Alauda Service Mesh v2 Docs
  • English

    • Installing a mesh in dual-stack mode

    Install Istio with dual-stack networking support to enable both IPv4 and IPv6 connectivity within your service mesh.

    Prerequisites

    • Kubernetes configured with dual-stack support.
    • The Alauda Container Platform Networking for Multus plugin must be installed, and kube-ovn must be v4.1.5 or later.
    • You have installed the Alauda Service Mesh v2 Operator on your cluster.

    TOC

    ProcedureVerifying a dual-stack meshRemoving a dual-stack mesh from a development environment

    Procedure

    Install IstioCNI

    Install the IstioCNI resource by running the following command:

    kubectl create namespace istio-cni
cat <<EOF | kubectl apply -f -
apiVersion: sailoperator.io/v1
kind: IstioCNI
metadata:
  name: default
spec:
  namespace: istio-cni
  values:
    cni:
      cniConfDir: /etc/cni/multus/net.d # /etc/cni/net.d in ACP 4.0
      excludeNamespaces:
        - istio-cni
        - kube-system
EOF

    Install Istio with dual-stack configuration

    1. Create an Istio resource with dual-stack configuration by running the following command:

      kubectl create namespace istio-system
kubectl label namespace istio-system cpaas.io/project=cpaas-system
cat <<EOF | kubectl apply -f -
apiVersion: sailoperator.io/v1
kind: Istio
metadata:
  name: default
spec:
  namespace: istio-system
  values:
    meshConfig:
      defaultConfig:
        proxyMetadata:
          ISTIO_DUAL_STACK: "true"
    pilot:
      ipFamilyPolicy: RequireDualStack
      env:
        ISTIO_DUAL_STACK: "true"
EOF

    2. Wait for the control plane to return the Ready status condition by running the following command:

      kubectl wait --for condition=Ready istio/default --timeout=3m

    Verifying a dual-stack mesh

    To confirm that your dual-stack mesh is functioning correctly, you will deploy sample applications with different IP family configurations. The goal is to verify that the mesh can handle IPv4, IPv6, and dual-stack services.

    Procedure

    Create namespaces for the sample applications

    Create the following namespaces, each hosting the tcp-echo service with a specific IP configuration:

    • dual-stack: hosts a tcp-echo service that listens on both IPv4 and IPv6 addresses.

    • ipv4: hosts a tcp-echo service listening only on IPv4 addresses.

    • ipv6: hosts a tcp-echo service listening only on IPv6 addresses.

    • sleep: hosts the client application for sending test requests.

      kubectl create namespace dual-stack
kubectl create namespace ipv4
kubectl create namespace ipv6
kubectl create namespace sleep

    Enable sidecar injection for the namespaces

    Label the namespaces to enable automatic Istio sidecar injection by running the following command:

    kubectl label namespace dual-stack istio-injection=enabled
kubectl label namespace ipv4 istio-injection=enabled
kubectl label namespace ipv6 istio-injection=enabled
kubectl label namespace sleep istio-injection=enabled

    Deploy the sample applications

    1. Deploy the tcp-echo application with dual-stack configuration:

      kubectl apply -n dual-stack -f https://raw.githubusercontent.com/alauda-mesh/istio/istio-1.28/samples/tcp-echo/tcp-echo-dual-stack.yaml

    2. Deploy the tcp-echo application with IPv4-only configuration:

      kubectl apply -n ipv4 -f https://raw.githubusercontent.com/alauda-mesh/istio/istio-1.28/samples/tcp-echo/tcp-echo-ipv4.yaml

    3. Deploy the tcp-echo application with IPv6-only configuration:

      kubectl apply -n ipv6 -f https://raw.githubusercontent.com/alauda-mesh/istio/istio-1.28/samples/tcp-echo/tcp-echo-ipv6.yaml

    4. Deploy the sleep application, which will act as a client for sending test requests:

      kubectl apply -n sleep -f https://raw.githubusercontent.com/alauda-mesh/istio/istio-1.28/samples/sleep/sleep.yaml

    5. Wait for all deployments to become available:

      kubectl wait --for=condition=Ready pod -n dual-stack -l app=tcp-echo --timeout=3m
kubectl wait --for=condition=Ready pod -n ipv4 -l app=tcp-echo --timeout=3m
kubectl wait --for=condition=Ready pod -n ipv6 -l app=tcp-echo --timeout=3m
kubectl wait --for=condition=Ready pod -n sleep -l app=sleep --timeout=3m

    Verify the dual-stack service configuration

    Confirm that the tcp-echo service in the dual-stack namespace is configured with ipFamilyPolicy of RequireDualStack by running the following command:

    kubectl get service tcp-echo -n dual-stack -o=jsonpath='{.spec.ipFamilyPolicy}'

    Example output

    RequireDualStack

    Verify connectivity to dual-stack services

    Send a test request from the sleep pod to the dual-stack tcp-echo service by running the following command:

    kubectl exec -n sleep deploy/sleep -- sh -c "echo dualstack | nc tcp-echo.dual-stack 9000"

    Example output

    hello dualstack

    Verify connectivity to IPv4 and IPv6 services

    1. Send a test request to the IPv4-only tcp-echo service:

      kubectl exec -n sleep deploy/sleep -- sh -c "echo ipv4 | nc tcp-echo.ipv4 9000"

      Example output

      hello ipv4

    2. Send a test request to the IPv6-only tcp-echo service:

      kubectl exec -n sleep deploy/sleep -- sh -c "echo ipv6 | nc tcp-echo.ipv6 9000"

      Example output

      hello ipv6

    Removing a dual-stack mesh from a development environment

    After completing your verification and experimentation, you should remove the dual-stack configuration to clean up the development environment and release resources.

    Procedure

    Execute the following commands to remove all Istio components and the sample applications:

    kubectl delete istio/default istiocni/default
kubectl delete ns/dual-stack ns/ipv4 ns/ipv6 ns/sleep
kubectl delete ns/istio-system ns/istio-cni