- Fix consul HTTPRoute backend: consul-consul-ui -> consul-ui
- Add consul.service.consul hostname to Gateway (cert SAN) and HTTPRoute
- Add consul-svc listener on 443 for consul.service.consul SNI routing
- Convert PDB inline patch to patches/consul-server-pdb.yaml
- Set server.disruptionBudget.maxUnavailable: 1 explicitly in values
- Expose consul DNS service as LoadBalancer (purelb 198.18.200.5) for anycast
- Remove sandbox overlay (not needed in production GitOps)
5-replica server cluster (bootstrapExpect=5) with datacenter=au-syd1,
connect enabled, raft_multiplier=10, http=8500, grpc=8502, https=-1.
10Gi cephrbd-fast-delete PVC. Gateway API HTTPRoute on 443→consul-consul-ui:80→8500.
PDB patched from policy/v1beta1 to policy/v1 for k8s 1.25+.
ArgoCD platform ApplicationSet updated to include consul overlay path.