Skip to content

THREESCALE-7919: Added content for the DestinationRule custom resource. #46998

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

THREESCALE-7919: Added content for the DestinationRule custom resource. #46998

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c8ef0e3
Added content for the DestinationRule custom resource.
dfennessy Jun 23, 2022
b8e00ca
Merge branch 'main' into 7919-ProvideDestinationRuleServiceEntry
dfennessy Jun 23, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 37 additions & 5 deletions modules/ossm-threescale-applying-external-service-entry-objects.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,15 @@
[id="ossm-threescale-applying-external-service-entry-objects_{context}"]
= Applying 3scale external ServiceEntry objects

To have the `threescale-wasm-auth` module authorize requests against 3scale, the module must have access to 3scale services. You can accomplish this within {SMProductName} and Istio by applying an external `ServiceEntry` object.
To have the `threescale-wasm-auth` module authorize requests against 3scale, the module must have access to 3scale services. You can accomplish this within {ProductName} and Istio by applying an external `ServiceEntry` object and a corresponding `DestinationRule` object for TLS configuration to use the HTTPS protocol.

The custom resources set up the service entries for access from within {SMProductShortName} to 3scale Hosted (SaaS) for the backend and system components of the Service Management API and the Account Management API. The Service Management API receives queries for the authorization status of each request. The Account Management API provides API management configuration settings for your services.
The custom resources set up the service entries and destination rules for secure access from within {ProductShortName} to 3scale Hosted (SaaS) for the backend and system components of the Service Management API and the Account Management API. The Service Management API receives queries for the authorization status of each request. The Account Management API provides API management configuration settings for your services.

.Procedure

* Apply the following external `ServiceEntry` custom resources to your cluster:
* Apply the following external `ServiceEntry` and related `DestinationRule` custom resources to your cluster:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this is a procedure, shouldn't this be formatted as numbered steps instead of a bulleted list?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's a single step. Does a single step need numbering?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updating four different files is a single step? Unless you can do this with a single command, I'd say this is four different steps.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @JStickler

+
.Custom resource for 3scale Hosted backend
.`ServiceEntry` custom resource for 3scale Hosted backend
[source,terminal]
----
apiVersion: networking.istio.io/v1beta1
Expand All @@ -32,7 +32,7 @@ spec:
resolution: DNS
----
+
.Custom resource for 3scale Hosted system
.`ServiceEntry` custom resource for 3scale Hosted system
[source,terminal]
----
apiVersion: networking.istio.io/v1beta1
Expand All @@ -49,6 +49,37 @@ spec:
location: MESH_EXTERNAL
resolution: DNS
----
+
.`DestinationRule` custom resource for 3scale Hosted backend
[source,terminal]
----
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: threescale-saas-backend
spec:
host: su1.3scale.net
trafficPolicy:
tls:
mode: SIMPLE
sni: su1.3scale.net
----
+
.`DestinationRule` custom resource for 3scale Hosted system
[source,terminal]
----
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: threescale-saas-system
spec:
host: multitenant.3scale.net
trafficPolicy:
tls:
mode: SIMPLE
sni: multitenant.3scale.net
----

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Line 84 - The flow here might be better if you said something like, "Use the following command to apply external ServiceEntry and related DestinationRule custom resources to your cluster." list the commands, and the after the commands list the YAML files.

Line 100 "To do this, change the location of these services in the custom resources." these services is vague, we should be clear about which services should be moved to achieve the goal here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @JStickler

@rahulanand16nov
Can I get clarification on the following lines regarding "these services":

Alternatively, you can deploy an in-mesh 3scale service. To do this, change the location of these services in the CRs.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dfennessy Here, we are using the URL for the 3scale SaaS version, but it doesn't have to be; users can deploy their 3scale and use links to that deployment.

+
You can use the `oc apply` command with either of the following methods to apply the objects:

Expand All @@ -71,3 +102,4 @@ Alternatively, you can deploy an in-mesh 3scale service. To do this, change the
[role="_additional-resources"]
.Additional resources
* xref:../../service_mesh/v2x/ossm-traffic-manage.adoc#ossm-routing-se_routing-traffic[`ServiceEntry` documentation]
* link:https://istio.io/v1.9/docs/reference/config/networking/destination-rule[`DestinationRule` documentation]