The objective of this repository is to setup a federated service mesh by using the OpenShift Service Mesh federation module.
- Two OCP cluster installed. In this laboratory, two SNO clusters have been installed in AWS.
- OCP 4.13 version
- OSSM 2.4.X
- In this laboratory, istio-system is used as control plane's namespace.
- Cluster names: cluster-1 & cluster-2.
- Two applications used: sleep and helloworld. In cluster-1, the helloworld application used is this deployment, and in cluster-2 the application used is this one.
How-to: Export service from cluster-2 cluster and import it into cluster-1 cluster.
- Create SMCP & SMMR
- Fetch Istio CAcert from each Service Mesh:
Cluster-1 cluster:
oc get configmap istio-ca-root-cert -o jsonpath='{.data.root-cert\.pem}' > 1-ossm-resources/1-federation/remote-cluster-1-mesh-cert.pem
Cluster-2 cluster:
oc get configmap istio-ca-root-cert -o jsonpath='{.data.root-cert\.pem}' > 1-ossm-resources/1-federation/remote-cluster-2-mesh-cert.pem
- Create the cluster-1 configmap in the cluster-2 cluster:
Cluster-2 cluster:
oc -n istio-system create configmap cluster-1-ca-root-cert --from-file=root-cert.pem=./1-ossm-resources/1-federation/remote-cluster-1-mesh-cert.pem
Cluster-1 cluster:
oc -n istio-system create configmap cluster-2-ca-root-cert --from-file=root-cert.pem=./1-ossm-resources/1-federation/remote-cluster-2-mesh-cert.pem
- Retrieve AWS LB ip addresses:
Cluster-1 cluster:
AWS_LB_SM_EAST=$(oc get svc cluster-2-ingress -o jsonpath='{.status.loadBalancer.ingress[0].hostname}' -n istio-system)
Cluster-2 cluster:
AWS_LB_SM_WEST=$(oc get svc cluster-1-ingress -o jsonpath='{.status.loadBalancer.ingress[0].hostname}' -n istio-system)
- Create the ServiceMeshPeer resources in both cluster:
Cluster-1 cluster:
oc apply -f 1-ossm-resources/1-federation/servicemeshpeer-cluster-1.yaml
Cluster-2 cluster:
oc apply -f 1-ossm-resources/1-federation/servicemeshpeer-cluster-2.yaml
- Create exportedServiceSet in the cluster-2 cluster:
oc apply -f 1-ossm-resources/1-federation/exportedserviceset-cluster-2.yaml
status:
exportedServices:
- exportedName: helloworld-canary.my-awesome-project.svc.cluster-1-exports.local
localService:
hostname: helloworld-canary.my-awesome-project.svc.cluster.local
name: helloworld-canary
namespace: my-awesome-project
- exportedName: sleep.my-awesome-project.svc.cluster-1-exports.local
localService:
hostname: sleep.my-awesome-project.svc.cluster.local
name: sleep
namespace: my-awesome-project
- Create importedServiceSet in the cluster-1 cluster:
oc apply -f 1-ossm-resources/1-federation/importedserviceset-cluster-1.yaml
Once the importedServiceSet is created, it may take some minutes to reconcile and discover the new services.
status:
importedServices:
- exportedName: helloworld-canary.my-awesome-project.svc.cluster-1-exports.local
localService:
hostname: helloworld-canary.my-awesome-project.svc.cluster.local
name: helloworld-canary
namespace: my-awesome-project
- exportedName: sleep.my-awesome-project.svc.cluster-1-exports.local
localService:
hostname: sleep.my-awesome-project.svc.cluster-2-imports.local
name: sleep
namespace: my-awesome-project