I am trying to understand ingress gateways to expose a web service to the outside world through consul. I am using the Consul helm chart. How would I be able add listeners to the helm chart?
We also have a new product, Consul API Gateway, that may fit your needs better than Ingress Gateway. It is tightly integrated with Consul and has some features that Ingress Gateway doesn’t.
It can use SSL/TLS Server certificates signed by any Certificate Authority (such as Let’s Encrypt and Verisign).
It implements the Kubernetes Gateway API and you configure it using that standard. See the Kubernetes Gateway API (k8s.io) website for more info on that standard.
I’m getting Error: [ERROR] installing App V2: helm install --namespace=default --timeout=10m0s --values=/home/shell/helm/values-consul-0.41.1.yaml --version=0.41.1 --wait=true backend-consul /home/shell/helm/consul-0.41.1.tgz Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: [unable to recognize "": no matches for kind "GatewayClass" in version "gateway.networking.k8s.io/v1alpha2", unable to recognize "": no matches for kind "GatewayClassConfig" in version "api-gateway.consul.hashicorp.com/v1alpha1"]
This error is usually caused by not installing the Gateway API CRDs. The command to do that is shown as the first step in the installation instructions. See Consul API Gateway Usage | Consul by HashiCorp.
I wanted to answer your original question in this thread so that others can benefit if they come across this post.
By default the Helm chart configures Kubernetes to expose ports 8080 and 8443 for each logical ingress gateway that is deployed. When ingressGateways.enabled is set to true in the Helm chart, the Helm chart creates a deployment for a single logical gateway named ingress-gateway.
If you want to customize the ports for this specific gateway, create additional logical gateways, or modify the default ports used for all gateways, you can do that using the aforementioned vars in the Helm chart.
Below is an example config where the default ports have been changed from 8080 and 8443 to 9090, and 9443. In addition, the chart has been configured to deploy two logical ingress gateways–ingress-gateway and bar-ingress-gateway. The first gateway is using the default listener ports. The other is using a custom listener port list.
---
ingressGateways:
enabled: true
defaults:
service:
# This changes the default port list from 8080 and 8443 to 9090 and 9443.
ports:
- 9090
- 9443
gateways:
# Kubernetes will expose the default ports of 9090 and 9443 for this gateway's Service object
- name: ingress-gateway
# Kubernetes will expose the ports defined below for this gateway's Service object
- name: bar-ingress-gateway
service:
ports:
- 8000
- 8080
- 8443
After Kubernetes has been configured to forward these ports to the gateway’s pod via the Service, the Envoy proxy needs to be configured to actually listen on these ports.
Consul’s API gateway has a controller that provides a simplified UX for completely managing the lifecycle and config of gateways via custom resource definitions, as opposed to the Ingress gateway which requires managing parts of it via config in the Helm chart, and settings via Consul’s ingress gateway CRD.