Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

ambassador-consul-connect must be installed in default namespace for correct functionality with AES + Consul Connect

See original GitHub issue

Describe the bug The Ambassador/AES Consul Connect (service mesh) integration ambassador-consul-connector only functions correctly if installed in the default k8s namespace. This is counter intuitive with the AES in particular, as the (non default) ambassador namespace is used as the target for the installation.

I believe the bug is a result of the ambassador-consul-connect secret always getting installed in the default namespace, regardless of the target install namespace (other required secrets do appear to get installed in the correct namespace).

To Reproduce Steps to reproduce the behavior:

Install AES
Install Consul (via Helm)
Install ambassador-consul-connector
Create service and mapping (e.g. following Ambassador docs)
Observe error in AES Policy Console. Traffic cannot be routed to the service

ambassador-consul.ambassador.1: TLSContext ambassador-consul found no certificate in secret ambassador-consul-connect in namespace ambassador, ignoring...
cluster_dashboard_sidecar_proxy_ambassador_er_round_robin: Originate-TLS context ambassador-consul is not defined
cluster_dashboard_sidecar_proxy_ambassador_er_round_robin: no endpoints found, disabling cluster```

**Expected behavior**
No error, and the abilitu

**Versions (please complete the following information):**
 - Ambassador: all, but tested on AES 1.3.1
 - Kubernetes environment: GKE
 - Version: 1.14.10-gke.24 

**Additional context**
Installation docs can be found here: https://www.getambassador.io/user-guide/consul/

Issue Analytics

State:
Created 3 years ago
Reactions:2
Comments:8 (2 by maintainers)

Top GitHub Comments

2reactions

chris-schracommented, Jan 17, 2021

Hello has this issue been fixed? I’m running the latest version of ambassador, in an ambassador namespace, and I’m trying to connect via PORT 8501 for the consul service

I don’t know how to really solve this, but for anyone stepping by, a hot fix is to enable HTTP (8500) in values:

global:
  name: consul
  datacenter: your-datacenter-name
  federation:
    enabled: true
  tls:
    enabled: true
    httpsOnly: false

0reactions

mjwilkerson-strateoscommented, Nov 10, 2020

Hello has this issue been fixed? I’m running the latest version of ambassador, in an ambassador namespace, and I’m trying to connect via PORT 8501 for the consul service

Top Results From Across the Web

ambassador-consul-connect must be installed in default ...

ambassador-consul-connect must be installed in default namespace for correct functionality with AES + Consul Connect #2515.

Integrate Consul with Ambassador Edge Stack on Kubernetes

AES offers a comprehensive set of security functionality, supports a broad range of ... Next, create a namespace for Ambassador and install the...

Ambassador Edge Stack to Consul Connect

I installed consul with consul-helm and consul resource naming is different, many things are named “consul-consul-*” instead of just “consul-*”; I enabled ACLs ......

Ambassador Edge Stack Integration - 《Consul v1.10 ... - 书栈网

Install AES with the Ambassador Helm chart. You can reference the Ambassador quickstart for detailed installation instructions and options.

https://raw.githubusercontent.com/datawire/ambassa...

- Ambassador Edge Stack provides all the capabilities of Emissary-ingress, as well as additional capabilities including: - Security features such as automatic ...