Abhishek Kumar
Reputation: 43
Consul Helm failing
I am trying to run consul in eks using helm. I ran below commands
helm repo add hashicorp https://helm.releases.hashicorp.com
kubectl create secret generic consul-gossip-encryption-key --from-literal=key=$(consul keygen) -n common
helm install consul hashicorp/consul --namespace common --set global.name=consul -f helm-consul-config.yaml --debug
It gives me below error
install.go:173: [debug] Original chart version: ""
install.go:190: [debug] CHART PATH: /root/.cache/helm/repository/consul-0.33.0.tgz
client.go:282: [debug] Starting delete for "consul-tls-init" ServiceAccount
client.go:122: [debug] creating 1 resource(s)
client.go:282: [debug] Starting delete for "consul-tls-init" Role
client.go:122: [debug] creating 1 resource(s)
client.go:282: [debug] Starting delete for "consul-tls-init" RoleBinding
client.go:122: [debug] creating 1 resource(s)
client.go:282: [debug] Starting delete for "consul-tls-init" Job
client.go:122: [debug] creating 1 resource(s)
client.go:491: [debug] Watching for changes to Job consul-tls-init with timeout of 5m0s
client.go:519: [debug] Add/Modify event for consul-tls-init: ADDED
client.go:558: [debug] consul-tls-init: Jobs active: 0, jobs failed: 0, jobs succeeded: 0
client.go:519: [debug] Add/Modify event for consul-tls-init: MODIFIED
client.go:558: [debug] consul-tls-init: Jobs active: 1, jobs failed: 0, jobs succeeded: 0
client.go:519: [debug] Add/Modify event for consul-tls-init: MODIFIED
client.go:558: [debug] consul-tls-init: Jobs active: 1, jobs failed: 1, jobs succeeded: 0
client.go:519: [debug] Add/Modify event for consul-tls-init: MODIFIED
client.go:558: [debug] consul-tls-init: Jobs active: 1, jobs failed: 2, jobs succeeded: 0
Upon checking pod logs I see below error
kubectl logs consul-tls-init-jqk8s -n common
/bin/sh: consul-k8s-control-plane: not found
Below is my helm config file
enabled: true
name: null
domain: consul
image: "consul:1.7.2"
imagePullSecrets: []
imageK8S: "hashicorp/consul-k8s:0.14.0"
datacenter: dc1
enablePodSecurityPolicies: false
gossipEncryption:
# secretName is the name of the Kubernetes secret that holds the gossip
# encryption key. The secret must be in the same namespace that Consul is installed into.
secretName: "consul-gossip-encryption-key"
holds the gossip
# encryption key.
secretKey: "key"
tls:
enabled: true
enableAutoEncrypt: true
serverAdditionalDNSSANs: ["'consul.service.consul'"]
serverAdditionalIPSANs: []
verify: true
httpsOnly: true
caCert:
secretName: null
secretKey: null
# certificates.
caKey:
secretName: null
secretKey: null
enableConsulNamespaces: false
# [DEPRECATED] Use acls.manageSystemACLs instead.
bootstrapACLs: false
# Configure ACLs.
acls:
# If true, the Helm chart will automatically manage ACL tokens and policies
# for all Consul and consul-k8s components. This requires Consul >= 1.4 and consul-k8s >= 0.14.0.
manageSystemACLs: false
# bootstrapToken references a Kubernetes secret containing the bootstrap token to use
# for creating policies and tokens for all Consul and consul-k8s components.
# If set, we will skip ACL bootstrapping of the servers and will only initialize
# ACLs for the Consul and consul-k8s system components.
# Requires consul-k8s >= 0.14.0
bootstrapToken:
secretName: null
secretKey: null
createReplicationToken: false
replicationToken:
secretName: null
secretKey: null
server:
enabled: "-"
image: null
replicas: 3
bootstrapExpect: 3 # Should <= replicas count
enterpriseLicense:
secretName: null
secretKey: null
storage: 10Gi
storageClass: null
connect: true
resources: null
# updatePartition is used to control a careful rolling update of Consul
# servers. This should be done particularly when changing the version
# of Consul. Please refer to the documentation for more information.
updatePartition: 0
# disruptionBudget enables the creation of a PodDisruptionBudget to
# prevent voluntary degrading of the Consul server cluster.
disruptionBudget:
enabled: true
# maxUnavailable will default to (n/2)-1 where n is the number of
# replicas. If you'd like a custom value, you can specify an override here.
maxUnavailable: null
# extraConfig is a raw string of extra configuration to set with the
# server. This should be JSON.
extraConfig: |
{}
extraVolumes: []
# Affinity Settings
# Commenting out or setting as empty the affinity variable, will allow
# deployment to single node services such as Minikube
affinity: |
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: {{ template "consul.name" . }}
release: "{{ .Release.Name }}"
component: server
topologyKey: kubernetes.io/hostname
# Toleration Settings for server pods
# This should be a multi-line string matching the Toleration array
# in a PodSpec.
tolerations: ""
# nodeSelector labels for server pod assignment, formatted as a multi-line string.
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
# Example:
nodeSelector: |
eks.amazonaws.com/nodegroup: test
priorityClassName: ""
annotations: null
service:
annotations: null
extraEnvironmentVars: {}
# http_proxy: http://localhost:3128,
# https_proxy: http://localhost:3128,
# no_proxy: internal.domain.com
externalServers:
enabled: false
hosts: []
# The HTTPS port of the Consul servers.
httpsPort: 8501
# tlsServerName is the server name to use as the SNI
# host header when connecting with HTTPS.
tlsServerName: null
useSystemRoots: false
k8sAuthMethodHost: null
# Client, when enabled, configures Consul clients to run on every node
# within the Kube cluster. The current deployment model follows a traditional
# DC where a single agent is deployed per node.
client:
enabled: "-"
image: null
join: null
dataDirectoryHostPath: null
grpc: true
exposeGossipPorts: false
resources: null
extraConfig: |
{}
extraVolumes: []
by Consul
tolerations: ""
nodeSelector: null
# Affinity Settings for Client pods, formatted as a multi-line YAML string.
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity: {}
# used to assign priority to client pods
# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
priorityClassName: ""
annotations: null
# custom consul parameters.
extraEnvironmentVars: {}
# http_proxy: http://localhost:3128,
# https_proxy: http://localhost:3128,
# no_proxy: internal.domain.com
dnsPolicy: null
updateStrategy: null
snapshotAgent:
enabled: false
# replicas determines how many snapshot agent pods are created
replicas: 2
using-kubectl-create-secret
configSecret:
secretName: null
secretKey: null
dns:
enabled: "-"
# Useful if you need to reference the DNS service's IP
# address in CoreDNS config.
clusterIP: null
# Extra annotations to attach to the dns service
# This should be a multi-line string of
# annotations to apply to the dns Service
annotations: null
ui:
# True if you want to enable the Consul UI. The UI will run only
# on the server nodes. This makes UI access via the service below (if
# enabled) predictable rather than "any node" if you're running Consul
# clients as well.
enabled: "-"
# True if you want to create a Service entry for the Consul UI.
#
# serviceType can be used to control the type of service created. For
# example, setting this to "LoadBalancer" will create an external load
# balancer (for supported K8S installations) to access the UI.
service:
enabled: true
type: NodePort
# Annotations to apply to the UI service.
# Example:
# annotations: |
# "annotation-key": "annotation-value"
annotations: null
# Additional ServiceSpec values
# This should be a multi-line string mapping directly to a Kubernetes
# ServiceSpec object.
additionalSpec: null
# syncCatalog will run the catalog sync process to sync K8S with Consul
# services. This can run bidirectional (default) or unidirectionally (Consul
# to K8S or K8S to Consul only).
#
# This process assumes that a Consul agent is available on the host IP.
# This is done automatically if clients are enabled. If clients are not
# enabled then set the node selection so that it chooses a node with a
# Consul agent.
syncCatalog:
# True if you want to enable the catalog sync. Set to "-" to inherit from
# global.enabled.
enabled: false
image: null
default: true # true will sync by default, otherwise requires annotation
# toConsul and toK8S control whether syncing is enabled to Consul or K8S
# as a destination. If both of these are disabled, the sync will do nothing.
toConsul: true
toK8S: true
# k8sPrefix is the service prefix to prepend to services before registering
# with Kubernetes. For example "consul-" will register all services
# prepended with "consul-". (Consul -> Kubernetes sync)
k8sPrefix: null
# k8sAllowNamespaces is a list of k8s namespaces to sync the k8s services from.
# If a k8s namespace is not included in this list or is listed in `k8sDenyNamespaces`,
# services in that k8s namespace will not be synced even if they are explicitly
# annotated. Use ["*"] to automatically allow all k8s namespaces.
#
# For example, ["namespace1", "namespace2"] will only allow services in the k8s
# namespaces `namespace1` and `namespace2` to be synced and registered
# with Consul. All other k8s namespaces will be ignored.
#
# To deny all namespaces, set this to [].
#
# Note: `k8sDenyNamespaces` takes precedence over values defined here.
# Requires consul-k8s v0.12+
k8sAllowNamespaces: ["*"]
# k8sDenyNamespaces is a list of k8s namespaces that should not have their
# services synced. This list takes precedence over `k8sAllowNamespaces`.
# `*` is not supported because then nothing would be allowed to sync.
# Requires consul-k8s v0.12+.
#
# For example, if `k8sAllowNamespaces` is `["*"]` and `k8sDenyNamespaces` is
# `["namespace1", "namespace2"]`, then all k8s namespaces besides "namespace1"
# and "namespace2" will be synced.
k8sDenyNamespaces: ["kube-system", "kube-public"]
# [DEPRECATED] Use k8sAllowNamespaces and k8sDenyNamespaces instead. For
# backwards compatibility, if both this and the allow/deny lists are set,
# the allow/deny lists will be ignored.
# k8sSourceNamespace is the Kubernetes namespace to watch for service
# changes and sync to Consul. If this is not set then it will default
# to all namespaces.
k8sSourceNamespace: null
# [Enterprise Only] These settings manage the catalog sync's interaction with
# Consul namespaces (requires consul-ent v1.7+ and consul-k8s v0.12+).
# Also, `global.enableConsulNamespaces` must be true.
consulNamespaces:
# consulDestinationNamespace is the name of the Consul namespace to register all
# k8s services into. If the Consul namespace does not already exist,
# it will be created. This will be ignored if `mirroringK8S` is true.
consulDestinationNamespace: "default"
# mirroringK8S causes k8s services to be registered into a Consul namespace
# of the same name as their k8s namespace, optionally prefixed if
# `mirroringK8SPrefix` is set below. If the Consul namespace does not
# already exist, it will be created. Turning this on overrides the
# `consulDestinationNamespace` setting.
# `addK8SNamespaceSuffix` may no longer be needed if enabling this option.
mirroringK8S: false
# If `mirroringK8S` is set to true, `mirroringK8SPrefix` allows each Consul namespace
# to be given a prefix. For example, if `mirroringK8SPrefix` is set to "k8s-", a
# service in the k8s `staging` namespace will be registered into the
# `k8s-staging` Consul namespace.
mirroringK8SPrefix: ""
# addK8SNamespaceSuffix appends Kubernetes namespace suffix to
# each service name synced to Consul, separated by a dash.
# For example, for a service 'foo' in the default namespace,
# the sync process will create a Consul service named 'foo-default'.
# Set this flag to true to avoid registering services with the same name
# but in different namespaces as instances for the same Consul service.
# Namespace suffix is not added if 'annotationServiceName' is provided.
addK8SNamespaceSuffix: true
# consulPrefix is the service prefix which prepends itself
# to Kubernetes services registered within Consul
# For example, "k8s-" will register all services prepended with "k8s-".
# (Kubernetes -> Consul sync)
# consulPrefix is ignored when 'annotationServiceName' is provided.
# NOTE: Updating this property to a non-null value for an existing installation will result in deregistering
# of existing services in Consul and registering them with a new name.
consulPrefix: null
# k8sTag is an optional tag that is applied to all of the Kubernetes services
# that are synced into Consul. If nothing is set, defaults to "k8s".
# (Kubernetes -> Consul sync)
k8sTag: null
# syncClusterIPServices syncs services of the ClusterIP type, which may
# or may not be broadly accessible depending on your Kubernetes cluster.
# Set this to false to skip syncing ClusterIP services.
syncClusterIPServices: true
# nodePortSyncType configures the type of syncing that happens for NodePort
# services. The valid options are: ExternalOnly, InternalOnly, ExternalFirst.
# - ExternalOnly will only use a node's ExternalIP address for the sync
# - InternalOnly use's the node's InternalIP address
# - ExternalFirst will preferentially use the node's ExternalIP address, but
# if it doesn't exist, it will use the node's InternalIP address instead.
nodePortSyncType: ExternalFirst
# aclSyncToken refers to a Kubernetes secret that you have created that contains
# an ACL token for your Consul cluster which allows the sync process the correct
# permissions. This is only needed if ACLs are enabled on the Consul cluster.
aclSyncToken:
secretName: null
secretKey: null
# nodeSelector labels for syncCatalog pod assignment, formatted as a multi-line string.
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
# Example:
# nodeSelector: |
# beta.kubernetes.io/arch: amd64
nodeSelector: null
# Log verbosity level. One of "trace", "debug", "info", "warn", or "error".
logLevel: info
# Override the default interval to perform syncing operations creating Consul services.
consulWriteInterval: null
# ConnectInject will enable the automatic Connect sidecar injector.
connectInject:
# True if you want to enable connect injection. Set to "-" to inherit from
# global.enabled.
# Requires consul-k8s >= 0.10.1.
enabled: false
image: null # image for consul-k8s that contains the injector
default: false # true will inject by default, otherwise requires annotation
# The Docker image for Consul to use when performing Connect injection.
# Defaults to global.image.
imageConsul: null
# The Docker image for envoy to use as the proxy sidecar when performing
# Connect injection. If using Consul 1.7+, the envoy version must be 1.13+.
# If not set, the image used depends on the consul-k8s version. For
# consul-k8s 0.12.0 the default is envoyproxy/envoy-alpine:v1.13.0.
imageEnvoy: null
# namespaceSelector is the selector for restricting the webhook to only
# specific namespaces. This should be set to a multiline string.
# See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
# for more details.
# Example:
# namespaceSelector: |
# matchLabels:
# namespace-label: label-value
namespaceSelector: null
# k8sAllowNamespaces is a list of k8s namespaces to allow Connect sidecar
# injection in. If a k8s namespace is not included or is listed in `k8sDenyNamespaces`,
# pods in that k8s namespace will not be injected even if they are explicitly
# annotated. Use ["*"] to automatically allow all k8s namespaces.
#
# For example, ["namespace1", "namespace2"] will only allow pods in the k8s
# namespaces `namespace1` and `namespace2` to have Connect sidecars injected
# and registered with Consul. All other k8s namespaces will be ignored.
#
# To deny all namespaces, set this to [].
#
# Note: `k8sDenyNamespaces` takes precedence over values defined here and
# `namespaceSelector` takes precedence over both since it is applied first.
# `kube-system` and `kube-public` are never injected, even if included here.
# Requires consul-k8s v0.12+
k8sAllowNamespaces: ["*"]
# k8sDenyNamespaces is a list of k8s namespaces that should not allow Connect
# sidecar injection. This list takes precedence over `k8sAllowNamespaces`.
# `*` is not supported because then nothing would be allowed to be injected.
#
# For example, if `k8sAllowNamespaces` is `["*"]` and k8sDenyNamespaces is
# `["namespace1", "namespace2"]`, then all k8s namespaces besides "namespace1"
# and "namespace2" will be available for injection.
#
# Note: `namespaceSelector` takes precedence over this since it is applied first.
# `kube-system` and `kube-public` are never injected.
# Requires consul-k8s v0.12+.
k8sDenyNamespaces: []
# [Enterprise Only] These settings manage the connect injector's interaction with
# Consul namespaces (requires consul-ent v1.7+ and consul-k8s v0.12+).
# Also, `global.enableConsulNamespaces` must be true.
consulNamespaces:
# consulDestinationNamespace is the name of the Consul namespace to register all
# k8s pods into. If the Consul namespace does not already exist,
# it will be created. This will be ignored if `mirroringK8S` is true.
consulDestinationNamespace: "default"
# mirroringK8S causes k8s pods to be registered into a Consul namespace
# of the same name as their k8s namespace, optionally prefixed if
# `mirroringK8SPrefix` is set below. If the Consul namespace does not
# already exist, it will be created. Turning this on overrides the
# `consulDestinationNamespace` setting.
mirroringK8S: false
# If `mirroringK8S` is set to true, `mirroringK8SPrefix` allows each Consul namespace
# to be given a prefix. For example, if `mirroringK8SPrefix` is set to "k8s-", a
# pod in the k8s `staging` namespace will be registered into the
# `k8s-staging` Consul namespace.
mirroringK8SPrefix: ""
# The certs section configures how the webhook TLS certs are configured.
# These are the TLS certs for the Kube apiserver communicating to the
# webhook. By default, the injector will generate and manage its own certs,
# but this requires the ability for the injector to update its own
# MutatingWebhookConfiguration. In a production environment, custom certs
# should probably be used. Configure the values below to enable this.
certs:
# secretName is the name of the secret that has the TLS certificate and
# private key to serve the injector webhook. If this is null, then the
# injector will default to its automatic management mode that will assign
# a service account to the injector to generate its own certificates.
secretName: null
# caBundle is a base64-encoded PEM-encoded certificate bundle for the
# CA that signed the TLS certificate that the webhook serves. This must
# be set if secretName is non-null.
caBundle: ""
# certName and keyName are the names of the files within the secret for
# the TLS cert and private key, respectively. These have reasonable
# defaults but can be customized if necessary.
certName: tls.crt
keyName: tls.key
# nodeSelector labels for connectInject pod assignment, formatted as a multi-line string.
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
# Example:
# nodeSelector: |
# beta.kubernetes.io/arch: amd64
nodeSelector: null
# aclBindingRuleSelector accepts a query that defines which Service Accounts
# can authenticate to Consul and receive an ACL token during Connect injection.
# The default setting, i.e. serviceaccount.name!=default, prevents the
# 'default' Service Account from logging in.
# If set to an empty string all service accounts can log in.
# This only has effect if ACLs are enabled.
#
# See https://www.consul.io/docs/acl/acl-auth-methods.html#binding-rules
# and https://www.consul.io/docs/acl/auth-methods/kubernetes.html#trusted-identity-attributes
# for more details.
# Requires Consul >= v1.5 and consul-k8s >= v0.8.0.
aclBindingRuleSelector: "serviceaccount.name!=default"
# If you are not using global.acls.manageSystemACLs and instead manually setting up an
# auth method for Connect inject, set this to the name of your auth method.
overrideAuthMethodName: ""
# aclInjectToken refers to a Kubernetes secret that you have created that contains
# an ACL token for your Consul cluster which allows the Connect injector the correct
# permissions. This is only needed if Consul namespaces [Enterprise only] and ACLs
# are enabled on the Consul cluster and you are not setting
# `global.acls.manageSystemACLs` to `true`.
# This token needs to have `operator = "write"` privileges to be able to
# create Consul namespaces.
aclInjectToken:
secretName: null
secretKey: null
# Requires Consul >= v1.5 and consul-k8s >= v0.8.1.
centralConfig:
# enabled controls whether central config is enabled on all servers and clients.
# See https://www.consul.io/docs/agent/options.html#enable_central_service_config.
# If changing this after installation, servers and clients must be restarted
# for the change to take effect.
enabled: true
# defaultProtocol allows you to specify a convenience default protocol if
# most of your services are of the same protocol type. The individual annotation
# on any given pod will override this value.
# Valid values are "http", "http2", "grpc" and "tcp".
defaultProtocol: null
# proxyDefaults is a raw json string that will be written as the value of
# the "config" key of the global proxy-defaults config entry.
# See: https://www.consul.io/docs/agent/config-entries/proxy-defaults.html
# NOTE: Changes to this value after the chart is first installed have *no*
# effect. In order to change the proxy-defaults config after installation,
# you must use the Consul API.
proxyDefaults: |
{}
# Mesh Gateways enable Consul Connect to work across Consul datacenters.
meshGateway:
# If mesh gateways are enabled, a Deployment will be created that runs
# gateways and Consul Connect will be configured to use gateways.
# See https://www.consul.io/docs/connect/mesh_gateway.html
# Requirements: consul >= 1.6.0 and consul-k8s >= 0.9.0 if using
# global.acls.manageSystemACLs.
enabled: false
# Globally configure which mode the gateway should run in.
# Can be set to either "remote", "local", "none" or empty string or null.
# See https://consul.io/docs/connect/mesh_gateway.html#modes-of-operation for
# a description of each mode.
# If set to anything other than "" or null, connectInject.centralConfig.enabled
# should be set to true so that the global config will actually be used.
# If set to the empty string, no global default will be set and the gateway mode
# will need to be set individually for each service.
globalMode: local
# Number of replicas for the Deployment.
replicas: 2
# What gets registered as WAN address for the gateway.
wanAddress:
# source configures where to retrieve the WAN address (and possibly port)
# for the mesh gateway from.
# Can be set to either: Service, NodeIP, NodeName or Static.
#
# Service - Determine the address based on the service type.
# If service.type=LoadBalancer use the external IP or hostname of
# the service. Use the port set by service.port.
# If service.type=NodePort use the Node IP. The port will be set to
# service.nodePort so service.nodePort cannot be null.
# If service.type=ClusterIP use the ClusterIP. The port will be set to
# service.port.
# service.type=ExternalName is not supported.
# NodeIP - The node IP as provided by the Kubernetes downward API.
# NodeName - The name of the node as provided by the Kubernetes downward
# API. This is useful if the node names are DNS entries that
# are routable from other datacenters.
# Static - Use the address hardcoded in meshGateway.wanAddress.static.
source: "Service"
# Port that gets registered for WAN traffic.
# If source is set to "Service" then this setting will have no effect.
# See the documentation for source as to which port will be used in that
# case.
port: 443
# If source is set to "Static" then this value will be used as the WAN
# address of the mesh gateways. This is useful if you've configured a
# DNS entry to point to your mesh gateways.
static: ""
# The service option configures the Service that fronts the Gateway Deployment.
service:
# Whether to create a Service or not.
enabled: true
# Type of service, ex. LoadBalancer, ClusterIP.
type: LoadBalancer
# Port that the service will be exposed on.
# The targetPort will be set to meshGateway.containerPort.
port: 443
# Optionally hardcode the nodePort of the service if using type: NodePort.
# If not set and using type: NodePort, Kubernetes will automatically assign
# a port.
nodePort: null
# Annotations to apply to the mesh gateway service.
# Example:
# annotations: |
# "annotation-key": "annotation-value"
annotations: null
# Optional YAML string that will be appended to the Service spec.
additionalSpec: null
# Envoy image to use. For Consul v1.7+, Envoy version 1.13+ is required.
imageEnvoy: envoyproxy/envoy:v1.13.0
# If set to true, gateway Pods will run on the host network.
hostNetwork: true
# dnsPolicy to use.
dnsPolicy: null
# Override the default 'mesh-gateway' service name registered in Consul.
# Cannot be used if global.acls.manageSystemACLs is true since the ACL token
# generated is only for the name 'mesh-gateway'.
consulServiceName: ""
# Port that the gateway will run on inside the container.
containerPort: 8443
# Optional hostPort for the gateway to be exposed on.
# This can be used with wanAddress.port and wanAddress.useNodeIP
# to expose the gateways directly from the node.
# If hostNetwork is true, this must be null or set to the same port as
# containerPort.
# NOTE: Cannot set to 8500 or 8502 because those are reserved for the Consul
# agent.
hostPort: null
# If there are no connect-enabled services running, then the gateway
# will fail health checks. You may disable health checks as a temporary
# workaround.
enableHealthChecks: true
resources: |
requests:
memory: "128Mi"
cpu: "250m"
limits:
memory: "256Mi"
cpu: "500m"
# By default, we set an anti affinity so that two gateway pods won't be
# on the same node. NOTE: Gateways require that Consul client agents are
# also running on the nodes alongside each gateway Pod.
affinity: |
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: {{ template "consul.name" . }}
release: "{{ .Release.Name }}"
component: mesh-gateway
topologyKey: kubernetes.io/hostname
# Optional YAML string to specify tolerations.
tolerations: null
# Optional YAML string to specify a nodeSelector config.
nodeSelector: null
# Optional priorityClassName.
priorityClassName: ""
# Annotations to apply to the mesh gateway deployment.
# Example:
# annotations: |
# "annotation-key": "annotation-value"
annotations: null
# Control whether a test Pod manifest is generated when running helm template.
# When using helm install, the test Pod is not submitted to the cluster so this
# is only useful when running helm template.
tests:
enabled: true
Upvotes: 2
Views: 1261
Answers (1)
Blake Covarrubias
Reputation: 2303
You need to use a Helm chart that is compatible with the version of Consul you are installing. The last supported Helm chart version which is compatible with Consul 1.7.2 is version 0.21.0. See the compatibility matrix for Consul and Consul on Kubernetes at https://www.consul.io/docs/k8s/upgrade/compatibility for more info.
You should be able to successfully install Consul by using the following Helm install command.
$ helm install consul hashicorp/consul --version 0.21.0 --namespace common --set global.name=consul -f helm-consul-config.yaml
Follow the instructions at https://www.consul.io/docs/k8s/upgrade if you wish to upgrade to a newer version of Consul.
Upvotes: 2
Related Questions
- Helm - Kubernetes cluster unreachable: the server has asked for the client to provide credentials
- helm upgrade --install: Error: Kubernetes cluster unreachable
- Unable to install helm
- Pods Pending for Node-Exporter via Helm on EKS
- Consul add Kubernetes node
- AWS EKS no tiller pod found but helm install is working
- Can't do anything with helm
- Consul on Kubernetes: Consul pods are running but not ready
- Helm not initializing
- Helm on AWS EKS