Cluster Peering on Kubernetes
Cluster peering is currently in technical preview: Functionality associated with cluster peering is subject to change. You should never use the technical preview release in secure environments or production scenarios. Features in technical preview may have performance issues, scaling issues, and limited support.
To establish a cluster peering connection on Kubernetes, you need to enable the feature in the Helm chart and create custom resource definitions for each side of the peering.
The following Custom Resource Definitions (CRDs) are used to create and manage a peering connection:
PeeringAcceptor
: Generates a peering token and accepts an incoming peering connection.PeeringDialer
: Uses a peering token to make an outbound peering connection with the cluster that generated the token.
Prerequisites
You must implement the following requirements to create and use cluster peering connections with Kubernetes:
- Consul 1.13 Alpha 2 or later
- At least two Kubernetes clusters
- The Kubernetes clusters must be running in a flat network
- The network must be running on Consul on Kubernetes v.0.45 or later
Helm chart configuration
To establish cluster peering through Kubernetes, deploy clusters with the following Helm values.
Install Consul on Kubernetes on each Kubernetes cluster by applying values.yaml
using the Helm CLI.
Create a peering connection
To peer Kubernetes clusters running Consul, you need to create a peering token and share it with the other cluster.
In
cluster-01
, create thePeeringAcceptor
custom resource.acceptor.ymlApply the
PeeringAcceptor
resource to the first cluster.Save your peering token so that you can export it to the other cluster.
Apply the peering token to the second cluster.
In
cluster-02
, create thePeeringDialer
custom resource.dialer.ymlApply the
PeeringDialer
resource to the second cluster.
Deploy and export cluster services
For the service in "cluster-02" that you want to export, add the following annotations to your service's pods. This service is referred to as "backend-service" in the following steps.
backend-service.ymlIn
cluster-02
, create anExportedServices
custom resource.exportedsvc.ymlCreate service intentions for the second cluster.
intention.ymlApply the service file, the
ExportedServices
resource, and the intentions to the second cluster.To confirm that you peered your clusters, in
cluster-01
, query the/health
HTTP endpoint.For the services in
cluster-01
that you want to access the "backend-service," add the following annotations to the service file.frontend-service.ymlApply the service file to the first cluster.
Run the following command and check the output to confirm that you peered your clusters successfully.
End a peering connection
To end a peering connection, delete both the PeeringAcceptor
and PeeringDialer
resources.
To confirm that you deleted your peering connection, in cluster-01
, query the /health
HTTP endpoint. The peered services should no longer appear.