jm96441n/bootstrap-token.yaml

## bootstrap-token.yaml
apiVersion: v1
data:
  token: NjFmNjlhMjctMDI4ZC1hZDc2LWU0ZTUtYjUzODMzNGNhZjNl
kind: Secret
metadata:
  labels:
    managed-by: consul-k8s
  name: nsbug-apigw-consul-bootstrap-acl-token
  namespace: consul
type: Opaque
# the token: 61f69a27-028d-ad76-e4e5-b538334caf3e

## cleanup.sh
#!/bin/bash

helm uninstall consul -n consul
sleep 15
kind delete cluster -n nsbug

## consul_values.yaml
global:
  datacenter: dc1
  name: consul
  logLevel: debug
  enabled: false
  image: "hashicorp/consul-enterprise:1.13.2-ent"

  enableConsulNamespaces: true
  acls:
    manageSystemACLs: true
    bootstrapToken:
      secretName: nsbug-apigw-consul-bootstrap-acl-token
      secretKey: token
  enterpriseLicense:
    secretName: "license"
    secretKey: "key"

apiGateway:
  enabled: true
  image: consul-api-gateway/dev:0.5.0
  logLevel: debug
  managedGatewayClass:
    enabled: true
    serviceType: NodePort
    useHostPorts: false

connectInject:
  enabled: true
  replicas: 1
  transparentProxy:
    defaultEnabled: true
    defaultOverwriteProbes: true
  k8sAllowNamespaces: ["*"]
  consulNamespaces:
    mirroringK8S: true

controller:
  enabled: true
  replicas: 1

consulSidecarContainer:
  imageEnvoy: "envoyproxy/envoy:v1.23.1"

server:
  enabled: true
  replicas: 1

client:
  enabled: true
  grpc: true

ui:
  enabled: true
  service:
    enabled: true
    type: NodePort
    port:
      http: 80
    nodePort:
      http: 30000

## deploy.sh
#!/bin/bash

kind create cluster --config kind-cluster.yaml
# The following line assumes that you have compiled the image locally using `make docker/dev` from the api-gateway repo
kind load docker-image consul-api-gateway/dev:0.5.0 -n nsbug

kubectl apply --kustomize "github.com/hashicorp/consul-api-gateway/config/crd?ref=v0.4.0"
kubectl create namespace consul
kubectl create namespace green
kubectl create namespace monitoring
kubectl create secret generic license -n consul --from-literal="key=<YOUR ENTERPRISE KEY>"
kubectl apply -f bootstrap-token.yaml
echo "helm installing"
helm install consul hashicorp/consul --values consul_values.yaml -n consul --version=0.49.0
echo "helm is done"
kubectl wait --timeout=180s --for=condition=Available=True deployments/consul-controller -n consul
kubectl apply -f service-defaults.yaml -n monitoring
kubectl apply -f nginx-test-gateway-deployment.yaml
kubectl apply -f green-api-gateway.yaml
while ! kubectl get deployments green-apigw -n green; do sleep 1; done
kubectl wait --timeout=180s --for=condition=Available=True deployments/green-apigw -n green
kubectl apply -f nginx-test-gateway-httproute.yaml
kubectl get svc green-apigw -n green -o yaml | sed 's/nodePort: ...../nodePort: 30002/g' >api-gateway-svc.yaml
kubectl apply -f api-gateway-svc.yaml
kubectl get svc -n consul

## green-api-gateway.yaml
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
  name: green-apigw
  namespace: green

spec:
  gatewayClassName: consul-api-gateway
  listeners:
  - name: http
    protocol: HTTP
    port: 30002
    hostname: '*.green.daskt.nsbug.it'
    allowedRoutes:
      namespaces:
        from: All

## kind-cluster.yaml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
name: nsbug
nodes:
- role: control-plane
  image: kindest/node:v1.23.12
  extraPortMappings:
  - containerPort: 30000
    hostPort: 30600
  - containerPort: 30001
    hostPort: 30601
  - containerPort: 30002
    hostPort: 30602
- role: worker
  image: kindest/node:v1.23.12
- role: worker
  image: kindest/node:v1.23.12

## nginx-test-gateway-deployment.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: nginx-gateway-demo
  namespace: monitoring
  labels:
    my-label: nginx-gateway-demo
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-gateway-demo
  namespace: monitoring
  labels:
    my-label: nginx-gateway-demo
spec:
  selector:
    matchLabels:
      app: nginx-gateway-demo
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx-gateway-demo
      annotations:
        consul.hashicorp.com/connect-inject: "true"
        consul.hashicorp.com/enable-metrics-merging: "false"
        consul.hashicorp.com/envoy-extra-args: '--log-level debug'
        consul.hashicorp.com/transparent-proxy: 'false'
    spec:
      serviceAccountName: nginx-gateway-demo
      containers:
      - name: nginx
        image: nginxdemos/hello:0.3
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-gateway-demo
  namespace: monitoring
  labels:
    my-label: nginx-gateway-demo
spec:
  type: ClusterIP
  selector:
    app: nginx-gateway-demo
  ports:
    - port: 80
      targetPort: 80

## nginx-test-gateway-httproute.yaml
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
  name: nginx-gateway-demo-http-route-1
  namespace: monitoring
spec:
  hostnames:
    - nginx.green.daskt.nsbug.it
  parentRefs:
    - group: gateway.networking.k8s.io
      kind: Gateway
      name: green-apigw
      namespace: green
  rules:
    - backendRefs:
      - kind: Service
        name: nginx-gateway-demo
        namespace: monitoring
        port: 80
        weight: 1
      matches:
      - path:
          type: PathPrefix
          value: /

---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: ReferenceGrant
metadata:
  name: green-monitoring
  namespace: monitoring
spec:
  from:
  - group: gateway.networking.k8s.io
    kind: HTTPRoute
    namespace: green
  to:
  - group: ""
    kind: Service

## reload.sh
#! /bin/bash

kind load docker-image consul-api-gateway/dev:0.5.0 -n nsbug
kubectl delete -f api-gateway-svc.yaml
kubectl delete -f green-api-gateway.yaml
kubectl delete -f nginx-test-gateway-httproute.yaml
kubectl delete namespace green
kubectl exec consul-server-0 -n consul -- /bin/sh -c "export CONSUL_HTTP_TOKEN=61f69a27-028d-ad76-e4e5-b538334caf3e && consul namespace delete \"green\""
kubectl delete pod "$(kubectl get pods --no-headers -o custom-columns=":metadata.name" -n consul | grep gateway-controller)" -n consul
kubectl create namespace green
kubectl wait --timeout=180s --for=condition=Available=True deployments/consul-controller -n consul
kubectl apply -f green-api-gateway.yaml
while ! kubectl get deployments green-apigw -n green; do sleep 1; done
kubectl wait --timeout=120s --for=condition=Available=True deployments/green-apigw -n green
kubectl apply -f nginx-test-gateway-httproute.yaml
kubectl get svc green-apigw -o yaml -n green | sed 's/nodePort: ...../nodePort: 30002/g' >api-gateway-svc.yaml
kubectl apply -f api-gateway-svc.yaml

## service-defaults.yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceDefaults
metadata:
  name: nginx-gateway-demo
spec:
  protocol: http
	apiVersion: v1
	data:
	token: NjFmNjlhMjctMDI4ZC1hZDc2LWU0ZTUtYjUzODMzNGNhZjNl
	kind: Secret
	metadata:
	labels:
	managed-by: consul-k8s
	name: nsbug-apigw-consul-bootstrap-acl-token
	namespace: consul
	type: Opaque
	# the token: 61f69a27-028d-ad76-e4e5-b538334caf3e
	#!/bin/bash

	helm uninstall consul -n consul
	sleep 15
	kind delete cluster -n nsbug
	global:
	datacenter: dc1
	name: consul
	logLevel: debug
	enabled: false
	image: "hashicorp/consul-enterprise:1.13.2-ent"

	enableConsulNamespaces: true
	acls:
	manageSystemACLs: true
	bootstrapToken:
	secretName: nsbug-apigw-consul-bootstrap-acl-token
	secretKey: token
	enterpriseLicense:
	secretName: "license"
	secretKey: "key"

	apiGateway:
	enabled: true
	image: consul-api-gateway/dev:0.5.0
	logLevel: debug
	managedGatewayClass:
	enabled: true
	serviceType: NodePort
	useHostPorts: false

	connectInject:
	enabled: true
	replicas: 1
	transparentProxy:
	defaultEnabled: true
	defaultOverwriteProbes: true
	k8sAllowNamespaces: ["*"]
	consulNamespaces:
	mirroringK8S: true

	controller:
	enabled: true
	replicas: 1

	consulSidecarContainer:
	imageEnvoy: "envoyproxy/envoy:v1.23.1"

	server:
	enabled: true
	replicas: 1

	client:
	enabled: true
	grpc: true

	ui:
	enabled: true
	service:
	enabled: true
	type: NodePort
	port:
	http: 80
	nodePort:
	http: 30000
	#!/bin/bash

	kind create cluster --config kind-cluster.yaml
	# The following line assumes that you have compiled the image locally using `make docker/dev` from the api-gateway repo
	kind load docker-image consul-api-gateway/dev:0.5.0 -n nsbug

	kubectl apply --kustomize "github.com/hashicorp/consul-api-gateway/config/crd?ref=v0.4.0"
	kubectl create namespace consul
	kubectl create namespace green
	kubectl create namespace monitoring
	kubectl create secret generic license -n consul --from-literal="key=<YOUR ENTERPRISE KEY>"
	kubectl apply -f bootstrap-token.yaml
	echo "helm installing"
	helm install consul hashicorp/consul --values consul_values.yaml -n consul --version=0.49.0
	echo "helm is done"
	kubectl wait --timeout=180s --for=condition=Available=True deployments/consul-controller -n consul
	kubectl apply -f service-defaults.yaml -n monitoring
	kubectl apply -f nginx-test-gateway-deployment.yaml
	kubectl apply -f green-api-gateway.yaml
	while ! kubectl get deployments green-apigw -n green; do sleep 1; done
	kubectl wait --timeout=180s --for=condition=Available=True deployments/green-apigw -n green
	kubectl apply -f nginx-test-gateway-httproute.yaml
	kubectl get svc green-apigw -n green -o yaml \| sed 's/nodePort: ...../nodePort: 30002/g' >api-gateway-svc.yaml
	kubectl apply -f api-gateway-svc.yaml
	kubectl get svc -n consul
	apiVersion: gateway.networking.k8s.io/v1beta1
	kind: Gateway
	metadata:
	name: green-apigw
	namespace: green

	spec:
	gatewayClassName: consul-api-gateway
	listeners:
	- name: http
	protocol: HTTP
	port: 30002
	hostname: '*.green.daskt.nsbug.it'
	allowedRoutes:
	namespaces:
	from: All
	kind: Cluster
	apiVersion: kind.x-k8s.io/v1alpha4
	name: nsbug
	nodes:
	- role: control-plane
	image: kindest/node:v1.23.12
	extraPortMappings:
	- containerPort: 30000
	hostPort: 30600
	- containerPort: 30001
	hostPort: 30601
	- containerPort: 30002
	hostPort: 30602
	- role: worker
	image: kindest/node:v1.23.12
	- role: worker
	image: kindest/node:v1.23.12
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: nginx-gateway-demo
	namespace: monitoring
	labels:
	my-label: nginx-gateway-demo
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: nginx-gateway-demo
	namespace: monitoring
	labels:
	my-label: nginx-gateway-demo
	spec:
	selector:
	matchLabels:
	app: nginx-gateway-demo
	replicas: 1
	template:
	metadata:
	labels:
	app: nginx-gateway-demo
	annotations:
	consul.hashicorp.com/connect-inject: "true"
	consul.hashicorp.com/enable-metrics-merging: "false"
	consul.hashicorp.com/envoy-extra-args: '--log-level debug'
	consul.hashicorp.com/transparent-proxy: 'false'
	spec:
	serviceAccountName: nginx-gateway-demo
	containers:
	- name: nginx
	image: nginxdemos/hello:0.3
	ports:
	- containerPort: 80
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: nginx-gateway-demo
	namespace: monitoring
	labels:
	my-label: nginx-gateway-demo
	spec:
	type: ClusterIP
	selector:
	app: nginx-gateway-demo
	ports:
	- port: 80
	targetPort: 80
	apiVersion: gateway.networking.k8s.io/v1beta1
	kind: HTTPRoute
	metadata:
	name: nginx-gateway-demo-http-route-1
	namespace: monitoring
	spec:
	hostnames:
	- nginx.green.daskt.nsbug.it
	parentRefs:
	- group: gateway.networking.k8s.io
	kind: Gateway
	name: green-apigw
	namespace: green
	rules:
	- backendRefs:
	- kind: Service
	name: nginx-gateway-demo
	namespace: monitoring
	port: 80
	weight: 1
	matches:
	- path:
	type: PathPrefix
	value: /

	---
	apiVersion: gateway.networking.k8s.io/v1alpha2
	kind: ReferenceGrant
	metadata:
	name: green-monitoring
	namespace: monitoring
	spec:
	from:
	- group: gateway.networking.k8s.io
	kind: HTTPRoute
	namespace: green
	to:
	- group: ""
	kind: Service
	#! /bin/bash

	kind load docker-image consul-api-gateway/dev:0.5.0 -n nsbug
	kubectl delete -f api-gateway-svc.yaml
	kubectl delete -f green-api-gateway.yaml
	kubectl delete -f nginx-test-gateway-httproute.yaml
	kubectl delete namespace green
	kubectl exec consul-server-0 -n consul -- /bin/sh -c "export CONSUL_HTTP_TOKEN=61f69a27-028d-ad76-e4e5-b538334caf3e && consul namespace delete \"green\""
	kubectl delete pod "$(kubectl get pods --no-headers -o custom-columns=":metadata.name" -n consul \| grep gateway-controller)" -n consul
	kubectl create namespace green
	kubectl wait --timeout=180s --for=condition=Available=True deployments/consul-controller -n consul
	kubectl apply -f green-api-gateway.yaml
	while ! kubectl get deployments green-apigw -n green; do sleep 1; done
	kubectl wait --timeout=120s --for=condition=Available=True deployments/green-apigw -n green
	kubectl apply -f nginx-test-gateway-httproute.yaml
	kubectl get svc green-apigw -o yaml -n green \| sed 's/nodePort: ...../nodePort: 30002/g' >api-gateway-svc.yaml
	kubectl apply -f api-gateway-svc.yaml
	apiVersion: consul.hashicorp.com/v1alpha1
	kind: ServiceDefaults
	metadata:
	name: nginx-gateway-demo
	spec:
	protocol: http