Skip to content
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,17 @@ global:
gossipEncryption:
secretName: consul-gossip-encryption-key
secretKey: key
server:
exposeService:
enabled: true
type: NodePort
nodePort:
## all are random nodePorts and you can set your own
http: 30010
https: 30011
serf: 30012
rpc: 30013
grpc: 30014
ui:
service:
type: NodePort
Expand All @@ -65,6 +76,9 @@ The UI's service type is set to be `NodePort`.
This is needed to connect to servers from another cluster without using the pod IPs of the servers,
which are likely going to change.

The other services, especially grpc is also set to be `NodePort` with a random nodePort. Here, it chose 30014.
This is needed to discover the consul servers using gRPC when connecting from another cluster.

Comment thread
vjwilson1987 marked this conversation as resolved.
Outdated
To deploy, first generate the Gossip encryption key and save it as a Kubernetes secret.

```shell-session
Expand Down Expand Up @@ -123,6 +137,8 @@ externalServers:
hosts: ["10.0.0.4"]
# The node port of the UI's NodePort service or the load balancer port.
httpsPort: 31557
# The GRPC port of the Consul servers(first cluster).
Comment thread
vjwilson1987 marked this conversation as resolved.
Outdated
grpcPort: 30014
tlsServerName: server.dc1.consul
# The address of the kube API server of this Kubernetes cluster
k8sAuthMethodHost: https://kubernetes.example.com:443
Expand All @@ -147,6 +163,8 @@ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
cluster1-consul-ui NodePort 10.0.240.80 <none> 443:31557/TCP 40h
```

The `grpcPort: 30014` refers to the grpc nodePort set in the first cluster.
Comment thread
vjwilson1987 marked this conversation as resolved.
Outdated

Set the `externalServer.tlsServerName` to `server.dc1.consul`. This the DNS SAN
(Subject Alternative Name) that is present in the Consul server's certificate.
This is required because the connection to the Consul servers uses the node IP,
Expand Down