First cluster grpc service should be NodePort for the second cluster to connect (#16430)

* First cluster grpc service should be NodePort This is based on the issue opened here https://github.com/hashicorp/consul-k8s/issues/1903 If you follow the documentation https://developer.hashicorp.com/consul/docs/k8s/deployment-configurations/single-dc-multi-k8s exactly as it is, the first cluster will only create the consul UI service on NodePort but not the rest of the services (including for grpc). By default, from the helm chart, they are created as headless services by setting clusterIP None. This will cause an issue for the second cluster to discover consul server on the first cluster over gRPC as it cannot simply cannot through gRPC default port 8502 and it ends up in an error as shown in the issue https://github.com/hashicorp/consul-k8s/issues/1903 As a solution, the grpc service should be exposed using NodePort (or LoadBalancer). I added those changes required in both cluster1-values.yaml and cluster2-values.yaml, and also a description for those changes for the normal users to understand. Kindly review and I hope this PR will be accepted. * Update website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> --------- Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-03-16 22:13:19 +05:30 · 2023-03-16 22:13:19 +05:30 · e766b74a8b
parent 65bfef6df1
commit e766b74a8b
1 changed files with 17 additions and 0 deletions
--- a/website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx
+++ b/website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx
@ -50,6 +50,17 @@ global:
  gossipEncryption:
    secretName: consul-gossip-encryption-key
    secretKey: key
+server:
+  exposeService:
+    enabled: true
+    type: NodePort
+    nodePort:
+      ## all are random nodePorts and you can set your own
+      http: 30010
+      https: 30011
+      serf: 30012
+      rpc: 30013
+      grpc: 30014
 ui:
  service:
    type: NodePort
@ -65,6 +76,8 @@ The UI's service type is set to be `NodePort`.
 This is needed to connect to servers from another cluster without using the pod IPs of the servers,
 which are likely going to change.

+Other services are exposed as `NodePort` services and configured with random port numbers. In this example, the `grpc` port is set to `30014`, which enables services to discover Consul servers using gRPC when connecting from another cluster.
+
 To deploy, first generate the Gossip encryption key and save it as a Kubernetes secret.

 ```shell-session
@ -123,6 +136,8 @@ externalServers:
  hosts: ["10.0.0.4"]
  # The node port of the UI's NodePort service or the load balancer port.
  httpsPort: 31557
+  # Matches the gRPC port of the Consul servers in the first cluster.
+  grpcPort: 30014
  tlsServerName: server.dc1.consul
  # The address of the kube API server of this Kubernetes cluster
  k8sAuthMethodHost: https://kubernetes.example.com:443
@ -147,6 +162,8 @@ NAME                 TYPE       CLUSTER-IP    EXTERNAL-IP   PORT(S)         AGE
 cluster1-consul-ui   NodePort   10.0.240.80   <none>        443:31557/TCP   40h
 ```

+The `grpcPort: 30014` configuration refers to the gRPC port number specified in the `NodePort` configuration in the first cluster.
+
 Set the `externalServer.tlsServerName` to `server.dc1.consul`. This the DNS SAN
 (Subject Alternative Name) that is present in the Consul server's certificate.
 This is required because the connection to the Consul servers uses the node IP,