-
SETUP CLIENT EKS CLUSTERS
cd eks_clusters/
eksctl create cluster -f eks_us_west.yaml
eksctl create cluster -f eks_eu_west.yaml
eksctl create cluster -f eks_eu_central.yaml
terraform init; terraform apply permissive_ingress_eks.tf
-
Update kube contexts to more friendly names -> us-west, eu-west, eu-central
-
Create HCP resources
cd hcp_consul/
terraform init; terraform apply
-
Goto HCP UI:
- Log into the Consul UI using the public URL of the primary + admin token that can be generated from HCP UI.
- Download client config zip files for each cluster available on the HCP UI, into the root directory of the repo.
-
Install consul on us-west cluster:
./install_consul_us_west.sh
kubectl apply -f mesh_gateway
kubectl apply -f ingress_gateway
-
[To workaround Consul 1.9.5 bugs]:
-
Workaround for this bug: On consul UI, update client token policy to be valid across datacenters.
-
Attach the client-token policy to the anonymous token. This token is used by the proxy side cars for cross-region service lookup.
-
-
Install consul on eu-west cluster:
./install_consul_eu_west.sh
kubectl apply -f mesh_gateway
-
Install consul on eu-central cluster:
./install_consul_eu_central.sh
kubectl apply -f mesh_gateway
-
Deploy service mesh:
cd hashicups/
kubectl apply -f frontend.yaml --context us-west
kubectl apply -f public-api.yaml --context eu-west
kubectl apply -f product-api.yaml --context eu-central
kubectl apply -f postgres.yaml --context eu-central
kubectl apply -f service_intentions.yaml --context us-west
-
Access Hashicups UI:
- Get the INGRESS GATEWAY url:
kubectl get svc/consul-ingress-gateway --context us-west -o json | jq -r '.status.loadBalancer.ingress[0].hostname'
- Run -
curl -H "Host: frontend.ingress.consul" "http://$INGRESS_GATEWAY:8080"
- To access
http://$INGRESS_GATEWAY:8080"
from a browser, use a browser extension to set theHost
header tofrontend.ingress.consul
. Example: on Chrome, I used theModHeader
extension.
- Get the INGRESS GATEWAY url: