Kubernetes
In this exercise you will learn the basics of running an application using Consul Service Mesh in Kubernetes. This example will use a local Kuberernetes cluster which has Consul pre-configured using the tool Shipyard.
For more through walk through on how to run Consul on Kubernetes including setup and configuration of the Helm chart you can check out our Instruqt platform:
https://instruqt.com/hashicorp/tracks/service-mesh-with-consul-k8s
If you have not already installed Shipyard, you can do that now with the following command:
curl https://shipyard.demo.gs/install.sh | bash
Once Shipyard has been installed you can use the command yard up to create a Kubernetes cluster and install Consul. Normally this process takes around 1m to complete, however; it may take longer first run as Shipyard needs to download and cache a few Docker images.
$ yard up
_______. __ __ __ .______ ____ ____ ___ .______ _______
/ || | | | | | | _ \ \ \ / / / \ | _ \ | \
| (----`| |__| | | | | |_) | \ \/ / / ^ \ | |_) | | .--. |
\ \ | __ | | | | ___/ \_ _/ / /_\ \ | / | | | |
.----) | | | | | | | | | | | / _____ \ | |\ \----.| .--. |
|_______/ |__| |__| |__| | _| |__| /__/ \__\ | _| `._____||_______/
Version: 0.2.2
## Creating K8s cluster in Docker and installing Consul
#...
### Setup complete:
To interact with Kubernetes set your KUBECONFIG environment variable
export KUBECONFIG="$HOME/.shipyard/shipyard/kubeconfig.yml"
Consul can be accessed at: http://localhost:8500
Kubernetes dashboard can be accessed at: http://localhost:8443
To expose Kubernetes pods or services use the 'yard expose' command. e.g.
yard expose svc/myservice 8080 8080
When finished use "yard down" to cleanup and remove resources
NOTE: If you received an error about port 8500 already being allocated, double check that you have removed the resources created in the previous example.
Interacting with Kubernetes
If you have kubectl installed you can set the environment variable KUBECONFIG and then interact with the cluster as you would any kubernetes cluster.
$ export KUBECONFIG="$HOME/.shipyard/shipyard/kubeconfig.yml"
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
consul-consul-connect-injector-webhook-deployment-c46d9888s2497 1/1 Running 0 16m
consul-consul-server-0 1/1 Running 0 16m
consul-consul-mmz9z 1/1 Running 0 16m
If you do not have kubectl, you can use Shipyard's interactive shell. The interactive shell has kubectl, consul CLI, and many other tools pre-installed. By default when you run the interactive shell, your current working folder is mapped to the /work folder.
$ yard tools
## Running tools container
To expose service in Kubernetes to localhost use:
port forwarding e.g.
kubectl port-forward --address 0.0.0.0 svc/myservice 10000:80
Mapping ports 10000-10100 on localhost to
10000-10100 on container.
Linking container --network k3d-shipyard
Setting environment -e CONSUL_HTTP_ADDR=http://k3d-shipyard-server:30443
root@575e9d9345f9:/work# ls
consul_config docker-compose-final.yml docker-compose.yml server_config
root@575e9d9345f9:/work# kubectl get pods
NAME READY STATUS RESTARTS AGE
consul-consul-connect-injector-webhook-deployment-c46d9888s2497 1/1 Running 0 16m
consul-consul-server-0 1/1 Running 0 16m
consul-consul-mmz9z 1/1 Running 0 16m
Installing services
The first application we would like to migrate to our new cluster is going to be our Currency service. The first step is to get this installed on our Kubernetes cluster. The folder examples/kubernetes contains the config file currency.yaml. If you take a look at this file you will see that it has a single container defined and everything is standard to a deployment except the following lines:
annotations:
"consul.hashicorp.com/connect-inject": "true"
Consul service mesh in Kubernetes runs an admission controller, the annotation "consul.hashicorp.com/connect-inject": "true", informs the controller that this pod needs to be service mesh enabled. Before the pod is deployed the controller will modify it adding the dataplane. Let`s run the file and see the product of this.
➜ examples/kubernetes
➜ kubectl apply -f currency.yaml
deployment.apps/currency created
You should see the new service running, note that there are 2/2 containers however the deployment only defined a single container. This is because the Consul admission controller has automatically modified your deployment to enable the service mesh.
➜ kubectl get pods
NAME READY STATUS RESTARTS AGE
consul-consul-connect-injector-webhook-deployment-c46d9888s2497 1/1 Running 0 37m
consul-consul-server-0 1/1 Running 0 37m
consul-consul-mmz9z 1/1 Running 0 37m
currency-5b64b6c67c-76f8m 2/2 Running 0 4m55s
The service will automatically be registered with Consul, unlike dealing with VMs, the Kubernetes controller manages this whole process for you.
If you run kubectl describe pod currency-your-id, you will see the additional container which has automatically been created.
kubectl describe pod currency-5b64b6c67c-76f8m
#...
Containers:
currency:
Container ID: containerd://6b76950a8beb3a3bb900bd03b7a6af079e2944af8048f4fd37787918a44b5f58
Image: nicholasjackson/fake-service:v0.7.8
Image ID: docker.io/nicholasjackson/fake-service@sha256:2e41a8c8e94ea0318d67ce82ea12fca8dfec4d916ff9a34246bf26713d4d369f
Port: 9090/TCP
Host Port: 0/TCP
State: Running
Started: Tue, 29 Oct 2019 09:48:46 +0000
Ready: True
Restart Count: 0
Environment:
LISTEN_ADDR: 0.0.0.0:9090
NAME: currency (cloud)
MESSAGE: currency response
HTTP_CLIENT_KEEP_ALIVES: false
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-6jzl5 (ro)
consul-connect-envoy-sidecar:
Container ID: containerd://f1a477b3a6e627ced43a74c14cbd568fae101d51ec5f3f58df06cc3becbac04d
Image: envoyproxy/envoy-alpine:v1.10.0
Image ID: sha256:0246380e4b703fd1f99605a8c31b288c088c078b80ee2de1d987ad819b06e1ec
Port: <none>
Host Port: <none>
Command:
envoy
--max-obj-name-len
256
--config-path
/consul/connect-inject/envoy-bootstrap.yaml
State: Running
Started: Tue, 29 Oct 2019 09:48:46 +0000
Ready: True
Restart Count: 0
Environment:
HOST_IP: (v1:status.hostIP)
Mounts:
/consul/connect-inject from consul-connect-inject-data (rw)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-6jzl5 (ro)
This information can also be accessed using the Kubernetes dashboard which is available at http://localhost:8443.
That is the end for this section, in the next section we are going to look at how we can connect our Consul datacenter running in VMs and the one we have running in Kubernetes. Before moving on to the next section, don’t forget to clean up your cluster.
➜ yard down
_______. __ __ __ .______ ____ ____ ___ .______ _______
/ || | | | | | | _ \ \ \ / / / \ | _ \ | \
| (----`| |__| | | | | |_) | \ \/ / / ^ \ | |_) | | .--. |
\ \ | __ | | | | ___/ \_ _/ / /_\ \ | / | | | |
.----) | | | | | | | | | | | / _____ \ | |\ \----.| .--. |
|_______/ |__| |__| |__| | _| |__| /__/ \__\ | _| `._____||_______/
Version: 0.2.2
## Stopping Kubernetes and cleaning resources
INFO[0000] Removing cluster [shipyard]
INFO[0000] ...Removing server
INFO[0001] ...Removing docker image volume
INFO[0001] Removed cluster [shipyard]
Summary
In this example we took a quick look at how we can run our applications with Consul service mesh on Kubernetes. In the next example we will see how we can join together VMs and Kubernetes clusters.