Skip to content

[enterprise-4.6] OSSMDOC-522: Update installation for ROSA. #47870

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jul 15, 2022
Merged

[enterprise-4.6] OSSMDOC-522: Update installation for ROSA. #47870

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
87 changes: 87 additions & 0 deletions modules/ossm-install-rosa.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
////
This module included in the following assemblies:
* service_mesh/v2/ossm-create-smcp.adoc
////

:_content-type: REFERENCE
[id="ossm-install-rosa_{context}"]
= Installing on Red Hat OpenShift Service on AWS (ROSA)

Starting with version 2.2, {SMProductName} supports installation on Red Hat OpenShift Service on AWS (ROSA). This section documents the additional requirements when installing Service Mesh on this platform.

[id="ossm-install-rosa-location_{context}"]
== Installation location

You must create a new namespace, for example `istio-system`, when installing {SMProductName} and creating the `ServiceMeshControlPlane`.

[id="ossm-install-rosa-smcp_{context}"]
== Required control plane configuration

The default configuration in the `ServiceMeshControlPlane` file does not work on a ROSA cluster. You must modify the default SMCP and set `spec.security.identity.type=ThirdParty` when installing on Red Hat OpenShift Service on AWS.

.Example `ServiceMeshControlPlane` resource for ROSA
[source,yaml]
----
apiVersion: maistra.io/v2
kind: ServiceMeshControlPlane
metadata:
name: basic
namespace: istio-system
spec:
version: v2.1
security:
identity:
type: ThirdParty #required setting for ROSA
tracing:
type: Jaeger
sampling: 10000
policy:
type: Istiod
addons:
grafana:
enabled: true
jaeger:
install:
storage:
type: Memory
kiali:
enabled: true
prometheus:
enabled: true
telemetry:
type: Istiod
----

[id="ossm-install-rosa-kiali-config_{context}"]
== Restrictions on Kiali configuration

Red Hat OpenShift Service on AWS places additional restrictions on where you can create resources and does not let you create the Kiali resource in a Red Hat managed namespace.

This means that the following common settings for `spec.deployment.accessible_namespaces` are not allowed in a ROSA cluster:

* `['**']` (all namespaces)
* `default`
* `codeready-*`
* `openshift-*`
* `redhat-*`

The validation error message provides a complete list of all the restricted namespaces.

.Example `Kiali` resource for ROSA
[source,yaml]
----
apiVersion: kiali.io/v1alpha1
kind: Kiali
metadata:
name: kiali
namespace: istio-system
spec:
auth:
strategy: openshift
deployment:
accessible_namespaces: #restricted setting for ROSA
- istio-system
image_pull_policy: ''
ingress_enabled: true
namespace: istio-system
----
11 changes: 9 additions & 2 deletions service_mesh/v2x/ossm-create-smcp.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,16 @@ include::_attributes/common-attributes.adoc[]

toc::[]

You can deploy a basic installation of the `ServiceMeshControlPlane` by using either the {product-title} web console or from the command line using the `oc` client tool.
You can deploy a basic installation of the `ServiceMeshControlPlane`(SMCP) by using either the {product-title} web console or from the command line using the `oc` client tool.

[NOTE]
====
This basic installation is configured based on the default OpenShift settings and is not designed for production use. Use this default installation to verify your installation, and then configure your `ServiceMeshControlPlane` for your environment.
This basic installation is configured based on the default OpenShift settings and is not designed for production use. Use this default installation to verify your installation, and then configure your `ServiceMeshControlPlane` for your environment.
====

[NOTE]
====
Red Hat OpenShift Service on AWS (ROSA) places additional restrictions on where you can create resources and as a result the default deployment does not work. See xref:../../service_mesh/v2x/ossm-create-smcp.adoc#ossm-install-rosa_ossm-create-smcp[Installing Service Mesh on Red Hat OpenShift Service on AWS] for additional requirements before deploying your SMCP in a ROSA environment.
====

[NOTE]
Expand All @@ -26,6 +31,8 @@ include::modules/ossm-validate-smcp-cli.adoc[leveloffset=+1]

include::modules/ossm-validate-smcp-kiali.adoc[leveloffset=+1]

include::modules/ossm-install-rosa.adoc[leveloffset=+1]

[role="_additional-resources"]
== Additional resources

Expand Down