×

You can deploy a basic installation of the ServiceMeshControlPlane(SMCP) by using either the OpenShift Container Platform web console or from the command line using the oc client tool.

This basic installation is configured based on the default OpenShift settings and is not designed for production use. Use this default installation to verify your installation, and then configure your ServiceMeshControlPlane for your environment.

Red Hat OpenShift Service on AWS (ROSA) places additional restrictions on where you can create resources and as a result the default deployment does not work. See Installing Service Mesh on Red Hat OpenShift Service on AWS for additional requirements before deploying your SMCP in a ROSA environment.

The Service Mesh documentation uses istio-system as the example project, but you can deploy the service mesh to any project.

Deploying the Service Mesh control plane from the web console

You can deploy a basic ServiceMeshControlPlane by using the web console. In this example, istio-system is the name of the Service Mesh control plane project.

Prerequisites
  • The Red Hat OpenShift Service Mesh Operator must be installed.

  • An account with the cluster-admin role.

Procedure
  1. Log in to the OpenShift Container Platform web console as a user with the cluster-admin role. If you use Red Hat OpenShift Dedicated, you must have an account with the dedicated-admin role.

  2. Create a project named istio-system.

    1. Navigate to HomeProjects.

    2. Click Create Project.

    3. In the Name field, enter istio-system. The ServiceMeshControlPlane resource must be installed in a project that is separate from your microservices and Operators.

      These steps use istio-system as an example, but you can deploy your Service Mesh control plane in any project as long as it is separate from the project that contains your services.

    4. Click Create.

  3. Navigate to OperatorsInstalled Operators.

  4. Click the Red Hat OpenShift Service Mesh Operator, then click Istio Service Mesh Control Plane.

  5. On the Istio Service Mesh Control Plane tab, click Create ServiceMeshControlPlane.

  6. On the Create ServiceMeshControlPlane page, accept the default Service Mesh control plane version to take advantage of the features available in the most current version of the product. The version of the control plane determines the features available regardless of the version of the Operator.

    You can configure ServiceMeshControlPlane settings later. For more information, see Configuring Red Hat OpenShift Service Mesh.

    1. Click Create. The Operator creates pods, services, and Service Mesh control plane components based on your configuration parameters.

  7. To verify the control plane installed correctly, click the Istio Service Mesh Control Plane tab.

    1. Click the name of the new control plane.

    2. Click the Resources tab to see the Red Hat OpenShift Service Mesh control plane resources the Operator created and configured.

Deploying the Service Mesh control plane using the CLI

You can deploy a basic ServiceMeshControlPlane from the command line.

Prerequisites
  • The Red Hat OpenShift Service Mesh Operator must be installed.

  • Access to the OpenShift CLI (oc).

Procedure
  1. Log in to the OpenShift Container Platform CLI as a user with the cluster-admin role. If you use Red Hat OpenShift Dedicated, you must have an account with the dedicated-admin role.

    $ oc login https://<HOSTNAME>:6443
  2. Create a project named istio-system.

    $ oc new-project istio-system
  3. Create a ServiceMeshControlPlane file named istio-installation.yaml using the following example. The version of the Service Mesh control plane determines the features available regardless of the version of the Operator.

    Example version 2.2 istio-installation.yaml
    apiVersion: maistra.io/v2
    kind: ServiceMeshControlPlane
    metadata:
      name: basic
      namespace: istio-system
    spec:
      version: v2.2
      tracing:
        type: Jaeger
        sampling: 10000
      addons:
        jaeger:
          name: jaeger
          install:
            storage:
              type: Memory
        kiali:
          enabled: true
          name: kiali
        grafana:
          enabled: true
  4. Run the following command to deploy the Service Mesh control plane, where <istio_installation.yaml> includes the full path to your file.

    $ oc create -n istio-system -f <istio_installation.yaml>
  5. To watch the progress of the pod deployment, run the following command:

    $ oc get pods -n istio-system -w

    You should see output similar to the following:

    NAME                                   READY   STATUS    RESTARTS   AGE
    grafana-b4d59bd7-mrgbr                 2/2     Running   0          65m
    istio-egressgateway-678dc97b4c-wrjkp   1/1     Running   0          108s
    istio-ingressgateway-b45c9d54d-4qg6n   1/1     Running   0          108s
    istiod-basic-55d78bbbcd-j5556          1/1     Running   0          108s
    jaeger-67c75bd6dc-jv6k6                2/2     Running   0          65m
    kiali-6476c7656c-x5msp                 1/1     Running   0          43m
    prometheus-58954b8d6b-m5std            2/2     Running   0          66m
    wasm-cacher-basic-8c986c75-vj2cd       1/1     Running   0          65m

Validating your SMCP installation with the CLI

You can validate the creation of the ServiceMeshControlPlane from the command line.

Procedure
  1. Log in to the OpenShift Container Platform CLI as a user with the cluster-admin role. If you use Red Hat OpenShift Dedicated, you must have an account with the dedicated-admin role.

    $ oc login https://<HOSTNAME>:6443
  2. Run the following command to verify the Service Mesh control plane installation, where istio-system is the namespace where you installed the Service Mesh control plane.

    $ oc get smcp -n istio-system

    The installation has finished successfully when the STATUS column is ComponentsReady.

    NAME    READY   STATUS            PROFILES      VERSION   AGE
    basic   10/10   ComponentsReady   ["default"]   2.1.1     66m

Validating your SMCP installation with Kiali

You can use the Kiali console to validate your Service Mesh installation. The Kiali console offers several ways to validate your Service Mesh components are deployed and configured properly.

Procedure
  1. Log in to the OpenShift Container Platform web console as a user with cluster-admin rights. If you use Red Hat OpenShift Dedicated, you must have an account with the dedicated-admin role.

  2. Navigate to NetworkingRoutes.

  3. On the Routes page, select the Service Mesh control plane project, for example istio-system, from the Namespace menu.

    The Location column displays the linked address for each route.

  4. If necessary, use the filter to find the route for the Kiali console. Click the route Location to launch the console.

  5. Click Log In With OpenShift.

    When you first log in to the Kiali Console, you see the Overview page which displays all the namespaces in your service mesh that you have permission to view. When there are multiple namespaces shown on the Overview page, Kiali shows namespaces with health or validation problems first.