This repository was archived by the owner on Aug 25, 2021. It is now read-only.
Server wan ports #839
Merged
Server wan ports #839
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is needed because in some cases Kubernetes will refuse udp traffic.
When `server.exposeGossipAndRPCPorts` is true, expose server's serf WAN port as a host port on 8302. This is needed for specific cases where serf attempts to use the WAN network because the advertise IP is the host IP and so it will attempt to use hostIP and 8302. This port does not need to be configurable (unlike serf LAN) because clients don't expose a serf WAN port, only servers and so it won't collide with client ports.
lkysow
requested review from
a team,
kschoche and
thisisnotashwin
and removed request for
a team
| UDP traffic would not be routed properly. | ||
|
|
||
| In addition, if `server.exposeGossipAndRPCPorts` is true, expose the WAN port | ||
| (`8302`) as a host port. [[GH-839](https://github.com/hashicorp/consul-helm/pull/839)] |
There was a problem hiding this comment.
Just curious, were you able to see any error logs without this change?
There was a problem hiding this comment.
No, only the failing of the API call.
ndhanushkodi
approved these changes
Feb 23, 2021
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
It turns out that we do need to expose the server wan port as a host port when the advertise IP is the node IP in order for the
/operator/keyringto work. There may be other reasons as well but we know this doesn't work without it.Changes proposed in this PR:
serfwanintoserfwan-tcpandserfwan-udp(similar toserflan-tcp/udp) because when exposed as ahostPortif the UDP protocol port doesn't exist then the/operator/keyringAPI failsserfwanas a host port whenserver.exposeGossipAndRPCPortsistrueFIxes #838, re-opens and concludes #762.
How I've tested this PR:
kubectl create secret generic consul-gossip-encryption-key --from-literal=key=$(consul keygen)Use values.yaml
Install with latest helm chart
Run
kubectl exec consul-server-0 -- curl -sS localhost:8500/v1/operator/keyringUninstall
Install with this branch
Run
kubectl exec consul-server-0 -- curl -sS localhost:8500/v1/operator/keyringHow I expect reviewers to test this PR:
Checklist: