# ServiceMesh Lab

## OpenShift Service Mesh for Example Bank

![Example Bank diagram](https://3928126737-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHI9hQsrkpOgN4dX6Cj%2Fsync%2Fa954ea2ec422395147108fc291c98d051396cf34.png?generation=1600426872096496\&alt=media)

### Part 1: Deploy Example Bank

Login and checkout Example Bank github repo.

```
oc login
ibmcloud login -u <account name>
git clone https://github.com/IBM/example-bank.git
oc new-project example-bank
```

```
cd example-bank/scripts/
./createappid.sh
./createsecrets.sh <AppId Management Server URL> <API Key>
./deploy-db.sh
./installServerlessOperator.sh
```

* Note: Verify the `creditdb` database pod is in Running state before running the SQL schema loader.

Deploy front end service and SQL data schema.

```
oc apply -f deployment.yaml
oc apply -f data_model/job.yaml
```

Verify schema loaded to ensure the database is ready to use.

```
oc logs cc-schema-load-<pod>
```

Deploy back-end services:

```
oc apply -f bank-app-backend/transaction-service/deployment.yaml -f bank-app-backend/user-service/deployment.yaml
```

Deploy the Serverless (knative) service.

```
cd bank-knative-service/
oc apply -f deployment.yaml
```

Verify it's running:

```
oc get kservice
```

At this point we can verify the app is running prior to setting up service mesh. We are using an OpenShift route.

```
oc get routes
```

Visit URL for the mobile simulator route.

## Part 2: Service Mesh Setup

Open up the OpenShift console, navigate to the the OperatorHub, install operators in this order:

1. Elastic Search (choose version 4.3)
2. Jaeger Operator
3. Kiali
4. Service Mesh Operator

Create a new project called `istio-system`.

Go to installed operators, and wait until they become available in this namespace.

While waiting, check out the `service-mesh` branch:

```
git checkout service-mesh
`
```

#### Next steps:

* Create Control Plane instance.
* Create ServiceMeshMemberRolls

Verify install:

`oc get smmr -o yaml --all-namespaces | egrep -A2 'ControlPlane|configuredMembers'`

Open up a second terminal to watch pods: `watch -n1 oc get pods`

Deploy with sidecar enabled:

```
oc apply -f bank-app-backend/user-service/deployment.yaml -f bank-app-backend/transaction-service/deployment.yaml -f deployment.yaml
```

Patch database pod to inject the Istio sidecar.

```
kubectl patch deployments.apps creditdb -p '{"spec":{"template":{"metadata":{"annotations":{"sidecar.istio.io/inject":"true"}}}}}'
```

Delete route and replace with Istio ingress gateway:

```
oc delete routes --all
oc apply -f bank-istio-gw.yaml
```

Force mTLS between database and other services:

```
oc apply -f bank-istio-policy.yaml -f bank-istio-destination-mtls.yaml
```

Enable knative-serving with Istio.

```
./label-knative.sh
```

This sets the appropriate labels in the `knative-serving` namespace allowing the knative service to be triggered.

Redeploy the knative service with the Istio sidecar annotation.

```
oc apply -f bank-knative-service/network.yaml
oc apply -f bank-knative-service/deployment.yaml
```

> We are updating the cleanup utility because we need to send a signal to the Envoy sidecar to exit after the job completes.

```
oc delete -f bank-user-cleanup-utility/job.yaml
oc apply -f bank-user-cleanup-utility/job.yaml
```

> Expose access via OpenShift secured route. Go to istio-system namespace in Admin console.

Set port 80 -> 8080, Edge, Redirect. Default OpenShift certs can be used, or you can upload your own certificates.

> Click on URL, e.g. <https://example-bank-istio-system.first-test-cluster-f8c169e6934c89d328b2b987ec7f7018-0000.us-south.containers.appdomain.cloud/>
>
> Click on "Padlock" to examine certs.
>
> Use bank simulator. Note that all relevant pods have extra container.
>
> Open up Kiali from App square to view traffic flow.

![kiali](https://github.com/IBM/example-bank/blob/main/images/kiali.png)

#### Badge

After completion of the workshop, you can collect your [badge](https://www.youracclaim.com/org/ibm/badge/hybrid-cloud-conference-service-mesh-networker)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ibm-developer.gitbook.io/digital-developer-conference-hybrid-cloud/service-mesh-workshop/lab5.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.