From fa1308b8bcac1c721260ac591427b4beeb9a9e79 Mon Sep 17 00:00:00 2001 From: Pierangelo Di Pilato Date: Mon, 12 Jun 2023 11:45:01 +0200 Subject: [PATCH 1/6] SRVKE-1419: Document Eventing mTLS with Service Mesh Signed-off-by: Pierangelo Di Pilato --- antora.yml | 5 + modules/ROOT/nav.adoc | 5 + ...eventing-service-mesh-containersource.adoc | 123 ++++++ .../eventing-service-mesh-setup.adoc | 382 ++++++++++++++++++ .../eventing-service-mesh-sinkbinding.adoc | 165 ++++++++ 5 files changed, 680 insertions(+) create mode 100644 modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-containersource.adoc create mode 100644 modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-setup.adoc create mode 100644 modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-sinkbinding.adoc diff --git a/antora.yml b/antora.yml index e66ff653..0e2d5dba 100644 --- a/antora.yml +++ b/antora.yml @@ -6,6 +6,11 @@ nav: start_ROOT: 'ROOT:index.adoc' asciidoc: attributes: + smproductshortname: Service Mesh + smproductname: OpenShift Service Mesh + product-title: OpenShift + serverlessoperatorname: OpenShift Serverless Operator + serverlessproductname: OpenShift Serverless product_name: OpenShift Serverless Logic context: OpenShift Serverless Logic kogito_version_redhat: 1.35.0.Final-redhat-00003 diff --git a/modules/ROOT/nav.adoc b/modules/ROOT/nav.adoc index a8fdc603..68c6a652 100644 --- a/modules/ROOT/nav.adoc +++ b/modules/ROOT/nav.adoc @@ -1,4 +1,9 @@ * xref:index.adoc[Overview] +* Serverless Eventing +** Using Eventing with OpenShift Service Mesh +*** xref:serverless-eventing:service-mesh/eventing-service-mesh-setup.adoc[Setup Eventing with OpenShift Service Mesh] +*** xref:serverless-eventing:service-mesh/eventing-service-mesh-containersource.adoc[Using ContainerSource with OpenShift Service Mesh] +*** xref:serverless-eventing:service-mesh/eventing-service-mesh-sinkbinding.adoc[Using SinkBinding with OpenShift Service Mesh] * Serverless Logic ** xref:serverless-logic:about.adoc[About OpenShift Serverless Logic] ** User Guides diff --git a/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-containersource.adoc b/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-containersource.adoc new file mode 100644 index 00000000..a5673f62 --- /dev/null +++ b/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-containersource.adoc @@ -0,0 +1,123 @@ += Using ContainerSource with {SMProductName} +:compat-mode!: +// Metadata: +:description: Using ContainerSource with {SMProductName} + +.Prerequisites + +* You have followed the setup {SMProductShortName} with {ServerlessProductName} procedure + +.Procedure + +. Create a `Service` in a namespace that is member of the `ServiceMeshMemberRoll`: ++ +[source,yaml] +---- +apiVersion: serving.knative.dev/v1 +kind: Service +metadata: + name: event-display + namespace: <1> +spec: + template: + metadata: + annotations: + sidecar.istio.io/inject: "true" <2> + sidecar.istio.io/rewriteAppHTTPProbers: "true" + spec: + containers: + - image: quay.io/openshift-knative/knative-eventing-sources-event-display:latest +---- +<1> A namespace that is member of the `ServiceMeshMemberRoll`. +<2> Injects {SMProductShortName} sidecars into the Knative service pods. + +. Apply the `Service` resource: ++ +[source,terminal] +---- +$ oc apply -f +---- + +. Create a `ContainerSource` in a namespace that is member of the `ServiceMeshMemberRoll` and sink set to the `event-display`: ++ +[source,yaml] +---- +apiVersion: sources.knative.dev/v1 +kind: ContainerSource +metadata: + name: test-heartbeats + namespace: <1> +spec: + template: + metadata: <2> + annotations: + sidecar.istio.io/inject": "true" + sidecar.istio.io/rewriteAppHTTPProbers: "true" + spec: + containers: + # This corresponds to a heartbeats image URI that you have built and published + - image: gcr.io/knative-releases/knative.dev/eventing/cmd/heartbeats + name: heartbeats + args: + - --period=1s + env: + - name: POD_NAME + value: "example-pod" + - name: POD_NAMESPACE + value: "event-test" + sink: + ref: + apiVersion: serving.knative.dev/v1 + kind: Service + name: event-display-service +---- +<1> A namespace that is part of the `ServiceMeshMemberRoll`. +<2> Enables {SMProductShortName} integration with a `ContainerSource` + +. Apply the `ContainerSource` resource: ++ +[source,terminal] +---- +$ oc apply -f +---- + +.Verification + +You can verify that the events were sent to the Knative event sink by looking at the message dumper function logs. + +. Enter the command: ++ +[source,terminal] +---- +$ oc get pods +---- + +. Enter the command: ++ +[source,terminal] +---- +$ oc logs $(oc get pod -o name | grep event-display) -c user-container +---- ++ +.Example output +[source,terminal] +---- +☁️ cloudevents.Event +Validation: valid +Context Attributes, + specversion: 1.0 + type: dev.knative.eventing.samples.heartbeat + source: https://knative.dev/eventing-contrib/cmd/heartbeats/#event-test/mypod + id: 2b72d7bf-c38f-4a98-a433-608fbcdd2596 + time: 2019-10-18T15:23:20.809775386Z + contenttype: application/json +Extensions, + beats: true + heart: yes + the: 42 +Data, + { + "id": 1, + "label": "" + } +---- diff --git a/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-setup.adoc b/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-setup.adoc new file mode 100644 index 00000000..fd0801d2 --- /dev/null +++ b/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-setup.adoc @@ -0,0 +1,382 @@ += Setup Eventing with {SMProductName} +:compat-mode!: +// Metadata: +:description: Setup Eventing with {SMProductName} + +// TODO + +.Prerequisites + +* You have access to an {product-title} account with cluster administrator access. + +* You have created a project or have access to a project with the appropriate roles and permissions to create applications and other workloads in {product-title}. + +* Install the {SMProductName} Operator and create a `ServiceMeshControlPlane` resource in the `istio-system` namespace. If you want to use mTLS functionality, you must also set the `spec.security.dataPlane.mtls` field for the `ServiceMeshControlPlane` resource to `true`. ++ +[IMPORTANT] +==== +Using {ServerlessProductName} with {SMProductShortName} is only supported with {SMProductName} version 2.0.5 or later. +==== + +* Install the {ServerlessOperatorName}. + +* Install the OpenShift CLI (`oc`). + +.Procedure + +. Add the namespaces that you would like to integrate with {SMProductShortName} to the `ServiceMeshMemberRoll` object as members: ++ +[source,yaml] +---- +apiVersion: maistra.io/v1 +kind: ServiceMeshMemberRoll +metadata: + name: default + namespace: istio-system +spec: + members: <1> + - knative-serving + - knative-eventing + - +---- +<1> A list of namespaces to be integrated with {SMProductShortName}. ++ +[IMPORTANT] +==== +This list of namespaces must include the `knative-serving` namespace. +==== + +. Apply the `ServiceMeshMemberRoll` resource: ++ +[source,terminal] +---- +$ oc apply -f +---- + +. Create the necessary gateways so that {SMProductShortName} can accept traffic: ++ +.Example `knative-local-gateway` object using HTTP +[source,yaml] +---- +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: knative-ingress-gateway + namespace: knative-serving +spec: + selector: + istio: ingressgateway + servers: + - port: + number: 443 + name: https + protocol: HTTPS + hosts: + - "*" + tls: + mode: SIMPLE + credentialName: <1> +--- +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: knative-local-gateway + namespace: knative-serving +spec: + selector: + istio: ingressgateway + servers: + - port: + number: 8081 + name: http + protocol: HTTP <2> + hosts: + - "*" +--- +apiVersion: v1 +kind: Service +metadata: + name: knative-local-gateway + namespace: istio-system + labels: + experimental.istio.io/disable-gateway-port-translation: "true" +spec: + type: ClusterIP + selector: + istio: ingressgateway + ports: + - name: http2 + port: 80 + targetPort: 8081 +---- +<1> Add the name of the secret that contains the wildcard certificate. +<2> The `knative-local-gateway` serves HTTP traffic. Using HTTP means that traffic coming from outside of {SMProductShortName}, but using an internal hostname, such as `example.default.svc.cluster.local`, is not encrypted. You can set up encryption for this path by creating another wildcard certificate and an additional gateway that uses a different `protocol` spec. ++ +.Example `knative-local-gateway` object using HTTPS +[source,yaml] +---- +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: knative-local-gateway + namespace: knative-serving +spec: + selector: + istio: ingressgateway + servers: + - port: + number: 443 + name: https + protocol: HTTPS + hosts: + - "*" + tls: + mode: SIMPLE + credentialName: +---- + +. Apply the `Gateway` resources: ++ +[source,terminal] +---- +$ oc apply -f +---- + +. Install Knative Serving by creating the following `KnativeServing` custom resource definition (CRD), which also enables the Istio integration: ++ +[source,yaml] +---- +apiVersion: operator.knative.dev/v1beta1 +kind: KnativeServing +metadata: + name: knative-serving + namespace: knative-serving +spec: + ingress: + istio: + enabled: true <1> + deployments: <2> + - name: activator + annotations: + "sidecar.istio.io/inject": "true" + "sidecar.istio.io/rewriteAppHTTPProbers": "true" + - name: autoscaler + annotations: + "sidecar.istio.io/inject": "true" + "sidecar.istio.io/rewriteAppHTTPProbers": "true" +---- +<1> Enables Istio integration. +<2> Enables sidecar injection for Knative Serving data plane pods. + +. Apply the `KnativeServing` resource: ++ +[source,terminal] +---- +$ oc apply -f +---- + +. Install Knative Eventing by creating the following `KnativeEventing` custom resource definition (CRD), which also enables the Istio integration: ++ +[source,yaml] +---- +apiVersion: operator.knative.dev/v1beta1 +kind: KnativeEventing +metadata: + name: knative-eventing + namespace: knative-eventing +spec: + config: + features: + istio: enabled <1> + workloads: <2> + - name: pingsource-mt-adapter + annotations: + "sidecar.istio.io/inject": "true" + "sidecar.istio.io/rewriteAppHTTPProbers": "true" + - name: imc-dispatcher + annotations: + "sidecar.istio.io/inject": "true" + "sidecar.istio.io/rewriteAppHTTPProbers": "true" + - name: mt-broker-ingress + annotations: + "sidecar.istio.io/inject": "true" + "sidecar.istio.io/rewriteAppHTTPProbers": "true" + - name: mt-broker-filter + annotations: + "sidecar.istio.io/inject": "true" + "sidecar.istio.io/rewriteAppHTTPProbers": "true" +---- +<1> Enables Eventing istio controller to create a `DestinationRule` for each InMemoryChannel or KafkaChannel service. +<2> Enables sidecar injection for Knative Eventing pods. + +. Apply the `KnativeEventing` resource: ++ +[source,terminal] +---- +$ oc apply -f +---- + +. Install Knative Kafka by creating the following `KnativeKafka` custom resource definition (CRD), which also enables the Istio integration: ++ +[source,yaml] +---- +apiVersion: operator.serverless.openshift.io/v1alpha1 +kind: KnativeKafka +metadata: + name: knative-kafka + namespace: knative-eventing +spec: + channel: + enabled: true + bootstrapServers: <1> + source: + enabled: true + broker: + enabled: true + defaultConfig: + bootstrapServers: <1> + numPartitions: + replicationFactor: + sink: + enabled: true + workloads: <2> + - name: kafka-controller + annotations: + "sidecar.istio.io/inject": "true" + "sidecar.istio.io/rewriteAppHTTPProbers": "true" + - name: kafka-broker-receiver + annotations: + "sidecar.istio.io/inject": "true" + "sidecar.istio.io/rewriteAppHTTPProbers": "true" + - name: kafka-broker-dispatcher + annotations: + "sidecar.istio.io/inject": "true" + "sidecar.istio.io/rewriteAppHTTPProbers": "true" + - name: kafka-channel-receiver + annotations: + "sidecar.istio.io/inject": "true" + "sidecar.istio.io/rewriteAppHTTPProbers": "true" + - name: kafka-channel-dispatcher + annotations: + "sidecar.istio.io/inject": "true" + "sidecar.istio.io/rewriteAppHTTPProbers": "true" + - name: kafka-source-dispatcher + annotations: + "sidecar.istio.io/inject": "true" + "sidecar.istio.io/rewriteAppHTTPProbers": "true" + - name: kafka-sink-receiver + annotations: + "sidecar.istio.io/inject": "true" + "sidecar.istio.io/rewriteAppHTTPProbers": "true" +---- +<1> The Apache Kafka cluster URL, for example: `my-cluster-kafka-bootstrap.kafka:9092`. +<2> Enables sidecar injection for Knative Kafka pods. + +. Apply the `KnativeKafka` resource: ++ +[source,terminal] +---- +$ oc apply -f +---- + +. Install `ServiceEntry` to make {SMProductName} aware of the communication between `KnativeKafka` components and an Apache Kafka cluster: ++ +[source,yaml] +---- +apiVersion: networking.istio.io/v1alpha3 +kind: ServiceEntry +metadata: + name: kafka-cluster + namespace: knative-eventing +spec: + hosts: <1> + - + exportTo: + - "." + ports: <2> + - number: 9092 + name: tcp-plain + protocol: TCP + - number: 9093 + name: tcp-tls + protocol: TCP + - number: 9094 + name: tcp-sasl-tls + protocol: TCP + - number: 9095 + name: tcp-sasl-tls + protocol: TCP + - number: 9096 + name: tcp-tls + protocol: TCP + location: MESH_EXTERNAL + resolution: NONE +---- +<1> The list of Apache Kafka cluster hosts, for example: `my-cluster-kafka-bootstrap.kafka`. +<2> Apache Kafka cluster listeners ports. + ++ +[NOTE] +==== +The listed ports in `spec.ports` are example TPC ports and depend on how the Apache Kafka cluster is configured. +==== + +. Apply the `ServiceEntry` resource: ++ +[source,terminal] +---- +$ oc apply -f +---- + +.Verification + +. Create a Knative Service that has sidecar injection enabled and uses a pass-through route: ++ +[source,yaml] +---- +apiVersion: serving.knative.dev/v1 +kind: Service +metadata: + name: + namespace: <1> + annotations: + serving.knative.openshift.io/enablePassthrough: "true" <2> +spec: + template: + metadata: + annotations: + sidecar.istio.io/inject: "true" <3> + sidecar.istio.io/rewriteAppHTTPProbers: "true" + spec: + containers: + - image: +---- +<1> A namespace that is part of the Service Mesh member roll. +<2> Instructs Knative Serving to generate an {product-title} pass-through enabled route, so that the certificates you have generated are served through the ingress gateway directly. +<3> Injects {SMProductShortName} sidecars into the Knative service pods. + +. Apply the `Service` resource: ++ +[source,terminal] +---- +$ oc apply -f +---- + +. Access your serverless application by using a secure connection that is now trusted by the CA: ++ +[source,terminal] +---- +$ curl --cacert root.crt +---- ++ +.Example command +[source,terminal] +---- +$ curl --cacert root.crt https://hello-default.apps.openshift.example.com +---- ++ +.Example output +[source,terminal] +---- +Hello Openshift! +---- diff --git a/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-sinkbinding.adoc b/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-sinkbinding.adoc new file mode 100644 index 00000000..59d42793 --- /dev/null +++ b/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-sinkbinding.adoc @@ -0,0 +1,165 @@ += Using SinkBinding with {SMProductName} +:compat-mode!: +// Metadata: +:description: Using SinkBinding with {SMProductName} + +.Prerequisites + +* You have followed the setup {SMProductShortName} with {ServerlessProductName} procedure + +.Procedure + +. Create a `Service` in a namespace that is member of the `ServiceMeshMemberRoll`: ++ +[source,yaml] +---- +apiVersion: serving.knative.dev/v1 +kind: Service +metadata: + name: event-display + namespace: <1> +spec: + template: + metadata: + annotations: + sidecar.istio.io/inject: "true" <2> + sidecar.istio.io/rewriteAppHTTPProbers: "true" + spec: + containers: + - image: quay.io/openshift-knative/knative-eventing-sources-event-display:latest +---- +<1> A namespace that is member of the `ServiceMeshMemberRoll`. +<2> Injects {SMProductShortName} sidecars into the Knative service pods. + +. Apply the `Service` resource: ++ +[source,terminal] +---- +$ oc apply -f +---- + +. Create a `SinkBinding`: ++ +[source,yaml] +---- +apiVersion: sources.knative.dev/v1alpha1 +kind: SinkBinding +metadata: + name: bind-heartbeat + namespace: <1> +spec: + subject: + apiVersion: batch/v1 + kind: Job <2> + selector: + matchLabels: + app: heartbeat-cron + + sink: + ref: + apiVersion: serving.knative.dev/v1 + kind: Service + name: event-display +---- +<1> A namespace that is member of the `ServiceMeshMemberRoll`. +<2> In this example, any Job with the label `app: heartbeat-cron` will be bound to the event sink. + +. Apply the `SinkBinding` resource: ++ +[source,terminal] +---- +$ oc apply -f +---- + +. Create a `CronJob`: ++ +[source,yaml] +---- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: heartbeat-cron + namespace: <1> +spec: + # Run every minute + schedule: "* * * * *" + jobTemplate: + metadata: + labels: + app: heartbeat-cron + bindings.knative.dev/include: "true" + spec: + template: + metadata: + annotations: + sidecar.istio.io/inject: "true" <2> + sidecar.istio.io/rewriteAppHTTPProbers: "true" + spec: + restartPolicy: Never + containers: + - name: single-heartbeat + image: quay.io/openshift-knative/heartbeats:latest + args: + - --period=1 + env: + - name: ONE_SHOT + value: "true" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +---- +<1> A namespace that is member of the `ServiceMeshMemberRoll`. +<2> Injects {SMProductShortName} sidecars into the `CronJob` pods. + +. Apply the `CronJob` resource: ++ +[source,terminal] +---- +$ oc apply -f +---- + +.Verification + +You can verify that the events were sent to the Knative event sink by looking at the message dumper function logs. + +. Enter the command: ++ +[source,terminal] +---- +$ oc get pods +---- + +. Enter the command: ++ +[source,terminal] +---- +$ oc logs $(oc get pod -o name | grep event-display) -c user-container +---- ++ +.Example output +[source,terminal] +---- +☁️ cloudevents.Event +Validation: valid +Context Attributes, + specversion: 1.0 + type: dev.knative.eventing.samples.heartbeat + source: https://knative.dev/eventing-contrib/cmd/heartbeats/#event-test/mypod + id: 2b72d7bf-c38f-4a98-a433-608fbcdd2596 + time: 2019-10-18T15:23:20.809775386Z + contenttype: application/json +Extensions, + beats: true + heart: yes + the: 42 +Data, + { + "id": 1, + "label": "" + } +---- From 68d6a9585ef0ad326e6fc5003170c65d15b62acb Mon Sep 17 00:00:00 2001 From: Pierangelo Di Pilato Date: Mon, 12 Jun 2023 15:05:59 +0200 Subject: [PATCH 2/6] List all namespaces in important Signed-off-by: Pierangelo Di Pilato --- .../pages/service-mesh/eventing-service-mesh-setup.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-setup.adoc b/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-setup.adoc index fd0801d2..d62d6f68 100644 --- a/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-setup.adoc +++ b/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-setup.adoc @@ -43,7 +43,7 @@ spec: + [IMPORTANT] ==== -This list of namespaces must include the `knative-serving` namespace. +This list of namespaces must include the `knative-serving` and `knative-eventing` namespaces. ==== . Apply the `ServiceMeshMemberRoll` resource: From db44277480d065d9501528e6a15ef75a8f14759d Mon Sep 17 00:00:00 2001 From: Pierangelo Di Pilato Date: Tue, 13 Jun 2023 08:47:13 +0200 Subject: [PATCH 3/6] Use quay.io/openshift-knative/heartbeats --- .../service-mesh/eventing-service-mesh-containersource.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-containersource.adoc b/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-containersource.adoc index a5673f62..f52814da 100644 --- a/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-containersource.adoc +++ b/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-containersource.adoc @@ -56,7 +56,7 @@ spec: spec: containers: # This corresponds to a heartbeats image URI that you have built and published - - image: gcr.io/knative-releases/knative.dev/eventing/cmd/heartbeats + - image: quay.io/openshift-knative/heartbeats name: heartbeats args: - --period=1s From d08321d050df5fe9888ebba81d5931688211933b Mon Sep 17 00:00:00 2001 From: Pierangelo Di Pilato Date: Tue, 13 Jun 2023 09:14:21 +0200 Subject: [PATCH 4/6] It's not a CRD Co-authored-by: Martin Gencur --- .../pages/service-mesh/eventing-service-mesh-setup.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-setup.adoc b/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-setup.adoc index d62d6f68..2448f577 100644 --- a/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-setup.adoc +++ b/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-setup.adoc @@ -142,7 +142,7 @@ spec: $ oc apply -f ---- -. Install Knative Serving by creating the following `KnativeServing` custom resource definition (CRD), which also enables the Istio integration: +. Install Knative Serving by creating the following `KnativeServing` custom resource, which also enables the Istio integration: + [source,yaml] ---- From c3f6aee2eef230282dad74375e51237dab3e7857 Mon Sep 17 00:00:00 2001 From: Pierangelo Di Pilato Date: Tue, 13 Jun 2023 09:14:37 +0200 Subject: [PATCH 5/6] It's not a CRD Co-authored-by: Martin Gencur --- .../pages/service-mesh/eventing-service-mesh-setup.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-setup.adoc b/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-setup.adoc index 2448f577..6577beae 100644 --- a/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-setup.adoc +++ b/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-setup.adoc @@ -175,7 +175,7 @@ spec: $ oc apply -f ---- -. Install Knative Eventing by creating the following `KnativeEventing` custom resource definition (CRD), which also enables the Istio integration: +. Install Knative Eventing by creating the following `KnativeEventing` custom resource, which also enables the Istio integration: + [source,yaml] ---- From fe86bad6c52d1e84dc8d28e3b164d67602feabd2 Mon Sep 17 00:00:00 2001 From: Pierangelo Di Pilato Date: Tue, 13 Jun 2023 09:58:30 +0200 Subject: [PATCH 6/6] It's not a CRD Co-authored-by: Martin Gencur --- .../pages/service-mesh/eventing-service-mesh-setup.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-setup.adoc b/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-setup.adoc index 6577beae..08810339 100644 --- a/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-setup.adoc +++ b/modules/serverless-eventing/pages/service-mesh/eventing-service-mesh-setup.adoc @@ -216,7 +216,7 @@ spec: $ oc apply -f ---- -. Install Knative Kafka by creating the following `KnativeKafka` custom resource definition (CRD), which also enables the Istio integration: +. Install Knative Kafka by creating the following `KnativeKafka` custom resource, which also enables the Istio integration: + [source,yaml] ----