ossmdoc-301 changes

_topic_map.yml

@@ -2524,16 +2524,22 @@ Topics:
     File: ossm-vs-community
   - Name: Preparing to install Service Mesh
     File: preparing-ossm-installation
-  - Name: Installing Service Mesh
+  - Name: Installing the Operators
     File: installing-ossm
-  - Name: Upgrading from 1.1 to 2.0
-    File: upgrading-ossm
+  - Name: Creating the ServiceMeshControlPlane
+    File: ossm-create-smcp
+  - Name: Adding workloads to a service mesh
+    File: ossm-create-mesh
+  - Name: Enabling sidecar injection
+    File: prepare-to-deploy-applications-ossm
   - Name: Customizing the installation
     File: customizing-installation-ossm
+  - Name: Upgrading from 1.1 to 2.0
+    File: upgrading-ossm
+  - Name: Managing users and profiles
+    File: ossm-profiles-users
   - Name: Performance and scalability
     File: ossm-performance-scalability
-  - Name: Deploying applications on Service Mesh
-    File: prepare-to-deploy-applications-ossm
   - Name: Data visualization and observability
     File: ossm-observability
   - Name: Security

modules/ossm-auto-route.adoc

@@ -49,11 +49,11 @@ spec:
     - bookinfo.example.com
 ----
 
-Then, the following OpenShift Routes are created automatically. You can check that the routes are created with the following command.
+Then, the following OpenShift Routes are created automatically. You can check that the routes are created with the following command. In this example, `istio-system` is the name of the control plane project.
 
 [source,terminal]
 ----
-$ oc -n <control_plane_namespace> get routes
+$ oc -n istio-system get routes
 ----
 
 .Expected output

modules/ossm-automatic-sidecar-injection.adoc

@@ -6,20 +6,24 @@
 [id="ossm-automatic-sidecar-injection_{context}"]
 = Enabling automatic sidecar injection
 
-When deploying an application into the {ProductName} you must opt in to injection by specifying the `sidecar.istio.io/inject` annotation with a value of `"true"`. Opting in ensures that the sidecar injection does not interfere with other OpenShift features such as builder pods used by numerous frameworks within the OpenShift ecosystem.
+When deploying an application, you must opt-in to injection by setting the `sidecar.istio.io/inject` annotation to `"true"`. Opting in ensures that the sidecar injection does not interfere with other OpenShift features such as builder pods used by numerous frameworks within the OpenShift ecosystem.
 
 .Prerequisites
 
 * Identify the deployments for which you want to enable automatic sidecar injection.
-* Locate the application's YAML configuration file.
 
 .Procedure
 
-. Open the application's configuration YAML file in an editor.
-
-. Add `sidecar.istio.io/inject` to the configuration YAML with a value of `"true"` as illustrated here:
+. Open the application's deployment configuration YAML file in an editor. To find a deployment use the `oc get` command. For example, for an app called `sleep` in the `sleep` namespace, use the following command to see the resource in YAML format.
 +
-.Sleep test application example
+[source,yaml]
+----
+oc get deployment sleep -o yaml
+----
+
+. Add `sidecar.istio.io/inject` to the configuration YAML with a value of `"true"` in the `spec.template.metadata.annotations.sidecar.istio/inject` field. See the following example for an app called `sleep`.
++
+.Sleep test application example sleep.yaml
 [source,yaml]
 ----
 apiVersion: apps/v1
@@ -42,9 +46,23 @@ spec:
     spec:
       containers:
       - name: sleep
-        image: tutum/curl
-        command: ["/bin/sleep","infinity"]
+        image: curlimages/curl
+        command: ["/bin/sleep","3650d"]
         imagePullPolicy: IfNotPresent
 ----
 
 . Save the configuration file.
+
+. Add the file back to the project that contains your app. In this example,  `sleep` is the name of the project that contains the `sleep` app and `sleep.yaml` is the file you edited.
++
+[source,yaml]
+----
+$ oc apply -n sleep -f sleep.yaml
+----
+
+. To verify that the resource uploaded successfully, run the following command.
++
+[source,yaml]
+----
+oc get deployment sleep -o yaml
+----

modules/ossm-config-network-policy.adoc

@@ -8,8 +8,8 @@ This CONCEPT module included in the following assemblies:
 
 == Setting the correct network policy
 
-{ProductShortName} creates network policies in the control plane and member namespaces to allow traffic between them. Before you deploy, consider the following conditions to ensure the services in your mesh that were previously exposed through an {product-title} route.
+{ProductShortName} creates network policies in the control plane and member namespaces to allow traffic between them. Before you deploy, consider the following conditions to ensure the services in your service mesh that were previously exposed through an {product-title} route.
 
-* Traffic into the mesh must always go through the ingress-gateway for Istio to work properly.
-* Deploy services external to the mesh in separate namespaces that are not in any mesh.
+* Traffic into the service mesh must always go through the ingress-gateway for Istio to work properly.
+* Deploy services external to the service mesh in separate namespaces that are not in any service mesh.
 * Non-mesh services that need to be deployed within a service mesh enlisted namespace should label their deployments `maistra.io/expose-route: "true"`, which ensures {product-title} routes to these services still work.

modules/ossm-control-plane-cli.adoc

@@ -0,0 +1,73 @@
+// Module included in the following assemblies:
+//
+// * service_mesh/v2x/installing-ossm.adoc
+
+[id="ossm-control-plane-deploy-cli_{context}"]
+= Deploying the control plane from the CLI
+
+Follow this procedure to deploy a basic `ServiceMeshControlPlane` from the command line.
+
+.Prerequisites
+
+* The {ProductName} Operator must be installed.
+* Access to the OpenShift CLI (`oc`).
+
+.Procedure
+
+. Log in to the {product-title} CLI as a user with the `cluster-admin` role.
++
+[source,terminal]
+----
+$ oc login https://{HOSTNAME}:6443
+----
++
+. Create a project named `istio-system`.
++
+[source,terminal]
+----
+$ oc new-project istio-system
+----
++
+. Create a `ServiceMeshControlPlane` file named `istio-installation.yaml` using the following example. The version of the control plane determines the features available regardless of the version of the Operator.
++
+.Example version 2.0 istio-installation.yaml
+[source,yaml]
+----
+apiVersion: maistra.io/v2
+kind: ServiceMeshControlPlane
+metadata:
+  name: basic
+  namespace: istio-system
+spec:
+  version: v2.0
+  tracing:
+    type: Jaeger
+    sampling: 10000
+  addons:
+    jaeger:
+      name: jaeger
+      install:
+        storage:
+          type: Memory
+    kiali:
+      enabled: true
+      name: kiali
+    grafana:
+      enabled: true
+----
++
+. Run the following command to deploy the control plane, where `<istio_installation.yaml>` includes the full path to your file.
++
+[source,terminal]
+----
+$ oc create -n istio-system -f <istio_installation.yaml>
+----
++
+. Run the following command to verify the control plane installation.
++
+[source,terminal]
+----
+$ oc get smcp -n istio-system
+----
++
+The installation has finished successfully when the `STATUS` column is `ComponentsReady`.

modules/ossm-control-plane-deploy.adoc

@@ -1,142 +1,11 @@
 // Module included in the following assemblies:
-//
 // * service_mesh/v2x/installing-ossm.adoc
 
 [id="ossm-control-plane-deploy_{context}"]
-= Deploying the {ProductName} control plane
-
-////
-TODO - Flesh out how multitenancy affects this, link to control plate template topic.
-////
+= Creating the {ProductName} control plane
 
 The `ServiceMeshControlPlane` resource defines the configuration to be used during installation.
 
 You can deploy a basic installation of the {ProductShortName} control plane by using the {product-title} web console or from the command line using the `oc` client tool.
 
-To get started, deploy the basic installation with the following steps. You can customize the `ServiceMeshControlPlane` resource later.
-
-[NOTE]
-====
-The control plane should be installed in a separate namespace from the data plane. The `istio-system` namespace is used as an example throughout the {ProductShortName} documentation, but you can deploy your control plane in any namespace as long as it is separate from your applications.
-====
-
-[id="ossm-control-plane-deploy-operatorhub_{context}"]
-== Deploying the control plane from the web console
-
-Follow this procedure to deploy a basic {ProductName} control plane by using the web console.
-
-.Prerequisites
-
-* The {ProductName} Operator must be installed.
-* Review the instructions for how to customize the {ProductName} installation.
-* An account with the `cluster-admin` role.
-
-.Procedure
-
-. Log in to the {product-title} web console as a user with the `cluster-admin` role.
-
-. Create a project named `istio-system`.
-
-.. Navigate to *Home* -> *Projects*.
-
-.. Click *Create Project*.
-
-.. Enter `istio-system` in the *Name* field.
-
-.. Click *Create*.
-
-. Navigate to *Operators* -> *Installed Operators*.
-
-. In the Project menu, select `istio-system`. You may have to wait a few moments for the Operators to be copied to the new project.
-
-. Click the {ProductName} Operator, then click *Istio Service Mesh Control Plane*.
-
-. On the *Istio Service Mesh Control Plane* page, click *Create ServiceMeshControlPlane*.
-
-. On the *Create ServiceMeshControlPlane* page, you can modify the default `ServiceMeshControlPlane` template with the form, or select the YAML view to customize your installation.
-
-. Click *Create* to create the control plane. The Operator creates pods, services, and {ProductShortName} control plane components based on your configuration parameters.
-
-. Click the *Istio Service Mesh Control Plane* tab.
-
-. Click the name of the new control plane.
-
-. Click the *Resources* tab to see the {ProductName} control plane resources the Operator created and configured.
-
-
-[id="ossm-control-plane-deploy-cli_{context}"]
-== Deploying the control plane from the CLI
-
-Follow this procedure to deploy a basic {ProductName} control plane the command line.
-
-.Prerequisites
-
-* The {ProductName} Operator must be installed.
-* Review the instructions for how to customize the {ProductName} installation.
-* An account with the `cluster-admin` role.
-* Access to the OpenShift CLI (`oc`).
-
-.Procedure
-
-. Log in to the {product-title} CLI as a user with the `cluster-admin` role.
-+
-[source,terminal]
-----
-$ oc login https://{HOSTNAME}:6443
-----
-+
-. Create a project named `istio-system`.
-+
-[source,terminal]
-----
-$ oc new-project istio-system
-----
-+
-. Create a `ServiceMeshControlPlane` file named `istio-installation.yaml` using the following example in "Customize the {ProductName} installation". For production deployments you _must_ customize the default link:https://github.com/maistra/istio-operator/blob/maistra-2.0/deploy/examples/maistra_v2_servicemeshcontrolplane_cr_auth.yaml[template].
-+
-.Example version 2.0 istio-installation.yaml
-[source,yaml]
-----
-apiVersion: maistra.io/v2
-kind: ServiceMeshControlPlane
-metadata:
-  name: basic
-  namespace: istio-system
-spec:
-  version: v2.0
-  tracing:
-    type: Jaeger
-    sampling: 10000
-  addons:
-    jaeger:
-      name: jaeger
-      install:
-        storage:
-          type: Memory
-    kiali:
-      enabled: true
-      name: kiali
-    grafana:
-      enabled: true
-----
-+
-. Run the following command to deploy the control plane, where `<istio_installation.yaml>` includes the full path to your file.
-+
-[source,terminal]
-----
-$ oc create -n istio-system -f <istio_installation.yaml>
-----
-+
-. Execute the following command to see the status of the control plane installation.
-+
-[source,terminal]
-----
-$ oc get smcp -n istio-system
-----
-+
-The installation has finished successfully when the `STATUS` column is `ComponentsReady`.
-+
-----
-NAME            READY   STATUS            PROFILES      VERSION   AGE     IMAGE REGISTRY
-basic   9/9     ComponentsReady   ["default"]   2.0.0     3m31s
-----
+To get started, install a basic instance of {ProductShortName} with the following steps. You can customize the `ServiceMeshControlPlane` resource later.

modules/ossm-control-plane-profiles.adoc

@@ -5,14 +5,14 @@
 [id="ossm-control-plane-profiles_{context}"]
 = Creating control plane profiles
 
-You can create reusable configurations with `ServiceMeshControlPlane` profiles. Individual users can extend the profiles they create with their own configurations. Profiles can also inherit configuration information from other profiles. For example, you can create an accounting control plane for the accounting team and a marketing control plane for the marketing team. If you create a development template and a production template, members of the marketing team and the accounting team can extend the development and production profiles with team specific customization.
+You can create reusable configurations with `ServiceMeshControlPlane` profiles. Individual users can extend the profiles they create with their own configurations. Profiles can also inherit configuration information from other profiles. For example, you can create an accounting control plane for the accounting team and a marketing control plane for the marketing team. If you create a development template and a production template, members of the marketing team and the accounting team can extend the development and production profiles with team-specific customization.
 
 When you configure control plane profiles, which follow the same syntax as the `ServiceMeshControlPlane`, users inherit settings in a hierarchical fashion. The Operator is delivered with a `default` profile with default settings for {ProductName}. 
 
 [id="ossm-create-configmap_{context}"]
 == Creating the ConfigMap
 
-To add custom profiles you must create a ConfigMap named `smcp-templates` in the `openshift-operators` project and mount the ConfigMap in the Operator container at `/usr/local/share/istio-operator/templates`.
+To add custom profiles, you must first create a ConfigMap named `smcp-templates` in the `openshift-operators` project and then mount the ConfigMap in the Operator container at: `/usr/local/share/istio-operator/templates`.
 
 .Prerequisites
 
@@ -80,7 +80,7 @@ deployments:
   apiVersion: maistra.io/v2
   kind: ServiceMeshControlPlane
   metadata:
-    name: minimal-install
+    name: basic
   spec:
     profiles:
     - default

modules/ossm-control-plane-web.adoc

@@ -0,0 +1,47 @@
+// Module included in the following assemblies:
+//
+// * service_mesh/v2x/installing-ossm.adoc
+
+[id="ossm-control-plane-deploy-operatorhub_{context}"]
+= Deploying the control plane from the web console
+
+Follow this procedure to deploy a basic `ServiceMeshControlPlane` by using the web console.
+
+.Prerequisites
+
+* The {ProductName} Operator must be installed.
+* An account with the `cluster-admin` role.
+
+.Procedure
+
+. Log in to the {product-title} web console as a user with the `cluster-admin` role.
+
+. Create a project named `istio-system`.
++
+.. Navigate to *Home* -> *Projects*.
++
+.. Click *Create Project*.
++
+.. In the *Name* field, enter `istio-system`. The `ServiceMeshControlPlane` resource must be installed in a project that is separate from your microservices and Operators.
++
+These steps use `istio-system` as an example, but you can deploy your control plane in any project as long as it is separate from the project that contains your services.
++
+.. Click *Create*.
+
+. Navigate to *Operators* -> *Installed Operators*.
+
+. Click the {ProductName} Operator, then click *Istio Service Mesh Control Plane*.
+
+. On the *Istio Service Mesh Control Plane* tab, click *Create ServiceMeshControlPlane*.
+
+. On the *Create ServiceMeshControlPlane* page, accept the default control plane version to take advantage of the features available in the most current version of the product. The version of the control plane determines the features available regardless of the version of the Operator.
++
+You can configure `ServiceMeshControlPlane` settings later. For more information, see Configuring {ProductName}.
++
+.. Click *Create*. The Operator creates pods, services, and {ProductShortName} control plane components based on your configuration parameters.
+
+. To verify the control plane installed correctly, click the *Istio Service Mesh Control Plane* tab.
++
+.. Click the name of the new control plane.
++
+.. Click the *Resources* tab to see the {ProductName} control plane resources the Operator created and configured.

modules/ossm-cr-example.adoc

@@ -176,7 +176,7 @@ The following table lists the parameters for the `ServiceMeshControlPlane` resou
 |For more information, see Table 3.
 |===
 
-The following table lists the specifications for the `ServiceMeshControlPlane` resource. These parameters configure {ProductName} for your microservices and apps.
+The following table lists the specifications for the `ServiceMeshControlPlane` resource. These parameters configure {ProductName} for your microservices and applications.
 
 .`ServiceMeshControlPlane` resource spec
 |===

modules/ossm-install-ossm-operator.adoc

@@ -4,36 +4,31 @@
 // - service_mesh/v2x/installing-ossm.adoc
 
 [id="ossm-install-ossm-operator_{context}"]
-= Installing the {ProductName} Operator
+= Installing the Operators
 
-.Prerequisites
+To install {ProductName}, install following Operators in this order. Repeat the procedure for each Operator.
 
-* Access to the {product-title} web console.
-* The OpenShift Elasticsearch Operator must be installed.
-* The Jaeger Operator must be installed.
-* The Kiali Operator must be installed.
+1. (Optional) OpenShift Elasticsearch
+2. Jaeger
+3. Kiali
+4. {ProductName}
 
 .Procedure
 
-. Log in to the {product-title} web console.
+. Log in to the {product-title} web console as a user with the `cluster-admin` role.
 
-. Navigate to *Operators* -> *OperatorHub*.
+. In the {product-title} web console, click *Operators* -> *OperatorHub*.
 
-. Type *{ProductName}* into the filter box to find the {ProductName} Operator.
-
-. Click the {ProductName} Operator to display information about the Operator.
+. Type the name of the Operator into the filter box and select the Red Hat version of the Operator. Community versions of the Operators are not supported.
 
 . Click *Install*.
 
-. On the *Operator Installation* page, select the *stable* Update Channel.
-
-. In the *Installation Mode* section, select *All namespaces on the cluster (default)*. This installs the Operator in the default `openshift-operators` project and makes the Operator available to all projects in the cluster.
-
-. Select the *Automatic* Approval Strategy.
+. On the *Install Operator* page, select installation options.
+.. For the OpenShift Elasticsearch Operator, in the *Update Channel* section, select *4.6*. 
+.. For the Jaeger, Kiali, and {ProductName} Operators, accept the defaults.
 +
-[NOTE]
-====
-The Manual approval strategy requires a user with appropriate credentials to approve the Operator install and subscription process.
-====
+The Jaeger, Kiali and {ProductName} are installed in the `openshift-operators` namespace. The OpenShift Elasticsearch Operator is installed in the `openshift-operators-redhat` namespace.
 
-. Click *Install*.
+. Click *Install*. Wait until the Operator has installed before repeating the steps for the next Operator in the list.
+
+. After all you have installed all four Operators, click *Operators* -> *Installed Operators* to verify that your Operators installed.

modules/ossm-installation-activities.adoc

@@ -5,14 +5,11 @@
 // * post_installation_configuration/network-configuration.adoc
 
 [id="ossm-installation-activities_{context}"]
-= {ProductName} installation activities
+= Operator overview
 
-To install the {ProductName} Operator, you must first install these Operators:
+{ProductName} requires the following four Operators:
 
-* *Elasticsearch* - Based on the open source link:https://www.elastic.co/[Elasticsearch] project that enables you to configure and manage an Elasticsearch cluster for tracing and logging with Jaeger.
-* *Jaeger* - based on the open source link:https://www.jaegertracing.io/[Jaeger] project, lets you perform tracing to monitor and troubleshoot transactions in complex distributed systems.
-* *Kiali* - based on the open source link:https://www.kiali.io/[Kiali] project, provides observability for your service mesh. By using Kiali you can view configurations, monitor traffic, and view and analyze traces in a single console.
-
-After you install the OpenShift Elasticsearch, Jaeger, and Kiali Operators, then you install the {ProductName} Operator. The {ProductShortName} Operator defines and monitors the `ServiceMeshControlPlane` resources that manage the deployment, updating, and deletion of the {ProductShortName} components.
-
-* *{ProductName}* - based on the open source link:https://istio.io/[Istio] project, lets you connect, secure, control, and observe the microservices that make up your applications.
+* *OpenShift Elasticsearch* - (Optional) Provides database storage for tracing and logging with Jaeger. It is based on the open source link:https://www.elastic.co/[Elasticsearch] project.
+* *Jaeger* - Provides tracing to monitor and troubleshoot transactions in complex distributed systems. It is based on the open source link:https://www.jaegertracing.io/[Jaeger] project. 
+* *Kiali* - Provides observability for your service mesh. Allows you to view configurations, monitor traffic, and analyze traces in a single console. It is based on the open source link:https://www.kiali.io/[Kiali] project. 
+* *{ProductName}* - Allows you to connect, secure, control, and observe the microservices that comprise your applications. The {ProductShortName} Operator defines and monitors the `ServiceMeshControlPlane` resources that manage the deployment, updating, and deletion of the {ProductShortName} components. It is based on the open source link:https://istio.io/[Istio] project.

modules/ossm-member-roll-create.adoc

@@ -6,29 +6,24 @@
 [id="ossm-member-roll-create_{context}"]
 = Creating the {ProductName} member roll
 
-The `ServiceMeshMemberRoll` lists the projects belonging to the control plane. Only projects listed in the `ServiceMeshMemberRoll` are affected by the control plane. A project does not belong to a service mesh until you add it to the member roll for a particular control plane deployment.
+The `ServiceMeshMemberRoll` lists the projects that belong to the control plane. Only projects listed in the `ServiceMeshMemberRoll` are affected by the control plane. A project does not belong to a service mesh until you add it to the member roll for a particular control plane deployment.
 
-You must create a `ServiceMeshMemberRoll` resource named `default` in the same project as the `ServiceMeshControlPlane`.
-
-
-[NOTE]
-====
-The member projects are only updated if the {ProductShortName} control plane installation succeeds.
-====
+You must create a `ServiceMeshMemberRoll` resource named `default` in the same project as the `ServiceMeshControlPlane`, for example `istio-system`.
 
 [id="ossm-member-roll-create-console_{context}"]
 == Creating the member roll from the web console
 
-Follow this procedure to add one or more projects to the {ProductShortName} member roll by using the web console.
+Follow this procedure to add one or more projects to the {ProductShortName} member roll from the web console.
 
 .Prerequisites
 * An installed, verified {ProductName} Operator.
-* Location of the installed `ServiceMeshControlPlane`.
 * List of existing projects to add to the service mesh.
 
 .Procedure
 
-. If you do not already have projects for your mesh, or you are starting from scratch, create a project. It must be different from `istio-system`.
+. Log in to the {product-title} web console.
+
+. If you do not already have services for your mesh, or you are starting from scratch, create a project. It must be different from `istio-system`.
 
 .. Navigate to *Home* -> *Projects*.
 
@@ -36,28 +31,19 @@ Follow this procedure to add one or more projects to the {ProductShortName} memb
 
 .. Click *Create*.
 
-. Log in to the {product-title} web console.
-
 . Navigate to *Operators* -> *Installed Operators*.
 
 . Click the *Project* menu and choose the project where your `ServiceMeshControlPlane` is deployed from the list, for example `istio-system`.
 
 . Click the {ProductName} Operator.
 
-. Click the *All Instances* tab.
+. Click the *Istio Service Mesh Member Roll* tab.
 
-. Click *Create New*, and then select *Create Istio Service Mesh Member Roll*.
+. Click *Create ServiceMeshMemberRoll*
 
-+
-[NOTE]
-====
-It can take a short time for the Operator to finish copying the resources, therefore you may need to refresh the screen to see the *Create Istio Service Mesh Member Roll* button.
-====
-
-. On the *Create Service Mesh Member Roll* page, modify the YAML to add your projects as members.  You can add any number of projects, but a project can only belong to *one* `ServiceMeshMemberRoll` resource.
-
-. Click *Create* to save the Service Mesh Member Roll.
+. Click *Members*, then enter the name of your project in the *Value* field. You can add any number of projects, but a project can only belong to *one* `ServiceMeshMemberRoll` resource.
 
+. Click *Create*.
 
 [id="ossm-member-roll-create-cli_{context}"]
 == Creating the member roll from the CLI
@@ -67,7 +53,6 @@ Follow this procedure to add a project to the `ServiceMeshMemberRoll` from the c
 .Prerequisites
 
 * An installed, verified {ProductName} Operator.
-* Location of the installed `ServiceMeshControlPlane`.
 * List of projects to add to the service mesh.
 * Access to the OpenShift CLI (`oc`).
 
@@ -77,18 +62,19 @@ Follow this procedure to add a project to the `ServiceMeshMemberRoll` from the c
 +
 [source,terminal]
 ----
-$ oc login
+$ oc login https://{HOSTNAME}:6443
 ----
-+
-. Create a `ServiceMeshMemberRoll` resource in the same project as the `ServiceMeshControlPlane` resource, in our example that is `istio-system`. The resource must be named `default`.
+
+. If you do not already have services for your mesh, or you are starting from scratch, create a project. It must be different from `istio-system`.
 +
 [source,terminal]
 ----
-$ oc create -n istio-system -f servicemeshmemberroll-default.yaml
+$ oc new-project {your-project}
 ----
+
+. To add your projects as members, modify the following example YAML. You can add any number of projects, but a project can only belong to *one* `ServiceMeshMemberRoll` resource.
 +
 .Example servicemeshmemberroll-default.yaml
-
 [source,yaml]
 ----
 apiVersion: maistra.io/v1
@@ -102,55 +88,19 @@ spec:
     - your-project-name
     - another-project-name
 ----
+
+. Run the following command to upload and create the `ServiceMeshMemberRoll` resource in the `istio-system` namespace.
 +
-. Modify the default YAML to add your projects as `members`.  You can add any number of projects, but a project can only belong to *one* `ServiceMeshMemberRoll` resource.
-
-[id="ossm-member-roll-create-member_{context}"]
-== Creating the {ProductName} members
-
-`ServiceMeshMember` resources can be created by service mesh users who don't have privileges to add members to the `ServiceMeshMemberRoll` directly. While project administrators are automatically given permission to create the `ServiceMeshMember` resource in their project, they cannot point it to any `ServiceMeshControlPlane` until the service mesh administrator explicitly grants access to the service mesh. Administrators can grant users permissions to access the mesh by granting them the `mesh-user` user role, for example:
-
+[source,terminal]
 ----
-$ oc policy add-role-to-user -n <control_plane_namespace> --role-namespace <control_plane_namespace> mesh-user <user_name>.
+$ oc create -n istio-system -f servicemeshmemberroll-default.yaml
 ----
 
-Administrators can modify the `mesh user` role binding in the control plane project to specify the users and groups that are granted access. The `ServiceMeshMember` adds the project to the `ServiceMeshMemberRoll` within the control plane project that it references.
-
-[source,yaml]
+. Run the following command to verify the `ServiceMeshMemberRoll` was created successfully.
++
+[source,terminal]
 ----
-apiVersion: maistra.io/v1
-kind: ServiceMeshMember
-metadata:
-  name: default
-spec:
-  controlPlaneRef:
-    namespace: <control_plane_namespace>
-    name: minimal-install
-----
-
-The mesh-users role binding is created automatically after the administrator creates the `ServiceMeshControlPlane` resource. An administrator can use the following command to add a role to a user.
-
-----
-$ oc policy add-role-to-user
-----
-
-The administrator can also create the `mesh-user` role binding before the administrator creates the `ServiceMeshControlPlane` resource. For example, the administrator can create it in the same `oc apply` operation as the `ServiceMeshControlPlane` resource.
-
-This example adds a role binding for `alice`:
-
-[source,yaml]
-----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  namespace: <control_plane_namespace>
-  name: mesh-users
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: mesh-user
-subjects:
-- apiGroup: rbac.authorization.k8s.io
-  kind: User
-  name: alice
+$ oc get smmr -n istio-system default
 ----
++
+The installation has finished successfully when the `STATUS` column is `Configured`.

modules/ossm-member-roll-modify.adoc

@@ -6,14 +6,14 @@
 [id="ossm-member-roll-modify_{context}"]
 = Adding or removing projects from the service mesh
 
-Follow this procedure to modify an existing {ProductShortName} `ServiceMeshMemberRoll` resource using the web console.
+Follow this procedure to add or remove projects from an existing {ProductShortName} `ServiceMeshMemberRoll` resource using the web console.
 
 * You can add any number of projects, but a project can only belong to *one* `ServiceMeshMemberRoll` resource.
 
 * The `ServiceMeshMemberRoll` resource is deleted when its corresponding `ServiceMeshControlPlane` resource is deleted.
 
 [id="ossm-member-roll-modify-console_{context}"]
-== Modifying the member roll from the web console
+== Adding or removing projects from the member roll using the web console
 
 .Prerequisites
 * An installed, verified {ProductName} Operator.
@@ -44,7 +44,7 @@ Follow this procedure to modify an existing {ProductShortName} `ServiceMeshMembe
 . Click *Reload*.
 
 [id="ossm-member-roll-modify-cli_{context}"]
-== Modifying the member roll from the CLI
+== Adding or removing projects from the member roll using the CLI
 
 Follow this procedure to modify an existing {ProductShortName} member roll using the command line.
 

modules/ossm-members.adoc

@@ -0,0 +1,54 @@
+// Module included in the following assemblies:
+//
+// * service_mesh/v1x/installing-ossm.adoc
+// * service_mesh/v2x/installing-ossm.adoc
+
+[id="ossm-members_{context}"]
+= Creating the {ProductName} members
+
+`ServiceMeshMember` resources provide a way for {ProductName} administrators to delegate permissions to add projects to a service mesh, even when the respective users don't have direct access to the service mesh project or member roll. While project administrators are automatically given permission to create the `ServiceMeshMember` resource in their project, they cannot point it to any `ServiceMeshControlPlane` until the service mesh administrator explicitly grants access to the service mesh. Administrators can grant users permissions to access the mesh by granting them the `mesh-user` user role. In this example, `istio-system` is the control plane namespace.
+
+----
+$ oc policy add-role-to-user -n istio-system --role-namespace istio-system mesh-user <user_name>.
+----
+
+Administrators can modify the `mesh-user` role binding in the control plane project to specify the users and groups that are granted access. The `ServiceMeshMember` adds the project to the `ServiceMeshMemberRoll` within the control plane project that it references.
+
+[source,yaml]
+----
+apiVersion: maistra.io/v1
+kind: ServiceMeshMember
+metadata:
+  name: default
+spec:
+  controlPlaneRef:
+    namespace: istio-system
+    name: basic
+----
+
+The `mesh-users` role binding is created automatically after the administrator creates the `ServiceMeshControlPlane` resource. An administrator can use the following command to add a role to a user.
+
+----
+$ oc policy add-role-to-user
+----
+
+The administrator can also create the `mesh-user` role binding before the administrator creates the `ServiceMeshControlPlane` resource. For example, the administrator can create it in the same `oc apply` operation as the `ServiceMeshControlPlane` resource.
+
+This example adds a role binding for `alice`:
+
+[source,yaml]
+----
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  namespace: istio-system
+  name: mesh-users
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: mesh-user
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: User
+  name: alice
+----

modules/ossm-observability-visual.adoc

@@ -29,6 +29,6 @@ If your application uses version tags, like the Bookinfo sample application, you
 
 * The Workload graph shows a node for each workload in your service mesh. This graph does not require you to use the app and version labels. If your app does not use version labels, use this the graph.
 
-* The Service graph shows a node for each service in your mesh but excludes all apps and workloads from the graph. It provides a high level view and aggregates all traffic for defined services.
+* The Service graph shows a node for each service in your mesh but excludes all applications and workloads from the graph. It provides a high level view and aggregates all traffic for defined services.
 
 To view a summary of metrics, select any node or edge in the graph to display its metric details in the summary details panel.

modules/ossm-sidecar-injection-env-var.adoc

@@ -3,23 +3,12 @@
 // * service_mesh/v1x/prepare-to-deploy-applications-ossm.adoc
 // * service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc
 
-[id="ossm-sidecar-injection_{context}"]
-= {ProductName}'s sidecar injection
-
-{ProductName} relies on a proxy sidecar within the application's pod to provide {ProductShortName} capabilities to the application. You can enable automatic sidecar injection or manage it manually. Red Hat recommends automatic injection using the annotation with no need to label projects. This ensures that your application contains the appropriate configuration for the {ProductShortName} upon deployment. This method requires fewer privileges and does not conflict with other OpenShift capabilities such as builder pods.
-
-[NOTE]
-====
-The upstream version of Istio injects the sidecar by default if you have labeled the project. {ProductName} requires you to opt in to having the sidecar automatically injected to a deployment, so you are not required to label the project. This avoids injecting a sidecar if it is not wanted (for example, in build or deploy pods).
-
-The webhook checks the configuration of pods deploying into all projects to see if they are opting in to injection with the appropriate annotation.
-====
-
 [id="ossm-sidecar-injection-env-var_{context}"]
-== Setting environment variables on the proxy in applications through annotations
+= Setting environment variables on the proxy in applications through annotations
 
 You can set environment variables on the sidecar proxy for applications by adding pod annotations in the deployment in the `injection-template.yaml` file. The environment variables are injected to the sidecar.
 
+.Example injection-template.yaml
 [source,yaml]
 ----
 apiVersion: apps/v1
@@ -40,4 +29,4 @@ spec:
 [WARNING]
 ====
 `maistra.io/` labels and annotations should never be included in user-created resources, because they indicate that the resources are generated and managed by the Operator. If you are copying content from an Operator-generated resource when creating your own resources, do not include labels or annotations that start with `maistra.io/` or your resource will be overwritten or deleted by the Operator during the next reconciliation.
-====
+====

modules/ossm-supported-configurations.adoc

@@ -5,23 +5,18 @@
 // * post_installation_configuration/network-configuration.adoc  (once 2.0 released)
 
 [id="ossm-supported-configurations_{context}"]
-= {ProductName} supported configurations
+= Supported configurations
 
-The following are the only supported configurations for the {ProductName}:
+The following configurations are supported for the current release of  {ProductName}:
 
 * Red Hat {product-title} version 4.x.
 
-[NOTE]
-====
-OpenShift Online and OpenShift Dedicated are not supported for {ProductName}.
-====
-
 * The deployment must be contained to a single {product-title} cluster that is not federated.
 * This release of {ProductName} is only available on {product-title} x86_64, IBM Z, and IBM Power Systems.
 ** IBM Z is only supported on {product-title} 4.6 and later.
 ** IBM Power Systems is only supported on {product-title} 4.6 and later.
-* This release only supports configurations where all {ProductShortName} components are contained in the OpenShift cluster in which it operates. It does not support management of microservices that reside outside of the cluster, or in a multi-cluster scenario.
-* This release only supports configurations that do not integrate external services such as virtual machines.
+* Configurations where all {ProductShortName} components are contained in the OpenShift cluster in which it operates. {ProductName} does not support management of microservices that reside outside of the cluster, or in a multi-cluster scenario.
+* Configurations that do not integrate external services such as virtual machines.
 
 For additional information about {ProductName} lifecycle and supported configurations, refer to the link:https://access.redhat.com/support/policy/updates/openshift#ossm[Support Policy].
 
@@ -34,7 +29,7 @@ For additional information about {ProductName} lifecycle and supported configura
 * OVN-Kubernetes is supported as a technology preview in {product-title} version 4.7.
 
 [id="ossm-supported-configurations-kiali_{context}"]
-== Supported configurations for Kiali on {ProductName}
+== Supported configurations for Kiali
 
 * The Kiali observability console is only supported on the two most recent releases of the Chrome, Edge, Firefox, or Safari browsers.
 

modules/ossm-tutorial-bookinfo-adding-destination-rules.adoc

@@ -7,7 +7,7 @@ This PROCEDURE module included in the following assemblies:
 [id="ossm-tutorial-bookinfo-adding-destination-rules_{context}"]
 = Adding default destination rules
 
-Before you can use the Bookinfo application, you have to add default destination rules. There are two preconfigured YAML files, depending on whether or not you enabled mutual transport layer security (TLS) authentication.
+Before you can use the Bookinfo application, you must first add default destination rules. There are two preconfigured YAML files, depending on whether or not you enabled mutual transport layer security (TLS) authentication.
 
 .Procedure
 

modules/ossm-tutorial-bookinfo-install.adoc

@@ -7,29 +7,18 @@ This PROCEDURE module included in the following assemblies:
 [id="ossm-tutorial-bookinfo-install_{context}"]
 = Installing the Bookinfo application
 
-This tutorial walks you through creating a Bookinfo project, deploying the Bookinfo application, and running Bookinfo  on {product-title} with {ProductShortName} {ProductVersion}.
-
-[WARNING]
-====
-The Bookinfo example application allows you to test your {ProductName} {ProductVersion} installation on {product-title}.
-
-Red Hat does not provide support for the Bookinfo application.
-====
-
-[NOTE]
-====
-The Bookinfo sample application cannot be installed on IBM Z and IBM Power Systems.
-====
+This tutorial walks you through how to create a Bookinfo project, deploying the Bookinfo application, and run Bookinfo on {product-title} with {ProductShortName} {ProductVersion}.
 
 .Prerequisites:
 
 * {product-title} 4.1 or higher installed.
 * {ProductName} {ProductVersion} installed.
 * Access to the {product-title} Command-line Interface (CLI) also known as `oc`.
+* An account with the `cluster-admin` role.
 
 [NOTE]
 ====
-{ProductName} implements auto-injection differently than the upstream Istio project, therefore this procedure uses a version of the `bookinfo.yaml` file annotated to enable automatic injection of the Istio sidecar for {ProductName}.
+The Bookinfo sample application cannot be installed on IBM Z and IBM Power Systems.
 ====
 
 .Procedure
@@ -55,21 +44,19 @@ $ oc new-project bookinfo
 
 . Click the *{ProductName}* Operator.
 
-. Click the *Istio Service Mesh Member Roll* link.
+. Click the *Istio Service Mesh Member Roll* tab.
 
 .. If you have already created a Istio Service Mesh Member Roll, click the name, then click the YAML tab to open the YAML editor.
 
-.. If you have not created a Istio Service Mesh Member Roll, click *Create Service Mesh Member Roll*.
+.. If you have not created a `ServiceMeshMemberRoll`, click *Create ServiceMeshMemberRoll*.
 +
-[NOTE]
-====
-You need cluster-admin rights to edit the Istio Service Mesh Member Roll.
-====
+. Click *Members*, then enter the name of your project in the *Value* field.
 +
-. Edit the default Service Mesh Member Roll YAML and add `bookinfo` to the *members* list.
+. Click *Create* to save the updated Service Mesh Member Roll.
 +
-.Bookinfo ServiceMeshMemberRoll example
-
+** + Or, save the following example to a YAML file.
++
+.Bookinfo ServiceMeshMemberRoll example servicemeshmemberroll-default.yaml
 [source,yaml]
 ----
 apiVersion: maistra.io/v1
@@ -80,40 +67,41 @@ spec:
   members:
   - bookinfo
 ----
-+
-** Alternatively, you can run this command from the CLI to add the `bookinfo` project to the `ServiceMeshMemberRoll`. Replace `<control_plane_project>` with the name of your control plane project.
+.. Run the following command to upload that file and create the `ServiceMeshMemberRoll` resource in the `istio-system` namespace.
 +
 [source,terminal]
 ----
-$ oc -n <control_plane_project> patch --type='json' smmr default -p '[{"op": "add", "path": "/spec/members", "value":["'"bookinfo"'"]}]'
+$ oc create -n istio-system -f servicemeshmemberroll-default.yaml
 ----
 +
-. Click *Create* to save the updated Service Mesh Member Roll.
+. Run the following command to verify the `ServiceMeshMemberRoll` was created successfully. 
++
+[source,terminal]
+----
+$ oc get smmr -n istio-system
+----
++
+The installation has finished successfully when the `STATUS` column is `Configured`.
 
 . From the CLI, deploy the Bookinfo application in the _`bookinfo`_ project by applying the `bookinfo.yaml` file:
 +
-
 [source,bash,subs="attributes"]
 ----
 $ oc apply -n bookinfo -f https://raw.githubusercontent.com/Maistra/istio/maistra-{MaistraVersion}/samples/bookinfo/platform/kube/bookinfo.yaml
 ----
 +
+{ProductName} implements auto-injection differently than the upstream Istio project. This procedure uses a version of the `bookinfo.yaml` file annotated to enable automatic injection of the Istio sidecar for {ProductName}.
++
 . Create the ingress gateway by applying the `bookinfo-gateway.yaml` file:
 +
-
 [source,bash,subs="attributes"]
 ----
 $ oc apply -n bookinfo -f https://raw.githubusercontent.com/Maistra/istio/maistra-{MaistraVersion}/samples/bookinfo/networking/bookinfo-gateway.yaml
 ----
 +
-. Set the value for the `GATEWAY_URL` parameter:
-+
-[NOTE]
-====
-Replace `<control_plane_project>` with the name of your control plane project. In this example, the control plane project is `istio-system`.
-====
+. Set the value for the `GATEWAY_URL` parameter. You can use this variable to find the URL for your Bookinfo product page later. In this example, `istio-system` is the name of the control plane project.
 +
 [source,terminal]
 ----
-$ export GATEWAY_URL=$(oc -n <control_plane_project> get route istio-ingressgateway -o jsonpath='{.spec.host}')
+$ export GATEWAY_URL=$(oc -n istio-system get route istio-ingressgateway -o jsonpath='{.spec.host}')
 ----

modules/ossm-tutorial-bookinfo-overview.adoc

@@ -7,7 +7,9 @@ This CONCEPT module included in the following assemblies:
 [id="ossm-tutorial-bookinfo-overview_{context}"]
 = Bookinfo example application
 
-The upstream Istio project has an example tutorial called https://istio.io/docs/examples/bookinfo[Bookinfo], which is composed of four separate microservices used to demonstrate various Istio features. The Bookinfo application displays information about a book, similar to a single catalog entry of an online book store. Displayed on the page is a description of the book, book details (ISBN, number of pages, and other information), and book reviews.
+The Bookinfo example application allows you to test your {ProductName} {ProductVersion} installation on {product-title}.
+
+The Bookinfo application displays information about a book, similar to a single catalog entry of an online book store. The application displays a page that describes the book, book details (ISBN, number of pages, and other information), and book reviews.
 
 The Bookinfo application consists of these microservices:
 

modules/ossm-tutorial-bookinfo-removing.adoc

@@ -52,11 +52,11 @@ $ oc delete project bookinfo
 
 . Edit the default Service Mesh Member Roll YAML and remove `bookinfo` from the *members* list.
 +
-** Alternatively, you can run this command from the CLI to remove the `bookinfo` project from the `ServiceMeshMemberRoll`. Replace `<control_plane_project>` with the name of your control plane project.
+** Alternatively, you can run this command from the CLI to remove the `bookinfo` project from the `ServiceMeshMemberRoll`. In this example, `istio-system` is the name of the control plane project.
 +
 [source,terminal]
 ----
-$ oc -n <control_plane_project> patch --type='json' smmr default -p '[{"op": "remove", "path": "/spec/members", "value":["'"bookinfo"'"]}]'
+$ oc -n istio-system patch --type='json' smmr default -p '[{"op": "remove", "path": "/spec/members", "value":["'"bookinfo"'"]}]'
 ----
 
 . Click *Save* to update Service Mesh Member Roll.

modules/ossm-tutorial-bookinfo-verify-install.adoc

@@ -11,24 +11,25 @@ Before configuring your application, verify that it successfully deployed.
 
 .Prerequisites
 
-* {product-title} 4.1 or higher installed.
 * {ProductName} {ProductVersion} installed.
 * Access to the {product-title} Command-line Interface (CLI) also known as `oc`.
+* Complete the steps for installing the Bookinfo sample app.
 
 .Procedure
 
 . Log in to the {product-title} CLI.
 
-. Run this command to confirm that Bookinfo is deployed:
-+
-----
-$ curl -o /dev/null -s -w "%{http_code}\n" http://$GATEWAY_URL/productpage
-----
-+
-** Alternatively, you can open `http://$GATEWAY_URL/productpage` in your browser.
-** You can also verify that all pods are ready with this command:
+. Verify that all pods are ready with this command:
 +
 [source,terminal]
 ----
 $ oc get pods -n bookinfo
 ----
+
+. Run the following command to retrieve the URL for the product page:
++
+[source,terminal]
+----
+echo "http://$GATEWAY_URL/productpage"
+----
+. Paste the output in a web browser to verify the Bookinfo product page is deployed correctly.

modules/ossm-update-app-sidecar.adoc

@@ -6,9 +6,9 @@
 [id="ossm-update-app-sidecar_{context}"]
 = Updating your application pods
 
-If you selected the Automatic Approval Strategy when you were installing your Operators, then the Operators update the control plane automatically, but not your applications. Existing applications continue to be part of the mesh and function accordingly. The application administrator must restart applications to upgrade the sidecar.
+If you selected the Automatic Approval Strategy when you were installing your Operators, then the Operators update the control plane automatically but not your applications. Existing applications continue to be part of the mesh and function accordingly. The application administrator must restart applications to upgrade the sidecar.
 
-If your deployment uses Automatic sidecar injection, you can update the pod template in the deployment by adding or modifying an annotation. Run the following command to redeploy the pods:
+If your deployment uses automatic sidecar injection, you can update the pod template in the deployment by adding or modifying an annotation. Run the following command to redeploy the pods:
 
 [source,terminal]
 ----

service_mesh/v1x/prepare-to-deploy-applications-ossm.adoc

@@ -15,9 +15,9 @@ When you deploy an application into the {ProductShortName}, there are several di
 
 include::modules/ossm-control-plane-templates-1x.adoc[leveloffset=+1]
 
-include::modules/ossm-sidecar-injection.adoc[leveloffset=+1]
+include::modules/ossm-automatic-sidecar-injection.adoc[leveloffset=+1]
 
-include::modules/ossm-automatic-sidecar-injection.adoc[leveloffset=+2]
+include::modules/ossm-sidecar-injection-env-var.adoc[leveloffset=+1]
 
 include::modules/ossm-mixer-policy-1x.adoc[leveloffset=+1]
 

service_mesh/v2x/customizing-installation-ossm.adoc

@@ -5,11 +5,11 @@ include::modules/ossm-document-attributes.adoc[]
 
 toc::[]
 
-After your default `ServiceMeshControlPlane` resource is deployed, you must configure the resource to suit your environment.  Note that the default Jaeger deployment must be changed, as the default `allinone` deployment does not supply persistent memory.
+After your default `ServiceMeshControlPlane` resource is deployed, you must configure the resource to suit your environment.
 
 == Resources for configuring your ServiceMeshControlPlane resource
 
-Read more about how to configure your `ServiceMeshControlPlane` resource further, or skip ahead to Updating the `ServiceMeshControlPlane`.
+Read more about how to configure your `ServiceMeshControlPlane` resource, or skip ahead to Updating the `ServiceMeshControlPlane`.
 
 * See xref:../../service_mesh/v2x/ossm-observability.adoc#ossm-observability[Data visualization and observability] for more information about Kiali and visualizing your data.
 * See xref:../../service_mesh/v2x/ossm-security.adoc#ossm-security[Security] for configuring mTLS, cipher suites, and external certificate authorities.
@@ -17,7 +17,3 @@ Read more about how to configure your `ServiceMeshControlPlane` resource further
 * See xref:../../service_mesh/v2x/ossm-custom-resources.adoc#ossm-custom-resources[Custom resources] for more information about all the configurable fields in your `ServiceMeshControlPlane` resource.
 
 include::modules/ossm-updating-smcp.adoc[leveloffset=+1]
-
-== Next steps
-
-* xref:../../service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc#deploying-applications-ossm[Prepare to deploy applications] on {ProductName}.

service_mesh/v2x/installing-ossm.adoc

@@ -1,62 +1,22 @@
 [id="installing-ossm"]
-= Installing {ProductName}
+= Installing the Operators
 include::modules/ossm-document-attributes.adoc[]
 :context: installing-ossm
 
 toc::[]
 
-Installing the {ProductShortName} involves installing the OpenShift Elasticsearch, Jaeger, Kiali and {ProductShortName} Operators, creating and managing a `ServiceMeshControlPlane` resource to deploy the control plane, and creating a `ServiceMeshMemberRoll` resource to specify the namespaces associated with the {ProductShortName}.
+To install {ProductName}, first install the required Operators on {product-title} and then create a `ServiceMeshControlPlane` resource to deploy the control plane.
 
-[NOTE]
-====
-Multi-tenant control plane installations are the default configuration starting with {ProductName} 1.0.
-====
-
-[NOTE]
-====
-The {ProductShortName} documentation uses `istio-system` as the example project, but you may deploy the service mesh to any project.
-====
-
-== Prerequisites
-* Follow the xref:../../service_mesh/v2x/preparing-ossm-installation.adoc#preparing-ossm-installation[Preparing to install {ProductName}] process.
+.Prerequisites
+* Read the xref:../../service_mesh/v2x/preparing-ossm-installation.adoc#preparing-ossm-installation[Preparing to install {ProductName}] process.
 * An account with the `cluster-admin` role.
 
-The {ProductShortName} installation process uses the link:https://operatorhub.io/[OperatorHub] to install the `ServiceMeshControlPlane` custom resource definition within the `openshift-operators` project. The {ProductName} defines and monitors the `ServiceMeshControlPlane` related to the deployment, update, and deletion of the control plane.
+The following steps show how to install a basic instance of {ProductName} on {product-title}.
 
-Starting with {ProductName} {ProductVersion}, you must install the OpenShift Elasticsearch Operator, the Jaeger Operator, and the Kiali Operator before the {ProductName} Operator can install the control plane.
-
-include::modules/jaeger-install-elasticsearch.adoc[leveloffset=+1]
-
-include::modules/jaeger-install.adoc[leveloffset=+1]
-
-include::modules/ossm-install-kiali.adoc[leveloffset=+1]
+include::modules/ossm-installation-activities.adoc[leveloffset=+1]
 
 include::modules/ossm-install-ossm-operator.adoc[leveloffset=+1]
 
-include::modules/ossm-control-plane-deploy.adoc[leveloffset=+1]
-
-For a multitenant installation, {ProductName} supports multiple independent control planes within the cluster.  You can create reusable configurations with `ServiceMeshControlPlane` profiles.  For more information, see xref:../../service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc#ossm-control-plane-profiles_deploying-applications-ossm[Creating control plane profiles].
-
-include::modules/ossm-member-roll-create.adoc[leveloffset=+1]
-
-include::modules/ossm-member-roll-modify.adoc[leveloffset=+1]
-
-== Manual updates
-
-If you choose to update manually, the Operator Lifecycle Manager (OLM) controls the installation, upgrade, and role-based access control (RBAC) of Operators in a cluster. OLM runs by default in {product-title}.
-OLM uses CatalogSources, which use the Operator Registry API, to query for available Operators as well as upgrades for installed Operators.
-
-* For more information about how {product-title} handled upgrades, refer to the xref:../../operators/understanding/olm/olm-understanding-olm.adoc#olm-overview_olm-understanding-olm[Operator Lifecycle Manager] documentation.
-
-include::modules/ossm-update-app-sidecar.adoc[leveloffset=+2]
-
 == Next steps
 
-[NOTE]
-====
-The default `ServiceMeshControlPlane` settings are not intended for production use; they are designed to install successfully on a default OpenShift installation, which is an extremely resource limited environment.   After you have verified a successful SMCP installation, you should modify the settings defined within the SMCP to suit your environment.
-====
-
-* xref:../../service_mesh/v2x/customizing-installation-ossm.adoc#customize-installation-ossm-v2x[Customize the {ProductName} installation].
-
-* xref:../../service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc#deploying-applications-ossm[Prepare to deploy applications] on {ProductName}.
+Create a `ServiceMeshControlPlane` resource to configure the components of {ProductShortName}. For more information, see xref:../../service_mesh/v2x/ossm-create-smcp.adoc#ossm-create-smcp[Creating the ServiceMeshControlPlane].

service_mesh/v2x/ossm-create-mesh.adoc

@@ -0,0 +1,31 @@
+[id="ossm-create-mesh"]
+= Adding services to a service mesh
+include::modules/ossm-document-attributes.adoc[]
+:context: ossm-create-mesh
+
+After installing the Operators and `ServiceMeshControlPlane` resource, add applications, workloads, or services to your mesh by creating a `ServiceMeshMemberRoll` resource and specifying the namespaces where your content is located. If you already have an application, workflow, or service to add to a `ServiceMeshMemberRoll` resource, use the following steps. Or, to install a sample application called Bookinfo and add it to a  `ServiceMeshMemberRoll` resource, skip to the tutorial for installing the xref:../../service_mesh/v2x/ossm-create-mesh.adoc#ossm-tutorial-bookinfo-overview_ossm-create-mesh[Bookinfo example application] to see how an application works in {ProductName}.
+
+The items listed in the `ServiceMeshMemberRoll` resource are the applications and workflows that are managed by the `ServiceMeshControlPlane` resource. The control plane, which includes the {ProductShortName} Operators, Istiod, and `ServiceMeshControlPlane`, and the data plane, which includes applications and Envoy proxy, must be in separate namespaces.
+
+[NOTE]
+====
+After you add the namespace to the `ServiceMeshMemberRoll`, access to services or pods in that namespace will not be accessible to callers outside the service mesh.
+====
+
+include::modules/ossm-member-roll-create.adoc[leveloffset=+1]
+
+include::modules/ossm-member-roll-modify.adoc[leveloffset=+1]
+
+include::modules/ossm-tutorial-bookinfo-overview.adoc[leveloffset=+1]
+
+include::modules/ossm-tutorial-bookinfo-install.adoc[leveloffset=+2]
+
+include::modules/ossm-tutorial-bookinfo-adding-destination-rules.adoc[leveloffset=+2]
+
+include::modules/ossm-tutorial-bookinfo-verify-install.adoc[leveloffset=+2]
+
+include::modules/ossm-tutorial-bookinfo-removing.adoc[leveloffset=+2]
+
+== Next steps
+
+* xref:../../service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc#deploying-applications-ossm[Enabling sidecar injection] on {ProductName}.

service_mesh/v2x/ossm-create-smcp.adoc

@@ -0,0 +1,16 @@
+[id="ossm-create-smcp"]
+= Creating the ServiceMeshControlPlane
+include::modules/ossm-document-attributes.adoc[]
+:context: ossm-create-smcp
+
+You can deploy a basic installation of the `ServiceMeshControlPlane` by using either the {product-title} web console or from the command line using the `oc` client tool.
+
+include::modules/ossm-control-plane-web.adoc[leveloffset=+2]
+
+include::modules/ossm-control-plane-cli.adoc[leveloffset=+2]
+
+{ProductName} supports multiple independent control planes within the cluster.  You can create reusable configurations with `ServiceMeshControlPlane` profiles. For more information, see xref:../../service_mesh/v2x/ossm-profiles-users.adoc#ossm-control-plane-profiles_ossm-profiles-users[Creating control plane profiles].
+
+== Next steps
+
+Create a `ServiceMeshMemberRoll` resource to specify the namespaces associated with the {ProductShortName}. For more information, see xref:../../service_mesh/v2x/ossm-create-mesh.adoc#ossm-create-mesh[Adding services to a service mesh].

service_mesh/v2x/ossm-observability.adoc

@@ -7,7 +7,7 @@ toc::[]
 
 You can view your application's topology, health and metrics in the Kiali console. If your service is having issues, the Kiali console offers ways to visualize the data flow through your service. You can view insights about the mesh components at different levels, including abstract applications, services, and workloads. It also provides an interactive graph view of your namespace in real time.
 
-You can observe the data flow through your application if you have one installed. If you don't have your own application installed, you can see how observability works in {ProductName} by installing the xref:../../service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc#ossm-tutorial-bookinfo-overview_deploying-applications-ossm[Bookinfo sample application].
+You can observe the data flow through your application if you have one installed. If you don't have your own application installed, you can see how observability works in {ProductName} by installing the xref:../../service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc#ossm-tutorial-bookinfo-overview_ossm-create-mesh[Bookinfo sample application].
 
 After installing the Bookinfo sample application, send traffic to the mesh. Enter the following command a few times:
 
@@ -20,3 +20,5 @@ If your sample application is configured correctly, this command simulates a use
 include::modules/ossm-observability-access.adoc[leveloffset=+1]
 
 include::modules/ossm-observability-visual.adoc[leveloffset=+1]
+
+include::modules/ossm-tutorial-jaeger-generating-traces.adoc[leveloffset=+1]

service_mesh/v2x/ossm-profiles-users.adoc

@@ -0,0 +1,13 @@
+[id="ossm-profiles-users"]
+= Managing users and profiles
+include::modules/ossm-document-attributes.adoc[]
+:context: ossm-profiles-users
+
+toc::[]
+
+include::modules/ossm-members.adoc[leveloffset=+1]
+
+include::modules/ossm-control-plane-profiles.adoc[leveloffset=+1]
+
+include::modules/ossm-config-network-policy.adoc[leveloffset=+1]
+

service_mesh/v2x/ossm-security.adoc

@@ -9,14 +9,9 @@ If your service mesh application is constructed with a complex array of microser
 
 .Before you begin
 
-If you have a project, add your project to the xref:../../service_mesh/v2x/installing-ossm.adoc#ossm-member-roll-modify_installing-ossm[`ServiceMeshMemberRoll` resource].
+If you have a project, add your project to the xref:../../service_mesh/v2x/installing-ossm.adoc#ossm-member-roll-modify_ossm-create-mesh[`ServiceMeshMemberRoll` resource].
 
-[NOTE]
-====
-After you add the namespace to the `ServiceMeshMemberRoll`, access to services or pods in that namespace will not be accessible to callers outside the mesh.
-====
-
-If you don't have a project, install the xref:../../service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc#ossm-tutorial-bookinfo-overview_deploying-applications-ossm[Bookinfo sample application] and add it to the `ServiceMeshMemberRoll` resource. The sample application helps illustrate security concepts.
+If you don't have a project, install the xref:../../service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc#ossm-tutorial-bookinfo-overview_ossm-create-mesh[Bookinfo sample application] and add it to the `ServiceMeshMemberRoll` resource. The sample application helps illustrate security concepts.
 
 include::modules/ossm-security-mtls.adoc[leveloffset=+1]
 

service_mesh/v2x/ossm-traffic-manage.adoc

@@ -7,7 +7,7 @@ toc::[]
 
 You can control the flow of traffic and API calls between services in  {ProductName}. For example, some services in your service mesh may need to communicate within the mesh and others may need to be hidden. Manage the traffic to hide specific backend services, expose services, create testing or versioning deployments, or add a security layer on a set of services.
 
-This guide references the Bookinfo sample application to provide examples of routing in an example application. Install the xref:../../service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc#ossm-tutorial-bookinfo-overview_deploying-applications-ossm[Bookinfo application] to learn how these routing examples work.
+This guide references the Bookinfo sample application to provide examples of routing in an example application. Install the xref:../../service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc#ossm-tutorial-bookinfo-overview_ossm-create-mesh[Bookinfo application] to learn how these routing examples work.
 
 include::modules/ossm-routing.adoc[leveloffset=+1]
 

service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc

@@ -1,40 +1,25 @@
 [id="deploying-applications-ossm"]
-= Deploying applications on {ProductName}
+= Enabling sidecar injection
 include::modules/ossm-document-attributes.adoc[]
 :context: deploying-applications-ossm
 
 toc::[]
 
-When you deploy an application into the {ProductShortName}, there are several differences between the behavior of applications in the upstream community version of Istio and the behavior of applications within a {ProductName} installation.
+After adding your services to a mesh, enable automatic sidecar injection in the deployment resource for your application. You must enable automatic sidecar injection for each deployment. 
 
-[NOTE]
-====
-Do not deploy applications within the {ProductShortName} control plane namespace. The control plane (service mesh Operators, Istiod, and `ServiceMeshControlPlane`) and data plane (applications and Envoy proxy) must be in separate namespaces.
-====
+If you have installed the Bookinfo sample application, the application was deployed and the sidecars were injected. If you are using your own project and service, deploy your applications on {product-title}. For more information, see xref:../../applications/deployments/what-deployments-are.html[Understanding Deployment and DeploymentConfig objects].
 
 == Prerequisites
 
-* Review xref:../../service_mesh/v2x/ossm-vs-community.adoc#ossm-vs-community[{ProductName} and Istio differences]
+* xref:../../service_mesh/v2x/installing-ossm.adoc#installing-ossm[Adding services to a service mesh]
+* A deployment resource for your project
 
-* Review xref:../../service_mesh/v2x/installing-ossm.adoc#installing-ossm[Installing {ProductName}]
+include::modules/ossm-automatic-sidecar-injection.adoc[leveloffset=+1]
 
+include::modules/ossm-update-app-sidecar.adoc[leveloffset=+1]
 
-include::modules/ossm-control-plane-profiles.adoc[leveloffset=+1]
+include::modules/ossm-sidecar-injection-env-var.adoc[leveloffset=+1]
 
-include::modules/ossm-sidecar-injection.adoc[leveloffset=+1]
+== Next steps
 
-include::modules/ossm-automatic-sidecar-injection.adoc[leveloffset=+2]
-
-include::modules/ossm-config-network-policy.adoc[leveloffset=+1]
-
-include::modules/ossm-tutorial-bookinfo-overview.adoc[leveloffset=+1]
-
-include::modules/ossm-tutorial-bookinfo-install.adoc[leveloffset=+2]
-
-include::modules/ossm-tutorial-bookinfo-adding-destination-rules.adoc[leveloffset=+2]
-
-include::modules/ossm-tutorial-bookinfo-verify-install.adoc[leveloffset=+2]
-
-include::modules/ossm-tutorial-bookinfo-removing.adoc[leveloffset=+2]
-
-include::modules/ossm-tutorial-jaeger-generating-traces.adoc[leveloffset=+1]
+* xref:../../service_mesh/v2x/customizing-installation-ossm.adoc#customize-installation-ossm-v2x[Configuring the {ProductName} installation].

service_mesh/v2x/preparing-ossm-installation.adoc

@@ -5,13 +5,13 @@ include::modules/ossm-document-attributes.adoc[]
 
 toc::[]
 
-Before you can install {ProductName}, review the installation activities, ensure that you meet the prerequisites:
+Before you can install {ProductName}, you must subscribe to {product-title} and install {product-title} in a supported configuration.
 
 == Prerequisites
 
-* Possess an active {product-title} subscription on your Red Hat account. If you do not have a subscription, contact your sales representative for more information.
+* Maintain an active {product-title} subscription on your Red Hat account. If you do not have a subscription, contact your sales representative for more information.
 * Review the xref:../../architecture/architecture-installation.adoc#installation-overview_architecture-installation[{product-title} {product-version} overview].
-* Install {product-title} {product-version}.
+* Install {product-title} {product-version}. If you are installing {ProductName} on a xref:../../installing/installing-preparing.adoc#supported-installation-methods-for-different-platforms[restricted network], follow the instructions for your chosen {product-title} infrastructure.
 ** xref:../../installing/installing_aws/installing-aws-account.adoc#installing-aws-account[Install {product-title} {product-version} on AWS]
 ** xref:../../installing/installing_aws/installing-aws-user-infra.adoc#installing-aws-user-infra[Install {product-title} {product-version} on user-provisioned AWS]
 ** xref:../../installing/installing_bare_metal/installing-bare-metal.adoc#installing-bare-metal[Install {product-title} {product-version} on bare metal]
@@ -19,23 +19,11 @@ Before you can install {ProductName}, review the installation activities, ensure
 ** xref:../../installing/installing_ibm_z/installing-ibm-z.adoc#installing-ibm-z[Install {product-title} 4.6 on IBM Z and LinuxONE]
 ** xref:../../installing/installing_ibm_power/installing-ibm-power.adoc#installing-ibm-power[Install {product-title} 4.6 on IBM Power Systems]
 +
-[NOTE]
-====
-If you are installing {ProductName} on a xref:../../installing/installing-preparing.adoc#supported-installation-methods-for-different-platforms[restricted network], follow the instructions for your chosen {product-title} infrastructure.
-====
-+
 * Install the version of the {product-title} command line utility (the `oc` client tool) that matches your {product-title} version and add it to your path.
 ** If you are using {product-title} {product-version}, see xref:../../cli_reference/openshift_cli/getting-started-cli.adoc#cli-about-cli_cli-developer-commands[About the OpenShift CLI].
 
 include::modules/ossm-supported-configurations.adoc[leveloffset=+1]
 
-include::modules/ossm-installation-activities.adoc[leveloffset=+1]
-
-[WARNING]
-====
-Please see xref:../../logging/config/cluster-logging-log-store.adoc[Configuring the log store] for details on configuring the default Jaeger parameters for Elasticsearch in a production environment.
-====
-
 == Next steps
 
 * xref:../../service_mesh/v2x/installing-ossm.adoc#installing-ossm[Install {ProductName}] in your {product-title} environment.

service_mesh/v2x/threescale-adapter.adoc

@@ -10,7 +10,7 @@ It is not required for {ProductName}.
 
 [IMPORTANT]
 ====
-If you want to enable 3scale backend cache with the 3scale Istio adapter, you must also enable Mixer policy and Mixer telemetry. See xref:../../service_mesh/v2x/installing-ossm.adoc#ossm-control-plane-deploy_installing-ossm[Deploying the Red Hat OpenShift Service Mesh control plane].
+If you want to enable 3scale backend cache with the 3scale Istio adapter, you must also enable Mixer policy and Mixer telemetry. See xref:../../service_mesh/v2x/ossm-create-smcp.adoc#ossm-create-smcp[Deploying the Red Hat OpenShift Service Mesh control plane].
 ====
 
 include::modules/ossm-threescale-integrate.adoc[leveloffset=+1]