Connecting K8s and Nomad using a single Consul Server (DC1). Is this even possible or what is the next best way to do so?
Currently I have setup K8s cluster, Nomad cluster and a consul server outside of both of them. I also have an assumption that these clusters are owned by different teams / stakeholders hence, they should be in their own admin boundaries.
I am trying to use a single consul server (DC) to connect a K8s and a Nomad cluster to achieve workload failover & load balancing. So far I have achieved the following;
- Setup 1 Consul server externally
- Connected the K8s and Nomad as data planes to this external consul server
However, this doesn’t seem right since everything (the nomad and k8s services) is mixed in a single server. While searching I found about Admin Partitions to enable you to define administrative and communication boundaries between services managed by separate teams or belonging to separate stakeholders. However, since this is an Enterprise feature it is not possible to use it for me.
I also came across WAN Federation and for that we have to have multiple Consul servers (DCs) to connect. In my case Consul servers has to be installed on both K8s and Nomad.
As per my understanding there is no alternative way to use 1 single Consul server (DC) to connect multiple clusters.
I am confused on selecting what actual way should I proceed to use 1 single Consul Server (DC1) to connect k8s and nomad. I don’t know if that is even possible without Admin Partitions. If not what is the next best way to get it working. Also, I think I should use both service discovery and service mesh to realize this to enable communication between the services of separate clusters.
I kindly see your expert advice to resolve my issue.
Thank you so much in advance.
From the look fo it, if this doesn’t seem right since everything (the nomad and k8s services) is mixed in a single server is not something you want to accept, then: Not possible, you need consul enterprise. Consul not-enterprise has everything in one "plane", it has no multiple regions or datacenters or similar, everything is in one bucket.
You can setup multiple consuls with domain federation, or you can agree to the limitations, or you can pay for consul enterprise, or you can patch consul yourself, or you can use something differnet.
What I do I am just cautius and I have services from one place with -rl suffix and services from another place with some different suffix and try to keep services separated by manually keeping suffixes in all services.
- Create kubernetes secret for docker registry - Terraform
- Kubectl error: memcache.go:265] couldn’t get current server API group list: Get
- Invalid resource manager ID in primary checkpoint record
- How can I view the config details of the current context in kubectl?
- Webhook call fails while deploying a new Couchbase cluster
- How can we create same resource in multiple terraform providers?
- 502 Bad Gateway on Azure Ingress for Kubernetes Service /microservice1/hello (Quarkus Application)
- Can't access a Minikube's NodePort service from outside
- Infinispan dual roles on Kubernetes as a Vert.x cluster manager and cache manager. Cache not being shared problem
- how to use kubectl command with flag --selector?
- Spring Boot with Kubernetes Issue for Prometheus (Cannot file prometheus yml file for configuration)
- EKS cluster pods unable to connect to internet
- kubernetes pod logging broken with journald logging driver
- Helm configMap support for binary files
- Usage of variables in Helm
- How to share a cephfs volume between pods in different k8s namespaces
- is it possible to use Gitlabci parallel matrix to build docker image with certain time delay for each image?
- How to resolve invalid character included yaml attributes from kubernetes
- Why kubectl exec --username=root does not work?
- How to enter a pod as root?
- How to exclude a resource when using namespace in kustomization.yaml?
- Kubernetes Ingress Routing HTTP with Kestrel
- How to pass brackets and other special characters using —set in Helm
- Problem installing Issuer (cert-manager) inside GKE cluster tls: failed to verify certificate: x509: certificate signed by unknown authority
- couldn't get current server API group list: the server has asked for the client to provide credentials error: You must be logged in to the server
- Spring Boot Application Fails to Create/Replace ConfigMap in Minikube After Upgrade
- GKE Autopilot: How to add/manage SSL Certificate to GKE autopilot
- Is it possible to allow egress traffic by hostname?
- helm chart error can't evaluate field Values in type interface {}
- What is the difference between Helm and Kustomize?