openshift-docs/modules/ossm-cr-example.adoc

// Module included in the following assemblies:
//
// * service_mesh/v2x/customizing-installation-ossm.adoc

[id="ossm-cr-example_{context}"]
= {ProductName} custom resources

[NOTE]
====
The `istio-system` project is used as an example throughout the {ProductShortName} documentation, but you can use other projects as necessary.
====

A _custom resource_ allows you to extend the API in an {ProductName} project or cluster. When you deploy {ProductShortName} it creates a default `ServiceMeshControlPlane` that you can modify to change the project parameters.

The {ProductShortName} operator extends the API by adding the `ServiceMeshControlPlane` resource type, which enables you to create `ServiceMeshControlPlane` objects within projects. By creating a `ServiceMeshControlPlane` object, you instruct the Operator to install a {ProductShortName} control plane into the project, configured with the parameters you set in the `ServiceMeshControlPlane` object.

This example `ServiceMeshControlPlane` definition contains all of the supported parameters and deploys {ProductName} {ProductVersion} images based on Red Hat Enterprise Linux (RHEL).

[IMPORTANT]
====
The 3scale Istio Adapter is deployed and configured in the custom resource file. It also requires an active 3scale account (link:https://www.3scale.net/signup/[SaaS] or link:https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.4/html/infrastructure/onpremises-installation[On-Premises]).
====

.Example `ServiceMeshControlPlane` resource

[source,yaml]
----
apiVersion: maistra.io/v2
kind: ServiceMeshControlPlane
metadata:
  name: basic
spec:
  proxy:
    resources:
      requests:
        cpu: 100m
        memory: 128Mi
      limits:
        cpu: 500m
        memory: 128Mi
  tracing:
    type: Jaeger
  gateways:
    ingress: # istio-ingressgateway
      service:
        type: ClusterIP
        ports:
        - name: status-port
          port: 15020
        - name: http2
          port: 80
          targetPort: 8080
        - name: https
          port: 443
          targetPort: 8443
      meshExpansionPorts: []
    egress: # istio-egressgateway
      service:
        type: ClusterIP
        ports:
        - name: status-port
          port: 15020
        - name: http2
          port: 80
          targetPort: 8080
        - name: https
          port: 443
          targetPort: 8443
    additionalIngress:
      some-other-ingress-gateway: {}
    additionalEgress:
      some-other-egress-gateway: {}

  policy:
    type: Istiod # or Mixer
    mixer: # only applies if policy.type: Mixer
      enableChecks: false 
      failOpen: false 

  telemetry:
    type: Istiod # or Mixer
    mixer: # only applies if telemetry.type: Mixer, for v1 telemetry
      sessionAffinity: false
      batching:
        maxEntries: 100
        maxTime: 1s
      adapters:
        kubernetesenv: true
        stdio:
          enabled: true
          outputAsJSON: true
  addons:
    grafana:
      enabled: true
      install: 
        config:
          env: {} 
          envSecrets: {} 
        persistence:
          storageClassName: ""
          accessMode: ReadWriteOnce
          capacity: 5Gi 
        service: 
          ingress:
            contextPath: /grafana
            tls:
              termination: reencrypt
    kiali:
      name: kiali
      enabled: true
      install: # install kiali CR if not present
        dashboard:
          viewOnly: false
          enableGrafana: true
          enableTracing: true
          enablePrometheus: true
      service: 
        ingress:
          contextPath: /kiali
    jaeger:
      name: jaeger
      install:
        storage:
          type: Memory # or Elasticsearch
          memory:
            maxTraces: 100000
          elasticsearch:
            nodeCount: 3
            storage: {}
            redundancyPolicy: SingleRedundancy
            indexCleaner: {}
        ingress: {} # jaeger ingress configuration
  runtime:
    components:
      pilot:
        deployment:
          replicas: 2
        pod:
          affinity: {}
        container:
          resources:
          limits: {}
          requirements: {}
      grafana:
        deployment: {}
        pod: {}
      kiali:
        deployment: {}
        pod: {}
----

The following table lists the parameters for the `ServiceMeshControlPlane` resource.

.`ServiceMeshControlPlane` resource parameters
|===
|Name |Description |Type

|`apiVersion`
|APIVersion defines the versioned schema of this representation of an object. Servers convert recognized schemas to the latest internal value, and may reject unrecognized values. The value for {ProductName} version 2.0 is `maistra.io/v2`.
|The value for {ProductName} version 2.0 is maistra.io/v2.

|kind
|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated.
|CamelCase string

|metadata
|Metadata about this `ServiceMeshControlPlane` instance You can provide a name for your control plane installation to keep track of your work, for example, `basic-install`, or `production`.
|string

|spec
|The specification of the desired state of this `ServiceMeshControlPlane`. This includes the configuration options for all components that comprise the control plane.
|For more information, see Table 2.

|status
|The current status of this `ServiceMeshControlPlane` and the components that comprise the control plane. 
|For more information, see Table 3.
|===

The following table lists the specifications for the `ServiceMeshControlPlane` resource. These parameters configure {ProductName} for your microservices and apps.

.`ServiceMeshControlPlane` resource spec
|===
|Name |Description |Configurable parameters

|addons
|Addons is used to configure additional features beyond core control plane components, such as visualization, or metric storage.
|`3scale`, `grafana`, `jaeger`, `kiali`, and `prometheus`.

|cluster
|Cluster is the general configuration of the cluster (cluster name, network name, multi-cluster, mesh expansion, etc.)
|`meshExpansion`, `multiCluster`, `name`, and `network`

|gateways
|Gateways configures ingress and egress gateways for the mesh.
|`enabled`, `additionalEgress`, `additionalIngress`, `egress`, `ingress`, and  `openshiftRoute`

|general
|General represents general control plane configuration that does not fit anywhere else.
|`logging` and `validationMessages`

|policy
|Policy configures policy checking for the control plane. If `spec.policy.enabled` is set to `true`, policy checking is enabled.
|`mixer` `remote`, or `type`. `type` can be set to `Istiod`, `Mixer` or `None`.

|profiles
|Profiles selects the `ServiceMeshControlPlane` profile to use for default values.
|`default`

|proxy
|Proxy configures the default behavior for sidecars. 
|`accessLogging`, `adminPort`, `concurrency`, and `envoyMetricsService`

|runtime
|Runtime configuration for the control plane components.
|`components`, and `defaults`

|security
|Security configures aspects of security for the control plane.
|`certificateAuthority`, `controlPlane`, `identity`, `dataPlane` and `trust`

|techPreview
|TechPreview is used to enable early access to features that are technology previews.
|N/A

|telemetry
|If spec.mixer.telemetry.enabled is set to true, telemetry is enabled.
|`mixer`, `remote`, and `type`. `type` can be set to `Istiod`, `Mixer` or `None`.

|tracing
|Tracing enables distributed tracing for the mesh.
|`sampling`, `type`. `type` can be set to `Jaeger` or `None`.

|version
|Version specifies what Maistra version of the control plane to install. When creating a `ServiceMeshControlPlane` with an empty version, the admission webhook sets the version to the current version. New `ServiceMeshControlPlanes` with an empty version are set to v2.0. Existing `ServiceMeshControlPlanes` with an empty version keep their setting.
|string
|===

ControlPlaneStatus represents the current state of your service mesh.

.`ServiceMeshControlPlane` resource `ControlPlaneStatus`
|===
|Name |Description |Type

|annotations
|Annotations is an unstructured key value map used to store additional, usually redundant status information, such as the number of components deployed by the `ServiceMeshControlPlane`. These statuses are used by the command line tool, `oc`, which does not yet allow counting objects in JSONPath expressions.
|Not configurable

|conditions
Represents the latest available observations of the object’s current state. `Reconciled` indicates whether the operator has finished reconciling the actual state of deployed components with the the configuration in the `ServiceMeshControlPlane` resource. `Installed` indicates whether the control plane has been installed. `Ready` indicates whether all control plane components are ready
|string

|components
|Shows the status of each deployed control plane component.
|string

|appliedSpec
|The resulting specification of the configuration options after all profiles have been applied.
|`ControlPlaneSpec`

|appliedValues
|The resulting values.yaml used to generate the charts.
|`ControlPlaneSpec`

|chartVersion
|The version of the charts that were last processed for this resource.
|string

|observedGeneration
|The generation observed by the controller during the most recent reconciliation. The information in the status pertains to this particular generation of the object. The `status.conditions` are not up-to-date if the `status.observedGeneration` field doesn't match `metadata.generation`.
|integer

|operatorVersion
|The version of the operator that last processed this resource.
|string

|readiness
|The readiness status of components & owned resources
|string
|===