Update: the above the be implemented as below:
- Disable transparent proxy on Consul and Kong;
- Add a single upsteam annotation to the service that needs to access upstreams, i.e.: consul.hashicorp.com/connect-service-upstreams: “service-a-outbound:10000”;
- Set your hostname as localhost and port as 10000;
- Make sure you have a route for all the services it needs to access, i.e.:
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceRouter
metadata:
name: service-a-outbound
spec:
routes:
- match:
http:
pathPrefix: /service/b/path/v1
destination:
service: service-b
- match:
http:
pathPrefix: /service/c/path/v1
destination:
service: service-c
Refer to this code for a complete example: https://github.com/phan-t/terraform-consul-master/tree/main/examples/applications/fake-service
Limitations:
- The service Topology does not seem to be updated - this is something that Hashicorp will improve for Virtual Services;
- You cannot apply different limits for different outbounds - ServiceDefaults > upstreamConfig > overrides. Only defaults makes sense in this case.