kmesh-net · Eeshu-Yadav · Oct 25, 2025 · Oct 25, 2025 · Oct 25, 2025 · Oct 25, 2025
diff --git a/kmesh-integration/Dockerfile b/kmesh-integration/Dockerfile
@@ -0,0 +1,34 @@
+FROM ubuntu:24.04
+
+RUN apt-get update && apt-get install -y \
+    ca-certificates \
+    libssl3 \
+    gettext-base \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN useradd -m -u 1337 -s /bin/bash istio-proxy && \
+    mkdir -p /var/log/orion /etc/orion && \
+    chown -R istio-proxy:istio-proxy /var/log/orion /etc/orion
+
+WORKDIR /home/istio-proxy
+
+COPY orion /usr/local/bin/orion
+RUN chmod +x /usr/local/bin/orion
+
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod +x /usr/local/bin/entrypoint.sh
+
+COPY config/orion-waypoint.yaml /etc/orion/config.yaml
+
+USER istio-proxy
+
+# Expose ports
+# 15000: Admin interface
+# 15006: Inbound traffic
+# 15008: HBONE tunnel
+# 15020: Health check
+# 15021: Status port
+# 15090: Prometheus metrics
+EXPOSE 15000 15006 15008 15020 15021 15090
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
diff --git a/kmesh-integration/README.md b/kmesh-integration/README.md
@@ -0,0 +1,99 @@
+# Orion as Kmesh Waypoint 
+
+##  Directory Structure
+
+```
+kmesh-integration/
+├── README.md                        # This file
+├── Dockerfile                       # Orion waypoint container image
+├── orion                            # Pre-built Orion binary
+├── entrypoint.sh                    # Container entrypoint script
+├── config/
+│   └── orion-waypoint.yaml          # Orion configuration
+├── docs/
+│   └── KMESH-FULL-INTEGRATION.md    # Complete verification & architecture
-│   └── KMESH-FULL-INTEGRATION.md    # Complete verification & architecture
+│   └── commands.md                 # Complete verification & architecture
-│   └── KMESH-FULL-INTEGRATION.md    # Complete verification & architecture
+│   └── commands.md                 # Complete verification & architecture
+├── scripts/
+│   ├── setup-kmesh-kind.sh          # Automated setup script ( Start here!)
+│   └── test-kmesh-full.sh           # Comprehensive test suite
+└── yamls/
+    ├── orion-deployment.yaml        # Orion waypoint deployment
+    └── orion-service.yaml           # Orion waypoint service
+```
+
+##  Quick Start 
+
+### Prerequisites
+
+- **kind cluster** running (v1.31.0+)
+- **kubectl** configured
+- **istioctl** (v1.23+) - [Install guide](https://istio.io/latest/docs/setup/getting-started/#download)
+- **helm** (v3+)
+- **Docker** running
+
+### One-Command Setup
+
+```bash
+cd kmesh-integration
+./scripts/setup-kmesh-kind.sh
+```
+
+### Run Tests
+
+```bash
+./scripts/test-kmesh-full.sh
+```
+
+## Verification
+
+### Check Kmesh Integration
+
+```bash
+# Verify namespace label
+kubectl get namespace bookinfo -o jsonpath='{.metadata.labels.istio\.io/dataplane-mode}'
+# Output: Kmesh
+
+# Verify pod annotation (PROOF OF eBPF)
+kubectl get pod -n bookinfo -l app=productpage \
+  -o jsonpath='{.items[0].metadata.annotations.kmesh\.net/redirection}'
+# Output: enabled
+
+# Check Kmesh daemon
+kubectl get pods -n kmesh-system
+# Output: kmesh-xxxxx (Running)
+```
+
+### Test Traffic
+
+```bash
+# Send request through Orion waypoint
+kubectl exec -n bookinfo deploy/sleep -- \
+  curl -v http://productpage:9080/productpage
+
+# Check Orion logs
+kubectl logs -n bookinfo -l app=orion-waypoint --tail=50
+```
+
+### Check Orion Listeners
+
+```bash
+kubectl logs -n bookinfo -l app=orion-waypoint | grep "Started version"
+```
+
+Expected output:
+```
+Started version 11 of listener main_internal
+Started version 12 of listener connect_originate
+Started version 10 of listener connect_terminate
+```
+
+### Check Logs
+```bash
+# Kmesh logs
+kubectl logs -n kmesh-system -l app=kmesh --tail=50
+
+# Orion logs
+kubectl logs -n bookinfo -l app=orion-waypoint --tail=50
+
+# Istio logs
+kubectl logs -n istio-system -l app=istiod --tail=50
+```
diff --git a/kmesh-integration/config/orion-waypoint.yaml b/kmesh-integration/config/orion-waypoint.yaml
@@ -0,0 +1,94 @@
+---
+
+runtime:
+  num_cpus: 2
+  num_runtimes: 2
+
+logging:
+  log_level: "info"
+
+envoy_bootstrap:
+  node:
+    id: "${NODE_ID}"
+    cluster: "waypoint.${NAMESPACE}"
+    metadata:
+      NAMESPACE: "${NAMESPACE}"
+      NODE_NAME: "${NODE_NAME}"
+      ENABLE_HBONE: "true"
+      LABELS:
+        gateway.networking.k8s.io/gateway-name: "orion-waypoint"
+        istio.io/dataplane-mode: "none"
+        service.istio.io/canonical-name: "orion-waypoint"
+        sidecar.istio.io/inject: "false"
+        gateway.istio.io/managed: "istio.io-mesh-controller"
+      INSTANCE_IPS: "${POD_IP}"
+      METADATA_DISCOVERY: "true"
+      SERVICE_ACCOUNT: "${SERVICE_ACCOUNT}"
+      CLUSTER_ID: "Kubernetes"
+      NAME: "${POD_NAME}"
+      MESH_ID: "cluster.local"
+      WORKLOAD_NAME: "orion-waypoint"
+      ISTIO_VERSION: "1.27.3"
+      INTERCEPTION_MODE: "REDIRECT"
+      ENVOY_STATUS_PORT: 15021
+      ENVOY_PROMETHEUS_PORT: 15090
+      PILOT_SAN:
+        - "istiod.istio-system.svc"
+
+  dynamic_resources:
+    ads_config:
+      api_type: GRPC
+      transport_api_version: V3
+      grpc_services:
+        - envoy_grpc:
+            cluster_name: xds_cluster
+
+  static_resources:
+    clusters:
+      - name: xds_cluster
+        connect_timeout: 0.25s
+        type: STRICT_DNS
+        lb_policy: ROUND_ROBIN
+        typed_extension_protocol_options:
+          envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
+            "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
+            explicit_http_config:
+              http2_protocol_options: {}
+        load_assignment:
+          cluster_name: xds_cluster
+          endpoints:
+            - lb_endpoints:
+                - endpoint:
+                    address:
+                      socket_address:
+                        address: istiod.istio-system.svc.cluster.local
+                        port_value: 15010
+
+    listeners:
+      - name: health_check
+        address:
+          socket_address:
+            address: 0.0.0.0
+            port_value: 15021
+        filter_chains:
+          - filters:
+              - name: envoy.filters.network.http_connection_manager
+                typed_config:
+                  "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+                  stat_prefix: health
+                  route_config:
+                    name: health_route
+                    virtual_hosts:
+                      - name: health
+                        domains: ["*"]
+                        routes:
+                          - match:
+                              prefix: "/healthz"
+                            direct_response:
+                              status: 200
+                              body:
+                                inline_string: "OK"
+                  http_filters:
+                    - name: envoy.filters.http.router
+                      typed_config:
+                        "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
diff --git a/kmesh-integration/docs/commands.md b/kmesh-integration/docs/commands.md
@@ -0,0 +1,111 @@
+# Kmesh Integration Setup Guide
+
+## Prerequisites
+
+Navigate to the kmesh-integration directory:
+
+```bash
+cd kmesh-integration
+```
+
+## Setup Steps
+
+### 1. Setup Kmesh Kind Cluster (Optional)
+
+If you don't want to enter commands manually, run the setup script:
+
+```bash
+./scripts/setup-kmesh-kind.sh
+```
+
+### 2. Configure Kubernetes Context
+
+```bash
+kubectl config use-context kind-kind
+```
+
+### 3. Enable Kmesh Dataplane Mode
+
+Label the bookinfo namespace to use Kmesh:
+
+```bash
+kubectl label namespace bookinfo istio.io/dataplane-mode=Kmesh --overwrite
+```
+
+### 4. Build and Load Orion Waypoint Image
+
+Build the Docker image:
+
+```bash
+docker build -t orion-waypoint:latest .
+```
+
+Load the image into the kind cluster:
+
+```bash
+kind load docker-image orion-waypoint:latest
+```
+
+### 5. Deploy Orion Waypoint
+
+Apply the deployment configuration:
+
+```bash
+kubectl apply -f yamls/orion-deployment.yaml -n bookinfo
+```
+
+Apply the service configuration:
+
+```bash
+kubectl apply -f yamls/orion-service.yaml -n bookinfo
+```
+
+Wait for the pods to be ready:
+
+```bash
+kubectl wait --for=condition=ready pod -l app=orion-waypoint -n bookinfo --timeout=60s
+```
+
+### 6. Configure Waypoint for ProductPage
+
+Label the productpage service to use the orion-waypoint:
+
+```bash
+kubectl label service productpage -n bookinfo istio.io/use-waypoint=orion-waypoint --overwrite
+```
+
+## Verification
+
+### Check Kmesh Redirection
+
+Verify the Kmesh redirection annotation on the productpage pod:
+
+```bash
+kubectl get pod -n bookinfo -l app=productpage -o jsonpath='{.items[0].metadata.annotations.kmesh\.net/redirection}' && echo
+```
+
+### Test HTTP Connection
+
+Check if the productpage is accessible and returns a successful status code:
+
+```bash
+echo "Status code: $(kubectl exec -n bookinfo deploy/sleep -- curl -s -o /dev/null -w "%{http_code}" http://productpage:9080/productpage)"
+```
+
+Expected output: `Status code: 200`
+
+### Check Orion Waypoint Logs
+
+View the logs to confirm the waypoint is running:
+
+```bash
+kubectl logs -n bookinfo -l app=orion-waypoint | grep "Started version"
+```
+
+## Full Testing
+
+For comprehensive testing, run the full test script:
+
+```bash
+./scripts/test-kmesh-full.sh
+```
diff --git a/kmesh-integration/entrypoint.sh b/kmesh-integration/entrypoint.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+# Orion startup script that substitutes environment variables in config
+
+set -e
-set -e
+set -euo pipefail
-set -e
+set -euo pipefail
+
+if [ -z "${NODE_ID}" ]; then
+    export NODE_ID="waypoint~${POD_IP}~${POD_NAME}.${NAMESPACE}~${NAMESPACE}.svc.cluster.local"
+fi
+
+echo "Starting Orion with NODE_ID: ${NODE_ID}"
+
+envsubst < /etc/orion/config.yaml > /tmp/orion-config-processed.yaml
+
+exec /usr/local/bin/orion --config /tmp/orion-config-processed.yaml
diff --git a/kmesh-integration/orion b/kmesh-integration/orion