In this exercise you will learn the basics of running an application using Consul Service Mesh in Kubernetes. This example will use a local Kuberernetes cluster which has
Consul pre-configured using the tool Shipyard.
For more through walk through on how to run Consul on Kubernetes including setup and configuration of the Helm chart you can check out our Instruqt platform:
If you have not already installed
Shipyard, you can do that now with the following command:
curl https://shipyard.demo.gs/install.sh | bash
Once Shipyard has been installed you can use the command
yard up to create a Kubernetes cluster and install Consul. Normally this process takes around 1m to complete, however; it may take longer first run as
Shipyard needs to download and cache a few Docker images.
$ yard up _______. __ __ __ .______ ____ ____ ___ .______ _______ / || | | | | | | _ \ \ \ / / / \ | _ \ | \ | (----`| |__| | | | | |_) | \ \/ / / ^ \ | |_) | | .--. | \ \ | __ | | | | ___/ \_ _/ / /_\ \ | / | | | | .----) | | | | | | | | | | | / _____ \ | |\ \----.| .--. | |_______/ |__| |__| |__| | _| |__| /__/ \__\ | _| `._____||_______/ Version: 0.2.2 ## Creating K8s cluster in Docker and installing Consul #... ### Setup complete: To interact with Kubernetes set your KUBECONFIG environment variable export KUBECONFIG="$HOME/.shipyard/shipyard/kubeconfig.yml" Consul can be accessed at: http://localhost:8500 Kubernetes dashboard can be accessed at: http://localhost:8443 To expose Kubernetes pods or services use the 'yard expose' command. e.g. yard expose svc/myservice 8080 8080 When finished use "yard down" to cleanup and remove resources
NOTE: If you received an error about port 8500 already being allocated, double check that you have removed the resources created in the previous example.
If you have
kubectl installed you can set the environment variable
KUBECONFIG and then interact with the cluster as you would any kubernetes cluster.
$ export KUBECONFIG="$HOME/.shipyard/shipyard/kubeconfig.yml" $ kubectl get pods NAME READY STATUS RESTARTS AGE consul-consul-connect-injector-webhook-deployment-c46d9888s2497 1/1 Running 0 16m consul-consul-server-0 1/1 Running 0 16m consul-consul-mmz9z 1/1 Running 0 16m
If you do not have
kubectl, you can use
Shipyard's interactive shell. The interactive shell has
consul CLI, and many other tools pre-installed. By default when you run the interactive shell, your current working folder is mapped to the
$ yard tools ## Running tools container To expose service in Kubernetes to localhost use: port forwarding e.g. kubectl port-forward --address 0.0.0.0 svc/myservice 10000:80 Mapping ports 10000-10100 on localhost to 10000-10100 on container. Linking container --network k3d-shipyard Setting environment -e CONSUL_HTTP_ADDR=http://k3d-shipyard-server:30443 [email protected]:/work# ls consul_config docker-compose-final.yml docker-compose.yml server_config [email protected]:/work# kubectl get pods NAME READY STATUS RESTARTS AGE consul-consul-connect-injector-webhook-deployment-c46d9888s2497 1/1 Running 0 16m consul-consul-server-0 1/1 Running 0 16m consul-consul-mmz9z 1/1 Running 0 16m
The first application we would like to migrate to our new cluster is going to be our
Currency service. The first step is to get this installed on our Kubernetes cluster. The folder
examples/kubernetes contains the config file
currency.yaml. If you take a look at this file you will see that it has a single container defined and everything is standard to a deployment except the following lines:
annotations: "consul.hashicorp.com/connect-inject": "true"
Consul service mesh in Kubernetes runs an admission controller, the annotation
"consul.hashicorp.com/connect-inject": "true", informs the controller that this pod needs to be service mesh enabled. Before the pod is deployed the controller will modify it adding the dataplane. Let`s run the file and see the product of this.
➜ examples/kubernetes ➜ kubectl apply -f currency.yaml deployment.apps/currency created
You should see the new service running, note that there are
2/2 containers however the deployment only defined a single container. This is because the Consul admission controller has automatically modified your deployment to enable the service mesh.
➜ kubectl get pods NAME READY STATUS RESTARTS AGE consul-consul-connect-injector-webhook-deployment-c46d9888s2497 1/1 Running 0 37m consul-consul-server-0 1/1 Running 0 37m consul-consul-mmz9z 1/1 Running 0 37m currency-5b64b6c67c-76f8m 2/2 Running 0 4m55s
The service will automatically be registered with Consul, unlike dealing with VMs, the Kubernetes controller manages this whole process for you.
If you run
kubectl describe pod currency-your-id, you will see the additional container which has automatically been created.
kubectl describe pod currency-5b64b6c67c-76f8m #... Containers: currency: Container ID: containerd://6b76950a8beb3a3bb900bd03b7a6af079e2944af8048f4fd37787918a44b5f58 Image: nicholasjackson/fake-service:v0.7.8 Image ID: docker.io/nicholasjackson/[email protected]:2e41a8c8e94ea0318d67ce82ea12fca8dfec4d916ff9a34246bf26713d4d369f Port: 9090/TCP Host Port: 0/TCP State: Running Started: Tue, 29 Oct 2019 09:48:46 +0000 Ready: True Restart Count: 0 Environment: LISTEN_ADDR: 0.0.0.0:9090 NAME: currency (cloud) MESSAGE: currency response HTTP_CLIENT_KEEP_ALIVES: false Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-6jzl5 (ro) consul-connect-envoy-sidecar: Container ID: containerd://f1a477b3a6e627ced43a74c14cbd568fae101d51ec5f3f58df06cc3becbac04d Image: envoyproxy/envoy-alpine:v1.10.0 Image ID: sha256:0246380e4b703fd1f99605a8c31b288c088c078b80ee2de1d987ad819b06e1ec Port: <none> Host Port: <none> Command: envoy --max-obj-name-len 256 --config-path /consul/connect-inject/envoy-bootstrap.yaml State: Running Started: Tue, 29 Oct 2019 09:48:46 +0000 Ready: True Restart Count: 0 Environment: HOST_IP: (v1:status.hostIP) Mounts: /consul/connect-inject from consul-connect-inject-data (rw) /var/run/secrets/kubernetes.io/serviceaccount from default-token-6jzl5 (ro)
This information can also be accessed using the Kubernetes dashboard which is available at http://localhost:8443.
That is the end for this section, in the next section we are going to look at how we can connect our Consul datacenter running in VMs and the one we have running in Kubernetes. Before moving on to the next section, don’t forget to clean up your cluster.
➜ yard down _______. __ __ __ .______ ____ ____ ___ .______ _______ / || | | | | | | _ \ \ \ / / / \ | _ \ | \ | (----`| |__| | | | | |_) | \ \/ / / ^ \ | |_) | | .--. | \ \ | __ | | | | ___/ \_ _/ / /_\ \ | / | | | | .----) | | | | | | | | | | | / _____ \ | |\ \----.| .--. | |_______/ |__| |__| |__| | _| |__| /__/ \__\ | _| `._____||_______/ Version: 0.2.2 ## Stopping Kubernetes and cleaning resources INFO Removing cluster [shipyard] INFO ...Removing server INFO ...Removing docker image volume INFO Removed cluster [shipyard]
In this example we took a quick look at how we can run our applications with Consul service mesh on Kubernetes. In the next example we will see how we can join together VMs and Kubernetes clusters.