Merge pull request #44419 from openshift-cherrypick-robot/cherry-pick-43799-to-enterprise-4.11

[enterprise-4.11] OSSMDOC-461: Validate SCMP components with Kiali.
2026-02-05 21:46:22 +01:00 · 2022-04-08 16:12:02 -04:00
parent 81be6ed7f8 023dcbebb7
commit 7ec4746988
13 changed files with 134 additions and 15 deletions
--- a/images/ossm-grafana-control-plane-dashboard.png
+++ b/images/ossm-grafana-control-plane-dashboard.png
--- a/images/ossm-kiali-overview.png
+++ b/images/ossm-kiali-overview.png
--- a/machine_management/creating-infrastructure-machinesets.adoc
+++ b/machine_management/creating-infrastructure-machinesets.adoc
@@ -18,7 +18,7 @@ For information about infrastructure nodes and which components can run on infra
 [id="creating-infrastructure-machinesets-production"]
 == Creating infrastructure machine sets for production environments

-In a production deployment, it is recommended that you deploy at least three machine sets to hold infrastructure components. Both OpenShift Logging and {ProductName} deploy Elasticsearch, which requires three instances to be installed on different nodes. Each of these nodes can be deployed to different availability zones for high availability. A configuration like this requires three different machine sets, one for each availability zone. In global Azure regions that do not have multiple availability zones, you can use availability sets to ensure high availability.
+In a production deployment, it is recommended that you deploy at least three machine sets to hold infrastructure components. Both OpenShift Logging and {SMProductName} deploy Elasticsearch, which requires three instances to be installed on different nodes. Each of these nodes can be deployed to different availability zones for high availability. A configuration like this requires three different machine sets, one for each availability zone. In global Azure regions that do not have multiple availability zones, you can use availability sets to ensure high availability.

 [id="creating-infrastructure-machinesets-clouds"]
 === Creating machine sets for different clouds
--- a/modules/ossm-control-plane-cli.adoc
+++ b/modules/ossm-control-plane-cli.adoc
@@ -1,8 +1,7 @@
 ////
 This module is included in the following assemblies:
-* service_mesh/v2x/ossm-observability.adoc
+* service_mesh/v2x/ossm-create-smcp.adoc
 ////
-
 :_content-type: PROCEDURE
 [id="ossm-control-plane-deploy-cli_{context}"]
 = Deploying the control plane from the CLI
@@ -65,11 +64,24 @@ spec:
 $ oc create -n istio-system -f <istio_installation.yaml>
 ----
 +
-. Run the following command to verify the control plane installation.
+. To watch the progress of the pod deployment, run the following command:
 +
 [source,terminal]
 ----
-$ oc get smcp -n istio-system
+$ oc get pods -n istio-system -w
 ----
 +
-The installation has finished successfully when the `STATUS` column is `ComponentsReady`.
+You should see output similar to the following:
+
+[source,terminal]
+----
+NAME                                   READY   STATUS    RESTARTS   AGE
+grafana-b4d59bd7-mrgbr                 2/2     Running   0          65m
+istio-egressgateway-678dc97b4c-wrjkp   1/1     Running   0          108s
+istio-ingressgateway-b45c9d54d-4qg6n   1/1     Running   0          108s
+istiod-basic-55d78bbbcd-j5556          1/1     Running   0          108s
+jaeger-67c75bd6dc-jv6k6                2/2     Running   0          65m
+kiali-6476c7656c-x5msp                 1/1     Running   0          43m
+prometheus-58954b8d6b-m5std            2/2     Running   0          66m
+wasm-cacher-basic-8c986c75-vj2cd       1/1     Running   0          65m
+----
--- a/modules/ossm-validate-smcp-cli.adoc
+++ b/modules/ossm-validate-smcp-cli.adoc
@@ -0,0 +1,32 @@
+////
+This module is included in the following assemblies:
+* service_mesh/v2x/ossm-create-smcp.adoc
+////
+:_content-type: PROCEDURE
+[id="ossm-validate-control-plane-cli_{context}"]
+= Validating your SMCP installation with the CLI
+You can validate the creation of the `ServiceMeshControlPlane` from the command line.
+
+.Procedure
+
+. Log in to the {product-title} CLI as a user with the `cluster-admin` role. If you use Red Hat OpenShift Dedicated, you must have an account with the `dedicated-admin` role.
+
+[source,terminal]
+----
+$ oc login https://<HOSTNAME>:6443
+----
+
+. Run the following command to verify the control plane installation, where `istio-system` is the namespace where you installed the service mesh control plane.
+
+[source,terminal]
+----
+$ oc get smcp -n istio-system
+----
+
+The installation has finished successfully when the `STATUS` column is `ComponentsReady`.
+
+[source,terminal]
+----
+NAME    READY   STATUS            PROFILES      VERSION   AGE
+basic   10/10   ComponentsReady   ["default"]   2.1.1     66m
+----
--- a/modules/ossm-validate-smcp-kiali.adoc
+++ b/modules/ossm-validate-smcp-kiali.adoc
@@ -0,0 +1,68 @@
+////
+This module is included in the following assemblies:
+* service_mesh/v2x/ossm-create-smcp.adoc
+////
+:_content-type: PROCEDURE
+[id="ossm-validate-control-plane-kiali_{context}"]
+= Validating your SMCP installation with Kiali
+
+You can use the Kiali console to validate your {SMProductShortName} installation. The Kiali console offers several ways to validate your {SMProductShortName} components are deployed and configured properly.
+
+.Procedure
+
+. Log in to the {product-title} web console as a user with cluster-admin rights. If you use {product-dedicated}, you must have an account with the `dedicated-admin` role.
+
+. Navigate to *Networking* -> *Routes*.
+
+. On the *Routes* page, select the control plane project, for example `istio-system`, from the *Namespace* menu.
+
+The *Location* column displays the linked address for each route.
+
+. If necessary, use the filter to find the route for the Kiali console. Click the route *Location* to launch the console.
+
+. Click *Log In With OpenShift*.
+
+When you first log in to the Kiali Console, you see the *Overview* page which displays all the namespaces in your service mesh that you have permission to view. When there are multiple namespaces shown on the *Overview* page, Kiali shows namespaces with health or validation problems first.
+
+.Kiali Overview page
+image::ossm-kiali-overview.png[Kiali Overview page showing istio-system]
+
+The tile for each namespace displays the number of labels, the *Istio Config* health, the number of and *Applications* health, and *Traffic* for the namespace. If you are validating the console installation and namespaces have not yet been added to the mesh, there might not be any data to display other than `istio-system`.
+
+. Kiali has four dashboards specifically for the namespace where the service mesh control plane is installed.  To view these dashboards, click the *Options* menu {kebab} on the tile for the control plane namespace, for example, `istio-system`, and select one of the following options:
+
+** *Istio Mesh Dashboard*
+** *Istio Control Plane Dashboard*
+** *Istio Performance Dashboard*
+** *Istio Wasm Exetension Dashboard*
+
+.Grafana Istio Control Plane Dashboard
+image::ossm-grafana-control-plane-dashboard.png[Istio Control Plane Dashboard showing data for bookinfo sample project]
+
+Kiali also installs two additional Grafana dashboards, available from the Grafana *Home* page:
+** *Istio Workload Dashboard*
+** *Istio Service Dashboard*
+
+. To view the service mesh control plane nodes, click the *Graph* page, select the *Namespace* where you installed the `ServiceMeshControlPlane` from the menu, for example `istio-system`.
+
+.. If necessary, click *Display idle nodes*.
+
+.. To learn more about the *Graph* page, click the *Graph tour* link.
+
+.. To view the mesh topology, select one or more additional namespaces from the Service Mesh Member Roll from the *Namespace* menu.
+
+. To view the list of applications in the `istio-system` namespace, click the *Applications* page. Kiali displays the health of the applications.
+
+.. Hover your mouse over the information icon to view any additional information noted in the *Details* column.
+
+. To view the list of workloads in the `istio-system` namespace, click the *Workloads* page. Kiali displays the health of the workloads.
+
+.. Hover your mouse over the information icon to view any additional information noted in the *Details* column.
+
+. To view the list of services in the `istio-system` namespace, click the *Services* page. Kiali displays the health of the services and of the configurations.
+
+.. Hover your mouse over the information icon to view any additional information noted in the *Details* column.
+
+. To view a list of the Istio Configuration objects in the `istio-system` namespace, click the *Istio Config* page. Kiali displays the health of the configuration.
+
+.. If there are configuration errors, click the row and Kiali opens the configuration file with the error highlighted.
--- a/modules/serverless-ossm-enabling-serving-metrics.adoc
+++ b/modules/serverless-ossm-enabling-serving-metrics.adoc
@@ -11,7 +11,7 @@ If Service Mesh is enabled with mTLS, metrics for Knative Serving are disabled b
 .Prerequisites

 * You have installed the {ServerlessOperatorName} and Knative Serving on your cluster.
-* You have installed {ProductName} with the mTLS functionality enabled.
+* You have installed {SMProductName} with the mTLS functionality enabled.

 ifdef::openshift-enterprise[]
 * You have access to an {product-title} account with cluster administrator access.
--- a/modules/serverless-ossm-setup-with-kourier.adoc
+++ b/modules/serverless-ossm-setup-with-kourier.adoc
@@ -19,7 +19,7 @@ endif::[]
 * Install the OpenShift CLI (`oc`).
 * You have created a project or have access to a project with the appropriate roles and permissions to create applications and other workloads in {product-title}.
 * You have installed the {ServerlessOperatorName} and Knative Serving on your cluster.
-* You have installed {ProductName}. {ServerlessProductName} with {ProductShortName} and Kourier is supported for use with both {ProductName} versions 1.x and 2.x.
+* You have installed {SMProductName}. {ServerlessProductName} with {SMProductShortName} and Kourier is supported for use with both {SMProductName} versions 1.x and 2.x.

 .Procedure

--- a/modules/serverless-ossm-setup.adoc
+++ b/modules/serverless-ossm-setup.adoc
@@ -10,7 +10,7 @@ You can integrate {ProductShortName} with {ServerlessProductName} without using

 .Prerequisites

-* You have installed {ProductName}. {ServerlessProductName} with {ProductShortName} only is supported for use with {ProductName} version 2.0.5 or higher.
+* You have installed {SMProductName}. {ServerlessProductName} with {SMProductShortName} only is supported for use with {SMProductName} version 2.0.5 or higher.

 ifdef::openshift-enterprise[]
 * You have access to an {product-title} account with cluster administrator access.
--- a/post_installation_configuration/cluster-tasks.adoc
+++ b/post_installation_configuration/cluster-tasks.adoc
@@ -508,7 +508,7 @@ include::modules/nodes-scheduler-node-selectors-cluster.adoc[leveloffset=+2]

 You can create a machine set to create machines that host only infrastructure components, such as the default router, the integrated container image registry, and components for cluster metrics and monitoring. These infrastructure machines are not counted toward the total number of subscriptions that are required to run the environment.

-In a production deployment, it is recommended that you deploy at least three machine sets to hold infrastructure components. Both OpenShift Logging and {ProductName} deploy Elasticsearch, which requires three instances to be installed on different nodes. Each of these nodes can be deployed to different availability zones for high availability. A configuration like this requires three different machine sets, one for each availability zone. In global Azure regions that do not have multiple availability zones, you can use availability sets to ensure high availability.
+In a production deployment, it is recommended that you deploy at least three machine sets to hold infrastructure components. Both OpenShift Logging and {SMProductName} deploy Elasticsearch, which requires three instances to be installed on different nodes. Each of these nodes can be deployed to different availability zones for high availability. A configuration like this requires three different machine sets, one for each availability zone. In global Azure regions that do not have multiple availability zones, you can use availability sets to ensure high availability.

 For information on infrastructure nodes and which components can run on infrastructure nodes, see xref:../machine_management/creating-infrastructure-machinesets.adoc#creating-infrastructure-machinesets[Creating infrastructure machine sets].

--- a/post_installation_configuration/network-configuration.adoc
+++ b/post_installation_configuration/network-configuration.adoc
@@ -86,7 +86,7 @@ include::modules/ossm-installation-activities.adoc[leveloffset=+2]

 .Next steps

-* xref:../service_mesh/v2x/installing-ossm.adoc#installing-ossm[Install {ProductName}] in your {product-title} environment.
+* xref:../service_mesh/v2x/installing-ossm.adoc#installing-ossm[Install {SMProductName}] in your {product-title} environment.

 [id="post-installationrouting-optimization"]
 == Optimizing routing
--- a/serverless/admin_guide/serverless-ossm-setup.adoc
+++ b/serverless/admin_guide/serverless-ossm-setup.adoc
@@ -12,7 +12,7 @@ The {ServerlessOperatorName} provides Kourier as the default ingress for Knative

 [IMPORTANT]
 ====
-{ServerlessProductName} only supports the use of {ProductName} functionality that is explicitly documented in this guide, and does not support other undocumented features.
+{ServerlessProductName} only supports the use of {SMProductName} functionality that is explicitly documented in this guide, and does not support other undocumented features.
 ====

 // without kourier
--- a/service_mesh/v2x/ossm-create-smcp.adoc
+++ b/service_mesh/v2x/ossm-create-smcp.adoc
@@ -10,19 +10,26 @@ You can deploy a basic installation of the `ServiceMeshControlPlane` by using ei

 [NOTE]
 ====
-The {SMProductShortName} documentation uses `istio-system` as the example project, but you can deploy the service mesh to any project.
+This basic installation is configured based on the default OpenShift settings and is not designed for production use.  Use this default installation to verify your installation, and then configure your `ServiceMeshControlPlane` for your environment.
 ====

 [NOTE]
 ====
-This basic installation is configured based on the default OpenShift settings and is not designed for production use.  Use this default installation to verify your installation, and then configure your `ServiceMeshControlPlane` for your environment.
+The {SMProductShortName} documentation uses `istio-system` as the example project, but you can deploy the service mesh to any project.
 ====

 include::modules/ossm-control-plane-web.adoc[leveloffset=+1]

 include::modules/ossm-control-plane-cli.adoc[leveloffset=+1]

-{SMProductName} supports multiple independent control planes within the cluster.  You can create reusable configurations with `ServiceMeshControlPlane` profiles. For more information, see xref:../../service_mesh/v2x/ossm-profiles-users.adoc#ossm-control-plane-profiles_ossm-profiles-users[Creating control plane profiles].
+include::modules/ossm-validate-smcp-cli.adoc[leveloffset=+1]
+
+include::modules/ossm-validate-smcp-kiali.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+== Additional resources
+
+{SMProductName} supports multiple independent control planes within the cluster. You can create reusable configurations with `ServiceMeshControlPlane` profiles. For more information, see xref:../../service_mesh/v2x/ossm-profiles-users.adoc#ossm-control-plane-profiles_ossm-profiles-users[Creating control plane profiles].

 == Next steps