Skip to main content

Exposing Shift to the Network

Exposing Shift to the Network via Istio ServiceMesh

Infrastructure requirements

  • Domain ownership, Certificates/SAN for TLS-Endpoints

Integrating KOBIL Shift deployment to the ServiceMesh / network-services

Istio-Operator configuration

Once KOBIL Shift is deployed the Shift deployment with all its services is running and it is required to "expose" the Gateways by used Service Mesh. For this make use of the IstioOperator CRD to complete KOBIL Shift services to ServiceMesh integration.

Exposing KOBIL Shift services with ISTIO Service Mesh

Once the KOBIL Shift is deployed this covers created CRDs for Virtualservices, Destinationrules and Gateway(s). These objects are then honored by the Istio Service Mesh services to expose the KOBIL services for external access. For this you have to apply CRD "istiooperator" to the Istio Service Mesh services. The used CRD for this is "istiooperators.install.istio.io". In case of using RedHat OpenShift specific ServiceMesh (instead of community Istio) find more info here: Using RedHat ServiceMesh instead of community Istio

Sample CRD "istiooperator"

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  name: {{ .Values.envSlug }} ## set here your IstioOperator object name i.e. crd-istiooperator-shift4
  namespace: istio-system     ## verify this NS is present - istio-default NS
spec:   
  components:  
    ingressGateways:   
    - enabled: true           ## create the IstioGateway
      k8s:    
        service:
          type: ClusterIP     ## use svc access options ClusterIP
      label:
        istio: {{ .Values.envSlug }}  ## referencing to istio GW name - i.e. istiooperator-shift4
      name: {{ .Values.envSlug }}     ## unique gw-name for Istio-managed resources i.e. istiooperator-shift4
      namespace: {{ .Release.Namespace }} ## specify the KOBIL Shift target NameSpace here 
  profile: empty

Details before applying the CRD istiooperator

During the KOBIL Shift deployment the Gateway(s) are created per configuration in KOBIL Shift metaconfiguration file "values.yaml" - from section: global.routing.istio.gateways

The default is to create a "admin" Gateway only. Find more info in the KOBIL Shift Configuration Guide.

kubectl get gateway -n <kobil-shift-namespace>

Create and apply CRD "istiooperator"

Download the Shift sample CRD "istiooperator" and edit as appropriate and apply.

kubectl apply -f istiooperator.yaml -n <istio-system-namespace>

Verify the Istio Gateway configuration

kubectl get gateways -n <kobil-shift-namespace>  ## find established Gateways
kubectl get services -n <kobil-shift-namespace>  ## find established services - here find the Gateway Service