Skip to main content
June 20-22 Announcing HashiConf Europe full schedule: keynotes, sessions, labs & more Register Now
Type '/' to Search

Getting Started with Consul Service Mesh for Kubernetes

This tutorial installs and configures Consul service mesh on an existing Kubernetes cluster.

By the end of this tutorial, you will be able to identify the installation prerequisites, install Consul with the official Helm chart, and deploy an example workload.

»Prerequisites

The following components are required to complete this tutorial:

  • Access to a Kubernetes cluster. You can deploy a cluster locally using kind or Minikube.

    Using Minikube with VirtualBox: Start Minikube with the VirtualBox drivers: minikube start --driver=virtualbox

  • kubectl v1.22+. You can issue the version command to verify that kubectl is installed:

    $ kubectl version --short

Client Version: v1.21.3
Server Version: v1.20.0

    $ kubectl version --short

Client Version: v1.21.3
Server Version: v1.20.0

  • One of the following tools should be installed:

    • Helm v3.5.4+. Issue the version command to verify that helm is installed:

      $ helm version --short

v3.5.4+g1b5edb6

      $ helm version --short

v3.5.4+g1b5edb6

    • The Consul K8s command line tool (consul-k8s). Issue the version command to verify that consul-k8s is installed:

      $ consul-k8s version
consul-k8s 0.39.0

      $ consul-k8s version
consul-k8s 0.39.0

»Clone the Demo Configuration and Application

The learn-consul-kubernetes repository contains several resources for helping you understand how to use Consul in your Kubernetes clusters. Clone the repository to download the demo configuration and application:

$ git clone https://github.com/hashicorp/learn-consul-kubernetes.git

$ git clone https://github.com/hashicorp/learn-consul-kubernetes.git

Change to the /service-mesh/deploy directory, which contain all of the artifacts used in this tutorial. 

$ cd learn-consul-kubernetes/service-mesh/deploy

$ cd learn-consul-kubernetes/service-mesh/deploy

»Deploy Consul

You can deploy Consul with Helm or with the consul-k8s command line tool.

To deploy Consul service mesh using Helm, you need a copy of the official chart. You can add the official HashiCorp Consul Helm chart repo from the command line using the Helm CLI.

$ helm repo add hashicorp https://helm.releases.hashicorp.com

"hashicorp" has been added to your repositories

$ helm repo add hashicorp https://helm.releases.hashicorp.com

"hashicorp" has been added to your repositories

Update your local Helm repositories to ensure you have the latest Consul Helm chart.

$ helm repo update

Hang tight while we grab the latest from your chart repositories...
...TRUNCATED...
Update Complete. ⎈Happy Helming!⎈

$ helm repo update

Hang tight while we grab the latest from your chart repositories...
...TRUNCATED...
Update Complete. ⎈Happy Helming!⎈

Deploy the Consul Helm chart using the values in config.yaml. This deploys the control plane for the service mesh, which includes a Consul server, client, controller, and injector in a dedicated consul Kubernetes namespace. It also installs a demo instance of Prometheus and Grafana for metrics.

$ helm install -f config.yaml consul hashicorp/consul --create-namespace -n consul --version "0.43.0"

NAME: consul
...TRUNCATED...
  $ helm status consul
  $ helm get all consul

$ helm install -f config.yaml consul hashicorp/consul --create-namespace -n consul --version "0.43.0"

NAME: consul
...TRUNCATED...
  $ helm status consul
  $ helm get all consul

Validate the installation by checking for running Consul pods.

$ kubectl get pods --namespace consul --selector app=consul

NAME                                           READY   STATUS    RESTARTS   AGE
consul-client-5m8x6                            1/1     Running   0          107s
consul-connect-injector-779f47bd5c-lz29v       1/1     Running   0          107s
consul-connect-injector-779f47bd5c-mg82l       1/1     Running   0          107s
consul-controller-8685544b44-24qhf             1/1     Running   0          107s
consul-server-0                                1/1     Running   0          107s
consul-webhook-cert-manager-5ccc876d58-6bqf8   1/1     Running   0          107s

$ kubectl get pods --namespace consul --selector app=consul

NAME                                           READY   STATUS    RESTARTS   AGE
consul-client-5m8x6                            1/1     Running   0          107s
consul-connect-injector-779f47bd5c-lz29v       1/1     Running   0          107s
consul-connect-injector-779f47bd5c-mg82l       1/1     Running   0          107s
consul-controller-8685544b44-24qhf             1/1     Running   0          107s
consul-server-0                                1/1     Running   0          107s
consul-webhook-cert-manager-5ccc876d58-6bqf8   1/1     Running   0          107s

»Interact with Consul

To access the Consul UI, set up port forwarding to port 18500.

$ kubectl --namespace consul port-forward service/consul-ui 18500:80 --address 0.0.0.0

$ kubectl --namespace consul port-forward service/consul-ui 18500:80 --address 0.0.0.0

Then, go to http://localhost:18500 in your browser. Explore the Consul UI by examining the "Nodes" and "Services" tabs.

consul ui showing services tab with consul

You can use kubectl exec to get direct access to any container, including the Consul server. Use this command to check for a list of Consul's servers and clients. Consul servers configure and control the service mesh, while clients help with service discovery.

$ kubectl exec -it consul-server-0 --namespace consul -- consul members

Node             Address          Status  Type    Build   Protocol  DC   Partition  Segment
consul-server-0  172.17.0.5:8301  alive   server  1.12.0  2         dc1  default    <all>
minikube         172.17.0.4:8301  alive   client  1.12.0  2         dc1  default    <default>

$ kubectl exec -it consul-server-0 --namespace consul -- consul members

Node             Address          Status  Type    Build   Protocol  DC   Partition  Segment
consul-server-0  172.17.0.5:8301  alive   server  1.12.0  2         dc1  default    <all>
minikube         172.17.0.4:8301  alive   client  1.12.0  2         dc1  default    <default>

»Deploy a demo application

You can explore Consul service mesh by installing a demo application. The demo application, named HashiCups, includes a set of three services and a PostgreSQL database. It allows you to order a cup of coffee.

demo application architecture with three services and a database

Open a new terminal and deploy the demo application to your cluster.

$ kubectl apply -f hashicups/

$ kubectl apply -f hashicups/

The services use an annotation that allows Consul to automatically inject a proxy for each service. The proxies create a data plane to handle requests between services based on configuration from Consul. You can check for applications with proxies by selecting the label for Consul injection.

$ kubectl get pods --selector consul.hashicorp.com/connect-inject-status=injected

NAME                           READY   STATUS    RESTARTS   AGE
frontend-6f548678bb-tmjmn      2/2     Running   0          11m
postgres-7847fc4696-ljswz      2/2     Running   0          11m
product-api-7f45c88999-687t5   2/2     Running   0          11m
public-api-7bb69fcfd6-vn27f    2/2     Running   0          11m

$ kubectl get pods --selector consul.hashicorp.com/connect-inject-status=injected

NAME                           READY   STATUS    RESTARTS   AGE
frontend-6f548678bb-tmjmn      2/2     Running   0          11m
postgres-7847fc4696-ljswz      2/2     Running   0          11m
product-api-7f45c88999-687t5   2/2     Running   0          11m
public-api-7bb69fcfd6-vn27f    2/2     Running   0          11m

»Explore the application

You can now explore the demo application and how it uses Consul service mesh. Forward the frontend service to port 18080.

$ kubectl port-forward service/frontend 18080:80 --address 0.0.0.0

$ kubectl port-forward service/frontend 18080:80 --address 0.0.0.0

The HashiCups UI will be available at http://localhost:18080 in your browser. Refresh the page a few times.

coffee cup with packer logo to buy a packer spiced latte

Go to the Consul UI on http://localhost:18500. You'll find the HashiCups services registered to Consul service mesh with proxies.

consul ui showing hashicups services registered as healthy

Select the product-api service. The Topology tab indicates that requests to the public-api goes to the product-api before accessing the database. Consul embeds a graph aggregating successful requests and error metrics.

consul ui showing topology and graph for requests to product api

»Next steps

In this tutorial, you configured Consul service mesh on an existing Kubernetes cluster using the official Helm chart. You also deployed an example application to explore the service topology and track requests.

For a detailed explanation of Consul service mesh, review our tutorial explaining its design and features.

Learn more about using Consul on Kubernetes in the following tutorials:

stdin: is not a tty