Merge pull request #32055 from neal-timpe/ossmdoc-303

OSSMDOC-303: Config reorg

Author: Preeticp

_topic_map.yml

@@ -2551,28 +2551,26 @@ Topics:
     File: ossm-create-mesh
   - Name: Enabling sidecar injection
     File: prepare-to-deploy-applications-ossm
-  - Name: Customizing the installation
-    File: customizing-installation-ossm
   - Name: Upgrading from 1.1 to 2.0
     File: upgrading-ossm
   - Name: Managing users and profiles
     File: ossm-profiles-users
-  - Name: Performance and scalability
-    File: ossm-performance-scalability
-  - Name: Data visualization and observability
-    File: ossm-observability
   - Name: Security
     File: ossm-security
   - Name: Traffic management
     File: ossm-traffic-manage
-  - Name: Custom resources
-    File: ossm-custom-resources
+  - Name: Metrics and traces
+    File: ossm-observability
+  - Name: Performance and scalability
+    File: ossm-performance-scalability
   - Name: Extensions
     File: ossm-extensions
   - Name: Using the 3scale Istio adapter
     File: threescale-adapter
   - Name: Removing Service Mesh
     File: removing-ossm
+  - Name: Configuration reference
+    File: ossm-reference
 - Name: Service Mesh 1.x
   Dir: v1x
   Topics:
@@ -2586,18 +2584,14 @@ Topics:
     File: preparing-ossm-installation
   - Name: Installing Service Mesh
     File: installing-ossm
-  - Name: Customizing the installation
-    File: customizing-installation-ossm
-  - Name: Deploying applications on Service Mesh
-    File: prepare-to-deploy-applications-ossm
-  - Name: Data visualization and observability
-    File: ossm-observability
   - Name: Security
     File: ossm-security
   - Name: Traffic management
     File: ossm-traffic-manage
-  - Name: Custom resources
-    File: ossm-custom-resources
+  - Name: Deploying applications on Service Mesh
+    File: prepare-to-deploy-applications-ossm
+  - Name: Data visualization and observability
+    File: ossm-observability
   - Name: Using the 3scale Istio adapter
     File: threescale-adapter
   - Name: Removing Service Mesh

jaeger/jaeger_install/rhbjaeger-deploying.adoc

@@ -40,7 +40,7 @@ The streaming strategy requires an additional Red Hat subscription for AMQ Strea
 
 [NOTE]
 ====
-There are two ways to install and use Jaeger, as part of a service mesh or as a stand alone component. If you have installed Jaeger as part of Red Hat OpenShift Service Mesh, you can configure and deploy Jaeger as part of the xref:../../service_mesh/v2x/ossm-custom-resources.adoc#ossm-custom-resources-v2x[ServiceMeshControlPlane] or configure Jaeger and then xref:../../service_mesh/v2x/ossm-custom-resources.adoc#ossm-deploying-jaeger-streaming[reference your Jaeger configuration in the SMCP].
+There are two ways to install and use Jaeger, as part of a service mesh or as a stand alone component. If you have installed Jaeger as part of Red Hat OpenShift Service Mesh, you can configure and deploy Jaeger as part of the xref:../../service_mesh/v2x/installing-ossm.adoc#installing-ossm[ServiceMeshControlPlane] or configure Jaeger and then xref:../../service_mesh/v2x/ossm-observability.html#ossm-config-external-jaeger_observability[reference your Jaeger configuration in the ServiceMeshControlPlane].
 
 ====
 

modules/ossm-access-grafana.adoc

@@ -0,0 +1,20 @@
+// Module included in the following assemblies:
+//
+// * service_mesh/v2x/ossm-observability.adoc
+
+[id="ossm-access-grafana_{context}"]
+= Accessing Grafana
+
+Grafana is an analytics tool that you can use to view, query, and analyze your service mesh metrics. To access Grafana, do the following:
+
+.Procedure
+
+. Log in to the {product-title} web console.
+
+. Click the *Project* menu and choose the `istio-system` project from the list.
+
+. Click *Routes*.
+
+. Click the link in the *Location* column for the *Grafana* row.
+
+. Log into the Grafana console with your {product-title} credentials.

modules/ossm-access-prometheus.adoc

@@ -0,0 +1,20 @@
+// Module included in the following assemblies:
+//
+// * service_mesh/v2x/ossm-observability.adoc
+
+[id="ossm-access-prometheus_{context}"]
+= Accessing Prometheus
+
+Prometheus is a monitoring and alerting tool that you can use to collect multi-dimensional data about your microservices.
+
+.Procedure
+
+. Log in to the {product-title} web console.
+
+. Click the *Project* menu and choose the `istio-system` project from the list.
+
+. Click *Routes*.
+
+. Click the link in the *Location* column for the *Prometheus* row.
+
+. Log into the Prometheus console with your {product-title} credentials.

modules/ossm-auto-route-1x.adoc

@@ -3,7 +3,7 @@ This TASK module included in the following assemblies:
 // * service_mesh/v1x/ossm-traffic-manage.adoc
 ////
 
-[id="ossm-auto-route_{context}"]
+[id="ossm-auto-route-1x_{context}"]
 = Automatic route creation
 
 OpenShift routes for Istio Gateways are automatically managed in {ProductName}. Every time an Istio Gateway is created, updated or deleted inside the service mesh, an OpenShift route is created, updated or deleted.
@@ -36,7 +36,7 @@ spec:
 [id="ossm-auto-route-subdomains_{context}"]
 == Subdomains
 
-{ProductName} creates the route with the subdomain, but {product-title} must be configured to enable it. Subdomains, for example `*.domain.com`, are supported but not by default.
+{ProductName} creates the route with the subdomain, but {product-title} must be configured to enable it. Subdomains, for example `*.domain.com`, are supported but not by default. Configure an {product-title} wildcard policy before configuring a wildcard host Gateway. For more information, see the "Links" section.
 
 If the following gateway is created:
 

modules/ossm-auto-route.adoc

@@ -3,32 +3,10 @@ This TASK module included in the following assemblies:
 // * service_mesh/v2x/ossm-traffic-manage.adoc
 ////
 
-[id="ossm-auto-route_{context}"]
-= Automatic route creation
+[id="ossm-auto-route-create-subdomains_{context}"]
+= Creating subdomain routes
 
-OpenShift routes for Istio Gateways are automatically managed in {ProductName}. Every time an Istio Gateway is created, updated or deleted inside the service mesh, an OpenShift route is created, updated or deleted.
-
-[id="ossm-auto-route-enable_{context}"]
-== Disabling Automatic Route Creation
-
-By default, the `ServiceMeshControlPlane` automatically synchronizes the Gateway resources with OpenShift routes.
-
-You can disable integration between Istio Gateways and OpenShift Routes by setting the `ServiceMeshControlPlane` field `gateways.openshiftRoute.enabled` to `false`. For example, see the following resource snippet.
-
-[source,yaml]
-----
-spec:
-  gateways:
-    openshiftRoute:
-      enabled: false
-----
-
-[id="ossm-auto-route-subdomains_{context}"]
-== Subdomains
-
-{ProductName} creates the route with the subdomain, but {product-title} must be configured to enable it. Subdomains, for example `*.domain.com`, are supported but not by default.
-
-If the following gateway is created:
+The following example creates a gateway in the Bookinfo sample application, which creates subdomain routes.
 
 [source,yaml]
 ----
@@ -65,3 +43,18 @@ gateway1-scqhv www.bookinfo.com            istio-ingressgateway   <all>
 ----
 
 If the gateway is deleted, {ProductName} deletes the routes. However, routes created manually are never modified by {ProductName}.
+
+[id="ossm-auto-route-enable_{context}"]
+= Disabling automatic route creation
+
+By default, the `ServiceMeshControlPlane` resource automatically synchronizes the Gateway resources with OpenShift routes. Disabling the automatic route creation allows you more flexibility to control routes if you have a special case or prefer to control routes manually.
+
+Disable integration between Istio Gateways and OpenShift Routes by setting the `ServiceMeshControlPlane` field `gateways.openshiftRoute.enabled` to `false`. For example, see the following resource snippet.
+
+[source,yaml]
+----
+spec:
+  gateways:
+    openshiftRoute:
+      enabled: false
+----

modules/ossm-config-dist-trac.adoc

@@ -0,0 +1,11 @@
+// Module included in the following assemblies:
+//
+// * service_mesh/v1x/customizing-installation-ossm.adoc
+// * service_mesh/v2x/customizing-installation-ossm.adoc
+
+[id="ossm-config-dist-trac_{context}"]
+= Distributed tracing
+
+Distributed Tracing is the process of tracking the performance of individual services in an application by tracing the path of the service calls in the application. Each time a user takes action in an application, a request is executed that might require many services to interact to produce a response. The path of this request is called a distributed transaction.
+
+{ProductName} uses Jaeger to allow developers to visualize call flows in a microservice application. 

modules/ossm-config-enabling-controlplane.adoc

@@ -0,0 +1,35 @@
+// Module included in the following assemblies:
+//
+// * service_mesh/v2x/ossm-config.adoc
+
+[id="ossm-security-enabling-controlplane_{context}"]
+== Enabling strict mTLS for Mixer telemetry or policy components
+
+Secure connections are always used when proxies communicate with the control plane regardless of the `spec.security.controlPlane.mtls` setting. If Mixer telemetry or policies are part of your configuration, set `spec.security.controlPlane.mtls` to `true` in your `ServiceMeshControlPlane` resource to enable strict mTLS.
+
+[source,yaml]
+----
+apiVersion: maistra.io/v2
+kind: ServiceMeshControlPlane
+spec:
+  version: v2.0
+  security:
+    controlPlane:
+      mtls: true
+----
+
+You can also enable mTLS for the control plane by using the {product-title} web console.
+
+.Procedure
+
+. Log in to the web console.
+
+. Click the *Project* menu and choose the `istio-system` project from the list.
+
+. Click *Operators* -> *Installed Operators*.
+
+. Click *Service Mesh Control Plane* under *Provided APIs*.
+
+. Click the name of your `ServiceMeshControlPlane` resource, for example, `production`.
+
+. On the *Details* page, click the toggle in the *Security* section for *Control Plane Security*.

modules/ossm-config-external-jaeger.adoc

@@ -0,0 +1,39 @@
+// Module included in the following assemblies:
+//
+// * service_mesh/v2x/ossm-config.adoc
+
+[id="ossm-config-external-jaeger_{context}"]
+= Connecting standalone Jaeger
+
+If you already use standalone Jaeger for distributed tracing in {product-title}, configure your `ServiceMeshControlPlane` resource to use that standalone Jaeger instance rather than the one installed with {ProductName}.
+
+.Prerequisites
+
+* Configure and deploy a standalone Jaeger instance. For more information, see the Jaeger documentation.
+
+.Procedure
+
+. In the {product-title} web console, click *Operators* -> *Installed Operators*.
+
+. From the *Project* menu, select the project where you installed the control plane, for example `istio-system`.
+
+. Click the {ProductName} Operator. In the *Istio Service Mesh Control Plane* column, click the name of your `ServiceMeshControlPlane` resource, for example `basic`.
+
+. Add the name of your standalone Jaeger instance to the `ServiceMeshControlPlane`.
++
+.. Click the *YAML* tab.
++
+.. Add the name of your standalone Jaeger instance to `spec.addons.jaeger.name` in your `ServiceMeshControlPlane` resource. In the following example, `simple-prod` is the name of your standalone Jaeger instance.
++
+.Standalone Jaeger example
+[source,yaml]
+----
+spec:
+  addons:
+    jaeger:
+      name: simple-prod
+----
++
+.. Click *Save*.
+
+. Click *Reload* to verify the `ServiceMeshControlPlane` resource was configured correctly.

modules/ossm-config-mtls-min-max.adoc

@@ -0,0 +1,57 @@
+[id="ossm-security-min-max-tls_{context}"]
+== Setting the minimum and maximum protocol versions
+
+If your environment has specific requirements for encrypted traffic in your service mesh, you can control the cryptographic functions that are allowed by setting the `spec.security.controlPlane.tls.minProtocolVersion` or `spec.security.controlPlane.tls.maxProtocolVersion` in your `ServiceMeshControlPlane` resource. Those values, configured in your control plane resource, define the minimum and maximum TLS version used by mesh components when communicating securely over TLS.
+
+The default is `TLS_AUTO` and does not specify a version of TLS.
+
+.Valid values
+|===
+|Value|Description
+
+|`TLS_AUTO`
+| default
+
+|`TLSv1_0`
+|TLS version 1.0
+
+|`TLSv1_1`
+|TLS version 1.1
+
+|`TLSv1_2`
+|TLS version 1.2
+
+|`TLSv1_3`
+|TLS version 1.3
+|===
+
+.Procedure
+
+. Log in to the web console.
+
+. Click the *Project* menu and choose the `istio-system` project from the list.
+
+. Click *Operators* -> *Installed Operators*.
+
+. Click *Service Mesh Control Plane* under *Provided APIs*.
+
+. Click the name of your `ServiceMeshControlPlane` resource, for example, `basic`.
+
+. Click the *YAML* tab.
+
+. Insert the following code snippet in the YAML editor. Replace the value in the `minProtocolVersion` with the TLS version value. In this example, the minimum TLS version is set to `TLSv1_2`.
++
+.ServiceMeshControlPlane snippet
+[source,yaml]
+----
+kind: ServiceMeshControlPlane
+spec:
+  security:
+    controlPlane:
+      tls:
+        minProtocolVersion: TLSv1_2
+----
+
+. Click *Save*.
+
+. Click *Refresh* to verify that the changes updated correctly.