67 lines
1.1 KiB
Bash
67 lines
1.1 KiB
Bash
#!/bin/bash
|
|
|
|
set -euo pipefail
|
|
|
|
upsert_config_entry primary '
|
|
kind = "proxy-defaults"
|
|
name = "global"
|
|
config {
|
|
protocol = "http"
|
|
}
|
|
'
|
|
|
|
upsert_config_entry primary '
|
|
kind = "ingress-gateway"
|
|
name = "ingress-gateway"
|
|
listeners = [
|
|
{
|
|
port = 9999
|
|
protocol = "http"
|
|
services = [
|
|
{
|
|
name = "*"
|
|
}
|
|
]
|
|
tls {
|
|
sds {
|
|
cluster_name = "sds-cluster"
|
|
cert_resource = "wildcard.ingress.consul"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
port = 9998
|
|
protocol = "http"
|
|
services = [
|
|
{
|
|
name = "s1"
|
|
hosts = ["foo.example.com"]
|
|
tls {
|
|
sds {
|
|
cluster_name = "sds-cluster"
|
|
cert_resource = "foo.example.com"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
# Route to s2 on a differet domain with different cert
|
|
name = "s2"
|
|
hosts = ["www.example.com"]
|
|
tls {
|
|
sds {
|
|
cluster_name = "sds-cluster"
|
|
cert_resource = "www.example.com"
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
'
|
|
|
|
register_services primary
|
|
|
|
gen_envoy_bootstrap ingress-gateway 20000 primary true
|
|
gen_envoy_bootstrap s1 19000
|
|
gen_envoy_bootstrap s2 19001
|