forked from pivotal-cf/docs-ops-guide
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdeploying-service-mesh.html.md.erb
51 lines (33 loc) · 2.07 KB
/
deploying-service-mesh.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
---
title: Deploying Service Mesh (Beta)
owner: CF Networking Service Mesh
---
This topic describes how to deploy service mesh for Pivotal Application Service (PAS).
For more information about service mesh, see [Service Mesh (Beta)](../adminguide/service-mesh.html).
## <a id="configuring-pas"></a> Enable in PAS
To deploy service mesh, configure PAS as follows:
1. Navigate to the **Networking - Service Mesh** pane of the PAS tile.
1. Under **Service Mesh (Beta)**, select **Enable**.
1. For **IP Addresses for Ingress Router**, do the following depending on your IaaS:
* **vSphere**: Enter static IPs for the Istio Routers. You must configure your load balancer with these IPs as well.
* **Other**: Leave this field blank.
1. For **Ingress Router TLS Keypairs**, complete the following fields. You can add more than one keypair if desired using the **Add** button.
* **Name**: Enter a name for the keypair.
* **Certificate and Private Key for Istio Router**: Enter the Private key and certificate for TLS handshakes with clients. These must be in PEM block format.
1. Click **Save**.
## <a id="create-load-balancer"></a> Create a Load Balancer
To configure a load balancer for service mesh, do the following. The exact procedure varies by IaaS.
1. Create a load balancer with the following:
* A static IP
* Health check port `8002` and path `/healthcheck`
* Firewall rules to allow the following:
* HTTP on port `80`
* HTTP on port `8002`
* TLS on port `443`
1. Navigate to your DNS provider and create a DNS name, `*.mesh.YOUR-CF-APPS-DOMAIN`, that resolves to the IP of the load balancer. This is the default domain for service mesh and it is not configurable.
## <a id="resource-config"></a> Add Load Balancer to Resource Config
If your deployment is on an IaaS other than vSphere, do the following after you create your load balancer:
1. Navigate to the **Resource Config** pane of the PAS tile.
1. In the **Load Balancer** column of the **istio-router** row, enter the name of the load balancer you created.
1. Click **Apply Changes**.