SRVKE-1419: Document Eventing mTLS with Service Mesh #95
Conversation
|
@pierDipi: This pull request references SRVKE-1419 which is a valid jira issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
✅ Deploy Preview for jazzy-shortbread-5f62b7 ready!
To edit notification comments on pull requests, go to your Netlify site settings. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: pierDipi The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@pierDipi: This pull request references SRVKE-1419 which is a valid jira issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@pierDipi: This pull request references SRVKE-1419 which is a valid jira issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@pierDipi: This pull request references SRVKE-1419 which is a valid jira issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>
pierDipi
force-pushed
the
SRVKE-1419_sm-docs-dev-preview
branch
from
87a98f9 to
fa1308b
Compare
Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>
modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-containersource.adoc
Show resolved
Hide resolved
modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-containersource.adoc
Outdated
Show resolved
Hide resolved
|
|
||
| * You have created a project or have access to a project with the appropriate roles and permissions to create applications and other workloads in {product-title}. | ||
|
|
||
| * Install the {SMProductName} Operator and create a `ServiceMeshControlPlane` resource in the `istio-system` namespace. If you want to use mTLS functionality, you must also set the `spec.security.dataPlane.mtls` field for the `ServiceMeshControlPlane` resource to `true`. |
There was a problem hiding this comment.
If you want to use mTLS functionality, you must also set the
spec.security.dataPlane.mtls
I'm surprised by that. In my testing this was not required. We don't even set this in serverless-operator test suite where we test Service Mesh, as far as I know.
Can you point me to some place where it is used? Thanks
There was a problem hiding this comment.
This is copied / existing content I've not audited
There was a problem hiding this comment.
Alright. Now I see that PeerAuthentication and this piece of config should do the same thing. See https://docs.openshift.com/serverless/1.29/about/serverless-release-notes.html#known-issues-1.26_serverless-release-notes
Anyway, we might need to check that spec.security.dataPlane.mtls really works as expected with Eventing.
There was a problem hiding this comment.
Does that mean we're not testing in CI what we actually suggest in docs?
modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-setup.adoc
Outdated
Show resolved
Hide resolved
modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-setup.adoc
Outdated
Show resolved
Hide resolved
modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-setup.adoc
Outdated
Show resolved
Hide resolved
modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-sinkbinding.adoc
Show resolved
Hide resolved
modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-sinkbinding.adoc
Show resolved
Hide resolved
modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-containersource.adoc
Outdated
Show resolved
Hide resolved
Co-authored-by: Martin Gencur <mgencur@redhat.com>
Co-authored-by: Martin Gencur <mgencur@redhat.com>
| metadata: | ||
| annotations: | ||
| sidecar.istio.io/inject: "true" <2> | ||
| sidecar.istio.io/rewriteAppHTTPProbers: "true" |
There was a problem hiding this comment.
you wanna add some <3> explanation here too?
|
LGTM |
Co-authored-by: Martin Gencur <mgencur@redhat.com>
|
/cc @gabriel-rh @rh-max |
|
@pierDipi: GitHub didn't allow me to request PR reviews from the following users: gabriel-rh, rh-max. Note that only openshift-knative members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
LGTM |
5 participants
This is pretty much a copy paste of openshift/openshift-docs#58391 + defines some attributes that are commonly used on the openshift-docs repository