WAN Federation Mesh Gateway could not resolve host issue

Roxyrob · October 31, 2024, 1:10am

I configured WAN Federation with Mesh Gateway on kubernetes following this Hashicorp link .

I was able to connect from serviceA in dc1 to serviceB in dc2 defining upstream annotation on serviceA:

'consul.hashicorp.com/connect-service-upstreams': **'serviceB.svc.dc2.dc**:12345'

and using localhost:12345 (sidecar proxy).

But I can’t make it to work with “transparent proxy” commenting upstream configuration and using ServiceResolver (e.g. failover).

I tried lot of serviceB dns names but all returns:

curl: (6) Could not resolve host: serviceB
command terminated with exit code 6

As Cross-Datacenter dns resolution (Consul DNS lookups across WAN-federated datacenters) is not working as stated here.

A sample objective is to deploy serviceA in dc1 and deploy serviceB in dc1 and dc2, allowing serviceA to use serviceB in dc1 with failover (ServiceResolver) to serviceB in dc2 if ServiceB in dc1 is down ?

Roxyrob · November 6, 2024, 8:56am

I found a workaround, setting specific upstream for each datacenter:

For dc1:
ServiceA with this upstream:
‘consul.hashicorp.com/connect-service-upstreams’: ‘serviceB.svc.dc1.dc:12345’
ServiceB

For dc2:
ServiceA with this upstream:
‘consul.hashicorp.com/connect-service-upstreams’: ‘serviceB.svc.dc2.dc:12345’
ServiceB

and defining a ServiceRecolver like this:

apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceResolver
metadata:
  name: serviceb
  namespace: consul
spec:
  connectTimeout: 10s
  failover:
    '*':
      targets:
      - datacenter: "dc1"
      - datacenter: "dc2"

and executing in this 2 serviceA the command curl “http://localhost:12345”:

serviceA in dc1 will point by default to serviceB in dc1
serviceA in dc2 will point by default to serviceB in dc2.

If serviceB in one of the dc goes down, serviceA in that dc will automatically failover to serviceB in the other dc. This is ok !

But if I remove upstreams and try to resolve serviceB using “Transparent Proxy” (pointing to: “serviceB.virtual.consul”) i get intermittent resolution:

Right response from serviceB (also respecting cross-dc ServiceResolver rule)
curl: (6) Could not resolve host: serviceB
command terminated with exit code 6

What I’m missing ?

Ranjandas · November 7, 2024, 12:51am

Hi @Roxyrob,

The error you are getting seems to be due to name resolution issues. Are you using alpine container for serviceA? Could you switch to a non-alpine container and see if you still have intermittent resolution issues?

Some versions of Alpine have issues with DNS. docker-alpine/docs/caveats.md at master · gliderlabs/docker-alpine · GitHub

This seems to have been fixed in later releases. But it is better to try with a non-alpine image to rule out whether it is causing the issue.

Topic		Replies	Views
Connecting a distributed service across a WAN federated Consul Cluster Consul	1	221	June 12, 2024
Consul DNS to reach cross-datacenter Consul	2	911	August 21, 2020
Unable to connect services between datacenters despite working mesh gateways Consul	2	369	August 30, 2021
Issue connecting to services in remote dc when using federated consul cluster Consul	2	323	April 7, 2022
Mesh Gateway federation woes! Consul k8s , helm	7	1277	February 15, 2022

WAN Federation Mesh Gateway could not resolve host issue

Related topics