Merge pull request #60744 from rh-tokeefe/OSSM-4041

OSSM-4041: Update infrastructure node content
openshift · Jun 28, 2023 · c7de1e0 · c7de1e0
2 parents 8894df2 + dac8fdd
commit c7de1e0
Show file tree

Hide file tree

Showing 6 changed files with 181 additions and 11 deletions.
diff --git a/modules/ossm-about-control-plane-components-and-infrastructure-nodes.adoc b/modules/ossm-about-control-plane-components-and-infrastructure-nodes.adoc
@@ -0,0 +1,13 @@
+// Module included in the following assemblies:
+// * service_mesh/v2x/ossm-create-smcp.adoc
+
+:_content-type: CONCEPT
+[id="ossm-about-control-plane-components-and-infrastructure-nodes_{context}"]
+= About control plane components and infrastructure nodes
+
+Infrastructure nodes provide a way to isolate infrastructure workloads for two primary purposes:
+
+* To prevent incurring billing costs against subscription counts
+* To separate maintenance and management of infrastructure workloads
+
+You can configure some or all of the {SMProductShortName} control plane components to run on infrastructure nodes. 
diff --git a/...ig-control-plane-infrastructure-node.adoc → ...ontrol-plane-infrastructure-node-cli.adoc b/...ig-control-plane-infrastructure-node.adoc → ...ontrol-plane-infrastructure-node-cli.adoc
@@ -3,12 +3,17 @@
 // * service_mesh/v2x/ossm-deployment-models.adoc
 
 :_content-type: PROCEDURE
-[id="ossm-config-control-plane-infrastructure-node_{context}"]
-= Configuring all {SMProductShortName} control plane components to run on infrastructure nodes
+[id="ossm-config-control-plane-infrastructure-node-cli_{context}"]
+= Configuring all control plane components to run on infrastructure nodes using the CLI
 
-This task should only be performed if all of the components deployed by the {SMProductShortName} control plane (including Istiod, Ingress Gateway, and Egress Gateway) along with optional elements (such as Prometheus, Grafana, and Distributed Tracing) are running on infrastructure nodes. 
+Perform this task if all of the components deployed by the {SMProductShortName} control plane will run on infrastructure nodes. These deployed components include Istiod, Ingress Gateway, and Egress Gateway, and optional applications such as Prometheus, Grafana, and Distributed Tracing. 
 
-If the control plane runs on a worker node, skip this task.
+If the control plane will run on a worker node, skip this task.
+
+.Prerequisites
+
+* You have installed the {SMProductName} Operator.
+* You are logged in as a user with the `cluster-admin` role. If you use {product-dedicated}, you are logged in as a user with the `dedicated-admin` role.
 
 .Procedure
 

diff --git a/modules/ossm-config-control-plane-infrastructure-node-console.adoc b/modules/ossm-config-control-plane-infrastructure-node-console.adoc
@@ -0,0 +1,53 @@
+// Module included in the following assemblies:
+//
+// * service_mesh/v2x/ossm-deployment-models.adoc
+
+:_content-type: PROCEDURE
+[id="ossm-config-control-plane-infrastructure-node-console_{context}"]
+= Configuring all control plane components to run on infrastructure nodes using the web console
+
+Perform this task if all of the components deployed by the {SMProductShortName} control plane will run on infrastructure nodes. These deployed components include Istiod, Ingress Gateway, and Egress Gateway, and optional applications such as Prometheus, Grafana, and Distributed Tracing. 
+
+If the control plane will run on a worker node, skip this task.
+
+.Prerequisites
+
+* You have installed the {SMProductName} Operator.
+* You are logged in as a user with the `cluster-admin` role. If you use {product-dedicated}, you are logged in as a user with the `dedicated-admin` role.
+
+.Procedure
+
+. Log in to the {product-title} web console.
+
+. Navigate to *Operators* -> *Installed Operators*.
+
+. Click the {SMProductName} Operator, and then click *Istio Service Mesh Control Plane*.
+
+. Click the name of the control plane resource. For example, `basic`.
+
+. Click *YAML*.
+
+. Add the `nodeSelector` and `tolerations` fields to the `spec.runtime.defaults.pod` specification in the `ServiceMeshControlPlane` resource, as shown in the following example:
++
+[source,yaml]
+----
+spec:
+  runtime:
+    defaults:
+      pod:
+        nodeSelector: <1>
+          node-role.kubernetes.io/infra: ""
+        tolerations: <2>
+        - effect: NoSchedule
+          key: node-role.kubernetes.io/infra
+          value: reserved
+        - effect: NoExecute
+          key: node-role.kubernetes.io/infra
+          value: reserved
+----
+<1> Ensures that the `ServiceMeshControlPlane` pod is only scheduled on an infrastructure node.
+<2> Ensures that the pod is accepted by the infrastructure node for execution.
+
+. Click *Save*.
+
+. Click *Reload*.
diff --git a/...al-control-plane-infrastructure-node.adoc → ...ontrol-plane-infrastructure-node-cli.adoc b/...al-control-plane-infrastructure-node.adoc → ...ontrol-plane-infrastructure-node-cli.adoc
@@ -3,13 +3,18 @@
 // * service_mesh/v2x/ossm-deployment-models.adoc
 
 :_content-type: PROCEDURE
-[id="ossm-config-individual-control-plane-infrastructure-node_{context}"]
-= Configuring individual {SMProductShortName} control plane components to run on infrastructure nodes
+[id="ossm-config-individual-control-plane-infrastructure-node-cli_{context}"]
+= Configuring individual control plane components to run on infrastructure nodes using the CLI
 
-This task should only be performed if individual {SMProductShortName} control plane components (such as Istiod, the Ingress Gateway, and the Egress Gateway) will run on infrastructure nodes. 
+Perform this task if individual components deployed by the {SMProductShortName} control plane will run on infrastructure nodes. These deployed components include Istiod, the Ingress Gateway, and the Egress Gateway. 
 
 If the control plane will run on a worker node, skip this task.
 
+.Prerequisites
+
+* You have installed the {SMProductName} Operator.
+* You are logged in as a user with the `cluster-admin` role. If you use {product-dedicated}, you are logged in as a user with the `dedicated-admin` role.
+
 .Procedure
 
 . Open the `ServiceMeshControlPlane` resource as a YAML file.
@@ -39,7 +44,7 @@ spec:
             key: node-role.kubernetes.io/infra
             value: reserved
 ----
-<1> Ensures that the Istiod pod is only scheduled on an infrastructure node.
+<1> Ensures that the `Istiod` pod is only scheduled on an infrastructure node.
 <2> Ensures that the pod is accepted by the infrastructure node.
 
 . To run Ingress and Egress Gateways on infrastructure nodes, add the `nodeSelector` and the `tolerations` fields to the `spec.gateways.ingress.runtime.pod` spec and the `spec.gateways.egress.runtime.pod` spec in the `ServiceMeshControlPlane` resource.

diff --git a/modules/ossm-config-individual-control-plane-infrastructure-node-console.adoc b/modules/ossm-config-individual-control-plane-infrastructure-node-console.adoc
@@ -0,0 +1,88 @@
+// Module included in the following assemblies:
+//
+// * service_mesh/v2x/ossm-deployment-models.adoc
+
+:_content-type: PROCEDURE
+[id="ossm-config-individual-control-plane-infrastructure-node-console_{context}"]
+= Configuring individual control plane components to run on infrastructure nodes using the web console
+
+Perform this task if individual components deployed by the {SMProductShortName} control plane will run on infrastructure nodes. These deployed components include Istiod, the Ingress Gateway, and the Egress Gateway.
+
+If the control plane will run on a worker node, skip this task.
+
+.Prerequisites
+
+* You have installed the {SMProductName} Operator.
+* You are logged in as a user with the `cluster-admin` role. If you use {product-dedicated}, you are logged in as a user with the `dedicated-admin` role.
+
+.Procedure
+
+. Log in to the {product-title} web console.
+
+. Navigate to *Operators* -> *Installed Operators*.
+
+. Click the {SMProductName} Operator, and then click *Istio Service Mesh Control Plane*.
+
+. Click the name of the control plane resource. For example, `basic`.
+
+. Click *YAML*.
+
+. Add the `nodeSelector` and `tolerations` fields to the `spec.runtime.components.pilot.pod` specification in the `ServiceMeshControlPlane` resource, as shown in the following example:
++
+[source,yaml]
+----
+spec:
+  runtime:
+    components:
+      pilot:
+        pod:
+          nodeSelector: <1>
+            node-role.kubernetes.io/infra: ""
+          tolerations: <2>
+          - effect: NoSchedule
+            key: node-role.kubernetes.io/infra
+            value: reserved
+          - effect: NoExecute
+            key: node-role.kubernetes.io/infra
+            value: reserved
+----
+<1> Ensures that the `Istiod` pod is only scheduled on an infrastructure node.
+<2> Ensures that the pod is accepted by the infrastructure node for execution.
+
+. Add the `nodeSelector` and the `tolerations` fields to the `spec.gateways.ingress.runtime.pod` and `spec.gateways.egress.runtime.pod` specifications in the `ServiceMeshControlPlane` resource, as shown in the following example:
++
+[source,yaml]
+----
+spec:
+  gateways:
+    ingress:
+      runtime:
+        pod:
+          nodeSelector: <1>
+            node-role.kubernetes.io/infra: ""
+          tolerations: <2>
+          - effect: NoSchedule
+            key: node-role.kubernetes.io/infra
+            value: reserved
+          - effect: NoExecute
+            key: node-role.kubernetes.io/infra
+            value: reserved
+    egress:
+      runtime:
+        pod:
+          nodeSelector: <1>
+            node-role.kubernetes.io/infra: ""
+          tolerations: <2>
+          - effect: NoSchedule
+            key: node-role.kubernetes.io/infra
+            value: reserved
+          - effect: NoExecute
+            key: node-role.kubernetes.io/infra
+            value: reserved
+----
+<1> Ensures that the gateway pod is only scheduled on an infrastructure node
+<2> Ensures that the pod is accepted by the infrastructure node for execution.
+
+. Click *Save*.
+
+. Click *Reload*.
diff --git a/service_mesh/v2x/ossm-create-smcp.adoc b/service_mesh/v2x/ossm-create-smcp.adoc
@@ -14,11 +14,17 @@ include::modules/ossm-control-plane-cli.adoc[leveloffset=+2]
 
 include::modules/ossm-validate-smcp-cli.adoc[leveloffset=+2]
 
-include::modules/ossm-config-control-plane-infrastructure-node.adoc[leveloffset=+1]
+include::modules/ossm-about-control-plane-components-and-infrastructure-nodes.adoc[leveloffset=+1]
 
-include::modules/ossm-config-individual-control-plane-infrastructure-node.adoc[leveloffset=+1]
+include::modules/ossm-config-control-plane-infrastructure-node-console.adoc[leveloffset=+2]
 
-include::modules/ossm-confirm-smcp-infrastructure-node.adoc[leveloffset=+1]
+include::modules/ossm-config-individual-control-plane-infrastructure-node-console.adoc[leveloffset=+2]
+
+include::modules/ossm-config-control-plane-infrastructure-node-cli.adoc[leveloffset=+2]
+
+include::modules/ossm-config-individual-control-plane-infrastructure-node-cli.adoc[leveloffset=+2]
+
+include::modules/ossm-confirm-smcp-infrastructure-node.adoc[leveloffset=+2]
 
 include::modules/ossm-about-control-plane-and-cluster-wide-deployment.adoc[leveloffset=+1]