• Your own Azure subscription
• A resource group that contains all following resources
  • An AKS Cluster
  • A HashiCorp Consul Service on Azure Datacenter with a public endpoint enabled
  • A VNet
• The following binaries installed on the development host
  • jq
  • kubectl 1.18.0+
  • helm 3.2.1+
  • Azure CLI
  • Consul 1.8.x

helm repo add hashicorp https://helm.releases.hashicorp.com && helm repo update

az extension add --source https://releases.hashicorp.com/hcs/0.3.0/hcs-0.3.0-py2.py3-none-any.whl

az login

export RESOURCE_GROUP=<your-resource-group-name> && echo $RESOURCE_GROUP

az resource list --resource-group $RESOURCE_GROUP -o table

export AKS_CLUSTER=$(az aks list --resource-group $RESOURCE_GROUP | jq -r '.[] | .name') && echo $AKS_CLUSTER

export HCS_MANAGED_APP=$(az hcs list --resource-group $RESOURCE_GROUP | jq -r '.[] | .name') && echo $HCS_MANAGED_APP

export HCS_MANAGED_RESOURCE_GROUP=${$(az hcs list --resource-group $RESOURCE_GROUP | jq -r '.[] | .managedResourceGroupId')##*/} && echo $HCS_MANAGED_RESOURCE_GROUP

az aks get-credentials --name $AKS_CLUSTER --resource-group $RESOURCE_GROUP

az hcs create-token --name $HCS_MANAGED_APP --resource-group $RESOURCE_GROUP --output-kubernetes-secret | kubectl apply -f -

az hcs generate-kubernetes-secret --name $HCS_MANAGED_APP --resource-group $RESOURCE_GROUP | kubectl apply -f -

az hcs generate-helm-values --name $HCS_MANAGED_APP --resource-group $RESOURCE_GROUP --aks-cluster-name $AKS_CLUSTER > config.yaml

sed -i -e 's/^ # \(exposeGossipPorts\)/ \1/' config.yaml

export CONSUL_HTTP_ADDR=$(az hcs show --name $HCS_MANAGED_APP --resource-group $RESOURCE_GROUP | jq -r .properties.consulExternalEndpointUrl) && echo $CONSUL_HTTP_ADDR

export CONSUL_HTTP_TOKEN=$(kubectl get secret $HCS_MANAGED_APP-bootstrap-token -o jsonpath={.data.token} | base64 -d) && echo $CONSUL_HTTP_TOKEN

export CONSUL_HTTP_SSL_VERIFY=false && echo $CONSUL_HTTP_SSL_VERIFY

consul members

az network vnet peering create \
  -g $HCS_MANAGED_RESOURCE_GROUP \
  -n hcs-to-aks \
  --vnet-name $(az network vnet list \
    --resource-group $HCS_MANAGED_RESOURCE_GROUP | jq -r '.[0].name') \
  --remote-vnet $(az network vnet list \
    --resource-group $RESOURCE_GROUP | jq -r '.[0].id') \
  --allow-vnet-access

az network vnet peering create \
  -g $RESOURCE_GROUP \
  -n aks-to-hcs \
  --vnet-name $(az network vnet list \
    --resource-group $RESOURCE_GROUP | jq -r '.[0].name') \
  --remote-vnet $(az network vnet list \
    --resource-group $HCS_MANAGED_RESOURCE_GROUP | jq -r '.[0].id') \
  --allow-vnet-access

helm install hcs hashicorp/consul -f config.yaml --wait

consul members

kubectl apply -f hashicups/ --wait

consul config write hashicups/ingress-gateway.hcl

sudo tee -a ./config.yaml <<EOF
ingressGateways:
  enabled: true
  defaults:
    replicas: 1
  gateways:
    - name: ingress-gateway
      service:
        type: LoadBalancer
EOF

helm upgrade -f ./config.yaml hcs hashicorp/consul --wait

consul intention create ingress-gateway frontend && \
consul intention create frontend public-api && \
consul intention create public-api products-api && \
consul intention create products-api postgres

kubectl get svc