Long term goal: Provide support for services deployed outside of kubernetes to be enlisted within the Service Mesh. Details regarding the motivation and steps to make this a supported feature are described in this document(Red Hat internal only). Note that there are business considerations that are TBD.

Goal of this epic: Introduce experimental "developer preview" capabilities to include a standalone RHEL-flavoured VM with OpenShift Service Mesh. Document these capabilities with a Red Hat Developer blog post. 

Problem in a nutshell: Customers often run services outside of kubernetes, and want to manage policies and traffic with these services using a service mesh. The concept of a service mesh pre-dates Kubernetes, and the ability to include off-cluster workloads with mesh remains the largest outstanding feature gap for OSSM with community Istio. While OCP Virt provides one solution, some workloads may not be able to move to OCP Virt for some time - or ever. Service Mesh integration helps to integrate the management of these external workloads with the OCP platform.

Dependencies (internal and external):

• Upstream Istio provide this capability, documented here.

Deliverables:

• A blog post describing how to integrate a RHEL-flavoured external VM with OpenShift Service Mesh, including a verified step by step procedure. Use OCP 4.19 for testing and Kubernetes Gateway API resources where applicable. The example should include:

• • Setting up Istiod to connect with the external VM(s). Note any security concerns.
  • Setting up the gateway for routing traffic to the external VM (assume VM is on a separate network) to ensure connectivity with the mesh.
  • Setting up Istio to discover the remote service
  • Observability between the mesh and external VM(s).
  • AuthorizationPolicy using VM
• Any enhancements necessary to support the above. 
• Internal document outlining possible improvements or opportunities for upstream contributions
• Can use community versions of Envoy, though consider contributing a more appropriate (RHEL? flavour)
• A scoped epic for technology preview (or GA) support (will need fully productized components, product doc, etc), but these tasks do not need to be completed until a later release.