Configuring Service Mesh Integration using GlobalConfig

EnRoute Technical Reference

EnRoute GlobalConfig can be used to tell EnRoute when it is running in a service mesh environment. This setting provides knobs to integrate with Istio and Linkerd

In both environments, the corresponding settings help EnRoute become a part of the mesh. EnRoute reads and uses the secrets generated in the service mesh to enable mTLS for all traffic.

GlobalConfig to enable/disable mesh integration (like Linkerd and istio) and specify global TLS options can be specified like this -

kind: GlobalConfig
    app: web
  name: enable-linkerd
  namespace: default
  name: linkerd-global-config
  type: globalconfig_globals
  config: |
          "linkerd_enabled": true,
          "linkerd_header_disabled": false,
          "linkerd_servicemode_disabled": false,
          "istio_enabled": false,
          "tlsContext" : { "alpnProtos" : ["http/1.1"], "minimumTlsVersion" : "1.2" },
          "cache_responses" : true

GlobalConfig to Envoy configuration

GlobalConfig configuration influences multiple parts of Envoy config

This section controls global properties like integration with service caches, TLS configuration and response caching

To enable mTLS and integration of service mesh istio and linkerd, set the flags istio_enabled or linkerd_enabled . When integration with linkerd is enabled, a couple of other settings are provided. More information about service mesh integration can be found in the integration section of docs.

SSL termination and TLS settings can also be configured using GlobalConfig. These settings let you configure the alpn protocols and minimum TLS version to be used for SSL termination.

The cache_responses flag controls if responses will be cached