►
From YouTube: Istio 1.7 improved VM support part 2
Description
A service mesh is only as valuable as the number of workloads it manages! In this video we see how to extend the service mesh to include VM based workloads and how Istio 1.7 brings new capabilities for bootstrapping identity and making the VM services a first-class citizen in the service mesh.
A
A
First
thing:
we're
going
to
do
is
run
an
http
server
here,
simple
python,
little
http
server,
it's
going
to
serve
a
very
simple
response
if
we
happen
to
call
it
so,
let's
what
is
the
command
here?
A
A
So
that's
what
we're
going
to
do
here,
we're
going
to
for
we're
going
to
first
of
all,
take
a
look
at
the
workload
entry
we're
going
to
script
this
so
that
we're
pointing
to
the
vm
ip
address,
but
before
we
do
that,
we're
going
to
create
a
kubernetes
service.
Now
we're
going
to
do
it
as
a
service
just
to
show
that
you
can
attach
workload
entries
directly
to
a
kubernetes
service
so
that
inside
of
kubernetes
inside
of
the
service
mesh,
you
know
the
services,
the
workloads
in
the
mesh
running
in
kubernetes.
A
They
think
they're
just
talking
to
a
kubernetes
service
and
that
could
be
backed
by
pods
that
could
also
be
backed
by
vms.
Alternatively,
we
could
create
this
as
a
service
entry
which,
in
the
istio
terms,
is,
is
really
a
cluster
that
lives
outside
of
the
mesh,
but
we're
able
to
do
either
one.
So,
let's
take
a
look
at
doing
this
as
a
service,
so
we'll
create
the
cloud
vm
service
right
and
just
to
kind
of
give
you
an
idea
of
what's
happening
under
the
covers.
A
If
we
come
to
the
sleep
pod,
let's
do
a
port
forward
here,
let's
go
to
firefox
and
if
we
go
for
the
15
clusters,
if
we
do
a
search
for
what
is
it
cloud
vm,
we
see
our
cloud
vm
cluster
is
in
here
because
we
created
the
kubernetes
service,
but
it
doesn't
show
any
ips.
It
doesn't
show
any
any
hosts
in
the
eds
entries
so
for
that
what
we
need
to
do
is
create
the
workload
entry.
So,
let's
create
the
workload
entry.
A
And
the
vm
services-
let's
look
at
it
in
yaml,
and
we
see
that
it
is.
You
know
we
signed
the
the
ip
address.
We
give
it
some
labels
so
that
it'll
match
either
a
service
entry
or
a
kubernetes
service.
A
And
now,
if
we
come
back
to
here
and
refresh,
we
should
see
that
in
the
eds
and
we
do
all
right.
So
we
have
our
cluster,
so
we
should
be
able
to
route
to
this
from
within
the
service
mesh
right.
So
we
ran
our
we're
running
our
little
python
service.
Here
from
here
we
saw
that
we
can
call
it
from
outside
of
the
mesh.
This
is
just
my
local
map.
A
A
Let's
see,
we
call
it
and
we
and
it
works
right,
so
you
might
be
saying:
well,
you
called
it
from
your
your
own
machine
and
it
worked.
So
why
would
it
be
any
different
from
the
service
mesh?
Well,
in
this
case,
we
are
using
the
the
names
known
by
the
surface
mesh
and
in
fact
this
in
fact,
this
this
case
known
by
kubernetes.
A
What
happens
if
we
change
the
mutual
tls
policy
to
be
strict
right?
Another
thing
is
either
plain.
I
think
it's
permissive,
let's
find
strict
right
we're
going
to
apply
this
policies
pure
authentication
policy
to
strict,
which
means
now
everything
will
be
using
mutual
tls.
A
So
if
I
try
to
call
this
from
my
desktop,
it
shouldn't
work,
because
I'm
connecting
with
a
plain
text,
client
to
a
service
on
the
vm
that
has
the
sdo
sidecar
proxy
there,
an
sdsi
card
proxy,
is
going
to
assume
and
expect
mutual
tlf.
So
if
I
try
to
call
it
that
won't
work
right,
but
then
from
the
service
mesh
since
we're
originating
from
the
mesh
and
we're
you
know
this,
the
client
here
is
expecting
mutual
tls
as
well.
A
So
that's
istio
on
1.7,
so
1.7
docs,
like
I
said
in
the
previous
video,
it's
coming.
It's
almost
there
refresh
couple
times:
it's
almost
there,
but
the
workload
entries
as
well
as
some
of
the
new
capabilities
around
bootstrapping
the
identity
for
the
vm
coming
into
co
1.7.
These
are
all
very
welcomed.
A
So
thank
you
to
the
community
for
helping
to
you
know,
go
down
this
direction
and
for
the
maintainers
and
the
pro
you
know,
help
prioritize
and
get
this
work
done.
It's
starting
to
look
really
good,
so
I
definitely
recommend
going
to
check
out
istio
and
especially
a
c01.7
and
trying
out
this
this
capability
now
in
the
scripts
for
this
demo
and
always
get
questions
about
that.
I
think
that's
an
issue
demo
are
here
vm
demo.
So
all
of
the
things
that
I
that
I
used
and
showed
here
definitely
go.
A
You
know
feel
free
to
check
it
out
check
out
the
documentation
once
it
comes
out
and
then,
lastly,
if
you
want
to
reach
out
to
me,
I'm
christian
posta
again
on
on
twitter
reach
out
and
I'll
be
happy
to
answer
any
questions
or
go
to
the
istio
community
slack
or
to
slack.solo.io,
where,
where
I
hang
out
a
lot
and
where
at
solo,
we
work
on
these
open
source
service,
mesh
technologies
and
we
provide
commercial
support
for
seo.