openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity

Merge pull request #40125 from openshift-cherrypick-robot/cherry-pick-37131-to-enterprise-4.10

Browse Source 
[enterprise-4.10] OSSMDOC-418 Fix OSSM federation examples
This commit is contained in:
Vikram Goyal
2021-12-22 23:40:14 +10:00
committed by GitHub
parent fd823768cd da83062e80
commit 1b9dabded5
6 changed files with 83 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
modules/ossm-federation-config-export.adoc
View File

@@ -39,15 +39,18 @@ spec:
alias:
namespace: bookinfo
name: ratings
# export any service in red-mesh-bookinfo namespace with label export-service=true
# export any service in red-mesh-bookinfo namespace with label export-service=true
- type: LabelSelector
labelSelector:
namespace: red-mesh-bookinfo
Selector:
selector:
matchLabels:
export-service: true
alias: # exported as if they were in the bookinfo namespace
namespace: bookinfo
export-service: "true"
aliases: # export all matching services as if they were in the bookinfo namespace
- namespace: "*"
name: "*"
alias:
namespace: bookinfo
----
.ExportServiceSet parameters
@@ -67,23 +70,23 @@ spec:
|spec:
exportRules:
-type:
- type:
|Type of rule that will govern the export for this service. The first matching rule found for the service will be used for the export.
|`NameSelector`, `LabelSelector`
|spec:
exportRules:
-type: nameSelector
NameSelector:
- type: NameSelector
nameSelector:
namespace:
name:
|To create a `NameSelector` rule, specify the `namespace` of the service and the `name` of the service as defined in the `Deployment` resource.
|To create a `NameSelector` rule, specify the `namespace` of the service and the `name` of the service as defined in the `Service` resource.
|
|spec:
exportRules:
-type: NameSelector
NameSelector:
- type: NameSelector
nameSelector:
alias:
namespace:
name:
@@ -92,27 +95,30 @@ spec:
|spec:
exportRules:
-type: LabelSelector
LabelSelector:
- type: LabelSelector
labelSelector:
namespace: <exportingMesh>
Selector:
selector:
matchLabels:
<label>: "true"
|To create a `LabelSelector` rule, specify the `namespace` of the service and specify the `label` defined in the `Deployment` resource. In the example above, the label is `export-service`.
<labelKey>: <labelValue>
|To create a `LabelSelector` rule, specify the `namespace` of the service and specify the `label` defined in the `Service` resource. In the example above, the label is `export-service`.
|
|spec:
exportRules:
-type: LabelSelector
LabelSelector:
- type: LabelSelector
labelSelector:
namespace: <exportingMesh>
Selector:
selector:
matchLabels:
<label>: "true"
alias:
namespace:
<labelKey>: <labelValue>
aliases:
- namespace:
name:
|To create a `LabelSelector` rule that uses an alias for the service, after specifying the `namespace` and `label`, then specify the alias to be used for `name` or `namespace` of the service. In the example above, the alias is `bookinfo`.
alias:
namespace:
name:
|To create a `LabelSelector` rule that uses aliases for the services, after specifying the `selector`, specify the aliases to be used for `name` or `namespace` of the service. In the example above, the namespace alias is `bookinfo` for all matching services.
|
|===
@@ -130,7 +136,7 @@ spec:
exportRules:
- type: NameSelector
nameSelector:
namespace: *
namespace: "*"
name: ratings
----
@@ -147,5 +153,5 @@ spec:
- type: NameSelector
nameSelector:
namespace: west-data-center
name: *
name: "*"
----

25
modules/ossm-federation-config-import.adoc
View File

@@ -33,8 +33,8 @@ spec:
importRules: # first matching rule is used
# import ratings.bookinfo as ratings.bookinfo
- type: NameSelector
importAsLocal: false
nameSelector:
importAsLocal: false
namespace: bookinfo
name: ratings
alias:
@@ -60,32 +60,35 @@ spec:
|spec:
importRules:
-type:
- type:
|Type of rule that will govern the import for the service. The first matching rule found for the service will be used for the import.
|`NameSelector`
|spec:
importRules:
-type: NameSelector:
- type: NameSelector
nameSelector:
namespace:
name:
|To create a `NameSelector` rule, specify the `namespace` of the service and the `name` of the service, as defined in the `Deployment` resource.
|To create a `NameSelector` rule, specify the `namespace` and the `name` of the exported service.
|
|spec:
importRules:
-type: NameSelector:
importAsLocal:
- type: NameSelector
importAsLocal:
|Set to `true` to aggregate remote endpoint with local services. When `true`, services will be imported as `<name>.<namespace>.svc.cluster.local`
|`true`/`false`
|spec:
importRules:
-type: NameSelector:
importAsLocal:
- type: NameSelector
nameSelector:
namespace:
name:
alias:
namespace:
name:
|To create a `NameSelector` rule that uses an alias for the service, after specifying the `namespace` and `name` for the service, then specify the alias for the `namespace` and the alias to be used for `name` of the service.
|
|===
@@ -104,8 +107,8 @@ metadata:
spec:
importRules:
- type: NameSelector
importAsLocal: false
nameSelector:
importAsLocal: false
namespace: bookinfo
name: ratings
----
@@ -121,8 +124,8 @@ metadata:
spec:
importRules:
- type: NameSelector
importAsLocal: false
nameSelector:
importAsLocal: false
namespace: west-data-center
name: *
name: "*"
----

8
modules/ossm-federation-config-meshPeer.adoc
View File

@@ -123,6 +123,10 @@ spec:
|spec:
security:
certificateChain:
|The name of a `ConfigMap` resource containing the root certificate used to validate the client certificate(s) presented to this mesh by the peer mesh.
|<peerMesh>-ca-root-cert
kind: ConfigMap
name:
|The kind (for example, ConfigMap) and name of a resource containing the root certificate used to validate the client and server certificate(s) presented to this mesh by the peer mesh.
The key of the config map entry containing the certificate should be `root-cert.pem`.
|kind: ConfigMap
name: <peerMesh>-ca-root-cert
|===

35
modules/ossm-federation-config-smcp.adoc
View File

@@ -34,7 +34,7 @@ spec:
service:
metadata:
labels:
federation.maistra.io/proxy: egress-green-mesh
federation.maistra.io/egress-for: egress-green-mesh
ports:
- port: 15443
name: tls
@@ -48,7 +48,7 @@ spec:
service:
metadata:
labels:
federation.maistra.io/proxy: egress-blue-mesh
federation.maistra.io/egress-for: egress-blue-mesh
ports:
- port: 15443
name: tls
@@ -62,7 +62,7 @@ spec:
type: LoadBalancer
metadata:
labels:
federation.maistra.io/proxy: ingress-green-mesh
federation.maistra.io/ingress-for: ingress-green-mesh
ports:
- port: 15443
name: tls
@@ -75,7 +75,7 @@ spec:
type: LoadBalancer
metadata:
labels:
federation.maistra.io/proxy: ingress-blue-mesh
federation.maistra.io/ingress-for: ingress-blue-mesh
ports:
- port: 15443
name: tls
@@ -140,7 +140,8 @@ To avoid naming conflicts between meshes, you must create separate egress and in
|spec:
gateways:
additionalEgress:
requestedNetworkView:
<egressName>:
requestedNetworkView:
|Networks associated with exported services.
|Set to the value of `spec.cluster.network` in the SMCP for the mesh, otherwise use <ServiceMeshPeer-name>-network. For example, if the `ServiceMeshPeer` resource for that mesh is named `west`, then the network would be named `west-network`.
|
@@ -149,8 +150,8 @@ To avoid naming conflicts between meshes, you must create separate egress and in
gateways:
additionalEgress:
<egressName>:
router mode:
|
routerMode:
|The router mode to be used by the gateway.
|`sni-dnat`
|
@@ -161,7 +162,7 @@ To avoid naming conflicts between meshes, you must create separate egress and in
service:
metadata:
labels:
federation.maistra.io/proxy:
federation.maistra.io/egress-for:
|Specify a unique label for the gateway to prevent federated traffic from flowing through the cluster's default system gateways.
|
|
@@ -196,8 +197,8 @@ To avoid naming conflicts between meshes, you must create separate egress and in
gateways:
additionalIngress:
<ingressName>:
router mode:
|
routerMode:
|The router mode to be used by the gateway.
|`sni-dnat`
|
@@ -218,7 +219,7 @@ To avoid naming conflicts between meshes, you must create separate egress and in
service:
metadata:
labels:
federation.maistra.io/proxy:
federation.maistra.io/ingress-for:
|Specify a unique label for the gateway to prevent federated traffic from flowing through the cluster's default system gateways.
|
|
@@ -304,7 +305,7 @@ Follow this procedure to edit the `ServiceMeshControlPlane` with the {product-ti
. Click the {ProductName} Operator.
. On the *Istio Service Mesh Control Plane* tab, click the name of your `ServiceMeshControlPlane`, for example `red-mesh-install`.
. On the *Istio Service Mesh Control Plane* tab, click the name of your `ServiceMeshControlPlane`, for example `red-mesh`.
. On the *Create ServiceMeshControlPlane Details* page, click `YAML` to modify your configuration.
@@ -333,11 +334,11 @@ $ oc project red-mesh-system
+
. Edit the `ServiceMeshControlPlane` file to add federation ingress and egress gateways and to specify the trust domain.
. Run the following command to edit the control plane where `red-mesh-system` is the system namespace and `red-mesh-install.yaml` includes a full path to the file you edited:
. Run the following command to edit the control plane where `red-mesh-system` is the system namespace and `red-mesh` is the name of the `ServiceMeshControlPlane` object:
+
[source,terminal]
----
$ oc edit -n red-mesh-system -f red-mesh-install.yaml
$ oc edit -n red-mesh-system smcp red-mesh
----
+
. Enter the following command, where `red-mesh-system` is the system namespace, to see the status of the control plane installation.
@@ -347,9 +348,9 @@ $ oc edit -n red-mesh-system -f red-mesh-install.yaml
$ oc get smcp -n red-mesh-system
----
+
The installation has finished successfully when the READY column is true.
The installation has finished successfully when the READY column indicates that all components are ready.
+
----
NAME READY STATUS TEMPLATE VERSION AGE
red-mesh-install 9/9 InstallSuccessful default v2.0 4m25s
NAME READY STATUS PROFILES VERSION AGE
red-mesh 10/10 ComponentsReady ["default"] 2.1.0 4m25s
----

17
modules/ossm-federation-create-export.adoc
View File

@@ -72,12 +72,15 @@ spec:
exportRules:
- type: NameSelector
nameSelector:
name:
namespace: red-mesh-bookinfo
name: red-ratings
namespace: red-mesh-bookinfo
name: ratings
alias:
Namespace: bookinfo
name: ratings
namespace: bookinfo
name: red-ratings
- type: NameSelector
nameSelector:
namespace: red-mesh-bookinfo
name: reviews
----
+
. Run the following command to upload and create the `ExportServiceSet` resource in the red-mesh-system namespace.
@@ -100,14 +103,14 @@ $ oc create -n red-mesh-system -f export-to-green-mesh.yaml
+
[source,terminal]
----
$ oc get exportedserviceset <PeerMeshExportedTo> -o yaml |yaml
$ oc get exportedserviceset <PeerMeshExportedTo> -o yaml
----
+
For example:
+
[source,terminal]
----
$ oc get exportedserviceset green-mesh -o yaml |yaml
$ oc get exportedserviceset green-mesh -o yaml
----
+
. Run the following command to validate the services the red-mesh exports to share with green-mesh:

8
modules/ossm-federation-create-import.adoc
View File

@@ -72,9 +72,9 @@ metadata:
spec:
importRules:
- type: NameSelector
importAsLocal: false
nameSelector:
importAsLocal: false
namespace: red-mesh-bookinfo
namespace: bookinfo
name: red-ratings
alias:
namespace: bookinfo
@@ -101,14 +101,14 @@ $ oc create -n green-mesh-system -f import-from-red-mesh.yaml
+
[source,terminal]
----
$ oc get importedserviceset <PeerMeshImportedInto> -o yaml |yaml
$ oc get importedserviceset <PeerMeshImportedInto> -o yaml
----
+
For example:
+
[source,terminal]
----
$ oc get importedserviceset green-mesh -o yaml |yaml
$ oc get importedserviceset green-mesh -o yaml
----
+
. Run the following command to validate the services imported into a mesh.