Skip to content

Commit 1db7d36

Browse files
authored
Merge pull request #47562 from rh-tokeefe/OSSMDOC-549
OSSMDOC-549: Update upstream/downstream differences
2 parents dd6a9e4 + 55d702e commit 1db7d36

File tree

2 files changed

+26
-3
lines changed

2 files changed

+26
-3
lines changed

modules/ossm-multitenant.adoc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ Whereas upstream Istio takes a single tenant approach, {SMProductName} supports
1313
[id="ossm-mt-vs-clusterwide_{context}"]
1414
== Multitenancy versus cluster-wide installations
1515

16-
The main difference between a multitenant installation and a cluster-wide installation is the scope of privileges used by the control plane deployments, for example, Galley and Pilot. The components no longer use cluster-scoped Role Based Access Control (RBAC) resource `ClusterRoleBinding`.
16+
The main difference between a multitenant installation and a cluster-wide installation is the scope of privileges used by istod. The components no longer use cluster-scoped Role Based Access Control (RBAC) resource `ClusterRoleBinding`.
1717

1818
Every project in the `ServiceMeshMemberRoll` `members` list will have a `RoleBinding` for each service account associated with the control plane deployment and each control plane deployment will only watch those member projects. Each member project has a `maistra.io/member-of` label added to it, where the `member-of` value is the project containing the control plane installation.
1919

modules/ossm-vs-istio.adoc

Lines changed: 25 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -85,11 +85,15 @@ spec:
8585

8686
{SMProductName} replaces BoringSSL with OpenSSL. OpenSSL is a software library that contains an open source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. The {SMProductName} Proxy binary dynamically links the OpenSSL libraries (libssl and libcrypto) from the underlying Red Hat Enterprise Linux operating system.
8787

88-
8988
[id="ossm-external-workloads_{context}"]
9089
== External workloads
9190

92-
{SMProductName} does not support external workloads (virtual machines).
91+
{SMProductName} does not support external workloads, such as virtual machines running outside OpenShift on bare metal servers.
92+
93+
[id="ossm-virtual-machine-support_{context}"]
94+
== Virtual Machine Support
95+
96+
You can deploy virtual machines to OpenShift using OpenShift Virtualization. Then, you can apply a mesh policy, such as mTLS or AuthorizationPolicy, to these virtual machines, just like any other pod that is part of a mesh.
9397

9498
[id="ossm-component-modifications_{context}"]
9599
== Component modifications
@@ -115,6 +119,25 @@ spec:
115119

116120
{SMProductName} includes CNI plug-in, which provides you with an alternate way to configure application pod networking. The CNI plug-in replaces the `init-container` network configuration eliminating the need to grant service accounts and projects access to security context constraints (SCCs) with elevated privileges.
117121

122+
[id="ossm-global-mtls_{context}"]
123+
== Global mTLS settings
124+
{SMProductName} creates a `PeerAuthentication` resource that enables or disables Mutual TLS authentication (mTLS) within the mesh.
125+
126+
[id="ossm-gateways_{context}"]
127+
== Gateways
128+
129+
{SMProductName} installs ingress and egress gateways by default. You can disable this in the SMCP using `spec.gateways.ingress.enabled=false` or `spec.gateways.egress.enabled=false`.
130+
131+
[id="ossm-multicluster-configuration_{context}"]
132+
== Multicluster configurations
133+
134+
{SMProductName} does not provide support for multicluster configurations.
135+
136+
[id="ossm-certificate-signing-request_{context}"]
137+
== Custom Certificate Signing Requests (CSR)
138+
139+
You cannot configure {SMProductName} to process CSRs through the Kubernetes certificate authority (CA).
140+
118141
[id="ossm-routes-gateways_{context}"]
119142
== Routes for Istio Gateways
120143

0 commit comments

Comments
 (0)