Federation between K8S (Primary) and VMs

patrick-carnegie · August 17, 2020, 6:52pm

Overview:

I’m attempting to federate between a Kubernetes hosted Consul cluster (deployed via Helm), and an external cluster (Hosted on VM Images).

I’ve been using the following documentation to attempt to set this up.

However, I’m getting some communication issues between the two clusters. BTW - firewall has been disabled on the VM so that I could rule that out.

K8S LOGS:

[ERROR] agent.server.memberlist.wan: memberlist: Failed to forward ack: read tcp 10.78.18.63:49358->10.78.18.80:8443: read: connection reset by peer from=10.78.18.108:8302

[ERROR] agent.server.memberlist.wan: memberlist: Failed to send gossip to 10.78.18.108:8302: read tcp 10.78.18.63:50038->10.78.18.80:8443: read: connection reset by peer

VM LOGS

Suspect consul-dev-az-server-0.dev-az has failed, no acks received
…

HELM CONFIG (PRIMARY CONSUL CLUSTER)

global:
name: “consul-{{ env }}”
datacenter: “{{ env }}”
tls:
enabled: true
httpsOnly: false
caCert:
secretName: “consul-{{ env }}-federation”
secretKey: caCert
caKey:
secretName: “consul-{{ env }}-federation”
secretKey: caKey
acls:
manageSystemACLs: true
createReplicationToken: true
federation:
enabled: true
server:
client:
enabled: true
connectInject:
enabled: true
meshGateway:
enabled: true

** VM DOCKER COMPOSE **

version: ‘3.6’

services:
consul:
image: consul:1.8.2
network_mode: “host”
volumes:
- ./config:/consul/config
- ./data:/consul/data
environment:
CONSUL_BIND_INTERFACE: eth0
CONSUL_CLIENT_INTERFACE: eth0
ports:
- ‘8300:8300’
- ‘8301:8301’
- ‘8301:8301/udp’
- ‘8302:8302’
- ‘8302:8302/udp’
- ‘8500:8500’
- ‘8600:8600’
- ‘8600:8600/udp’

** VM CONSUL CONFIG **

ca_file = “/consul/config/certs/consul-agent-ca.pem”
cert_file = “/consul/config/certs/server-consul.pem”
key_file = “/consul/config/certs/server-consul-key.pem”
primary_gateways = ["{{ primary_gateway }}"]

acl {
enabled = true
default_policy = “deny”
down_policy = “extend-cache”
tokens {
agent = “{{ agent_token }}”
replication = “{{ replication_token }}”
}
}

server = true
datacenter = “{{ datacenter }}”
data_dir = “/consul/data”
enable_central_service_config = true
primary_datacenter = “{{ primary_datacenter }}”

node_name = “{{ inventory_hostname_short }}”
log_level = “INFO”

connect {
enabled = true
enable_mesh_gateway_wan_federation = true
}

verify_incoming_rpc = true
verify_outgoing = true
verify_server_hostname = true
retry_join = [ “{{ hostvars.consul0.ansible_default_ipv4.address }}” ]
ui = true
ports {
https = 8501
http = -1
grpc = 8502
}