SC03-TC03: Application Deployment to Kubernetes Cluster with Tanzu Service Mesh (TSM) - Deploying a Multi-Cluster ACME Fitness Application with a Global Namespace (GNS) Using TSM REST API
This scenario captures how to deploy an application to a Kubernetes Cluster with Tanzu Service Mesh
This scenario test case captures how to create a Tanzu Service Mesh Global Namespace (GNS) with the TSM REST API and then deploy a multi-cluster version of the ACME Fitness sample application across the GNS.
- VMware Cloud Portal Auth/Token Flow for API calls VMware Cloud Portal Auth/Token Flow for API calls
- Generating an API Token to Interact with VMware Cloud Service APIs Generating an API Token to Interact with VMware Cloud Service APIs
- Tanzu Service Mesh API Tanzu Service Mesh API
- Completion of TSM Console access SC01-TC01
- Completion of API Token Generation and Authentication to the CSP SC01-TC03
- For Two(2) Kubernetes Clusters
${KUBERNETES_CLUSTER1}and${KUBERNETES_CLUSTER2}completion of TSM Onboarding SC02-TC01 or SC02-TC02 or SC02-TC03 - Completion of ACME Fitness Application Deployment SC03-TC01
- Valid
kubeconfigfor both targeted Kubernetes Clusters${KUBERNETES_CLUSTER1}and${KUBERNETES_CLUSTER2}
This test procedure assumes that the full ACME Fitness Application along with the load generator was deployed to the Kubernetes Cluster ${KUBERNETES_CLUSTER1}.
-
To create a multi-cluster application deploy another catalog service to the second Kubernetes Cluster
${KUBERNETES_CLUSTER2}. Confirm you are connected the right Kubernetes cluster${KUBERNETES_CLUSTER2_CONTEXT}, if working from the supplied Management container you can run the following:kubectxExpected:
tkc-aws-1-admin@tkc-aws-1 tkc-aws-3-admin@tkc-aws-3 ${KUBERNETES_CLUSTER2_CONTEXT}NOTE: If needed to change to the
${KUBERNETES_CLUSTER2_CONTEXT}context running the following.kubectx ${KUBERNETES_CLUSTER2_CONTEXT}Otherwise, if not using the supplied Management Container, run the following:
kubectl config current-context
NOTE: If needed to change to the
${KUBERNETES_CLUSTER2_CONTEXT}context running the following.kubectl config set-context ${KUBERNETES_CLUSTER2_CONTEXT} -
Confirm your preferred namespace is set to
${KUBERNETES_CLUSTER2_NAMESPACE}(Usingdefaultas the namespace works fine.), if working from the supplied Management container you can run the following:kubensExpected:
... ${KUBERNETES_CLUSTER2_NAMESPACE} istio-system kapp-controller kube-node-lease kube-public ...NOTE: If needed to change to the
${KUBERNETES_CLUSTER2_NAMESPACE}namespace running the following.kubens ${KUBERNETES_CLUSTER2_NAMESPACE}Otherwise, if not using the supplied Management Container, run the following:
kubectl config view --minify --output 'jsonpath={..namespace}'; echo
NOTE: If needed to change to the
${KUBERNETES_CLUSTER2_NAMESPACE}namespace running the following.kubectl config set-context --current --namespace=${KUBERNETES_CLUSTER2_NAMESPACE} -
Deploy the catalog(east) Kubernetes manifests for the ACME Fitness Application.
kubectl apply -f scenarios/files/acme-fitness-app/app/acme-secrets.yaml kubectl apply -f scenarios/files/acme-fitness-app/app/acme-fitness-catalog-east.yamlExpected:
secret/redis-pass created secret/catalog-mongo-pass created secret/order-mongo-pass created secret/users-mongo-pass created ... configmap/catalog-initdb-config created service/catalog-mongo created deployment.apps/catalog-mongo created service/catalog created deployment.apps/catalog created
-
If needed renew your Authentication to the CSP SC01-TC03
export CSP_AUTH_TOKEN=$(curl -k -X POST "https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize" -H "accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -d "refresh_token=${CSP_API_TOKEN}" | jq -r '.access_token') -
Create a Global Namespace (GNS) . Execute the following REST API call by using your given TSM POC server value for the
${TSM_SERVER_NAME}variable and theaccess_tokenobtained from the previous step as the value for the${CSP_AUTH_TOKEN}variable.curl -k -X POST "https://${TSM_SERVER_NAME}/tsm/v1alpha1/global-namespaces" -H "csp-auth-token:${CSP_AUTH_TOKEN}" -H "Content-Type: application/json" -d ' { "name": "'"${TSM_GLOBALNAMESPACE_NAME}"'", "display_name": "'"${TSM_GLOBALNAMESPACE_NAME}"'", "domain_name": "'"${TSM_GLOBALNAMESPACE_DOMAIN}"'", "mtls_enforced": true, "version": "1.0", "match_conditions":[{ "namespace":{ "type": "EXACT", "match": "'"${KUBERNETES_CLUSTER1_NAMESPACE}"'" }, "cluster":{ "type": "EXACT", "match": "'"${KUBERNETES_CLUSTER1}"'" } },{ "namespace":{ "type": "EXACT", "match": "'"${KUBERNETES_CLUSTER2_NAMESPACE}"'" }, "cluster":{ "type": "EXACT", "match": "'"${KUBERNETES_CLUSTER2}"'" } }] }'
Expected:
{ "name": "${TSM_GLOBALNAMESPACE_NAME}", "display_name": "${TSM_GLOBALNAMESPACE_NAME}", "domain_name": "${TSM_GLOBALNAMESPACE_DOMAIN}", "use_shared_gateway": false, "mtls_enforced": true, "ca_type": "", "ca": "", "description": "", "color": "", "version": "1.0", "match_conditions": [{ "namespace": { "match": "${KUBERNETES_CLUSTER1_NAMESPACE}", "type": "EXACT" }, "cluster": { "match": "${KUBERNETES_CLUSTER1}", "type": "EXACT" } },{ "namespace": { "match": "${KUBERNETES_CLUSTER2_NAMESPACE}", "type": "EXACT" }, "cluster": { "match": "${KUBERNETES_CLUSTER2}", "type": "EXACT" } }], "api_discovery_enabled": true } -
Validate the GNS was created via the TSM console. Navigate to the
GNS Overviewtab on theHomepage and click on the GNS${TSM_GLOBALNAMESPACE_NAME}. On the GNS Overview page under theGNS Topologytab you should see both the Kubernetes Clusters and the ACME Fitness Appliction services. NOTE connection between the Kubernets Clusters will not show until we configure theshoppingdeployment in the following steps.Expected:
TSM Home - GNS Overview
TSM GNS Overview - GNS Topology for ACME Fitness Application
-
Now that the GNS has been successfully created we need to configure the ACME Fitness
shoppingdeployment to now point to thecatalogservice connected to the GNS domain and not the default localcatalogservice. To do this we must switch back ourkubectl contextback to the first cluster Kubernetes Cluster${KUBERNETES_CLUSTER1}. Confirm you are connected the right Kubernetes cluster${KUBERNETES_CLUSTER1_CONTEXT}, if working from the supplied Management container you can run the following:kubectxExpected:
tkc-aws-1-admin@tkc-aws-2 tkc-aws-3-admin@tkc-aws-3 ${KUBERNETES_CLUSTER1_CONTEXT}NOTE: If needed to change to the
${KUBERNETES_CLUSTER1_CONTEXT}context running the following.kubectx ${KUBERNETES_CLUSTER1_CONTEXT}Otherwise, if not using the supplied Management Container, run the following:
kubectl config current-context
NOTE: If needed to change to the
${KUBERNETES_CLUSTER1_CONTEXT}context running the following.kubectl config set-context ${KUBERNETES_CLUSTER1_CONTEXT} -
Confirm your preferred namespace is set to
${KUBERNETES_CLUSTER1_NAMESPACE}(Usingdefaultas the namespace works fine.), if working from the supplied Management container you can run the following:kubensExpected:
... ${KUBERNETES_CLUSTER1_NAMESPACE} istio-system kapp-controller kube-node-lease kube-public ...NOTE: If needed to change to the
${KUBERNETES_CLUSTER1_NAMESPACE}namespace running the following.kubens ${KUBERNETES_CLUSTER1_NAMESPACE}Otherwise, if not using the supplied Management Container, run the following:
kubectl config view --minify --output 'jsonpath={..namespace}'; echo
NOTE: If needed to change to the
${KUBERNETES_CLUSTER1_NAMESPACE}namespace running the following.kubectl config set-context --current --namespace=${KUBERNETES_CLUSTER1_NAMESPACE} -
Edit the shopping deployment to use the GNS
catalogservice instead of the local service.kubectl edit deploy/shoppingChange the
catalogservice configuration from the local reference to the GNS reference.... spec: containers: - env: - name: FRONTEND_PORT value: "3000" - name: USERS_HOST value: users - name: CATALOG_HOST value: catalog # <--------------------- change this service to include the gns domain - name: ORDER_HOST value: order ...Changing the
catalogservice to the GNS reference should look like the example below:... spec: containers: - env: - name: FRONTEND_PORT value: "3000" - name: USERS_HOST value: users - name: CATALOG_HOST value: catalog.${TSM_GLOBALNAMESPACE_DOMAIN} - name: ORDER_HOST value: order ...Expected:
deployment.apps/shopping edited
-
Validate that traffic is flowing between the ACME Fitness Application across the two(2) Kubernetes Clusters (
${KUBERNETES_CLUSTER1},${KUBERNETES_CLUSTER2}) over the GNS. Navigate to theGNS Overviewtab on theHomepage and click on the GNS${TSM_GLOBALNAMESPACE_NAME}. On the GNS Overview page under theGNS Topologytab you should see both the Kubernetes Clusters and the ACME Fitness Appliction services.
TSM GNS Overview - GNS Topology for ACME Fitness Application
-
Optional: To evenly split the catalog items between East/West images you will need to create a traffic policy. The
$CATALOG_POLICY_NAMEvariable can be set to any name you wish to assign to the new traffic policy. Once applied it will take about a minute to be able to validate via browser that the ACME Fitness Application is showing both the East and West catalog images (You may need clear/disable caching to see images rotate).curl -k -X PUT "https://${TSM_SERVER_NAME}/tsm/v1alpha2/project/default/global-namespaces/${TSM_GLOBALNAMESPACE_NAME}/traffic-routing-policies/${CATALOG_POLICY_NAME}" -H "csp-auth-token:${CSP_AUTH_TOKEN}" -H "Content-Type: application/json" -d ' { "description": "weighted policy to send 100% of traffic to the east catalog images", "service": "catalog", "traffic_policy": { "http": [{ "targets": [{ "service_version": "v1-west", "weight": 50 },{ "service_version": "v1-east", "weight": 50 }] }] } }' | jq .
Expected:
{ "service":"catalog", "traffic_policy":{ "http":[{ "targets":[{ "service_version":"v1-west", "weight":50 },{ "service_version":"v1-east", "weight":50 }] }] }, "id":"catalog-traffic-policy-west" }
ACME Fitness Application over GNS (East/West Images)
- [ ] Pass
- [ ] Fail
Return to Test Cases Inventory