Manage cluster peering connections on Kubernetes
This usage topic describes how to manage cluster peering connections on Kubernetes deployments.
After you establish a cluster peering connection, you can get a list of all active peering connections, read a specific peering connection's information, and delete peering connections.
For general guidance for managing cluster peering connections, refer to Manage L7 traffic with cluster peering.
Reset a peering connection
To reset the cluster peering connection, you need to generate a new peering token from the cluster where you created the PeeringAcceptor
CRD. The only way to create or set a new peering token is to manually adjust the value of the annotation consul.hashicorp.com/peering-version
. Creating a new token causes the previous token to expire.
In the
PeeringAcceptor
CRD, add the annotationconsul.hashicorp.com/peering-version
. If the annotation already exists, update its value to a higher version.acceptor.ymlAfter updating
PeeringAcceptor
, repeat all of the steps to establish a new peering connection.
List all peering connections
In Consul on Kubernetes deployments, you can list all active peering connections in a cluster using the Consul CLI.
If necessary, configure your CLI to interact with the Consul cluster.
Run the
consul peering list
CLI command.
Read a peering connection
In Consul on Kubernetes deployments, you can get information about individual peering connections between clusters using the Consul CLI.
If necessary, configure your CLI to interact with the Consul cluster.
Run the
consul peering read
CLI command.
Delete peering connections
To end a peering connection in Kubernetes deployments, delete both the PeeringAcceptor
and PeeringDialer
resources.
Delete the
PeeringDialer
resource from the second cluster.Delete the
PeeringAcceptor
resource from the first cluster.
To confirm that you deleted your peering connection in cluster-01
, query the the /health
HTTP endpoint:
Exec into the server pod for the first cluster.
If you've enabled ACLs, export an ACL token to access the
/health
HTP endpoint for services. The bootstrap token may be used if an ACL token is not already provisioned.Query the the
/health
HTTP endpoint. Peered services with deleted connections should no longe appear.