Setup Gloo Mesh
At the end of this chapter you would have,
- Created Virtual Mesh to connect
$CLUSTER1(gke)and$CLUSTER1(eks) - Applied Access Policies
- Create TrafficPolicy to distribute traffic
- Integrated VM Workload with Mesh
Pre-requsites and Assumptions¶
This chapter assumes that you have done the following if not please vist the earlier chapters to compelte the requriements,
- Setup VM
- Created Kubernetes Clusters on
$CLUSTER1(gke),$CLUSTER1(eks)and$MGMT(civo) - Deployed Istio on Workload Clusters
- Installed Gloo Mesh and Registered the clusters
- Created VPN Tunnel in GCP
Ensure environment¶
Navigate to Tutorial home
cd $TUTORIAL_HOME
Set cluster environment variables
source $TUTORIAL_HOME/.envrc
Enable PeerAuthentication¶
Let us configure Istio PeerAuthentication in $CLUSTER1 and $CLUSTER2. PeerAuthentication enable the mTLS between service mesh services and will help in unifying the ROOT CA between heterogenous service meshes. This common ROOT CA enables the services across the meshes to trust each other.
Cluster 1¶
kubectl --context=${CLUSTER1} apply -f $TUTORIAL_HOME/mesh-files/peer-auth.yaml
Cluster 2¶
kubectl --context=${CLUSTER2} apply -f $TUTORIAL_HOME/mesh-files/peer-auth.yaml
Virtual Mesh¶
Having enabled mTLS on $CLUSTER1 and $CLUSTER2, we can now unify the service meshes using Gloo Mesh’s VirtualMesh,
kubectl --context=${MGMT} apply -f $TUTORIAL_HOME/mesh-files/bgc-virtual-mesh.yaml
Gloo Mesh Dashboard¶
We can use Gloo Mesh Dashboard to verify our registered clusters and mesh details,
Open a new terminal and run the following command,
source $TUTORIAL_HOME/.envrc
kubectl --context=$MGMT port-forward -n gloo-mesh deployment/dashboard 8090:8090
You can then open the dashboard in your browser which will open a page as shown:
If you navigate to the Debug tab you could see the bgc-virtual-mesh that we created with cluster1 and cluster2 Istio servicemeshes,
Now we are all set to deploy the demo applications on these clusters.