Service Mesh (ASM) allows you to deploy the microservices of an application in multiple clusters in the same Virtual Private Cloud (VPC). This topic uses the Bookinfo application as an example to describe how to deploy an application in two clusters that share the same VPC and are added to the same ASM instance.
Prerequisites
Two Container Service for Kubernetes (ACK) clusters are created in the same VPC. For more information, see Create an ACK dedicated cluster. In this topic, the two clusters are m1c1 and m1c2.
An ASM instance is created. For more information, see Create an ASM instance. In this topic, the ASM instance is mesh1.
Step 1: Change the security group names for the two clusters
Change the security group names for the two clusters. Make sure that users can deduce the corresponding clusters from the new security group names. In this example, change the security group names to m1c1-sg and m1c2-sg.
- Log on to the ECS console.
- In the left-side navigation pane, choose .
- In the top navigation bar, select a region.
- On the Security Groups page, find the security group that you want to modify and click Modify in the Actions column.
- In the Modify Security Group dialog box, modify Security Group Name and Description.
- Click OK.
The following figure shows the new security group names.
Step 2: Set security group rules to allow mutual access between the two clusters
To enable the two clusters to access each other, you must set rules for accessing the security groups of the two clusters.
On the configuration page of the m1c1-sg group, create a rule to allow the access from m1c2-sg. For more information, see Add a security group rule.
On the configuration page of the m1c2-sg group, create a rule to allow the access from m1c1-sg.
Step 3: Add the two clusters to the ASM instance and deploy an ingress gateway
The two clusters can access each other. After you add the two clusters to the ASM instance, you only need to deploy an ingress gateway for one of the two clusters.
Add the two clusters to the ASM instance. For more information, see Add a cluster to an ASM instance.
Deploy an ingress gateway for the m1c1 cluster. For more information, see Create an ingress gateway service.
Step 4: Deploy the Bookinfo application
ASM allows you to deploy an application across clusters. You can deploy the microservices of the Bookinfo application in the two clusters.
Deploy the Bookinfo application excluding the v3 version of the reviews microservice in the m1c2 cluster. For more information, see Deploy an application in an ASM instance.
NoteThe v3 version of the reviews microservice displays ratings as red stars.
The following code shows the content of the YAML file:
################################################################################################## # Details service ################################################################################################## apiVersion: v1 kind: Service metadata: name: details labels: app: details service: details spec: ports: - port: 9080 name: http selector: app: details --- apiVersion: v1 kind: ServiceAccount metadata: name: bookinfo-details labels: account: details --- apiVersion: apps/v1 kind: Deployment metadata: name: details-v1 labels: app: details version: v1 spec: replicas: 1 selector: matchLabels: app: details version: v1 template: metadata: labels: app: details version: v1 spec: serviceAccountName: bookinfo-details containers: - name: details image: docker.io/istio/examples-bookinfo-details-v1:1.15.0 imagePullPolicy: IfNotPresent ports: - containerPort: 9080 --- ################################################################################################## # Ratings service ################################################################################################## apiVersion: v1 kind: Service metadata: name: ratings labels: app: ratings service: ratings spec: ports: - port: 9080 name: http selector: app: ratings --- apiVersion: v1 kind: ServiceAccount metadata: name: bookinfo-ratings labels: account: ratings --- apiVersion: apps/v1 kind: Deployment metadata: name: ratings-v1 labels: app: ratings version: v1 spec: replicas: 1 selector: matchLabels: app: ratings version: v1 template: metadata: labels: app: ratings version: v1 spec: serviceAccountName: bookinfo-ratings containers: - name: ratings image: docker.io/istio/examples-bookinfo-ratings-v1:1.15.0 imagePullPolicy: IfNotPresent ports: - containerPort: 9080 --- ################################################################################################## # Reviews service ################################################################################################## apiVersion: v1 kind: Service metadata: name: reviews labels: app: reviews service: reviews spec: ports: - port: 9080 name: http selector: app: reviews --- apiVersion: v1 kind: ServiceAccount metadata: name: bookinfo-reviews labels: account: reviews --- apiVersion: apps/v1 kind: Deployment metadata: name: reviews-v1 labels: app: reviews version: v1 spec: replicas: 1 selector: matchLabels: app: reviews version: v1 template: metadata: labels: app: reviews version: v1 spec: serviceAccountName: bookinfo-reviews containers: - name: reviews image: docker.io/istio/examples-bookinfo-reviews-v1:1.15.0 imagePullPolicy: IfNotPresent ports: - containerPort: 9080 --- apiVersion: apps/v1 kind: Deployment metadata: name: reviews-v2 labels: app: reviews version: v2 spec: replicas: 1 selector: matchLabels: app: reviews version: v2 template: metadata: labels: app: reviews version: v2 spec: serviceAccountName: bookinfo-reviews containers: - name: reviews image: docker.io/istio/examples-bookinfo-reviews-v2:1.15.0 imagePullPolicy: IfNotPresent ports: - containerPort: 9080 # --- # apiVersion: apps/v1 # kind: Deployment # metadata: # name: reviews-v3 # labels: # app: reviews # version: v3 # spec: # replicas: 1 # selector: # matchLabels: # app: reviews # version: v3 # template: # metadata: # labels: # app: reviews # version: v3 # spec: # serviceAccountName: bookinfo-reviews # containers: # - name: reviews # image: docker.io/istio/examples-bookinfo-reviews-v3:1.15.0 # imagePullPolicy: IfNotPresent # ports: # - containerPort: 9080 --- ################################################################################################## # Productpage services ################################################################################################## apiVersion: v1 kind: Service metadata: name: productpage labels: app: productpage service: productpage spec: ports: - port: 9080 name: http selector: app: productpage --- apiVersion: v1 kind: ServiceAccount metadata: name: bookinfo-productpage labels: account: productpage --- apiVersion: apps/v1 kind: Deployment metadata: name: productpage-v1 labels: app: productpage version: v1 spec: replicas: 1 selector: matchLabels: app: productpage version: v1 template: metadata: labels: app: productpage version: v1 spec: serviceAccountName: bookinfo-productpage containers: - name: productpage image: docker.io/istio/examples-bookinfo-productpage-v1:1.15.0 imagePullPolicy: IfNotPresent ports: - containerPort: 9080 ---Deploy the v3 version of the reviews microservice and the rating microservice on which the reviews microservice depends in the m1c1 cluster.
The following code shows the content of the YAML file:
################################################################################################## # Reviews service ################################################################################################## apiVersion: v1 kind: Service metadata: name: reviews labels: app: reviews service: reviews spec: ports: - port: 9080 name: http selector: app: reviews --- apiVersion: v1 kind: ServiceAccount metadata: name: bookinfo-reviews labels: account: reviews --- apiVersion: apps/v1 kind: Deployment metadata: name: reviews-v3 labels: app: reviews version: v3 spec: replicas: 1 selector: matchLabels: app: reviews version: v3 template: metadata: labels: app: reviews version: v3 spec: serviceAccountName: bookinfo-reviews containers: - name: reviews image: docker.io/istio/examples-bookinfo-reviews-v3:1.15.0 imagePullPolicy: IfNotPresent ports: - containerPort: 9080 --- ################################################################################################## # Ratings service ################################################################################################## apiVersion: v1 kind: Service metadata: name: ratings labels: app: ratings service: ratings spec: ports: - port: 9080 name: http selector: app: ratings
Step 5: Define a virtual service and an Istio gateway
In the namespace that is named default of the ASM instance, define a virtual service that is named bookinfo. For more information, see Use Istio resources to route traffic to different versions of a service.
The following code shows the content of the YAML file:
apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: bookinfo spec: hosts: - "*" gateways: - bookinfo-gateway http: - match: - uri: exact: /productpage - uri: prefix: /static - uri: exact: /login - uri: exact: /logout - uri: prefix: /api/v1/products route: - destination: host: productpage port: number: 9080In the namespace that is named default of the ASM instance, define an Istio gateway that is named bookinfo-gateway. For more information, see Use Istio resources to route traffic to different versions of a service.
The following code shows the content of the YAML file:
apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: bookinfo-gateway spec: selector: istio: ingressgateway # use istio default controller servers: - port: number: 80 name: http protocol: HTTP hosts: - "*"
You can refresh the product page to view the effect of the three versions of the reviews microservice in turn. The v3 version of the reviews microservice can take effect normally though it does not reside in the same cluster as other microservices.
Step 6: Make the v3 version of the reviews microservice take effect all the time (Optional)
You can define a destination rule and a virtual service to set a policy for deploying the microservices of the Bookinfo application. The following example specifies that the v3 version of the reviews microservice always takes effect.
In the namespace that is named default of the ASM instance, define a destination rule that is named reviews.
The following code shows the content of the YAML file:
apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: reviews spec: host: reviews subsets: - name: v1 labels: version: v1 - name: v2 labels: version: v2 - name: v3 labels: version: v3In the namespace that is named default of the ASM instance, define a virtual service that is named reviews.
The following code shows the content of the YAML file:
apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: reviews spec: hosts: - reviews http: - route: - destination: host: reviews subset: v3
When you access the product page, the v3 version of the reviews microservice takes effect all the time. In this case, ratings are displayed as red stars.