Page
Create the service mesh control planes
The following steps will walk us through creating the Red Hat OpenShift Service Mesh 2.6 control plane with the OpenShift Service Mesh operator based on maistra. For the learning path, we will deploy both versions of 2 and 3 of OpenShift Service Mesh.
Prerequisites:
- A created Jaeger instance
- A subscribed Tempo Operator
- Deployed and configured OpenTelemetry
In this lesson, you will:
- Learn how to deploy and create a control plane with the Service Mesh Operator.
Red Hat OpenShift Service Mesh 2
First, we will tackle OpenShift Service Mesh 2 first before Service Mesh 3. This particular order of deployment is not detrimental, but for the purposes of this walkthrough, we advise following the order described next:
Create the OpenShift Service Mesh 2 Operator subscription:
cat <<'EOF' | oc create -f- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: labels: operators.coreos.com/servicemeshoperator.openshift-operators: '' name: servicemeshoperator namespace: openshift-operators spec: channel: stable installPlanApproval: Automatic name: servicemeshoperator source: redhat-operators sourceNamespace: openshift-marketplace startingCSV: servicemeshoperator.v2.6.11 EOFNext, create the Kiali Operator subscription to satisfy the OpenShift Service Mesh 2 dependency:
cat <<'EOF' | oc create -f- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: labels: operators.coreos.com/kiali-ossm.openshift-operators: '' name: kiali-ossm namespace: openshift-operators spec: channel: stable installPlanApproval: Automatic name: kiali-ossm source: redhat-operators sourceNamespace: openshift-marketplace startingCSV: kiali-operator.v2.11.4 EOFThen create the OpenShift Service Mesh 2 control plane
CustomResource(CR):cat <<'EOF' | oc create -f- apiVersion: maistra.io/v2 kind: ServiceMeshControlPlane metadata: name: basic namespace: istio-system spec: addons: grafana: enabled: true kiali: enabled: true prometheus: enabled: true security: manageNetworkPolicy: false gateways: openshiftRoute: enabled: false mode: ClusterWide policy: type: Istiod profiles: - default telemetry: type: Istiod tracing: type: None version: v2.6 meshConfig: discoverySelectors: - matchExpressions: - key: maistra.io/member-of operator: Exists - key: istio.io/rev operator: DoesNotExist extensionProviders: - name: otel opentelemetry: port: 4317 service: user-collector.istio-system.svc.cluster.local - name: zipkin zipkin: port: 9411 service: user-collector.istio-system.svc.cluster.local EOFFinally, create the
DestinationRuleto grant envoy access to the OTEL Collector:cat <<'EOF' | oc create -f- apiVersion: networking.istio.io/v1 kind: DestinationRule metadata: name: user-collector namespace: istio-system spec: host: user-collector.istio-system.svc.cluster.local trafficPolicy: tls: mode: DISABLE EOF
OpenShift Service Mesh control plane 3.+
The following steps walk us through creating the OpenShift Service Mesh 3.+ control plane with the OpenShift Service Mesh operator based on Sail-operator.
First, create the OpenShift Service Mesh 3 operator subscription:
cat <<'EOF' | oc create -f- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: annotations: {} labels: operators.coreos.com/servicemeshoperator3.openshift-operators: '' operators.coreos.com/servicemeshoperator3.ossm3: '' name: servicemeshoperator3 namespace: openshift-operators spec: channel: stable installPlanApproval: Automatic name: servicemeshoperator3 source: redhat-operators sourceNamespace: openshift-marketplace EOFNext, create the OpenShift Service Mesh 3 Istio CR:
cat <<'EOF' | oc create -f- apiVersion: sailoperator.io/v1 kind: Istio metadata: name: default spec: namespace: istio-system updateStrategy: inactiveRevisionDeletionGracePeriodSeconds: 30 type: InPlace values: global: istioNamespace: istio-system platform: openshift meshConfig: defaultProviders: tracing: - otel discoverySelectors: - matchExpressions: - key: maistra.io/member-of operator: DoesNotExist - key: istio.io/rev operator: Exists extensionProviders: - name: otel opentelemetry: port: 4317 service: user-collector.istio-system.svc.cluster.local - name: zipkin zipkin: port: 9411 service: user-collector.istio-system.svc.cluster.local telemetry: enabled: true v2: enabled: true prometheus: enabled: true version: v1.26-latest EOFThen create the OpenShift Service Mesh 3 Istio
ContainerNetworkInterface(CNI):cat <<'EOF' | oc create -f- apiVersion: sailoperator.io/v1 kind: IstioCNI metadata: name: default spec: namespace: istio-system version: v1.26-latest EOFNext, we’ll have to configure OpenTelemetry to bridge the newly created control planes.
Create a mesh-wide Telemetry
CustomResource(CR):cat <<'EOF' | oc create -f- apiVersion: telemetry.istio.io/v1 kind: Telemetry metadata: name: default namespace: istio-system spec: accessLogging: - providers: - name: envoy metrics: - overrides: - disabled: false providers: - name: prometheus tracing: - providers: - name: zipkin randomSamplingPercentage: 100 EOFNow that we have successfully created and configured our control planes, we are ready to set our migration in motion.
If it doesn't exist, create the
DestinationRuleto grant envoy access to the OTEL collector:cat <<'EOF' | oc create -f- apiVersion: networking.istio.io/v1 kind: DestinationRule metadata: name: user-collector namespace: istio-system spec: host: user-collector.istio-system.svc.cluster.local trafficPolicy: tls: mode: DISABLE EOF
Now that we have completed all the necessary configurations, it’s time for our migration demonstration.
