consul-k8s
consul-k8s copied to clipboard
hashicorp
[Chart] Configurable ADVERTISE_IP in the consul chart
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
- If you are interested in working on this issue or have submitted a pull request, please leave a comment.
Is your feature request related to a problem? Please describe.
We want out consul and nomad cluster to completely use public IP for our case
Feature Description
We need to expose our Consul Server Inside K8s Globally using {{ GetPublicIP }}, we need the ADVERTISE_IP inside env: section to configurable
Use Case(s)
Consul in K8s can be advertised using their Public IP Address
Contributions
Not sure
@kholisrag re https://github.com/hashicorp/consul-k8s/issues/951#issuecomment-1081491351 let's use this ticket to discuss.
can be advertised using their Public IP Address
The {{ GetPublicIP }} works by golang looking at the host information (in this case pod). Does the pod know the public ip you're trying to use? How would it figure out the public ip?
Currently We'te using an extrainitcontaoner, for our usecase to get the public ip
roughly something like :
extraInitContainers:
- command:
- /bin/bash
- -ec
- |
public_ipv4=$(curl http://169.254.169.254/latest/meta-data/public-ipv4)
consul_config_string="{\"advertise_addr\": \"${public_ipv4}\"}"
echo $consul_config_string | jq > /consul/userconfig/aws-public-advertise-ip.json
image: XXXXXXXXXX.dkr.ecr.us-west-2.amazonaws.com/YYYYYYYYY:1.Z.Z
name: aws-public-ip-detector
volumeMounts:
- mountPath: /consul/userconfig
name: userconfig-aws-public-ip
extraVolumes:
- load: true
name: aws-public-ip
type: emptyDir
@lkysow my problem is solved the consul helm template for server-statefulset edited to not specify the -advertise flag,
the load the json config from the containers
exec /usr/local/bin/docker-entrypoint.sh consul agent \
-advertise="${ADVERTISE_IP}" \ # <-- if I delete this flag, its automatically, load the below -config-dir=/consul/userconfig/aws-public-ip, but because this specified, and its hard to delete this flag from kustomize patch
-bind=0.0.0.0 \
-bootstrap-expect=3 \
-hcl='ca_file = "/consul/tls/ca/tls.crt"' \
-hcl='cert_file = "/consul/tls/server/tls.crt"' \
-hcl='key_file = "/consul/tls/server/tls.key"' \
-hcl='auto_encrypt = {allow_tls = true}' \
-hcl='verify_incoming_rpc = true' \
-hcl='verify_outgoing = true' \
-hcl='verify_server_hostname = true' \
-hcl='ports { https = 8501 }' \
-client=0.0.0.0 \
-config-dir=/consul/config \
-datacenter=dc1 \
-data-dir=/consul/data \
-domain=consul \
-encrypt="${GOSSIP_KEY}" \
-hcl="connect { enabled = true }" \
-hcl='telemetry { prometheus_retention_time = "1m" }' \
-ui \
-retry-join="${CONSUL_FULLNAME}-server-0.${CONSUL_FULLNAME}-server.${NAMESPACE}.svc:8301" \
-retry-join="${CONSUL_FULLNAME}-server-1.${CONSUL_FULLNAME}-server.${NAMESPACE}.svc:8301" \
-retry-join="${CONSUL_FULLNAME}-server-2.${CONSUL_FULLNAME}-server.${NAMESPACE}.svc:8301" \
-serf-lan-port=8301 \
-config-dir=/consul/userconfig/aws-public-ip \ # <-- this particular flag, will load the public advertise ip
-config-file=/consul/extra-config/extra-from-values.json \
-server
currently I'm looking at how I use helm post-render with kustomize, to not modify directly from consul helm chart official (upstream) but still no luck.
thats why, maybe when I open this before, our use case can included in the consul official helm chart...