I have deployed istio-pilot and pre-requisite applications inside of Docker containers.
I have also deployed consul and envoy. I used the ‘Quick Start on Docker’ from the Istio Docs from the Nomad and Consul section.
I am currently not using side cars as my micro-services are all located inside of pcf. I am currently as a first step in my workflow trying to configure an ingress gateway that allows access to the microservices running inside pcf.
I have this all running inside of a static Envoy configuration. I am working towards making use of consul as service registry and pilot as control plane to provide this configuration dynamically.
I need help determining what I need to put in my VirtualServices, and DestintationRoutes in order to make the registered services in consul available in pilot and then passed as valid xDS configurations to Envoy. I may also need some guidance on what need put in the Envoy configuration. To make those clusters available as dynamic active clusters. As of now I have this working up to the point of these all talking to each other but the only dynamic cluster available is the blackhole cluster.
Note: I had to use [@] to replace [.] as they were being interpreted as external links.
Here is a sample of a registration sent to Consul
{
"ID": "dd4a5349-6f98-4ac9-491c-3b4a-0",
"Name": "person-service-dev",
"Tags": [
"version|v1"
],
"Meta": {
"App_Guid": "9f444ca7-a93f-4c51-af7b-8b1a129906fd",
"Application_uri_0": "person-service-dev-blue@pcf1test1@somecompany.com",
"Environment": "dev",
"Instance_Guid": "dd4a5349-6f98-4ac9-491c-3b4a",
"Instance_Index": "0",
"Region": "1",
"Revision": "aeebbfff-3fe7-45fd-9ca5-53b22734e185",
"private_IP": "10.3.111.111",
"private_port": "61016"
},
"Port": 443,
"Address": "person-service-dev@pcf1test1@somecompany.com",
"Weights": {
"Passing": 1,
"Warning": 1
},
"EnableTagOverride": false
}
Here is a sample of the static configuration that works
"configs": {
"listeners": {
"@type": "type.googleapis.com/envoy.admin.v2alpha.ListenersConfigDump",
"staticListeners": [
{
"name": "listener_0",
"address": {
...
}
},
"filterChains": [
{
...
},
"filters": [
{
"name": "envoy.http_connection_manager",
"config": {
"stat_prefix": "ingress_http",
"add_user_agent": true,
"route_config": {
"name": "remote_route",
"virtual_hosts": [
{
"routes": [
{
"route": {
"prefix_rewrite": "/",
"cluster": "person-service-dev_cluster",
"auto_host_rewrite": true,
"timeout": "5s"
},
"match": {
"prefix": "/v1/config/"
}
},
...
"clusters": {
"@type": "type.googleapis.com/envoy.admin.v2alpha.ClustersConfigDump",
"staticClusters": [
{
...
"name": "person-service-dev_cluster",
"type": "STRICT_DNS",
"connectTimeout": "3s",
"hosts": [
{
"socketAddress": {
"address": "person-service-dev@pcf1test1@somecompany@com",
"portValue": 443
}
},
{
"socketAddress": {
"address": "person-service-dev@pcf2test1@somecompany@com",
"portValue": 443
}
}
],
"healthChecks": [
{
"timeout": "5s",
"interval": "5s",
"intervalJitter": "1s",
"unhealthyThreshold": 5,
"healthyThreshold": 2,
"reuseConnection": true,
"httpHealthCheck": {
"host": "person-service-dev@somecompany@com", # this is a dummied value it is just any server page that returns a 200
"path": "/health"
}
}
],
"tlsContext": {
"commonTlsContext": {
"validationContext": {
"trustedCa": {
"filename": "/etc/ssl/certs/ca-cert-somecompanyrootca.pem"
}
}
},
...