jm96441n · August 19, 2024 20:45
diff --git a/bender-service.yaml b/bender-service.yaml
 ---
 apiVersion: consul.hashicorp.com/v1alpha1
 kind: ServiceDefaults
 metadata:
  name: bender
  namespace: default
 spec:
  protocol: http
 ---
 apiVersion: v1
 kind: Service
 metadata:
  labels:
    app: bender
    'my-meta': my-meta
  name: bender
  namespace: default
 spec:
  ports:
  - port: 8080
    name: high
    protocol: TCP
    targetPort: 8080
  selector:
    app: bender
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: bender
  namespace: default
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  labels:
    app: bender
  name: bender
  namespace: default
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: bender
  template:
    metadata:
      labels:
        app: bender
      annotations:
        'consul.hashicorp.com/connect-inject': 'true'
        "consul.hashicorp.com/connect-service-upstreams": "zoidberg.ns1:1234,nibbler.ns1:5678"
    spec:
      serviceAccountName: bender
      containers:
        - name: bender
          image: nicholasjackson/fake-service:v0.26.0
          ports:
            - containerPort: 8080
          env:
            - name: LISTEN_ADDR
              value: "0.0.0.0:8080"
            - name: NAME
              value: bender
            - name: MESSAGE
              value: "bender bender bender"
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: CONSUL_HTTP_TOKEN
              value: root
diff --git a/consul_values.yaml b/consul_values.yaml
 # Contains values that affect multiple components of the chart.
 global:
  imageK8S: "consul-k8s-control-plane:local"
  image: "hashicorp/consul-enterprise:1.19-ent"
  logLevel: debug
  enableConsulNamespaces: true
  tls:
    enabled: true
  acls:
    manageSystemACLs: true
  enterpriseLicense:
    secretName: "license"
    secretKey: "key"
 server:
  enabled: true
  # The number of server agents to run. This determines the fault tolerance of the cluster.
  replicas: 1
 syncCatalog:
  consulNamespaces:
    mirroringK8S: true
 # Contains values that configure the Consul UI.
 ui:
  enabled: true
 # Configures and installs the automatic Consul Connect sidecar injector.
 connectInject:
  enabled: true
  transparentProxy:
    defaultEnabled: false
 dns:
  enabled: true
  enableRedirection: true
 terminatingGateways:
  enabled: true
  gateways:
    - name: terminating-gateway
      consulNamespace: ns1
    - name: terminating-gateway2
      consulNamespace: ns1
diff --git a/intention.yaml b/intention.yaml
 apiVersion: consul.hashicorp.com/v1alpha1
 kind: ServiceIntentions
 metadata:
  name: bender-zoidberg
  namespace: ns1
 spec:
  destination:
    name: zoidberg
    namespace: ns1
  sources:
    - name: bender
      namespace: default
      action: allow
 ---
 apiVersion: consul.hashicorp.com/v1alpha1
 kind: ServiceIntentions
 metadata:
  name: bender-nibbler
  namespace: ns1
 spec:
  destination:
    name: nibbler
    namespace: ns1
  sources:
    - name: bender
      namespace: default
      action: allow
diff --git a/proxy-defaults.yaml b/proxy-defaults.yaml
 apiVersion: consul.hashicorp.com/v1alpha1
 kind: ProxyDefaults
 metadata:
  name: global
 spec:
  config:
    protocol: http
diff --git a/registration.yaml b/registration.yaml
 apiVersion: consul.hashicorp.com/v1alpha1
 kind: Registration
 metadata:
  name: zoidberg-registration
  namespace: ns1
 spec:
  datacenter: dc1
  node: host-virtual
  service:
    id: zoidberg-external
    name: zoidberg
    namespace: ns1
    port: 9090
    weights:
      passing: 1
      warning: 1
  address: "172.18.0.4"
diff --git a/registration2.yaml b/registration2.yaml
 apiVersion: consul.hashicorp.com/v1alpha1
 kind: Registration
 metadata:
  name: nibbler-registration
  namespace: ns1
 spec:
  datacenter: dc1
  node: host-virtual-2
  service:
    id: nibbler-external
    name: nibbler
    namespace: ns1
    port: 9091
    weights:
      passing: 1
      warning: 1
  address: "172.18.0.5"
diff --git a/service-defaults.yaml b/service-defaults.yaml
 ---
 apiVersion: consul.hashicorp.com/v1alpha1
 kind: ServiceDefaults
 metadata:
  name: zoidberg
  namespace: ns1
 spec:
  protocol: http
 ---
 apiVersion: consul.hashicorp.com/v1alpha1
 kind: ServiceDefaults
 metadata:
  name: nibbler
  namespace: ns1
 spec:
  protocol: http
diff --git a/start.sh b/start.sh
 #!/bin/bash

 set -e

 export CONSUL_K8S_CHARTS_LOCATION="$HOME/hashi/consul-k8s/charts/consul"

 if [ -z "$(kind get clusters | rg "termgw")" ]; then
  kind create cluster -n termgw
 fi

 kind load docker-image consul-k8s-control-plane:local -n termgw
 kubectl create namespace consul
 kubectl create namespace ns1
 kubectl create secret generic license -n consul --from-literal="key=$CONSUL_LICENSE"
 echo "helm installing"
 helm upgrade --install consul $CONSUL_K8S_CHARTS_LOCATION -f ./consul_values.yaml -n consul --create-namespace --wait
 echo "helm is done"
 kubectl wait --timeout=180s --for=condition=Available=True deployments/consul-consul-connect-injector -n consul
 kubectl apply -f ./proxy-defaults.yaml
 kubectl apply -f ./bender-service.yaml
 kubectl apply -f ./intention.yaml
 kubectl apply -f ./service-defaults.yaml

 if [ -z "$(docker ps | grep "zoidberg")" ]; then
  docker run --rm -d -p 9090:9090 --network kind --name zoidberg -e NAME=zoidberg -e MESSAGE="why not zoidberg" nicholasjackson/fake-service:v0.26.0
 fi

 if [ -z "$(docker ps | grep "nibbler")" ]; then
  docker run --rm -d -p 9091:9091 --network kind --name nibbler -e NAME=nibbler -e MESSAGE="I can do more than talk, I can pontificate" -e LISTEN_ADDR="0.0.0.0:9091" nicholasjackson/fake-service:v0.26.0
 fi

 zoidbergIP=$(docker inspect --format="{{ range .NetworkSettings.Networks }}{{ .IPAddress }}{{end}}" zoidberg)
 yq e -i ".spec.address = \"$zoidbergIP\"" ./registration.yaml
 kubectl apply -f ./registration.yaml

 nibblerIP=$(docker inspect --format="{{ range .NetworkSettings.Networks }}{{ .IPAddress }}{{end}}" nibbler)
 yq e -i ".spec.address = \"$nibblerIP\"" ./registration2.yaml
 kubectl apply -f ./registration2.yaml

 kubectl apply -f ./termgw.yaml
 kubectl apply -f ./termgw2.yaml
 kubectl get svc -n consul
 kubectl port-forward service/consul-consul-ui 8500:80 -n consul &
diff --git a/termgw.yaml b/termgw.yaml
 apiVersion: consul.hashicorp.com/v1alpha1
 kind: TerminatingGateway
 metadata:
  name: terminating-gateway
  namespace: ns1
 spec:
  services:
    - name: zoidberg
      namespace: ns1
    - name: nibbler
      namespace: ns1
diff --git a/termgw2.yaml b/termgw2.yaml
 apiVersion: consul.hashicorp.com/v1alpha1
 kind: TerminatingGateway
 metadata:
  name: terminating-gateway2
  namespace: ns1
 spec:
  services:
    - name: zoidberg
      namespace: ns1
    - name: nibbler
      namespace: ns1
	---
	apiVersion: consul.hashicorp.com/v1alpha1
	kind: ServiceDefaults
	metadata:
	name: bender
	namespace: default
	spec:
	protocol: http
	---
	apiVersion: v1
	kind: Service
	metadata:
	labels:
	app: bender
	'my-meta': my-meta
	name: bender
	namespace: default
	spec:
	ports:
	- port: 8080
	name: high
	protocol: TCP
	targetPort: 8080
	selector:
	app: bender
	---
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: bender
	namespace: default
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	labels:
	app: bender
	name: bender
	namespace: default
	spec:
	replicas: 1
	selector:
	matchLabels:
	app: bender
	template:
	metadata:
	labels:
	app: bender
	annotations:
	'consul.hashicorp.com/connect-inject': 'true'
	"consul.hashicorp.com/connect-service-upstreams": "zoidberg.ns1:1234,nibbler.ns1:5678"
	spec:
	serviceAccountName: bender
	containers:
	- name: bender
	image: nicholasjackson/fake-service:v0.26.0
	ports:
	- containerPort: 8080
	env:
	- name: LISTEN_ADDR
	value: "0.0.0.0:8080"
	- name: NAME
	value: bender
	- name: MESSAGE
	value: "bender bender bender"
	- name: POD_NAME
	valueFrom:
	fieldRef:
	fieldPath: metadata.name
	- name: NAMESPACE
	valueFrom:
	fieldRef:
	fieldPath: metadata.namespace
	- name: CONSUL_HTTP_TOKEN
	value: root
	# Contains values that affect multiple components of the chart.
	global:
	imageK8S: "consul-k8s-control-plane:local"
	image: "hashicorp/consul-enterprise:1.19-ent"
	logLevel: debug
	enableConsulNamespaces: true
	tls:
	enabled: true
	acls:
	manageSystemACLs: true
	enterpriseLicense:
	secretName: "license"
	secretKey: "key"
	server:
	enabled: true
	# The number of server agents to run. This determines the fault tolerance of the cluster.
	replicas: 1
	syncCatalog:
	consulNamespaces:
	mirroringK8S: true
	# Contains values that configure the Consul UI.
	ui:
	enabled: true
	# Configures and installs the automatic Consul Connect sidecar injector.
	connectInject:
	enabled: true
	transparentProxy:
	defaultEnabled: false
	dns:
	enabled: true
	enableRedirection: true
	terminatingGateways:
	enabled: true
	gateways:
	- name: terminating-gateway
	consulNamespace: ns1
	- name: terminating-gateway2
	consulNamespace: ns1
	apiVersion: consul.hashicorp.com/v1alpha1
	kind: ServiceIntentions
	metadata:
	name: bender-zoidberg
	namespace: ns1
	spec:
	destination:
	name: zoidberg
	namespace: ns1
	sources:
	- name: bender
	namespace: default
	action: allow
	---
	apiVersion: consul.hashicorp.com/v1alpha1
	kind: ServiceIntentions
	metadata:
	name: bender-nibbler
	namespace: ns1
	spec:
	destination:
	name: nibbler
	namespace: ns1
	sources:
	- name: bender
	namespace: default
	action: allow
	apiVersion: consul.hashicorp.com/v1alpha1
	kind: ProxyDefaults
	metadata:
	name: global
	spec:
	config:
	protocol: http
	apiVersion: consul.hashicorp.com/v1alpha1
	kind: Registration
	metadata:
	name: zoidberg-registration
	namespace: ns1
	spec:
	datacenter: dc1
	node: host-virtual
	service:
	id: zoidberg-external
	name: zoidberg
	namespace: ns1
	port: 9090
	weights:
	passing: 1
	warning: 1
	address: "172.18.0.4"
	#!/bin/bash

	set -e

	export CONSUL_K8S_CHARTS_LOCATION="$HOME/hashi/consul-k8s/charts/consul"

	if [ -z "$(kind get clusters \| rg "termgw")" ]; then
	kind create cluster -n termgw
	fi

	kind load docker-image consul-k8s-control-plane:local -n termgw
	kubectl create namespace consul
	kubectl create namespace ns1
	kubectl create secret generic license -n consul --from-literal="key=$CONSUL_LICENSE"
	echo "helm installing"
	helm upgrade --install consul $CONSUL_K8S_CHARTS_LOCATION -f ./consul_values.yaml -n consul --create-namespace --wait
	echo "helm is done"
	kubectl wait --timeout=180s --for=condition=Available=True deployments/consul-consul-connect-injector -n consul
	kubectl apply -f ./proxy-defaults.yaml
	kubectl apply -f ./bender-service.yaml
	kubectl apply -f ./intention.yaml
	kubectl apply -f ./service-defaults.yaml

	if [ -z "$(docker ps \| grep "zoidberg")" ]; then
	docker run --rm -d -p 9090:9090 --network kind --name zoidberg -e NAME=zoidberg -e MESSAGE="why not zoidberg" nicholasjackson/fake-service:v0.26.0
	fi

	if [ -z "$(docker ps \| grep "nibbler")" ]; then
	docker run --rm -d -p 9091:9091 --network kind --name nibbler -e NAME=nibbler -e MESSAGE="I can do more than talk, I can pontificate" -e LISTEN_ADDR="0.0.0.0:9091" nicholasjackson/fake-service:v0.26.0
	fi

	zoidbergIP=$(docker inspect --format="{{ range .NetworkSettings.Networks }}{{ .IPAddress }}{{end}}" zoidberg)
	yq e -i ".spec.address = \"$zoidbergIP\"" ./registration.yaml
	kubectl apply -f ./registration.yaml

	nibblerIP=$(docker inspect --format="{{ range .NetworkSettings.Networks }}{{ .IPAddress }}{{end}}" nibbler)
	yq e -i ".spec.address = \"$nibblerIP\"" ./registration2.yaml
	kubectl apply -f ./registration2.yaml

	kubectl apply -f ./termgw.yaml
	kubectl apply -f ./termgw2.yaml
	kubectl get svc -n consul
	kubectl port-forward service/consul-consul-ui 8500:80 -n consul &
	apiVersion: consul.hashicorp.com/v1alpha1
	kind: TerminatingGateway
	metadata:
	name: terminating-gateway
	namespace: ns1
	spec:
	services:
	- name: zoidberg
	namespace: ns1
	- name: nibbler
	namespace: ns1