Mesh Gateway kubernetes pods can't register themselves to Consul Agent

nikfot · April 16, 2020, 7:13am

Hello,

I am running helm templates v19 on Kubernetes, with mesh containers enabled. My mesh configuration is:

meshGateway:
  enabled: true
  globalMode: local
  replicas: 2
  wanAddress:
 
    source: "Service"

    port: 8443

    static: ""

  # The service option configures the Service that fronts the Gateway Deployment.
  service:
    # Whether to create a Service or not.
    enabled: true

    # Type of service, ex. LoadBalancer, ClusterIP.
    type: ClusterIP

    # Port that the service will be exposed on.
    # The targetPort will be set to meshGateway.containerPort.
    port: 443

    nodePort: null

    annotations: null

    # Optional YAML string that will be appended to the Service spec.
    additionalSpec: null

  # Envoy image to use. For Consul v1.7+, Envoy version 1.13+ is required.
  imageEnvoy: envoyproxy/envoy:v1.13.0


  hostNetwork: true


  dnsPolicy: ClusterFirstWithHostNet
  consulServiceName: ""
  containerPort: 8443

  hostPort: 8443

  enableHealthChecks: true

  resources: |
    requests:
      memory: "128Mi"
      cpu: "250m"
    limits:
      memory: "256Mi"
      cpu: "500m"

  affinity: |
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        - labelSelector:
            matchLabels:
              app: {{ template "consul.name" . }}
              release: "{{ .Release.Name }}"
              component: mesh-gateway
          topologyKey: kubernetes.io/hostname

  # Optional YAML string to specify tolerations.
  tolerations: null

  # Optional YAML string to specify a nodeSelector config.
  nodeSelector: null

  # Optional priorityClassName.
  priorityClassName: ""

  # Annotations to apply to the mesh gateway deployment.
  # Example:
  #   annotations: |
  #     "annotation-key": "annotation-value"
  annotations: null

# Control whether a test Pod manifest is generated when running helm template.
# When using helm install, the test Pod is not submitted to the cluster so this
# is only useful when running helm template.
tests:
  enabled: true

As you may see I have set hostNetwork to true and DNSPolicy to ClusterFirstWithHostNet so that I can create a mesh with another consul cluster in different kubernetes.

When the service-init pod in MeshGateway deployment tries to register to consul agent I get:

Address “10.254.181.217” written to /tmp/address.txt successfully
Error registering service “mesh-gateway”: Put http://10.168.105.7:8500/v1/agent/service/register: dial tcp 10.168.105.7:8500: connect: connection refused

The 10.168… adress is the kubernetes worker adress and not the host address of the agent which would be 10.176…

Where should I do changes? On the service-init side or in the agent bind/advertise address/

lkysow · April 16, 2020, 10:49pm

Hi, what environment is your kube cluster running on? When you say

address is the kubernetes worker address and not the host address

can you explain exactly what that means? We use the status.hostIP value provided by the Kubernetes downward API (Expose Pod Information to Containers Through Files | Kubernetes).