- Manifest ManagementManifest Management
- Application Update LifecycleApplication Update Lifecycle
- Volume ManagementVolume Management
- Dynamic ParametersDynamic Parameters
- Kubernetes Cluster SupportKubernetes Cluster Support
- Kubernetes RBACKubernetes RBAC
- Network & Traffic managementNetwork & Traffic management
- Kubernetes AutoscalingKubernetes Autoscaling
- Associating Pods To NodesAssociating Pods To Nodes
- Integration with VM (Legacy) ServicesIntegration with VM (Legacy) Services
Integration with VM (Legacy) Services
Pain Point
When deciding on Kubernetes as a platform and an architectural shift to Docker containers, there is a critical need to manage and secure the communication between services, including integration with VM (legacy) services.
Integration of VM (legacy) services with Docker containers is very complex. In case your containers based application needs to call a number of VM (legacy) services running behind the firewall, each service will require a lot of manual and complex configurations.
The following script fetches configuration data from the Kubernetes cluster and applies the configuration to the VM:
Sample Script
https://github.com/GoogleCloudPlatform/istio-samples/tree/master/mesh-expansion-gce/scripts
set -euo pipefail log() { echo "$1" >&2; } # NOTE - if you are on a mac and you don't have gsed, uncomment this line: # brew install gnu-sed # vars PROJECT_ID="${PROJECT_ID:?PROJECT_ID env variable must be specified}" export VM_NAME="istio-gce" ZONE="us-central1-b" CLUSTER_NAME="mesh-exp-gke" export SERVICE_NAMESPACE="default" # put VM-based ProductCatalog's istio services in the GKE default ns CTX="gke_${PROJECT_ID}_${ZONE}_${CLUSTER_NAME}" # configure cluster context gcloud config set project $PROJECT_ID gcloud container clusters get-credentials $CLUSTER_NAME --zone $ZONE kubectl config use-context $CTX # generate cluster.env from the GKE cluster GWIP=$(kubectl get -n istio-system service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}') ISTIO_SERVICE_CIDR=$(gcloud container clusters describe ${CLUSTER_NAME?} \ --zone ${ZONE?} --project ${PROJECT_ID?} \ --format "value(servicesIpv4Cidr)") echo $ISTIO_SERVICE_CIDR log "istio CIDR is: ${ISTIO_SERVICE_CIDR}" echo -e "ISTIO_CP_AUTH=MUTUAL_TLS\nISTIO_SERVICE_CIDR=$ISTIO_SERVICE_CIDR\n" | tee scripts/cluster.env echo "ISTIO_INBOUND_PORTS=8080" >> scripts/cluster.env # Get istio control plane certs kubectl -n ${SERVICE_NAMESPACE?} get secret istio.default \ -o jsonpath='{.data.root-cert\.pem}' | base64 --decode | tee scripts/root-cert.pem kubectl -n ${SERVICE_NAMESPACE?} get secret istio.default \ -o jsonpath='{.data.key\.pem}' | base64 --decode | tee scripts/key.pem kubectl -n ${SERVICE_NAMESPACE?} get secret istio.default \ -o jsonpath='{.data.cert-chain\.pem}' | base64 --decode | tee scripts/cert-chain.pem # Populate 7-configure-mesh script with the GWIP IP # (this script is sent to the VM, to run there.) pattern='GWIP=""' replace="GWIP='$GWIP'" gsed -r -i "s|$pattern|$replace|g" scripts/7-configure-vm.sh # scp certs, env file, and script to the GCE instance log "sending cluster.env, certs, and script to VM..." # scp everything over to the VM gcloud compute --project ${PROJECT_ID?} scp --zone ${ZONE?} \ scripts/7-configure-vm.sh scripts/cluster.env scripts/*.pem ${VM_NAME?}: log "...done." ISTIO_VERSION=${ISTIO_VERSION:=1.3.4} # NOTE - THIS VARIABLE IS AUTO-POPULATED IN ./scripts/4-configure-mesh-exp.sh # (where GWIP refers to your GKE cluster's Istio IngressGateway IP address) GWIP='35.184.3.99' # setup -- install docker curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"; sudo apt-get update; sudo apt-get install -y docker-ce; # update /etc/hosts for DNS resolution echo -e "\n$GWIP istio-citadel istio-pilot istio-pilot.istio-system" | \ sudo tee -a /etc/hosts # install + run the istio remote - version ${ISTIO_VERSION} curl -L https://storage.googleapis.com/istio-release/releases/${ISTIO_VERSION}/deb/istio-sidecar.deb > istio-sidecar.deb sudo dpkg -i istio-sidecar.deb ls -ld /var/lib/istio sudo mkdir -p /etc/certs sudo cp {root-cert.pem,cert-chain.pem,key.pem} /etc/certs sudo cp cluster.env /var/lib/istio/envoy sudo chown -R istio-proxy /etc/certs /var/lib/istio/envoy ls -l /var/lib/istio/envoy/envoy_bootstrap_tmpl.json ls -l /var/lib/istio/envoy/sidecar.env sudo systemctl start istio
How CloudPlex addresses your pain
CloudPlex offers a VM (legacy) service in which a developer only needs to provide the service information. All the configurations required to integrate the VM (legacy) services and containers are created automatically by the platform. As shown below, this visual process is simple, easy and fast.
