如何将 K8s 服务同步到 K8s 外的 Consul 集群？

Question

来自consul-k8sdocument： Consul 服务器集群可以在 Kubernetes 集群内部或外部运行。 Consul 服务器集群不需要与同步进程运行在同一台机器或同一平台上。 同步过程需要配置 Consul 集群的地址以及任何其他访问信息，例如 ACL 令牌。

我要同步的consul集群在k8s集群之外，根据文档，我必须将地址传递给consul集群进行同步过程。但是，安装同步的helm图表进程不包含任何配置领事集群IP地址的值。

syncCatalog: 

  # True if you want to enable the catalog sync. "-" for default. 

  enabled: false 

  image: null 

  default: true # true will sync by default, otherwise requires annotation 



  # toConsul and toK8S control whether syncing is enabled to Consul or K8S 

  # as a destination. If both of these are disabled, the sync will do nothing. 

  toConsul: true 

  toK8S: true 



  # k8sPrefix is the service prefix to prepend to services before registering 

  # with Kubernetes. For example "consul-" will register all services 

  # prepended with "consul-". (Consul -> Kubernetes sync) 

  k8sPrefix: null 



  # consulPrefix is the service prefix which preprends itself 

  # to Kubernetes services registered within Consul 

  # For example, "k8s-" will register all services peprended with "k8s-". 

  # (Kubernetes -> Consul sync) 

  consulPrefix: null 



  # k8sTag is an optional tag that is applied to all of the Kubernetes services 

  # that are synced into Consul. If nothing is set, defaults to "k8s". 

  # (Kubernetes -> Consul sync) 

  k8sTag: null 



  # syncClusterIPServices syncs services of the ClusterIP type, which may 

  # or may not be broadly accessible depending on your Kubernetes cluster. 

  # Set this to false to skip syncing ClusterIP services. 

  syncClusterIPServices: true 



  # nodePortSyncType configures the type of syncing that happens for NodePort 

  # services. The valid options are: ExternalOnly, InternalOnly, ExternalFirst. 

  # - ExternalOnly will only use a node's ExternalIP address for the sync 

  # - InternalOnly use's the node's InternalIP address 

  # - ExternalFirst will preferentially use the node's ExternalIP address, but 

  #   if it doesn't exist, it will use the node's InternalIP address instead. 

  nodePortSyncType: ExternalFirst 



  # aclSyncToken refers to a Kubernetes secret that you have created that contains 

  # an ACL token for your Consul cluster which allows the sync process the correct 

  # permissions. This is only needed if ACLs are enabled on the Consul cluster. 

  aclSyncToken: 

    secretName: null 

    secretKey: null 



  # nodeSelector labels for syncCatalog pod assignment, formatted as a muli-line string. 

  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector 

  # Example: 

  # nodeSelector: | 

  #   beta.kubernetes.io/arch: amd64 

  nodeSelector: null

那么如何设置同步过程的consul集群ip地址？

Answer 1

看起来像k8s主机上的同步服务runs via the consul agent。

          env:
            - name: HOST_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.hostIP

          command: 
            - consul-k8s sync-catalog \
                  -http-addr=${HOST_IP}:8500

不能直接配置，但是helm可以通过client.join（yaml src）配置代理/客户端：

如果这是 null（默认值），那么客户端将尝试自动加入在 Kubernetes 中运行的服务器集群。这意味着将 server.enabled 设置为 true 时，客户端将自动加入该集群。如果 server.enabled 不为真，则必须指定一个值，以便客户端可以加入有效的集群。

此值作为--retry-join 选项传递给领事代理。

client:
  enabled: true
  join:
  - consul1
  - consul2
  - consul3
syncCatalog:
  enabled: true