Connecting virtual machines to a service mesh
OKD Virtualization is now integrated with OpenShift Service Mesh. You can monitor, visualize, and control traffic between pods that run virtual machine workloads on the default pod network with IPv4.
Prerequisites
You must have installed the Service Mesh Operator and deployed the service mesh control plane.
You must have added the namespace where the virtual machine is created to the service mesh member roll.
You must use the
masquerade
binding method for the default pod network.
Configuring a virtual machine for the service mesh
To add a virtual machine (VM) workload to a service mesh, enable automatic sidecar injection in the VM configuration file by setting the sidecar.istio.io/inject
annotation to true
. Then expose your VM as a service to view your application in the mesh.
Prerequisites
- To avoid port conflicts, do not use ports used by the Istio sidecar proxy. These include ports 15000, 15001, 15006, 15008, 15020, 15021, and 15090.
Procedure
Edit the VM configuration file to add the
sidecar.istio.io/inject: "true"
annotation.Example configuration file
apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
labels:
kubevirt.io/vm: vm-istio
name: vm-istio
spec:
runStrategy: Always
template:
metadata:
labels:
kubevirt.io/vm: vm-istio
app: vm-istio (1)
annotations:
sidecar.istio.io/inject: "true" (2)
spec:
domain:
devices:
interfaces:
- name: default
masquerade: {} (3)
disks:
- disk:
bus: virtio
name: containerdisk
- disk:
bus: virtio
name: cloudinitdisk
resources:
requests:
memory: 1024M
networks:
- name: default
pod: {}
terminationGracePeriodSeconds: 180
volumes:
- containerDisk:
image: registry:5000/kubevirt/fedora-cloud-container-disk-demo:devel
name: containerdisk
1 The key/value pair (label) that must be matched to the service selector attribute. 2 The annotation to enable automatic sidecar injection. 3 The binding method (masquerade mode) for use with the default pod network. Apply the VM configuration:
$ oc apply -f <vm_name>.yaml (1)
1 The name of the virtual machine YAML file. Create a
Service
object to expose your VM to the service mesh.apiVersion: v1
kind: Service
metadata:
name: vm-istio
spec:
selector:
app: vm-istio (1)
ports:
- port: 8080
name: http
protocol: TCP
1 The service selector that determines the set of pods targeted by a service. This attribute corresponds to the spec.metadata.labels
field in the VM configuration file. In the above example, theService
object namedvm-istio
targets TCP port 8080 on any pod with the labelapp=vm-istio
.Create the service:
$ oc create -f <service_name>.yaml (1)
1 The name of the service YAML file.