0c73cc7594
5-replica server cluster (bootstrapExpect=5) with datacenter=au-syd1, connect enabled, raft_multiplier=10, http=8500, grpc=8502, https=-1. 10Gi cephrbd-fast-delete PVC. Gateway API HTTPRoute on 443→consul-consul-ui:80→8500. PDB patched from policy/v1beta1 to policy/v1 for k8s 1.25+. ArgoCD platform ApplicationSet updated to include consul overlay path.
32 lines
860 B
YAML
32 lines
860 B
YAML
---
|
|
apiVersion: gateway.networking.k8s.io/v1
|
|
kind: Gateway
|
|
metadata:
|
|
name: consul
|
|
namespace: consul
|
|
labels:
|
|
app.kubernetes.io/name: consul
|
|
app.kubernetes.io/instance: consul
|
|
traefik.io/instance: internal
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: vault-issuer
|
|
cert-manager.io/common-name: consul.k8s.syd1.au.unkin.net
|
|
cert-manager.io/private-key-size: "4096"
|
|
external-dns.alpha.kubernetes.io/hostname: consul.k8s.syd1.au.unkin.net
|
|
external-dns.alpha.kubernetes.io/target: 198.18.200.4
|
|
spec:
|
|
gatewayClassName: traefik-internal
|
|
listeners:
|
|
- name: https
|
|
port: 443
|
|
protocol: HTTPS
|
|
hostname: consul.k8s.syd1.au.unkin.net
|
|
allowedRoutes:
|
|
namespaces:
|
|
from: Same
|
|
tls:
|
|
mode: Terminate
|
|
certificateRefs:
|
|
- kind: Secret
|
|
name: consul-tls
|