diff --git a/apps/base/consul/gateway.yaml b/apps/base/consul/gateway.yaml index 90b717e..5eadb41 100644 --- a/apps/base/consul/gateway.yaml +++ b/apps/base/consul/gateway.yaml @@ -12,6 +12,7 @@ metadata: cert-manager.io/cluster-issuer: vault-issuer cert-manager.io/common-name: consul.k8s.syd1.au.unkin.net cert-manager.io/private-key-size: "4096" + cert-manager.io/subject-alternative-names: consul.service.consul external-dns.alpha.kubernetes.io/hostname: consul.k8s.syd1.au.unkin.net external-dns.alpha.kubernetes.io/target: 198.18.200.4 spec: @@ -29,3 +30,15 @@ spec: certificateRefs: - kind: Secret name: consul-tls + - name: consul-svc + port: 443 + protocol: HTTPS + hostname: consul.service.consul + allowedRoutes: + namespaces: + from: Same + tls: + mode: Terminate + certificateRefs: + - kind: Secret + name: consul-tls diff --git a/apps/base/consul/httproute.yaml b/apps/base/consul/httproute.yaml index c7ad926..b3179f9 100644 --- a/apps/base/consul/httproute.yaml +++ b/apps/base/consul/httproute.yaml @@ -15,7 +15,30 @@ spec: sectionName: https rules: - backendRefs: - - name: consul-consul-ui + - name: consul-ui + port: 80 + matches: + - path: + type: PathPrefix + value: / +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: consul-svc + namespace: consul + labels: + app.kubernetes.io/name: consul + app.kubernetes.io/instance: consul +spec: + hostnames: + - consul.service.consul + parentRefs: + - name: consul + sectionName: consul-svc + rules: + - backendRefs: + - name: consul-ui port: 80 matches: - path: diff --git a/apps/overlays/au-syd1/consul/kustomization.yaml b/apps/overlays/au-syd1/consul/kustomization.yaml index 1e3fbef..7b5c54f 100644 --- a/apps/overlays/au-syd1/consul/kustomization.yaml +++ b/apps/overlays/au-syd1/consul/kustomization.yaml @@ -6,13 +6,10 @@ resources: - ../../../base/consul patches: - - target: + - path: patches/consul-server-pdb.yaml + target: kind: PodDisruptionBudget name: consul-server - patch: |- - - op: replace - path: /apiVersion - value: policy/v1 helmCharts: - name: consul diff --git a/apps/overlays/au-syd1/consul/patches/consul-server-pdb.yaml b/apps/overlays/au-syd1/consul/patches/consul-server-pdb.yaml new file mode 100644 index 0000000..4825a6c --- /dev/null +++ b/apps/overlays/au-syd1/consul/patches/consul-server-pdb.yaml @@ -0,0 +1,3 @@ +- op: replace + path: /apiVersion + value: policy/v1 diff --git a/apps/overlays/au-syd1/consul/values.yaml b/apps/overlays/au-syd1/consul/values.yaml index 1f967ac..86a49b0 100644 --- a/apps/overlays/au-syd1/consul/values.yaml +++ b/apps/overlays/au-syd1/consul/values.yaml @@ -12,6 +12,9 @@ server: connect: true + disruptionBudget: + maxUnavailable: 1 + extraConfig: | { "disable_remote_exec": true, @@ -49,3 +52,7 @@ connectInject: dns: enabled: true + type: LoadBalancer + annotations: | + purelb.io/service-group: "common" + purelb.io/addresses: 198.18.200.5 diff --git a/apps/overlays/sandbox/consul/kustomization.yaml b/apps/overlays/sandbox/consul/kustomization.yaml deleted file mode 100644 index e88dcea..0000000 --- a/apps/overlays/sandbox/consul/kustomization.yaml +++ /dev/null @@ -1,44 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - ../../../base/consul - -patches: - - target: - kind: Namespace - name: consul - patch: |- - - op: replace - path: /metadata/name - value: sandbox-consul - - target: - kind: Gateway - name: consul - patch: |- - - op: replace - path: /metadata/namespace - value: sandbox-consul - - target: - kind: HTTPRoute - name: consul - patch: |- - - op: replace - path: /metadata/namespace - value: sandbox-consul - - target: - kind: PodDisruptionBudget - name: consul-server - patch: |- - - op: replace - path: /apiVersion - value: policy/v1 - -helmCharts: - - name: consul - repo: https://helm.releases.hashicorp.com - version: "1.9.7" - releaseName: consul - namespace: sandbox-consul - valuesFile: values.yaml diff --git a/apps/overlays/sandbox/consul/values.yaml b/apps/overlays/sandbox/consul/values.yaml deleted file mode 100644 index 1f967ac..0000000 --- a/apps/overlays/sandbox/consul/values.yaml +++ /dev/null @@ -1,51 +0,0 @@ -global: - name: consul - datacenter: au-syd1 - domain: consul - -server: - image: hashicorp/consul:1.22.7 - replicas: 5 - bootstrapExpect: 5 - storage: 10Gi - storageClass: cephrbd-fast-delete - - connect: true - - extraConfig: | - { - "disable_remote_exec": true, - "disable_update_check": true, - "performance": { - "raft_multiplier": 10 - }, - "ports": { - "dns": 8600, - "grpc": 8502, - "http": 8500, - "https": -1 - }, - "primary_datacenter": "au-syd1" - } - - resources: - requests: - memory: 256Mi - cpu: 100m - limits: - memory: 2Gi - cpu: 1000m - -client: - enabled: false - -ui: - enabled: true - service: - type: ClusterIP - -connectInject: - enabled: false - -dns: - enabled: true