Hi there,
I have a testing consul setup with 3 machines. All the “consul” ports are opened on all the interfaces. I am running consul in server mode in of them and the other two ones are just clients.
All machines are running consul version:
Consul v1.13.1
Revision c6d0f9ec
Then I have two services: frontend and backend. The frontend access the backend via its sidecar proxy (see service setup below).
The UI and the CLI (see below) do not show any errors.
The problem is my frontend is supposed to connect to the backend via the sidecar proxy but the proxy is not listening to the port that I have setup in the consul service configuration.
The only error I am seeing is this one from the consul connect envoy
cmd:
[bazel-out/k8-opt/bin/external/envoy/source/common/config/_virtual_includes/grpc_stream_lib/common/config/grpc_stream.h:101] DeltaAggregatedResources gRPC config stream closed: 14, upstream connect error or disconnect/reset before headers. reset reason: connection failure
I am suppose to have an envoy instance listening on port 6001 but I don’t see it so my FE cannot connect to my BE:
$ sudo lsof -nP -iTCP -sTCP:LISTEN
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 650 root 3u IPv4 23426 0t0 TCP *:22 (LISTEN)
sshd 650 root 4u IPv6 23437 0t0 TCP *:22 (LISTEN)
systemd-r 61529 systemd-resolve 13u IPv4 340217 0t0 TCP 127.0.0.53:53 (LISTEN)
frontend 87885 root 3u IPv6 528618 0t0 TCP *:6060 (LISTEN)
consul 88960 consul 7u IPv6 547288 0t0 TCP *:8301 (LISTEN)
consul 88960 consul 10u IPv6 547295 0t0 TCP *:8600 (LISTEN)
consul 88960 consul 11u IPv6 547297 0t0 TCP *:8500 (LISTEN)
envoy 88979 root 14u IPv4 547601 0t0 TCP *:21000 (LISTEN)
Some more configuration details:
$ consul members
Node Address Status Type Build Protocol DC Partition Segment
ip-172-31-25-246 172.31.25.246:8301 alive server 1.13.1 2 dc1 default <all>
ip-172-31-27-145 172.31.27.145:8301 alive client 1.13.1 2 dc1 default <default>
ip-172-31-28-0 172.31.28.0:8301 alive client 1.13.1 2 dc1 default <default>
$ consul catalog services
backend
backend-sidecar-proxy
consul
frontend
frontend-sidecar-proxy
consul server config:
$ cat /etc/consul.d/*.hcl | grep -v "^#"
data_dir = "/opt/consul"
connect {
enabled = true
}
ports {
grpc = 8502
}
server = true
bootstrap_expect = 1
ui_config {
enabled = true
}
client_addr = "0.0.0.0"
bind_addr = "0.0.0.0"
consul clients config:
cat /etc/consul.d/consul.hcl | grep -v "^#"
data_dir = "/opt/consul"
client_addr = "0.0.0.0"
bind_addr = "0.0.0.0" # Listen on all IPv4
Frontend service configuration (running in node1):
$ cat /etc/consul.d/frontend.hcl
service {
name = "frontend"
# frontend runs on port 6060.
port = 6060
# The "connect" stanza configures service mesh
# features.
connect {
sidecar_service {
# frontend's proxy will listen on port 21000.
port = 21000
proxy {
# The "upstreams" stanza configures
# which ports the sidecar proxy will expose
# and what services they'll route to.
upstreams = [
{
# Here you're configuring the sidecar proxy to
# proxy port 6001 to the backend service.
destination_name = "backend"
local_bind_port = 6001
}
]
}
}
}
}
I run the proxy sidecar service via systemd:
cat /etc/systemd/system/frontend-sidecar-proxy.service
[Unit]
Description="Frontend sidecar proxy service"
Requires=network-online.target
After=network-online.target
[Service]
ExecStart=/usr/bin/consul connect envoy -sidecar-for frontend \
-admin-bind 0.0.0.0:21000
Restart=on-failure
[Install]
WantedBy=multi-user.target
Any advice or comments are welcome.
Thank you,
-drd