I’m struggling with getting a service deployed via the Consul Ingress Gateway. I’ve followed the guides but i still cant hit the service from outside of the cluster via a NodePort.
I’ve deployed an IngressGateway, ServiceDefaults, Service, ServiceAccount and then a Kubernetes deployment with annotations to inject Envoy proxy.
I’ve setup the consul-ingress-gateway as a NodePort so i can reach it from outside of the cluster.
This is my understanding of the flow:
Hit the ingress gateway via a node port 30060 which will then send the traffic to the ingress gateway on port 8080. The ingress gateway will then send the traffic to the service called my-lab on port 8080 which then send the traffic to the down stream pods on port 3000 via the Envoy proxy/sidecar.
I get an 404 at the moment. Not sure what i’ve missed.
Anyone any suggestions or pointers?
Many thanks
These are my config files
global:
name: consul
datacenter: dc1
# the hashout items below was causing the cert-manager pod from starting
# image: hashicorp/consul:1.10.1
# imageEnvoy: envoyproxy/envoy:v1.18.3
# imageK8S: hashicorp/consul-k8s:0.26.0
gossipEncryption:
secretName: "consul-gossip-encryption-key"
secretKey: "key"
tls:
enabled: true
enableAutoEncrypt: true
verify: true
acls:
manageSystemACLs: true
enabled: true
default_policy: "deny"
enable_token_persistence: true
# metrics:
# enabled: true
# enableAgentMetrics: true
client:
enabled: true
grpc: true
server:
replicas: 1
ui:
enabled: true
service:
type: 'NodePort'
connectInject:
enabled: true
default: true
controller:
enabled: true
prometheus:
enabled: true
grafana:
enabled: true
connect:
enabled: true
ingressGateways:
enabled: true
defaults:
replicas: 1
service:
type: "NodePort"
ports:
- port: 8080
nodePort: 30060
- port: 8443
nodePort: 30061
gateways:
- name: "ingress-gateway"
apiVersion: consul.hashicorp.com/v1alpha1
kind: IngressGateway
metadata:
name: ingress-gateway
spec:
listeners:
- port: 8080
protocol: http
services:
- name: my-lab
---
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceIntentions
metadata:
name: my-lab
spec:
destination:
name: my-lab
sources:
- name: ingress-gateway
action: allow
apiVersion: v1
kind: Service
metadata:
name: my-lab
spec:
selector:
app: my-lab
ports:
- protocol: TCP
port: 8080
targetPort: 3000
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: my-lab
#automountServiceAccountToken: true
---
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceDefaults
metadata:
name: my-lab
spec:
protocol: "http"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-lab
spec:
replicas: 2
selector:
matchLabels:
service: my-lab
app: my-lab
template:
metadata:
labels:
app: my-lab
service: my-lab
annotations:
consul.hashicorp.com/connect-inject: "true"
#consul.hashicorp.com/connect-service-upstreams: "public-api:8080"
consul.hashicorp.com/enable-metrics-merging: "false"
spec:
serviceAccountName: my-lab
containers:
- name: my-lab
image: grichardson661/test-image-v1:1
ports:
- containerPort: 3000