diff --git a/website/source/docs/platform/k8s/dns.html.md b/website/source/docs/platform/k8s/dns.html.md index b2ff643db5..43b8867309 100644 --- a/website/source/docs/platform/k8s/dns.html.md +++ b/website/source/docs/platform/k8s/dns.html.md @@ -9,22 +9,22 @@ description: |- # Consul DNS on Kubernetes One of the primary query interfaces to Consul is the -[DNS interface](/docs/agent/dns.html). Consul DNS can be configured in +[DNS interface](/docs/agent/dns.html). You can configure Consul DNS in Kubernetes using a [stub-domain configuration](https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#configure-stub-domain-and-upstream-dns-servers) if using KubeDNS or a [proxy configuration](https://coredns.io/plugins/proxy/) if using CoreDNS. -Once configured, DNS requests in the form `{consul-service-name}.service.consul` will -resolve for services in Consul. This will work from all namespaces. +Once configured, DNS requests in the form `.service.consul` will +resolve for services in Consul. This will work from all Kubernetes namespaces. --> **Note:** If you want requests to just `{consul-service-name}` (without the `.service.consul`) to resolve, then you'll need +-> **Note:** If you want requests to just `` (without the `.service.consul`) to resolve, then you'll need to turn on [Consul to Kubernetes Service Sync](/docs/platform/k8s/service-sync.html#consul-to-kubernetes). ## Consul DNS Cluster IP -For configuring KubeDNS or CoreDNS you'll first need the `ClusterIP` of the Consul +To configure KubeDNS or CoreDNS you'll first need the `ClusterIP` of the Consul DNS service created by the [Helm chart](/docs/platform/k8s/helm.html). -The name of the Consul DNS service will be `consul-consul-dns`. Use +The default name of the Consul DNS service will be `consul-consul-dns`. Use that name to get the `ClusterIP`: ```bash @@ -32,11 +32,11 @@ $ kubectl get svc consul-consul-dns -o jsonpath='{.spec.clusterIP}' 10.35.240.78% ``` --> *Note:* If you've installed Consul using a different helm release name than `consul` -then the DNS service name will be `{release-name}-consul-dns`. - For this installation the `ClusterIP` is `10.35.240.78`. +-> **Note:** If you've installed Consul using a different helm release name than `consul` +then the DNS service name will be `-consul-dns`. + ## KubeDNS If using KubeDNS, you need to create a `ConfigMap` that tells KubeDNS to use the Consul DNS service to resolve all domains ending with `.consul`: diff --git a/website/source/docs/platform/k8s/helm.html.md b/website/source/docs/platform/k8s/helm.html.md index 3a461bc0ca..5126ea111c 100644 --- a/website/source/docs/platform/k8s/helm.html.md +++ b/website/source/docs/platform/k8s/helm.html.md @@ -414,8 +414,6 @@ You can also use this Helm chart to deploy Consul Enterprise by following a few Find the license file that you received in your welcome email. It should have the extension `.hclic`. You will use the contents of this file to create a Kubernetes secret before installing the Helm chart. --> **Note:** If you cannot find your `.hclic` file, please contact your sales team or Technical Account Manager. - You can use the following commands to create the secret: ```bash @@ -423,6 +421,8 @@ secret=$(cat 1931d1f4-bdfd-6881-f3f5-19349374841f.hclic) kubectl create secret generic consul-ent-license --from-literal="key=${secret}" ``` +-> **Note:** If you cannot find your `.hclic` file, please contact your sales team or Technical Account Manager. + In your `values.yaml`, change the value of `global.image` to one of the enterprise [release tags](https://hub.docker.com/r/hashicorp/consul-enterprise/tags). ```yaml @@ -439,17 +439,25 @@ server: secretKey: "key" ``` -Add the `--wait` option to your `helm install` command. This will force Helm to wait for all the pods -to become ready before it applies the license to your Consul cluster. +Now run `helm install`: ```bash $ helm install --wait --name consul -f ./values.yaml ./consul-helm ``` -Once the cluster is up, you can verify the nodes are running Consul Enterprise. +Once the cluster is up, you can verify the nodes are running Consul Enterprise by +using the `consul license get` command. + +First, forward your local port 8500 to the Consul servers so you can run `consul` +commands locally against the Consul servers in Kubernetes: + +```bash +$ kubectl port-forward service/consul-consul-server -n default 8500 +``` + +In a separate tab, run the `consul license get` command (if using ACLs see below): ```bash -$ kubectl port-forward service/consul-consul-server 8500 & $ consul license get License is valid License ID: 1931d1f4-bdfd-6881-f3f5-19349374841f @@ -471,9 +479,42 @@ consul-consul-server-1 10.60.1.229:8301 alive server 1.4 consul-consul-server-2 10.60.2.197:8301 alive server 1.4.3+ent 2 dc1 ``` +If you get an error: + +```bash +Error getting license: invalid character 'r' looking for beginning of value +``` + +Then you have likely enabled ACLs. You need to specify your ACL token when +running the `license get` command. First, get the ACL token: + +```bash +$ kubectl get secrets/consul-consul-bootstrap-acl-token --template={{.data.token}} | base64 -D +4dae8373-b4d7-8009-9880-a796850caef9% +``` + +Now use the token when running the `license get` command: + +```bash +$ consul license get -token=4dae8373-b4d7-8009-9880-a796850caef9 +License is valid +License ID: 1931d1f4-bdfd-6881-f3f5-19349374841f +Customer ID: b2025a4a-8fdd-f268-95ce-1704723b9996 +Expires At: 2020-03-09 03:59:59.999 +0000 UTC +Datacenter: * +Package: premium +Licensed Features: + Automated Backups + Automated Upgrades + Enhanced Read Scalability + Network Segments + Redundancy Zone + Advanced Network Federation +``` + ## Helm Chart Examples -The below `values.yaml` can be used to set up a single server Consul cluster with a `LoadBalancer` to allow external access to the UI and API. +The below `values.yaml` results in a single server Consul cluster with a `LoadBalancer` to allow external access to the UI and API. ```yaml global: @@ -488,7 +529,7 @@ ui: type: LoadBalancer ``` -The below `values.yaml` can be used to set up a three server Consul Enterprise cluster with 100GB of storage and automatic Connect injection for annotated pods in the "my-app" namespace. +The below `values.yaml` results in a three server Consul Enterprise cluster with 100GB of storage and automatic Connect injection for annotated pods in the "my-app" namespace. Note, this would require a secret that contains the enterprise license key. diff --git a/website/source/docs/platform/k8s/service-sync.html.md b/website/source/docs/platform/k8s/service-sync.html.md index f0340ded8a..0f2ce91ac1 100644 --- a/website/source/docs/platform/k8s/service-sync.html.md +++ b/website/source/docs/platform/k8s/service-sync.html.md @@ -75,12 +75,6 @@ syncCatalog: See the [Helm configuration](/docs/platform/k8s/helm.html#v-synccatalog) for more information. --> **Before installing,** please read the introduction paragraphs for the -reference documentation below for both -[Kubernetes to Consul](/docs/platform/k8s/service-sync.html#kubernetes-to-consul) and -[Consul to Kubernetes](/docs/platform/k8s/service-sync.html#consul-to-kubernetes) -sync to understand how the syncing works. - ### Authentication The sync process must authenticate to both Kubernetes and Consul to read @@ -261,8 +255,8 @@ metadata: ## Consul to Kubernetes This syncs Consul services into first-class Kubernetes services. -An [ExternalName](https://kubernetes.io/docs/concepts/services-networking/service/#externalname) -`Service` is created for each Consul service. The "external name" will be +The sync service will creat an [`ExternalName`](https://kubernetes.io/docs/concepts/services-networking/service/#externalname) +`Service` for each Consul service. The "external name" will be the Consul DNS name. For example, given a Consul service `foo`, a Kubernetes Service will be created @@ -279,14 +273,14 @@ spec: type: ExternalName ``` -With Consul To Kubernetes syncing enabled, DNS requests of the form `{consul-service-name}` -will be serviced by Consul DNS. From a different namespace than where Consul -is deployed, the DNS request would need to be `{consul-service-name}.{consul-namespace}`. +With Consul To Kubernetes syncing enabled, DNS requests of the form `` +will be serviced by Consul DNS. From a different Kubernetes namespace than where Consul +is deployed, the DNS request would need to be `.`. -> **Note:** Consul to Kubernetes syncing **isn't required** if you've enabled [Consul DNS on Kubernetes](/docs/platform/k8s/dns.html) -*and* all you need to do is address services in the form `{consul-service-name}.service.consul`, i.e. you don't need Kubernetes `Service` objects created. +*and* all you need to do is address services in the form `.service.consul`, i.e. you don't need Kubernetes `Service` objects created. --> **Requires Consul DNS via CoreDNS in Kubernetes:** This feature requires that +~> **Requires Consul DNS via CoreDNS in Kubernetes:** This feature requires that [Consul DNS](/docs/platform/k8s/dns.html) is configured within Kubernetes. Additionally, **[CoreDNS](https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#config-coredns) is required (instead of kube-dns)** to resolve an