Get up to 50% off on CKA, CKAD, CKS, KCNA, KCSA exams and courses!

RHACM GitOps: Install Service Mesh Operator and Configure a default control plan

RHACM GitOps: Install Service Mesh Operator and Configure a default control plan

This blog shows how to use RHACM GitOps to install Service Mesh and configure the default control plan.

If your hub and managed clusters are not ready, please refer to https://www.techbeatly.com/install-the-rhacm-operator-import-an-existing-cluster-deploy-a-new-cluster/ for environment setup.

Below are the clusters we use here.

The “local-cluster” is the hub server. The 2 managed clusters are “ bn7z2-m-dev ” and “ bn7z2-m-dev-01 ” with the label “purpose=development”.

GitOps – tempaltes on github

$ git clone https://github.com/alpha-wolf-jin/mesh-apps.git

$ tree ./mesh-apps/
./mesh-apps/
├── elastic-operator
│   └── elasticsearch.yaml
├── jaeger-operator
│   └── jaeger-operator.yaml
├── kiali-servicemesh-operator
│   └── kiali-servicemesh-operator.yaml
├── mesh
│   └── smcp-basic.yaml
└── README.md

Templates used for Service Mesh:

elasticsearch.yaml

Create a Subscription object YAML file to subscribe to elasticsearch-operator in the openshift-operators-redhat namespace.

$ cat elastic-operator/elasticsearch.yaml 
---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: elasticsearch-operator
  namespace: openshift-operators-redhat
spec:
  channel: stable
  installPlanApproval: Automatic
  name: elasticsearch-operator
  source: redhat-operators
  sourceNamespace: openshift-marketplace

jaeger.yaml

Create a Subscription object YAML file to subscribe to the jaeger-product in the openshift-distributed-tracing namespace.

$ cat jaeger-operator/jaeger-operator.yaml 
---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: jaeger-product
  namespace: openshift-distributed-tracing
spec:
  channel: stable
  installPlanApproval: Automatic
  name: jaeger-product
  source: redhat-operators
  sourceNamespace: openshift-marketplace

kiali-servicemesh-operator.yaml

Create a Subscription object YAML file to subscribe to the kiali-ossm & servicemeshoperator Operators in the openshift-operators namespace.

$ cat kiali-servicemesh-operator/kiali-servicemesh-operator.yaml 
---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: kiali-ossm
  namespace: openshift-operators
spec:
  channel: stable
  installPlanApproval: Automatic
  name: kiali-ossm
  source: redhat-operators
  sourceNamespace: openshift-marketplace
---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: servicemeshoperator
  namespace: openshift-operators
spec:
  channel: stable
  installPlanApproval: Automatic
  name: servicemeshoperator
  source: redhat-operators
  sourceNamespace: openshift-marketplace

smcp-basic.yaml

Create a ServiceMeshControlPlane object basic in namespace istio-system .

$ cat mesh/smcp-basic.yaml 
---
apiVersion: maistra.io/v2
kind: ServiceMeshControlPlane
metadata:
  name: basic 
  namespace: istio-system 
spec:
  version: v2.2
  gateways: 
    egress:
      enabled: true
      runtime:
        deployment:
          autoScaling:
            enabled: false
    ingress:
      enabled: true
      runtime:
        deployment:
          autoScaling:
            enabled: false

  tracing: 
    sampling: 10000
    type: Jaeger

  telemetry:
    type: Istiod

  policy:
    type: Istiod

  addons:
    grafana: 
      enabled: true
    jaeger: 
      install:
        storage:
          type: Memory
    kiali: 
      enabled: true

Managing Multicluster Service Mesh with RHACM GitOps

Application – elastic

Use RHACM GitOps to create a new elastic application based on the following criteria

FieldValue
`Name`elastic
`Namespace`openshift-operators-redhat
`Repository types``Git`
`URL`https://github.com/alpha-wolf-jin/mesh-apps/
Branchmain
Pathelastic-operator
Labelpurpose
Valuedevelopment
Deployment windowAlways Active

Click “ Create “

Application – jaeger-product

Use RHACM GitOps to create a new jaeger-product application based on the following criteria

FieldValue
`Name`jaeger-product
`Namespace`openshift-distributed-tracing
`Repository types``Git`
`URL`https://github.com/alpha-wolf-jin/mesh-apps/
Branchmain
Pathjaeger-operator
Labelpurpose
Valuedevelopment
Deployment windowAlways active
Application – kiali-servicemesh

Use RHACM GitOps to create a new kiali-servicemesh application based on the following criteria

FieldValue
`Name`kiali-servicemesh
`Namespace`openshift-operators
`Repository types``Git`
`URL`https://github.com/alpha-wolf-jin/mesh-apps/
Branchmain
Pathkiali-servicemesh-operator
Labelpurpose
Valuedevelopment
Deployment windowAlways active
Application – mesh

Use RHACM GitOps to create a new mesh application based on the following criteria

FieldValue
`Name`mesh
`Namespace`istio-system
`Repository types``Git`
`URL`https://github.com/alpha-wolf-jin/mesh-apps/
Branchmain
Pathmesh
Labelpurpose
Valuedevelopment
Deployment windowAlways Active

Verify Service Mesh inside RHACM

Application – elastic

Application – jaeger-product

Application – kiali-servicemesh

Application – mesh

Verify Service Mesh inside Managed Clusters

Cluster 01

The smcp is ready.

$ oc login -u kubeadmin -p <password> https://api.bn7z2-m-dev-01.sandbox1558.opentlc.com:6443
Login successful.

$ oc get smcp -n istio-system
NAME    READY   STATUS            PROFILES      VERSION   AGE
basic   10/10   ComponentsReady   ["default"]   2.2.3     18h

Cluster 02

The smcp is ready.

$ oc login -u kubeadmin -p <password> https://api.bn7z2-m-dev.sandbox1558.opentlc.com:6443
Login successful.

$ oc get smcp -n istio-system
NAME    READY   STATUS                   PROFILES   VERSION   AGE
basic   0/0     DependencyMissingError                        3h39m

The above is a small sample of how to manage the cluster with the RHACM GitOps.

Jin Zhang

Jin Zhang

I’m Jin, Red Hat ASEAN Senior Platform Consultant. My primary focus is Ansible Automation (Infrastructure as Code), OpenShift, and OpenStack.


Note

Disclaimer: The views expressed and the content shared in all published articles on this website are solely those of the respective authors, and they do not necessarily reflect the views of the author’s employer or the techbeatly platform. We strive to ensure the accuracy and validity of the content published on our website. However, we cannot guarantee the absolute correctness or completeness of the information provided. It is the responsibility of the readers and users of this website to verify the accuracy and appropriateness of any information or opinions expressed within the articles. If you come across any content that you believe to be incorrect or invalid, please contact us immediately so that we can address the issue promptly.

Share :

Related Posts

Conduct Vulnerability Management for Your Kubernetes Applications

Conduct Vulnerability Management for Your Kubernetes Applications

Kubernetes is an open source container orchestration tool initially developed by Google and subsequently handed over to the Cloud Native Computing …

Introduction to Container Fundamental

Let’s learn about, Traditional VM based deployment Challenges Container based deployment Advantages of Containers Use cases Nived Velayudhan …

How to Fix a Failed PV in OpenShift Cluster

How to Fix a Failed PV in OpenShift Cluster

Image : https://premierevanlines.com There are several cases a PV (PersistentVolume) appear as Failed in OpenShift or Kubernetes cluster. Once of the …