Deploy Consul on Google Kubernetes Engine (GKE)
In this tutorial you will deploy a Consul datacenter to the Google Kubernetes Engine (GKE) on Google Cloud Platform (GCP) with HashiCorp’s official Helm chart or the Consul K8S CLI. After deploying Consul, you will interact with Consul using the CLI, UI, and/or API.
Prerequisites
For this tutorial, you will need:
- A GCP account with the ability to create a Kubernetes cluster
- Google Cloud CLI
- kubectl >= 1.21
- helm >= 3.0
- consul >= 1.14.0
Initialize Google Cloud CLI
Run gcloud init
to initialize the Google Cloud CLI.
Service account authentication (optional)
You should create a GCP IAM service account and authenticate with it on the command line.
- To review the GCP IAM service account documentation, go here
- To interact with GCP IAM service accounts, go here
Once you have obtained your GCP IAM service account key-file
, you can authenticate your local gcloud cli by running the following:
Create a GKE cluster
At least a three node GKE cluster is required to deploy Consul using the official Consul Helm chart or the Consul K8S CLI. Create a three node cluster on GKE by following the GKE documentation.
Configure kubectl to talk to your cluster
From the GCP console, where you previously created your cluster, click the "Connect" button. Copy the snippet provided and paste it into your terminal.
You can then run kubectl cluster-info to verify you are connected to your Kubernetes cluster:
To further debug and diagnose cluster problems, use kubectl cluster-info dump
.
Deploy Consul
You can deploy a complete Consul datacenter using the official Consul Helm chart or the Consul K8S CLI. By default, these methods will install a total of three Consul servers. You can review the Consul Kubernetes installation documentation to learn more about these installation options.
Create a values file
To customize your deployment, create a values.yaml
file to customization your Consul deployment.
Install Consul in your cluster
You can now deploy a complete Consul datacenter in your Kubernetes cluster using the official Consul Helm chart or the Consul K8S CLI.
Note
You can review the official Consul K8S CLI documentation to learn more about additional settings.
Run the command kubectl get pods
to verify the Consul resources were successfully created.
Configure your CLI to interact with Consul cluster
In this section, you will set environment variables in your terminal so your Consul CLI can interact with your Consul cluster. The Consul CLI reads these environment variables for behavior defaults and will reference these values when you run consul
commands.
Tokens are artifacts in the ACL system used to authenticate users, services, and Consul agents. Since ACLs are enabled in this Consul datacenter, entities requesting access to a resource must include a token that is linked with a policy, service identity, or node identity that grants permission to the resource. The ACL system checks the token and grants or denies access to resources based on the associated permissions. A bootstrap token has unrestricted privileges to all resources and APIs.
Retrieve the ACL bootstrap token from the respective Kubernetes secret and set it as an environment variable.
Set the Consul destination address.
Remove SSL verification checks to simplify communication to your Consul cluster.
Note
In a production environment, we recommend keeping this SSL verification set to true
. Only remove this verification for if you have a Consul cluster without TLS configured in development environment and demonstration purposes.
View Consul services
In this section, you will view your Consul services with the CLI, UI, and/or API to explore the details of your service mesh.
Run the CLI command consul catalog services
to return the list of services registered in Consul. Notice this returns only the consul
service since it is the only running service in your Consul cluster.
Agents run in either server or client mode. Server agents store all state information, including service and node IP addresses, health checks, and configuration. Client agents are lightweight processes that make up the majority of the datacenter. They report service health status to the server agents. Clients must run on every pod where services are running.
Run the CLI command consul members
to return the list of Consul agents in your environment.
All services listed in your Consul catalog are empowered with Consul's service discovery capabilities that simplify scalability challenges and improve application resiliency. Review the Service Discovery overview page to learn more.
Next steps
In this tutorial, you deployed a Consul datacenter onto an Google Kubernetes Engine (GKE) cluster. After deploying Consul, you interacted with Consul using the CLI, UI, and API.
To learn more about deployment best practices, review the Kubernetes Reference Architecture tutorial.