Telepresence with Consul

[eliesemaan6]

Describe the bug
I have Consul installed in my cluster for service discovery. I am trying to intercept a service with telepresence.

Issue is similar to #2426

The traffic agent is added to the POD but nothing gets intercepted.
The suggestion on that issue was to use a newer version, however I am using Telepresence 2.13.3 and I have the same behavior. Is telepresence intercept supported with Consul?

Thank you

[thallgren]

Telepresence might collide with Consul because it too uses an Envoy sidecar. Here are some things you can try:

Use different values for the Envoy ports. Create a yaml file and use telepresence helm upgrade -f <your file> to apply it.

agent:
  envoy:
    serverPort: 18100
    adminPort: 19100

Also, to make sure that the Telepresence pod injection sees the Consul injection, try adding:

agentInjector:
  webhook:
    reinvocationPolicy: IfNeeded

Look at the created pod to determine how Telepresence and Consul injected containers are configured, e.g. kubectl get pod NNN -o yaml.

[eliesemaan6]

Hello,

Thank you.

I've tried this but I am still unable to route traffic to my local machine for a deployed spring boot service. Below is a screenshot of the traffic manager configuration

When I run telepresence list, it shows that my service is being intercepted

And this is my pod where the traffic agent was installed:

When I intercept my service, it remains accessible even if I don't run it locally so it seems like Intercept is not re-routing the traffic.

I tried telepresence locally with minikube and it worked fine. However, on my dev cluster where I have a gateway service and consul, it does not work.

Finally, my pod config yaml file:
pod_container_config.txt

[cindymullins-dw]

Hi @eliesemaan6 , can you share your intercept command? We’d like to check which port you’re using there - perhaps there’s an issue with using a numeric target port for your service with a service mesh. Also could you share your Service configuration and is your Service using a numeric or symbolic target port?

[eliesemaan6]

Hello Cindy,

This is my intercept command: telepresence intercept mxenv-definition-service --port 8085:http --env-file D:\telepresence\mxenv-definition\mxenv-definition.env --workload mxenv-definition-deployment

And below is my service config:
service_config.txt

[cindymullins-dw]

Thanks for that. What version of Consul are you using?

[kha7281]

Hi @cindymullins-dw

I am facing the exact issue. My consul for Kubernetes version 1.16.x
My request flow: consul api gateway -> backend service
Telepresence traffic manager: 2.15.1
traffic agent: 1.0.15

Thanks!

Updated:
In my EKS environment (service mesh using consul-k8s 1.16.X), the request will go through the consul API gateway (implemented Kubernetes API Gateway) first and traffic will be routed to the backend service if the API path matches.
Before telepresence intercept run, the endpoint is:
10.168.X.Y:12345
After telepresence intercept for the service run, the endpoint is:
10.168.X.Y:9900

I can confirm that if I hit via curl: curl 10.168.X.Y:9900/api/abc/v1/version, it will hit my local service running on my MAC.
But if I send the request via my consul api gateway, for example: curl internal-api-gateway/api/abc/v1/version
then traffic will route to my service running inside the EKS cluster, which is incorrect.

I am not sure if telepresence with latest version 2.15.1 supports API Gateway, especially the consul API Gateway/Mesh.
Thanks!

[cindymullins-dw]

@kha7281 , if you run telepresence intercept —help you'll see these flags which might be helpful.
--ingress-host string: The ingress hostname.
--ingress-l5 string: The L5 hostname. Defaults to the ingress-host value
--ingress-port int32: The ingress port
Generally these are used in the context of the preview URL, but you may be able to use them outside that context also.