From 46748ded373f30143e20ad4bcd7932e7517822a2 Mon Sep 17 00:00:00 2001 From: Vipin John Wilson <37441623+vjwilson1987@users.noreply.github.com> Date: Sat, 25 Feb 2023 18:33:07 +0000 Subject: [PATCH 1/4] backport of commit 9dc24ffd1bf307c40cea44cd3bc294939a1532a7 --- .../single-dc-multi-k8s.mdx | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx b/website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx index b9694b391250..3390b18bfc1d 100644 --- a/website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx +++ b/website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx @@ -50,6 +50,17 @@ global: gossipEncryption: secretName: consul-gossip-encryption-key secretKey: key +server: + exposeService: + enabled: true + type: NodePort + nodePort: + ## all are random nodePorts and you can set your own + http: 30010 + https: 30011 + serf: 30012 + rpc: 30013 + grpc: 30014 ui: service: type: NodePort @@ -65,6 +76,9 @@ The UI's service type is set to be `NodePort`. This is needed to connect to servers from another cluster without using the pod IPs of the servers, which are likely going to change. +The other services, especially grpc is also set to be `NodePort` with a random nodePort. Here, it chose 30014. +This is needed to discover the consul servers using gRPC when connecting from another cluster. + To deploy, first generate the Gossip encryption key and save it as a Kubernetes secret. ```shell-session @@ -123,6 +137,8 @@ externalServers: hosts: ["10.0.0.4"] # The node port of the UI's NodePort service or the load balancer port. httpsPort: 31557 + # The GRPC port of the Consul servers(first cluster). + grpcPort: 30014 tlsServerName: server.dc1.consul # The address of the kube API server of this Kubernetes cluster k8sAuthMethodHost: https://kubernetes.example.com:443 @@ -147,6 +163,8 @@ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE cluster1-consul-ui NodePort 10.0.240.80 443:31557/TCP 40h ``` +The `grpcPort: 30014` refers to the grpc nodePort set in the first cluster. + Set the `externalServer.tlsServerName` to `server.dc1.consul`. This the DNS SAN (Subject Alternative Name) that is present in the Consul server's certificate. This is required because the connection to the Consul servers uses the node IP, From 1aa5176c5511e3d6c021303f1c488eb814abf9f6 Mon Sep 17 00:00:00 2001 From: Vipin John Wilson <37441623+vjwilson1987@users.noreply.github.com> Date: Sat, 4 Mar 2023 03:39:54 +0000 Subject: [PATCH 2/4] backport of commit 2fa4ae4d6af084c2ce49316ccadf215a455a90b9 --- .../docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx b/website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx index 3390b18bfc1d..d8f1a5d8ce84 100644 --- a/website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx +++ b/website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx @@ -76,8 +76,7 @@ The UI's service type is set to be `NodePort`. This is needed to connect to servers from another cluster without using the pod IPs of the servers, which are likely going to change. -The other services, especially grpc is also set to be `NodePort` with a random nodePort. Here, it chose 30014. -This is needed to discover the consul servers using gRPC when connecting from another cluster. +Other services are exposed as `NodePort` services and configured with random port numbers. In this example, the `grpc` port is set to `30014`, which enables services to discover Consul servers using gRPC when connecting from another cluster. To deploy, first generate the Gossip encryption key and save it as a Kubernetes secret. From 039c8971c1f305311fa9341290b932529947a12b Mon Sep 17 00:00:00 2001 From: Vipin John Wilson <37441623+vjwilson1987@users.noreply.github.com> Date: Sat, 4 Mar 2023 03:40:14 +0000 Subject: [PATCH 3/4] backport of commit 7cccb2e1fe058a5d05f62be59452d4405963120b --- .../docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx b/website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx index d8f1a5d8ce84..050b010d978f 100644 --- a/website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx +++ b/website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx @@ -136,7 +136,7 @@ externalServers: hosts: ["10.0.0.4"] # The node port of the UI's NodePort service or the load balancer port. httpsPort: 31557 - # The GRPC port of the Consul servers(first cluster). + # Matches the gRPC port of the Consul servers in the first cluster. grpcPort: 30014 tlsServerName: server.dc1.consul # The address of the kube API server of this Kubernetes cluster From 5eb67ec997aaa8f08d367042bab57cadebec3656 Mon Sep 17 00:00:00 2001 From: Vipin John Wilson <37441623+vjwilson1987@users.noreply.github.com> Date: Sat, 4 Mar 2023 03:40:28 +0000 Subject: [PATCH 4/4] backport of commit 1442c12573c4473590f9225ceb29d89edf4c2fa1 --- .../docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx b/website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx index 050b010d978f..46fc2228016a 100644 --- a/website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx +++ b/website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx @@ -162,7 +162,7 @@ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE cluster1-consul-ui NodePort 10.0.240.80 443:31557/TCP 40h ``` -The `grpcPort: 30014` refers to the grpc nodePort set in the first cluster. +The `grpcPort: 30014` configuration refers to the gRPC port number specified in the `NodePort` configuration in the first cluster. Set the `externalServer.tlsServerName` to `server.dc1.consul`. This the DNS SAN (Subject Alternative Name) that is present in the Consul server's certificate.