Minikube - Consul Ingress Gateway

grichardson661 · September 20, 2021, 11:49am

I’m struggling with getting a service deployed via the Consul Ingress Gateway. I’ve followed the guides but i still cant hit the service from outside of the cluster via a NodePort.

I’ve deployed an IngressGateway, ServiceDefaults, Service, ServiceAccount and then a Kubernetes deployment with annotations to inject Envoy proxy.

I’ve setup the consul-ingress-gateway as a NodePort so i can reach it from outside of the cluster.

This is my understanding of the flow:

Hit the ingress gateway via a node port 30060 which will then send the traffic to the ingress gateway on port 8080. The ingress gateway will then send the traffic to the service called my-lab on port 8080 which then send the traffic to the down stream pods on port 3000 via the Envoy proxy/sidecar.

I get an 404 at the moment. Not sure what i’ve missed.

Anyone any suggestions or pointers?

Many thanks

These are my config files

global:
  name: consul
  datacenter: dc1
# the hashout items below was causing the cert-manager pod from starting
#  image: hashicorp/consul:1.10.1
#  imageEnvoy: envoyproxy/envoy:v1.18.3
#  imageK8S: hashicorp/consul-k8s:0.26.0
  gossipEncryption:
    secretName: "consul-gossip-encryption-key"
    secretKey: "key"
  tls:
    enabled: true
    enableAutoEncrypt: true
    verify: true
  acls:
    manageSystemACLs: true
    enabled: true
    default_policy: "deny"
    enable_token_persistence: true
#  metrics:
#    enabled: true
#    enableAgentMetrics: true
client:
  enabled: true
  grpc: true
server:
  replicas: 1
ui:
  enabled: true
  service:
    type: 'NodePort'
connectInject:
  enabled: true
  default: true
controller:
  enabled: true
prometheus:
  enabled: true
grafana:
  enabled: true
connect:
  enabled: true
ingressGateways:
  enabled: true
  defaults: 
    replicas: 1
    service:
      type: "NodePort"
      ports:
        - port: 8080
          nodePort: 30060
        - port: 8443
          nodePort: 30061
  gateways:
    - name: "ingress-gateway"

apiVersion: consul.hashicorp.com/v1alpha1
kind: IngressGateway
metadata:
  name: ingress-gateway
spec:
  listeners:
    - port: 8080
      protocol: http
      services:
        - name: my-lab
---

apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceIntentions
metadata:
  name: my-lab
spec:
  destination:
    name: my-lab
  sources:
    - name: ingress-gateway
      action: allow

apiVersion: v1
kind: Service
metadata:
  name: my-lab
spec:
  selector:
    app: my-lab
  ports:
    - protocol: TCP
      port: 8080
      targetPort: 3000
  
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: my-lab
#automountServiceAccountToken: true
---
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceDefaults
metadata:
  name: my-lab
spec:
  protocol: "http"
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-lab
spec:
  replicas: 2
  selector:
    matchLabels:
      service: my-lab
      app: my-lab
  template:
    metadata:
      labels:
        app: my-lab
        service: my-lab
      annotations:
        consul.hashicorp.com/connect-inject: "true"
        #consul.hashicorp.com/connect-service-upstreams: "public-api:8080"
        consul.hashicorp.com/enable-metrics-merging: "false"
    spec:
      serviceAccountName: my-lab
      containers:
      - name: my-lab
        image: grichardson661/test-image-v1:1
        ports:
        - containerPort: 3000

grichardson661 · September 20, 2021, 1:03pm

This is the guide i followed - Ingress Gateways - Kubernetes | Consul by HashiCorp but i’m using Minikube so exposed the ingress-gateway via NodePort in the values.yaml file.

grichardson661 · September 20, 2021, 2:59pm

It looks like my configuration was fine.

I was looking around the Consul UI and i noticed under Services > Ingress-Gateway > Upstreams my deployment was listed with a domain:port http://my-lab.ingress.dc1.consul:8080. I created a local hosts entry for this domain and managed to hit the deployment via the NodePort:30060.

Does anyone know if there is anyway to pull this domain from Kube?

Cheers
Garry

lkysow · September 20, 2021, 4:15pm

You could also set hosts to localhost so you can curl localhost:<nodeport>

apiVersion: consul.hashicorp.com/v1alpha1
kind: IngressGateway
metadata:
  name: ingress-gateway
spec:
  listeners:
    - port: 8080
      protocol: http
      services:
        - name: my-lab
          hosts: ["localhost"]

grichardson661 · September 20, 2021, 8:25pm

Thanks, will have a look at that

Topic		Replies	Views
Deploy Consul on Kubernetes guide trouble. Unreachable nodeport api gateway Consul k8s	3	102	March 3, 2025
Service discovery for services with ingress Consul	0	250	November 18, 2022
IngressGateway: listenerPort vs containerPort question Consul k8s	2	481	May 3, 2021
Consul on K8S, connecting an external consul client via NodePort Consul k8s , consul	1	945	January 28, 2023
Registration of services in the Consul via inject side-car with ExternalIP Ingress Controller Consul k8s	2	774	December 13, 2019

Minikube - Consul Ingress Gateway

Related topics