Description: - Connect two TXP microservices belonging to stateless applications
In this scenario, Unlike HTTP, instead of the service URL, ports are exposed.
The services hosted behind Istio service mesh has the sidecar proxy installed with each pod of the service.
Diagram
eyJleHRTcnZJbnRlZ1R5cGUiOiIiLCJnQ2xpZW50SWQiOiIiLCJjcmVhdG9yTmFtZSI6IlByYW1vZCBSYWdoYXZlbmRyYSBKYXlhdGhpcnRoIiwib3V0cHV0VHlwZSI6ImJsb2NrIiwibGFzdE1vZGlmaWVyTmFtZSI6IlByYW1vZCBSYWdoYXZlbmRyYSBKYXlhdGhpcnRoIiwibGFuZ3VhZ2UiOiJlbiIsImRpYWdyYW1EaXNwbGF5TmFtZSI6IiIsInNGaWxlSWQiOiIiLCJhdHRJZCI6Ijc5MjAyODIyIiwiZGlhZ3JhbU5hbWUiOiJ1cy10by11cyBpbnRlbnQiLCJhc3BlY3QiOiIiLCJsaW5rcyI6ImF1dG8iLCJjZW9OYW1lIjoiU2NlbmFyaW8gMDcgLSBTdGF0ZWxlc3MgVENQIGFwcGxpY2F0aW9uIGNvbW11bmljYXRpb24gd2l0aCB3aXRoIFwiU0lNUExFXCIsIFwiSVNUSU9fTVVUVUFMXCIgYW5kIHdpdGhvdXQgVExTIiwidGJzdHlsZSI6InRvcCIsImNhbkNvbW1lbnQiOmZhbHNlLCJkaWFncmFtVXJsIjoiIiwiY3N2RmlsZVVybCI6IiIsImJvcmRlciI6dHJ1ZSwibWF4U2NhbGUiOiIxIiwib3duaW5nUGFnZUlkIjo3OTIwMjgyMSwiZWRpdGFibGUiOmZhbHNlLCJjZW9JZCI6NzkyMDI4MjEsInBhZ2VJZCI6IiIsImxib3giOnRydWUsInNlcnZlckNvbmZpZyI6eyJlbWFpbHByZXZpZXciOiIxIn0sIm9kcml2ZUlkIjoiIiwicmV2aXNpb24iOjMsIm1hY3JvSWQiOiJmOGQyYzIzMS1kOGZlLTQzMDAtOTEyNC03OTJmOWFiNDgxNzAiLCJwcmV2aWV3TmFtZSI6InVzLXRvLXVzIGludGVudC5wbmciLCJsaWNlbnNlU3RhdHVzIjoiT0siLCJzZXJ2aWNlIjoiIiwiaXNUZW1wbGF0ZSI6IiIsIndpZHRoIjoiMTEzNiIsInNpbXBsZVZpZXdlciI6ZmFsc2UsImxhc3RNb2RpZmllZCI6MTU4MTM2NDIzOTAwMCwiZXhjZWVkUGFnZVdpZHRoIjpmYWxzZSwib0NsaWVudElkIjoiIn0=
NOTE - For this scenario, the default mesh wide policy must be set to "PERMISSIVE" on both the clusters. It will not work if the default Mesh Policy is "STRICT"
Important Info - cert-chain.pem
is Envoy’s cert that needs to be presented to the other side. key.pem
is Envoy’s private key paired with Envoy’s cert in cert-chain.pem
. root-cert.pem
is the root cert to verify the peer’s cert. In this example, we only have one Citadel in a cluster, so all Envoys have the same root-cert.pem
.