Integrating Virtual Machines into the mesh

Istio service mesh primarily provides its features to Kubernetes-based resources. However, in some cases it makes sense to integrate bare metal machines or virtual machines into the mesh:

• Temporary integration: To migrate the non-k8s native workloads into the mesh, providing temporary access to the machine’s network resources until the migration is done.
• Long-term integration: Sometimes is impractical to migrate the given workload into Kubernetes due to its size (for example, when huge, bare metal machines are required) or when the workload is stateful and it is hard to support it on Kubernetes.

Service Mesh Manager provides support for both use-cases building on top of Istio’s support for Virtual Machines.

For an overview of how Service Mesh Manager implements VM Integration based on Istio’s framework, see Istio resources.

Architecture

Service Mesh Manager takes an automation-friendly approach to managing the virtual machines by providing an agent that runs on the machine. This component enables Service Mesh Manager to provide the same observability features for virtual machines as for native Kubernetes workloads, such as Topology view, Service/Workload overview, integrated tracing, or traffic tapping.

The agent continuously maintains the configuration of the machine so that any change in the upstream cluster is reflected in its configuration. This behavior ensures that if the meshexpansion-gateways IP addresses change, the machine retains the connectivity to the mesh.

In case the machine is available for an extended period of time, Istio must to be upgraded on the machines. The upgrade flow is aligned with the Canary control plane upgrades that Service Mesh Manager uses for the Istio control plane upgrade: the agent ensures that the host has the latest version of Istio installed and provides a validation warning in case the istio process needs to be restarted.

When the virtual machine is part of the mesh, it is like to a Kubernetes pod. It belongs to a specific namespace, and cannot communicate with other namespaces. The name of the pod is the hostname of the virtual machine.

Ease of use

After a virtual machine has been integrated into the mesh, Service Mesh Manager automatically updates the configuration of the virtual machine to ensure that it remains a part of the mesh and receives every configuration updates it needs to operate in teh mesh. In addition, the observability features available for Kubernetes pods are available for the virtual machines as well, for example:

• Virtual machine workloads and their health information are shown on the MENU > TOPOLOGY and MENU > WORKLOADS dashboard pages.
• On both pages, you can drill down to get detailed information and monitoring data about the virtual machine.
• Troubleshooting features like tracing and traffic tapping work for virtual machines as well.

Getting started

To try out VM integration, we highly recommend using the VM integration quickstart guide.

For more details on Service Mesh Manager’s capabilities for handling machines, see Istio resources.

For detailed examples for more complex use-cases such as migrating an existing workload into the mesh, see the Use-cases section.