Skip to content

Latest commit

 

History

History
88 lines (73 loc) · 2.95 KB

ossm-config-individual-control-plane-infrastructure-node-console.adoc

File metadata and controls

88 lines (73 loc) · 2.95 KB
Raw

Configuring individual control plane components to run on infrastructure nodes using the web console

Perform this task if individual components deployed by the {SMProductShortName} control plane will run on infrastructure nodes. These deployed components include Istiod, the Ingress Gateway, and the Egress Gateway.

If the control plane will run on a worker node, skip this task.

Prerequisites

  • You have installed the {SMProductName} Operator.

  • You are logged in as a user with the cluster-admin role. If you use {product-dedicated}, you are logged in as a user with the dedicated-admin role.

Procedure

  1. Log in to the {product-title} web console.

  2. Navigate to OperatorsInstalled Operators.

  3. Click the {SMProductName} Operator, and then click Istio Service Mesh Control Plane.

  4. Click the name of the control plane resource. For example, basic.

  5. Click YAML.

  6. Add the nodeSelector and tolerations fields to the spec.runtime.components.pilot.pod specification in the ServiceMeshControlPlane resource, as shown in the following example:

    spec:
  runtime:
    components:
      pilot:
        pod:
          nodeSelector: (1)
            node-role.kubernetes.io/infra: ""
          tolerations: (2)
          - effect: NoSchedule
            key: node-role.kubernetes.io/infra
            value: reserved
          - effect: NoExecute
            key: node-role.kubernetes.io/infra
            value: reserved

    1. Ensures that the Istiod pod is only scheduled on an infrastructure node.

    2. Ensures that the pod is accepted by the infrastructure node for execution.

  7. Add the nodeSelector and the tolerations fields to the spec.gateways.ingress.runtime.pod and spec.gateways.egress.runtime.pod specifications in the ServiceMeshControlPlane resource, as shown in the following example:

    spec:
  gateways:
    ingress:
      runtime:
        pod:
          nodeSelector: (1)
            node-role.kubernetes.io/infra: ""
          tolerations: (2)
          - effect: NoSchedule
            key: node-role.kubernetes.io/infra
            value: reserved
          - effect: NoExecute
            key: node-role.kubernetes.io/infra
            value: reserved
    egress:
      runtime:
        pod:
          nodeSelector: (1)
            node-role.kubernetes.io/infra: ""
          tolerations: (2)
          - effect: NoSchedule
            key: node-role.kubernetes.io/infra
            value: reserved
          - effect: NoExecute
            key: node-role.kubernetes.io/infra
            value: reserved

    1. Ensures that the gateway pod is only scheduled on an infrastructure node

    2. Ensures that the pod is accepted by the infrastructure node for execution.

  8. Click Save.

  9. Click Reload.