Creating a Mesh

• Console
• CLI
• API

• 1. Open the navigation menu and click Developer Services. Under Containers & Artifacts, click Service Mesh.
  2. Click Service Meshes.
  3. On the Service Mesh page, from the list of compartments on the left side, select a compartment.
  4. Click Create service mesh.
  5. Select the Mesh Only workflow, and click Launch Workflow.
  6. In the Create Service Mesh panel, provide the following details:
     • Name: The name of the new mesh. You can change the value after creation. The name must start with a letter or underscore, followed by letters, numbers, hyphens, or underscores. Length can be 1–255 characters. Avoid entering confidential information.
     • Description: (Optional) The description of the mesh. Avoid entering confidential information.
     • Compartment: The compartment in which you want to create the mesh. The default compartment is the one you selected before, but you can select any compartment that you have permission to work in.
     • Certificate Authority ID in <your-compartment-name>: The name of the certificate authority you created for your service mesh. For more information on creating certificate authorities, see Managing Certificate Authorities.
     • Minimum TLS: Select the level of security for the Mesh mutual Transport Layer Security (mTLS) minimum mode.
       • Disabled: Accept raw TCP traffic. No minimum virtual services or ingress gateways within this mesh can use any mTLS authentication mode.
       • Permissive: Accept both mTLS and raw TCP traffic. Virtual services and ingress gateways within this mesh use either the Permissive or Strict mode.
       • Strict: Accept mTLS traffic. All virtual services and ingress within this mesh must use the Strict mode.
  7. (Optional) To add tags to the mesh, click show advanced options. For more information about tagging, see Resource Tags.
  8. Click Next and in the Review panel, review your entries.
  9. Click Create service mesh.

• To see what operations are available for mesh create use:

  oci service-mesh mesh create -h

  To create a mesh using the CLI run oci service-mesh mesh create to create the Mesh:

  oci service-mesh mesh create --display-name <name> --description <description> --compartment-id <compartmentId> --certificate-authorities <certificateAuthorities> --mtls <mtls>

  Where:

  • <name>: The name of the new mesh. You can change the value after creation. The name must start with a letter or underscore, followed by letters, numbers, hyphens, or underscores. Length can be 1–255 characters. Avoid entering confidential information.
  • <description>The description of the mesh. Avoid entering confidential information.
  • <compartmentId>: the OCID of the compartment to which the new mesh belongs.
  • <certificateAuthorities> (immutable): an array of certificate authorities used for creating leaf certificates. The value is a complex type and must be valid JSON. Provide the value as a string on the command line or pass the value in as a file using the file://path/to/file syntax.
    • id: the OCID of the certificate authority.

  • <mtls> (optional): set the mTLS authentication minimum mode between service communications within the mesh. Child resources mTLS authentication must meet this minimum mode. The value is a complex type and must be valid JSON. Provide the value as a string on the command line or pass the value in as a file using the file://path/to/file syntax.

    • <minimum>:

      • DISABLED: Accept raw TCP traffic. No minimum virtual services or ingress gateways within this mesh can use any mTLS authentication mode.
      • PERMISSIVE: Accept both mTLS and raw TCP traffic. Virtual services and ingress gateways within this mesh are either PERMISSIVE or STRICT modes.
      • STRICT: Accept mTLS traffic. All virtual services and ingress within this mesh must use STRICT mode.

      For more information on using mTLS on Service Mesh, see Using mTLS with Service Mesh.

  For example:

  oci service-mesh mesh create --display-name my-mesh --description "This is my mesh" --compartment-id ocid1.compartment.oc1.id --certificate-authorities '[{"id": "ocid1.certificateauthority.oc1.id"}]' --mtls '{"minimum":"PERMISSIVE"}'

  The response to the command includes:

  • The mesh's OCID.
  • The life-cycle state (for example: ACTIVE, FAILED).
  • The ID of the work request to create the mesh (details of work requests are available for seven days after completion, cancellation, or failure).

  If you want the command to wait to return control until the mesh is active (or the request has failed), include either or both the following parameters:

  • --wait-for-state SUCCEEDED
  • --wait-for-state FAILED

  For example:

  oci service-mesh mesh create --display-name my-mesh --description "This is my mesh" --compartment-id ocid1.compartment.oc1..aaa... --certificate-authorities '[{"id": "ocid1.certificateauthority.oc1..."}]' --mtls '{"minimum":"PERMISSIVE"}' --wait-for-state SUCCEEDED

  Note that you can't use the mesh until the work request has successfully created it and the mesh is active. To see the status of the mesh, enter:

  oci service-mesh mesh get --mesh-id <meshId>

  To view the status of the work request that is creating the mesh, refer to Service Mesh Work Requests.

  Creating a Mesh using a JSON File

  Alternatively, create a mesh by supplying a JSON file to the create command.

  1. Generate a sample JSON file for a mesh:

     oci service-mesh mesh create --generate-full-command-json-input

  2. Using the generated output from previous step, update the fields with appropriate values

  3. Supply the JSON file to the mesh create command:

     oci service-mesh mesh create --from-json file:///<filename>

  For more information about using the CLI, see:

  • Command Line Interface (CLI)
  • Service Mesh CLI Reference

• Use the CreateMesh operation to create a mesh.