Deployment within Istio Service Mesh
via https://gitlab.com/gitlab-org/gitlab-ee/issues/3633#note_100203922
Could someone provide clarification on the details of this and, specifically, how likely it is that first-class Istio support will be a priority and/or made generally available in FY2019? Are you guys be willing/prepared to accept PRs along these lines in the official helm chart repo?
We are currently self-hosting GitLab on Kubernetes and the rest of our infrastructure is or will be operating under a single Istio service mesh. The main reason we've been running GitLab in its own dedicated cluster is that we didn't wanna risk the changes needed to support Istio networking having poor compatibility with the official upstream chart.
Anyway, we're very interested in having the option to run GitLab as an extension of an existing Istio service mesh. As this epic gets fleshed out, please let us know if there's anything we can contribute to, help test, or provide details around our use-cases for.
Deploying within an existing Istio service mesh has several advantages for teams already leveraging it:
- simplified DNS configuration/integration (eliminates wildcard DNS requirement)
- mTLS provides e2e encryption on all service traffic
- should eliminate need for internal
cert-manager
- networking control and policies for services
- robust, integrated service telemetry and metrics
- may largely eliminate need for internal Prometheus/Grafana