Part 2: Service Mesh Visibility
What Will You Do¶
In this part of the self-paced exercise, you will deploy a test application and view the service mesh visualization for that application.
Create Namespaces¶
You will create three namespaces - foo, bar and legacy. You will enable sidecars for two of the namespaces (for foo and bar) but not for the legacy namespace.
- Navigate to the Namespaces page
- Create a new namespace, specify the name (e.g. foo) and select type as Wizard
- In the Configuration section, navigate to Service Mesh Policies and select Enable Sidecar Injection (Skip this step for legacy namespace)
- In the placement section, select the cluster that you want to deploy the namespace to
- Click Save & Go to Publish
- Publish the namespace
Repeat the process to create bar and legacy namespaces. Make sure that you don't enable sidecar injection for legacy namespace.
Deploy the test application¶
Deploy httpbin application to foo and bar namespaces¶
- Navigate to the Workloads page
- Create a new Workload, specify the name (e.g. foo-httpbin) and Package type as yaml
- Select Upload files manually as the Artifact Sync option
- Select the namespace (e.g. foo) from the dropdown menu
- Select continue
- Upload the httpbin.yaml file
- Click Save and Go to Placement
- Select the cluster that you want to deploy the workload to, Click Save and Go to Publish
- Click Publish
Follow the same process to deploy httpbin to bar namespace (name the workload as bar-httpbin).
Below is the httpbin YAML file that you will deploy to foo and bar namespaces.
apiVersion: v1
kind: ServiceAccount
metadata:
name: httpbin
---
apiVersion: v1
kind: Service
metadata:
name: httpbin
labels:
app: httpbin
service: httpbin
spec:
ports:
- name: http
port: 8000
targetPort: 80
selector:
app: httpbin
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: httpbin
spec:
replicas: 1
selector:
matchLabels:
app: httpbin
version: v1
template:
metadata:
labels:
app: httpbin
version: v1
spec:
serviceAccountName: httpbin
containers:
- image: docker.io/kennethreitz/httpbin
imagePullPolicy: IfNotPresent
name: httpbin
ports:
- containerPort: 80
---
Deploy sleep application to foo, bar and legacy namespaces¶
- Navigate to the Workloads page
- Create a new Workload, specify the name (e.g. foo-sleep) and Package type as yaml
- Select Upload files manually as the Artifact Sync option
- Select the namespace (e.g. foo) from the dropdown menu
- Select continue
- Upload the sleep.yaml file
- Click Save and Go to Placement
- Select the cluster that you want to deploy the workload to, Click Save and Go to Publish
- Click Publish
Follow the same process to deploy sleep to bar and legacy namespaces (name the workloads as bar-sleep and legacy-sleep).
Below is the sleep YAML file that you will deploy to foo, bar and legacy namespaces.
apiVersion: v1
kind: ServiceAccount
metadata:
name: sleep
---
apiVersion: v1
kind: Service
metadata:
name: sleep
labels:
app: sleep
service: sleep
spec:
ports:
- port: 80
name: http
selector:
app: sleep
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sleep
spec:
replicas: 1
selector:
matchLabels:
app: sleep
template:
metadata:
labels:
app: sleep
spec:
terminationGracePeriodSeconds: 0
serviceAccountName: sleep
containers:
- name: sleep
image: curlimages/curl
command:
- sh
- "-c"
- |
while true
do
sleep 3
curl http://httpbin.foo:8000/ip
curl http://httpbin.bar:8000/ip
done
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /etc/sleep/tls
name: secret-volume
volumes:
- name: secret-volume
secret:
secretName: sleep-secret
optional: true
---
Create Namespaces¶
You can alternatively create a namespace by using the declarative spec YAML. For more information on automation via RCTL CLI, refer here.
You will create three namespaces - foo, bar and legacy. You will enable sidecars for two of the namespaces (for foo and bar) but not for the legacy namespace. Notice in the example below, you see namespaceMeshPolicyParams with meshEnabled as true.
Spec for foo and bar namespaces (with sidecar injection enabled)¶
Important
Ensure that you update the "value: demo-cluster" with the name of the cluster in your project
kind: Namespace
apiVersion: infra.k8smgmt.io/v3
metadata:
name: foo
project: defaultproject
spec:
type: RafayWizard
namespaceMeshPolicyParams:
meshEnabled: true
placement:
placementType: ClusterSpecific
labels:
- key: rafay.dev/clusterName
value: demo-cluster
Spec for legacy namespace (with sidecar injection not enabled)¶
Important
Ensure that you update the "value: demo-cluster" with the name of the cluster that you are working with
kind: Namespace
apiVersion: infra.k8smgmt.io/v3
metadata:
name: legacy
project: defaultproject
spec:
type: RafayWizard
namespaceMeshPolicyParams:
meshEnabled: false
placement:
placementType: ClusterSpecific
labels:
- key: rafay.dev/clusterName
value: demo-cluster
- Type the command below to create the new namespaces
rctl apply -f <path-to-filename>.yaml
- Type the command below to verify creation of the namespaces
rctl get namespace <name of namespace> --v3
Deploy the test applications¶
Deploy httpbin application to foo and bar namespaces¶
Below is the httpbin YAML file that you will deploy to foo and bar namespaces.
apiVersion: v1
kind: ServiceAccount
metadata:
name: httpbin
---
apiVersion: v1
kind: Service
metadata:
name: httpbin
labels:
app: httpbin
service: httpbin
spec:
ports:
- name: http
port: 8000
targetPort: 80
selector:
app: httpbin
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: httpbin
spec:
replicas: 1
selector:
matchLabels:
app: httpbin
version: v1
template:
metadata:
labels:
app: httpbin
version: v1
spec:
serviceAccountName: httpbin
containers:
- image: docker.io/kennethreitz/httpbin
imagePullPolicy: IfNotPresent
name: httpbin
ports:
- containerPort: 80
---
You can deploy the test application by using the declarative spec YAML. For more information on automation via RCTL CLI, refer here
Important
Ensure that you update the project with the name of your project, the path to the YAML spec for the application above you just saved, the appropriate namespace, and the name of the cluster in the selector section.
apiVersion: apps.k8smgmt.io/v3
kind: Workload
metadata:
name: foo-httpbin
project: defaultproject
spec:
artifact:
artifact:
paths: <path-to-filename>.yaml
type: Yaml
namespace: foo
placement:
selector: rafay.dev/clusterName=demo-cluster
- Type the command below to create the workload and publish it to the cluster
rctl apply -f <path-to-filename>.yaml
- To validate creation and publish of the workload
rctl status workload foo-httpbin
After a few minutes, you should see the workload publish status as READY as well as your cluster name.
Follow the same process to deploy httpbin to bar namespace (name the workload as bar-httpbin).
Deploy sleep application to foo, bar and legacy namespaces¶
Below is the sleep YAML file that you will deploy to foo, bar and legacy namespaces.
apiVersion: v1
kind: ServiceAccount
metadata:
name: sleep
---
apiVersion: v1
kind: Service
metadata:
name: sleep
labels:
app: sleep
service: sleep
spec:
ports:
- port: 80
name: http
selector:
app: sleep
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sleep
spec:
replicas: 1
selector:
matchLabels:
app: sleep
template:
metadata:
labels:
app: sleep
spec:
terminationGracePeriodSeconds: 0
serviceAccountName: sleep
containers:
- name: sleep
image: curlimages/curl
command:
- sh
- "-c"
- |
while true
do
sleep 3
curl http://httpbin.foo:8000/ip
curl http://httpbin.bar:8000/ip
done
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /etc/sleep/tls
name: secret-volume
volumes:
- name: secret-volume
secret:
secretName: sleep-secret
optional: true
---
Important
Ensure that you update the project with the name of your project, the path to the YAML spec for the application above you just saved, the appropriate namespace, and the name of the cluster in the selector section.
You can deploy the test application by using the declarative spec YAML. For more information on automation via RCTL CLI, refer here
apiVersion: apps.k8smgmt.io/v3
kind: Workload
metadata:
name: foo-sleep
project: defaultproject
spec:
artifact:
artifact:
paths: <path-to-filename>.yaml
type: Yaml
namespace: foo
placement:
selector: rafay.dev/clusterName=demo-cluster
- Type the command below to create the workload
rctl apply -f <path-to-filename>.yaml
- To validate creation and publish of the workload
rctl status workload foo-httpbin
After a few minutes, you should see the workload publish status as READY as well as your cluster name.
Follow the same process to deploy sleep application to bar and legacy namespaces (name the workloads as bar-sleep and legacy-sleep).
Service Mesh Visibility¶
- Click Home
- Select Dashboards -> Service Mesh
- Select the project and cluster from the dropdown menu
- Select foo, bar and legacy namespaces from the namespace dropdown menu
- You will see the dashboard populate with foo, bar and legacy namespaces with edges between them to represent traffic flows.
Important
Note that the legacy namespace and the sleep application running in that namespace are represented as unknown as we did not enable sidecar injection for legacy namespace
Using the Display option provided within the dashboard, enable Security via the dropdown.
The visualization now shows lock icons on the edges between foo and bar. This is because we enabled sidecars on these namespaces and Istio installs mTLS in permissive mode i.e., namespaces will use mutual TLS wherever possible but do not restrict non-encrypted communication.
Recap¶
Congratulations! At this point, you have successfully deployed the test application and are able to view Service Mesh flows for the application.