This example demonstrates how a client application written in Python can connect to HTTP service running in an Istio mesh through Nasp library.
To be able to join an existing service mesh, Nasp needs to connect to an Istio control plane. To install Istio, we suggest to use the Banzai Cloud Istio Operator. While it should just work with the official installation methods, we are using our operator for testing, and the test deployment scripts are also using this tool. To get started with the operator, follow the deployment steps on GitHub.
Heimdall is a small tool that allows external services to obtain an Istio configuration from a Kubernetes cluster based on an external authentication mechanism. When running a service outside a cluster that you'd like to put in the mesh, it has to know what network, cluster or mesh to join, or where to get certificates from. Heimdall helps getting that configuration from the cluster. Heimdall can be found in this repo, follow its readme to get it up and running on your cluster.
Nasp library is written in Go thus it can be used from Python through CGO bindings. Run make dynamic-lib to build Nasp as dynamic library that Python can consume.
pip3 install -r nasp/requirements.txt
At high level create a new HTTP transport with Nasp than bind it to HTTP requests issued from Python code through the NaspHTTPTransportAdapter request adapter
with nasp.new_http_transport(...) as http_transport:
with requests.Session() as s:
s.mount("http://", nasp.NaspHTTPTransportAdapter(http_transport.id))
with s.get("http://test.example.org") as resp:
# process responseFor a complete example see main.py
If you'd like to test these examples on your local machine without connecting to a Kubernetes cluster in the cloud, you can use the deploy-kind.sh script in the test directory. It will create a kind cluster (or use an existing one), and install Istio and Heimdall along with an echo service for testing.