I have a restricted environment in which we have to install consul based services (basically porting aws environment where we rely on Consul for everything, into customers on-prem, which allows only ports 443 and TLS communication across all his VMs), but since Consul requires 8300, 8301, 8600, it seems like an impossible task.
Maybe someone has ideas on how is it possible to run Consul based infra and services over 443 only?
I was thinking about utilizing the service mesh, Envoy based, for our application itself. But in order for service mesh to work, consul agents and masters have to connect first, but if they’ll grab the 443 for their connection, how Envoy would listen on this port then, for the mesh purposes and the applications connections. Some chicken and egg problem… if only I was able to setup a mesh and then put consul to work over that mesh - but I need consul to manage the Envoys … tricky stuff… Is overlay network the only way? (organizing the overlay using some Weave or Calico, and running Consul and all other parts on top of it, but then it’s like building half-kubernetes from scratch, reinvent the wheel)