Provisioning the Cloud Service Mesh

1. Create a fleet for your project, if it does not exist, using the GCP dashboard or gcloud command:

   gcloud alpha container fleet create --display-name=<fleet-name>

2. Using the GCP dashboard:

   1. Click on the cluster that you created and register it with the fleet (Actions > Register).

   2. Enable GKE Enterprise and Anthos.

3. Fleet-level settings:

   1. Create a mesh.yaml role that contains this single line:

      echo "management: automatic" > mesh.yaml

   2. Enable Cloud Service Mesh for your fleet:

      gcloud container fleet mesh enable --project <PROJECT_ID> --fleet-default-member-config mesh.yaml

4. Network-level settings:

   If the VPC for fleet and project are different, see the GCP documentation at https://cloud.google.com/service-mesh/docs/onboarding/provision-control-plane#gcloud.

5. Cluster-level settings:

   1. Create a cluster to use the service mesh:

      gcloud container clusters create-auto <CLUSTER_NAME> --fleet-project <FLEET_PROJECT_ID> --location=<LOCATION> 

   2. Enable the mesh API:

      gcloud services enable mesh.googleapis.com --project=<PROJECT_ID>

   3. Register the cluster to a fleet:

      gcloud container clusters update <CLUSTER_NAME> --location <CLUSTER_LOCATION> --fleet-project <FLEET_PROJECT_ID>

   4. Verify that the cluster is registered:

      gcloud container fleet memberships list --project <PROJECT_ID>

6. Enable automatic management:

   gcloud container fleet mesh update \
   --management automatic \             
   --memberships <MEMBERSHIP_NAME> \
   --project <FLEET_PROJECT_ID> \
   --location <MEMBERSHIP_LOCATION>

7. Verify that the control plane has been provisioned:

   gcloud container fleet mesh describe --project <PROJECT_ID>

8. Apply an injection label to the namespace:

   kubectl label namespace <NAMESPACE> istio.io/rev- istio-injection=enabled --overwrite

9. Validate that injection is enabled:

   kubectl get namespace -L istio-injection