Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consul service mesh not working on GKE Autopilot #20909

Closed
laxmankadam123 opened this issue Mar 27, 2024 · 0 comments · Fixed by hashicorp/consul-k8s#4213
Closed

Consul service mesh not working on GKE Autopilot #20909

laxmankadam123 opened this issue Mar 27, 2024 · 0 comments · Fixed by hashicorp/consul-k8s#4213

Comments

@laxmankadam123
Copy link

laxmankadam123 commented Mar 27, 2024

Hi Team,

We are encountering the following issues when deploying Consul service mesh on a GKE Autopilot cluster:

Error: Rendered manifests contain a resource that already exists. Unable to continue with install: CustomResourceDefinition "gatewayclasses.gateway.networking.k8s.io" in namespace "" exists and cannot be imported into the current release.

This issue is resolved after adding the following parameters in my values.yaml file, as per the documentation provided at https://developer.hashicorp.com/consul/docs/k8s/installation/install:

global:
  name: consul
connectInject:
  enabled: true
  apiGateway:
    manageExternalCRDs: false
    manageNonStandardCRDs: true
  cni:
    enabled: true
    logLevel: debug
    cniBinDir: "/home/kubernetes/bin"
    cniNetDir: "/etc/cni/net.d"
server:
  resources:
    requests:
      memory: "500Mi"
      cpu: "500m"
    limits:
      memory: "500Mi"
      cpu: "500m"

When the above parameters are passed in values.yaml and Consul is redeployed, we encounter another issue:

Error: Violations details: {"[denied by autopilot-disallow-privilege]":["container install-cni is privileged; not allowed in Autopilot"]

The CNI component is not installed, but we can see the Consul server is running in our cluster. However, the Consul injector is failing, and because the injector pod is in an error state, the gateway and mesh gateway pods are not coming up.

The Consul injector pod shows the following error:

ERROR: Setup unable to register field indexes {"error": "no matches for kind \"TCPRoute\" in version \"gateway.newtowrking.k8s.io/v1alha2\""}
ERROR: Setup could not configure controllers: no matches for kind "TCPRoute" in version gateway.newtowrking.k8s.io/v1alha2 no matches for kind TCPRoute in version gateway.newtowrking.k8s.io/v1alha2

Can you please assist in deploying Consul on GKE Autopilot properly?

We are using GKE Autopilot version 1.27 and Consul version 1.17. We also tried with version 1.16 but encountered the same error.

Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant