Support for azure-service-mesh (ASM)

ibmchas commented 6 months ago

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Description

It appears that the Open Service Mesh (OSM) add-on in Azure Kubernetes Service (AKS) is supported as an argument.

It is unclear if a similar capability for Azure Service Mesh (ASM) exists, the current write-up only looks at az cli, but it is unclear if the "To install the Istio add-on when creating the cluster, use the --enable-azure-service-mesh or--enable-asmparameter." is supported within the resource block "azurerm_kubernetes_cluster"

Within the documentation, the following is stated, but it is not entirely clear how to enable ASM A service_mesh_profile block supports the following:

mode - (Required) The mode of the service mesh. A possible value is Istio.

internal_ingress_gateway_enabled - (Optional) Is Istio Internal Ingress Gateway enabled?

external_ingress_gateway_enabled - (Optional) Is Istio External Ingress Gateway enabled?

New or Affected Resource(s)/Data Source(s)

azurerm_kubernetes_cluster

Potential Terraform Configuration

No response

References

https://github.com/MicrosoftDocs/azure-docs/issues/118520

Vegoo89 commented 5 months ago

I am in the topic so I think I can answer that.

After you register AzureServiceMeshPreview feature on your subscription and set mode to Istio it should install asm the same was as it is done via az cli right now.

You can check az cli Github repo, which points exactly to these paremeters: https://github.com/Azure/azure-cli/blob/2c6356974e65beb1d0c40666b1de95340f8a343c/src/azure-cli/azure/cli/command_modules/acs/custom.py#L2893

ibmchas commented 5 months ago

@Vegoo89 thank you for the pointers - does this then mean that I should be able to utilize the resource "azurerm_kubernetes_cluster_extension" for the extension installation of asm? And I just have to find the proper parameters in the az cli repo?

Vegoo89 commented 5 months ago

You use azurerm_kubernetes_cluster and set serviceMesh block like this

service_mesh_profile {
    mode = "Istio"
}

This way you do the same as az cli creating cluster with --enable-azure-service-mesh param

ibmchas commented 5 months ago

I can confirm that that is works as expected - closing the issue

ibmchas commented 4 months ago

@Vegoo89 while the use of the serviceMesh block enables Azure Service Mesh with self signed CA, it is still not clear to me what is required if I want to use the plugin CA over the self signed , would you know ?

Vegoo89 commented 4 months ago

@Vegoo89 while the use of the serviceMesh block enables Azure Service Mesh with self signed CA, it is still not clear to me what is required if I want to use the plugin CA over the self signed , would you know ?

I would have to look at ARM definition, but I don't think it has been implemented in this provider yet.

hashicorp / terraform-provider-azurerm