jm96441n/bender-service.yaml

## bender-service.yaml
---
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceDefaults
metadata:
  name: bender
  namespace: default
spec:
  protocol: http
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: bender
    'my-meta': my-meta
  name: bender
  namespace: default
spec:
  ports:
  - port: 8080
    name: high
    protocol: TCP
    targetPort: 8080
  selector:
    app: bender
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: bender
  namespace: default
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: bender
  name: bender
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: bender
  template:
    metadata:
      labels:
        app: bender
      annotations:
        'consul.hashicorp.com/connect-inject': 'true'
    spec:
      serviceAccountName: bender
      containers:
        - name: bender
          image: nicholasjackson/fake-service:v0.26.0
          ports:
            - containerPort: 8080
          env:
            - name: LISTEN_ADDR
              value: "0.0.0.0:8080"
            - name: NAME
              value: bender
            - name: MESSAGE
              value: "bender bender bender"
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: CONSUL_HTTP_TOKEN
              value: root

## cluster.yaml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
name: termgw
nodes:
- role: control-plane
  image: kindest/node:v1.25.3
- role: worker
  image: kindest/node:v1.25.3

## consul_values.yaml
# Contains values that affect multiple components of the chart.
global:
  imageK8S: "consul-k8s-control-plane:local"
  image: "hashicorppreview/consul:1.19-dev"
  logLevel: debug
  #  enableConsulNamespaces: true
  tls:
    enabled: true
  acls:
    manageSystemACLs: true
server:
  enabled: true
  # The number of server agents to run. This determines the fault tolerance of the cluster.
  replicas: 1
# Contains values that configure the Consul UI.
ui:
  enabled: true
# Configures and installs the automatic Consul Connect sidecar injector.
connectInject:
  enabled: true
  transparentProxy:
    defaultEnabled: true
    defaultOverwriteProbes: true
dns:
  enabled: true
  enableRedirection: true
terminatingGateways:
  enabled: true

## dereg.json
{
  "Datacenter": "dc1",
  "Node": "node-virtual",
  "ServiceID": "zoidberg-external"
}

## proxy-defaults.yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ProxyDefaults
metadata:
  name: global
spec:
  config:
    protocol: http

## registration.yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: Registration
metadata:
  name: zoidberg-registration
spec:
  node: node-virtual
  check:
    node: node-virtual
    checkId: zoidberg-check
    name: zoidberg
    serviceName: zoidberg
    serviceId: zoidberg-external
    notes: "Script based health check"
    status: "passing"
    definition:
      http: "localhost:8081/health"
      intervalDuration: "5s"
      timeoutDuration: "1s"
      deregisterCriticalServiceAfterDuration: "30s"
  service:
    name: zoidberg
    id: zoidberg-external
    address: "10.96.95.142"
    port: 8081
  address: 10.96.95.142

## start.sh
set -e

if [ -z "$(kind get clusters | rg "termgw")" ]; then
	kind create cluster --config cluster.yaml
fi

kind load docker-image consul-k8s-control-plane:local -n termgw
kubectl create namespace consul
echo "helm installing"
helm upgrade --install consul "$CONSUL_K8S_CHARTS_LOCATION" -f ./consul_values.yaml -n consul --create-namespace --wait
echo "helm is done"
kubectl wait --timeout=180s --for=condition=Available=True deployments/consul-consul-connect-injector -n consul
kubectl apply -f ./proxy-defaults.yaml
kubectl apply -f ./bender-service.yaml
kubectl apply -f ./zoidberg-service.yaml
kubectl apply -f ./termgw.yaml
kubectl get svc -n consul
kubectl port-forward service/consul-consul-ui 8501:443 -n consul &

# register zoidberg service
ip=$(kubectl get service/zoidberg-external -o jsonpath='{.spec.clusterIP}')
yq e -i ".spec.address = \"$ip\"" ./registration.yaml
yq e -i ".spec.service.address = \"$ip\"" ./registration.yaml
kubectl apply -f ./registration.yaml

## termgw.yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: TerminatingGateway
metadata:
  name: terminating-gateway
spec:
  services:
    - name: zoidberg

## zoidberg-service.yaml
---
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceDefaults
metadata:
  name: zoidberg-external
  namespace: default
spec:
  protocol: http
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: zoidberg-external
    external: "true"
  name: zoidberg-external
  namespace: default
spec:
  ports:
  - port: 8081
    name: high
    protocol: TCP
    targetPort: 8081
  selector:
    app: zoidberg-external
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: zoidberg-external
  namespace: default
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: zoidberg-external
  name: zoidberg-external
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: zoidberg-external
  template:
    metadata:
      labels:
        app: zoidberg-external
      annotations:
        'consul.hashicorp.com/connect-inject': 'false'
    spec:
      serviceAccountName: zoidberg-external
      containers:
        - name: zoidberg-external
          image: nicholasjackson/fake-service:v0.26.0
          ports:
            - containerPort: 8081
          env:
            - name: LISTEN_ADDR
              value: "0.0.0.0:8081"
            - name: NAME
              value: zoidberg-external
            - name: MESSAGE
              value: "why not zoidberg-external"
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: CONSUL_HTTP_TOKEN
              value: root
	---
	apiVersion: consul.hashicorp.com/v1alpha1
	kind: ServiceDefaults
	metadata:
	name: bender
	namespace: default
	spec:
	protocol: http
	---
	apiVersion: v1
	kind: Service
	metadata:
	labels:
	app: bender
	'my-meta': my-meta
	name: bender
	namespace: default
	spec:
	ports:
	- port: 8080
	name: high
	protocol: TCP
	targetPort: 8080
	selector:
	app: bender
	---
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: bender
	namespace: default
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	labels:
	app: bender
	name: bender
	namespace: default
	spec:
	replicas: 1
	selector:
	matchLabels:
	app: bender
	template:
	metadata:
	labels:
	app: bender
	annotations:
	'consul.hashicorp.com/connect-inject': 'true'
	spec:
	serviceAccountName: bender
	containers:
	- name: bender
	image: nicholasjackson/fake-service:v0.26.0
	ports:
	- containerPort: 8080
	env:
	- name: LISTEN_ADDR
	value: "0.0.0.0:8080"
	- name: NAME
	value: bender
	- name: MESSAGE
	value: "bender bender bender"
	- name: POD_NAME
	valueFrom:
	fieldRef:
	fieldPath: metadata.name
	- name: NAMESPACE
	valueFrom:
	fieldRef:
	fieldPath: metadata.namespace
	- name: CONSUL_HTTP_TOKEN
	value: root
	kind: Cluster
	apiVersion: kind.x-k8s.io/v1alpha4
	name: termgw
	nodes:
	- role: control-plane
	image: kindest/node:v1.25.3
	- role: worker
	image: kindest/node:v1.25.3
	# Contains values that affect multiple components of the chart.
	global:
	imageK8S: "consul-k8s-control-plane:local"
	image: "hashicorppreview/consul:1.19-dev"
	logLevel: debug
	# enableConsulNamespaces: true
	tls:
	enabled: true
	acls:
	manageSystemACLs: true
	server:
	enabled: true
	# The number of server agents to run. This determines the fault tolerance of the cluster.
	replicas: 1
	# Contains values that configure the Consul UI.
	ui:
	enabled: true
	# Configures and installs the automatic Consul Connect sidecar injector.
	connectInject:
	enabled: true
	transparentProxy:
	defaultEnabled: true
	defaultOverwriteProbes: true
	dns:
	enabled: true
	enableRedirection: true
	terminatingGateways:
	enabled: true
	{
	"Datacenter": "dc1",
	"Node": "node-virtual",
	"ServiceID": "zoidberg-external"
	}
	apiVersion: consul.hashicorp.com/v1alpha1
	kind: ProxyDefaults
	metadata:
	name: global
	spec:
	config:
	protocol: http
	apiVersion: consul.hashicorp.com/v1alpha1
	kind: Registration
	metadata:
	name: zoidberg-registration
	spec:
	node: node-virtual
	check:
	node: node-virtual
	checkId: zoidberg-check
	name: zoidberg
	serviceName: zoidberg
	serviceId: zoidberg-external
	notes: "Script based health check"
	status: "passing"
	definition:
	http: "localhost:8081/health"
	intervalDuration: "5s"
	timeoutDuration: "1s"
	deregisterCriticalServiceAfterDuration: "30s"
	service:
	name: zoidberg
	id: zoidberg-external
	address: "10.96.95.142"
	port: 8081
	address: 10.96.95.142
	set -e

	if [ -z "$(kind get clusters \| rg "termgw")" ]; then
	kind create cluster --config cluster.yaml
	fi

	kind load docker-image consul-k8s-control-plane:local -n termgw
	kubectl create namespace consul
	echo "helm installing"
	helm upgrade --install consul "$CONSUL_K8S_CHARTS_LOCATION" -f ./consul_values.yaml -n consul --create-namespace --wait
	echo "helm is done"
	kubectl wait --timeout=180s --for=condition=Available=True deployments/consul-consul-connect-injector -n consul
	kubectl apply -f ./proxy-defaults.yaml
	kubectl apply -f ./bender-service.yaml
	kubectl apply -f ./zoidberg-service.yaml
	kubectl apply -f ./termgw.yaml
	kubectl get svc -n consul
	kubectl port-forward service/consul-consul-ui 8501:443 -n consul &

	# register zoidberg service
	ip=$(kubectl get service/zoidberg-external -o jsonpath='{.spec.clusterIP}')
	yq e -i ".spec.address = \"$ip\"" ./registration.yaml
	yq e -i ".spec.service.address = \"$ip\"" ./registration.yaml
	kubectl apply -f ./registration.yaml
	apiVersion: consul.hashicorp.com/v1alpha1
	kind: TerminatingGateway
	metadata:
	name: terminating-gateway
	spec:
	services:
	- name: zoidberg