-
SETUP CLIENT EKS CLUSTERS
cd eks_clusters/eksctl create cluster -f eks_us_west.yamleksctl create cluster -f eks_eu_west.yamleksctl create cluster -f eks_eu_central.yamlterraform init; terraform apply permissive_ingress_eks.tf
-
Update kube contexts to more friendly names -> us-west, eu-west, eu-central
-
Create HCP resources
cd hcp_consul/terraform init; terraform apply
-
Goto HCP UI:
- Log into the Consul UI using the public URL of the primary + admin token that can be generated from HCP UI.
- Download client config zip files for each cluster available on the HCP UI, into the root directory of the repo.
-
Install consul on us-west cluster:
./install_consul_us_west.shkubectl apply -f mesh_gatewaykubectl apply -f ingress_gateway
-
[To workaround Consul 1.9.5 bugs]:
-
Workaround for this bug: On consul UI, update client token policy to be valid across datacenters.
-
Attach the client-token policy to the anonymous token. This token is used by the proxy side cars for cross-region service lookup.
-
-
Install consul on eu-west cluster:
./install_consul_eu_west.shkubectl apply -f mesh_gateway
-
Install consul on eu-central cluster:
./install_consul_eu_central.shkubectl apply -f mesh_gateway
-
Deploy service mesh:
cd hashicups/kubectl apply -f frontend.yaml --context us-westkubectl apply -f public-api.yaml --context eu-westkubectl apply -f product-api.yaml --context eu-centralkubectl apply -f postgres.yaml --context eu-centralkubectl apply -f service_intentions.yaml --context us-west
-
Access Hashicups UI:
- Get the INGRESS GATEWAY url:
kubectl get svc/consul-ingress-gateway --context us-west -o json | jq -r '.status.loadBalancer.ingress[0].hostname' - Run -
curl -H "Host: frontend.ingress.consul" "http://$INGRESS_GATEWAY:8080" - To access
http://$INGRESS_GATEWAY:8080"from a browser, use a browser extension to set theHostheader tofrontend.ingress.consul. Example: on Chrome, I used theModHeaderextension.
- Get the INGRESS GATEWAY url: