kubectl
access to the cluster/fibonacci/{n}
, that calculates the nth Fibonacci number. Note: All of the configuration necessary to launch the Fibonacci service into Kubernetes and Grey Matter is available at https://github.com/greymatter-io/deploy-a-service. Please clone this repository and follow along inside.spire-socket
and the environment variable SPIRE_PATH
. These are the additions that will need to be made to any deployment for a service you wish to add to the mesh with SPIFFE/SPIRE.greymatter
CLI."name": "*"
) that comes in on the port 10808 (the port with name proxy
-or value of Grey Matter Control environment variable GM_CONTROL_KUBERNETES_PORT_NAME
-in the sidecar container).domain_keys
to a specific domain. The listener and domain configurations determine where the sidecar should listen for incoming connections on and what kind of connections it should accept.secret
field. This field is required for service-to-service communication in a SPIFFE/SPIRE setup. This secret tells the sidecar to fetch its SVID (with ID spiffe://quickstart.greymatter.io/fibonacci
) from Envoy and present it to incoming connections. It also will set a certificate validation context with match subject alternative names specifies to only accept incoming requests with SAN spiffe://quickstart.greymatter.io/edge
. See the SPIRE documentation for specifics. The listener secret
configuration will be important for the Edge to Fibonacci cluster.name
field must match the label on the deployment (in this case greymatter.io/control
) that Grey Matter Control is looking for in its environment variable GM_CONTROL_KUBERNETES_CLUSTER_LABEL
. It takes a list of domain_keys
and listener_keys
to link to the deployment with cluster label matching name
.instances
, and can set things like circuit breakers, health checks, and load balancing policies.8080
. Since the sidecar and Fibonacci containers are running in the same pod, they can communicate over localhost
.fibonacci-cluster
we just created.fibonacci-domain
to the fibonacci-local-rules
we just created. We know that the fibonacci-local-rules
object is used to link routes to the fibonacci-cluster
, thus with this route object applied, the Fibonacci sidecar will be configured to accept requests and route to the Fibonacci service.path
indicates that any request coming into the sidecar with path /
should be routed to the Fibonacci service. We will see in the next step when configuring edge routes that all requests from the Edge proxy to the Fibonacci service will come in at this path
.domain
(with domain key edge
), listener
, and proxy
much like the ones we just created for the Fibonacci service. The first step to configure the Edge to Fibonacci service is to create a cluster to tell it where to find the Fibonacci sidecar.instances
field is left as an empty array, whereas the fibonacci-local-cluster
instances were configured. This is because Grey Matter Control will discover the Fibonacci deployment and the instances array will be automatically populated from this service discovery: the instances will go up and down whenever the service scales or changes. To do this, (in the same way as described in creating the proxy object above) the name
field must match the cluster label on the deployment.secret
set on it, and require_tls
is true. This is because the edge proxy and the Fibonacci sidecar are running in different pods so they can't connect over localhost and must use their SPIFFE SVIDs for communication.secret
here mirrors the one set on the Fibonacci listener. As stated above, the cluster is in charge of the egress connection from a sidecar to whatever service is located at its instances
.secret
is telling the Edge proxy to fetch its SVID (with ID spiffe://quickstart.greymatter.io/edge) from Envoy SDS and present it on its outgoing connections. It will also only accept connections that present a certificate with SAN spiffe://quickstart.greymatter.io/fibonacci
. See the SPIRE documentation for specifics.secret
configuration on the Fibonacci listener, these are opposites. The request from this cluster will be accepted by the Fibonacci sidecar and vice versa.edge-to-fibonacci-cluster
we just created.fibonacci-domain
, these routes will be connected to the edge
domain, and will configure how the edge
sidecar sends requests meant for our fibonacci service.route_match
and prefix_rewrite
blocks send all traffic intended for /services/fibonacci/
(note the trailing /
) to our fibonacci service via the appropriate shared_rules created above. Then, in order to support a URL without the trailing slash, the redirects
block creates a permanent redirect from /services/fibonacci
to /services/fibonacci/
.https://{your-gm-ingress-url}:{your-gm-ingress-port}/services/fibonacci/
with response Alive
. To send a request for a specific Fibonacci number, https:///{your-gm-ingress-url}:{your-gm-ingress-port}/services/fibonacci/fibonacci/<number>
EXTERNAL-IP
and port (by default the port will be 10808).instances
, status
, protocols
, and authorized
.