kubernetes - 如何将K8s服务同步到K8s以外的Consul集群？

Question

从领事k8s document:
Consul服务器群集可以在Kubernetes群集内运行，也可以在Kubernetes群集内运行。
Consul服务器群集不需要与同步过程在同一台计算机或同一平台上运行。
需要使用Consul群集的地址以及任何其他访问信息(例如ACL token )来配置同步过程。

我要同步的领事集群是k8s集群之外的，根据该文档，我必须将地址传递给领事集群以进行同步过程，但是用于安装同步过程的 Helm 图没有任何值配置领事群集的IP地址。

syncCatalog: 

  # True if you want to enable the catalog sync. "-" for default. 

  enabled: false 

  image: null 

  default: true # true will sync by default, otherwise requires annotation 



  # toConsul and toK8S control whether syncing is enabled to Consul or K8S 

  # as a destination. If both of these are disabled, the sync will do nothing. 

  toConsul: true 

  toK8S: true 



  # k8sPrefix is the service prefix to prepend to services before registering 

  # with Kubernetes. For example "consul-" will register all services 

  # prepended with "consul-". (Consul -> Kubernetes sync) 

  k8sPrefix: null 



  # consulPrefix is the service prefix which preprends itself 

  # to Kubernetes services registered within Consul 

  # For example, "k8s-" will register all services peprended with "k8s-". 

  # (Kubernetes -> Consul sync) 

  consulPrefix: null 



  # k8sTag is an optional tag that is applied to all of the Kubernetes services 

  # that are synced into Consul. If nothing is set, defaults to "k8s". 

  # (Kubernetes -> Consul sync) 

  k8sTag: null 



  # syncClusterIPServices syncs services of the ClusterIP type, which may 

  # or may not be broadly accessible depending on your Kubernetes cluster. 

  # Set this to false to skip syncing ClusterIP services. 

  syncClusterIPServices: true 



  # nodePortSyncType configures the type of syncing that happens for NodePort 

  # services. The valid options are: ExternalOnly, InternalOnly, ExternalFirst. 

  # - ExternalOnly will only use a node's ExternalIP address for the sync 

  # - InternalOnly use's the node's InternalIP address 

  # - ExternalFirst will preferentially use the node's ExternalIP address, but 

  #   if it doesn't exist, it will use the node's InternalIP address instead. 

  nodePortSyncType: ExternalFirst 



  # aclSyncToken refers to a Kubernetes secret that you have created that contains 

  # an ACL token for your Consul cluster which allows the sync process the correct 

  # permissions. This is only needed if ACLs are enabled on the Consul cluster. 

  aclSyncToken: 

    secretName: null 

    secretKey: null 



  # nodeSelector labels for syncCatalog pod assignment, formatted as a muli-line string. 

  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector 

  # Example: 

  # nodeSelector: | 

  #   beta.kubernetes.io/arch: amd64 

  nodeSelector: null

那么，如何为同步过程设置领事群集的IP地址呢？

Answer 1

看起来像k8s主机上的同步服务runs via the consul agent。

          env:
            - name: HOST_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.hostIP

          command: 
            - consul-k8s sync-catalog \
                  -http-addr=${HOST_IP}:8500

不能直接配置，但是helm可以通过 client.join (yaml src)配置代理/客户端:

If this is null (default), then the clients will attempt to automatically join the server cluster running within Kubernetes. This means that with server.enabled set to true, clients will automatically join that cluster. If server.enabled is not true, then a value must be specified so the clients can join a valid cluster.

该值作为 --retry-join 选项传递给领事代理。

client:
  enabled: true
  join:
  - consul1
  - consul2
  - consul3
syncCatalog:
  enabled: true