Ingress with fsm - flomesh-io/osm GitHub Wiki

Prerequisites

  • Kubernetes 1.19+
  • kind

Install kind

Please refer to kind's documentation to install kind first.

Create a Kubernetes Cluster by kind

cat <<EOF | kind create cluster --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
name: ingress-pipy
nodes:
- role: control-plane
  image: kindest/node:v1.21.10
  kubeadmConfigPatches:
  - |
    kind: InitConfiguration
    nodeRegistration:
      kubeletExtraArgs:
        node-labels: "ingress-ready=true"
  extraPortMappings:
  - containerPort: 80
    hostPort: 80
    protocol: TCP
  - containerPort: 443
    hostPort: 443
    protocol: TCP
EOF

You'll see the output like this:

Creating cluster "ingress-pipy" ...
 βœ“ Ensuring node image (kindest/node:v1.21.10) πŸ–Ό
 βœ“ Preparing nodes πŸ“¦
 βœ“ Writing configuration πŸ“œ
 βœ“ Starting control-plane πŸ•ΉοΈ
 βœ“ Installing CNI πŸ”Œ
 βœ“ Installing StorageClass πŸ’Ύ
Set kubectl context to "kind-ingress-pipy"
You can now use your cluster with:

kubectl cluster-info --context kind-ingress-pipy

Have a nice day! πŸ‘‹

Install OSM CLI

Please refer to Download and install the OSM command-line tool.

Install OSM to kubernetes cluster

export osm_namespace=osm-system 
export osm_mesh_name=osm 

osm install --mesh-name "$osm_mesh_name" --osm-namespace "$osm_namespace"

You'll see the output like this:

OSM installed successfully in namespace [osm-system] with mesh name [osm]

Install FSM

Helm must be installed to use the charts. Please refer to Helm's documentation to get started.

Once Helm is set up properly, add the repo as follows:

helm repo add fsm https://flomesh-io.github.io/fsm

Then you're good to install FSM:

helm install fsm fsm/fsm --namespace flomesh --create-namespace

The output is like below:

❯ helm install fsm fsm/fsm --namespace flomesh --create-namespace
NAME: fsm
LAST DEPLOYED: Fri May 20 13:49:11 2022
NAMESPACE: flomesh
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Congratulations! The fsm control plane has been installed in your Kubernetes cluster!

Waiting for the ingress-pipy-controller is up and running:

kubectl wait --namespace flomesh \
  --for=condition=ready pod \
  --selector=app.kubernetes.io/instance=ingress-pipy \
  --timeout=600s

After it's up, you'll see:

❯ kubectl wait --namespace flomesh \
  --for=condition=ready pod \
  --selector=app.kubernetes.io/instance=ingress-pipy \
  --timeout=600s
pod/ingress-pipy-84db669d4d-c96nc condition met

Apply kind specific patches to forward the hostPorts to the ingress controller, and schedule it to the custom labeled node.

kubectl patch deployment -n flomesh ingress-pipy -p \
'{
  "spec": {
    "template": {
      "spec": {
        "containers": [
          {
            "name": "ingress",
            "ports": [
              {
                "containerPort": 8000,
                "hostPort": 80,
                "name": "ingress",
                "protocol": "TCP"
              }
            ]
          }
        ],
        "nodeSelector": {
          "ingress-ready": "true"
        }
      }
    }
  }
}'

Apply kind specific patch to change service type to NodePort:

kubectl patch service -n flomesh ingress-pipy-controller -p '{"spec":{"type":"NodePort"}}'

Export env and add the ingress-pipy namespace to osm:

export pipy_ingress_namespace=flomesh
export pipy_ingress_service=ingress-pipy-controller
export pipy_ingress_host="127.0.0.1"
export pipy_ingress_port="$(kubectl -n "$pipy_ingress_namespace" get service "$pipy_ingress_service" -o jsonpath='{.spec.ports[?(@.name=="http")].port}')"

osm namespace add "$pipy_ingress_namespace" --mesh-name "$osm_mesh_name" --disable-sidecar-injection

You'll see:

osm namespace add "$pipy_ingress_namespace" --mesh-name "$osm_mesh_name" --disable-sidecar-injection
Namespace [flomesh] successfully added to mesh [osm]

Create Demo Service

❯ kubectl create ns pipy-echo
namespace/pipy-echo created

❯ osm namespace add pipy-echo
Namespace [pipy-echo] successfully added to mesh [osm]

❯ kubectl -n pipy-echo create deployment pipy-echo --image=flomesh/pipy:0.30.0-158-echo --port=8080
deployment.apps/pipy-echo created

❯ kubectl -n pipy-echo create service clusterip pipy-echo --tcp=8080:8080
service/pipy-echo created

HTTP Ingress

Next, we will create the Ingress and IngressBackend configurations necessary to allow external clients to access the pipy-echo service on port 8080 in the pipy-echo namespace. The connection from the ingress-pipy service to the pipy-echo backend pod will be unencrypted since we aren’t using TLS.

kubectl apply -f - <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: pipy-echo
  namespace: pipy-echo
spec:
  ingressClassName: pipy
  rules:
  - http:
      paths:
      - path: /echo
        pathType: Prefix
        backend:
          service:
            name: pipy-echo
            port:
              number: 8080
---
kind: IngressBackend
apiVersion: policy.openservicemesh.io/v1alpha1
metadata:
  name: pipy-echo
  namespace: pipy-echo
spec:
  backends:
  - name: pipy-echo
    port:
      number: 8080 
      protocol: http
  sources:
  - kind: Service
    namespace: "$pipy_ingress_namespace"
    name: "$pipy_ingress_service"
EOF

Now, we expect external clients to be able to access the pipy-echo service for HTTP requests:

❯ curl -i "http://$pipy_ingress_host:$pipy_ingress_port/echo"
HTTP/1.1 200 OK
x-envoy-upstream-service-time: 0
date: Fri, 20 May 2022 05:57:04 GMT
server: envoy
content-length: 11
connection: keep-alive

Hi, there!