Q: how to configure httproute with consul apigateway for statefulset?

slououou · March 20, 2025, 11:03am

I’m trying to expose a service with sts as backends through consul api-gateway.
The httproute looks like below(Note: the service is NOT headless):

apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
  name: route-web
  namespace: default
spec:
  parentRefs:
  - name: api-gateway
    namespace: default
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /web
    backendRefs:
    - name: web
      namespace: default
      port: 80

After creation, I can see the debug log in api-gateway pod that those endpoints were added:

2025-03-20T10:29:53.368Z+00:00 [debug] envoy.upstream(17) initializing Secondary cluster web-0.web.default.dc1.internal.bdba5437-e105-7b01-0e46-7b94aabbca88.consul completed
2025-03-20T10:29:53.368Z+00:00 [debug] envoy.upstream(17) warming cluster web-0.web.default.dc1.internal.bdba5437-e105-7b01-0e46-7b94aabbca88.consul complete
2025-03-20T10:29:53.368Z+00:00 [debug] envoy.upstream(24) adding TLS cluster web-0.web.default.dc1.internal.bdba5437-e105-7b01-0e46-7b94aabbca88.consul
2025-03-20T10:29:53.369Z+00:00 [debug] envoy.upstream(24) membership update for TLS cluster web-0.web.default.dc1.internal.bdba5437-e105-7b01-0e46-7b94aabbca88.consul added 1 removed 0
2025-03-20T10:29:53.369Z+00:00 [debug] envoy.upstream(17) adding TLS cluster web-0.web.default.dc1.internal.bdba5437-e105-7b01-0e46-7b94aabbca88.consul
2025-03-20T10:29:53.369Z+00:00 [debug] envoy.upstream(17) membership update for TLS cluster web-0.web.default.dc1.internal.bdba5437-e105-7b01-0e46-7b94aabbca88.consul added 1 removed 0
2025-03-20T10:29:53.369Z+00:00 [debug] envoy.upstream(17) EDS hosts or locality weights changed for cluster: web-2.web.default.dc1.internal.bdba5437-e105-7b01-0e46-7b94aabbca88.consul current hosts 0 priority 0
2025-03-20T10:29:53.369Z+00:00 [debug] envoy.upstream(17) initializing Secondary cluster web-2.web.default.dc1.internal.bdba5437-e105-7b01-0e46-7b94aabbca88.consul completed
2025-03-20T10:29:53.369Z+00:00 [debug] envoy.upstream(17) warming cluster web-2.web.default.dc1.internal.bdba5437-e105-7b01-0e46-7b94aabbca88.consul complete
2025-03-20T10:29:53.369Z+00:00 [debug] envoy.upstream(24) adding TLS cluster web-2.web.default.dc1.internal.bdba5437-e105-7b01-0e46-7b94aabbca88.consul
2025-03-20T10:29:53.369Z+00:00 [debug] envoy.upstream(24) membership update for TLS cluster web-2.web.default.dc1.internal.bdba5437-e105-7b01-0e46-7b94aabbca88.consul added 1 removed 0
2025-03-20T10:29:53.369Z+00:00 [debug] envoy.upstream(17) adding TLS cluster web-2.web.default.dc1.internal.bdba5437-e105-7b01-0e46-7b94aabbca88.consul
2025-03-20T10:29:53.369Z+00:00 [debug] envoy.upstream(17) membership update for TLS cluster web-2.web.default.dc1.internal.bdba5437-e105-7b01-0e46-7b94aabbca88.consul added 1 removed 0
2025-03-20T10:29:53.369Z+00:00 [debug] envoy.upstream(17) EDS hosts or locality weights changed for cluster: web-1.web.default.dc1.internal.bdba5437-e105-7b01-0e46-7b94aabbca88.consul current hosts 0 priority 0
2025-03-20T10:29:53.369Z+00:00 [debug] envoy.upstream(17) initializing Secondary cluster web-1.web.default.dc1.internal.bdba5437-e105-7b01-0e46-7b94aabbca88.consul completed
2025-03-20T10:29:53.369Z+00:00 [debug] envoy.upstream(17) warming cluster web-1.web.default.dc1.internal.bdba5437-e105-7b01-0e46-7b94aabbca88.consul complete
2025-03-20T10:29:53.370Z+00:00 [debug] envoy.upstream(24) adding TLS cluster web-1.web.default.dc1.internal.bdba5437-e105-7b01-0e46-7b94aabbca88.consul
2025-03-20T10:29:53.370Z+00:00 [debug] envoy.upstream(24) membership update for TLS cluster web-1.web.default.dc1.internal.bdba5437-e105-7b01-0e46-7b94aabbca88.consul added 1 removed 0

But when I try to access them through api-gateway, it return 503:

curl <hostnames>/web -v
...
< HTTP/1.1 503 Service Unavailable
...

and api-gateway shows:

2025-03-20T10:59:34.712Z+00:00 [debug] envoy.router(24) [Tags: "ConnectionId":"794","StreamId":"14524182312023257848"] unknown cluster 'web.default.dc1.internal.bdba5437-e105-7b01-0e46-7b94aabbca88.consul'
2025-03-20T10:59:37.086Z+00:00 [debug] envoy.router(24) [Tags: "ConnectionId":"790","StreamId":"14889386892784192465"] unknown cluster 'web.default.dc1.internal.bdba5437-e105-7b01-0e46-7b94aabbca88.consul'

I’ve tried to create backends of service as deployment, it works fine.
So I guess it require a different configuration for sts. Does anyone know what it would be look like?

Topic		Replies	Views
Kubernetes with consul and api-gateway Consul consul-api-gateway	2	483	November 1, 2022
Is it possible to Create HttpRoute With External Service As Backend? Consul consul-api-gateway	9	773	March 19, 2024
API Gateway unable to add or remove HTTPRoutes HCP Consul k8s , consul-api-gateway	0	1064	August 2, 2022
Ingress Gateways, API Gateways, Terminating Gateways Consul	2	18	November 12, 2024
Consul-ui through consul api gateway Consul k8s , consul-api-gateway	3	1387	March 11, 2022

Q: how to configure httproute with consul apigateway for statefulset?

Related topics