Giters

fperearodriguez / ossm-federation

OSSM federation in OpenShift

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

OSSM federated in OpenShift

The objective of this repository is to setup a federated service mesh by using the OpenShift Service Mesh federation module.

Prerequisites

  • Two OCP cluster installed. In this laboratory, two SNO clusters have been installed in AWS.
  • OCP 4.13 version
  • OSSM 2.4.X
  • In this laboratory, istio-system is used as control plane's namespace.
  • Cluster names: cluster-1 & cluster-2.
  • Two applications used: sleep and helloworld. In cluster-1, the helloworld application used is this deployment, and in cluster-2 the application used is this one.

Top-level diagram

How-to: Export service from cluster-2 cluster and import it into cluster-1 cluster.

OSSM resources

  1. Create SMCP & SMMR
  2. Fetch Istio CAcert from each Service Mesh:

Cluster-1 cluster:

oc get configmap istio-ca-root-cert -o jsonpath='{.data.root-cert\.pem}' > 1-ossm-resources/1-federation/remote-cluster-1-mesh-cert.pem

Cluster-2 cluster:

oc get configmap istio-ca-root-cert -o jsonpath='{.data.root-cert\.pem}' > 1-ossm-resources/1-federation/remote-cluster-2-mesh-cert.pem
  1. Create the cluster-1 configmap in the cluster-2 cluster:

Cluster-2 cluster:

oc -n istio-system create configmap cluster-1-ca-root-cert --from-file=root-cert.pem=./1-ossm-resources/1-federation/remote-cluster-1-mesh-cert.pem

Cluster-1 cluster:

oc -n istio-system create configmap cluster-2-ca-root-cert --from-file=root-cert.pem=./1-ossm-resources/1-federation/remote-cluster-2-mesh-cert.pem
  1. Retrieve AWS LB ip addresses:

Cluster-1 cluster:

AWS_LB_SM_EAST=$(oc get svc cluster-2-ingress -o jsonpath='{.status.loadBalancer.ingress[0].hostname}' -n istio-system)

Cluster-2 cluster:

AWS_LB_SM_WEST=$(oc get svc cluster-1-ingress -o jsonpath='{.status.loadBalancer.ingress[0].hostname}' -n istio-system)
  1. Create the ServiceMeshPeer resources in both cluster:

Cluster-1 cluster:

oc apply -f 1-ossm-resources/1-federation/servicemeshpeer-cluster-1.yaml

Cluster-2 cluster:

oc apply -f 1-ossm-resources/1-federation/servicemeshpeer-cluster-2.yaml
  1. Create exportedServiceSet in the cluster-2 cluster:
oc apply -f 1-ossm-resources/1-federation/exportedserviceset-cluster-2.yaml
  status:
    exportedServices:
    - exportedName: helloworld-canary.my-awesome-project.svc.cluster-1-exports.local
      localService:
        hostname: helloworld-canary.my-awesome-project.svc.cluster.local
        name: helloworld-canary
        namespace: my-awesome-project
    - exportedName: sleep.my-awesome-project.svc.cluster-1-exports.local
      localService:
        hostname: sleep.my-awesome-project.svc.cluster.local
        name: sleep
        namespace: my-awesome-project
  1. Create importedServiceSet in the cluster-1 cluster:
oc apply -f 1-ossm-resources/1-federation/importedserviceset-cluster-1.yaml

Once the importedServiceSet is created, it may take some minutes to reconcile and discover the new services.

 status:
    importedServices:
    - exportedName: helloworld-canary.my-awesome-project.svc.cluster-1-exports.local
      localService:
        hostname: helloworld-canary.my-awesome-project.svc.cluster.local
        name: helloworld-canary
        namespace: my-awesome-project
    - exportedName: sleep.my-awesome-project.svc.cluster-1-exports.local
      localService:
        hostname: sleep.my-awesome-project.svc.cluster-2-imports.local
        name: sleep
        namespace: my-awesome-project

About

OSSM federation in OpenShift