Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to expose Consul UI with API Gateway and HTTPRoute? #3653

Open
PavelPikat opened this issue Feb 18, 2024 · 0 comments
Open

How to expose Consul UI with API Gateway and HTTPRoute? #3653

PavelPikat opened this issue Feb 18, 2024 · 0 comments
Labels
type/question Question about product, ideally should be pointed to discuss.hashicorp.com

Comments

@PavelPikat
Copy link

Question

I installed Consul Helm chart v1.3.3 in my cluster and enabled UI with ClusterIP (I am using Cloudflare with Tunnels so don't need LoadBalancer with real IPs).
I now want to expose UI to the Internel on DNS something like consul.mydomain.com, and for that I added Gateway resource with HTTP listener and HTTPRoute with hostnames and backendRefs. It looks like this:

apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
  name: api-gateway
  namespace: consul
spec:
  gatewayClassName: consul
  listeners:
  - protocol: HTTP 
    port: 80
    name: http
    allowedRoutes:
      namespaces:
        from: All
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
  name: route-consul-ui
spec:
  hostnames:
    - consul.mydomain.com
  parentRefs:
    - name: api-gateway
      namespace: consul
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: /
      backendRefs:
        - kind: Service
          name: consul-ui
          namespace: consul
          port: 80

However, it looks like Consul can't route traffic to a Service if that service is not registered on Consul service catalog, but I am not sure how I register consul Pods in the catalog when the Helm chart excplicitly set annotation on them to disable injector (I guess for a reason, we don't want to inject side to consul server pods).

Okay, so I thought if I can't inject sidecar to consul server pods, then maybe I can register consul-ui Service in Consul catalog directly, by using syncCatalog. I enabled that in the Helm chart and added annotation to the ui:

      ui:
        enabled: true
        # Registers a Kubernetes Service for the Consul UI as a LoadBalancer.
        service:
          enabled: true
          type: ClusterIP
          port:
            http: 80
          annotations: |
            'consul.hashicorp.com/service-sync': 'true'
            'consul.hashicorp.com/service-port': 'http'

This resulted in the new Consul service appearing in the UI called consul-ui-consul. Not sure how I target that in my HTTPRoute though?
Any help would be appreciated.

It's probably worth noting that I am coming from Istio, where routing traffic to services & pods that don't have sidecars is working out of the box by simply adding VirtualService resource. I thought it would be similar with Consul where I could simply add HTTPRoute?

CLI Commands (consul-k8s, consul-k8s-control-plane, helm)

Helm Configuration

Logs

Current understanding and Expected behavior

Environment details

Additional Context
@PavelPikat PavelPikat added the type/question Question about product, ideally should be pointed to discuss.hashicorp.com label Feb 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/question Question about product, ideally should be pointed to discuss.hashicorp.com
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@PavelPikat