david-yu
commented
2 years ago Hi @TheHydGuy in order to communicate across DCs, ingress and terminating gateways are not needed, since they are primarily concerned with traffic coming into and out of the mesh. Is there a reason why you are not using just Mesh Gateways instead (which provides mTLS for traffic between DCs)?
We are trying to configure Consul on the AKS cluster and trying to achieve the following flow.
I have two cluster Cluster1 and Cluster2 deploy in AKS deployed in two different VPCs and federated the two clusters (https://learn.hashicorp.com/tutorials/consul/kubernetes-mesh-gateways?in=consul/kubernetes)
Cluster 1 Enabled Ingress Gateway, Mesh Gateway and Terminating gateways Create a catalog service (I have a rest service deployed outside of the consul/kubernetes cluster) Create service defaults/intentions and ingress gateway/terminating gateways yml to configure ingress -> terminating gateway -> Rest Service1 This flow works, when I call the Ingress passing the correct host header, I see the request reaches to my rest service.
Cluster 2 I have the similar setup on the cluster 2, but the cluster 2 is configured to communicate with its own Rest service deployed outside of the cluster. (Note that I have different names on the Ingress Gateways, if I have the same name, I'm not able to register the service in DC2, I'm seeing whatever is configured in DC1 is replicated to DC2) Now if I try to access: ingress Gateway 2 -> Terminating Gateway -> Rest Service 2 This flow works Now comes the complicated piece. I would like to call the Rest service 2 using Ingress Gateway 1 and following is my expectations *** IngressWay 1 -> Mesh Gateway 1 - MesH Gateway 2 -> Terminating Gateway 2 -> Rest Service 2 However when I access Ingress Gateway 1 using the host header as REST Service 2, I see 404 Is my understanding correct or Am I missing anything here. I can attach the yaml files if needed here. Thank you in advance. Appreciate any help in this matter.