Getting Started with Azure Service Mesh on AKS

To start using Azure Service Mesh on Azure Kubernetes Service (AKS), you'll need to create a Service Mesh instance in the Azure portal.

This instance will be used to manage your microservices and provide features like service discovery, traffic management, and security.

First, navigate to the Azure portal and search for "Service Mesh" in the search bar. Click on the result to create a new instance.

Once created, you'll be provided with the Service Mesh instance's name, resource group, and other details. Make sure to note these down for future reference.

Azure Service Mesh can be implemented using the Azure Service Mesh CLI tool, which is available for Windows, macOS, and Linux platforms.

The CLI tool provides a simple and intuitive way to manage and configure your service mesh, allowing you to create, update, and delete mesh resources with ease.

To get started with Azure Service Mesh, you'll need to create a new Azure Kubernetes Service (AKS) cluster, which can be done using the Azure CLI or the Azure portal.

Service Mesh with HashiCorp Consul is a solution that enables applications to operate at scale and quickly discover and securely connect to necessary services.

Modern deployments require a strong environment that can handle high traffic and complex connections, which is where HashiCorp Consul comes in.

HashiCorp Consul as a service mesh works with different Microsoft services to address challenges and support strong microservice deployments.

It's essential to have a service mesh like HashiCorp Consul to ensure applications can operate efficiently and securely in a complex environment.

AGIC with OSM Ingress Add-on is a powerful combination for managing network traffic in your cluster.

AGIC (Application Gateway Ingress Controller) is an open-source project that allows you to use Azure Application Gateway with your Kubernetes cluster. It's a great choice for load balancing and SSL termination.

To use AGIC with the OSM Ingress Add-on, you'll need to install the AGIC Helm chart. This can be done using the following command: `helm install agic/agic`.

AGIC will then create a load balancer and configure the Application Gateway to route traffic to your pods.

The OSM Ingress Add-on is a Kubernetes operator that provides a simple and flexible way to manage Ingress resources. It's designed to work seamlessly with AGIC.

By using the OSM Ingress Add-on with AGIC, you can take advantage of features like automatic Ingress resource creation and deletion, as well as support for multiple Ingress controllers.

To get started, simply install the OSM Ingress Add-on using the following command: `kubectl apply -f https://raw.githubusercontent.com/open-service-mesh/osm/master/examples/ingress-add-on/ingress-add-on.yaml`.

To install Istio Service Mesh AKS add-on, you need to register the AzureServiceMeshPreview feature and use the --enable-asm flag in the az aks create command.

The Istio service mesh is installed in the aks-istio-system namespace, and the Istio ingress gateway is created in a separate namespace called aks-istio-ingress.

You should use the -i aks-istio-system flag with all your istioctl commands because Istio is not deployed into the default istio-system namespace.

Enabling Istio injection using a revision label makes sense for future Istio upgrades, although there is currently no documentation on Istio upgrades.

To create an external Istio ingress gateway, you need to use a specific command.

Let's take a look at how to check the Istio version. The control plane version has a 1.17-dev tag, but that doesn't give us the full picture.

You can get more information by inspecting the Pods and looking at the container images used. This will give you the patch version of the Istio version.

To do this, you can look for container images like mcr.microsoft.com/oss/istio/proxyv2:1.17.1-distroless and mcr.microsoft.com/oss/istio/pilot:1.17.1-distroless. These images indicate that the Istio version is 1.17.1.

Istio was installed using Helm, which allows you to track exactly what was installed by the Azure Service Mesh add-on.

You can view the manifests by running a command, as shown in an example: `aks-istio-system` and `aks-istio-ingress` namespaces contain existing secrets that indicate Istio was installed using Helm.

This approach provides transparency and control over the installation process, which is essential for managing complex systems.

Metrics observability allows you to view the metrics of your mesh and the deployments in your mesh. You can use Prometheus and Grafana for metrics observability, but those integrations aren't covered by the AKS support policy.

To integrate OSM with Azure Monitor, you'll need to enable Azure Monitor on your cluster, enable the OSM add-on for your AKS cluster, and onboard your application namespaces to the mesh.

Here are the steps to enable metrics observability with Azure Monitor:

1. Enable metrics for a namespace in the mesh using the osm metrics enable command. For example, you can use `osm metrics enable --namespace myappnamespace`.

2. Create a ConfigMap in the kube-system namespace that enables Azure Monitor to monitor your namespaces. This ConfigMap should include the namespace you want to monitor, such as `myappnamespace`.

3. Apply the ConfigMap using the kubectl apply command, like this: `kubectl apply -f monitor-configmap.yaml`.

4. Navigate to the Azure portal and select your AKS cluster. Then, under Monitoring, select Logs.

5. In the Monitoring section, query the InsightsMetrics table to view metrics in the enabled namespaces. For example, you can use the query `InsightsMetrics | where Name contains "envoy" | extend t=parse_json(Tags) | where t.namespace == "default"`.