Connecting a virtual machine to a service mesh

OKD Virtualization is now integrated with OpenShift Service Mesh. You can monitor, visualize, and control traffic between pods that run virtual machine workloads on the default pod network with IPv4.

Adding a virtual machine to a service mesh

To add a virtual machine (VM) workload to a service mesh, enable automatic sidecar injection in the VM configuration file by setting the sidecar.istio.io/inject annotation to true. Then expose your VM as a service to view your application in the mesh.

To avoid port conflicts, do not use ports used by the Istio sidecar proxy. These include ports 15000, 15001, 15006, 15008, 15020, 15021, and 15090.

Prerequisites

  • You installed the Service Mesh Operators.

  • You created the Service Mesh control plane.

  • You added the VM project to the Service Mesh member roll.

Procedure

  1. Edit the VM configuration file to add the sidecar.istio.io/inject: "true" annotation:

    Example configuration file

    1. apiVersion: kubevirt.io/v1
    2. kind: VirtualMachine
    3. metadata:
    4.   labels:
    5.     kubevirt.io/vm: vm-istio
    6.   name: vm-istio
    7. spec:
    8.   runStrategy: Always
    9.   template:
    10.     metadata:
    11.       labels:
    12.         kubevirt.io/vm: vm-istio
    13.         app: vm-istio (1)
    14.       annotations:
    15.         sidecar.istio.io/inject: "true" (2)
    16.     spec:
    17.       domain:
    18.         devices:
    19.           interfaces:
    20.           - name: default
    21.             masquerade: {} (3)
    22.           disks:
    23.           - disk:
    24.               bus: virtio
    25.             name: containerdisk
    26.           - disk:
    27.               bus: virtio
    28.             name: cloudinitdisk
    29.         resources:
    30.           requests:
    31.             memory: 1024M
    32.       networks:
    33.       - name: default
    34.         pod: {}
    35.       terminationGracePeriodSeconds: 180
    36.       volumes:
    37.       - containerDisk:
    38.           image: registry:5000/kubevirt/fedora-cloud-container-disk-demo:devel
    39.         name: containerdisk
    1The key/value pair (label) that must be matched to the service selector attribute.
    2The annotation to enable automatic sidecar injection.
    3The binding method (masquerade mode) for use with the default pod network.

  2. Apply the VM configuration:

    1. $ oc apply -f <vm_name>.yaml (1)
    1The name of the virtual machine YAML file.

  3. Create a Service object to expose your VM to the service mesh.

    1.   apiVersion: v1
    2.   kind: Service
    3.   metadata:
    4.     name: vm-istio
    5.   spec:
    6.     selector:
    7.       app: vm-istio (1)
    8.     ports:
    9.       - port: 8080
    10.         name: http
    11.         protocol: TCP
    1The service selector that determines the set of pods targeted by a service. This attribute corresponds to the spec.metadata.labels field in the VM configuration file. In the above example, the Service object named vm-istio targets TCP port 8080 on any pod with the label app=vm-istio.

  4. Create the service:

    1. $ oc create -f <service_name>.yaml (1)
    1The name of the service YAML file.

Additional resources