MeshService

This resource is experimental! In Kubernetes, to take advantage of the automatic generation described below, you need to set both control plane configuration variables KUMA_EXPERIMENTAL_SKIP_PERSISTED_VIPS and KUMA_EXPERIMENTAL_GENERATE_MESH_SERVICES to "true" on the zone control planes that use MeshServices.

MeshService is a new resource that represents what was previously expressed by the Dataplane tag kuma.io/service. Kubernetes users should think about it as the analog of a Kubernetes Service.

A basic example follows to illustrate the structure:

  1. apiVersion: kuma.io/v1alpha1
  2. kind: MeshService
  3. metadata:
  4.   name: redis
  5.   namespace: kuma-system
  6.   labels:
  7.     team: db-operators
  8.     kuma.io/mesh: default
  9. spec:
  10.   selector:
  11.     dataplaneTags:
  12.       app: redis
  13.       k8s.kuma.io/namespace: redis-system
  14.   ports:
  15.   - port: 6739
  16.     targetPort: 6739
  17.     appProtocol: tcp
  18.   - name: some-port
  19.     port: 16739
  20.     targetPort: target-port-from-container
  21.     appProtocol: tcp
  1. type: MeshService
  2. name: redis
  3. mesh: default
  4. labels:
  5.   team: db-operators
  6. spec:
  7.   selector:
  8.     dataplaneTags:
  9.       app: redis
  10.       k8s.kuma.io/namespace: redis-system
  11.   ports:
  12.   - port: 6739
  13.     targetPort: 6739
  14.     appProtocol: tcp
  15.   - name: some-port
  16.     port: 16739
  17.     targetPort: target-port-from-container
  18.     appProtocol: tcp
  19. status:
  20.   addresses:
  21.   - hostname: redis.mesh
  22.     origin: HostnameGenerator
  23.     hostnameGeneratorRef:
  24.       coreName: kmy-hostname-generator
  25.   vips:
  26.   - ip: 10.0.1.1

The MeshService represents a destination for traffic from elsewhere in the mesh. It defines which Dataplane objects serve this traffic as well as what ports are available. It also holds information about which IPs and hostnames can be used to reach this destination.

Zone types

How users interact with MeshServices will depend on the type of zone.

Kubernetes

On Kubernetes, Service already provides a number of the features provided by MeshService. For this reason, Kuma generates MeshServices from Services and:

  • reuses VIPs in the form of cluster IPs
  • uses Kubernetes DNS names

You need to set the kuma.io/mesh label on any Services from which a MeshService should be generated.

In the vast majority of cases, Kubernetes users do not create MeshServices.

Universal

In universal zones, MeshServices need to be created manually for now. A strategy of automatically generating MeshService objects from Dataplanes is planned for the future.

Hostnames

Because of various shortcomings, the existing VirtualOutbound does not work with MeshService and is planned for phasing out. A new HostnameGenerator resource was introduced to manage hostnames for MeshServices.

Ports

The ports field lists the ports exposed by the Dataplanes that the MeshService matches. targetPort can refer to a port directly or by the name of the Dataplane port.

  1.   ports:
  2.   - name: redis-non-tls
  3.     port: 16739
  4.     targetPort: 6739
  5.     appProtocol: tcp