Last active
April 28, 2019 03:40
-
-
Save kainlite/4f787ef0e5152eb14928a73b3e2b9d91 to your computer and use it in GitHub Desktop.
consul
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create secret for the gossip protocol | |
| $ export GOSSIP_ENCRYPTION_KEY=$(consul keygen) | |
| # Create kubernetes secret with the certificates and the gossip encryption key | |
| # This will be used by all consul servers to make them able to communicate | |
| # And also join the cluster. | |
| $ kubectl create secret generic consul \ | |
| --from-literal="gossip-encryption-key=${GOSSIP_ENCRYPTION_KEY}" \ | |
| --from-file=certs/consul-agent-ca.pem \ | |
| --from-file=certs/dc1-server-consul-0.pem \ | |
| --from-file=certs/dc1-server-consul-0-key.pem | |
| secret/consul created | |
| # Store the configuration as a configmap | |
| $ kubectl create configmap consul --from-file=consul/config.json | |
| configmap/consul created | |
| # Create a service so the pods can see each other | |
| $ kubectl create -f consul/01-service.yaml | |
| service/consul created | |
| # Create the consul pods | |
| $ kubectl create -f consul/02-statefulset.yaml | |
| statefulset.apps/consul created | |
| # To be test consul we need to port-forward the port 8500 to our computer | |
| $ kubectl port-forward consul-1 8500:8500 | |
| # Then we can validate that all the consul members are alive and well | |
| $ consul members | |
| Node Address Status Type Build Protocol DC Segment | |
| consul-0 172.17.0.5:8301 alive server 1.4.4 2 dc1 <all> | |
| consul-1 172.17.0.6:8301 alive server 1.4.4 2 dc1 <all> | |
| consul-2 172.17.0.7:8301 alive server 1.4.4 2 dc1 <all> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment