Merge pull request #37131 from luksa/OSSMDOC-418

OSSMDOC-418 Fix OSSM federation examples

Author: JStickler

modules/ossm-federation-config-export.adoc

@@ -39,15 +39,18 @@ spec:
       alias:
         namespace: bookinfo
         name: ratings
-# export any service in red-mesh-bookinfo namespace with label export-service=true
+  # export any service in red-mesh-bookinfo namespace with label export-service=true
   - type: LabelSelector
     labelSelector:
       namespace: red-mesh-bookinfo
-      Selector:
+      selector:
         matchLabels:
-          export-service: “true”
-      alias: # exported as if they were in the bookinfo namespace
-        namespace: bookinfo
+          export-service: "true"
+      aliases: # export all matching services as if they were in the bookinfo namespace
+      - namespace: "*"
+        name: "*"
+        alias:
+          namespace: bookinfo
 ----
 
 .ExportServiceSet parameters
@@ -67,23 +70,23 @@ spec:
 
 |spec:
   exportRules:
-  -type:
+  - type:
 |Type of rule that will govern the export for this service. The first matching rule found for the service will be used for the export.
 |`NameSelector`, `LabelSelector`
 
 |spec:
   exportRules:
-  -type: nameSelector
-    NameSelector:
+  - type: NameSelector
+    nameSelector:
       namespace:
       name:
-|To create a `NameSelector` rule, specify the `namespace` of the service and the `name` of the service as defined in the `Deployment` resource.
+|To create a `NameSelector` rule, specify the `namespace` of the service and the `name` of the service as defined in the `Service` resource.
 |
 
 |spec:
   exportRules:
-  -type: NameSelector
-    NameSelector:
+  - type: NameSelector
+    nameSelector:
       alias:
         namespace:
         name:
@@ -92,27 +95,30 @@ spec:
 
 |spec:
   exportRules:
-  -type: LabelSelector
-    LabelSelector:
+  - type: LabelSelector
+    labelSelector:
       namespace: <exportingMesh>
-      Selector:
+      selector:
         matchLabels:
-        <label>: "true"
-|To create a `LabelSelector` rule, specify the `namespace` of the service and specify the `label` defined in the `Deployment` resource. In the example above, the label is `export-service`.
+          <labelKey>: <labelValue>
+|To create a `LabelSelector` rule, specify the `namespace` of the service and specify the `label` defined in the `Service` resource. In the example above, the label is `export-service`.
 |
 
 |spec:
   exportRules:
-  -type: LabelSelector
-    LabelSelector:
+  - type: LabelSelector
+    labelSelector:
       namespace: <exportingMesh>
-      Selector:
+      selector:
         matchLabels:
-          <label>: "true"
-      alias:
-        namespace:
+          <labelKey>: <labelValue>
+      aliases:
+      - namespace:
         name:
-|To create a `LabelSelector` rule that uses an alias for the service, after specifying the `namespace` and `label`, then specify the alias to be used for `name` or `namespace` of the service. In the example above, the alias is `bookinfo`.
+        alias:
+          namespace:
+          name:
+|To create a `LabelSelector` rule that uses aliases for the services, after specifying the `selector`, specify the aliases to be used for `name` or `namespace` of the service. In the example above, the namespace alias is `bookinfo` for all matching services.
 |
 |===
 
@@ -130,7 +136,7 @@ spec:
   exportRules:
   - type: NameSelector
     nameSelector:
-      namespace: *
+      namespace: "*"
       name: ratings
 ----
 
@@ -147,5 +153,5 @@ spec:
   - type: NameSelector
     nameSelector:
       namespace: west-data-center
-      name: *
+      name: "*"
 ----

modules/ossm-federation-config-import.adoc

@@ -33,8 +33,8 @@ spec:
   importRules: # first matching rule is used
   # import ratings.bookinfo as ratings.bookinfo
   - type: NameSelector
+    importAsLocal: false
     nameSelector:
-      importAsLocal: false
       namespace: bookinfo
       name: ratings
       alias:
@@ -60,32 +60,35 @@ spec:
 
 |spec:
   importRules:
-    -type:
+  - type:
 |Type of rule that will govern the import for the service. The first matching rule found for the service will be used for the import.
 |`NameSelector`
 
 |spec:
   importRules:
-    -type: NameSelector:
+  - type: NameSelector
+    nameSelector:
       namespace:
       name:
-|To create a `NameSelector` rule, specify the `namespace` of the service and the `name` of the service, as defined in the `Deployment` resource.
+|To create a `NameSelector` rule, specify the `namespace` and the `name` of the exported service.
 |
 
 |spec:
   importRules:
-    -type: NameSelector:
-      importAsLocal:
+  - type: NameSelector
+    importAsLocal:
 |Set to `true` to aggregate remote endpoint with local services. When `true`, services will be imported as `<name>.<namespace>.svc.cluster.local`
 |`true`/`false`
 
 |spec:
   importRules:
-    -type: NameSelector:
-      importAsLocal:
+  - type: NameSelector
+    nameSelector:
       namespace:
       name:
       alias:
+        namespace:
+        name:
 |To create a `NameSelector` rule that uses an alias for the service, after specifying the `namespace` and `name` for the service, then specify the alias for the `namespace` and the alias to be used for `name` of the service.
 |
 |===
@@ -104,8 +107,8 @@ metadata:
 spec:
   importRules:
   - type: NameSelector
+    importAsLocal: false
     nameSelector:
-      importAsLocal: false
       namespace: bookinfo
       name: ratings
 ----
@@ -121,8 +124,8 @@ metadata:
 spec:
   importRules:
   - type: NameSelector
+    importAsLocal: false
     nameSelector:
-      importAsLocal: false
       namespace: west-data-center
-      name: *
+      name: "*"
 ----

modules/ossm-federation-config-meshPeer.adoc

@@ -123,6 +123,10 @@ spec:
 |spec:
   security:
     certificateChain:
-|The name of a `ConfigMap` resource containing the root certificate used to validate the client certificate(s) presented to this mesh by the peer mesh.
-|<peerMesh>-ca-root-cert
+      kind: ConfigMap
+      name:
+|The kind (for example, ConfigMap) and name of a resource containing the root certificate used to validate the client and server certificate(s) presented to this mesh by the peer mesh.
+The key of the config map entry containing the certificate should be `root-cert.pem`.
+|kind: ConfigMap
+name: <peerMesh>-ca-root-cert
 |===

modules/ossm-federation-config-smcp.adoc

@@ -34,7 +34,7 @@ spec:
         service:
           metadata:
             labels:
-              federation.maistra.io/proxy: egress-green-mesh
+              federation.maistra.io/egress-for: egress-green-mesh
           ports:
           - port: 15443
             name: tls
@@ -48,7 +48,7 @@ spec:
         service:
           metadata:
             labels:
-              federation.maistra.io/proxy: egress-blue-mesh
+              federation.maistra.io/egress-for: egress-blue-mesh
           ports:
           - port: 15443
             name: tls
@@ -62,7 +62,7 @@ spec:
           type: LoadBalancer
           metadata:
             labels:
-              federation.maistra.io/proxy: ingress-green-mesh
+              federation.maistra.io/ingress-for: ingress-green-mesh
           ports:
           - port: 15443
             name: tls
@@ -75,7 +75,7 @@ spec:
           type: LoadBalancer
           metadata:
             labels:
-              federation.maistra.io/proxy: ingress-blue-mesh
+              federation.maistra.io/ingress-for: ingress-blue-mesh
           ports:
           - port: 15443
             name: tls
@@ -140,7 +140,8 @@ To avoid naming conflicts between meshes, you must create separate egress and in
 |spec:
   gateways:
     additionalEgress:
-      requestedNetworkView:
+      <egressName>:
+        requestedNetworkView:
 |Networks associated with exported services.
 |Set to the value of `spec.cluster.network` in the SMCP for the mesh, otherwise use <ServiceMeshPeer-name>-network. For example, if the `ServiceMeshPeer` resource for that mesh is named `west`, then the network would be named `west-network`.
 |
@@ -149,8 +150,8 @@ To avoid naming conflicts between meshes, you must create separate egress and in
   gateways:
     additionalEgress:
       <egressName>:
-        router mode:
-|
+        routerMode:
+|The router mode to be used by the gateway.
 |`sni-dnat`
 |
 
@@ -161,7 +162,7 @@ To avoid naming conflicts between meshes, you must create separate egress and in
         service:
           metadata:
             labels:
-              federation.maistra.io/proxy:
+              federation.maistra.io/egress-for:
 |Specify a unique label for the gateway to prevent federated traffic from flowing through the cluster's default system gateways.
 |
 |
@@ -196,8 +197,8 @@ To avoid naming conflicts between meshes, you must create separate egress and in
   gateways:
     additionalIngress:
       <ingressName>:
-        router mode:
-|
+        routerMode:
+|The router mode to be used by the gateway.
 |`sni-dnat`
 |
 
@@ -218,7 +219,7 @@ To avoid naming conflicts between meshes, you must create separate egress and in
         service:
           metadata:
             labels:
-              federation.maistra.io/proxy:
+              federation.maistra.io/ingress-for:
 |Specify a unique label for the gateway to prevent federated traffic from flowing through the cluster's default system gateways.
 |
 |
@@ -304,7 +305,7 @@ Follow this procedure to edit the `ServiceMeshControlPlane` with the {product-ti
 
 . Click the {ProductName} Operator.
 
-. On the *Istio Service Mesh Control Plane* tab, click the name of your `ServiceMeshControlPlane`, for example `red-mesh-install`.
+. On the *Istio Service Mesh Control Plane* tab, click the name of your `ServiceMeshControlPlane`, for example `red-mesh`.
 
 . On the *Create ServiceMeshControlPlane Details* page, click `YAML` to modify your configuration.
 
@@ -333,11 +334,11 @@ $ oc project red-mesh-system
 +
 . Edit the `ServiceMeshControlPlane` file to add federation ingress and egress gateways and to specify the trust domain.
 
-. Run the following command to edit the control plane where `red-mesh-system` is the system namespace and `red-mesh-install.yaml` includes a full path to the file you edited:
+. Run the following command to edit the control plane where `red-mesh-system` is the system namespace and `red-mesh` is the name of the `ServiceMeshControlPlane` object:
 +
 [source,terminal]
 ----
-$ oc edit -n red-mesh-system -f red-mesh-install.yaml
+$ oc edit -n red-mesh-system smcp red-mesh
 ----
 +
 . Enter the following command, where `red-mesh-system` is the system namespace, to see the status of the control plane installation.
@@ -347,9 +348,9 @@ $ oc edit -n red-mesh-system -f red-mesh-install.yaml
 $ oc get smcp -n red-mesh-system
 ----
 +
-The installation has finished successfully when the READY column is true.
+The installation has finished successfully when the READY column indicates that all components are ready.
 +
 ----
-NAME            READY   STATUS              TEMPLATE   VERSION   AGE
-red-mesh-install   9/9     InstallSuccessful   default    v2.0      4m25s
+NAME       READY   STATUS            PROFILES      VERSION   AGE
+red-mesh   10/10   ComponentsReady   ["default"]   2.1.0     4m25s
 ----

modules/ossm-federation-create-export.adoc

@@ -72,12 +72,15 @@ spec:
   exportRules:
   - type: NameSelector
     nameSelector:
-      name:
-        namespace: red-mesh-bookinfo
-        name: red-ratings
+      namespace: red-mesh-bookinfo
+      name: ratings
       alias:
-        Namespace: bookinfo
-        name: ratings
+        namespace: bookinfo
+        name: red-ratings
+  - type: NameSelector
+    nameSelector:
+      namespace: red-mesh-bookinfo
+      name: reviews
 ----
 +
 . Run the following command to upload and create the `ExportServiceSet` resource in the red-mesh-system namespace.
@@ -100,14 +103,14 @@ $ oc create -n red-mesh-system -f export-to-green-mesh.yaml
 +
 [source,terminal]
 ----
-$ oc get exportedserviceset <PeerMeshExportedTo> -o yaml |yaml
+$ oc get exportedserviceset <PeerMeshExportedTo> -o yaml
 ----
 +
 For example:
 +
 [source,terminal]
 ----
-$ oc get exportedserviceset green-mesh -o yaml |yaml
+$ oc get exportedserviceset green-mesh -o yaml
 ----
 +
 . Run the following command to validate the services the red-mesh exports to share with green-mesh:

modules/ossm-federation-create-import.adoc

@@ -72,9 +72,9 @@ metadata:
 spec:
   importRules:
   - type: NameSelector
+    importAsLocal: false
     nameSelector:
-      importAsLocal: false
-      namespace: red-mesh-bookinfo
+      namespace: bookinfo
       name: red-ratings
       alias:
         namespace: bookinfo
@@ -101,14 +101,14 @@ $ oc create -n green-mesh-system -f import-from-red-mesh.yaml
 +
 [source,terminal]
 ----
-$ oc get importedserviceset <PeerMeshImportedInto> -o yaml |yaml
+$ oc get importedserviceset <PeerMeshImportedInto> -o yaml
 ----
 +
 For example:
 +
 [source,terminal]
 ----
-$ oc get importedserviceset green-mesh -o yaml |yaml
+$ oc get importedserviceset green-mesh -o yaml
 ----
 +
 . Run the following command to validate the services imported into a mesh.