I seem to get connection refused through tunnel via localhost, e.g. curl localhost:8080/health on the client. I am not sure how to do this. I setup dgraph server in the dgraph namespace, which has service dgraph-dgraph-alpha-grpc (9080/GRPC) and dgraph-dgraph-alpha (8080/HTTP), so I setup this below in the dgraph namespace:
---
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceDefaults
metadata:
name: dgraph-dgraph-alpha
spec:
protocol: 'http'
---
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceDefaults
metadata:
name: dgraph-dgraph-alpha-grpc
spec:
protocol: 'grpc'
---
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceIntentions
metadata:
name: pydgraph-client-to-dgraph
spec:
destination:
name: dgraph-dgraph-alpha
sources:
- name: pydgraph-client
action: allow
---
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceIntentions
metadata:
name: pydgraph-client-to-dgraph-grpc
spec:
destination:
name: dgraph-dgraph-alpha-grpc
sources:
- name: pydgraph-client
action: allow
I also setup this in the pydgraph-client:
---
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceDefaults
metadata:
name: pydgraph-client
spec:
protocol: 'http'
But ultimately, traffic is refused. I thought maybe the namespace is blocked, so I added the namespace to the source:
Error from server: error when applying patch:
{"metadata":{"annotations":{"kubectl.kubernetes.io/last-applied-configuration":"{\"apiVersion\":\"consul.hashicorp.com/v1alpha1\",\"kind\":\"ServiceIntentions\",\"metadata\":{\"annotations\":{},\"name\":\"pydgraph-client-to-dgraph\",\"namespace\":\"dgraph\"},\"spec\":{\"destination\":{\"name\":\"dgraph-dgraph-alpha\"},\"sources\":[{\"action\":\"allow\",\"name\":\"pydgraph-client\",\"namespace\":\"pydgraph-client\"}]}}\n"}},"spec":{"sources":[{"action":"allow","name":"pydgraph-client","namespace":"pydgraph-client"}]}}
to:
Resource: "consul.hashicorp.com/v1alpha1, Resource=serviceintentions", GroupVersionKind: "consul.hashicorp.com/v1alpha1, Kind=ServiceIntentions"
Name: "pydgraph-client-to-dgraph", Namespace: "dgraph"
for: "intention.yaml": admission webhook "mutate-serviceintentions.consul.hashicorp.com" denied the request: serviceintentions.consul.hashicorp.com "pydgraph-client-to-dgraph" is invalid: spec.sources[0].namespace: Invalid value: "pydgraph-client": Consul Enterprise namespaces must be enabled to set source.namespace
Error from server: error when applying patch:
{"metadata":{"annotations":{"kubectl.kubernetes.io/last-applied-configuration":"{\"apiVersion\":\"consul.hashicorp.com/v1alpha1\",\"kind\":\"ServiceIntentions\",\"metadata\":{\"annotations\":{},\"name\":\"pydgraph-client-to-dgraph-grpc\",\"namespace\":\"dgraph\"},\"spec\":{\"destination\":{\"name\":\"dgraph-dgraph-alpha-grpc\"},\"sources\":[{\"action\":\"allow\",\"name\":\"pydgraph-client\",\"namespace\":\"pydgraph-client\"}]}}\n"}},"spec":{"sources":[{"action":"allow","name":"pydgraph-client","namespace":"pydgraph-client"}]}}
to:
Resource: "consul.hashicorp.com/v1alpha1, Resource=serviceintentions", GroupVersionKind: "consul.hashicorp.com/v1alpha1, Kind=ServiceIntentions"
Name: "pydgraph-client-to-dgraph-grpc", Namespace: "dgraph"
for: "intention.yaml": admission webhook "mutate-serviceintentions.consul.hashicorp.com" denied the request: serviceintentions.consul.hashicorp.com "pydgraph-client-to-dgraph-grpc" is invalid: spec.sources[0].namespace: Invalid value: "pydgraph-client": Consul Enterprise namespaces must be enabled to set source.namespace
Are Kubernetes namespaces supported as the source? What are Consul Namespaces and how do these contrast to Kubernetes namespaces. How can I get this to work?
The current documentation/tutorial only shows the default namespace in Kubernetes.