This topic shows you how to install Cloud Service Mesh, which comes preinstalled with an Ingress Gateway. With Cloud Service Mesh, you can configure a Kubernetes Ingress resource for your Deployments if you need an Ingress controller. This topic provides an example that shows you how to configure a sample Deployment and Ingress resource.
The installation of Cloud Service Mesh consists of two main parts:
- Installing a specific version of the Cloud Service Mesh customer-managed control plane and Ingress Gateway.
- Labeling your namespaces with a revision label and redeploying your workloads to inject a sidecar proxy.
If you only need to use an Ingress object using an Ingress controller, you don't have to inject a sidecar proxy into your workload Pods. But if you want the security benefits that Cloud Service Mesh provides, and if you want to make use of the traffic routing capabilities, you need to inject the sidecar proxies.
Before you begin
Before you start using GKE on AWS, make sure you have performed the following tasks:
- Complete the Prerequisites.
- Install a management service.
- Create a user cluster.
- Register your cluster with Connect by following the steps in Connecting to your cluster with Cloud console.
- Configure your cluster to Use workload identity with Google Cloud.
If your user clusters have restricted outbound access to the internet, allow access to the following container repository domains:
docker.ioquay.io
From your
anthos-awsdirectory, useanthos-gketo switch context to your user cluster.cd anthos-aws env HTTPS_PROXY=http://localhost:8118 \ anthos-gke aws clusters get-credentials CLUSTER_NAME
Installing Anthos Service Mesh
Follow the steps in Install Cloud Service Mesh.
Creating an example Deployment
In this section, you install a sample application and create an Ingress endpoint for it.
Create a Deployment of
hello-appand a ClusterIP for the deployment. Copy the following YAML into a file namedhello-app.yaml.apiVersion: apps/v1 kind: Deployment metadata: labels: app: hello-app name: hello-app spec: selector: matchLabels: app: hello-app replicas: 3 template: metadata: labels: app: hello-app spec: containers: - name: hello image: "gcr.io/google-samples/hello-app:2.0" --- apiVersion: v1 kind: Service metadata: labels: app: hello-app name: hello-app spec: type: ClusterIP selector: app: hello-app ports: - protocol: TCP port: 8080 targetPort: 8080Apply the YAML to your cluster with
kubectl apply.env HTTPS_PROXY=http://localhost:8118 \ kubectl apply -f hello-app.yamlCreate a Kubernetes Ingress for the sample application. Copy the following YAML into a file named
hello-app-ingress.yamlapiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: annotations: kubernetes.io/ingress.class: istio labels: app: hello-app name: hello-app spec: rules: - host: http: paths: - backend: serviceName: hello-app servicePort: 8080Create the Ingress by applying the configuration with
kubectl apply.env HTTPS_PROXY=http://localhost:8118 \ kubectl apply -f hello-app-ingress.yamlCheck the status of your gateway with
kubectl get svc.env HTTPS_PROXY=http://localhost:8118 \ kubectl get ingress hello-appThe
ADDRESSfield should have an ELB domain name. If theADDRESSremainspending, confirm your VPC and Subnet labeling.You can check the Ingress gateway URL by composing the host and port. To get your gateway URL, perform the following commands:
export INGRESS_URL=$(env HTTPS_PROXY=http://localhost:8118 \ kubectl get ingress hello-app -o jsonpath='{.status.loadBalancer.ingress[0].hostname}') echo "Your hello-app Ingress URL is: http://"$INGRESS_URLThe last command prints the endpoint of your Ingress.
If you created a public Ingress, you can view the
hello-appdefault web page incurlby visitinghttp://$INGRESS_URL/.curl $INGRESS_URL/
Cleaning up
You remove the hello-app components with kubectl delete.
env HTTPS_PROXY=http://localhost:8118 \
kubectl delete -f hello-app.yaml &&\
kubectl delete -f hello-app-ingress.yaml
If you would like to remove Cloud Service Mesh, see Uninstalling Cloud Service Mesh.
What's next
Learn more about: