in a Consul mesh gateway federated Cluster setup are config entries also propagated through the primary to all secondary clusters or do I need to write the config to secondary explicitly?
I tried setting it up through the primary and also set the datacenter flag in the cli, but the Api gateway service did not appear in the secondary cluster
Yes, if you have federation with ACL replication enabled, the config entries are also replicated to the secondary DCs. In fact, if you write config entries against the secondary DCs, they will get routed to the primary DC, written in the primary DC, and then replicated to the secondary DCs.
Hi @Ranjandas ,
when I use an API gateway and upload the TLS certificate for the listener, will that also be distributed in the federated cluster or is this specific to a single cluster?
First of all, please ignore my previous response about certificate distribution being outside the scope of Consul. That response was actually for another post; my apologies. I have deleted that response to avoid confusion.
The API Gateway listener certificates are configured as Config-Entries. If you are federating the cluster using WAN Federation with replication, these config entries will be replicated from primary to secondary clusters.
Hi @Ranjandas ,
no problem and thanks for the quick response.
So generally speaking all configuration entries are distributed in a federated mesh cluster?
If that is the case how can i tell consul that an api gateway configuration is for a specific cluster? Do I somehow need to pass the data center name?
For my primary cluster it works, but i fail to get an api gateway up and running in the secondary cluster
I’ve set up the primary cluster and configured the API gateway service, expecting these configurations to be propagated automatically to all secondary clusters. However, despite setting the datacenter flag in the CLI, the API gateway service does not appear in the secondary cluster.