Problem adding custom root cert and key for Consul Connect

Consul
1

Hi, I am trying to update the root cert and key. I have consul working in a kubernetes cluster.

I have the ca_config file as following:

{
  "Provider": "consul",
  "Config": {
    "LeafCertTTL": "72h",
    "PrivateKey": "-----BEGIN RSA PRIVATE KEY-----...",
    "RootCert": "-----BEGIN CERTIFICATE-----...",
    "IntermediateCertTTL": "8760h"
  },
  "ForceWithoutCrossSigning": false
}

When I run the following command the CA is not getting updated.

kubectl exec -it consul-server-1 -- curl PUT --data @ca_config.json http://127.0.0.1:8500/v1/connect/ca/configuration

I get the following error:

Warning: Couldn't read data from file "ca_config.json", this makes an empty
Warning: POST.
Bad request: Request decode failed: EOF
2

Hi @zara.butt,

curl is attempting to read /ca_config.json from within the Consul server pod. Based on the error you’re receiving, this file does not exist. I assume that the file actually exists locally on your machine, in which case you have two options to resolve this.

  1. Copy the file to the pod before running the curl command.
    $ kubectl cp ca_config.json consul-server-1:/home/consul/ca_config.json
$ kubectl exec -it consul-server-1 -- curl --request PUT --data @/home/consul/ca_config.json --url $CONSUL_HTTP_ADDR/v1/connect/ca/configuration
  2. Use kubectl port-forward to expose port 8500 locally, and then execute the curl command directly from your machine.
    $ kubectl port-forward hashicorp-consul-server-1 8500
Forwarding from 127.0.0.1:8500 -> 8500
Forwarding from [::1]:8500 -> 8500
    In another terminal, execute the curl command.
    $ curl --request PUT --data @ca_config.json --url http://localhost:8500/v1/connect/ca/configuration
3

Thank you :slight_smile:
Can you also provide some information about this issue: Cannot access Consul Ingress Gateway Debug Logs. I am unable to access http logs of consul ingress gateway while federating it with another service mesh.