Hey Blake, appreciate your input.
HCP Consul should work the same. Do you have a particular question or issue about it?
I do. My naive understanding so far is, the HCP consul cluster is configured to reject any traffic sources that does not originate from within the VPC that's peer'd with the HVN?
Is that correct?
Would that mean I would have to setup a VPN to use HCP consul as otherwise my local terraform traffic would be rejected?
Does this appeal/sound interesting to anyone:
Interested in hearing your thoughts
Outside using the way a prepared query can be accessed over DNS, is there a more direct way of putting in an expression in
retry_join such that it uses prepared query in the same style of the way "provider" expressions work in
I want to try using a prepared query to self discover consul peers in
retry_join (assuming the consul server resolving the prepared query knows about said peers)?
consul connect ca set-configto rotate between Vault CA endpoints gracefully. The issue is that while existing proxies work fine during the rotation process, new proxies can't seem to reference the new CA bundle until the Consul leader is restarted and an election is forced. Restarting the leader immediately after setting the config causes old proxies to break for a few minutes, however, so this isn't an option. Has anyone dealt with this before? We are on Consul 1.9.6, Envoy 1.16.4.