Architecture
This topic describes the architecture, components, and resources associated with Consul deployments to Kubernetes. Consul employs the same architectural design on Kubernetes as it does with other platforms, but Kubernetes provides additional benefits that make operating a Consul cluster easier. Refer to Consul Architecture for more general information on Consul's architecture.
For more specific guidance:
- For guidance on datacenter design, refer to Consul and Kubernetes Reference Architecture.
- For step-by-step deployment guidance, refer to Consul and Kubernetes Deployment Guide.
- For non-Kubernetes guidance, refer to the standard production deployment guide.
Server Agents
The server agents are deployed as a StatefulSet and use persistent volume
claims to store the server state. This also ensures that the
node ID is persisted so that servers
can be rescheduled onto new IP addresses without causing issues. The server agents
are configured with
anti-affinity
rules so that they are placed on different nodes. A readiness probe is
configured that marks the pod as ready only when it has established a leader.
A Kubernetes Service is registered to represent the servers and exposes ports that are required to communicate to the Consul server pods.
The servers utilize the DNS address of this service to join a Consul cluster, without requiring any other access to the Kubernetes cluster. Additional consul servers may also utilize non-ready endpoints which are published by the Kubernetes service, so that servers can utilize the service for joining during bootstrap and upgrades.
Additionally, a PodDisruptionBudget is configured so the Consul server
cluster maintains quorum during voluntary operational events. The maximum
unavailable is (n/2)-1 where n is the number of server agents.
Note: Kubernetes and Helm do not delete Persistent Volumes or Persistent Volume Claims when a StatefulSet is deleted, so this must done manually when removing servers.
Consul Dataplane
By default, Consul on Kubernetes uses an alternate service mesh configuration that injects sidecars without client agents. Consul Dataplane manages Envoy proxies and leaves responsibility for other functions to the orchestrator, which removes the need to run client agents on every node.
Refer to Simplified Service Mesh with Consul Dataplanes for more information.
Consul Dataplane is the default proxy manager in Consul on Kubernetes 1.14 and later. If you are on Consul 1.13 or older, refer to upgrading to Consul Dataplane for specific upgrade instructions.