Deploying Service Mesh (Beta)

Page last updated:

Warning: Pivotal Cloud Foundry (PCF) v2.5 is no longer supported because it has reached the End of General Support (EOGS) phase as defined by the Support Lifecycle Policy. To stay up to date with the latest software and security updates, upgrade to a supported version.

This topic describes how to deploy service mesh for Pivotal Application Service (PAS).

For more information about service mesh, see Service Mesh (Beta).

Enable in PAS

To deploy service mesh, configure PAS as follows:

  1. Navigate to the Networking - Service Mesh pane of the PAS tile. Service Mesh

  2. Under Service Mesh (Beta), select Enable.

  3. For IP Addresses for Ingress Router, do the following depending on your IaaS:

    • vSphere: Enter static IPs for the Istio Routers. You must configure your load balancer with these IPs as well.
    • Other: Leave this field blank.
  4. For External Domain, enter the domain for Istio routers, the default domain is

  5. For Ingress Router TLS Keypairs, complete the following fields. You can add more than one keypair if desired using the Add button.

    • Name: Enter a name for the keypair.
    • Certificate and Private Key for Istio Router: Enter the Private key and certificate for TLS handshakes with clients. These must be in PEM block format.
  6. Click Save.

Create a Load Balancer

To configure a load balancer for service mesh, do the following. The exact procedure varies by IaaS.

  1. Create a load balancer with the following:

    • A static IP
    • Health check port 8002 and path /healthcheck
    • Firewall rules to allow the following:
      • HTTP on port 80
      • HTTP on port 8002
      • TLS on port 443
  2. Navigate to your DNS provider and create a DNS name that resolves to the IP of the load balancer:

    • If you did not configure the External Domain field in the PAS tile, create the DNS name using the default value of *.mesh.YOUR-CF-APPS-DOMAIN.
    • If you configured the External Domain field in the PAS tile, create the DNS name using the value you configured.

Add Load Balancer to Resource Config

If your deployment is on an IaaS other than vSphere, do the following after you create your load balancer:

  1. Navigate to the Resource Config pane of the PAS tile.

  2. In the Load Balancer column of the istio-router row, enter the name of the load balancer you created.

  3. Click Apply Changes.