Consul
Deploy Consul on Minikube
This topic describes how to create a local Kubernetes cluster with minikube
, and deploy a Consul datacenter to your minikube
cluster. After deploying Consul, you will interact with Consul using the CLI, UI, and/or API.
Requirements
To deploy Consul on Minikube, you will need:
Create a Minikube cluster
The following command will create a Kubernetes cluster with minikube
that sets the cluster name to dc1
, uses 4GB of memory, and specifies a Kubernetes version of v1.22.0
.
$ minikube start --profile dc1 --memory 4096 --kubernetes-version=v1.22.0
😄 minikube v1.28.0 on Darwin 12.6
🎉 minikube 1.25.3 is available! Download it: https://github.com/kubernetes/minikube/releases/tag/v1.25.1
💡 To disable this notice, run: 'minikube config set WantUpdateNotification false'
✨ Automatically selected the docker driver. Other choices: hyperkit, virtualbox
👍 Starting control plane node minikube in cluster minikube
🔥 Creating docker container (CPUs=2, Memory=4096MB) ...
🐳 Preparing Kubernetes v1.22.0 on Docker 20.10.0 ...
▪ Generating certificates and keys ...
▪ Booting up control plane ...
▪ Configuring RBAC rules ...
🔎 Verifying Kubernetes components...
🌟 Enabled addons: storage-provisioner, default-storageclass
🏄 Done! kubectl is now configured to use "dc1" cluster and "default" namespace by default
Refer to the minikube documentation for information about how to specify additional cluster parameters.
Deploy Consul
You can deploy a complete Consul datacenter using the official Consul Helm chart or the Consul K8S CLI. The chart comes with reasonable defaults, however, you will override a few values to integrate more easily with minikube
and enable useful features. You can review the Consul Kubernetes installation documentation to learn more about these installation options.
Create a values file
To customize your deployment, create a values.yaml
file to customization your Consul deployment.
values.yaml
# Contains values that affect multiple components of the chart.
global:
# The main enabled/disabled setting.
# If true, servers, clients, Consul DNS and the Consul UI will be enabled.
enabled: true
# The prefix used for all resources created in the Helm chart.
name: consul
# The name of the datacenter that the agents should register as.
datacenter: dc1
# Enables TLS across the cluster to verify authenticity of the Consul servers and clients.
tls:
enabled: true
# Enables ACLs across the cluster to secure access to data and APIs.
acls:
# If true, automatically manage ACL tokens and policies for all Consul components.
manageSystemACLs: true
# Configures values that configure the Consul server cluster.
server:
enabled: true
# The number of server agents to run. This determines the fault tolerance of the cluster.
replicas: 1
# Contains values that configure the Consul UI.
ui:
enabled: true
# Registers a Kubernetes Service for the Consul UI as a NodePort.
service:
type: NodePort
# Configures and installs the automatic Consul Connect sidecar injector.
connectInject:
enabled: true
Install Consul in your cluster
You can now deploy a complete Consul datacenter in your Kubernetes cluster using the official Consul Helm chart or the Consul K8S CLI.
Install Consul onto the kind cluster with consul-k8s
. Confirm the installation with a y
when prompted.
$ consul-k8s install -config-file=values.yaml -set global.image=hashicorp/consul:1.14.0
## ...
Proceed with installation? (y/N) y
Review the official Consul K8S CLI documentation to learn more about additional settings.
Verify the Consul resources were successfully created.
$ kubectl get pods --namespace consul
NAME READY STATUS RESTARTS AGE
consul-connect-injector-6fc8d669b8-2n82l 1/1 Running 0 2m34s
consul-connect-injector-6fc8d669b8-9mqfm 1/1 Running 0 2m34s
consul-controller-554c7f79c4-2xc64 1/1 Running 0 2m34s
consul-server-0 1/1 Running 0 2m34s
consul-webhook-cert-manager-64889c4964-wxc9b 1/1 Running 0 2m34s
Configure your CLI to interact with Consul cluster
In this section, you will set environment variables in your terminal so your Consul CLI can interact with your Consul cluster. The Consul CLI reads these environment variables for behavior defaults and will reference these values when you run consul
commands.
Tokens are artifacts in the ACL system used to authenticate users, services, and Consul agents. Since ACLs are enabled in this Consul datacenter, entities requesting access to a resource must include a token that is linked with a policy, service identity, or node identity that grants permission to the resource. The ACL system checks the token and grants or denies access to resources based on the associated permissions. A bootstrap token has unrestricted privileges to all resources and APIs.
Retrieve the ACL bootstrap token from the respective Kubernetes secret and set it as an environment variable.
$ export CONSUL_HTTP_TOKEN=$(kubectl get --namespace consul secrets/consul-bootstrap-acl-token --template={{.data.token}} | base64 -d)
Set the Consul destination address. By default, Consul runs on port 8500
for http
and 8501
for https
.
$ export CONSUL_HTTP_ADDR=https://127.0.0.1:8501
Remove SSL verification checks to simplify communication to your Consul cluster.
$ export CONSUL_HTTP_SSL_VERIFY=false
Note
In a production environment, we recommend keeping this SSL verification set to true
. Only remove this verification for if you have a Consul cluster without TLS configured in development environment and demonstration purposes.
View Consul services
In this section, you will view your Consul services with the CLI, UI, and/or API to explore the details of your service mesh.
Open a separate terminal window and expose the Consul server with kubectl port-forward
using the consul-ui
service name as the target.
$ kubectl port-forward svc/consul-ui --namespace consul 8501:443
In your original terminal, run the CLI command consul catalog services
to return the list of services registered in Consul. Notice this returns only the consul
service since it is the only running service in your Consul cluster.
$ consul catalog services
consul
Agents run in either server or client mode. Server agents store all state information, including service and node IP addresses, health checks, and configuration. Client agents are lightweight processes that make up the majority of the datacenter. They report service health status to the server agents. Clients must run on every pod where services are running.
Run the CLI command consul members
to return the list of Consul agents in your environment.
$ consul members
Node Address Status Type Build Protocol DC Partition Segment
consul-server-0 10.244.0.12:8301 alive server 1.14.0 2 dc1 default <all>
All services listed in your Consul catalog are empowered with Consul's service discovery capabilities that simplify scalability challenges and improve application resiliency. Review the Service Discovery overview page to learn more.
Clean up
Run minikube delete
to clean up your local demo environment.
$ minikube delete --profile dc1
🔥 Deleting "dc1" in docker ...
🔥 Deleting container "dc1" ...
🔥 Removing /Users/consul-user/.minikube/machines/dc1 ...
💀 Removed all traces of the "dc1" cluster.