Running Consul client in AKS , while Consul servers running in AWS


We have Consul servers cluster already running in AWS in EC2. Now, we are extending some services to run in Azure AKS. To secure service-to-service connection, we are about to deploy Consul client in AKS. As AKS endpoint is private, I am wondering if Consul server would be able to connect to AKS API (In Azure, private endpoint could be reached only from vnet where AKS are). I read somewhere that

k8sAuthMethodHost should be set to the address of your Kubernetes API server so that the Consul servers can validate a Kubernetes service account token when using the Kubernetes auth method with consul login

Is private AKS endpoint obstacle in AKS services integration with Consul cluster in AWS?
If it is, what would be solution for me then, to integrate AKS services with Consul server. Should I deploy another Consul cluster in AKS, and connect it somehow with existing in AWS?

Thank you!


What I realized just now, consul client running in kubernetes, in order to join Consul cluster running outside of kubernetes, has to be on sam LAN with Consul cluster. That’s another reason why consul client running in AKS can not join consul cluster in AWS side. That’s what docs says at least.

For that use-case it’s best to run separate consul datacenters in each kube cluster, i.e. separate consul server clusters.