Introducing OpenShift Support for HashiCorp Consul on Kubernetes

Consul 1.9 now provides OpenShift support for Kubernetes deployments with a secure-by-default configuration.

Nov 18 2020David Yu, Iryna Shustava

As part of the Consul 1.9 release, we are pleased to introduce support for RedHat OpenShift v4 for Consul on Kubernetes. Using the Consul Helm chart, we now provide the capability to easily deploy Consul Enterprise onto OpenShift to provide OpenShift users an enterprise-grade multi-cluster service networking experience.

»Overview

RedHat OpenShift is a leading enterprise container platform that provides a secure by default experience for container deployments. Historically, RedHat has been one of the most active contributors to Kubernetes and has spearheaded efforts such as RBAC for Kubernetes. In addition, many features within OpenShift have influenced Kubernetes, such as Pod Security Policies which is inspired by OpenShift’s Security Context Constraints.

One of the main advantages that Consul provides is that it is designed to be deployed as a multi-platform and multi-cluster service mesh. For Kubernetes, Consul provides an easy install mechanism using Helm to quickly deploy a new Consul Server Mesh onto an existing Kubernetes cluster for a variety of different deployment models. In addition to deploying both servers and clients on Kubernetes, Consul can be deployed so that Consul servers can be hosted externally and only clients deployed onto Kubernetes. Federation is also designed with multiple platforms in mind, as federation models are provided to easily bridge multiple Kubernetes clusters together, or bridge Kubernetes clusters with VMs.

With the introduction of Helm3, Helm no longer requires a server-side process called Tiller to be installed on Kubernetes. OpenShift v4.4 and above now also supports Helm3 GA and includes Helm by default as part of the installation. Consul Kubernetes now supports installing Consul on Kubernetes securely onto OpenShift using Security Context Constraints, and also ensures that OpenShift users can run Consul containers as non-root. This provides an easy out of the box and secure experience for users of OpenShift, that previously required extensive customizations to our Helm Chart.

»Install Consul on Kubernetes on OpenShift

First, to install Consul on OpenShift you will need to create a new OpenShift project. Creating a new project creates a Kubernetes namespace for Consul under-the-hood.

$ oc new-project consul

Next, let’s add the HashiCorp Helm releases repository so that you can install Consul Kubernetes via the Official Helm repository.

$ helm repo add hashicorp https://helm.releases.hashicorp.com

After adding the HashiCorp Helm releases repository, you can install the Helm chart into the Consul project. You can do so by either enabling OpenShift through the set override flags, or through the Helm values config file.

$ helm install consul hashicorp/consul \
     --namespace consul \
--set global.name=consul \
--set global.openshift.enabled=true

You can also enable OpenShift support by setting the global.openshift.enabled to true in the Helm values file, and then running Helm install.

global:
  openshift:
    enabled: true

»Run Consul on Kubernetes Clients with External Consul Servers

Consul for Kubernetes can also be configured to allow external Consul servers to connect to a remote Kubernetes cluster. With OpenShift, the Consul cluster can also run externally so that it can be managed outside of OpenShift. HashiCorp Consul Service on Azure and HashiCorp Cloud Platform on AWS are managed offerings of Consul where you can host your Consul Servers for Consul Clients deployed on Kubernetes. You can find how to get started with HashiCorp Cloud Platform on AWS via a Learn tutorial here, and HashiCorp Consul Service on Azure here. Below is a snippet on how to enable external server support for Consul on Kubernetes as described in our docs:

global:
  tls:
    enabled: true
    enableAutoEncrypt: true
externalServers:
  enabled: true
  hosts:
    - 'provider=my-cloud config=val ...'

»Conclusion

RedHat OpenShift support is now available as of Consul Helm v0.25 and above. This will allow you to quickly deploy Consul on Kubernetes with the correct security settings that satisfy OpenShift’s requirements. Please go to our OpenShift Learn guide to find out more on how to get started with OpenShift.

Kubernetes

Sign up for the latest HashiCorp news

By submitting this form, you acknowledge and agree that HashiCorp will process your personal information in accordance with the Privacy Policy.

More blog posts like this one

Introducing The Infrastructure Cloud
April 22 2024 | Products & Technology
Introducing The Infrastructure Cloud

Do cloud right with The Infrastructure Cloud from HashiCorp. Unlock developer potential while controlling cloud costs and risk.

A blueprint for cloud success with HashiCorp at Google Cloud Next
April 11 2024 | Products & Technology
A blueprint for cloud success with HashiCorp at Google Cloud Next

A recap of HashiCorp infrastructure and security news and developments from Google Cloud Next, from scaling infrastructure as code to fighting secrets sprawl and more.

Seamlessly migrate from Consul service discovery to service mesh
March 11 2024 | Products & Technology
Seamlessly migrate from Consul service discovery to service mesh

Try this example method for transitioning from Consul service discovery to service mesh without affecting uptimes or development teams.