Files
argocd-apps/apps/base/consul/gateway.yaml
T
unkinben f224b17ca1
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was canceled
feat(consul): address PR review feedback
- Fix consul HTTPRoute backend: consul-consul-ui -> consul-ui
- Add consul.service.consul hostname to Gateway (cert SAN) and HTTPRoute
- Add consul-svc listener on 443 for consul.service.consul SNI routing
- Convert PDB inline patch to patches/consul-server-pdb.yaml
- Set server.disruptionBudget.maxUnavailable: 1 explicitly in values
- Expose consul DNS service as LoadBalancer (purelb 198.18.200.5) for anycast
- Remove sandbox overlay (not needed in production GitOps)
2026-05-23 22:11:41 +10:00

45 lines
1.2 KiB
YAML

---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: consul
namespace: consul
labels:
app.kubernetes.io/name: consul
app.kubernetes.io/instance: consul
traefik.io/instance: internal
annotations:
cert-manager.io/cluster-issuer: vault-issuer
cert-manager.io/common-name: consul.k8s.syd1.au.unkin.net
cert-manager.io/private-key-size: "4096"
cert-manager.io/subject-alternative-names: consul.service.consul
external-dns.alpha.kubernetes.io/hostname: consul.k8s.syd1.au.unkin.net
external-dns.alpha.kubernetes.io/target: 198.18.200.4
spec:
gatewayClassName: traefik-internal
listeners:
- name: https
port: 443
protocol: HTTPS
hostname: consul.k8s.syd1.au.unkin.net
allowedRoutes:
namespaces:
from: Same
tls:
mode: Terminate
certificateRefs:
- kind: Secret
name: consul-tls
- name: consul-svc
port: 443
protocol: HTTPS
hostname: consul.service.consul
allowedRoutes:
namespaces:
from: Same
tls:
mode: Terminate
certificateRefs:
- kind: Secret
name: consul-tls