Overview: Bridging the gap: Integrate legacy VMs into a zero trust service mesh

The promise of zero trust has been easily realized for modern, containerized workloads via a service mesh. But what about the backbone of your enterprise—the legacy workloads like critical databases running on virtual machines (VMs)? Integrating these resources has historically been a significant hurdle.

With the latest releases, including Red Hat OpenShift Service Mesh (OSSM) 3.0, Red Hat is in alignment with the upstream Istio project. This rapid convergence grants users access to almost all the cutting-edge features from the second-latest release.

This technical momentum creates a massive opportunity: It allows us to finally revisit how legacy VMs can securely join and participate in the microservice-dominated world of a service mesh.

In this deep dive, we'll demonstrate how to onboard these non-Kubernetes workloads. Crucially, we will simulate a completely independent environment by having the VM join the mesh from the operating system perspective—no Sidecar injection or Ambient mode trickery needed.

To successfully bridge the gap and integrate your legacy VMs into the service mesh, you need to ensure your environment meets the following foundational requirements. Our focus here is on the latest stable tooling, but note that the core concepts are backward compatible.

Prerequisites:

• Red Hat OpenShift Container Platform (OCP) 4.16 or higher
  • Provides the stable foundation for service mesh and virtualization operators.
• OpenShift Service Mesh (OSSM) 3.0.0
  • While this integration is possible on 2.x, all commands and configuration examples in this guide will strictly focus on the 3.x architecture.
• Red Hat OpenShift Virtualization
  • This is necessary to host and manage the VMs joining the mesh.

In this learning path, you will:

• Prepare the service mesh for network topology.
• Deploy a gateway for external access.
• Create a VM for integration to the mesh network.