Deploy Consul on Kubernetes
Consul is a service networking solution that lets you manage secure network connectivity between services and across on-prem and multi-cloud environments and runtimes. Consul offers service discovery, service mesh, traffic management, and automated updates to network infrastructure device. Check out the What is Consul? page to learn more.
In this tutorial, you will deploy a Consul datacenter onto a Kubernetes cluster. After deploying Consul, you will interact with Consul using the UI and CLI.
In the following tutorials, you will deploy a demo application and integrate it with Consul service mesh, allow external traffic into the service mesh, and enhance your service's observability.
In this tutorial, you will:
- Create a local Kubernetes cluster using
kind
- Install Consul using Helm or the Consul K8S CLI
- Configure your terminal to communicate with the Consul cluster
- View Consul services with the CLI, UI, and/or API
Prerequisites
For this tutorial, you will need:
- consul >= 1.14.0
- consul-k8s >= 1.0.0
- docker >= 20.0
- git >= 2.0
- helm >= 3.0
- kind <= 0.24.x
- kubectl <= 1.24
Clone GitHub repository
Clone the GitHub repository containing the configuration files and resources.
Change into the directory with the newly cloned repository.
Change into the directory that contains the complete configuration files for this tutorial.
Create Kubernetes cluster
In this section, you will create a Kubernetes cluster with kind
that provides an environment for you to explore Consul service mesh functionality.
Create a new cluster with kind
.
βThen, configure kubectl
to interact with this cluster.
Review Consul server configuration
You will now review the Helm chart for deploying a Consul datacenter in your Kubernetes cluster using the consul-k8s
CLI or Helm installation methods.
To deploy Consul on Kubernetes, go directly to Deploy Consul.
Review helm/values-v1.yaml
. This file defines the Consul cluster you will deploy to Kubernetes. Review the comments in the file for an explanation of each parameter.
For a complete list of Helm chart parameters and configuration, refer to the Consul Helm chart documentation.
Deploy Consul datacenter
Deploy a Consul cluster to your Kubernetes environment with the Consul K8S CLI or Helm.
Install Consul to your Kubernetes cluster with the Consul K8S CLI. Confirm the run by entering y
.
Notice that the Consul K8s CLI installs Consul into the consul
namespace.
Refer to the Consul K8S CLI documentation to learn more about additional settings.
Configure your CLI to interact with Consul cluster
In this section, you will set environment variables in your terminal so your Consul CLI can interact with your Consul cluster. The Consul CLI reads these environment variables for behavior defaults and will reference these values when you run consul
commands.
Tokens are artifacts in the ACL system used to authenticate users, services, and Consul agents. Since ACLs are enabled in this Consul datacenter, entities requesting access to a resource must include a token that is linked with a policy, service identity, or node identity that grants permission to the resource. The ACL system checks the token and grants or denies access to resources based on the associated permissions. A bootstrap token has unrestricted privileges to all resources and APIs.
Retrieve the ACL bootstrap token from the respective Kubernetes secret and set it as an environment variable.
Set the Consul destination address. By default, Consul runs on port 8500
for http
and 8501
for https
.
Remove SSL verification checks to simplify communication to your Consul cluster.
Note: In a production environment, we recommend keeping this SSL verification set to true
. Only remove this verification for if you have a Consul cluster without TLS configured in development environment and demonstration purposes.
View Consul services
In this section, you will view your Consul services with the CLI, UI, and/or API to explore the details of your service mesh.
Open a separate terminal window and expose the Consul server with kubectl port-forward
using the consul-ui
service name as the target.
In your original terminal, run the CLI command consul catalog services
to return the list of services registered in Consul. Notice this returns only the consul
service since it is the only running service in your Consul cluster.
Agents run in either server or client mode. Server agents store all state information, including service and node IP addresses, health checks, and configuration. Client agents are lightweight processes that make up the majority of the datacenter. They report service health status to the server agents. Clients must run on every pod where services are running.
Run the CLI command consul members
to return the list of Consul agents in your environment.
All services listed in your Consul catalog are empowered with Consul's service discovery capabilities that simplify scalability challenges and improve application resiliency. Review the Service Discovery overview page to learn more.
Next Steps
In this tutorial, you deployed a Consul datacenter onto a Kubernetes cluster. After deploying Consul, you interacted with Consul using the CLI, UI, and API.
In the next tutorial, you will deploy HashiCups, a demo application, onto the Kubernetes cluster to explore how to use Consul service mesh for service-to-service traffic management.
For more information about the topics covered in this tutorial, refer to the following resources: