Anthos Service Mesh in GKE UI

Anthos Service Mesh is Google's service mesh offering, based on open source Istio. The Anthos Service Mesh feature in the GKE UI allows users to easily create a GKE cluster with managed Anthos Service Mesh installed. With managed Anthos Service Mesh Google hosts and manages the control plane and, optionally, data plane for the mesh and handles its upgrades, scaling and security in a backward-compatible manner.

Anthos Service Mesh provides a uniform way to connect, manage, and secure microservices. It supports managing traffic flows between services, enforcing access policies, and aggregating telemetry data, all without requiring changes to the microservice code. Anthos Service Mesh also provides a set of management capabilities to simplify lifecycle management of the mesh.

You configure Istio access control, routing rules, and other features by using a custom Kubernetes API, either via kubectl or the Istio command-line tool istioctl, which provides extra validation.

For more information, see Anthos Service Mesh.

Before you begin

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Make sure that billing is enabled for your Google Cloud project.

  4. Enable the Kubernetes Engine API.

    Enable the API

    5.

  5. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  6. Make sure that billing is enabled for your Google Cloud project.

  7. Enable the Kubernetes Engine API.

    Enable the API

    8.

Create a GKE cluster with Anthos Service Mesh

  1. Go to the Google Kubernetes Engine page in the Google Cloud console.

    Go to Google Kubernetes Engine

  2. Click Create.

  3. Next to GKE Standard, click Configure.

In the Cluster basics section, complete the following:

  1. Enter the Name for your cluster.

  2. For the Location type, select Regional, and then select the desired region for your cluster.

  3. From the navigation pane, under Cluster, click Features.

  4. In the Service mesh section, check the box next to Enable Anthos Service Mesh.

    After you check the box, a screen detailing the requirements appears. The requirements include:

    • A mesh_id label (formatted as mesh_id: proj-669040206528) is added to the cluster to identify the mesh it is part of.

    • Cloud Monitoring is enabled on the cluster.

      • Anthos Service Mesh uses Cloud Monitoring to provide automatic telemetry and logs.

    • Workload Identity is enabled on the cluster.

      • Anthos Service Mesh uses Workload Identity to provide secure access to required Google APIs and resources.

    • In order to secure, monitor, and manage the service mesh, the mesh.googleapis.com API is enabled (if it hasn't been already).

    • The Cluster is registered to the project's Fleet, and the Anthos Service Mesh Fleet feature is enabled.

    • The managed control plane is enabled and set up to use a revision that matches the GKE channel installed on the cluster.

  5. Click Make changes to automatically enable the requirements.

  6. Click Create.

Next steps

Enabling Anthos Service Mesh on your new cluster is only the first step. To fully take advantage of service mesh functionality, complete the following tasks:

  1. (Required) Inject sidecar proxies to enhance network security, reliability and observability.

  2. (Highly recommended) Deploy gateways to manage ingress and egress traffic.

  3. (Highly recommended) Configuring transport security to secure your mesh.

  4. (Optional) Enable Managed Date Plane to automatically upgrade the proxies.