent.envoy: Error receiving new DeltaDiscoveryRequest; closing request channel: error="rpc error: code = Canceled desc = context canceled" 2022-10-01T03:46:20.032Z [WARN] agent: Check socket connection failed: check=service:dgraph-dgraph-alpha-1-dgraph-dgraph-alpha-sidecar-proxy:1 error="dial tcp 10.20.0.18:20000: connect: connection refused" 2022-10-01T03:46:20.032Z [WARN] agent: Check is now critical: check=service:dgraph-dgraph-alpha-1-dgraph-dgraph-alpha-sidecar-proxy:1 2022-10-01T03:47:09.808Z [WARN] agent: Check socket connection failed: check=service:dgraph-dgraph-zero-2-dgraph-dgraph-zero-sidecar-proxy:1 error="dial tcp 10.20.0.19:20000: connect: connection refused" 2022-10-01T03:47:09.809Z [WARN] agent: Check is now critical: check=service:dgraph-dgraph-zero-2-dgraph-dgraph-zero-sidecar-proxy:1 ``` </details> ### Expected behavior I expected transparent proxy to work, so that when I try to communicate from either HTTP or gRPC using from the client to the server (both on the service mesh), I would be able to communicate. ### Environment details Additionally, please provide details regarding the Kubernetes Infrastructure, as shown below: - Kubernetes version: **v1.22** (`v1.22.12-gke.300`) - Cloud Provider: **GKE** - Networking CNI plugin in use: default whatever that is ### Additional Context * Tested successfully w/o CSM (no injected pods, everything works) * Tested successfully w other service mesh: on **Istio** (AKS), **Linkerd** (AKS), **NGINX Service Mesh** (GKE), * Used curl client from https://developer.hashicorp.com/consul/docs/k8s/connect w/o the service account, which also fails

Topic		Replies	Views
Install consul by helm chart - Readiness probe failed Consul	1	194	April 12, 2024
Unable to communicate via Consul-Connect service mesh Consul k8s , connect	0	267	September 28, 2022
Transparent proxy with stateful sets Consul k8s , connect	3	658	October 20, 2021
Issue connecting to services in remote dc when using federated consul cluster Consul	2	324	April 7, 2022
Single Consul Datacenter in Multiple Kubernetes Clusters Connection Failure Consul connect , first-time-question , service-mesh	3	723	April 28, 2022

Consul-Connect fails with StatefulSets

STEPS TO REPRODUCE

Related topics