Steps to provision managed Cloud Service Mesh

• Create fleet for your project, if it does not exist via the GCP dashboard or gcloud command

  gcloud alpha container fleet create –display-name=<fleet name>

• Using GCP dashboard

  • Click of cluster that you created and register it with the fleet (Actions –> Register)

  • Enable GKE Enterprise and Anthos

• Fleet level settings

  • Create mesh.yaml role that only contains the single line as shown below

    echo “management: automatic” > mesh.yaml

  • Enable cloud service mesh for your fleet

    gcloud container fleet mesh enable –project <PROJECT_ID> –fleet-default-member-config mesh.yaml

• Network-level settings

  • If the VPC for fleet and project are different please follow GCP documentation https://cloud.google.com/service-mesh/docs/onboarding/provision-control-plane#gcloud

• Cluster-level settings

  • Create cluster to use the service mesh

    gcloud container clusters create-auto <CLUSTER_NAME> –fleet-project <FLEET_PROJECT_ID> –location=<LOCATION>

  • Enable mesh api

    gcloud services enable mesh.googleapis.com –project=<PROJECT_ID>

  • Register cluster to a fleet

    gcloud container clusters update <CLUSTER_NAME> –location <CLUSTER_LOCATION> –fleet-project <FLEET_PROJECT_ID>

  • Verify cluster is registered

    gcloud container fleet memberships list –project <PROJECT_ID>

• Enable automatic management

  gcloud container fleet mesh update –management automatic –memberships <MEMBERSHIP_NAME> –project <FLEET_PROJECT_ID> –location <MEMBERSHIP_LOCATION>

• Verify control plane has been provisioned

  gcloud container fleet mesh describe –project <PROJECT_ID>

• Apply injection label to the namespace

  kubectl label namespace <NAMESPACE> istio.io/rev- istio-injection=enabled –overwrite

• Validate injection is enabled

  kubectl get namespace -L istio-injection