Context: Consul 1.20.2 deployed on Kubernetes.
Problem: Our application (running in a service mesh proxy) needs to make external calls (outside the mesh) to initialize its data at startup. These calls fail because the Envoy sidecar is not yet operational, which blocks the application.
Is it possible to start both containers in parallel, or at least allow the application to make its external calls before the sidecar is ready?
Hi @MiladiHedi,
There are multiple options to get this working to choose from:
Use annotations to exclude the external calls from going via the proxy
In this option, you can use the exclude-outbound-cidrs annotation to exclude the IP/Subnet/DNS Name from being routed via the sidecar proxy
Ref: Consul on Kubernetes annotations and labels reference | Consul | HashiCorp Developer
The next option is to use proxy lifecycle hooks. In this feature, you will configure the sidecar proxy to expose its readiness status on an endpoint, which can be queried using a script from your application container (in a loop). Once the proxy is ready, the application can then proceed making outbound calls.
Look up the lifecycle helm override and annotations from the below link
The 3rd option is to use a new feature introduced in Consul-K8S, where the sidecar will be run as a Kubernetes-Native sidecar container. This is only available in the 1.9.0 release of Consul-K8S. In this option, the sidecar will be started first, and only when ready, the application container will be launched. This will avoid any outbound requests getting failed due to the sidecar not being ready.
Ref:
- Add support for enabling Consul dataplane as a sidecar container by nitin-sachdev-29 · Pull Request #4678 · hashicorp/consul-k8s · GitHub
- Helm Chart Reference | Consul | HashiCorp Developer
Thank you for your answer.
We used solution 2,it works.