container.training/k8s/consul-2.yaml

# Better Consul cluster.
# There is still no actual persistence, but:
# - podAntiaffinity prevents pod colocation
# - clusters works when scaling down to 1 (thanks to lifecycle hook)
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: consul
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: consul
rules:
  - apiGroups: [""]
    resources:
      - pods
    verbs:
      - get
      - list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: consul
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: consul
subjects:
  - kind: ServiceAccount
    name: consul
---
apiVersion: v1
kind: Service
metadata:
  name: consul
spec:
  ports:
  - port: 8500
    name: http
  selector:
    app: consul
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: consul
spec:
  serviceName: consul
  replicas: 3
  selector:
    matchLabels:
      app: consul
  template:
    metadata:
      labels:
        app: consul
    spec:
      serviceAccountName: consul
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchLabels:
                  app: consul
              topologyKey: kubernetes.io/hostname
      terminationGracePeriodSeconds: 10
      containers:
        - name: consul
          image: "consul:1.11"
          env:
            - name: NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          args:
            - "agent"
            - "-bootstrap-expect=3"
            - "-retry-join=provider=k8s label_selector=\"app=consul\" namespace=\"$(NAMESPACE)\""
            - "-client=0.0.0.0"
            - "-data-dir=/consul/data"
            - "-server"
            - "-ui"
          lifecycle:
            preStop:
              exec:
                command: [ "sh", "-c", "consul leave" ]