From dac8fdd5e2277cf0b8b11cf46b29c4662089ccf5 Mon Sep 17 00:00:00 2001 From: Tim O'Keefe Date: Wed, 31 May 2023 14:44:48 -0400 Subject: [PATCH] OSSM-4041: Update infrastructure node content --- ...e-components-and-infrastructure-nodes.adoc | 13 +++ ...ontrol-plane-infrastructure-node-cli.adoc} | 13 ++- ...rol-plane-infrastructure-node-console.adoc | 53 +++++++++++ ...ontrol-plane-infrastructure-node-cli.adoc} | 13 ++- ...rol-plane-infrastructure-node-console.adoc | 88 +++++++++++++++++++ service_mesh/v2x/ossm-create-smcp.adoc | 12 ++- 6 files changed, 181 insertions(+), 11 deletions(-) create mode 100644 modules/ossm-about-control-plane-components-and-infrastructure-nodes.adoc rename modules/{ossm-config-control-plane-infrastructure-node.adoc => ossm-config-control-plane-infrastructure-node-cli.adoc} (60%) create mode 100644 modules/ossm-config-control-plane-infrastructure-node-console.adoc rename modules/{ossm-config-individual-control-plane-infrastructure-node.adoc => ossm-config-individual-control-plane-infrastructure-node-cli.adoc} (76%) create mode 100644 modules/ossm-config-individual-control-plane-infrastructure-node-console.adoc diff --git a/modules/ossm-about-control-plane-components-and-infrastructure-nodes.adoc b/modules/ossm-about-control-plane-components-and-infrastructure-nodes.adoc new file mode 100644 index 000000000000..5fe14134a9bf --- /dev/null +++ b/modules/ossm-about-control-plane-components-and-infrastructure-nodes.adoc @@ -0,0 +1,13 @@ +// Module included in the following assemblies: +// * service_mesh/v2x/ossm-create-smcp.adoc + +:_content-type: CONCEPT +[id="ossm-about-control-plane-components-and-infrastructure-nodes_{context}"] += About control plane components and infrastructure nodes + +Infrastructure nodes provide a way to isolate infrastructure workloads for two primary purposes: + +* To prevent incurring billing costs against subscription counts +* To separate maintenance and management of infrastructure workloads + +You can configure some or all of the {SMProductShortName} control plane components to run on infrastructure nodes. diff --git a/modules/ossm-config-control-plane-infrastructure-node.adoc b/modules/ossm-config-control-plane-infrastructure-node-cli.adoc similarity index 60% rename from modules/ossm-config-control-plane-infrastructure-node.adoc rename to modules/ossm-config-control-plane-infrastructure-node-cli.adoc index 6f9a0263e9ed..ace598370469 100644 --- a/modules/ossm-config-control-plane-infrastructure-node.adoc +++ b/modules/ossm-config-control-plane-infrastructure-node-cli.adoc @@ -3,12 +3,17 @@ // * service_mesh/v2x/ossm-deployment-models.adoc :_content-type: PROCEDURE -[id="ossm-config-control-plane-infrastructure-node_{context}"] -= Configuring all {SMProductShortName} control plane components to run on infrastructure nodes +[id="ossm-config-control-plane-infrastructure-node-cli_{context}"] += Configuring all control plane components to run on infrastructure nodes using the CLI -This task should only be performed if all of the components deployed by the {SMProductShortName} control plane (including Istiod, Ingress Gateway, and Egress Gateway) along with optional elements (such as Prometheus, Grafana, and Distributed Tracing) are running on infrastructure nodes. +Perform this task if all of the components deployed by the {SMProductShortName} control plane will run on infrastructure nodes. These deployed components include Istiod, Ingress Gateway, and Egress Gateway, and optional applications such as Prometheus, Grafana, and Distributed Tracing. -If the control plane runs on a worker node, skip this task. +If the control plane will run on a worker node, skip this task. + +.Prerequisites + +* You have installed the {SMProductName} Operator. +* You are logged in as a user with the `cluster-admin` role. If you use {product-dedicated}, you are logged in as a user with the `dedicated-admin` role. .Procedure diff --git a/modules/ossm-config-control-plane-infrastructure-node-console.adoc b/modules/ossm-config-control-plane-infrastructure-node-console.adoc new file mode 100644 index 000000000000..0ce0922ce9d1 --- /dev/null +++ b/modules/ossm-config-control-plane-infrastructure-node-console.adoc @@ -0,0 +1,53 @@ +// Module included in the following assemblies: +// +// * service_mesh/v2x/ossm-deployment-models.adoc + +:_content-type: PROCEDURE +[id="ossm-config-control-plane-infrastructure-node-console_{context}"] += Configuring all control plane components to run on infrastructure nodes using the web console + +Perform this task if all of the components deployed by the {SMProductShortName} control plane will run on infrastructure nodes. These deployed components include Istiod, Ingress Gateway, and Egress Gateway, and optional applications such as Prometheus, Grafana, and Distributed Tracing. + +If the control plane will run on a worker node, skip this task. + +.Prerequisites + +* You have installed the {SMProductName} Operator. +* You are logged in as a user with the `cluster-admin` role. If you use {product-dedicated}, you are logged in as a user with the `dedicated-admin` role. + +.Procedure + +. Log in to the {product-title} web console. + +. Navigate to *Operators* -> *Installed Operators*. + +. Click the {SMProductName} Operator, and then click *Istio Service Mesh Control Plane*. + +. Click the name of the control plane resource. For example, `basic`. + +. Click *YAML*. + +. Add the `nodeSelector` and `tolerations` fields to the `spec.runtime.defaults.pod` specification in the `ServiceMeshControlPlane` resource, as shown in the following example: ++ +[source,yaml] +---- +spec: + runtime: + defaults: + pod: + nodeSelector: <1> + node-role.kubernetes.io/infra: "" + tolerations: <2> + - effect: NoSchedule + key: node-role.kubernetes.io/infra + value: reserved + - effect: NoExecute + key: node-role.kubernetes.io/infra + value: reserved +---- +<1> Ensures that the `ServiceMeshControlPlane` pod is only scheduled on an infrastructure node. +<2> Ensures that the pod is accepted by the infrastructure node for execution. + +. Click *Save*. + +. Click *Reload*. \ No newline at end of file diff --git a/modules/ossm-config-individual-control-plane-infrastructure-node.adoc b/modules/ossm-config-individual-control-plane-infrastructure-node-cli.adoc similarity index 76% rename from modules/ossm-config-individual-control-plane-infrastructure-node.adoc rename to modules/ossm-config-individual-control-plane-infrastructure-node-cli.adoc index f525cc2be391..69422c22d337 100644 --- a/modules/ossm-config-individual-control-plane-infrastructure-node.adoc +++ b/modules/ossm-config-individual-control-plane-infrastructure-node-cli.adoc @@ -3,13 +3,18 @@ // * service_mesh/v2x/ossm-deployment-models.adoc :_content-type: PROCEDURE -[id="ossm-config-individual-control-plane-infrastructure-node_{context}"] -= Configuring individual {SMProductShortName} control plane components to run on infrastructure nodes +[id="ossm-config-individual-control-plane-infrastructure-node-cli_{context}"] += Configuring individual control plane components to run on infrastructure nodes using the CLI -This task should only be performed if individual {SMProductShortName} control plane components (such as Istiod, the Ingress Gateway, and the Egress Gateway) will run on infrastructure nodes. +Perform this task if individual components deployed by the {SMProductShortName} control plane will run on infrastructure nodes. These deployed components include Istiod, the Ingress Gateway, and the Egress Gateway. If the control plane will run on a worker node, skip this task. +.Prerequisites + +* You have installed the {SMProductName} Operator. +* You are logged in as a user with the `cluster-admin` role. If you use {product-dedicated}, you are logged in as a user with the `dedicated-admin` role. + .Procedure . Open the `ServiceMeshControlPlane` resource as a YAML file. @@ -39,7 +44,7 @@ spec: key: node-role.kubernetes.io/infra value: reserved ---- -<1> Ensures that the Istiod pod is only scheduled on an infrastructure node. +<1> Ensures that the `Istiod` pod is only scheduled on an infrastructure node. <2> Ensures that the pod is accepted by the infrastructure node. . To run Ingress and Egress Gateways on infrastructure nodes, add the `nodeSelector` and the `tolerations` fields to the `spec.gateways.ingress.runtime.pod` spec and the `spec.gateways.egress.runtime.pod` spec in the `ServiceMeshControlPlane` resource. diff --git a/modules/ossm-config-individual-control-plane-infrastructure-node-console.adoc b/modules/ossm-config-individual-control-plane-infrastructure-node-console.adoc new file mode 100644 index 000000000000..af697dfc4511 --- /dev/null +++ b/modules/ossm-config-individual-control-plane-infrastructure-node-console.adoc @@ -0,0 +1,88 @@ +// Module included in the following assemblies: +// +// * service_mesh/v2x/ossm-deployment-models.adoc + +:_content-type: PROCEDURE +[id="ossm-config-individual-control-plane-infrastructure-node-console_{context}"] += Configuring individual control plane components to run on infrastructure nodes using the web console + +Perform this task if individual components deployed by the {SMProductShortName} control plane will run on infrastructure nodes. These deployed components include Istiod, the Ingress Gateway, and the Egress Gateway. + +If the control plane will run on a worker node, skip this task. + +.Prerequisites + +* You have installed the {SMProductName} Operator. +* You are logged in as a user with the `cluster-admin` role. If you use {product-dedicated}, you are logged in as a user with the `dedicated-admin` role. + +.Procedure + +. Log in to the {product-title} web console. + +. Navigate to *Operators* -> *Installed Operators*. + +. Click the {SMProductName} Operator, and then click *Istio Service Mesh Control Plane*. + +. Click the name of the control plane resource. For example, `basic`. + +. Click *YAML*. + +. Add the `nodeSelector` and `tolerations` fields to the `spec.runtime.components.pilot.pod` specification in the `ServiceMeshControlPlane` resource, as shown in the following example: ++ +[source,yaml] +---- +spec: + runtime: + components: + pilot: + pod: + nodeSelector: <1> + node-role.kubernetes.io/infra: "" + tolerations: <2> + - effect: NoSchedule + key: node-role.kubernetes.io/infra + value: reserved + - effect: NoExecute + key: node-role.kubernetes.io/infra + value: reserved +---- +<1> Ensures that the `Istiod` pod is only scheduled on an infrastructure node. +<2> Ensures that the pod is accepted by the infrastructure node for execution. + +. Add the `nodeSelector` and the `tolerations` fields to the `spec.gateways.ingress.runtime.pod` and `spec.gateways.egress.runtime.pod` specifications in the `ServiceMeshControlPlane` resource, as shown in the following example: ++ +[source,yaml] +---- +spec: + gateways: + ingress: + runtime: + pod: + nodeSelector: <1> + node-role.kubernetes.io/infra: "" + tolerations: <2> + - effect: NoSchedule + key: node-role.kubernetes.io/infra + value: reserved + - effect: NoExecute + key: node-role.kubernetes.io/infra + value: reserved + egress: + runtime: + pod: + nodeSelector: <1> + node-role.kubernetes.io/infra: "" + tolerations: <2> + - effect: NoSchedule + key: node-role.kubernetes.io/infra + value: reserved + - effect: NoExecute + key: node-role.kubernetes.io/infra + value: reserved +---- +<1> Ensures that the gateway pod is only scheduled on an infrastructure node +<2> Ensures that the pod is accepted by the infrastructure node for execution. + +. Click *Save*. + +. Click *Reload*. \ No newline at end of file diff --git a/service_mesh/v2x/ossm-create-smcp.adoc b/service_mesh/v2x/ossm-create-smcp.adoc index b4870a52fc5b..5aca0610a7cf 100644 --- a/service_mesh/v2x/ossm-create-smcp.adoc +++ b/service_mesh/v2x/ossm-create-smcp.adoc @@ -14,11 +14,17 @@ include::modules/ossm-control-plane-cli.adoc[leveloffset=+2] include::modules/ossm-validate-smcp-cli.adoc[leveloffset=+2] -include::modules/ossm-config-control-plane-infrastructure-node.adoc[leveloffset=+1] +include::modules/ossm-about-control-plane-components-and-infrastructure-nodes.adoc[leveloffset=+1] -include::modules/ossm-config-individual-control-plane-infrastructure-node.adoc[leveloffset=+1] +include::modules/ossm-config-control-plane-infrastructure-node-console.adoc[leveloffset=+2] -include::modules/ossm-confirm-smcp-infrastructure-node.adoc[leveloffset=+1] +include::modules/ossm-config-individual-control-plane-infrastructure-node-console.adoc[leveloffset=+2] + +include::modules/ossm-config-control-plane-infrastructure-node-cli.adoc[leveloffset=+2] + +include::modules/ossm-config-individual-control-plane-infrastructure-node-cli.adoc[leveloffset=+2] + +include::modules/ossm-confirm-smcp-infrastructure-node.adoc[leveloffset=+2] include::modules/ossm-about-control-plane-and-cluster-wide-deployment.adoc[leveloffset=+1]