diff --git a/_topic_map.yml b/_topic_map.yml index 06cac54ea97d..51cc6fd8547c 100644 --- a/_topic_map.yml +++ b/_topic_map.yml @@ -2464,6 +2464,8 @@ Topics: File: customizing-installation-ossm - Name: Performance and scalability File: ossm-performance-scalability + - Name: Deployment models + File: ossm-deploy-mod - Name: Deploying applications on Service Mesh File: prepare-to-deploy-applications-ossm - Name: Data visualization and observability @@ -2495,6 +2497,8 @@ Topics: File: installing-ossm - Name: Customizing the installation File: customizing-installation-ossm + - Name: Deployment models + File: ossm-deploy-mod - Name: Deploying applications on Service Mesh File: prepare-to-deploy-applications-ossm - Name: Data visualization and observability diff --git a/modules/ossm-deploy-mod-multi.adoc b/modules/ossm-deploy-mod-multi.adoc new file mode 100644 index 000000000000..03165ebfd1b5 --- /dev/null +++ b/modules/ossm-deploy-mod-multi.adoc @@ -0,0 +1,30 @@ +// Module included in the following assemblies: +// +// * service_mesh/v1x/ossm-deploy-mod-v1x.adoc +// * service_mesh/v2x/ossm-deploy-mod-v2x.adoc + +[id="ossm-deploy-mod-multi_{context}"] += Multitenant deployment + +Typical service mesh deployments use a single control plane to configure communication between services in the mesh. Multitennant deployments specify the projects that can access the {ProductShortName} and isolate the {ProductShortName} from other control plane instances. + +== Multitennant resources + +You can create your multitennant service mesh by adding a `ServiceMeshMemberRole` resource to your control plane project, which is usually `istio-system`. The `ServiceMeshMemberRole` resource associates the projects in the list with one control plane. Your `ServiceMeshMemberRole` resource can contain can contain one or more projects that make up a service mesh. + +.`ServiceMeshMemberRole` resource example + +[source,yaml] +---- +apiVersion: maistra.io/v1 +kind: ServiceMeshMemberRoll +metadata: + name: default + namespace: istio-system +spec: + members: + # a list of projects joined into the service mesh + - bookinfo + - another-project-name +---- + diff --git a/service_mesh/v1x/ossm-deploy-mod.adoc b/service_mesh/v1x/ossm-deploy-mod.adoc new file mode 100644 index 000000000000..f7134bb6ac02 --- /dev/null +++ b/service_mesh/v1x/ossm-deploy-mod.adoc @@ -0,0 +1,8 @@ +[id="ossm-deploy-mod-v1x"] += Deployment topology models +include::modules/ossm-document-attributes.adoc[] +:context: ossm-deploy-mod-v1x + +{ProductName} supports independent control planes in a cluster. In a typical service mesh deployment, a control plane configures policies and routes traffic, while one or several data planes manage sidecars, which are intelligent proxies that intercept and control traffic. By creating a `ServiceMeshMemberRoll` resource, the control plane can set the policies for many data planes in different projects or namespaces. {ProductName} configures each member project to ensure network access between itself, the control plane, and other member projects. + +include::modules/ossm-deploy-mod-multi.adoc[leveloffset=+1] diff --git a/service_mesh/v1x/ossm-vs-community.adoc b/service_mesh/v1x/ossm-vs-community.adoc index e83eb0454fa2..6bb302783d6c 100644 --- a/service_mesh/v1x/ossm-vs-community.adoc +++ b/service_mesh/v1x/ossm-vs-community.adoc @@ -15,6 +15,7 @@ include::modules/ossm-multitenant.adoc[leveloffset=+1] include::modules/ossm-vs-istio-1x.adoc[leveloffset=+1] -include::modules/ossm-kiali-service-mesh.adoc[leveloffset=+1] +include::modules/ossm-kiali-service-mesh.adoc[leveloffset=+2] + +include::modules/ossm-jaeger-service-mesh.adoc[leveloffset=+2] -include::modules/ossm-jaeger-service-mesh.adoc[leveloffset=+1] diff --git a/service_mesh/v2x/ossm-deploy-mod.adoc b/service_mesh/v2x/ossm-deploy-mod.adoc new file mode 100644 index 000000000000..5ba64748e5e4 --- /dev/null +++ b/service_mesh/v2x/ossm-deploy-mod.adoc @@ -0,0 +1,8 @@ +[id="ossm-deploy-mod-v2x"] += Deployment topology models +include::modules/ossm-document-attributes.adoc[] +:context: ossm-deploy-mod-v2x + +{ProductName} supports independent control planes. In a typical service mesh deployment, a control plane configures policies and routes traffic, while one or several data planes manage sidecars, which are intelligent proxies that intercept and control traffic. By creating a `ServiceMeshMemberRoll` resource, the control plane can set the policies for many data planes in different projects or namespaces. {ProductName} configures each member project to ensure network access between itself, the control plane, and other member projects. + +include::modules/ossm-deploy-mod-multi.adoc[leveloffset=+1] diff --git a/service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc b/service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc index 917570c8606e..0735028e5863 100644 --- a/service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc +++ b/service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc @@ -18,7 +18,6 @@ Do not deploy applications within the {ProductShortName} control plane namespace * Review xref:../../service_mesh/v2x/installing-ossm.adoc#installing-ossm[Installing {ProductName}] - include::modules/ossm-control-plane-profiles.adoc[leveloffset=+1] include::modules/ossm-sidecar-injection.adoc[leveloffset=+1]