The following high-level steps provide general guidance on how to integrate Tanzu Service Mesh into the GitOps workflow that your organization uses. Adapt this guidance to fit your organization's business needs.

Tanzu Service Mesh provides a CLI that your organization can use to integrate into the GitOps workflow. You can use the Tanzu Service Mesh CLI to apply Tanzu Service Mesh feature and policy configurations (such as global namespace and access control policy configurations) in a declarative way to Tanzu Service Mesh SaaS by using YAML manifests.

Procedure

  1. Set up a a dedicated Git repository to use as a single source of truth for your infrastructure configuration.
  2. To describe the appropriate configurations, create declarative manifest files.

    For information about creating declarative manifest files, see Create a Declarative Manifest Based on a Tanzu Service Mesh API Specification and Use an Existing Object or Policy Configuration to Create a Manifest.

  3. Place the manifest files in the Git repository. To control access to the files, consider setting up role-based access control (RBAC) on the repository.

    Also consider setting up an appropriate approval workflow and appropriate audits in the repository.

  4. Clone the Git repository that contains the manifest files to a local folder.
  5. Install the Tanzu Service Mesh CLI.
  6. To appply feature and policy configurations from the manifest files to Tanzu Service Mesh SaaS, run the CLI.

    The Tanzu Service Mesh CLI interacts with the Tanzu Service Mesh API gateway in the Tanzu Service Mesh SaaS. The CLI sends the manifest files to API Gateway, a single entry point into the Tanzu Service Mesh API.

    The API gateway receives the manifest files and applies them to the customer's tenant in Tanzu Service Mesh. A manifest file includes criteria that specify clusters and namespaces to which the configuration applies. As a result, objects (such as global namespaces) or policies (such as access control policies) get created or updated in the clusters based on the configuration defined in the manifest.

    For more information about using the Tanzu Service Mesh CLI, see Common CLI Tasks.

    Note:

    If you use a CI/CD pipeline, make sure that you supply the Tanzu Service Mesh CLI to the pipeline runner to automatically apply configurations to or delete configurations from Tanzu Service Mesh SaaS.