×

You can customize your Red Hat OpenShift Service Mesh by modifying the default ServiceMeshControlPlane (SMCP) resource or by creating a completely custom SMCP resource. This reference section documents the configuration options available for the SMCP resource.

Service Mesh Control plane parameters

The following table lists the top-level parameters for the ServiceMeshControlPlane resource.

Table 1. ServiceMeshControlPlane resource parameters
Name Description Type

apiVersion

APIVersion defines the versioned schema of this representation of an object. Servers convert recognized schemas to the latest internal value, and may reject unrecognized values. The value for the ServiceMeshControlPlane version 2.0 is maistra.io/v2.

The value for ServiceMeshControlPlane version 2.0 is maistra.io/v2.

kind

Kind is a string value that represents the REST resource this object represents.

ServiceMeshControlPlane is the only valid value for a ServiceMeshControlPlane.

metadata

Metadata about this ServiceMeshControlPlane instance. You can provide a name for your Service Mesh control plane installation to keep track of your work, for example, basic.

string

spec

The specification of the desired state of this ServiceMeshControlPlane. This includes the configuration options for all components that comprise the Service Mesh control plane.

For more information, see Table 2.

status

The current status of this ServiceMeshControlPlane and the components that comprise the Service Mesh control plane.

For more information, see Table 3.

The following table lists the specifications for the ServiceMeshControlPlane resource. Changing these parameters configures Red Hat OpenShift Service Mesh components.

Table 2. ServiceMeshControlPlane resource spec
Name Description Configurable parameters

addons

The addons parameter configures additional features beyond core Service Mesh control plane components, such as visualization, or metric storage.

3scale, grafana, jaeger, kiali, and prometheus.

cluster

The cluster parameter sets the general configuration of the cluster (cluster name, network name, multi-cluster, mesh expansion, etc.)

meshExpansion, multiCluster, name, and network

gateways

You use the gateways parameter to configure ingress and egress gateways for the mesh.

enabled, additionalEgress, additionalIngress, egress, ingress, and openshiftRoute

general

The general parameter represents general Service Mesh control plane configuration that does not fit anywhere else.

logging and validationMessages

policy

You use the policy parameter to configure policy checking for the Service Mesh control plane. Policy checking can be enabled by setting spec.policy.enabled to true.

mixer remote, or type. type can be set to Istiod, Mixer or None.

profiles

You select the ServiceMeshControlPlane profile to use for default values using the profiles parameter.

default

proxy

You use the proxy parameter to configure the default behavior for sidecars.

accessLogging, adminPort, concurrency, and envoyMetricsService

runtime

You use the runtime parameter to configure the Service Mesh control plane components.

components, and defaults

security

The security parameter allows you to configure aspects of security for the Service Mesh control plane.

certificateAuthority, controlPlane, identity, dataPlane and trust

techPreview

The techPreview parameter enables early access to features that are in technology preview.

N/A

telemetry

If spec.mixer.telemetry.enabled is set to true, telemetry is enabled.

mixer, remote, and type. type can be set to Istiod, Mixer or None.

tracing

You use the tracing parameter to enables distributed tracing for the mesh.

sampling, type. type can be set to Jaeger or None.

version

You use the version parameter to specify what Maistra version of the Service Mesh control plane to install. When creating a ServiceMeshControlPlane with an empty version, the admission webhook sets the version to the current version. New ServiceMeshControlPlanes with an empty version are set to v2.0. Existing ServiceMeshControlPlanes with an empty version keep their setting.

string

ControlPlaneStatus represents the current state of your service mesh.

Table 3. ServiceMeshControlPlane resource ControlPlaneStatus
Name Description Type

annotations

The annotations parameter stores additional, usually redundant status information, such as the number of components deployed by the ServiceMeshControlPlane. These statuses are used by the command line tool, oc, which does not yet allow counting objects in JSONPath expressions.

Not configurable

conditions

Represents the latest available observations of the object’s current state. Reconciled indicates whether the operator has finished reconciling the actual state of deployed components with the configuration in the ServiceMeshControlPlane resource. Installed indicates whether the Service Mesh control plane has been installed. Ready indicates whether all Service Mesh control plane components are ready.

string

components

Shows the status of each deployed Service Mesh control plane component.

string

appliedSpec

The resulting specification of the configuration options after all profiles have been applied.

ControlPlaneSpec

appliedValues

The resulting values.yaml used to generate the charts.

ControlPlaneSpec

chartVersion

The version of the charts that were last processed for this resource.

string

observedGeneration

The generation observed by the controller during the most recent reconciliation. The information in the status pertains to this particular generation of the object. The status.conditions are not up-to-date if the status.observedGeneration field doesn’t match metadata.generation.

integer

operatorVersion

The version of the operator that last processed this resource.

string

readiness

The readiness status of components & owned resources.

string

This example ServiceMeshControlPlane definition contains all of the supported parameters.

Example ServiceMeshControlPlane resource
apiVersion: maistra.io/v2
kind: ServiceMeshControlPlane
metadata:
  name: basic
spec:
  version: v2.4
  proxy:
    runtime:
      container:
        resources:
          requests:
            cpu: 100m
            memory: 128Mi
          limits:
            cpu: 500m
            memory: 128Mi
  tracing:
    type: Jaeger
  gateways:
    ingress: # istio-ingressgateway
      service:
        type: ClusterIP
        ports:
        - name: status-port
          port: 15020
        - name: http2
          port: 80
          targetPort: 8080
        - name: https
          port: 443
          targetPort: 8443
      meshExpansionPorts: []
    egress: # istio-egressgateway
      service:
        type: ClusterIP
        ports:
        - name: status-port
          port: 15020
        - name: http2
          port: 80
          targetPort: 8080
        - name: https
          port: 443
          targetPort: 8443
    additionalIngress:
      some-other-ingress-gateway: {}
    additionalEgress:
      some-other-egress-gateway: {}

  policy:
    type: Mixer
    mixer: # only applies if policy.type: Mixer
      enableChecks: true
      failOpen: false

  telemetry:
    type: Istiod # or Mixer
    mixer: # only applies if telemetry.type: Mixer, for v1 telemetry
      sessionAffinity: false
      batching:
        maxEntries: 100
        maxTime: 1s
      adapters:
        kubernetesenv: true
        stdio:
          enabled: true
          outputAsJSON: true
  addons:
    grafana:
      enabled: true
      install:
        config:
          env: {}
          envSecrets: {}
        persistence:
          enabled: true
          storageClassName: ""
          accessMode: ReadWriteOnce
          capacity:
            requests:
              storage: 5Gi
        service:
          ingress:
            contextPath: /grafana
            tls:
              termination: reencrypt
    kiali:
      name: kiali
      enabled: true
      install: # install kiali CR if not present
        dashboard:
          viewOnly: false
          enableGrafana: true
          enableTracing: true
          enablePrometheus: true
      service:
        ingress:
          contextPath: /kiali
    jaeger:
      name: jaeger
      install:
        storage:
          type: Elasticsearch # or Memory
          memory:
            maxTraces: 100000
          elasticsearch:
            nodeCount: 3
            storage: {}
            redundancyPolicy: SingleRedundancy
            indexCleaner: {}
        ingress: {} # jaeger ingress configuration
  runtime:
    components:
      pilot:
        deployment:
          replicas: 2
        pod:
          affinity: {}
        container:
          resources:
            requests:
              cpu: 100m
              memory: 128Mi
            limits:
              cpu: 500m
              memory: 128Mi
      grafana:
        deployment: {}
        pod: {}
      kiali:
        deployment: {}
        pod: {}

spec parameters

general parameters

Here is an example that illustrates the spec.general parameters for the ServiceMeshControlPlane object and a description of the available parameters with appropriate values.

Example general parameters
apiVersion: maistra.io/v2
kind: ServiceMeshControlPlane
metadata:
  name: basic
spec:
  general:
    logging:
      componentLevels: {}
          # misc: error
      logAsJSON: false
    validationMessages: true
Table 4. Istio general parameters
Parameter Description Values Default value
logging:

Use to configure logging for the Service Mesh control plane components.

N/A

logging:
 componentLevels:

Use to specify the component logging level.

Possible values: trace, debug, info, warning, error, fatal, panic.

N/A

logging:
 logAsJSON:

Use to enable or disable JSON logging.

true/false

N/A

validationMessages:

Use to enable or disable validation messages to the status fields of istio.io resources. This can be useful for detecting configuration errors in resources.

true/false

N/A

profiles parameters

You can create reusable configurations with ServiceMeshControlPlane object profiles. If you do not configure the profile setting, Red Hat OpenShift Service Mesh uses the default profile.

Here is an example that illustrates the spec.profiles parameter for the ServiceMeshControlPlane object:

Example profiles parameters
apiVersion: maistra.io/v2
kind: ServiceMeshControlPlane
metadata:
  name: basic
spec:
  profiles:
  - YourProfileName

For information about creating profiles, see the Creating control plane profiles.

For more detailed examples of security configuration, see Mutual Transport Layer Security (mTLS).

techPreview parameters

The spec.techPreview parameter enables early access to features that are in Technology Preview.

Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

tracing parameters

The following example illustrates the spec.tracing parameters for the ServiceMeshControlPlane object, and a description of the available parameters with appropriate values.

Example tracing parameters
apiVersion: maistra.io/v2
kind: ServiceMeshControlPlane
metadata:
  name: basic
spec:
  version: v2.4
  tracing:
    sampling: 100
    type: Jaeger
Table 5. Istio tracing parameters
Parameter Description Values Default value
tracing:
 sampling:

The sampling rate determines how often the Envoy proxy generates a trace. You use the sampling rate to control what percentage of requests get reported to your tracing system.

Integer values between 0 and 10000 representing increments of 0.01% (0 to 100%). For example, setting the value to 10 samples 0.1% of requests, setting the value to 100 will sample 1% of requests setting the value to 500 samples 5% of requests, and a setting of 10000 samples 100% of requests.

10000 (100% of traces)

tracing:
 type:

Currently the only tracing type that is supported is Jaeger. Jaeger is enabled by default. To disable tracing, set the type parameter to None.

None, Jaeger

Jaeger

version parameter

The Red Hat OpenShift Service Mesh Operator supports installation of different versions of the ServiceMeshControlPlane. You use the version parameter to specify what version of the Service Mesh control plane to install. If you do not specify a version parameter when creating your SMCP, the Operator sets the value to the latest version: (2.4). Existing ServiceMeshControlPlane objects keep their version setting during upgrades of the Operator.

3scale configuration

The following table explains the parameters for the 3scale Istio Adapter in the ServiceMeshControlPlane resource.

Example 3scale parameters
spec:
  addons:
    3Scale:
      enabled: false
      PARAM_THREESCALE_LISTEN_ADDR: 3333
      PARAM_THREESCALE_LOG_LEVEL: info
      PARAM_THREESCALE_LOG_JSON: true
      PARAM_THREESCALE_LOG_GRPC: false
      PARAM_THREESCALE_REPORT_METRICS: true
      PARAM_THREESCALE_METRICS_PORT: 8080
      PARAM_THREESCALE_CACHE_TTL_SECONDS: 300
      PARAM_THREESCALE_CACHE_REFRESH_SECONDS: 180
      PARAM_THREESCALE_CACHE_ENTRIES_MAX: 1000
      PARAM_THREESCALE_CACHE_REFRESH_RETRIES: 1
      PARAM_THREESCALE_ALLOW_INSECURE_CONN: false
      PARAM_THREESCALE_CLIENT_TIMEOUT_SECONDS: 10
      PARAM_THREESCALE_GRPC_CONN_MAX_SECONDS: 60
      PARAM_USE_CACHED_BACKEND: false
      PARAM_BACKEND_CACHE_FLUSH_INTERVAL_SECONDS: 15
      PARAM_BACKEND_CACHE_POLICY_FAIL_CLOSED: true
Table 6. 3scale parameters
Parameter Description Values Default value

enabled

Whether to use the 3scale adapter

true/false

false

PARAM_THREESCALE_LISTEN_ADDR

Sets the listen address for the gRPC server

Valid port number

3333

PARAM_THREESCALE_LOG_LEVEL

Sets the minimum log output level.

debug, info, warn, error, or none

info

PARAM_THREESCALE_LOG_JSON

Controls whether the log is formatted as JSON

true/false

true

PARAM_THREESCALE_LOG_GRPC

Controls whether the log contains gRPC info

true/false

true

PARAM_THREESCALE_REPORT_METRICS

Controls whether 3scale system and backend metrics are collected and reported to Prometheus

true/false

true

PARAM_THREESCALE_METRICS_PORT

Sets the port that the 3scale /metrics endpoint can be scrapped from

Valid port number

8080

PARAM_THREESCALE_CACHE_TTL_SECONDS

Time period, in seconds, to wait before purging expired items from the cache

Time period in seconds

300

PARAM_THREESCALE_CACHE_REFRESH_SECONDS

Time period before expiry when cache elements are attempted to be refreshed

Time period in seconds

180

PARAM_THREESCALE_CACHE_ENTRIES_MAX

Max number of items that can be stored in the cache at any time. Set to 0 to disable caching

Valid number

1000

PARAM_THREESCALE_CACHE_REFRESH_RETRIES

The number of times unreachable hosts are retried during a cache update loop

Valid number

1

PARAM_THREESCALE_ALLOW_INSECURE_CONN

Allow to skip certificate verification when calling 3scale APIs. Enabling this is not recommended.

true/false

false

PARAM_THREESCALE_CLIENT_TIMEOUT_SECONDS

Sets the number of seconds to wait before terminating requests to 3scale System and Backend

Time period in seconds

10

PARAM_THREESCALE_GRPC_CONN_MAX_SECONDS

Sets the maximum amount of seconds (+/-10% jitter) a connection may exist before it is closed

Time period in seconds

60

PARAM_USE_CACHE_BACKEND

If true, attempt to create an in-memory apisonator cache for authorization requests

true/false

false

PARAM_BACKEND_CACHE_FLUSH_INTERVAL_SECONDS

If the backend cache is enabled, this sets the interval in seconds for flushing the cache against 3scale

Time period in seconds

15

PARAM_BACKEND_CACHE_POLICY_FAIL_CLOSED

Whenever the backend cache cannot retrieve authorization data, whether to deny (closed) or allow (open) requests

true/false

true

status parameter

The status parameter describes the current state of your service mesh. This information is generated by the Operator and is read-only.

Table 7. Istio status parameters
Name Description Type

observedGeneration

The generation observed by the controller during the most recent reconciliation. The information in the status pertains to this particular generation of the object. The status.conditions are not up-to-date if the status.observedGeneration field doesn’t match metadata.generation.

integer

annotations

The annotations parameter stores additional, usually redundant status information, such as the number of components deployed by the ServiceMeshControlPlane object. These statuses are used by the command line tool, oc, which does not yet allow counting objects in JSONPath expressions.

Not configurable

readiness

The readiness status of components and owned resources.

string

operatorVersion

The version of the Operator that last processed this resource.

string

components

Shows the status of each deployed Service Mesh control plane component.

string

appliedSpec

The resulting specification of the configuration options after all profiles have been applied.

ControlPlaneSpec

conditions

Represents the latest available observations of the object’s current state. Reconciled indicates that the Operator has finished reconciling the actual state of deployed components with the configuration in the ServiceMeshControlPlane resource. Installed indicates that the Service Mesh control plane has been installed. Ready indicates that all Service Mesh control plane components are ready.

string

chartVersion

The version of the charts that were last processed for this resource.

string

appliedValues

The resulting values.yaml file that was used to generate the charts.

ControlPlaneSpec

Additional resources