diff --git a/apps/base/consul/gateway.yaml b/apps/base/consul/gateway.yaml new file mode 100644 index 0000000..90b717e --- /dev/null +++ b/apps/base/consul/gateway.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + name: consul + namespace: consul + labels: + app.kubernetes.io/name: consul + app.kubernetes.io/instance: consul + traefik.io/instance: internal + annotations: + cert-manager.io/cluster-issuer: vault-issuer + cert-manager.io/common-name: consul.k8s.syd1.au.unkin.net + cert-manager.io/private-key-size: "4096" + external-dns.alpha.kubernetes.io/hostname: consul.k8s.syd1.au.unkin.net + external-dns.alpha.kubernetes.io/target: 198.18.200.4 +spec: + gatewayClassName: traefik-internal + listeners: + - name: https + port: 443 + protocol: HTTPS + hostname: consul.k8s.syd1.au.unkin.net + allowedRoutes: + namespaces: + from: Same + tls: + mode: Terminate + certificateRefs: + - kind: Secret + name: consul-tls diff --git a/apps/base/consul/httproute.yaml b/apps/base/consul/httproute.yaml new file mode 100644 index 0000000..c7ad926 --- /dev/null +++ b/apps/base/consul/httproute.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: consul + namespace: consul + labels: + app.kubernetes.io/name: consul + app.kubernetes.io/instance: consul +spec: + hostnames: + - consul.k8s.syd1.au.unkin.net + parentRefs: + - name: consul + sectionName: https + rules: + - backendRefs: + - name: consul-consul-ui + port: 80 + matches: + - path: + type: PathPrefix + value: / diff --git a/apps/base/consul/kustomization.yaml b/apps/base/consul/kustomization.yaml new file mode 100644 index 0000000..2c2b5da --- /dev/null +++ b/apps/base/consul/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - namespace.yaml + - gateway.yaml + - httproute.yaml diff --git a/apps/base/consul/namespace.yaml b/apps/base/consul/namespace.yaml new file mode 100644 index 0000000..e91e994 --- /dev/null +++ b/apps/base/consul/namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: consul diff --git a/apps/overlays/au-syd1/consul/kustomization.yaml b/apps/overlays/au-syd1/consul/kustomization.yaml new file mode 100644 index 0000000..1e3fbef --- /dev/null +++ b/apps/overlays/au-syd1/consul/kustomization.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../base/consul + +patches: + - target: + kind: PodDisruptionBudget + name: consul-server + patch: |- + - op: replace + path: /apiVersion + value: policy/v1 + +helmCharts: + - name: consul + repo: https://helm.releases.hashicorp.com + version: "1.9.7" + releaseName: consul + namespace: consul + valuesFile: values.yaml diff --git a/apps/overlays/au-syd1/consul/values.yaml b/apps/overlays/au-syd1/consul/values.yaml new file mode 100644 index 0000000..1f967ac --- /dev/null +++ b/apps/overlays/au-syd1/consul/values.yaml @@ -0,0 +1,51 @@ +global: + name: consul + datacenter: au-syd1 + domain: consul + +server: + image: hashicorp/consul:1.22.7 + replicas: 5 + bootstrapExpect: 5 + storage: 10Gi + storageClass: cephrbd-fast-delete + + connect: true + + extraConfig: | + { + "disable_remote_exec": true, + "disable_update_check": true, + "performance": { + "raft_multiplier": 10 + }, + "ports": { + "dns": 8600, + "grpc": 8502, + "http": 8500, + "https": -1 + }, + "primary_datacenter": "au-syd1" + } + + resources: + requests: + memory: 256Mi + cpu: 100m + limits: + memory: 2Gi + cpu: 1000m + +client: + enabled: false + +ui: + enabled: true + service: + type: ClusterIP + +connectInject: + enabled: false + +dns: + enabled: true diff --git a/apps/overlays/sandbox/consul/kustomization.yaml b/apps/overlays/sandbox/consul/kustomization.yaml new file mode 100644 index 0000000..e88dcea --- /dev/null +++ b/apps/overlays/sandbox/consul/kustomization.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../base/consul + +patches: + - target: + kind: Namespace + name: consul + patch: |- + - op: replace + path: /metadata/name + value: sandbox-consul + - target: + kind: Gateway + name: consul + patch: |- + - op: replace + path: /metadata/namespace + value: sandbox-consul + - target: + kind: HTTPRoute + name: consul + patch: |- + - op: replace + path: /metadata/namespace + value: sandbox-consul + - target: + kind: PodDisruptionBudget + name: consul-server + patch: |- + - op: replace + path: /apiVersion + value: policy/v1 + +helmCharts: + - name: consul + repo: https://helm.releases.hashicorp.com + version: "1.9.7" + releaseName: consul + namespace: sandbox-consul + valuesFile: values.yaml diff --git a/apps/overlays/sandbox/consul/values.yaml b/apps/overlays/sandbox/consul/values.yaml new file mode 100644 index 0000000..1f967ac --- /dev/null +++ b/apps/overlays/sandbox/consul/values.yaml @@ -0,0 +1,51 @@ +global: + name: consul + datacenter: au-syd1 + domain: consul + +server: + image: hashicorp/consul:1.22.7 + replicas: 5 + bootstrapExpect: 5 + storage: 10Gi + storageClass: cephrbd-fast-delete + + connect: true + + extraConfig: | + { + "disable_remote_exec": true, + "disable_update_check": true, + "performance": { + "raft_multiplier": 10 + }, + "ports": { + "dns": 8600, + "grpc": 8502, + "http": 8500, + "https": -1 + }, + "primary_datacenter": "au-syd1" + } + + resources: + requests: + memory: 256Mi + cpu: 100m + limits: + memory: 2Gi + cpu: 1000m + +client: + enabled: false + +ui: + enabled: true + service: + type: ClusterIP + +connectInject: + enabled: false + +dns: + enabled: true diff --git a/argocd/applicationsets/platform.yaml b/argocd/applicationsets/platform.yaml index 218d5ea..040ad30 100644 --- a/argocd/applicationsets/platform.yaml +++ b/argocd/applicationsets/platform.yaml @@ -15,6 +15,7 @@ spec: - path: apps/overlays/*/cert-manager - path: apps/overlays/*/certificates - path: apps/overlays/*/cnpg-system + - path: apps/overlays/*/consul - path: apps/overlays/*/elastic-system - path: apps/overlays/*/externaldns - path: apps/overlays/*/inteldeviceplugins-system