A ASM Specific Configuration
To configure ASM, you have to:
- Add the following annotation under Global section of UDR
deployment.
# ******** Sub-Section Start: Custom Extension Global Parameters ******** #************************************************************************** global: customExtension: allResources: labels: {} annotations: sidecar.istio.io/inject: "false" lbServices: labels: {} annotations: {} lbDeployments: labels: {} annotations: sidecar.istio.io/inject: "true" oracle.com/cnc: "true" nonlbServices: labels: {} annotations: {} nonlbDeployments: labels: {} annotations: sidecar.istio.io/inject: "true" oracle.com/cnc: "true" # ******** Sub-Section End: Custiom Extensions Global Parameters ******** #************************************************************************** - Enable Service Mesh Flag under ingressgateway
section.
ingressgateway: global: # In case of ASPEN Service Mesh enabled, to support clear text traffic from outside of the cluster below flag needs to be true. istioIngressTlsSupport: ingressGateway: true # Mandatory: This flag needs to set it "true" is Service Mesh would be present where UDR will be deployed serviceMeshCheck: true - Change Ingress Gateway Service Type to ClusterIP under ingressgateway
section.
ingressgateway: global: # Service Type type: ClusterIP - Exclude actuator ports from Aspen Mesh to avoid traffic through side car.
These ports are used as actuator ports (used for readiness/liveness checks) for Ingress
Gateway and UDR microservices. The default actuator port (service.port.management) used
for UDR microservices is 9000 and Ingress/Egress Gateway is 9090
(ingressgateway.ports.actuatorPort). If there is no change in default ports, you can use
the annotation given
below.
nudr-nrf-client-service: deployment: customExtension: labels: {} annotations: traffic.sidecar.istio.io/excludeOutboundPorts: "9000,9090" - Create a destination rule and service entry to enable MYSQL connectivity
service to establish a connection between UDR/SLF and NDB cluster. This is outside ASM.
The sample templates are as follows:
Creating a Service for External MySQL instance
apiVersion: v1 kind: Endpoints metadata: name: mysql-connectivity-service-headless namespace: <ocudr-namespace> subsets: - addresses: - ip: <sql-node1-ip> - ip: <sql-node2-ip> ports: - port: 3306 protocol: TCP --- apiVersion: v1 kind: Service metadata: name: mysql-connectivity-service-headless namespace: <ocudr-namespace> spec: clusterIP: None ports: - port: 3306 protocol: TCP targetPort: 3306 sessionAffinity: None type: ClusterIP --- apiVersion: v1 kind: Service metadata: name: mysql-connectivity-service namespace: <ocudr-namespace> spec: externalName: mysql-connectivity-service-headless.<ocudr-namespace>.svc.cluster.local sessionAffinity: None type: ExternalNameCreation of Service Entry and DestinationRule for External DB instance
apiVersion: networking.istio.io/v1alpha3 kind: ServiceEntry metadata: name: mysql-external-se namespace: <ocudr-namespace> spec: hosts: - mysql-connectivity-service-headless.<ocudr-namespace>.svc.cluster.local ports: - number: 3306 name: mysql protocol: MySQL location: MESH_EXTERNAL --- apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: mysql-external-dr namespace: <ocudr-namespace> spec: host: mysql-connectivity-service-headless.<ocudr-namespace>.svc.cluster.local trafficPolicy: tls: mode: DISABLE