diff --git a/apps/base/consul/gateway.yaml b/apps/base/consul/gateway.yaml new file mode 100644 index 0000000..30d7e9f --- /dev/null +++ b/apps/base/consul/gateway.yaml @@ -0,0 +1,51 @@ +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + name: consul + namespace: consul + labels: + app.kubernetes.io/name: consul + app.kubernetes.io/instance: consul + traefik.io/instance: internal + annotations: + cert-manager.io/cluster-issuer: vault-issuer + cert-manager.io/common-name: consul.k8s.syd1.au.unkin.net + cert-manager.io/private-key-size: "4096" + cert-manager.io/alt-names: consul.service.consul + external-dns.alpha.kubernetes.io/hostname: consul.k8s.syd1.au.unkin.net + external-dns.alpha.kubernetes.io/target: 198.18.200.4 +spec: + gatewayClassName: traefik-internal + listeners: + - name: http + port: 80 + protocol: HTTP + hostname: consul.k8s.syd1.au.unkin.net + allowedRoutes: + namespaces: + from: Same + - name: https + port: 443 + protocol: HTTPS + hostname: consul.k8s.syd1.au.unkin.net + allowedRoutes: + namespaces: + from: Same + tls: + mode: Terminate + certificateRefs: + - kind: Secret + name: consul-tls + - name: consul-svc + port: 443 + protocol: HTTPS + hostname: consul.service.consul + allowedRoutes: + namespaces: + from: Same + tls: + mode: Terminate + certificateRefs: + - kind: Secret + name: consul-tls diff --git a/apps/base/consul/httproute.yaml b/apps/base/consul/httproute.yaml new file mode 100644 index 0000000..53297f6 --- /dev/null +++ b/apps/base/consul/httproute.yaml @@ -0,0 +1,71 @@ +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: consul-http-redirect + namespace: consul + labels: + app.kubernetes.io/name: consul + app.kubernetes.io/instance: consul +spec: + hostnames: + - consul.k8s.syd1.au.unkin.net + parentRefs: + - name: consul + sectionName: http + rules: + - filters: + - type: RequestRedirect + requestRedirect: + scheme: https + statusCode: 301 + matches: + - path: + type: PathPrefix + value: / +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: consul + namespace: consul + labels: + app.kubernetes.io/name: consul + app.kubernetes.io/instance: consul +spec: + hostnames: + - consul.k8s.syd1.au.unkin.net + parentRefs: + - name: consul + sectionName: https + rules: + - backendRefs: + - name: consul-ui + port: 80 + matches: + - path: + type: PathPrefix + value: / +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: consul-svc + namespace: consul + labels: + app.kubernetes.io/name: consul + app.kubernetes.io/instance: consul +spec: + hostnames: + - consul.service.consul + parentRefs: + - name: consul + sectionName: consul-svc + rules: + - backendRefs: + - name: consul-ui + port: 80 + matches: + - path: + type: PathPrefix + value: / diff --git a/apps/base/consul/kustomization.yaml b/apps/base/consul/kustomization.yaml new file mode 100644 index 0000000..2c2b5da --- /dev/null +++ b/apps/base/consul/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - namespace.yaml + - gateway.yaml + - httproute.yaml diff --git a/apps/base/consul/namespace.yaml b/apps/base/consul/namespace.yaml new file mode 100644 index 0000000..e91e994 --- /dev/null +++ b/apps/base/consul/namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: consul diff --git a/apps/overlays/au-syd1/consul/kustomization.yaml b/apps/overlays/au-syd1/consul/kustomization.yaml new file mode 100644 index 0000000..bbc6c94 --- /dev/null +++ b/apps/overlays/au-syd1/consul/kustomization.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../base/consul + +helmCharts: + - name: consul + repo: https://helm.releases.hashicorp.com + version: "1.9.7" + releaseName: consul + namespace: consul + valuesFile: values.yaml + apiVersions: + - policy/v1/PodDisruptionBudget diff --git a/apps/overlays/au-syd1/consul/values.yaml b/apps/overlays/au-syd1/consul/values.yaml new file mode 100644 index 0000000..86a49b0 --- /dev/null +++ b/apps/overlays/au-syd1/consul/values.yaml @@ -0,0 +1,58 @@ +global: + name: consul + datacenter: au-syd1 + domain: consul + +server: + image: hashicorp/consul:1.22.7 + replicas: 5 + bootstrapExpect: 5 + storage: 10Gi + storageClass: cephrbd-fast-delete + + connect: true + + disruptionBudget: + maxUnavailable: 1 + + extraConfig: | + { + "disable_remote_exec": true, + "disable_update_check": true, + "performance": { + "raft_multiplier": 10 + }, + "ports": { + "dns": 8600, + "grpc": 8502, + "http": 8500, + "https": -1 + }, + "primary_datacenter": "au-syd1" + } + + resources: + requests: + memory: 256Mi + cpu: 100m + limits: + memory: 2Gi + cpu: 1000m + +client: + enabled: false + +ui: + enabled: true + service: + type: ClusterIP + +connectInject: + enabled: false + +dns: + enabled: true + type: LoadBalancer + annotations: | + purelb.io/service-group: "common" + purelb.io/addresses: 198.18.200.5 diff --git a/argocd/applicationsets/platform.yaml b/argocd/applicationsets/platform.yaml index 63be86a..ac5afac 100644 --- a/argocd/applicationsets/platform.yaml +++ b/argocd/applicationsets/platform.yaml @@ -15,6 +15,7 @@ spec: - path: apps/overlays/*/cert-manager - path: apps/overlays/*/certificates - path: apps/overlays/*/cnpg-system + - path: apps/overlays/*/consul - path: apps/overlays/*/elastic-system - path: apps/overlays/*/externaldns - path: apps/overlays/*/inteldeviceplugins-system