OSSMDOC-217: topology topic

_topic_map.yml

@@ -2464,6 +2464,8 @@ Topics:
     File: customizing-installation-ossm
   - Name: Performance and scalability
     File: ossm-performance-scalability
+  - Name: Deployment models
+    File: ossm-deploy-mod
   - Name: Deploying applications on Service Mesh
     File: prepare-to-deploy-applications-ossm
   - Name: Data visualization and observability
@@ -2495,6 +2497,8 @@ Topics:
     File: installing-ossm
   - Name: Customizing the installation
     File: customizing-installation-ossm
+  - Name: Deployment models
+    File: ossm-deploy-mod
   - Name: Deploying applications on Service Mesh
     File: prepare-to-deploy-applications-ossm
   - Name: Data visualization and observability

modules/ossm-deploy-mod-multi.adoc

@@ -0,0 +1,30 @@
+// Module included in the following assemblies:
+//
+// * service_mesh/v1x/ossm-deploy-mod-v1x.adoc
+// * service_mesh/v2x/ossm-deploy-mod-v2x.adoc
+
+[id="ossm-deploy-mod-multi_{context}"]
+= Multitenant deployment
+
+Typical service mesh deployments use a single control plane to configure communication between services in the mesh. Multitennant deployments specify the projects that can access the {ProductShortName} and isolate the {ProductShortName} from other control plane instances. 
+
+== Multitennant resources
+
+You can create your multitennant service mesh by adding a `ServiceMeshMemberRole` resource to your control plane project, which is usually `istio-system`. The `ServiceMeshMemberRole` resource associates the projects in the list with one control plane. Your `ServiceMeshMemberRole` resource can contain can contain one or more projects that make up a service mesh.
+
+.`ServiceMeshMemberRole` resource example
+
+[source,yaml]
+----
+apiVersion: maistra.io/v1
+kind: ServiceMeshMemberRoll
+metadata:
+  name: default
+  namespace: istio-system
+spec:
+  members:
+    # a list of projects joined into the service mesh
+    - bookinfo
+    - another-project-name
+----
+

service_mesh/v1x/ossm-deploy-mod.adoc

@@ -0,0 +1,8 @@
+[id="ossm-deploy-mod-v1x"]
+= Deployment topology models
+include::modules/ossm-document-attributes.adoc[]
+:context: ossm-deploy-mod-v1x
+
+{ProductName} supports independent control planes in a cluster. In a typical service mesh deployment, a control plane configures policies and routes traffic, while one or several data planes manage sidecars, which are intelligent proxies that intercept and control traffic. By creating a `ServiceMeshMemberRoll` resource, the control plane can set the policies for many data planes in different projects or namespaces. {ProductName} configures each member project to ensure network access between itself, the control plane, and other member projects. 
+
+include::modules/ossm-deploy-mod-multi.adoc[leveloffset=+1]

service_mesh/v1x/ossm-vs-community.adoc

@@ -15,6 +15,7 @@ include::modules/ossm-multitenant.adoc[leveloffset=+1]
 
 include::modules/ossm-vs-istio-1x.adoc[leveloffset=+1]
 
-include::modules/ossm-kiali-service-mesh.adoc[leveloffset=+1]
+include::modules/ossm-kiali-service-mesh.adoc[leveloffset=+2]
+
+include::modules/ossm-jaeger-service-mesh.adoc[leveloffset=+2]
 
-include::modules/ossm-jaeger-service-mesh.adoc[leveloffset=+1]

service_mesh/v2x/ossm-deploy-mod.adoc

@@ -0,0 +1,8 @@
+[id="ossm-deploy-mod-v2x"]
+= Deployment topology models
+include::modules/ossm-document-attributes.adoc[]
+:context: ossm-deploy-mod-v2x
+
+{ProductName} supports independent control planes. In a typical service mesh deployment, a control plane configures policies and routes traffic, while one or several data planes manage sidecars, which are intelligent proxies that intercept and control traffic. By creating a `ServiceMeshMemberRoll` resource, the control plane can set the policies for many data planes in different projects or namespaces. {ProductName} configures each member project to ensure network access between itself, the control plane, and other member projects. 
+
+include::modules/ossm-deploy-mod-multi.adoc[leveloffset=+1]

service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc

@@ -18,7 +18,6 @@ Do not deploy applications within the {ProductShortName} control plane namespace
 
 * Review xref:../../service_mesh/v2x/installing-ossm.adoc#installing-ossm[Installing {ProductName}]
 
-
 include::modules/ossm-control-plane-profiles.adoc[leveloffset=+1]
 
 include::modules/ossm-sidecar-injection.adoc[leveloffset=+1]