I am following the guide Deploy Consul on Kubernetes. I am following the self-managed local version, using kind, helm and kubectl to deploy the hashicup demo that is used in the guide.
I followed the guide as best as I could, however, I am now stuck at Enable external traffic ingress into Consul service mesh. At the end of this chapter of the guide, you are supposed to be able to access localhost:8443 without port forward, using a NodePort.
I am not sure if I missed a configuration somewhere, I have doubled checked multiple times. Maybe the guide has some mistakes, for example, the guide uses kindest/node:v1.24.0 to install the image but actually it will just fail so I had to change that to the latest image and add listeneAddress for each extraPortMappings.
Here are some debug findings.
kubectl describe gateway api-gateway -n consul
Name: api-gateway
Namespace: consul
Labels: <none>
Annotations: consul.hashicorp.com/gateway-class-config:
{"serviceType":"NodePort","deployment":{"defaultInstances":1,"maxInstances":1,"minInstances":1,"resources":{"limits":{"cpu":"100m","memory...
API Version: gateway.networking.k8s.io/v1beta1
Kind: Gateway
Metadata:
Creation Timestamp: 2024-12-20T08:33:52Z
Finalizers:
gateway-finalizer.consul.hashicorp.com
Generation: 1
Resource Version: 1634
UID: 33ea0e6a-218e-4d4e-9397-32e9e856e948
Spec:
Gateway Class Name: consul
Listeners:
Allowed Routes:
Namespaces:
From: Same
Name: https
Port: 8443
Protocol: HTTPS
Tls:
Certificate Refs:
Group:
Kind: Secret
Name: consul-server-cert
Mode: Terminate
Status:
Addresses:
Type: IPAddress
Value: 172.18.0.2
Conditions:
Last Transition Time: 2024-12-20T08:33:52Z
Message: gateway accepted
Observed Generation: 1
Reason: Accepted
Status: True
Type: Accepted
Last Transition Time: 2024-12-20T08:33:53Z
Message: gateway programmed
Observed Generation: 1
Reason: Programmed
Status: True
Type: Programmed
Last Transition Time: 2024-12-20T08:33:52Z
Message: gateway synced to Consul
Observed Generation: 1
Reason: Synced
Status: True
Type: Synced
Last Transition Time: 2024-12-20T08:33:53Z
Message: gateway is valid
Observed Generation: 1
Reason: Accepted
Status: True
Type: ConsulAccepted
Listeners:
Attached Routes: 1
Conditions:
Last Transition Time: 2024-12-20T08:34:22Z
Message: listener accepted
Observed Generation: 1
Reason: Accepted
Status: True
Type: Accepted
Last Transition Time: 2024-12-20T08:34:22Z
Message: listener programmed
Observed Generation: 1
Reason: Programmed
Status: True
Type: Programmed
Last Transition Time: 2024-12-20T08:34:22Z
Message: listener has no conflicts
Observed Generation: 1
Reason: NoConflicts
Status: False
Type: Conflicted
Last Transition Time: 2024-12-20T08:34:22Z
Message: resolved references
Observed Generation: 1
Reason: ResolvedRefs
Status: True
Type: ResolvedRefs
Name: https
Supported Kinds:
Group: gateway.networking.k8s.io
Kind: HTTPRoute
Events: <none>
kubectl logs <api-gateway> -n consul
2024-12-20T08:33:55.843Z+00:00 [warning] envoy.misc(19) Deprecated field: type envoy.config.cluster.v3.Cluster Using deprecated option 'envoy.config.cluster.v3.Cluster.http2_protocol_options' from file cluster.proto. This configuration will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/version_history/version_history for details. If continued use of this field is absolutely necessary, see https://www.envoyproxy.io/docs/envoy/latest/configuration/operations/runtime#using-runtime-overrides-for-deprecated-features for how to apply a temporary and highly discouraged override.
2024-12-20T08:33:56.459Z+00:00 [warning] envoy.misc(19) internal_address_config is not configured. The existing default behaviour will trust RFC1918 IP addresses, but this will be changed in next release. Please explictily config internal address config as the migration step or config the envoy.reloadable_features.explicit_internal_address_config to true to untrust all ips by default
2024-12-20T08:33:56.639Z+00:00 [warning] envoy.main(19) There is no configured limit to the number of allowed active downstream connections. Configure a limit in `envoy.resource_monitors.global_downstream_max_connections` resource monitor.