[enterprise-4.3] Ior

_topic_map.yml

@@ -1331,6 +1331,8 @@ Topics:
     File: ossm-tutorial-kiali
   - Name: Distributed tracing tutorial
     File: ossm-tutorial-jaeger-tracing
+  - Name: Automatic route creation
+    File: ossm-auto-route
 #  - Name: Grafana tutorial
 #    File: ossm-tutorial-grafana
 #  - Name: Prometheus tutorial

modules/ossm-cr-gateway.adoc

@@ -61,4 +61,8 @@ Here is an example that illustrates the Istio gateway parameters for the `Servic
 |The maximum number of pods to deploy for the ingress gateway based on the `autoscaleEnabled` setting.
 |A valid number of allocatable pods based on your environment's configuration.
 |`5`
+
+|`ior_enabled`
+|Controls whether Automatic Route Creation is enabled.
+|false
 |===

modules/ossm-cr-istio-global.adoc

@@ -17,16 +17,14 @@ In order for the 3scale Istio Adapter to work, `disablePolicyChecks` must be `fa
 ----
   istio:
     global:
-      tag: 1.0.0
+      tag: 1.1.0
       hub: registry.redhat.io/openshift-service-mesh/
       proxy:
         resources:
           requests:
-            cpu: 100m
+            cpu: 10m
             memory: 128Mi
           limits:
-            cpu: 500m
-            memory: 128Mi
       mtls:
         enabled: false
       disablePolicyChecks: true
@@ -52,7 +50,7 @@ In order for the 3scale Istio Adapter to work, `disablePolicyChecks` must be `fa
 |`tag`
 |The tag that the Operator uses to pull the Istio images.
 |A valid container image tag.
-|`1.0.0`
+|`1.1.0`
 
 |`hub`
 |The hub that the Operator uses to pull Istio images.
@@ -80,13 +78,13 @@ These parameters are specific to the proxy subset of global parameters.
 |`cpu`
 |The amount of CPU resources requested for Envoy proxy.
 |CPU resources, specified in cores or millicores (for example, 200m, 0.5, 1) based on your environment’s configuration.
-|`100m`
+|`10m`
 
 |
 |`memory`
 |The amount of memory requested for Envoy proxy
 |Available memory in bytes(for example, 200Ki, 50Mi, 5Gi) based on your environment’s configuration.
-|`128Mi`
+|`1024Mi`
 
 |Limits
 |`cpu`

modules/ossm-cr-mixer.adoc

@@ -17,12 +17,11 @@ mixer:
   telemetry:
     autoscaleEnabled: false
     resources:
+    requests:
+      cpu: 10m
+      memory: 128Mi
       limits:
-        cpu: 500m
-        memory: 4G
-      requests:
-        cpu: 100m
-        memory: 1G
+
 ----
 
 
@@ -60,19 +59,19 @@ mixer:
 |`cpu`
 |The percentage of CPU resources requested for Mixer telemetry.
 |CPU resources in millicores based on your environment's configuration.
-|`100m`
+|`10m`
 
 |
 |`memory`
 |The amount of memory requested for Mixer telemetry.
 |Available memory in bytes (for example, 200Ki, 50Mi, 5Gi) based on your environment’s configuration.
-|`1G`
+|`128Mi`
 
 |Limits
 |`cpu`
 |The maximum percentage of CPU resources Mixer telemetry is permitted to use.
 |CPU resources in millicores based on your environment's configuration.
-|`500m`
+|`4800m`
 
 |
 |`memory`

modules/ossm-cr-pilot.adoc

@@ -26,12 +26,12 @@ Here is an example that illustrates the Istio Pilot parameters for the `ServiceM
 |`cpu`
 |The percentage of CPU resources requested for Pilot.
 |CPU resources in millicores based on your environment's configuration.
-|`500m`
+|`10m`
 
 |`memory`
 |The amount of memory requested for Pilot.
 |Available memory in bytes (for example, 200Ki, 50Mi, 5Gi) based on your environment’s configuration.
-|`2048Mi`
+|`128Mi`
 
 |`autoscaleEnabled`
 |This parameter enables/disables autoscaling. Disable this for small environments.
@@ -42,5 +42,5 @@ Here is an example that illustrates the Istio Pilot parameters for the `ServiceM
 |`traceSampling`
 |This value controls how often random sampling occurs. *Note:* Increase for development or testing.
 |A valid percentage.
-|`100`
+|`1.0`
 |===

modules/ossm-operatorhub-remove.adoc

@@ -137,6 +137,7 @@ Replace `<operator-project>` with the name of the project where the {ProductName
 +
 ----
 $ oc delete validatingwebhookconfiguration/<operator-project>.servicemesh-resources.maistra.io
+$ oc delete mutatingwebhoookconfigurations/<operator-project>.servicemesh-resources.maistra.io
 $ oc delete -n <operator-project> daemonset/istio-node
 $ oc delete clusterrole/istio-admin clusterrole/istio-cni clusterrolebinding/istio-cni
 $ oc get crds -o name | grep '.*\.istio\.io' | xargs -r -n 1 oc delete

modules/ossm-vs-istio.adoc

@@ -89,3 +89,8 @@ spec:
 = The Istio Container Network Interface (CNI) plug-in
 
 {ProductName} includes CNI plug-in, which provides you with an alternate way to configure application pod networking. The CNI plug-in replaces the `init-container` network configuration eliminating the need to grant service accounts and projects access to Security Context Constraints (SCCs) with elevated privileges.
+
+= Envoy, Secret Discovery Service, and Certificates
+
+* {ProductName} does not support QUIC-based services. 
+* Deployment of TLS certificates using the Secret Discovery Service (SDS) functionality of Istio is not currently supported in {ProductName}. The Istio implementation depends on a nodeagent container that uses hostPath mounts.

service_mesh/service_mesh_day_two/ossm-auto-route.adoc

@@ -0,0 +1,68 @@
+[id="ossm-auto-route"]
+= Automatic route creation
+include::modules/ossm-document-attributes.adoc[]
+toc::[]
+
+OpenShift routes for Istio Gateways are automatically managed in {ProductName}. Every time an Istio Gateway is created, updated or deleted inside the service mesh, an OpenShift route is created, updated or deleted. 
+
+[id="ossm-auto-route-enable_{context}"]
+== Enabling Automatic Route Creation
+A {ProductName} control plane component called Istio OpenShift Routing (IOR) synchronizes the gateway route. Enable IOR as part of the control plane deployment.
+
+If the Gateway contains a TLS section, the OpenShift Route will be configured to support TLS.
+
+. In the `ServiceMeshControlPlane` resource, add the `ior_enabled` parameter and set it to `true`. For example, see the following resource snippet:
+
+----
+spec:
+  istio:
+    gateways:
+     istio-egressgateway:
+       autoscaleEnabled: false
+       autoscaleMin: 1
+       autoscaleMax: 5
+     istio-ingressgateway:
+       autoscaleEnabled: false
+       autoscaleMin: 1
+       autoscaleMax: 5
+       ior_enabled: true
+----
+
+For more information, see xref:../../service_mesh/service_mesh_install/customizing-installation-ossm.adoc#ossm-cr-gateway_customizing-installation-ossm[Istio gateway configuration].
+
+[id="ossm-auto-route-subdomains_{context}"]
+== Subdomains
+
+{ProductName} creates the route with the subdomain, but {product-title} must be configured to enable it. Subdomains, for example `*.domain.com`, are supported but not by default. Cluster administrators can refer to the {product-title} documentation for instructions on how to enable subdomains.
+
+For example, if the following gateway is created:
+
+----
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: gateway1
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+  - port:
+      number: 80
+      name: http
+      protocol: HTTP
+    hosts:
+    - www.bookinfo.com
+    - bookinfo.example.com
+----
+
+Then, the following OpenShift Routes are created automatically. You can check that the routes are created with the following command.
+
+----
+$ oc -n <your-control-plane-namespace> get routes
+NAME           HOST/PORT             PATH  SERVICES               PORT  TERMINATION   WILDCARD
+gateway1-lvlfn bookinfo.example.com        istio-ingressgateway   <all>               None
+gateway1-scqhv www.bookinfo.com            istio-ingressgateway   <all>               None
+----
+
+If the gateway is deleted, {ProductName} deletes the routes. However, routes created manually are never modified by {ProductName}.
+