Ran fake service in k8s, it has web/api/cache and db as subcomponents.
Ran k8s get pods to show the different components
Created first mesh gateways via systcl job
Spun up secondary dc, used k8s setup mechanism to get federation secret
Kubectl apply the secret
Then installed consul on the secondary cluster
Everything came up, including mesh gateways.
Added the right intentions for web->api api->db, api->cache
Connect was broken across this environment at this point, root cause turned out to be a change in the rc that requires service ids to be correct, rebuilt using the latest consul-k8s that had the fix for this issue, and everything worked again.
Deployed ingress gateway for “web” service, checked it showed up in the ui
Change dns to point to ingress gateway
Configured intentions for ingress gateway
Patched web instances to only listen on localhost
Verified that accessing web service from the ingress gateway’s address worked!
modified ingress gateway to also support forwarding to "api".
Used feature added between last beta and rc that requires host header for the above scenario, and showed that sending host header resolves to the right backend when routing through ingress gateway
Added a terminating gateway instance that pointed to example.com , ui showed that it registered correctly
Added intentions for terminating gateway
Curl -v host:example.com <terminating_gateway_ip> proved that the terminating gateway was able to resolve the IP of example.com correctly. (this tests Freddy's changes