This guide demonstrates a TCP client and server application within the service mesh communicating using OSM’s TCP routing capability.

Prerequisites

  • Kubernetes cluster running Kubernetes v1.22.9 or greater.
  • Have OSM installed.
  • Have kubectl available to interact with the API server.
  • Have osm CLI available for managing the service mesh.

Demo

The following demo shows a TCP client sending data to a tcp-echo server, which then echoes back the data to the client over a TCP connection.

  1. Set the namespace where OSM is installed.

    1. osm_namespace=osm-system  # Replace osm-system with the namespace where OSM is installed if different

  2. Deploy the tcp-echo service in the tcp-demo namespace. The tcp-echo service runs on port 9000 with the appProtocol field set to tcp, which indicates to OSM that TCP routing must be used for traffic directed to the tcp-echo service on port 9000.

    1. # Create the tcp-demo namespace
    2. kubectl create namespace tcp-demo
    4. # Add the namespace to the mesh
    5. osm namespace add tcp-demo
    7. # Deploy the service
    8. kubectl apply -f https://raw.githubusercontent.com/openservicemesh/osm-docs/release-v1.2/manifests/apps/tcp-echo.yaml -n tcp-demo

    Confirm the tcp-echo service and pod is up and running.

    1. $ kubectl get svc,po -n tcp-demo
    2. NAME               TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)    AGE
    3. service/tcp-echo   ClusterIP   10.0.216.68   <none>        9000/TCP   97s
    5. NAME                            READY   STATUS    RESTARTS   AGE
    6. pod/tcp-echo-6656b7c4f8-zt92q   2/2     Running   0          97s

  3. Deploy the curl client into the curl namespace.

    1. # Create the curl namespace
    2. kubectl create namespace curl
    4. # Add the namespace to the mesh
    5. osm namespace add curl
    7. # Deploy curl client in the curl namespace
    8. kubectl apply -f https://raw.githubusercontent.com/openservicemesh/osm-docs/release-v1.2/manifests/samples/curl/curl.yaml -n curl

    Confirm the curl client pod is up and running.

    1. $ kubectl get pods -n curl
    2. NAME                    READY   STATUS    RESTARTS   AGE
    3. curl-54ccc6954c-9rlvp   2/2     Running   0          20s

Using Permissive Traffic Policy Mode

We will enable service discovery using permissive traffic policy mode, which allows application connectivity to be established without the need for explicit SMI policies.

  1. Enable permissive traffic policy mode

    1. kubectl patch meshconfig osm-mesh-config -n "$osm_namespace" -p '{"spec":{"traffic":{"enablePermissiveTrafficPolicyMode":true}}}' --type=merge

  2. Confirm the curl client is able to send and receive a response from the tcp-echo service using TCP routing.

    1. $ kubectl exec -n curl -ti "$(kubectl get pod -n curl -l app=curl -o jsonpath='{.items[0].metadata.name}')" -c curl -- sh -c 'echo hello | nc tcp-echo.tcp-demo 9000'
    2. echo response: hello

    The tcp-echo service should echo back the data sent by the client. In the above example, the client sends hello, and the tcp-echo service responds with echo response: hello.

Using SMI Traffic Policy Mode

When using SMI traffic policy mode, explicit traffic policies must be configured to allow application connectivity. We will set up SMI policies to allow the curl client to communicate with the tcp-echo service on port 9000.

  1. Enable SMI traffic policy mode by disabling permissive traffic policy mode

    1. kubectl patch meshconfig osm-mesh-config -n "$osm_namespace" -p '{"spec":{"traffic":{"enablePermissiveTrafficPolicyMode":false}}}' --type=merge

  2. Confirm the curl client is unable to send and receive a response from the tcp-echo service in the absence of SMI policies.

    1. $ kubectl exec -n curl -ti "$(kubectl get pod -n curl -l app=curl -o jsonpath='{.items[0].metadata.name}')" -c curl -- sh -c 'echo hello | nc tcp-echo.tcp-demo 9000'
    2. command terminated with exit code 1

  3. Configure SMI traffic access and routing policies.

    1. kubectl apply -f - <<EOF
    2. # TCP route to allows access to tcp-echo:9000
    3. apiVersion: specs.smi-spec.io/v1alpha4
    4. kind: TCPRoute
    5. metadata:
    6. name: tcp-echo-route
    7. namespace: tcp-demo
    8. spec:
    9. matches:
    10.     ports:
    11.     - 9000
    12. ---
    13. # Traffic target to allow curl app to access tcp-echo service using a TCPRoute
    14. kind: TrafficTarget
    15. apiVersion: access.smi-spec.io/v1alpha3
    16. metadata:
    17. name: tcp-access
    18. namespace: tcp-demo
    19. spec:
    20. destination:
    21.     kind: ServiceAccount
    22.     name: tcp-echo
    23.     namespace: tcp-demo
    24. sources:
    25. - kind: ServiceAccount
    26.     name: curl
    27.     namespace: curl
    28. rules:
    29. - kind: TCPRoute
    30.     name: tcp-echo-route
    31. EOF

  4. Confirm the curl client is able to send and receive a response from the tcp-echo service using SMI TCP route.

    1. $ kubectl exec -n curl -ti "$(kubectl get pod -n curl -l app=curl -o jsonpath='{.items[0].metadata.name}')" -c curl -- sh -c 'echo hello | nc tcp-echo.tcp-demo 9000'
    2. echo response: hello