Connect Services Across Clusters with a Global Namespace

With global namespaces in Tanzu Service Mesh, you can easily connect and secure the services in your application across clusters. You can learn how to add the services in your application to a global namespace to have them automatically discovered and connected across the clusters. A global namespace can be shared across a single cluster, multiple clusters, or even clusters in different clouds.

Where appropriate, an example of a sample e-commerce application is used to show you how to connect services across clusters by adding them to a global namespace. The sample application is made up of 12 services and is configured to have most of the services deployed on one cluster and the catalog service deployed on the other cluster.

Prerequisites

Verify the following prerequisites:

Onboard the clusters where your services are deployed to Tanzu Service Mesh.
Know the Kubernetes namespaces in your clusters that hold the services of your application.
Access the Tanzu Service Mesh Console
Learn more about Tanzu Service Mesh and global namespace in About Tanzu Service Mesh Concepts.

Procedure

In the Tanzu Service Mesh Console, create a global namespace for your application services:
1. In the navigation panel on the left, click Inventory and then click Global Namespaces.
2. On the Global Namespaces page, click New Global Namespace.
3. On the General Details page of the New Global Namepace wizard, enter a unique name and a domain name for the global namespace.
  
  The name of a global namespace and its domain name together forms a fully qualified domain name (FQDN) that uniquely identifies that global namespace and makes it possible for the services in the global namespace to communicate with each other across clusters.
  
  In the example, you must enter a name of sample-gns and a domain name of sample.app.com.
4. On the Namespace Mapping page, to add the services in your application to the global namespace, specify their Kubernetes namespace-cluster pairs. Under Namespace Mapping Rule, in the left drop-down menu, select the namespace on one of your clusters that holds some of the services and in the right drop-down menu, select the name of the cluster. Click Add Mapping Rule to create multiple namespace mapping rules for the same or different clusters.
  
  Important:
  Kubernetes namespaces with different names in one or more clusters can be mapped into a single global namespace. However, you cannot assign a specific namespace in a cluster to more than one global namespace at the same time. Multiple namespace supports public service and cross cluster routing; however, traffic management, SLOs and autoscaling are not supported. For more information on multinamespace support in a single global namespace, see Global Namespaces.
  
  The namespace-cluster pairs you specify here define namespace mapping rules that are used to select services for a global namespace. Click Service Preview under each namespace-mapping rule to see the names of the selected services from each cluster.
  
  The sample application has services running on two clusters. For most of the services running in one cluster, select the default namespace in the left drop-down menu and the prod-cluster1 cluster in the right drop-down menu. Then click Add Namespace Mapping and select the default namespace and the prod-cluster2 cluster for the catalog service on the other cluster.
5. (Optional) On the External Services page, configure external services in the global namespace.
  
  For more information about creating external services, see Create an External Service.
6. (Optional) On the Public Services page, select one of the following options.
  - To configure GSLB-enabled or non-GSLB public services in the global namespace, click Configure Public Service/s and click Next. For an explanation of GSLB-enabled and non-GSLB public services and information about configuring public services, see Create a Public Service.
  - To create a global namespace without public services, click No Public Services and click Next.
7. On the Summary page, review the configuration of the global namespace and click Finish.
(Optional) To enable the cross-cluster communication between the services, edit the Kubernetes deployment manifest for the appropriate service on one cluster to specify the domain name of the global namespace, prefixing the domain name with the name of the service on the other cluster.

Important:
Make sure that you prefix the domain name with the name of the service that you want the service being edited to communicate with. See the following example.
In the sample application, the shopping service on one cluster must communicate with the catalog service on the other cluster. To edit the deployment manifest of the shopping service, run the following kubectl command.
```
kubectl --context=prod-cluster1.local edit deployment shopping
```
In the deployment manifest, set the appropriate variable to catalog.sample.app.com. The catalog prefix is required for the shopping service to communicate with the catalog service.
Important:
If you are using your custom application instead of the sample application, make sure to use the appProtocol field to define your port in the Kubernetes service manifest for your application. This is needed for the services running on one cluster to communicate with the services running on the other clusters.

The following example of a service manifest shows appProtocol for HTTP under ports.
```
apiVersion: v1
kind: Service
metadata: 
  name: order-service
spec:
  ports:
    - appProtocol: http
      number: 3000
```
Verify the cross-cluster communication between the services in Tanzu Service Mesh.
1. On the navigation pane on the left, click Inventory and then Global Namespaces.
2. On the Global Namespaces page, click the name of the global namespace that you created (sample-gns in the example).
  The global namespace details page displays the summary information about the global namespace, including its overall health state. The global namespace can have of the following health statuses:
  - Healthy. The configuration of the global namespace is synced and applied to the clusters that make up the global namespace. There is connectivity between the Tanzu Service Mesh SaaS and the clusters in the global namespace.
  - Syncing. A temporary status. The configuration of the global namespace is being synced to the clusters that are in the global namespace. When the synchronization is complete, the status will change to Healthy or Error.
  - Error. There was a problem syncing the configuration of the global namespace to the clusters. For example, the global namespace is incorrectly configured, or something is missing from the configuration. To resolve the problem, open a support request with VMware.
3. Click the GNS Topology tab.
  
  The service topology graph shows the connections between the services in the different clusters. The line between the services indicates that traffic flows between them. The number of requests per seconds (RPS) or other specified service metrics are shown.

What to do next

For information about how to specify metrics to show in the service topology graph and other details about using the topology graph, see View the Summary Infrastructure and Service Information.