Does this tool connect to my OCI account?

No. This tool runs entirely in your browser and generates configuration JSON that you can copy and paste into your infrastructure-as-code templates, CLI commands, or cloud console. It never connects to any cloud account or sends data externally.

Are the generated configurations production-ready?

The tool produces syntactically valid configurations based on current OCI service specifications. Always review generated configs against your organization security policies and test in a non-production environment before deploying.

OCI Service Mesh Config Builder

MonitoringOCI

Build OCI Service Mesh virtual service configurations with mTLS and traffic routing.

Last verified: May 2026

OCI Service Mesh Configuration

Build OCI Service Mesh virtual service configurations with mTLS, traffic routing, ingress gateways, and access policies.

Required Fields

compartmentIddisplayNamemesh.displayNamevirtualServices

{
  "compartmentId": "ocid1.compartment.oc1..aaaaaaaexample",
  "displayName": "prod-service-mesh",
  "description": "Service mesh configuration for microservices with mTLS and traffic management",
  "mesh": {
    "displayName": "prod-mesh",
    "compartmentId": "ocid1.compartment.oc1..aaaaaaaexample",
    "certificateAuthorities": [
      {
        "id": "ocid1.certificateauthority.oc1.iad.aaaaaaaexample"
      }
    ],
    "mtls": {
      "minimum": "STRICT"
    }
  },
  "virtualServices": [
    {
      "displayName": "orders-service",
      "meshId": "ocid1.mesh.oc1.iad.aaaaaaaexample",
      "hosts": ["orders.prod.mesh"],
      "defaultRoutingPolicy": {
        "type": "UNIFORM"
      },
      "mtls": {
        "mode": "STRICT",
        "maximumValidity": 45
      },
      "virtualDeployments": [
        {
          "displayName": "orders-v1",
          "serviceDiscovery": {
            "type": "DNS",
            "hostname": "orders-v1.prod.svc.cluster.local",
            "port": 8080,
            "protocol": "HTTP"
          },
          "accessLogging": {
            "isEnabled": true
          },
          "listeners": [
            {
              "port": 8080,
              "protocol": "HTTP",
              "idleTimeoutInMs": 300000,
              "requestTimeoutInMs": 15000
            }
          ]
        },
        {
          "displayName": "orders-v2",
          "serviceDiscovery": {
            "type": "DNS",
            "hostname": "orders-v2.prod.svc.cluster.local",
            "port": 8080,
            "protocol": "HTTP"
          },
          "listeners": [
            {
              "port": 8080,
              "protocol": "HTTP"
            }
          ]
        }
      ],
      "routeTable": {
        "displayName": "orders-route-table",
        "routeRules": [
          {
            "type": "HTTP",
            "path": "/api/v2/orders",
            "pathType": "PREFIX",
            "destinations": [
              { "virtualDeployment": "orders-v2", "weight": 90 },
              { "virtualDeployment": "orders-v1", "weight": 10 }
            ]
          }
        ]
      }
    }
  ],
  "ingressGateway": {
    "displayName": "prod-ingress",
    "meshId": "ocid1.mesh.oc1.iad.aaaaaaaexample",
    "hosts": [
      {
        "name": "api-host",
        "hostnames": ["api.example.com"],
        "listeners": [
          {
            "port": 443,
            "protocol": "TLS_PASSTHROUGH",
            "tls": {
              "mode": "TLS",
              "serverCertificate": {
                "certificateId": "ocid1.certificate.oc1.iad.aaaaaaaexample"
              }
            }
          }
        ]
      }
    ]
  },
  "accessPolicies": [
    {
      "displayName": "orders-access-policy",
      "rules": [
        {
          "action": "ALLOW",
          "source": { "type": "INGRESS_GATEWAY", "ingressGateway": "prod-ingress" },
          "destination": { "type": "VIRTUAL_SERVICE", "virtualService": "orders-service" }
        }
      ]
    }
  ],
  "freeformTags": {
    "platform": "service-mesh",
    "team": "platform-engineering"
  }
}

Generated Output

Output will appear here...

About This Tool

Build OCI Service Mesh virtual service configurations with mTLS and traffic routing. This tool helps OCI engineers generate valid configurations quickly without consulting documentation, reducing errors and accelerating infrastructure deployment. All processing runs in your browser with no data sent to external servers.

Real-World Scenario

Your team's microservices on OKE communicate via plain HTTP — no mTLS, no observability, manual traffic management. The builder generates an OCI Service Mesh config: mesh enabled cluster-wide, virtual services for each microservice with mTLS auto-enabled, virtual deployments for canary versions, ingress gateway for external traffic. Within a week, all service-to-service traffic is mTLS-encrypted, distributed traces flow into OCI APM for debugging, and the team can do canary deployments by manipulating traffic policies (no code changes needed).

When to Use This Tool

•Generating oci service mesh configurations for new infrastructure deployments.
•Validating existing configurations against best practices before applying changes.
•Learning OCI service configuration patterns through interactive examples.
•Accelerating infrastructure-as-code development by producing correct JSON/YAML starting points.

Pro Tips

TIP

OCI Service Mesh is Istio-based but managed by Oracle — you get Istio's traffic management, mTLS, and observability without operating Istio yourself. For Kubernetes workloads on OKE, this is dramatically easier than self-managing Istio.

TIP

Always enable mTLS by default. The performance overhead is negligible (modern CPU AES-NI handles this fast); the security improvement is enormous. Without mTLS, service-to-service traffic is plaintext within your cluster — visible to anyone with cluster network access.

TIP

Virtual Service traffic policies enable canary deployments at the network layer. Route 95% of traffic to v1, 5% to v2 based on header conditions or random splits. Monitor v2's metrics for 30 minutes; if healthy, shift traffic. Without service mesh, this requires application-layer logic; with it, the mesh handles routing.

How It Works Under the Hood

The builder constructs OCI Service Mesh configurations: mesh resource (compartment, name), virtual services (each representing a microservice with its routing policies, mTLS settings, and traffic targets), virtual deployments (representing service versions for canary/blue-green patterns), ingress gateways for external traffic entry, and mesh-wide policies (logging, tracing). Output is generated as oci service-mesh commands and Terraform oci_service_mesh_* resources.

Frequently Asked Questions

Does this tool connect to my OCI account?: No. This tool runs entirely in your browser and generates configuration JSON that you can copy and paste into your infrastructure-as-code templates, CLI commands, or cloud console. It never connects to any cloud account or sends data externally.
Are the generated configurations production-ready?: The tool produces syntactically valid configurations based on current OCI service specifications. Always review generated configs against your organization security policies and test in a non-production environment before deploying.

Related Learning Guides

Autonomous Database on OCI20 min read
OCI Cost Optimization Strategies18 min read

Was this tool helpful?

Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.