Mesh Gateway federation woes!

mister2d · February 14, 2022, 7:14pm

I was able to figure it out. primary_gateways was set to the Pod’s service IP which was not routable to the other cluster. I had to set the wanAddress to a static value which reflected the FQDN of the wan interface. Only then did the clusters actually sync completely. When running a consul members -wan, all server nodes now report “alive” status.

Working helm values

DC1:

global:
    datacenter: dc1
    name: consul
    domain: consul
    tls:
        enabled: true
        enableAutoEncrypt: true
        serverAdditionalDNSSANs:
            - "consul-server.consul.svc.cluster.local"
    federation:
        enabled: true
        createFederationSecret: true
    acls:
        manageSystemACLs: true
        createReplicationToken: true
    gossipEncryption:
        autoGenerate: true
    logJSON: true
connectInject:
    enabled: true
    default: false
controller:
    enabled: true
meshGateway:
    enabled: true
    replicas: 1
    service:
        enabled: true
        type: NodePort
        nodePort: 30085
    wanAddress:
        enabled: true
        source: "Static"
        static: "dc1.example.com"
        port: 30085
syncCatalog:
    enabled: true
    default: true
    toConsul: true
    toK8S: true
metrics:
    enabled: true
prometheus:
    enabled: true
ui:
    enabled: true
    service:
        type: NodePort
        nodePort:
            https: 30084
server:
    replicas: 3
    securityContext:
        runAsNonRoot: false
        runAsUser: 0
    service:
        type: NodePort
client:
    securityContext:
        runAsNonRoot: false
        runAsUser: 0

DC2:

global:
    datacenter: dc2
    name: consul
    domain: consul
    tls:
        enabled: true
        enableAutoEncrypt: true
        serverAdditionalDNSSANs:
            - "consul-server.consul.svc.cluster.local"
        caCert:
            secretName: consul-federation
            secretKey: caCert
        caKey:
            secretName: consul-federation
            secretKey: caKey
    acls:
        manageSystemACLs: true
        replicationToken:
            secretName: consul-federation
            secretKey: replicationToken
    federation:
        enabled: true
    gossipEncryption:
        secretName: consul-federation
        secretKey: gossipEncryptionKey
    logJSON: true
connectInject:
    enabled: true
    default: false
controller:
    enabled: true
meshGateway:
    enabled: true
    replicas: 1
    service:
        enabled: true
        type: NodePort
        nodePort: 30085
    wanAddress:
        enabled: true
        source: "Static"
        static: "dc2.example.com"
        port: 30085
syncCatalog:
    enabled: true
    default: true
    toConsul: true
    toK8S: true
metrics:
    enabled: true
prometheus:
    enabled: true
ui:
    enabled: true
    service:
        type: NodePort
        nodePort:
            https: 30084
server:
    replicas: 1
    securityContext:
        runAsNonRoot: false
        runAsUser: 0
    extraVolumes:
        - type: secret
          name: consul-federation
          items:
              - key: serverConfigJSON
                path: config.json
          load: true
client:
    securityContext:
        runAsNonRoot: false
        runAsUser: 0

Topic		Replies	Views
How Local Mode in Mesh Gateway Works? Consul k8s , connect , consul	1	209	October 31, 2022
Getting started with mesh gateway issues Consul k8s , first-time-question	4	2272	February 14, 2022
Issue on mesh gateway (Vm) on wan federated consul cluster (k8s<->vm) Consul k8s , helm , consul	7	766	November 16, 2022
Multi-datacenter consul with kubernetes Consul k8s	7	758	March 29, 2020
Setting proxy defaults on secondary consul cluster Consul	1	468	June 5, 2021

Mesh Gateway federation woes!

Working helm values

Related topics