OSM MeshConfig

OSM deploys a MeshConfig resource osm-mesh-config as a part of its control plane (in the same namespace as that of the osm-controller pod) which can be updated by the mesh owner/operator at any time. The purpose of this MeshConfig is to provide the mesh owner/operator the ability to update some of the mesh configurations based on their needs.

At the time of install, the OSM MeshConfig is deployed from a preset MeshConfig (preset-mesh-config) which can be found under charts/osm/templates.

First, set an environment variable to refer to the namespace where osm was installed.

export osm_namespace=osm-system # Replace osm-system with the namespace where OSM is installed

To view your osm-mesh-config in CLI use the kubectl get command.

kubectl get meshconfig osm-mesh-config -n "$osm_namespace" -o yaml

Note: Values in the MeshConfig osm-mesh-config are persisted across upgrades.

Configure OSM MeshConfig

Kubectl Patch Command

Changes to osm-mesh-config can be made using the kubectl patch command.

kubectl patch meshconfig osm-mesh-config -n "$osm_namespace" -p '{"spec":{"traffic":{"enableEgress":true}}}'  --type=merge

Refer to the Config API reference for more information.

If an incorrect value is used, validations on the MeshConfig CRD will prevent the change with an error message explaining why the value is invalid. For example, the below command shows what happens if we patch enableEgress to a non-boolean value.

kubectl patch meshconfig osm-mesh-config -n "$osm_namespace" -p '{"spec":{"traffic":{"enableEgress":"no"}}}'  --type=merge
# Validations on the CRD will deny this change
The MeshConfig "osm-mesh-config" is invalid: spec.traffic.enableEgress: Invalid value: "string": spec.traffic.enableEgress in body must be of type boolean: "string"

Kubectl Patch Command for Each Key Type

Note: <osm-namespace> refers to the namespace where the osm control plane is installed. By default, the osm namespace is osm-system.