Hashicorp Consul, Agent/Client access

Question

I am trying to do Consul setup via Kubernetes, helm chart, https://www.consul.io/docs/k8s/helm

Based on my pre-Kubernetes knowledge: services, using Consul access via Consul Agent, running on each host and listening on hosts IP

Now, I deployed via Helm chart to Kubernetes cluster. First misunderstanding the terminology, Consul Agent vs Client in this setup? I presume it is the same

Now, set up:

Helm chart config (Terraform fragment), nothing specific to Clients/Agent's and their service:

global:
  name: "consul"
  datacenter: "${var.consul_config.datacenter}"
server:
  storage: "${var.consul_config.storage}"
  connect: false

syncCatalog:
  enabled: true
  default: true
  k8sAllowNamespaces: ['*']
  k8sDenyNamespaces: [${join(",", var.consul_config.k8sDenyNamespaces)}]

Pods, client/agent ones are DaemonSet, not in host network mode

kubectl get pods
NAME                                  READY   STATUS    RESTARTS   AGE
consul-8l587                          1/1     Running   0          11h
consul-cfd8z                          1/1     Running   0          11h
consul-server-0                       1/1     Running   0          11h
consul-server-1                       1/1     Running   0          11h
consul-server-2                       1/1     Running   0          11h
consul-sync-catalog-8b688ff9b-klqrv   1/1     Running   0          11h
consul-vrmtp                          1/1     Running   0          11h

Services

 kubectl get service
NAME            TYPE           CLUSTER-IP       EXTERNAL-IP             PORT(S)                                                                   AGE
consul          ExternalName   <none>           consul.service.consul   <none>                                                                    11h
consul-dns      ClusterIP      172.20.124.238   <none>                  53/TCP,53/UDP                                                             11h
consul-server   ClusterIP      None             <none>                  8500/TCP,8301/TCP,8301/UDP,8302/TCP,8302/UDP,8300/TCP,8600/TCP,8600/UDP   11h
consul-ui       ClusterIP      172.20.131.29    <none>                  80/TCP                                                                    11h

Question 1 Where is a service, to target Client (Agent) pods, but not Server's pods ? Did I miss it in helm chart?

My plan is, while I am not going to use Host (Kubernetes node) networking:

1. Find the Client/Agent service or make my own. So, it will be used by the Consul's user's. E.g., this service address I will specify for Consul template init pod of the Consul template. In the config consuming application

kubectl get pods --selector app=consul,component=client,release=consul
consul-8l587   1/1     Running   0          11h
consul-cfd8z   1/1     Running   0          11h
consul-vrmtp   1/1     Running   0          11h

2. Optional: will add a topologyKeys in to agent service, so each consumer will not cross host boundary

Question 2 Is it right approach? Or it is different for Consul Kubernetes deployments

Answer 1

You can use the Kubernetes downward API to inject the IP of host as an environment variable for your pod.

apiVersion: v1
kind: Pod
metadata:
  name: consul-example
spec:
  containers:
    - name: example
      image: 'consul:latest'
      env:
        - name: HOST_IP
          valueFrom:
            fieldRef:
              fieldPath: status.hostIP
      command:
        - '/bin/sh'
        - '-ec'
        - |
          export CONSUL_HTTP_ADDR="${HOST_IP}:8500"
          consul kv put hello world
  restartPolicy: Never

See https://www.consul.io/docs/k8s/installation/install#accessing-the-consul-http-api for more info.