Skip to main content

Service Mesh Onboard

Purple Sea Service Mesh platform provides a comprehensive solution for managing service-to-service communication within a microservices-based architecture. It provides reliability, security, and observability for applications and makes operations easier within organizations.

In Simple, Service mesh is an application hosted in K8’s like other application. It will group/isolate the applications for faster response.

Why we need this Isloation ?

We deploy our apps in the shared GDA clusters (not dedicated to SMDS), Many applications along with SMDS also deployed in same Clusters.

Each and every request ends with maersk-digital.net will use a Public ID to reach the particular Cluster. Hence the request response may vary.

For the Internal API communication, The outboud should again go out and come in to the Cluster with the Public IP. With help of Service Mesh, we can group the Applications and make the internal communications using mesh DNS which communicates internally. This helps in faster response.

Benefits of Mesh

  1. Scaling: Services can scale depending on requests.
  2. Efficient deployment: Each service can be deployed independently.
  3. Defined ownership: Each service is differently owned.

How to Implement Service Mesh in the API’s

  1. Cluster should have the Module servicemesh-nginx-ingress-controller , servicemesh nginx will be installed in kuma-gateway namespace (One Time Activity to enbale mesh in the Cluster Level)
  2. Service and Ingress file should have the below annotations.

ingress.kubernetes.io/service-upstream: "true"

ingressClassName: nginx-sm

  1. Once Mesh is enabled, All the incoming and outgoing connections will be terminated.
  2. If a API communicates to the DB or anyother services which is not in the K8s. Then an external service connection request needs to be raised with Mesh team.

Ref Request :

https://github.com/Maersk-Global/service-mesh/discussions/868

https://github.com/Maersk-Global/service-mesh/discussions/984

  1. Once the Application is deployed with above annotations. We can see it in the Admiral

  2. As mentioned above, All incoming and outgoing traffic will be stopped once mesh is enabled. hence we need to create policies to allow the Incoming Traffic and Route the Traffic for Multi region Services.

  3. Once the Policy is defined, then only the services can be accessed from outside.

  4. For internal mesh to mesh communication, need to define the mesh DNS in the app properties file.

Mesh DNS : smds-opsmdm-vessel-ingest-service-cdt.opsmdm-cdt.svc.80.mesh

Was this page helpful?