consul-api-gateway icon indicating copy to clipboard operation
consul-api-gateway copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

http-route does not support Consul cluster peering

Open vvarga007 opened this issue 1 year ago • 7 comments

http-route configuration entry does not support Consul cluster peering.

Feature Description

I would like to use the API gateway for imported services. Imported services via cluster peering. The documentation does not say anything about cluster peering.

Adding "Peer" directive would be nice, something like this:

Rules = [
      {
        Matches = [
          {
            Path = {
              Match = "prefix"
              Value = "/"
            }
          }
        ]
        Services = [
          {
            Name = "hashicups-frontend"
            Peer = "cluster-02"
          },
        ]
      },
]

vvarga007 avatar Aug 03 '23 19:08 vvarga007

Hi @vvarga007 :wave:

There are Kubernetes-specific instructions here for routing to a service in a peer. It requires the use of the MeshService CRD which allows you to specify which peer the service is imported from. Let me know if this gets you up and running 🎉

nathancoleman avatar Aug 07 '23 15:08 nathancoleman

@nathancoleman I don't use Kubernetes. I use Nomad.

vvarga007 avatar Aug 07 '23 15:08 vvarga007

I believe you can accomplish this in Consul today using a Service Resolver configuration entry and, more specifically, its ability to redirect to a peer. If hashicups-frontend is a service located in a peered cluster named my-peer, you would need the additional configuration that would look something like this:

Kind = "service-resolver"
Name = "hashicups-frontend"
Redirect {
  Service = "hashicups-frontend"
  Peer = "my-peer"
}

and then your http-route would remain

Rules = [
      {
        Matches = [
          {
            Path = {
              Match = "prefix"
              Value = "/"
            }
          }
        ]
        Services = [
          {
            Name = "hashicups-frontend"
          },
        ]
      },
]

Noting that you'll need intentions in place to allow this, as mentioned in the docs linked above.

Let me know if this is helpful for you or not. If you like, I can put together a config bundle of what I'm describing -- just let me know 😃

nathancoleman avatar Aug 09 '23 15:08 nathancoleman

Yes, it is possible with the service resolver, but I have to create a fake/virtual service. So let's say hashicups is running in DC1, and I want to spin up an ingress gw/api gw in DC2. The hashicups service is exported in DC1 and imported in DC2. To be able to set up a service resolver in DC2, I have to create a fake/virtual service. It would be great to do this without a virtual service and target a service through a peering connection.

vvarga007 avatar Aug 09 '23 16:08 vvarga007

Ah, I see your point. So this issue isn't so much that you can't accomplish the thing but more that it could be easier with some UX tweaks, right?

nathancoleman avatar Aug 09 '23 18:08 nathancoleman

Yes, it is more like a feature request.

vvarga007 avatar Aug 09 '23 18:08 vvarga007

@vvarga007 excellent! This repo will soon be marked deprecated as the api-gateway functionality has been integrated into hashicorp/consul and hashicorp/consul-k8s. Nothing required on your end, but a heads up that I expect this feature request to be migrated to the consul repo in the near-ish future.

nathancoleman avatar Aug 09 '23 19:08 nathancoleman