VM Service Registry
A custom TSB ServiceDefinition CRD must be created for each VM service
(workload) in the same namespace where tcc-gateway ingress gateway is
deployed, that routes traffic to VM workloads. Create one custom TSB
ServiceDefinition for each such VM service.
Setting up TSB ServiceDefinition CRD
Following example declares a VM service called details in the bookinfo
Kubernetes namespace. The service has no sidecars and requires a simple TLS
connection. Services in bookinfo namespace can now access the details service
as detailsvm.prod.internal.company.com. The VM service is expected to receive
traffic from the tcc-gateway ingress gateway.
Note that, this ingress gateway can be dedicated to VM workloads, or shared for routing across Kubernetes and virtual machines.
cat <<EOF | kubectl apply -f - <<
apiVersion: registry.tetrate.io/v1alpha1
kind: ServiceDefinition
metadata:
name: details
namespace: bookinfo
spec:
hostname: detailsvm.prod.internal.company.com
ports:
- number: 80
name: http
protocol: HTTP
- number: 443
name: https
protocol: HTTPS
sidecarsPresent: false
externalServiceTlsSettings:
tlsMode: SIMPLE
caCertificates: /path/to/ca/cert/to/verify/server/cert
endpointSource:
manual:
values:
- address: 1.1.1.1
- address: 2.2.2.2
EOF
| Field Name | Description |
|---|---|
hostname | Host string by which this service will be accessed. For instance, while choosing route destination. This is not a routable FQDN. |
ports[] | A list of ports/protocols associated with this service |
sidecarsPresent | Boolean, true or false. If true, it would entail more sidecar settings (see next section): sidecarSettings: usingIptablesCapture: false egressHttpProxyPort: 15080 Note: only usingIptablesCapture: false settings (i.e. no iptables) is supported today. |
externalServiceTlsSettings | TLS mode and certificates for this VM service. |
endpointSource | Source of endpoints. Only manual with values is supported today. Represents the service endpoints. |