Connecting a virtual machine to a service mesh

OpenShift Virtualization is now integrated with OpenShift Service Mesh. You can monitor, visualize, and control traffic between pods that run virtual machine workloads on the default pod network with IPv4.

Adding a virtual machine to a service mesh

To add a virtual machine (VM) workload to a service mesh, enable automatic sidecar injection in the VM configuration file by setting the sidecar.istio.io/inject annotation to true. Then expose your VM as a service to view your application in the mesh.

Important

To avoid port conflicts, do not use ports used by the Istio sidecar proxy. These include ports 15000, 15001, 15006, 15008, 15020, 15021, and 15090.

Prerequisites

• You have installed the OpenShift CLI (oc).

• You have installed the Service Mesh Operator.

Procedure

1. Edit the VM configuration file to add the sidecar.istio.io/inject: "true" annotation.

   Example configuration file:

   apiVersion: kubevirt.io/v1
   kind: VirtualMachine
   metadata:
     labels:
       kubevirt.io/vm: vm-istio
     name: vm-istio
   spec:
     runStrategy: Always
     template:
       metadata:
         labels:
           kubevirt.io/vm: vm-istio
           app: vm-istio
         annotations:
           sidecar.istio.io/inject: "true"
       spec:
         domain:
           devices:
             interfaces:
             - name: default
               masquerade: {}
             disks:
             - disk:
                 bus: virtio
               name: containerdisk
             - disk:
                 bus: virtio
               name: cloudinitdisk
           resources:
             requests:
               memory: 1024M
         networks:
         - name: default
           pod: {}
         terminationGracePeriodSeconds: 180
         volumes:
         - containerDisk:
             image: registry:5000/kubevirt/fedora-cloud-container-disk-demo:devel
           name: containerdisk

   • spec.template.metadata.labels.app specifies the key/value pair (label) that must be matched to the service selector attribute.

   • spec.template.metadata.annotations.sidecar.istio.io/inject is the annotation to enable automatic sidecar injection.

   • spec.template.spec.domain.devices.interfaces.masquerade is the binding method (masquerade mode) for use with the default pod network.

2. Run the following command to apply the VM configuration:

   $ oc apply -f <vm_name>.yaml

   where:

   <vm_name>

   Specifies the name of the virtual machine YAML file.

3. Create a Service object to expose your VM to the service mesh:

   apiVersion: v1
   kind: Service
   metadata:
     name: vm-istio
   spec:
     selector:
       app: vm-istio
     ports:
       - port: 8080
         name: http
         protocol: TCP

   • spec.selector.app specifies the service selector that determines the set of pods targeted by a service. This attribute corresponds to the spec.metadata.labels field in the VM configuration file. In the above example, the Service object named vm-istio targets TCP port 8080 on any pod with the label app=vm-istio.

4. Run the following command to create the service:

   $ oc create -f <service_name>.yaml

   where:

   <service_name>

   Specifies the name of the service YAML file.

Additional resources

• Installing the Service Mesh Operator