openshift-docs
openshift-docs copied to clipboard
openshift
OSSMDOC-702: Document gateway injection.
Version(s): 4.9 - 4.12
Issue: OSSMDOC-702
Link to docs preview: http://file.bos.redhat.com/jstickle/OSSMDOC-702/service_mesh/v2x/ossm-traffic-manage.html#ossm-automatic-gateway-injection_traffic-management
QE review: Peer review:
🤖 Updated build preview is available at: https://51641--docspreview.netlify.app
Build log: https://circleci.com/gh/ocpdocs-previewbot/openshift-docs/1787
Hi @JStickler ,
I have verified steps from document but did not get the expected output.
Steps i followed
- Installed SMCP 2.3
- Installed bookinfo
- followed document steps from "Managing traffic in your service mesh"
Attaching screen-shot of results.
We'll need a full example for this to work, here's the one from the upstream docs:
apiVersion: v1
kind: Service
metadata:
name: istio-ingressgateway
namespace: istio-ingress
spec:
type: LoadBalancer
selector:
istio: ingressgateway
ports:
- port: 80
name: http
- port: 443
name: https
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: istio-ingressgateway
namespace: istio-ingress
spec:
selector:
matchLabels:
istio: ingressgateway
template:
metadata:
annotations:
# Select the gateway injection template (rather than the default sidecar template)
inject.istio.io/templates: gateway
labels:
# Set a unique label for the gateway. This is required to ensure Gateways can select this workload
istio: ingressgateway
# Enable gateway injection. If connecting to a revisioned control plane, replace with "istio.io/rev: revision-name"
sidecar.istio.io/inject: "true"
spec:
containers:
- name: istio-proxy
image: auto # The image will automatically update each time the pod starts.
---
# Set up roles to allow reading credentials for TLS
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: istio-ingressgateway-sds
namespace: istio-ingress
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: istio-ingressgateway-sds
namespace: istio-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: istio-ingressgateway-sds
subjects:
- kind: ServiceAccount
name: default
@prachiyadav and @dgn I've created a PR containing the content changes Daniel suggested. I will tag you on that PR for review.
The branch/enterprise-4.13 label has been added to this PR.
This is because your PR targets the main branch and is labeled for enterprise-4.12. And any PR going into main must also target the latest version branch (enterprise-4.13).
If the update in your PR does NOT apply to version 4.13 onward, please re-target this PR to go directly into the appropriate version branch or branches (enterprise-4.x) instead of main.
@JStickler: PR needs rebase.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
@bergerhoffer After Julie left Red Hat, I copied this branch and continued working on the doc effort. The PR I worked on was previously merged into main: https://github.com/openshift/openshift-docs/pull/52191
I believe this PR can be closed. I think closing this was something I overlooked in the broader workflow. I'll try to keep that in mind should a similar situation arise in the future.
@rh-tokeefe Thanks for letting me know! I will go ahead and close this PR then.