...
Order of Service Mesh onboarding:
- DMaaP
- AAI
- SDC
- SO
- SDN-C
- Multicloud
...
What’s not (yet) on service mesh
Zookeeper
AAI
Components
"Databases"
Work Done
AAI has several components:
- babel
- data-router
- graphadmin
- modelloader
- resources
- schema service
- search data
- sparky be
- traversal
- haproxy
"Databases"
- cassandra
- elasticsearch
Work Done
Cassandra
We must force Cassandra to listen on 127.0.0.1 and to use POD IP for broadcast.
diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml
index 4be35708..57fad06a 100644
--- a/kubernetes/common/cassandra/templates/statefulset.yaml
+++ b/kubernetes/common/cassandra/templates/statefulset.yaml
@@ -115,6 +115,12 @@ spec:
value: {{ default "GossipingPropertyFileSnitch" .Values.config.endpoint_snitch | quote }}
- name: CASSANDRA_AUTHENTICATOR
value: {{ default "PasswordAuthenticator" .Values.config.authenticator | quote }}
+ - name: CASSANDRA_LISTEN_ADDRESS
+ value: "127.0.0.1"
+ - name: CASSANDRA_BROADCAST_ADDRESS
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
- name: POD_IP
valueFrom:
fieldRef:Elasticsearch
Nothing to do
AAI components
all AAI components are using spring boot.
They're using https per default.
Adding the following lines on application.properties allow to move back to http:
security.require-ssl=false
server.ssl.enabled=falsewe also need to use the different REST endpoint with http instead of https.
One example via many other: -schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/ +schema.service.base.url=http://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
On the global part, we need to remove aaf, aaf-profile and change client service schema to no-auth:
---
global:
aafEnabled: false
installSidecarSecurity: false
config:
profiles:
active: production,dmaap
schema:
service:
client: no-authHAProxy
"Main" entrance of AAI is actually an HAProxy. Instead of doing that, we could use a VirtualService from istio:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: {{ include "common.servicename" . }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
hosts:
- {{ include "common.servicename" . }}
http:
- name: "search-data"
match:
- uri:
regex: "^/aai/v[0-9]+/search/generic-query$"
- uri:
regex: "^/aai/v[0-9]+/search/nodes-query$"
- uri:
regex: "^/aai/v[0-9]+/query$"
- uri:
regex: "^/aai/v[0-9]+/dsl$"
- uri:
prefix: "/aai/search/named-query"
- uri:
prefix: "/aai/search/model"
route:
- destination:
host: aai-traversal
port:
number: 8846
- name: "resources"
route:
- destination:
host: aai-resources
port:
number: 8447What’s not (yet) on service mesh
EverythingNothing
SDC
Components
"Databases"
Work Done
...