When I enable tls in the helm chart i get the following error in the tls init container logs:
/bin/sh: consul-k8s-control-plane: not found
Helm Chart
tls:
# If true, the Helm chart will enable TLS for Consul
# servers and clients and all consul-k8s components, as well as generate certificate
# authority (optional) and server and client certificates.
enabled: true
# If true, turns on the auto-encrypt feature on clients and servers.
# It also switches consul-k8s components to retrieve the CA from the servers
# via the API. Requires Consul 1.7.1+ and consul-k8s 0.13.0
enableAutoEncrypt: true
I have not configured any certificates as from what i’ve read, TLS can be simply enabled by setting global.tls.enabled=true.
Hi @jamesdhope - This is probably due to a mismatch between your helm repo version and your global.imageK8S. If you have that field set in your val.yaml file you’ll need to remove it. About 2 releases ago we migrated the consul-helm and consul-k8s repositories into a monorepo and they are now versioned together.
I’d recommend using the latest helm repo release and not setting imageK8S.
@kschoche So Consul won’t complain if I use TLS between the client/server sidecars without setting the CA?
# A Kubernetes secret containing the certificate of the CA to use for
# TLS communication within the Consul cluster. If you have generated the CA yourself
# with the consul CLI, you could use the following command to create the secret
# in Kubernetes:
#
# ```bash
# kubectl create secret generic consul-ca-cert \
# --from-file='tls.crt=./consul-agent-ca.pem'
# ```
caCert:
# The name of the Kubernetes secret.
secretName: null
# The key of the Kubernetes secret.
secretKey: null