Deploying Service Mesh (Beta)

Page last updated:

This topic describes how to deploy service mesh for Pivotal Application Service (PAS).

For more information about service mesh, see Service Mesh (Beta).

Enable in PAS

To deploy service mesh, configure PAS as follows:

  1. Select Networking - Service Mesh in the PAS tile.

  2. Under Service mesh (beta), select Enable.

  3. For IP addresses for Istio router, do the following depending on your IaaS:

    • vSphere: Enter static IPs for the Istio routers. You must configure your load balancer with these IPs as well.
    • Other: Leave this field blank.
  4. For External domain, enter the domain for Istio routers. The default domain is mesh.app-domain.com.

  5. For Istio router TLS keypairs, complete the following fields. You can add more than one keypair if desired using the Add button.

    • Name: Enter a name for the keypair.
    • Certificate and private key for Istio router: Enter the private key and certificate for TLS handshakes with clients. These must be in PEM block format.
  6. Click Save.

Create a Load Balancer

To configure a load balancer for service mesh, do the following. The exact procedure varies by IaaS.

  1. Create a load balancer with:

    • A static IP
    • Health check port 8002 and path /healthcheck
    • Firewall rules to allow the following:
      • HTTP on port 80
      • HTTP on port 8002
      • TLS on port 443
  2. Navigate to your DNS provider and create a DNS name that resolves to the IP of the load balancer:

    • If you did not configure the External Domain field in the PAS tile, create the DNS name using the default value of *.mesh.YOUR-CF-APPS-DOMAIN.
    • If you configured the External Domain field in the PAS tile, create the DNS name using the value you configured.

Add Load Balancer to Resource Config

If your deployment is on an IaaS other than vSphere, do the following after you create your load balancer:

  1. Select Resource Config in the PAS tile.

  2. In the Load Balancer column of the istio-router row, enter the name of the load balancer you created.

  3. Click Apply Changes.