Installing and Managing Consul on Kubernetes with Helm and consul-k8s

Bruce LBruce L
2 min read

This guide provides instructions for installing Consul on Kubernetes using Helm and the consul-k8s CLI, including how to list available versions, configure secure deployments, and perform a rolling restart of Consul server pods.

1. Prerequisites

Ensure you have the following tools installed:

  • Helm (version compatible with your Kubernetes cluster)

  • kubectl configured for your Kubernetes cluster

  • consul-k8s CLI (optional, for simplified installations)

2. Adding the HashiCorp Helm Repository

To access Consul Helm charts, add the HashiCorp Helm repository:

helm repo add hashicorp https://helm.releases.hashicorp.com
helm repo update

3. Listing Available Consul-k8s Versions

To view all available versions of the Consul Helm chart:

helm search repo hashicorp/consul --versions

This command lists all versions of the hashicorp/consul chart, helping you select the appropriate version for your deployment.

4. Installing Consul with Helm

Basic Installation

Install Consul using a specific chart version and a custom values.yaml file.

# values.yaml
controller:
  enabled: true
connectInject:
  enabled: true
global:
  acls:
    manageSystemACLs: true
  gossipEncryption:
    autoGenerate: true
  name: consul
  tls:
    enableAutoEncrypt: true
    enabled: true
server:
  replicas: 1
ui:
  enabled: true
  service:
    type: LoadBalancer

Use the --debug flag to observe the installation process in detail:

helm install consul hashicorp/consul --version "0.49.1" -f values.yaml --wait --debug

Note: The --wait flag ensures the installation completes before returning control, and --debug provides verbose output for troubleshooting.

Secure Installation with consul-k8s CLI

For a streamlined installation with ACLs, TLS, and Prometheus enabled, use the consul-k8s CLI with the secure preset:

consul-k8s install --preset secure \
  --set server.replicas=3 \
  --set ui.service.type=LoadBalancer \
  --set prometheus.enabled=true

This command configures:

  • Enable ACLs and TLS

  • 3 server replicas

  • A LoadBalancer service for the Consul UI

  • Built-in Prometheus monitoring

Custom Helm Installation with Overrides

To customize settings beyond the values.yaml file, use --set flags to override specific parameters:

helm install consul hashicorp/consul --version="1.0.3" -f values.yaml \
  --set global.acls.createReplicationToken=true \
  --set global.federation.enabled=true \
  --set global.federation.createFederationSecret=true \
  --set meshGateway.enabled=true \
  --set meshGateway.replicas=1 \
  --set meshGateway.service.port=8443 \
  --wait --debug

This example enables federation, ACL replication, and a single mesh gateway on port 8443.

5. Performing a Rolling Restart of Consul Server Pods

To gracefully restart a Consul server pod (e.g., consul-server-0):

  1. Initiate the pod's graceful leave:

     kubectl exec consul-server-0 -- consul leave -token $CONSUL_TOKEN

    Replace $CONSUL_TOKEN with your Consul ACL token.

  2. Monitor the rolling update:

     kubectl rollout status statefulset/consul-server --watch

    This command tracks the progress of the StatefulSet rolling update until completion.

0
Subscribe to my newsletter

Read articles from Bruce L directly inside your inbox. Subscribe to the newsletter, and don't miss out.

consul-k8sconsulKubernetes#ServiceMeshenvoyHelmkubectl

Written by

Bruce L
Bruce L

I’ve been rocking the DevOps journey for a decade, starting with building Cisco’s software-defined datacenters for multi-region OpenStack infrastructures. I then shifted to serverless and container deployments for finance institutions. Now, I’m deep into service meshes like Consul, automating with Ansible and Terraform, and running workloads on Kubernetes and Nomad. Stick around for some new tech and DevOps adventures!