-
ServiceMeshVersion: 2.0 -
Purpose: Configs will not be distributed to Envoy istio-proxy sidecar beyond the same namespace unless overriden by configurations of SideCar CR resource
-
Pre-Requisites
ServiceMesh Operators Installation TBD
-
Setup
-
Control Plane Namespace Creation
oc new-project <istio-system-tenant-2>
-
SMCP
oc apply -f smcp-2.0.yaml
-
or modify/apply the following
apiVersion: maistra.io/v2 kind: ServiceMeshControlPlane metadata: name: <tenant-2> namespace: <istio-system-tenant-2> spec: tracing: sampling: 10000 type: Jaeger general: logging: logAsJSON: true profiles: - default proxy: accessLogging: file: name: /dev/stdout policy: type: Istiod addons: grafana: enabled: true jaeger: install: storage: type: Memory kiali: enabled: true prometheus: enabled: true version: v2.0 telemetry: type: Istiod -
Reset
oc delete -f smcp-2.0.yaml
-
-
SMBR
oc apply -f smmr.yaml
-
Reset
oc delete -f smmr.yaml
-
-
-
httpbin namespace & httpbin deployment
-
travel-agency, travel-control, travel-portal namespace & deployments
-
TBD echo-grpc ??
-
TBD hello client/service
-
Get configurations of
istio-proxysidecar before applying anySidecarCR override resources-
Retrieve
istio-proxy(envoy)cluster,endpoint,routeconfigurations from multiple PODs in the namespaces (ex. below) and compare. They contain cross namespace configurationsistioctl proxy-config cluster control-5fcd7bb48d-zgnwf istioctl proxy-config route control-5fcd7bb48d-zgnwf istioctl proxy-config route control-5fcd7bb48d-zgnwf
-
Full configuration can be extracted
oc rsh -Tc istio-proxy control-5fcd7bb48d-zgnwf curl http://localhost:15000/config_dump >> <POD-NAME>-config-original.txt
-
-
-
Get configurations of
istio-proxysidecar after applyingSidecarCR inServiceMeshcontrol plane namespace for the whole meshistioctl proxy-config cluster control-5fcd7bb48d-zgnwf istioctl proxy-config route control-5fcd7bb48d-zgnwf istioctl proxy-config route control-5fcd7bb48d-zgnwf
-
Full configuration can be extracted
oc rsh -Tc istio-proxy control-5fcd7bb48d-zgnwf curl http://localhost:15000/config_dump >> <POD-NAME>-config-original.txt
-
-
Get configurations of
istio-proxysidecar for PODs intravel-control,travel-portal,travel-agency,httpbinnamespaces after applyingSidecaroverride CRs. The 3 first should have configs for each other but not forhttpbinand vice-versa.istioctl proxy-config cluster control-5fcd7bb48d-zgnwf istioctl proxy-config route control-5fcd7bb48d-zgnwf istioctl proxy-config route control-5fcd7bb48d-zgnwf
-
Send Requests on httpbin
watch -n 5 curl -i -X GET "http://httpbin2-httpbin-gateway-525eca1d5089dbdc-istio-wasm-poc.apps.cluster-6tzwm.6tzwm.sandbox256.opentlc.com//response-headers?freeform=" -H "accept: application/json"
-
Send Requests on travel-control (not required)
watch -n 5 curl -i -X GET "http://istio-ingressgateway-istio-wasm-poc.apps.cluster-6tzwm.6tzwm.sandbox256.opentlc.com/"
-
-
Apply
ServiceMeshwide CRSidecarto force configuration distribution andmeshvisibility within namespace and control plane namespace only#use as is or change istio control plane namespace details oc apply -f sidecar-all-mesh.yaml
-
Apply
SidecarCR override totravel-control,travel-portal,travel-agencynamespace istio configuration#use as is or change istio control plane namespace details oc apply -f sidecar-override-travel-namespaces.yaml -n travel-control oc apply -f sidecar-override-travel-namespaces.yaml -n travel-portal oc apply -f sidecar-override-travel-namespaces.yaml -n travel-agency