Istio implementation

Within the HeartAI OpenShift implementation, an instance of OpenShift Service Mesh provides advanced mechanisms for communication across system services. Integrated into this framework is the cloud-native service-mesh software Istio that extends the OpenShift software-defined networking (SDN) with programmable and application-aware declarative network implementations. A core feature of Istio is the Envoy service proxy that is injectable as a sidecar into virtual IP hosts of the OpenShift SDN. Istio provides general approaches for network deployments, routing, traffic management, telemetry, and security.

OpenShift implementation

Further information about the HeartAI OpenShift implementation may be found with the following documentation section:

Istio is also natively integrated into the OpenShift Service Mesh implementation of Kiali, an Istio management console that provides capabilities for configuration, eventing, metrics, visualisation, and validation

Kiali implementation

Further information about the HeartAI Kiali implementation may be found with the following documentation section:

Istio VirtualService

The following example shows an Istio VirtualService declaration file for the HeartAI HelloWorldService production environment: 

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: heartai-hello-world-vs
  namespace: heartai-hello-world-prod
spec:
  hosts:
    - hello.prod.apps.aro.sah.heartai.net
  gateways:
    - heartai-hello-world-prod-gw
  http:
    - match:
        - uri:
            prefix: "/"
      route:
        - destination:
            host: heartai-hello-world

Istio DestinationRule

The following example shows an Istio DestinationRule declaration file for the HeartAI HelloWorldService production environment: 

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: heartai-hello-world-nw-rule
  namespace: heartai-hello-world-prod
spec:
  host: heartai-hello-world
  subsets:
    - name: stable
      labels:
        version: v0.31.106

Istio ServiceEntry

Istio ServiceEntry for Kafka bootstrap

The following example shows an Istio ServiceEntry declaration file for the HeartAI HelloWorldService development environment. This ServiceEntry provides the SDN declaration to integrate the Kafka bootstrap provider as a backing service: 

apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: kafka-bootstrap
  namespace: heartai-hello-world-prod
spec:
  hosts:
    - strimzi-kafka-kafka-bootstrap.heartai-strimzi.svc.cluster.local
  ports:
    - number: 9092
      name: kafka-bootstrap
      protocol: tcp
  resolution: DNS
  location: MESH_EXTERNAL

Istio ServiceEntry for Kafka brokers

The following example shows an Istio ServiceEntry declaration file for the HeartAI HelloWorldService development environment. This ServiceEntry provides the SDN declaration to integrate the Kafka brokers provider as a backing service: 

apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: kafka-brokers
  namespace: heartai-hello-world-prod
spec:
  hosts:
    - strimzi-kafka-kafka-brokers.heartai-strimzi.svc.cluster.local
  ports:
    - number: 9092
      name: kafka-brokers
      protocol: tcp
  resolution: DNS
  location: MESH_EXTERNAL

Istio ServiceEntry for PostgreSQL

The following example shows an Istio ServiceEntry declaration file for the HeartAI HelloWorldServiceService development environment. This ServiceEntry provides the SDN declaration to integrate PostgreSQL as a backing service: 

apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: postgresql
  namespace: heartai-hello-world-prod
spec:
  hosts:
    - sah-heartai-psql-prod-aue-001.postgres.database.azure.com
  ports:
    - number: 5432
      name: postgresql
      protocol: tcp
  resolution: DNS
  location: MESH_EXTERNAL

Istio Gateway

The following example shows an Istio Gateway declaration file for the HeartAI HelloWorldService production environment: 

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: heartai-hello-world-prod-gw
  namespace: heartai-hello-world-prod
spec:
  selector:
    istio: ingressgateway
  servers:
    - port:
        number: 80
        name: http
        protocol: HTTP
      tls:
        httpsRedirect: true
      hosts:
        - hello.prod.apps.aro.sah.heartai.net
    - port:
        number: 443
        name: https
        protocol: HTTPS
      tls:
        mode: SIMPLE
        credentialName: heartai-hello-world-prod-gw-cert
      hosts:
        - hello.prod.apps.aro.sah.heartai.net