SC03-TC03: Application Deployment to Kubernetes Cluster with Tanzu Service Mesh (TSM) - Deploying a Multi-Cluster ACME Fitness Application with a Global Namespace (GNS) Using TSM REST API
This scenario captures how to deploy an application to a Kubernetes Cluster with Tanzu Service Mesh
This scenario test case captures how to create a Tanzu Service Mesh Global Namespace (GNS) with the TSM REST API and then deploy a multi-cluster version of the ACME Fitness sample application across the GNS.
- VMware Cloud Portal Auth/Token Flow for API calls VMware Cloud Portal Auth/Token Flow for API calls
- Generating an API Token to Interact with VMware Cloud Service APIs Generating an API Token to Interact with VMware Cloud Service APIs
- Tanzu Service Mesh API Tanzu Service Mesh API
- Completion of TSM Console access SC01-TC01
- Completion of API Token Generation and Authentication to the CSP SC01-TC03
- For Two(2) Kubernetes Clusters
${KUBERNETES_CLUSTER1}
and${KUBERNETES_CLUSTER2}
completion of TSM Onboarding SC02-TC01 or SC02-TC02 or SC02-TC03 - Completion of ACME Fitness Application Deployment SC03-TC01
- Valid
kubeconfig
for both targeted Kubernetes Clusters${KUBERNETES_CLUSTER1}
and${KUBERNETES_CLUSTER2}
This test procedure assumes that the full ACME Fitness Application along with the load generator was deployed to the Kubernetes Cluster ${KUBERNETES_CLUSTER1}
.
-
To create a multi-cluster application deploy another catalog service to the second Kubernetes Cluster
${KUBERNETES_CLUSTER2}
. Confirm you are connected the right Kubernetes cluster${KUBERNETES_CLUSTER2_CONTEXT}
, if working from the supplied Management container you can run the following:kubectx
Expected:
tkc-aws-1-admin@tkc-aws-1 tkc-aws-3-admin@tkc-aws-3 ${KUBERNETES_CLUSTER2_CONTEXT}
NOTE: If needed to change to the
${KUBERNETES_CLUSTER2_CONTEXT}
context running the following.kubectx ${KUBERNETES_CLUSTER2_CONTEXT}
Otherwise, if not using the supplied Management Container, run the following:
kubectl config current-context
NOTE: If needed to change to the
${KUBERNETES_CLUSTER2_CONTEXT}
context running the following.kubectl config set-context ${KUBERNETES_CLUSTER2_CONTEXT}
-
Confirm your preferred namespace is set to
${KUBERNETES_CLUSTER2_NAMESPACE}
(Usingdefault
as the namespace works fine.), if working from the supplied Management container you can run the following:kubens
Expected:
... ${KUBERNETES_CLUSTER2_NAMESPACE} istio-system kapp-controller kube-node-lease kube-public ...
NOTE: If needed to change to the
${KUBERNETES_CLUSTER2_NAMESPACE}
namespace running the following.kubens ${KUBERNETES_CLUSTER2_NAMESPACE}
Otherwise, if not using the supplied Management Container, run the following:
kubectl config view --minify --output 'jsonpath={..namespace}'; echo
NOTE: If needed to change to the
${KUBERNETES_CLUSTER2_NAMESPACE}
namespace running the following.kubectl config set-context --current --namespace=${KUBERNETES_CLUSTER2_NAMESPACE}
-
Deploy the catalog(east) Kubernetes manifests for the ACME Fitness Application.
kubectl apply -f scenarios/files/acme-fitness-app/app/acme-secrets.yaml kubectl apply -f scenarios/files/acme-fitness-app/app/acme-fitness-catalog-east.yaml
Expected:
secret/redis-pass created secret/catalog-mongo-pass created secret/order-mongo-pass created secret/users-mongo-pass created ... configmap/catalog-initdb-config created service/catalog-mongo created deployment.apps/catalog-mongo created service/catalog created deployment.apps/catalog created
-
If needed renew your Authentication to the CSP SC01-TC03
export CSP_AUTH_TOKEN=$(curl -k -X POST "https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize" -H "accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -d "refresh_token=${CSP_API_TOKEN}" | jq -r '.access_token')
-
Create a Global Namespace (GNS) . Execute the following REST API call by using your given TSM POC server value for the
${TSM_SERVER_NAME}
variable and theaccess_token
obtained from the previous step as the value for the${CSP_AUTH_TOKEN}
variable.curl -k -X POST "https://${TSM_SERVER_NAME}/tsm/v1alpha1/global-namespaces" -H "csp-auth-token:${CSP_AUTH_TOKEN}" -H "Content-Type: application/json" -d ' { "name": "'"${TSM_GLOBALNAMESPACE_NAME}"'", "display_name": "'"${TSM_GLOBALNAMESPACE_NAME}"'", "domain_name": "'"${TSM_GLOBALNAMESPACE_DOMAIN}"'", "mtls_enforced": true, "version": "1.0", "match_conditions":[{ "namespace":{ "type": "EXACT", "match": "'"${KUBERNETES_CLUSTER1_NAMESPACE}"'" }, "cluster":{ "type": "EXACT", "match": "'"${KUBERNETES_CLUSTER1}"'" } },{ "namespace":{ "type": "EXACT", "match": "'"${KUBERNETES_CLUSTER2_NAMESPACE}"'" }, "cluster":{ "type": "EXACT", "match": "'"${KUBERNETES_CLUSTER2}"'" } }] }'
Expected:
{ "name": "${TSM_GLOBALNAMESPACE_NAME}", "display_name": "${TSM_GLOBALNAMESPACE_NAME}", "domain_name": "${TSM_GLOBALNAMESPACE_DOMAIN}", "use_shared_gateway": false, "mtls_enforced": true, "ca_type": "", "ca": "", "description": "", "color": "", "version": "1.0", "match_conditions": [{ "namespace": { "match": "${KUBERNETES_CLUSTER1_NAMESPACE}", "type": "EXACT" }, "cluster": { "match": "${KUBERNETES_CLUSTER1}", "type": "EXACT" } },{ "namespace": { "match": "${KUBERNETES_CLUSTER2_NAMESPACE}", "type": "EXACT" }, "cluster": { "match": "${KUBERNETES_CLUSTER2}", "type": "EXACT" } }], "api_discovery_enabled": true }
-
Validate the GNS was created via the TSM console. Navigate to the
GNS Overview
tab on theHome
page and click on the GNS${TSM_GLOBALNAMESPACE_NAME}
. On the GNS Overview page under theGNS Topology
tab you should see both the Kubernetes Clusters and the ACME Fitness Appliction services. NOTE connection between the Kubernets Clusters will not show until we configure theshopping
deployment in the following steps.Expected:
TSM GNS Overview - GNS Topology for ACME Fitness Application
-
Now that the GNS has been successfully created we need to configure the ACME Fitness
shopping
deployment to now point to thecatalog
service connected to the GNS domain and not the default localcatalog
service. To do this we must switch back ourkubectl context
back to the first cluster Kubernetes Cluster${KUBERNETES_CLUSTER1}
. Confirm you are connected the right Kubernetes cluster${KUBERNETES_CLUSTER1_CONTEXT}
, if working from the supplied Management container you can run the following:kubectx
Expected:
tkc-aws-1-admin@tkc-aws-2 tkc-aws-3-admin@tkc-aws-3 ${KUBERNETES_CLUSTER1_CONTEXT}
NOTE: If needed to change to the
${KUBERNETES_CLUSTER1_CONTEXT}
context running the following.kubectx ${KUBERNETES_CLUSTER1_CONTEXT}
Otherwise, if not using the supplied Management Container, run the following:
kubectl config current-context
NOTE: If needed to change to the
${KUBERNETES_CLUSTER1_CONTEXT}
context running the following.kubectl config set-context ${KUBERNETES_CLUSTER1_CONTEXT}
-
Confirm your preferred namespace is set to
${KUBERNETES_CLUSTER1_NAMESPACE}
(Usingdefault
as the namespace works fine.), if working from the supplied Management container you can run the following:kubens
Expected:
... ${KUBERNETES_CLUSTER1_NAMESPACE} istio-system kapp-controller kube-node-lease kube-public ...
NOTE: If needed to change to the
${KUBERNETES_CLUSTER1_NAMESPACE}
namespace running the following.kubens ${KUBERNETES_CLUSTER1_NAMESPACE}
Otherwise, if not using the supplied Management Container, run the following:
kubectl config view --minify --output 'jsonpath={..namespace}'; echo
NOTE: If needed to change to the
${KUBERNETES_CLUSTER1_NAMESPACE}
namespace running the following.kubectl config set-context --current --namespace=${KUBERNETES_CLUSTER1_NAMESPACE}
-
Edit the shopping deployment to use the GNS
catalog
service instead of the local service.kubectl edit deploy/shopping
Change the
catalog
service configuration from the local reference to the GNS reference.... spec: containers: - env: - name: FRONTEND_PORT value: "3000" - name: USERS_HOST value: users - name: CATALOG_HOST value: catalog # <--------------------- change this service to include the gns domain - name: ORDER_HOST value: order ...
Changing the
catalog
service to the GNS reference should look like the example below:... spec: containers: - env: - name: FRONTEND_PORT value: "3000" - name: USERS_HOST value: users - name: CATALOG_HOST value: catalog.${TSM_GLOBALNAMESPACE_DOMAIN} - name: ORDER_HOST value: order ...
Expected:
deployment.apps/shopping edited
-
Validate that traffic is flowing between the ACME Fitness Application across the two(2) Kubernetes Clusters (
${KUBERNETES_CLUSTER1}
,${KUBERNETES_CLUSTER2}
) over the GNS. Navigate to theGNS Overview
tab on theHome
page and click on the GNS${TSM_GLOBALNAMESPACE_NAME}
. On the GNS Overview page under theGNS Topology
tab you should see both the Kubernetes Clusters and the ACME Fitness Appliction services.
TSM GNS Overview - GNS Topology for ACME Fitness Application
-
Optional: To evenly split the catalog items between East/West images you will need to create a traffic policy. The
$CATALOG_POLICY_NAME
variable can be set to any name you wish to assign to the new traffic policy. Once applied it will take about a minute to be able to validate via browser that the ACME Fitness Application is showing both the East and West catalog images (You may need clear/disable caching to see images rotate).curl -k -X PUT "https://${TSM_SERVER_NAME}/tsm/v1alpha2/project/default/global-namespaces/${TSM_GLOBALNAMESPACE_NAME}/traffic-routing-policies/${CATALOG_POLICY_NAME}" -H "csp-auth-token:${CSP_AUTH_TOKEN}" -H "Content-Type: application/json" -d ' { "description": "weighted policy to send 100% of traffic to the east catalog images", "service": "catalog", "traffic_policy": { "http": [{ "targets": [{ "service_version": "v1-west", "weight": 50 },{ "service_version": "v1-east", "weight": 50 }] }] } }' | jq .
Expected:
{ "service":"catalog", "traffic_policy":{ "http":[{ "targets":[{ "service_version":"v1-west", "weight":50 },{ "service_version":"v1-east", "weight":50 }] }] }, "id":"catalog-traffic-policy-west" }
- [ ] Pass
- [ ] Fail
Return to Test Cases Inventory