This setup uses mesh and terminating gateways together.
dc1anddc2are peered clusters.destinationis configured as an external endpoint reachable via the terminating gatewaybackendis a service on the meshdestinationandbackendare exported fromdc2todc1destinationandbackendshould be reachable fromsourcein bothdc1anddc2
Note
I generally use GKE, so the commands below reference the gcloud CLI for creating clusters.
Tip
It's helpful to rename your kube context to dc1 after running gcloud container clusters get-credentials. This makes subsequent kubectl commands that need to specify the context(s) easier to write and read.
$ gcloud container clusters create dc1 --region=us-east1 --num-nodes=2
$ gcloud container clusters get-credentials dc1
$ helm upgrade --install consul hashicorp/consul --namespace=consul --create-namespace --values=values-dc1.yaml
$ kubectl apply --filename resources/dc1Tip
It's helpful to rename your kube context to dc2 after running gcloud container clusters get-credentials. This makes subsequent kubectl commands that need to specify the context(s) easier to write and read.
$ gcloud container clusters create dc2 --region=us-east1 --num-nodes=2
$ gcloud container clusters get-credentials dc2
$ kubectl create namespace consul
$ kubectl --context=dc1 get secret peering-token-dc2 -n consul -o yaml | kubectl --context=dc2 apply -n consul -f -
$ helm upgrade --install consul hashicorp/consul --namespace=consul --values=values-dc2.yaml
$ kubectl apply --filename resources/dc2From here, follow https://developer.hashicorp.com/consul/docs/k8s/connect/terminating-gateways
Tip
You can register the service node using stdin: curl --request PUT --data @- and then hit ctrl+d once you've pasted in external-service.json.
To test, we shell into the source container and call our upstream.
It's important that we set the Host header to avoid getting a 421 Misdirected Request from Cloudflare.
$ curl --silent -H "Host: jsonplaceholder.typicode.com" http://localhost:1234/todos/1 | jq