13 Incorporating VM workloads into the Mesh

So far we’ve covered Istio service mesh from the perspective of containers and Kubernetes. In reality, however, workloads frequently run on Virtual Machines (VMs) or physical machines. Containers and Kubernetes are likely used in an effort to modernize a technology stack, and here we show how to bridge these two worlds at the application-networking layer with Istio. You might wonder, why wouldn’t we simply modernize legacy workloads and run those in a Kubernetes cluster? Instead of the alternative of integrating VMs into the mesh. We too recommend that whenever possible, but here are a few cases when it’s not—or at least not when considering the cost:

13.1 Istio’s virtual machine support

13.1.1 Simplifying sidecar proxy installation and configuration within a virtual machine

13.1.2 Virtual machine high availability

13.1.3 DNS resolution of in-mesh services

13.2 Setting up the infrastructure

13.3 Setting up the service mesh

13.3.1 Provisioning the virtual machine

13.4 Mesh expansion to virtual machines

13.4.1 Exposing istiod and cluster services to the virtual machine

13.4.2 WorkloadGroups represent groups of workloads

13.4.3 Installing and configuring the istio-agent in the virtual machine

13.4.4 Routing traffic to cluster services

13.4.5 Routing traffic to the WorkloadEntry

13.4.6 Virtual machines are configured by the control plane: Enforcing mutual authentication

13.5 Demystifying the DNS Proxy

13.5.1 How the DNS Proxy resolves cluster hostnames

13.5.2 Which are the hostnames that the DNS proxy is aware of?

13.6 Customizing the Agents behavior

13.7 Removing a WorkloadEntry from the mesh

13.8 Summary